EE Insider Blog

Spend your time learning and developing sites with ExpressionEngine and we'll use this blog to keep you informed of all the news related to ExpressionEngine and CodeIgniter.

» Read more in the Archives.

» Have a tip? Send us your EE news.

Learn ExpressionEngine Today

Over a series of 8 videos, watch and learn as Ryan builds an entire ExpressionEngine website from beginning to end. Get started now.

In the Forums: EE Best Security Practices

Jason Hudnutt of Invoked Projects has started an interesting EE Forum thread called ExpressionEngine & Best Security Practices. He is soliciting your input on what you to to make you ExpressionEngine installation as secure as possible.

I was curious as to what the “paranoid” EE users do for security on their live ExpressionEngine websites. Such as tweaking permissions and etc. I know EllisLab takes security to heart but I want to know what the community does to ensure their install is secure.

There are the obvious things like changing the name of the system directory, but what else do you do?

Posted on Feb 09, 2009 by Ryan Irelan

Filed Under: In the Forums

Share on Twitter

Ryan, Thanks for the post! I think it really helped out on the forum! There are some excellent suggestions and responses to keep in mind!
Posted by Jason Hudnutt on 2009-02-10 14:51:04 Tony, I think you're doing the best thing, which is properly securing your server and files. I think it was stated in the thread that the best way to protect your EE install is to make sure your server or hosting is secure. Use a reputable host, only connect to the server via secure means (SSH or SFTP, never FTP) and use good, strong passwords.
Posted by Ryan Irelan on 2009-02-09 14:13:43 Ryan: Thanks for this info. I read everything in EE forum, and I think I have been doing most people described there. One thing though is the config.php file. I used to think that setting the permission to 666 is necessary for saving changes in CP. I changed the setting to 644 and I can still save my template changes. Is there a better setting for config.php or another trick to safeguard it?
Posted by Tony on 2009-02-09 14:04:12 I've started masking the Control Panel directory as well, but Playa had some problems with that for a while, so I switched back.
Posted by AJP on 2009-02-09 06:35:30

AJP — 06:35 on 02.09.2009

I’ve started masking the Control Panel directory as well, but Playa had some problems with that for a while, so I switched back.

Tony — 14:04 on 02.09.2009

Ryan:

Thanks for this info.
I read everything in EE forum, and I think I have been doing most people described there.

One thing though is the config.php file. I used to think that setting the permission to 666 is necessary for saving changes in CP. I changed the setting to 644 and I can still save my template changes.

Is there a better setting for config.php or another trick to safeguard it?

Ryan Irelan — 14:13 on 02.09.2009

Tony,

I think you’re doing the best thing, which is properly securing your server and files.

I think it was stated in the thread that the best way to protect your EE install is to make sure your server or hosting is secure. Use a reputable host, only connect to the server via secure means (SSH or SFTP, never FTP) and use good, strong passwords.

Jason Hudnutt — 14:51 on 02.10.2009

Ryan,

Thanks for the post! I think it really helped out on the forum! There are some excellent suggestions and responses to keep in mind!

Copyright 2017 Mijingo, LLC and the authors. All Rights Reserved (including the best parking spot at the office). Please do not reuse this content without authorization, including full content syndication via the RSS feed. If you do, somewhere, a clown will cry.

EE Insider and its owner Mijingo, LLC are not affiliated with EllisLab, Inc., makers of ExpressionEngine. The ExpressionEngine name is a trademark of EllisLab, Inc.

EE Insider

ExpressionEngine Training Videos