Security concerns for simple PHP site (no input, no database, no membership).

Question

I have been using WordPress to built all my sites for the last few years and now want to try my hand at building a site from scratch. The site will be a very simple content based site with no input fields, no database, and no memberships. It will essentially be a static site using PHP to serve up the header, footer, menu, etc.

I'm concerned about security however and want to know what the main security concerns are for a site like this. Almost everything I have learnt about security involves user input, memberships, and databases - not of which my site will have - but I keep hearing that ANY site can be 'hacked'

Thanks.

Answer 1 · 2015-02-17T20:04:39Z

February 17, 2015 8:04pm

PHP is not the only entry point for a potential hacker. You can have a web server that due to lack of upgrades may be vulnerable to an exploit. Also, certain versions of PHP may be vulnerable to exploits as well which just requires a hacker to send a maliciously crafted request. Otherwise, I wouldn't worry too much as long as you keep your server up to date with the latest patches, make sure SSH is only accessible via keys, and chroot the web server processes. Security is usually an issue of being proactive and being informed with the latest information and doing the necessary server maintenance.

Welcome to the Treehouse Community

Looking to learn something new?

Andrew Rickards

Andrew Rickards

Security concerns for simple PHP site (no input, no database, no membership).

1 Answer

miguelcastro2

miguelcastro2

Andrew Rickards

Andrew Rickards