Guys do you have any tips and guides on how to secure website against hackers, i know injection is not only the malicious code that hackers can do.

Thanks in advance

There are indeed many ways that hackers can penetrate a website. Some relate specifically to the way in which the web pages have been coded.
Off the top of my head her are some of the other vulnerabilities to which out for:


The system, e.g. vulnerabilities in the webserver or PHP software, operating system vulnerabilities, buffer overruns, vulnerabilities within other software / services running on the web server.

The system configuration, e.g. miss configured firewalls, poor access controls, weak passwords, inapproapiate usage of protocols (e.g. HTTP for communication of secure data instead of HTTPS), insecurely configured web server (e.g. access given to private directories via the web) or web server programs (e.g. php.ini).

The network; the web server will know doubt reside on an internal network of some description. Devices on the internal network are given a higher level of trust than external devices, therefore threats can include other compromised systems, internal penetration from insiders (e.g. disgruntled data centre employees :)) and of couse network outages.

Externally, attackers can flood you site with requests, causing a denial of service. A well organised, distributed attack can bring your site and sometimes the machine on which it resides to a grinding hault. Very little can be done to mitigate against this kind of threat.

Physical: the infrasturcture of the data centre, the acces controls such as (swipe access, bio-authentication), theft, fire. Etc.



That list is not exhaustive and the time and effort you invest in security must be proportional to the level of damage should any of the threats manifest (i.e. you need to do a risk assessment). In general, a threat to the security of your website should be defined as anything that can disrupt the normal operation of the site (i.e. not just hackers).