Chapter 5. Login Lock-Down
When you set up your first site, you probably connected to it using the old stalwart, FTP.
Using this super-duper File Transfer Protocol was jolly convenient, a bit like using the Windows File Explorer. Drag, drop, copy, paste. Happy days.
But then you read somewhere how someone had their server login credentials pinched and their site was turned into an ad-fest for Viagra. Man-in-the-middle? Bummer.
Eventually you bought this book, looked up this chapter and here we are. Full marks.
What we must do is to solidify your WordPress and other logins so you can securely administrate while keeping your data and credentials flying well under the radar.
So here's the plan. Having crash-coursed on web protocols, identifying the pros and cons for each, we'll put the best to work, along with added defenses, chiefly from Apache:
Securing wp-login and admin panels with HTTPS
Creating impermeable PC-to-server encryption with SSH
Flaming FTP in favor of SFTP for file maintenance
Then...
