Elements for building secure site

0 投票
最新提问 用户: (160 分)

If i was to build a "Hacker proof" site what would be my weapons of choice? I guess wordpress is out of the question. ;)

I am fully aware that it is no such thing as hacker proof but lets say i wanted to delay for as long as possible.

Maybe you can give me some pointers on how to proceed with that and some do麓s and dont麓s.

Thank you.

发表于 用户: (100 分)
"The best defense is a good offense". I mean, to improve the security of your site, first you need to understand what are the most common attacks. I suggest you to start with code injection and XSS, you can find many topics here in stackoverflow.
发表于 用户: (100 分)
also depends what you need to protect, what people can do on the site. more details would be needed.
发表于 用户: (160 分)
Lets say i build it with WP. Would it be sufficient to change table prefix? To something like 143h135h5532j5j_ instead of: wp_ for ex. If i build with WP would would be other things to think about?


0 投票
最新回答 用户: (220 分)

The question is very broad, but some essentials:

  • Prevent SQL Injection by using prepared statements.
  • Validate input / Output to prevent XSS
  • CSRF protection for form data
  • HTTPS for secure login pages
  • Secure permissions for web processes / folders on your server
  • Up to date software on server
  • Backups to remote server
  • Fail2Ban to prevent brute forcing
  • Montior access / error logs from apache/nginx
  • Monit for resource montioring
  • Encrypt passwords using a secure hashing algorithm that can't be brute forced
  • Two Factor authentication

Those are the ones off the top of my head.

发表于 用户: (160 分)
Yes i know it is a very broad question. Those are great pointers. Thanx! Do you have example of some sort of CMS that could be used?
发表于 用户: (220 分)
Honestly I would just use WordPress. Yes, every now and then a security issue pops up,but if you keep it up to date you shouldn't have many problems.
发表于 用户: (160 分)
That´s what i really would like to use. I have looked at secure CMS´s and the cost for it is astronomic.
欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。