I created a HTML 5 template today but I don't know anything about security of websites. How do I secure my website against hackers?
If you can share your template here, someone may give some tips. It will be more helpful than generic security practices.
I want to know the most common method for security a simple website ,there are tons of template for free on the internet , and my template isn't a extraordinary template please the professional users help me
no one can hack html its not server side but if you are talking about your work if you are afraid that someone can copy your source code is another discussion.
HTML is for Front End that provides user who browse the page exactly same as the page....... -> right click -> Source Code -> download the file But is the case of using PHP, ASP, ASP.NET, JSP the actual file is not present, A user only see the file after Process on server and convert it into the HTML code... I think, you have to go for that Technology/Language.... if it is not fulfill your security, You can also go for SSL (Secure Sockets Layer), HTTPS .. Good Luck dude !
I'm wanna convert the Template to php I know a bit about that, what Should I Do to convert my html to php? what about security section can I use plugin to Improvement of template?
Why do you want to convert it to php? Php is mainly for form and programming purpose. HTML with CSS should be enough for basic website! And No one can hack HTML or CSS
it's true dude but for doing somethings You'll need to use php (i.e submit for and save it to Your Database ,or complex IP deny,Scrapping,using some powerful php function or etc) I can work with several JS frameworks Jquery and Ajax but my experience in php isn't enough,so I need to help from php programmer .
He's worried enough about security as it is, why the hell would he want to use that slow bloated pile of crap that's already riddled with security holes?
you are right but I cant understand why all this fear about security of an html template booo I said wordpress because its more easy to convert.
convert to WordPress with a software? or manually ? if Your mean is manually it is painful for me ,meanwhile My template isn't Just a <html/> I'm wanna embed to it some forms (php) some smart searches (Ajax-php) and my trick is take an Echo from all strings and html tags then I'll use other php snippets , but I don't know from xss attack or php lakes code or Vulnerability of my document.
...If you know nothing about security, then id advise hiring a professional *cough*hireme*cough*. But if you're talking about general form<->PHP<->database kind of security, your main problem is going to be SQL Injection, which is unfiltered SQL code that is passed to your database, this is a very common method that people use to break into customly made websites because people often forget to santizie form input that gets added to the database. Example: I have a search form, when i submit this form it's passed to a PHP script that takes my keywords and does something like this: mysqli_query("SELECT * FROM posts WHERE keywords LIKE '{$_GET['searchstring']}'"); PHP: this would take the raw input from the URL: www.example.com/search.php?searchstring=money it will fetch all the posts and return the ones containing "money". Now if i were to search for something like this: money';DROP TABLE users which would make our mysqli_query look like this: mysqli_query("SELECT * FROM posts WHERE keywords LIKE 'money';DROP TABLE posts"); PHP: Which will delete the whole posts table, which is obviously not good at all. The way to combat this would be to do some sanitation of the searchstring variable. // Pass the GET variable to the escape function $searchstring = mysqli_real_escape_string($_GET['searchstring']); // use our escaped variable in our SQL query mysqli_query("SELECT * FROM posts WHERE keywords LIKE '{$searchstring}';DROP TABLE posts"); PHP: Keep in mind that my code is not 100% secure, but it's only for demonstration purposes, if you want to read more information about SQL Injection I'd recommend this article: http://php.net/manual/en/security.database.sql-injection.php
Your question itself raises questions -- as "template" could mean almost anything; you say HTML 5... is it just markup, do you have CSS? Is it responsive... though really NONE of that has ANYTHING to do with website security. HTML does NOT open up security holes, by itself it has nothing to even do with the topic; same for CSS. JAVASCRIPT can open up security holes, but even that is limited in what it can do. It only really becomes an issue on the server-side of things. A "static" website where all you have is HTML, CSS or even JS is generally about as secure as you can get. There's little if any code for anyone to exploit. The next "step up", a semi-dynamic site, what years ago used to be called a "poor man's CMS" is usually equally secure. In this case a language like PHP is used to glue together the parts all pages have in common to the parts that are unique. Again, because the PHP is just gluing together markup, there's nothing for a hacker to really attack. The majority of the content on my sites is handled this way. Really you only start opening up security holes when you go to a 'fully dynamic content' site... where you store pages in databases, accept user inputs, have user accounts, user comments, user uploads... even a simple contact form opens up a massive can of worms where you need to dot every t and cross every i... wait, that's not right... The benefits of a dynamic site are many, but really that involves using server side technologies that are very VERY complex. If you are trying to learn, you're going to screw up a lot -- that's how you learn. If you want to do something major, important or critical right now, do yourself a favor and find someone who knows what they are doing to hold your hand through the process. Really you've not said enough about your template, or what your code is doing, to offer you real advice; but if all you have is a 'template', security shouldn't even be an issue yet unless it's a "template" for an existing CMS or other server-side tech.
As I said before I'm working with local customers , as a simple Web Developer & designer today I'll work with foundation framework -ckeditor - JS and Ajax to create a personal website but to get data from users I'll need to MySQL and php snippet. I've prepared all the code which I needed, but should I input any script to secure my site ? My mean is :there are plugins like jquery to embed in document which done the special ability without writing any code (e.g WordPress plugins)