Reputation: 3008
Final steps to secure codeigniter commerce site on vps?
I am about to launch my e-commerce site, which is built on the codeigniter framework, and I was just wondering if there are some not so obvious security things I should do before launching.
I have an SSL cert already to handle in site credit card processing, and I have changed the codeigniter config files to supress php errors etc. I also am utilizing the csrf_protection library and using the tank auth library for logins/registrations.
Is there anything else I should be doing here?
Upvotes: 1
Views: 295
Answers (2)
Reputation: 39570
What have you done to secure the VPS itself?
Some examples:
- Configured access restrictions on your database and other applications
- SSH access is secured correctly
- Disabled root login
- Removed or secured any other web-facing code, such as phpMyAdmin
- Set up iptables if necessary to block access to local applications
Do you have all your software up-to-date? You should make sure there are no security updates for the entire OS.
Also, make sure you don't use easy-to-guess passwords on any admin accounts. When in doubt, make them long and hard to guess.
If you are handling credit cards internally, you should have had to meet PCI Compliance Standards.
Upvotes: 1
Related Questions
- how to secure my website
- Codeigniter security - mysql database
- Codeigniter 2.1 - Security for the admin part of the web site
- E-commerce security checklist
- Codeigniter security
- How to make more secure login system with codeigniter?
- Password protect entire CodeIgniter site
- How to secure PHP website (not yet uploaded in the internet)
- Securing my site
- Uploading a Website