I ask for this because I maintain a small website for a fairly isolated group of people (no more than 80). Currently, it has a simple login function (email, password), and the data "protected" is only contact information for our members (phone, address, email address). The website is written in PHP and uses My SQL.
For the past couple of days I have been reading forums and other sites about website security, as I would like to improve it on our website. Currently, security consists of protecting SQL injections and MD5 hashed passwords stored in the database. It feels inadequate, but I also feel that it is easy to take it too far. I mean, the launch codes are not entirely nuclear, but the data usually feels unsuitable for displaying on the Internet. The site itself is hosted by a fairly well-known web host.
The only threat I can see right now is jokers stumbling around the site and trying to find part of their home environment?
So I thought that somewhere in the middle is enough. how
- SQL injection protection (increase if necessary)
- Stronger salt hash method
- XSS protection
- DDoS Protection
- SSL when accessing the member area
?
: , , .