CHAPTER 3

Preventing Problems Before They Start

You have a lot to discover and learn before you start building a site. Although this is not a design book, the initial design you choose can have a positive or negative effect on your security. One big way website owners get into trouble is not planning their sites ahead of time. Rather, they plan as they build, and that is not the best situation.

In fact, the general attitude for inexperienced website owners is summed up in the book, Joomla! Start to Finish: How to Plan, Execute and Maintain Your Web Site by Jen Kramer (Indianapolis: Wiley, 2010) in the title of Chapter 1: “I Want a Web Site and I Want it Blue — How Much Will That Cost?” Although this sounds like a parody, it's a situation that web developers face all the time.

One decision you'll make early on is what content management system (CMS) framework to choose. Each has its own unique approach to securing the CMS. Following are a few questions that you may want to research as they relate to your security profile:

• Will you use SSL? (If you are supporting any kind of e-commerce, you will.)
• Will you need a Virtual Private Server (VPS), or will shared hosting work?
• What method of backup do you need, and will your CMS support it?
• Have you verified that the third-party add-ons you have chosen are secure?
• In the CMS of choice, do you understand the Access Control Lists (ACL) options? (This is important to control access to the site's resources.)
• Does the CMS provide adequate ...