How to secure website

Posted on 2011-05-11
Last Modified: 2012-06-21
My client has a website for his business.  He also has a disgruntled employee whose responsibility it was to update the website.  He is now concerned that this ex-employee may try to sabotage his website.  He has asked me to secure it.

I propose changing the login password for the ftp server, which I guess will be done via the organisation which hosts his domain.

Does anyone have any further thoughts on how to achieve this objective?
Question by:phototropic
    LVL 23

    Accepted Solution

    Change the password for the domain registrar (GoDaddy, NetSol, etc.) account immediately to protect the domain name.

    Are the files hosted via an external Web hosting company (it sounds like this may be the case)? If so, login to the Web hosting company account and change the password there. If you think this ex-user uploads info to the root directory of the hosting account's server for your domain, then changing the login password should update the FTP access password as well. While logged into the Web hosting company's Web console, you can change passwords to any other created FTP accounts that you think the ex-emp might have access to as well.  
    LVL 11

    Assisted Solution

    by:Sanjay Santoki

    At least you should have to be sure with following things.

    1. Domain Control panel password should be changed
    2. Hosting control panel & FTP accounts password should be changed
    3. if website is dynamic and getting data from database, database credentials should be changed.
    4. Request hosting provider to minimize the permissions on web contents. Only website anonymous user and application pool user should have read access. (remove list content or execute if not required)
    5. If there any dynamic module in the website secure it. e.g. file uploads, enquiry form etc...

    Sanjay Santoki
    LVL 32

    Assisted Solution

    Secure your mail service.  Password reset requests can come via email.

    Change/update contact information at the registrar.  There should be an actual name, address, phone #, and a real email address.  If you put "manager" and a generic email address, then anyone could claim to be that person.  Then could arrange to modify the domain, or transfer ownership.

    Change database credentials.  If the site is using SQL, it's possible to modify data even if the FTP and control panel passwords are changed.  You can have SQL logins that aren't related to domain administration, even on GoDaddy.  It's used for connecting to other databases or for developers that don't have authority to manage your domain.
    LVL 23

    Author Closing Comment

    The client ended up moving his account. The domain is now hosted by a new organisation and all usernames and passwordss have been reset.

    Thanks to all who responded with suggestions.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    Title # Comments Views Activity
    dma locker 3 query 7 58
    good comptia a+ teacher? 4 50
    Monitoring software... 2 27
    deny local logon 12 32
    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    759 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    9 Experts available now in Live!

    Get 1:1 Help Now