In my last post about the WordPress Security Tips, I have covered basic and essential steps on how to secure your WordPress based website/blog.
In this post, I will cover mostly advance steps to take security level further.
Be very careful when accepting file uploads through your website:
- Do not accept any kind of uploads, if it is not required.
- Create a whitelist of acceptable uploadable files, by doing this you can minimize the risk of suspicious file upload which can harm your webservers
- If possible use file type verification system. Sometimes point # 2 can be overruled by some techniques but implementing “File type verification” you can avoid this situation.
- I would always recommend that you should set a “maximum file size” to upload. File size beyond that limit won’t be uploaded at all. This is a good practice if you are hosting your site on a shared hosting server (which most of the website owner does).
- Scan files for Malware.
- Automatically rename the uploaded files
Save your website from SQL Injection
- SQL injection (this is one kind of hacking attempt on your website) it is a common kind of attack if you have any kind forms on your website.
- If the parameter field is too open then hackers can take advantage of this loose end and can apply SQL injection.
- If SQL injection is successful than hackers can get access to your website database and that is bad for your website.
- Here are the 8 simple steps you can take to prevent this being happen to you.
Use of CSP (Content Security Policy)
- XSS – Cross-Site Scripting is another kind of attack a website owner should be careful about.
- You need to e careful while adding additional functionality to your website by using the javascript code because hackers find a way to slip malicious code onto your pages which can put your device in danger.
- Here also you can use parameterized queries to limit these kinds of attempts and moreover you can use a handy CSP (Content Security Policy) tool also.
- You can read here on how you can apply proper CSP.
Directory and file permission on your server needs to be locked down
- Majority of the hosting server has the same kind of cPanel. You can read or do some research on how to do this. This is quite simple to change the permission from the cPanel so I am not going into many details here.
Catch you soon in the next post, have a fantastic Website Developing!
– Amin Fateh