|
There are loads of things that can be done to secure a site, and many which should be, the question is generally where to start.
The source of around 80 to 90% of all security issues can be found by visiting your nearest mirror, or calling your hosting service provider. That makes this a good place to start.
Is your FTP password the same as your cPanel password? Stop that!
Is your FTP password under 8 characters, all lowercase or all upper case, lacking a numerical character or a special character such as an underscore? Fix that.
Is your FTP password more than 30 to 60 days old? Fix that.
Are you using insecure (aka "standard" or "normal") FTP?? Stop that.
Do you have SSL configured and in use on your site? If not, fix that.
Does your host use the default SSL certificate provided by the control panel vendor to secure your control panel? Fix that, even if it means moving the site.
Seems you've already avoided another big mistake, relying only upon foreign payment handling for "PCI Compliance" as your sole effort towards operating a secure website. PCI standards are very helpful in identifying and meeting most security needs. But they are only useful when applied at every step of operations. To do otherwise is like buying condoms with holes in them. Such systems should only be used as a component of a complete security plan.
You've also taken one of the most important steps towards addressing the remaining 10 to 20 % of issues - posting the problem here makes the developers aware that issues may exist.
Another action you can take in that regard is the regular use of a scanning service. There are a number of services which will provide the minimal scanning required for PCI compliance on a quarterly basis free of charge.
Use one of these services.
If you need help with that, there are site operations management services available, and you might want to consider one.
_________________
My CRE Loaded FAQ List
CRE Loaded Hosting
|
FAQ
Search