Security Misconfiguration
Safeguarding your website from malicious users and attacks is important, regardless of what type of site you have or how many visitors your site receives. Security misconfiguration, or poorly configured security controls, could allow malicious users to change your website, obtain unauthorized access, compromise files, or perform other unintended actions.
Regularly evaluate your site and its environment, including the Web server, operating system, applications, and other resources your site uses. Use a vulnerability scanner, such as SiteLock, to detect flaws.
While there is no one-size-fits-all security configuration, you can use these points to develop a plan that works for your situation:
- Keep third-party applications up to date. Check vendor's websites for updates, and install the most recent release.
- Change default user names and passwords. Use strong, unique passwords for every account.
- Disable directory listings if they are not necessary, or set access controls to deny all requests.
- Delete unnecessary files, such as configuration or install files.
- Keep private or internal data separate from public data. Use strong encryption for anything sensitive.
- Back up data regularly, and store backups appropriately.
- Set and review access controls, and update them as necessary.
- Use a vulnerability scanner, such as SiteLock.
To learn more about security misconfiguration and other common vulnerabilities, see the Open Web Application Security Project's Top 10 Most Critical Web Application Security Risks.