We build custom web applications
to grow your business.

7 ways to Add Security to Your Website

Website SecurityIf you have been doing web design or web development work or you just own a website, there comes a time when you may need to block user access to pages with sensitive information such as users phone number, social security numbers and other data classified as private. Or perhaps, you may want to block viewers from image and directory access. Here are some things you can do to secure your website

1. Avoid Adding Links to Private Areas

The first and most obvious thing you should do it remove all links to private areas from the public pages of your website. For wordpress blog, that mean "log in" and "admin" links. This will ensure that search engine will not crawl and index them. In addition, that lowers the possibility of another website owner linking to them.

2. Disallowing Search Engines

Create a robots file in the root of your website ( meaning http://website.com/robots.txt ) and disallow your private folders and files. This indicates to search engines that these files and folders should not be indexed Here is an example: User-agent: * Disallow: /administrator Disallow: /otherprivateareas

3. Block Robots With Meta Tags

You can also block search engine by placing the following in pages you would like to keep private: <meta name="robots" content="noindex, nofollow"> The "noindex" tells search robots not to index this page and the "nofollow" says that links on this page should not be scanned

4. Block Viewers by IP Address Via .htaccess

The .htaccess file is one of the most important files to send message to an Apache web server. It is place in the document directory and all its commands control the files in that directory. Place the following in your .htaccess file to deny or to give website access from viewers depending on IP address order allow,deny deny from 123.45.6.7 deny from 012.34.5. allow from all

5. Add .htaccess Password Protection

Create a .htpasswd file and add this username: encrypted_password ( create the encrypted password here ) Add the following to .htaccess file: AuthUserFile /usr/local/safedir/.htpasswd AuthGroupFile /dev/null AuthName EnterPassword AuthType Basic require valid-user (or) require user wsabstract You will need to know the absolute path to your .htpasswd file. To get it create a php file in your root and add either <?php echo '<pre>'; print_r($_SERVER); echo '</pre>'; ?> or <? phpinfo(); ?> Delete the file when you have obtained the path as this file shows a lot of security sensitive information about your host

6. Hide .htaccess File Viewing

Add this to you htaccess file to hide the public viewing of it <Files .htaccess> order allow,deny deny from all </Files> chmod 644

7. To block Images and Files in a Directory

Some host set different privilege access to their customer. You will need access to turn on "option + indexes" Prevent Dir Listing To prevent the contents of a directory from being listed: IndexIgnore * If you want to only hide only images: IndexIgnore *.gif *.jpg *.png More information on .htaccess Security can be found here