xbiz world
xbiz premiere
educational

Hardening Sites by Obfuscating File Structures

When it comes to improving adult website security, sophisticated software, expensive hardware and other means are often employed; but budget-conscious operators can use a bit of strategy to harden their sites by obfuscating common directory and file structures, as well as other simple tricks that amount to a free and easy means of increasing security.

Fundamental to this process is understanding the basic strategy being used: as many hackers look for certain files or folders that either have vulnerabilities to known exploits, or reveal details about the software, systems and services that a targeted web server uses, simply changing the name, location or “permissions” of certain files leaves hackers with questions, rather than answers.

... simply changing the name, location or “permissions” of certain files leaves hackers with questions, rather than answers.

For example, WordPress is often pointed to as being “insecure,” but this is akin to the Windows operating system being “insecure,” if for no other reason than the most popular products make the most popular targets. In this case, WordPress installations by default use the “wp_” database prefix — the presence of which clearly identifies the underlying technology platform and opens the doors to automated MySQL injection attacks.

This vulnerability can easily be addressed by using a different database prefix, which is hopefully not readily guessable such as “sitename_” or another obvious point of attack. While not an impenetrable barrier, this simple measure blocks a substantial number of attacks — especially random assaults, where a specific site is not targeted, but rather, any site that a malicious payload stumbles upon and can infect.

Moving the wp_config.php file up one level from its normal directory structure and setting its file permissions to 400 or 440 is another recommended hardening measure that handily illustrates the process that webmasters should go through on their own websites.

Is there a particular filename or path that identifies your site’s workings? Are version numbers visible, or used within the HTML code, such as within the “meta generator” tag? These are clues that hackers seek when attempting to compromise a website.

Related:  

Copyright © 2024 Adnet Media. All Rights Reserved. XBIZ is a trademark of Adnet Media.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.

More Articles

opinion

The Dos and Don'ts of AI-Generated Content

AI is a hot topic. From automation to personal assistance to content generation, AI technology is already impacting our daily lives. Many industries, including adult, have had positive results using AI for customer support and marketing.

Cathy Beardsley ·
opinion

Strategic Upscaling of Non-4K Content

If content is king in adult, then technical quality is the throne upon which it sits. Technical quality drives customer acquisition and new sales, while cementing retention and long-term loyalty.

Brad Mitchell ·
profile

'Traffic Captain' Andy Wullmer Braves the High Seas as Spirited Exec

Wullmer networked and hobnobbed, gaining expertise in everything from ecommerce to SEO and traffic, making connections and over time rising through the ranks of several companies to become CEO of the mobile business arm of TrafficPartner.

Alejandro Freixes ·
opinion

To Cloud or Not to Cloud, That Is the Question

Let’s be honest. It just sounds way cooler to say your business is “in the cloud,” right? Buzzwords make everything sound chic and relevant. In fact, someone uninformed might even assume that any hosting that is not in the cloud is inferior. So what’s the truth?

Brad Mitchell ·
opinion

Upcoming Visa Price Changes to Registration, Transaction Fees

Visa is updating its fee structure. Effective April 1, both the card brand’s initial nonrefundable application fee and annual renewal fee will increase from $500 to $950. Visa is also introducing a fee of 10 cents for each settled transaction, and 10 basis points — 0.1% — on the payment volume of certain merchant accounts.

Jonathan Corona ·
opinion

Unpacking the New Digital Services Act

Do you hear the word “regulation” and get nervous? When it comes to the EU’s Digital Services Act (DSA), you shouldn’t worry. If you’re complying with the most up-to-date card brand regulations, you can breathe a sigh of relief.

Cathy Beardsley ·
opinion

The Perils of Relying on ChatGPT for Legal Advice

It surprised me how many people admitted that they had used ChatGPT or similar services either to draft legal documents or to provide legal advice. “Surprised” is probably an understatement of my reaction to learning about this, as “horrified” more accurately describes my emotional response.

Corey D. Silverstein ·
profile

WIA Profile: Holly Randall

If you’re one of the many regular listeners to Holly Randall’s celebrated podcast, you are already familiar with her charming intro spiel: “Hi, I’m Holly Randall and welcome to my podcast, ‘Holly Randall Unfiltered.’ This is the show about sex, the adult industry and the people in it.

Women In Adult ·
trends

What's Hot Now: Leading Content Players on Trending Genres, Monetization Strategies

The juggernaut creator economy hurtles along, fueled by ever-ascendant demand for personality-based authenticity and intimacy — yet any reports of the demise of the traditional paysite are greatly exaggerated.

Alejandro Freixes ·
opinion

An Ethical Approach to Global Tech Staffing

One thing my 24-year career as a technologist working to support the online adult entertainment industry has taught me about is the power of global staffing. Without a doubt, I have achieved significantly more business success as a direct result of hiring abroad.

Brad Mitchell ·
Show More