- This topic is empty.
-
AuthorPosts
-
July 19, 2007 at 3:41 pm #742955PatrickMMember
@kwblue 131717 wrote:
Yep, agreed – WordPress is awesome, has a ton of hacks and if you can’t get it to do exactly what you want… there are about 10000 people you can hire to do what you want for about $50
The Indian subcontinent is blessed with great developers, huh?!
July 19, 2007 at 9:35 pm #742987AnonymousInactiveJust to go back to something that was stated incorrectly.
passwords for database or anything else never should be kept in a public directory of a website, nor is there any reason to.
Passwords should be kept above the htdocs directory to that it is not open to public access. It’s much easier for a hacker to find a way to grab files/code off your live website directories than in those above. Make life harder for them.
Having spent sometime ferretting out an inside sabotuer, then preventing his outside hacks, we’ve learn a few things about vulnerabilities.
in most cases if you are running wordpress, you can find your password wp-config.php at the top, cut the lines, replace with
include “../dblogins.php”
Then put those lines in a file called dblogins.php or something similar, in a directory, above your homepage, where you can’t connect to it. Test to make sure permissions on the new file aren’t crashing the site. if everything works, your DB passwords are much more secure and you’re down, until the next update of the wp-config.php file.
July 19, 2007 at 10:42 pm #742992PatrickMMemberOr add the following to your .htaccess file to prevent your database username and password from being compromised if your server has a problem serving PHP:
deny from all
Also, disallow directory browsing and never allow any file or folder on your server to have permissions CHMOD’d to more than 755.
-
AuthorPosts