Locking down indirect access
As important as securing direct access to sites, is securing indirect access via the server.
We can figure out the attack routes easily enough because we use them too. Server login, FTP, MySQL clients like phpMyAdmin, and control panels are all targets for brute-forcing, and just like the more obvious WordPress login page, these need toughening up.
Server login
As far as the server goes, as we shall see, there's a whole lot more to securing the thing than creating a secure login process. This, though, is the natural starting point.
So what's the difference between server login and control panel login? The control panel is simply a software package, a set of tools that helps us to tweak settings and run tasks in a user-friendly way. The control panel sits on the server, just like other helpful GUIs such as file browsers or database managers.
The level of server access we have depends on the kind of hosting plan we bought, but you may be surprised, even decent shared...
