For many years, PHP has been a stable, inexpensive platform on which to operate web-based applications. Like most web-based platforms, PHP is vulnerable to external attacks. Developers, database architects and system administrators should take precautions before deploying PHP applications to a live server. Most of these techniques can be accomplished with a few lines of code or a slight adjustment to the application settings.
Cross Site Forgery, or cross site request forgery (CSRF), is a web based attack where a malicious web site, instant message, email, or program causes the victim’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.For example, let’s say I am logged into my bank account, or cookie information is stored from a recent login, and I click on a malicious link.
WordPress is easily one of the most popular web applications in use, and that makes it quite a target for malicious hackers using PHP injections, SQL injections, Cross-Site Scripting and many others to compromise blogs that are not secure.You see, WordPress made its bones on how easy it is to install and use. Users quickly get hung up on finding, or designing, the right template for the blog’s UI and activating all the plug-ins needed to enhance the site’s functionality. Unfortunately not many people give securing WordPress a second thought.
If you are running an E-Commerce site and wanted to secure your site, there here are some points which should keep in mind and work on these.
There is no such thing as an unhackable website, there are just those who are close to it or are offline. It is important to know how attacks are made in order to plan ahead.