Go through these site security check list
The following check list is a good collection of security tips
offered for review to make sure your web site is as secure as possible.
1) Remove malicious files and/or files you are not familiar
with.
While many PHP applications generate files you may not be familiar
with, it is important to watch for files or directories that may sound
suspicious such as 'wellsfargo' or 'abbybank'.
2) Update all scripts/applications to the newest versions
available.
Old security holes are updated and remedied in new versions of
software, so updating to the newest versions available ensures that you
are running the most secure option available. If you installed these
applications using Simple Scripts, automatic updates are available by
clicking the 'Update Now' button.
3) Update all plugins to the newest versions available.
Just because your applications have been updated doesn't mean the
plugins you use have been also. Popular plugins for Wordpress, Joomla,
Drupal, etc are created for specific application versions. When
updating your applications, make sure the plugins you're using are also
certified to work with the newest version of your software.
4) Delete any databases/applications from your account that
are no longer in use.
Each databases/application you have installed on your account is
another possible point of entry for attackers. By removing
applications/databases that are no longer used, you will be eliminating
the potential for those outdated scripts to be exploited.
5) Fix dangerously writeable permissions.
Most website files should be set at 644, and folders should be set
to 755. This can be adjusted in an FTP client or by manually changing
it in the Control Panel File Manager by selecting the file, and clicking
on the icon at the top of the screen that says, 'Change Permissions'.
6) Hide your configuration files.
Moving your config.php and other files containing passwords to a
secure directory outside of the 'public_html' folder will make them
inaccessible to general web surfing.
7) Tweak your php.ini file.
The 'php.ini' file on your account is file that adjusts how PHP
behaves on your account. By adjusting the properties of this file, you
can greatly increase aspects of your security. This file is generally
located in your 'public_html' directory. If you're unable to see this
file, you may need to manually generate one. You can manually
generate one by logging into your Control Panel and clicking the 'PHP
Config' icon located in the section called 'Software/Services'. You'd
then click the button that says, 'Install Master PHP.ini File'. This
will install a file in your 'public_html' directory called
'php.ini.default'. To make this file active, you will then need to
rename it to 'php.ini'.
- Tweak 1 - Set 'register_globals' to Off.
- Tweak 2 - Set 'display_error' to Off.
8) Connect to your account using a secure network.
If you're connecting to the internet using a wireless connection,
make sure the wireless network is using a method of security such as
WPA or WEP encryption.
9) Make sure your local computer is secure.
One of the biggest security holes in Internet site security is
accessing your site from an insecure computer. Viruses, malware and keyloggers can be installed on
your computer covertly and can be used to obtain your username/password
credentials or to infect your website files themselves. Practice good
at-home computer security by regularly running a reliable
anti-virus/spyware scanner. Below is a link to high-quality, free
software that can help you maintain a safe, healthy computer.
10) Know where to look to get help.