After installing the Zenphoto visualize veranda content management system ( CMS ), available in Softaculous, there are multiple ways to easily improve web site security :

  • Force HTTPS (SSL certificate)
  • Enforce minimum password strength
  • Data privacy settings for GDPR and CCPA compliance

But as stated in our Web Hosting New Year ’ s Resolutions for 2020 blog earlier this year, there are multiple ways to improve web site security careless of your type of web site or server host design. Users with entree to raw server files via cPanel, Webmin, Secure Shell ( SSH ), or other waiter presidency methods can immediately edit the .htaccess file. This is the most common localization for security HTTP headers including HTTP Strict Transport Security ( HSTS ) and Content Security Policy ( CSP ). Zenphoto users can easily add such HTTP headers with the http _security_headers plugin. Below we cover : If you are interested in custom-made security options for Zenphoto ( and other apps ) you might besides be concern to learn more about the in full managed VPS hosting accounts.

Add X-Frame-Options in Zenphoto

X-Frame-Options determines whether browsers will allow your web site to display within other websites via HTML embedding tags to protect against clickjacking and related man-in-the-middle ( MITM ) attacks .

  1. Log into Zenphoto
  2. Install the http_security_headers plugin in the Security category
  3. Click the gear icon to change settings
  4. At the bottom, under Other headers, specify your X-Frame-Options:
    disabled – allow your webpages to be embedded within any website (default)
    deny – webpages cannot be displayed in a frame (recommended)
    sameorigin – webpages can be framed in the same webpage
    allow-from – webpages can be framed within the same URI (doesn’t work in newer browsers)Recommended X-Frame-Options in Zenphoto
  5. If you selected allow-from, add domains allowed to embed your webpages in X-Frame-Options – allow-from hosts
  6. At the bottom, select Apply

Add Referrer-Policy in Zenphoto

Referrer-policy determines how much information is sent through with referer header in URI requests. This prevents URLs with sensible information ( e.g. drug user credentials and individual files ) from showing up in vane analytics software logs .

  1. If you have the http_security_headers plugin installed already, select Options, then Plugin from the top navigation menu
  2. Select http_security_headers
  3. At the bottom, under Other headers, specify Referrer-Policy from the drop-down menu:
    disabled – No preference
    no-referrer – No referrer info sent
    no-referrer-when-downgrade – Full URL sent unless HTTPS to HTTP page (default)
    origin – Only origin
    origin-when-cross-origin – Full URL for within the same site, but only origin for others
    same-origin – Only origin (root domain – e.g. example.com instead of example.com/page1) for within the same site
    strict-origin – Origin only when protocol security level is the same (e.g. HTTPS > HTTPS)
    strict-origin-when-cross-origin – Full URL when within site, only origin when protocol security level is the same (e.g. HTTPS > HTTPS), and no info from HTTPS to HTTP
    unsafe-url – Full URL (not recommended)Recommended Referrer-Policy Setting in Zenphoto
  4. At the bottom, select Apply

You can view your web site HTTP headers with the Zenphoto HTTP header inspector .

Leave a Reply

Your email address will not be published.