PHP is not a new science and technology for web developers. Millions of websites in cyberspace have been supported by this programming language. There are so many websites that use PHP for the engine and system backend, more and more hackers are trying to break into PHP systems, especially those using the MySQL database.
In that case, quite a number of websites based on PHP and MySQL have been compromised by hackers. However, this cannot be used as a benchmark that PHP is a system that is vulnerable to attack by hackers. PHP still has great and powerful security if the developer can maximize it. How to?
The author will not discuss the PHP server specifications that support security. But the most important thing about this server is the security used by our hosting provider (when using hosting). Therefore, try to find a hosting that is professional or capable in dealing with security problems for their clients.
A little suggestion, it would be better if we are in Indonesia, then use a server located in Indonesia. Avoid using overseas (US) servers.
The most common attack favored by hackers and database hackers is SQL injection. Usually occurs on PHP and MySQL based web. The SQL injection method used by hackers usually takes advantage of forms on websites that are not equipped with special security scripts.
The steps that we can at least use to avoid breaking into the database via forms are using the mysql_real_escape_string () function to avoid certain strings that hackers use when breaking into system database queries.
htaccess is a configuration file located in the root directory of the web application system. Htaccess can be used for specific configurations of our web applications, for example to redirect to certain pages, restrict page access, and so on. As a security feature, we can use .htaccess to restrict (limit) access to folders in our web system. Example :
Order deny, allow
deny from all
The .htaccess code above is used to limit access to a folder on the web. To take advantage of it, put a file called .htaccess which contains the code above ki in the web folder we want to limit.
Apart from using the method above, we can also use .htaccess to manipulate the PHP files that we use. Suppose we have a news website, and we use the file "http://mywebsite.com/news.php?id=(id news)" to display the news . To manipulate it into "http://mywebsite.com/news/berita-id" we can use this command via .htaccess on the main website root folder:
<IfModule mod_rewrite.c> RewriteRule ^ news / ([^ /] *) / ([^ /] *) /? $ /News.php?id=$2 </IfModule>
For login security problems, developers usually use a login system that has been given the MD5 function in the login action script. Even though using MD5, sometimes websites can still be broken into because hackers can also use a sophisticated brute force system.
To get the most out of MD5, it is highly recommended to use a password combination that contains a hard (alay) character string. Suppose 1n1p4ssw0rdgwe (inipasswordgue).
Apart from the four tips above, there are many other tips for securing PHP-based websites. For PHP-based CMS like WordPress, Drupal and Joomla, of course, they have their own tips and paths for system security. Thank you, hope it is useful!