Solution
Having a shopping cart or content management system is an excellent option to start your own website, but not securing your system is going to give you a big heart attack if an attacker hacks into your system.
Therefore, it is crucial to ensure that your application's administration panel is secured to prevent attack or abuse. Here are some of the methods you can consider implementing to protect your website.
- Use strong passwords. A strong password should consist of non-dictionary words, with a combination of symbols, lower-case alphabets, upper-case alphabets, and numbers.
- Change your password regularly, do not fear forgetting your password as you can easily reset them if needed, simply contact us and we will assist you.
- Password protect your directories using htpasswd files. Twopiz's customers can make use of the cPanel control panel to implement this. Refer to this video tutorial: http://twopiz.com/tutorial/passwdprotect.swf
- Prevent execution of script files in folders that do not require them. For e.g. the /images/ folder. To do this, create a .htaccess file inside your images folder. Adding the following line will make the popular extensions (.pl, .cgi, and .php) to prevent execution.
Here are some examples of sensitive folders that you should secure.
Wordpress: wp-admin
Popular shopping carts (osCommerce, ZenCart, Cubecart): administrator
Joomla: administrator
In addition, here is an excellent page that teaches you how to secure your Wordpress:
http://codex.wordpress.org/Hardening_WordPress
Type the content below into .htaccess and save the file.
# ---------- To be added to .htaccess (start) ---------- AddType text/plain .pl .cgi .php # ---------- To be added to .htaccess (end) -----------
Or if you know what are the file extension you wish to allow, type the content below into .htaccess and save. For example, the following code will allow the following file extensions: jpeg, jpg, png, gif.
# ---------- To be added to .htaccess start ---------- order deny,allow deny from all # ---------- To be added to .htaccess end ----------
