Quote:
Originally Posted by holograph
lesson from this thread:
- restrict db access only to from known hosts (shut anonymous db access if you have that)
- use complex generated passwords for db login and anything else
- also should consider securing ssh/ftp access
- for commonly used scripts - customize them, change admin url if possible, use strict passwords
what else is missing?
|
- log all activity in admin areas on your server, get reports when unknown things happens
- do not send password through emails, do not store emails with passwords
- put your own testing real looking combos in htpasswd so you can track the hacks easily
- have all logins with captcha, not only popup 401 window
maybe sounds easy and basic, but those are things how smart kid can take your datas even without knowing any programming language
