- This topic is empty.
-
AuthorPosts
-
July 19, 2007 at 9:35 pm #742987
Anonymous
InactiveJust to go back to something that was stated incorrectly.
passwords for database or anything else never should be kept in a public directory of a website, nor is there any reason to.
Passwords should be kept above the htdocs directory to that it is not open to public access. It’s much easier for a hacker to find a way to grab files/code off your live website directories than in those above. Make life harder for them.
Having spent sometime ferretting out an inside sabotuer, then preventing his outside hacks, we’ve learn a few things about vulnerabilities.
in most cases if you are running wordpress, you can find your password wp-config.php at the top, cut the lines, replace with
include “../dblogins.php”
Then put those lines in a file called dblogins.php or something similar, in a directory, above your homepage, where you can’t connect to it. Test to make sure permissions on the new file aren’t crashing the site. if everything works, your DB passwords are much more secure and you’re down, until the next update of the wp-config.php file.
July 19, 2007 at 10:42 pm #742992
PatrickMMemberOr add the following to your .htaccess file to prevent your database username and password from being compromised if your server has a problem serving PHP:
deny from all
Also, disallow directory browsing and never allow any file or folder on your server to have permissions CHMOD’d to more than 755.
-
AuthorPosts