Making an excellent shopping cart or content management system brings you great sales, but not securing your system is going to give you a big heart attack.
It is crucial to ensure that your application administrator section is closed to prevent attack or abuse. Here are some of the methods you can consider implementing to protect your website.
1) Use "Strong" password, this should consist of non dictionary words, with a combination of symbols, lower case alphabets, high case alphabets and numbers.
2) Change your password regularly, do not fear forgetting your password as you can easily rewrite the files for them if needed.
3) Prevent non server side pages execution in folders that do not require them. You can use .htaccess to do that, simply enter this into the .htaccess file and place it inside the folder.
For web servers using PHP as apache module use: AddType application/text .php
For web servers using PHP as CGI use: AddHandler application/text .php
4) Password protect your directories using htpasswds. Your website will still be able to utilize the resources within these directories while disallowing visitors to browse them.
5) Disable script execution in non execution folders such as images ect.
6) Create a .htaccess file inside your images folder, this will prevent the popular extensions for non image files to prevent execution of something on your server by allowing only image type files.
Type the content below into .htaccess and save
# ---------- To be added to .htaccess start ----------
AddType text/plain .pl .cgi .php
<FilesMatch "\.(p(hp|hp3|l|html|hp.jpg))$"> Deny from all </FilesMatch>
# ---------- To be added to .htaccess end ----------
Or if you know what are the file extension you wish to allow
Type the content below into .htaccess and save
# ---------- To be added to .htaccess start ----------
Order Allow,Deny
<Files ~ "\.(jp?g|png|gif)$"> Allow from all </Files>
# ---------- To be added to .htaccess end ----------