2012-04-25, 21:06:21
Hi all, I'm just getting started using GetSimple and I like it so far. I'm used to Joomla and a little Drupal, so I'm not a noob when it comes to CMS, but I do have some questions about increasing security.
My joomla sites I host on a dedicated server where I can control security pretty well. However I want to host a couple of GetSimple sites on a shared hosting account I have where the host doesn't allow all features of .htaccess. The last time I used this shared hosting account to run a Joomla site, a few years ago, it was hacked in a month and turned into a porn portal. I certainly don't want that to happen again!
So my question is how important is .htaccess in security of GetSimple? I see the root .htaccess blocks access to all xml files except sitemap. Can I simply change the permissions of the data directory to 750 (block all public) instead? I've tested this and GetSimple seems to still work fine. The website healthcheck throws up a lot of "0750 Not Writable" errors for the data directory, but in reality I can still edit and add pages. This is actually how I run my joomla sites as well - as long as the webserver unix user (www-data or apache) can access and edit files, there doesn't need to be public access for anything other than essential php files.
Are there any other directories or files I should block access to in the same way? Or any other security tips from people using GetSimple in the wild? Is what I'm doing here a bad idea for any reason?
Thanks very much!
My joomla sites I host on a dedicated server where I can control security pretty well. However I want to host a couple of GetSimple sites on a shared hosting account I have where the host doesn't allow all features of .htaccess. The last time I used this shared hosting account to run a Joomla site, a few years ago, it was hacked in a month and turned into a porn portal. I certainly don't want that to happen again!
So my question is how important is .htaccess in security of GetSimple? I see the root .htaccess blocks access to all xml files except sitemap. Can I simply change the permissions of the data directory to 750 (block all public) instead? I've tested this and GetSimple seems to still work fine. The website healthcheck throws up a lot of "0750 Not Writable" errors for the data directory, but in reality I can still edit and add pages. This is actually how I run my joomla sites as well - as long as the webserver unix user (www-data or apache) can access and edit files, there doesn't need to be public access for anything other than essential php files.
Are there any other directories or files I should block access to in the same way? Or any other security tips from people using GetSimple in the wild? Is what I'm doing here a bad idea for any reason?
Thanks very much!