Security Tutorials

  • Password Protect a Directory Using .htaccess

    Protecting files on your website from unauthorized users can be very important. Even more important is the method by which you accomplish this task. You could use PHP to listen for login authorization information on each page, but that doesn't protect your images, documents, and other media, does it? That's why I've found the .htaccess method of protecting files and directories the most reliable. Oh, and it's easy too!

  • Set the User Agent With PHP cURL

    A few months back, I shared with you how to download the contents of a URL and execute a HTTP POST transmission using PHP cURL. For security purposes, some hosts require that a common user agent be present in the POST. If an unacceptable user agent is given, the POST is ignored. Luckily, cURL allows us to "spoof" the server using any user agent we choose:

  • Watch Your POST: Save PHP POST Data as XML

    One of my main goals when creating PHP web forms is to keep them secure and protected from spammers and automated bots. With the amount of spam that Akismet catches every day, I don't need to be reminded of the importance of securing forms. Since 90+% of my forms are POST transmissions, I've taken a lot of time to develop POST debugging and listening code.

  • Force A Secure Page Using PHP

    Many pages, most often pages with forms or pages that serve personal information, require the need to be served over a secure connection. Even recreational internet users have gotten accustomed to looking for "lock" icon within their browser before inputting data into a web form. For the benefit of the business and its website visitors, it's important to ensure that a form page be secured.

  • Secure (SSL) Google Analytics

    Google Analytics is a tremendous tool, especially when your customer wants an eCommerce website. Analytics is even more powerful when your customer uses Adwords to drive in traffic.

  • 6 AJAX Rules To Live By

    AJAX, or Asyncronous JavaScript And XML, has been around for a few years now. Web Developers have done some really great things with AJAX, but I've also come across some horrible uses of AJAX. I've coupled together my experience as a Web Programmer and a lowly web user and have come up with six AJAX rules to live by.

  • Advanced .htaccess Security – Allow or Block Specific IPs From Your Website

    The more I use the .htaccess file the more I appreciate its value. My next valuable lesson in .htaccess security deals with allowing and blocking access to a web server from a specific IP address. Reasons for doing this include:

  • Advanced .htaccess Security – Block Unwanted Referrers

    For some bloggers and web developers, Digg can be a huge boost in traffic and thus a huge bust in ad revenue. Unfortunately, the Digg Effect can kill a website's bandwidth and get the website shut down. Wouldn't it be great if a weary web developer could prevent his site from being shut down by blocking users referred by Digg, at least a while? Using a small bit of .htaccess code and mod_rewrite, the developer can do just that.

  • Advanced .htaccess Security – Block Access to Include Files Using .htaccess

    When I build websites for clients and myself, I use numerous include files to make my website easy to maintain. These include files may:

  • Prevent Directory Listings With .htaccess

    Preventing a directory listing for your website is essential these days. If a hacker knows your website structure you can be left open for a world of hurt. Did you know that you can prevent directory listings for every directory in your website by using one simple directive in the .htaccess file at the main level of your website? You certainly can: