The basic tenet of website security is that the site’s data (its content) should only be viewable by authorized visitors.
While most website operators seek the maximum amount of exposure for their site’s content, even on a publicly accessible website there are likely to be sections or pages, often defined as part of the website directory structure, where allowing unfettered access is not desirable — for example, the members’ area of an adult paysite, where authorized access should only come at a price — or an admin area that controls the site.
Choosing the right approaches will take careful consideration and perhaps a degree of experimentation until you find the best solution.
Adult webmasters have long relied on basic .htaccess / .htpasswd user authentication for this purpose, but a one size solution won’t fill all; such as if running an incompatible OS or server configuration. To offer some alternatives, XBIZ prepared this brief roundup of the most popular ways to secure your website’s content:
The first options you should explore are the ones you already have, such as security tools provided by your web hosting or billing company or cascading software provider.
The former may provide adequate protection for admin areas and documents outside of the web root, as well as for your members’ area with only one payment processor used, while the latter can handle user authentication involving multiple billing partners.
Oftentimes, these systems rely on a PHP frontend and a MySQL database backend.
Sometimes, it’s only an individual page or two located outside of a secure directory that you wish to protect. Here, an alternative method of document security must be used.
JavaScript tends to be the most popular solution in this instance, although it is not the most secure method, and leaves open the possibility of search engines still being able to spider and index your content.
While this isn’t ideal if your content includes sensitive business documents, if you run an adult site and want to provide some deep-linking opportunities into your members area — and still secure that content from most nonpaying viewers — JavaScript may be best.
Hotlink protection is also important (and easily accomplished within .htaccess), and is a means of ensuring that your site’s files, such as photos or videos, can’t be successfully linked to by other websites — and rather than simply blocking this unauthorized access, you specify the delivery of “substitute” content (such as an advertisement for your site).
Digital Rights Management (DRM) systems, as well as HTML encryption and other code obfuscation techniques come into play; as well as simple “right click disable” codes, offering “streaming only” video feeds, fractal sliced hi-resolution images and other forms of less-easily saved and shared content are also on the table.
It’s a big topic with a lot of facets, so choosing the right approaches will take careful consideration and perhaps a degree of experimentation until you find the best solution — hopefully the company’s most important files won’t become compromised in the process.