Fundamental security issues

From FamilySearch Wiki
Jump to: navigation, search

Specific security needs will be different for every site, but there are some basic suggestions that are universal:

  • Perform regular backups of your files and your MySQL database tables
  • Keep current copies of your backups somewhere else
  • Change your passwords frequently
  • Keep your application software up to date. Hackers exploit security holes in older versions of software. 
  • Restrict access to known hacker sites using an .htaccess file
  • Restrict known PHP exploits by using PHP.ini
  • Schedule and review the output of the 'find ctime -l' command (lists files that have been changed recently, which may be an indication of malicious activity) daily
  • If you have installed 'off the shelf' Wiki/Blog/CMS packages that creates tables in MySQL consider changing the default table names (refer to the individual packages documentation to see if this is possible or even recommended). This may fool malicious code that does find its way to your server
  • If possible, disable displaying the version of your 'off the shelf' packages. This may throw off malicious software that is targeting specific versions of your software.

Return to Genealogical Society Webmasters