Quote:
Originally Posted by AdultSoftwareSolutions
Most major PHP scripts out there (especially wordpress) are notoriously prone to security problems. Part of it is that security was never a major concern when PHP was designed. Users have to sanitize data themselves instead of that being handled for them. The majority of PHP programmers are also entry-level programmers at best and aren't aware of how to write secure code.
One thing that should be done that nobody does is to use a "chroot" environment. This makes it so that the web server component of your server is "sandbox"ed. Even if someone can hack it they can't do anything because they are basically confined inside of box with very little functionality. Also, mounting parts of your filesystem as read-only prevents any changes from being made. The parts of your server that you need to change should not be executable.
Also, please stop using Apache. It is a joke compared to a server like nginx.
|
qft
nginx, php fast-cgi + xcache.... mmmm good... Blows the doors off of Apache.