If you have been doing web design or web development work or you just own a website, there comes a time when you may need to block user access to pages with sensitive information such as users phone number, social security numbers and other data classified as private. Or perhaps, you may want to block viewers from image and directory access.
Here are some things you can do to secure your website
1. Avoid Adding Links to Private Areas
The first and most obvious thing you should do it remove all links to private areas from the public pages of your website. For wordpress blog, that mean "log in" and "admin" links. This will ensure that search engine will not crawl and index them. In addition, that lowers the possibility of another website owner linking to them.
2. Disallowing Search Engines
Create a robots file in the root of your website ( meaning http://website.com/robots.txt ) and disallow your private folders and files. This indicates to search engines that these files and folders should not be indexed
Here is an example:
User-agent: *
Disallow: /administrator
Disallow: /otherprivateareas
3. Block Robots With Meta Tags
You can also block search engine by placing the following in pages you would like to keep private:
<meta name="robots" content="noindex, nofollow">
The "noindex" tells search robots not to index this page and the "nofollow" says that links on this page should not be scanned
4. Block Viewers by IP Address Via .htaccess
The .htaccess file is one of the most important files to send message to an Apache web server. It is place in the document directory and all its commands control the files in that directory. Place the following in your .htaccess file to deny or to give website access from viewers depending on IP address
order allow,deny
deny from 123.45.6.7
deny from 012.34.5.
allow from all
5. Add .htaccess Password Protection
Create a .htpasswd file and add this
username: encrypted_password ( create the encrypted password here )
Add the following to .htaccess file:
AuthUserFile /usr/local/safedir/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic
require valid-user
(or) require user wsabstract
You will need to know the absolute path to your .htpasswd file. To get it create a php file in your root and add
either
<?php
echo '<pre>';
print_r($_SERVER);
echo '</pre>';
?>
or
<?
phpinfo();
?>
Delete the file when you have obtained the path as this file shows a lot of security sensitive information about your host
6. Hide .htaccess File Viewing
Add this to you htaccess file to hide the public viewing of it
<Files .htaccess>
order allow,deny
deny from all
</Files>
chmod 644
7. To block Images and Files in a Directory
Some host set different privilege access to their customer. You will need access to turn on "option + indexes"
Prevent Dir Listing
To prevent the contents of a directory from being listed:
IndexIgnore *
If you want to only hide only images:
IndexIgnore *.gif *.jpg *.png
More information on .htaccess Security can be found here
If you have been doing web design or web development work or you just own a website, there comes a time when you may need to block user access to pages with sensitive information such as users phone number, social security numbers and other data classified as private. Or perhaps, you may want to block viewers from image and directory access.
Here are some things you can do to secure your website
