Protecting a website
Protecting your website is important and needs continual effort. A detailed security plan is necessary but some fundamental steps can be a start. Here are some basic steps you can take:
- Use open source scripts and update to new versions as soon as they are released
- Use strong passwords (combination of alpha, numberic, and special characters; minimum length)
- Secure the Admin Email address
- Change file and directory permissions
- Use Secured FTP Access (encrypted upload)
Check file and directory permissions
Permissions for files and directories should NEVER be 777 (rwxrwxrwx)
Set files to 644 (rw-r--r--) and directories to 755 or (rwxr-xr-x), to allow web pages to be processed.
| # | Permissions | Numeric Equivalent |
Description |
|---|---|---|---|
| 1 | -rw------- |
600 | Owner has read and write permissions. Set for most files. |
| 2 | -rw-r--r-- |
644 | Owner hs read and write permissions; group and world have read only permission. Be sure you want to let other people read this file. Appropriate for most web-related files. |
| 3 | -rw-rw-rw- |
666 | Everyone has read and write permissions. Not recommended; this combination allows the file to be accessed and changed by anyone, anywhere on the system. |
| 4 | -rwx------ |
700 | Owner has read, write, and execute permissions. Best combination for programs the owner wishes to run (files that result from compiling a C or Java program). |
| 5 | -rwxr-xr-x |
755 | Owner has read, write, and execute permissions. Everyone else has read and execute permissions. Appropriate for web site directories. |
| 6 | -rwxrwxrwx |
777 | Everyone has read, write, and execute privileges. Like the 666 setting, this combination should be avoided. |
| 7 | -rwx--x--x |
711 | Owner has read, write, and execute privileges. everyone else has execute only permissions. Useful for programs that you want to let others run but not copy. Unfortunately, this is not sufficient for web-related files because the users need to see the content of the files, otherwise your web pages will not render. |
| 8 | drwx------ |
700 | This is a directory created with the mkdir command. Only the owner has read, write, and execute privileges. Note that all directories must have the executable bit set. |
| 9 | drwxr-xr-x |
755 | This directory can be changed only by the owner, but everyone else can view its contents. |
| 10 | drwx--x--x |
711 | A handy combination for keeping a directory world-readable but restricted from access by the ls command. File can be read only by someone who knows the filename. |