Windows Hosting Blog – Seekdotnet.com Blog about Windows Hosting and ASP.NET Hosting
In this post, I will guide you on how to protect your CMS from hacking. This is to prevent irresponsible people to use your website for useless things.
Protect your Website
First of all, check the updates of your plugins on your CMS web pages. Are they all being used frequently or not? Are they really useful or not? Are they safe enough? If not, then you should delete them immediately. By doing this, you will not only prevent your web pages from any unwanted virus, but also provide your web pages with spaces which later can be used for other useful programs.
Second, do some observations. Use search engine to look for information about your plugins, just in case you really need to install them. In addition, do not forget to install bulletproof security application. You can get it by clicking on BPS menu, then you will find Security Mode. In Security Mode, click these links: create default.htaccess file and create secure.htaccess file. If it has been done, activate the whole options of bulletproof mode.
Third, click on Security Status menu. You will find some red notices, which are backup. Do the backup in that setting until the red ones turn into green. After that, activate your firewall application. Delete the notification or the information, so that the hackers will not be able to do their wasteful things. Moreover, add the template of functions.php, and eliminate readme.html which is available in public_html. So, later, the format will be like this: function no_generator() (return”:) add_filters (‘the_generator’,’no_generator’);
Fourth, disable folder system on your application by adding this script: ‘Disallow: /wp-‘ (without any quotation mark) in robot.txt file. Change your permalink by using /%postname%/ instead of permalink default. Do this action immediately after you install your CMS program. If you change the permalink while running the application, it can cause error and lost index google.
Fifth, activate htaccess and the configuration program, then click ‘deny from all’ on the options. Make sure that the ‘Permission’ is hidden. The folder permission is 755 and for the file permission, it is 644. For the configuration, the file permission is 444 or 400. Next, update your timbthumb by installing timthumb vulnerability scanner.
Sixth, open Tools, Timthumb, and Scan. Click fix button if you see ‘vuln’ notice. Finally, use a difficult username and password to protect your web page more.
