How to secure your website php
Writing a PHP application is very easy. But sometimes they do simple mistake which is very detrimental for application. If you made an application, How users can trust on your application? In this article, I am going to give you some basic security tips to help you protect your users trust in your application. User likes secure site.
1. Protect your servers:
- Protect your servers
- Protect your network
- Protect your application
- Protect against request forgeries
- Protect against Cross-Site-Scripting
1. Protect your servers:
- The important part of protecting server is Firewall. After establishing your server, must need to set up Firewall.
- Keep your web server software up-to-date
- Use SSH for secure connection & copy your file remotely. SSH will help you to make sure all information goes out and in of the system remains private & protected from third party users(Hacker).
- Keep your server location secret.
- Hackers can know lots of thing by your system servers IP addresses. So, you need to avoid giving your digital information to the third party user.
- Mix up your password with UPPER, lower, number(123...) & symbol(&*@....). So that third party user can't guess what's your password is!
2. Protect your network: Through this point, I want to tell you that without your web server no one can directly interact with your web server.
3. Protect your application:
- First of all you need to ensure that your code is bullet proof. No one can bypass your filtering system. mysql_real_escape_string this function prevents lots of attacks on your application.
*** phpStartTag *** $cleanEmail = []; $emailPattern = '/^[^@\s<&>]+@([-a-z0-9]+\.)+[a-z]{2,}$/i'; if (preg_match($emailPattern, $_POST['email'])) { $clean['email'] = $_POST['email']; } *** phpEndTag ***
This is just a sample of manually email validation. Same thing can be happened with the PHP email validation function. I can't show you the every validation of input fields. There are lots of function in php for validation. Keep looking & comment below if you don't understand.
- Use cookie or session whatever you want. But I suggest to use cookie. Yes cookie with secret signature. When a user wants to login with his username & password, create a secret signature and store it in cookie. So that, user information will be protected. Do not store username & password in the cookie or session.
- If you can use your own encryption code or use PHP encryption functions. But remember that 'base64_encode' & 'convert_uudecode' will increase the size of data.
FREE TIPS: If you want to fast your PHP application you need to purge unused/unnecessary user data. And it also help to protect your application.
4. Protect against request forgeries: In here, the main thing is confirm the requests coming towards to your application created from your application. And Use POST rather than GET in forms. Here is the brief description.
5. Protect against Cross-Site-Scripting: In this case, you need to ensure that first user cannot steal information from second user. For prevent this types of attack.
5. Protect against Cross-Site-Scripting: In this case, you need to ensure that first user cannot steal information from second user. For prevent this types of attack.
- Filter all external dataknowledge
- Use PHP functions like htmlentities(), strip_tags(), and utf8_decode() can be useful.
- Use whitelists, whitelist means you will allow only those characters which can be needed. In most cases '<' and '>' characters do not need to be accepted.
Through this article, I couldn't give you the every step description. But I think I gave you the tips of How to secure your website?
Knowledge about the filtering data, protect against attacks etc.
Enjoy the article.
Comment below.
Have a great life :)
Comments
Post a Comment
Thanks for comment