Well, I have ZC installed on an IIS server. Shared. I am in the process of increasing the security of the system. I have a tip and a question...
Tip - I moved my admin directory. Then, what I did was I went into my hosting control panel and disabled anonymous access over http and ssl. Now, I only access the admin functions over SSL and it requires your IIS admin username / PW. This is somewhat of a help. I think this is probably a good thing. Once you are on, however, the pages go back to http. But, at least you are logging on using https.
Question - are there any other directories I can deny anonymous access to in the zen file structure?
Question - can anyone point me to a FAQ that is specifically for securing Zen on an IIS server? I want to lock my shop down as best as possible. I am only doing paypal/checks/MOs as payment options. But, I would still like to make sure that the board is as safe as possible.
Thanks!
Bookmarks