Explore website security in depth

a few days ago, Baidu webmaster published an article entitled: "web site by black injection betting porn page guide.". Personally, I think, as a webmaster, network security is particularly important, once the site has been hacked, for a technical SEO practitioners, is a very difficult thing. So how do we protect websites from hackers,


1: website password security

1.1 weak passwords, many owners in order to facilitate memory (or lazy O (a _ U) O). Likes to set passwords to 123456 or Admin888, such as relatively easy to guess the password. Even a lot of people like to set their username and password to admin, a site that can easily be hacked. These passwords include web site login, FTP, database password and so on.

2.2 password documents leaked, many webmasters also like to keep the password in a document, or stored in a software (such as FPT software). As a result, once the personal computer has been hacked, and these documents or FTP have been copied by hackers, it’s sad to press for the entire site to be lost. So, the best way to keep a password is to record it in your head. If you can’t remember it, then record it in a local notebook.

summed up the password knowledge, one is related to the site, all passwords are set to more than 10 strong password, you can set case plus digital type. Another is not to keep passwords in your computer, to prevent your computer after the virus, resulting in a password leak.

two: site program security

now uses the open source CMS for most sites, and such CMS can cause a lot of bugs because of open source problems, such as the infamous dedecms in the security industry. So, when webmasters use open source CSM, do the following, you can guarantee the safety of the site.

2.1 update patches, in general, have 0day hackers or less. Most hackers hacked into websites with an open vulnerability. Therefore, as long as the update site patches, you can put an end to 90% of hackers. In general, patches can be upgraded through the background, or go to the official website to download the repair (usually covering files).

2.2 remove unused modules, for example to us. Most of the enterprise website, can not use the membership system, and dream weaving member stored in this folder are members of hope. So you can delete him. If your site does not have a feature page, you can also delete the spceial file. As shown in the following picture:


three: server security

server often updates patches, if you >