aeSecure 2.0.1b has been installed successfully.

Choose which version to install

Depending on your active subscription, on the site 'http://www.aesecure.com/' you can choose to install one of the versions below:

Important information

  •  %AESECURESETUP_DISCLAIMER%
  •  %AESECURESETUP_DISCLAIMER_LIMITATION%

%AESECURESETUP_KEY%

%AESECURESETUP_KEYURL%

%AESECURESETUP_KEYCHANGE%
%AESECUREPOSTINSTALL%
%AESECUREMINIFYDISABLED%

aeSecure 2.0.1b has been installed successfully.

1. Basic security / required

 
MUST

1.1 Implementation of aeSecure .htaccess file 

The .htaccess file is read by your web server whenever it is called for. AeSecure .htaccess file contains a great number of rules that will increase the security of your web site and enhance its optimization.

MUST

1.2 Protection of folders 

  1. Copy of .htaccess files in various major folders of your site in order to restrict access to them, to prevent running php code in e.g /tmp, etc.
  2. Copy of a php.ini file in the root folder of your site.
  3. Scans your web site and places an index.html file in every folder that does not contain any.
GOOD

1.3 Hiding Apache errors 

On a live site, make sure that your visitor cannot see PHP errors that would give a potential hacker too much information.
NEED?

1.4 Editing your personal .htaccess file manually 

You may occasionally need to edit your .htaccess file to add a specific line like the activation of a PHP version, a redirection rule etc.
NEED?

1.5 Blocking IP addresses 

By blocking an IP address you'll prohibit a specific computer from accessing your website. When you suffer an attack, it is often useful to block the IPs of machines. Note: the IP address is often dynamic and therefore changes regularly.
GOOD

1.6 Blocking actions using URL items  

After analyzing the logfiles of your web server, you will see attempts to access specific URLs
  • , URLs that refer eg to nonexistent file names on your site (eg food.php)
  • , URLs whose parameters are dangerous (eg attempts to upload file)
This option (1.6) will allow you to specify rules that will block those URLs.
GOOD

1.7 Denying access to some files via URL 

Your website contains some files with direct URL access which must be made impossible; This is the case for instance for configuration.php files (Joomla!®) or wp-config.php (WordPress) or again for .htaccess files, readme.txt, etc.
NEED?

1.9 Activating/Deactivating the maintenance mode  

This mode allows anybody (except you) getting to your site to be redirected to a page displaying a message like 'This site is being maintained ...'.


2. Additional Security

 
EXTREME

2.1 Restricting access to a folder by IP address  

Access rights to a folder (e.g /administrator) will be restricted to one or several predefined IP addresses. So only those computers will gain access to the site.

GOOD

2.2 Password protection 

Places a .htpasswd file in a directory in order to restrict its access only to holders of a login and password.

 Advice: Ideally you should at least protect your administrator folder. If your backup folder is located in your tree structure (e.g /sauvegardes), remember to secure it as well.

GOOD

2.3 Restricting robots and reducing spam 

Prevents robots from accessing your web site, namely scripts, programmes, web site downloaders whose signatures are notoriously known to be malicious. Also blocks some keywords that have been blacklisted.

EXTREME

2.4 Preventing files from being uploaded  

Hacking a website is often done by uploading a malicious script. By blocking upload to your server, you protect yourself against this type of attack. Read the detailed explanations before activating the protection.

GOOD

2.5 Preventing some files from being indexed.  

Prohibits search engines from providing direct links to zip and MS Office files on your site.

GOOD

2.6 Blocking access to hidden files and folders 

Files and folders whose names begin with a dot (.) are hidden files/folders. On some sites, folders like. Backups,. Git. Svn ... may be present and, by default, accessible via a url.

GOOD

2.7 Prevents nosey people from accessing the robots.txt file.  

robots.txt is the name of a file located in the root of your site that contains information for search engines; index this, don't index that. This file is intended for search engines (the bots); not for humans who could discover the architecture of your site.

GOOD

2.8 Blocks access based on the 'user-agent'  

Each access to your site is performed through a software application, most often a browser. Except exceptional cases, each program has a signature: its name. This information is provided for each connection to your site in the 'user-agent' variable .

Some of them are known to be scripting attacks as eg 'BOT/1.0 (BOT for JCE)' that tries to hack your site using a security hole in the JCE editor (issue fixed long ago).

This option will allow you to block access to your site based on the user-agent in use.

GOOD

2.9 Blocks access based on the 'Referrer'.  

The referrer, if mentioned, is the site that generated a query on your own site. For example, when someone comes to your site after searching on Google, the referrer is 'www.google.com'.

When a third-party site displays a RSS feed proposed by yours the referrer is the domain name of the third party site. By blocking a particular referrer, you will prohibit traffic from those sites.


3. Files and folders

 
GOOD

3.1 Files and folders  

Specifies access rights (chmod) restricted to folders and files on your site. So you can define which files can never be modified or the folders where new files cannot be written.

GOOD

3.2 Checking permissions (chmod) of folders and files 

When the access level of a file is set to 777, it means that the file can be accessed, modified and run by anyone. The situation is worse when folders are concerned : anyone can create a file, insert malicious code in it and run it.

