SECURING YOUR WEB SERVER CONFIGURATION
Doesn’t my hosting company handle this clients ask ? No ! They want to make it as easy as possible for you to make your website and want as few support tickets as possible. Unfortunately this mix means they also leave your site’s server configuration in an open state the hackers love. You need to take responsibility and make a few changes to secure up these vulnerabilities. Here are a few rules we recommend you look into and add for your particular web server:
Find out what Web server you are using and learn about your web servers configuration files. Apache web servers use the .htaccess file, Nginx servers use nginx.conf, and Microsoft IIS servers use web.config. Most often found in the root web directory that you have access to (and the hackers do if they are not secured), these files are very powerful. These files allows you to execute server rules, including directives that improve your website security.
Prevent directory browsing: This prevents malicious users from viewing the contents of every directory on the website. Limiting the information available to attackers is always a useful security precaution. When cleaning sites we often see in the logs that hackers have been freely checking the websites wp-content/uploads directories trawling for all sorts of files that the owners would not want them to have
Restrict PHP execution in directories that hold images or allow uploads.
If you place your site behind our SharkGate – WordPress Protection the hackers then have to get through our ‘Hacker proof gateways’ to reach your site so this part of ‘prevent your wordpress website from being hacked’ is automatically handled for you by us. Nice hey!