Security Tutorials

  • By
    .htaccess “Down For Maintenance” Page Redirect

    I recently needed to move one website from a shared web host to our internal server. After some discussion, we decided to simply add a "Site Down For Maintenance" page to the site to prevent users from submitting orders during the hosting change. Using...

  • By
    Force Secure (SSL) Pages With .htaccess

    A while back, I shared a method for forcing a secure page using PHP. What if you want to force SSL (https://) on an entire website though? You don't want to have to put force-SSL PHP code on every page, right? Well...

  • By
    Password Protect a Directory Using .htaccess

    Protecting files on your website from unauthorized users can be very important. Even more important is the method by which you accomplish this task. You could use PHP to listen for login authorization information on each page, but that doesn't protect your images, documents...

  • By
    Set the User Agent With PHP cURL

    A few months back, I shared with you how to download the contents of a URL and execute a HTTP POST transmission using PHP cURL. For security purposes, some hosts require that a common user agent be present in the POST. If...

  • By
    Watch Your POST:  Save PHP POST Data as XML

    One of my main goals when creating PHP web forms is to keep them secure and protected from spammers and automated bots. With the amount of spam that Akismet catches every day, I don't need to be reminded of the importance of securing forms.

  • By
    Force A Secure Page Using PHP

    Many pages, most often pages with forms or pages that serve personal information, require the need to be served over a secure connection. Even recreational internet users have gotten accustomed to looking for "lock" icon within their browser before inputting data into a web form.

  • By
    Secure (SSL) Google Analytics

    Google Analytics is a tremendous tool, especially when your customer wants an eCommerce website. Analytics is even more powerful when your customer uses Adwords to drive in traffic.Google provides the following code for you to add to your page footer so that Analytics can grab...

  • By
    6 AJAX Rules To Live By

    AJAX, or Asyncronous JavaScript And XML, has been around for a few years now. Web Developers have done some really great things with AJAX, but I've also come across some horrible uses of AJAX. I've coupled together my experience as a Web Programmer and...

  • By
    Allow or Block Specific IPs From Your Website

    The more I use the .htaccess file the more I appreciate its value. My next valuable lesson in .htaccess security deals with allowing and blocking access to a web server from a specific IP address. Reasons for doing this include:Keeping a known hacker/bot from...

  • By
    Advanced .htaccess Security – Block Unwanted Referrers

    For some bloggers and web developers, Digg can be a huge boost in traffic and thus a huge bust in ad revenue. Unfortunately, the Digg Effect can kill a website's bandwidth and get the website shut down. Wouldn't it be great if a weary...