In principle, no scenario demands that you should have files or folders with such access level.

4. Content Management System (CMS)

 
GOOD

4.1 Checking Joomla!® version  

As long as you use the same major version (1.5.x, 2.5.x, 3.x), there is no reason why you should not update your Joomla!® site.

EXTREME

4.2 Blocking native registrations of Joomla!® 

Some malicious scripts target Joomla!® sites and access a public URL which allows for the creation of countless phantom/ghost users. If you want to prohibit the creation of user accounts on your site and/or if you use a third party component (like Community Builder or JomSocial), deactivate the native component (com_users)

GOOD

4.3 Protecting Joomla!® administration files 

Blocks direct access (by url) to the files in /administrator folder. Some files (.xml files for example) may bring too much information to a potential hacker (e.g the specific version of your Joomla!®)

Access to media files (css, js, png, etc.) will remain possible.

GOOD

4.4 Blocking access to some Joomla!® components  

In the logfile of your Apache server (not Joomla!® server), you can see a large number of lines concerning urls of this type: index.php?option=com_xxxxx while com_xxxxx has never been installed on your site. This is a hacking attempt of your site: com_xxxxx is probably a Joomla!® component known to have a security breach and hackers scan the web, searching for sites that can possibly be attacked.

Use this option to block those URLs.

GOOD

4.5 Searching for "admin" account.  

Do you still have, by any chance, an active "admin" account on your site?

GOOD

4.9 Displaying the content of Joomla!® redirects  

From Joomla!® 1.7 on, Joomla! ® stores in the redirect component the urls that have failed, for example if the URL refers to a component that is not installed. Examining this table can teach you a lot because it shows you the URLs used by hackers to try and enter your site.


5. Database

 
GOOD

5.1 Exporting the database in SQL format.  

After execution, you'll obtain a text file containing the SQL code to completely rebuild your database.

This is therefore a complete backup of your database.


7. SEO (Referencing)

 
GOOD

7.1 URLs rewriting 

Dynamic websites use urls with a very large number of parameters; such is the case of Joomla!® which uses this type of URLs : index.php?option=com_users&view=registration. Such URLs are not very intuitive for a search engine and do not tell what the page is about unlike this url : /inscriptions.html which will be much better referenced..

GOOD

7.2 Forcing www. prefix (or not) in URLs 

In order to avoid 'duplicate content', it is recommended to force the urls of your site to mention www. or not. You will then benefit from better referencing.

GOOD

7.3 Editing robots.txt file  

The robots.txt file is located at the root of your site and gives search engines instructions regarding what you authorize or not. So, for example, thanks to robots.txt you can prohibit search engines from indexing the files of your administrator folder or other sensitive and private folders.

GOOD

7.4 Redirection management system  

Redirects are used to correct some urls so as to point them to other addresses such as: redirect http://yoursite/page-deleted to http://yoursite/new-page. It is a particularly efficient tool when it comes to correcting the "dead" urls that are mentioned by such tools as Google Webmaster Tools.


8. Site Optimization

 
GOOD

8.1 Making the most of mod_pagespeed module  

mod_pagespeed is an Apache module that may be activated by your site host and if so, you can optimize your site thanks to this module.

GOOD

8.2 Activating server-side compression  

Compression by the server (mod_gzip ou mod_deflate) is a feature offered by almost all site hosts. It enables real-time compression of your page HTML code. This compression makes the weight of your page significantly lighter and consquently it speeds up its display.

GOOD

8.3 Specifying the lifetime of static files  

Static files such as javascript files, css, images, web fonts ... are downloaded by default each time a page is viewed even if it is viewed by the same user. Specifying a lifetime gives the opportunity to tell the browser not to download the file if it is already present in its cache.

GOOD

8.4 Minification of css, html and javascript files  

Thie minification feature will reduce the weight of css, html and javascript files by deleting on the fly useless spaces and carriage returns in files. Since the weight of files is reduced, uploading the page is made faster.

GOOD

8.9 Preventing hotlinking  

Forbid others to use your bandwidth by referencing, on their website, pictures from yours.


9. Miscellaneous

 
GOOD

9.1 Clearing the temporary folder of your site 

Remember to clear the temporary folder of your site from time to time.


GOOD

9.2 Purges the cache folder(s) of your site 

The cache folders are, if they exist, /cache and /administrator/cache folders of your site. Clearing the cache ensures that a new version of the page will be sent to the user.


GOOD

9.3 Crontab - scheduled execution on the server  

Depending on your hosting conditions, you might be able to access the 'crontab': it is an option, on the server side, which allows you to do a job, eg every hour, once a day, the first day of the month, etc.

aeSecure Pro offers users a script that can for instance be run every hour to detect files that might have been added or changed on your server without your consent. In that case, an email notification will be sent to you, allowing you to act immediately.


GOOD

9.4 Password generator 

This tool will enable you to generate a random password with a length varying from 10 to 40 characters. The password will be generated and composed of uppercase and lowercase letters, numbers and special characters.