Si nj\u00eb pronar i p\u00ebrgjegjsh\u00ebm i uebfaqes, ka t\u00eb ngjar\u00eb t\u00eb d\u00ebshironi t\u00eb b\u00ebni gjith\u00e7ka n\u00eb fuqin\u00eb tuaj p\u00ebr t’i mbajtur vizitor\u00ebt tuaj t\u00eb sigurt. Sidoqoft\u00eb, ekziston nj\u00eb aspekt i siguris\u00eb q\u00eb \u00ebsht\u00eb i leht\u00eb p\u00ebr t’u anashkaluar: Hypertext Preprocessor, i njohur m\u00eb mir\u00eb si PHP.<\/p>\n
PHP \u00ebsht\u00eb shtylla kurrizore e shum\u00eb faqeve t\u00eb internetit dhe aplikacioneve, duke p\u00ebrfshir\u00eb faqet e WordPress. Pra, \u00ebsht\u00eb e r\u00ebnd\u00ebsishme t\u00eb njiheni me praktikat p\u00ebrkat\u00ebse t\u00eb siguris\u00eb p\u00ebr t\u00eb dhe t’i ndiqni ato me kujdes. P\u00ebr fat t\u00eb mir\u00eb, PHP i disponuesh\u00ebm i ka t\u00eb gjitha ve\u00e7orit\u00eb dhe funksionet q\u00eb ju nevojiten p\u00ebr t\u00eb mbrojtur faqen tuaj nga hakerat.<\/p>\n
N\u00eb k\u00ebt\u00eb postim, ne do t\u00eb diskutojm\u00eb se \u00e7far\u00eb \u00ebsht\u00eb PHP dhe pse \u00ebsht\u00eb thelb\u00ebsor p\u00ebr sigurin\u00eb e faqes s\u00eb internetit. M\u00eb pas, ne do t\u00eb ndajm\u00eb tet\u00eb m\u00ebnyra se si PHP mund t\u00eb mbroj\u00eb faqen tuaj kund\u00ebr nj\u00eb s\u00ebr\u00eb sulmesh, duke p\u00ebrfshir\u00eb rr\u00ebmbimin e sesioneve, Cross-Site Request Forgery (CSRF), dhe Cross-Site Scripting (XSS). Le t\u00eb fillojm\u00eb!<\/p>\n
PHP \u00ebsht\u00eb nj\u00eb gjuh\u00eb programimi nga ana e serverit q\u00eb p\u00ebrdoret n\u00eb shum\u00eb Sisteme t\u00eb Menaxhimit t\u00eb P\u00ebrmbajtjes (CMS). Kjo p\u00ebrfshin WordPress, i cili e p\u00ebrdor at\u00eb si gjuh\u00eb skriptimi:<\/p>\n
PHP p\u00ebrdoret nga 79 p\u00ebr qind e t\u00eb gjitha faqeve t\u00eb internetit, gjuha e programimit t\u00eb t\u00eb cilave njihet nga serveri. Meqen\u00ebse shumica e faqeve jan\u00eb krijuar me PHP, \u00ebsht\u00eb nj\u00eb objektiv i njohur p\u00ebr hakerat. N\u00ebse nj\u00eb sulmues arrin t\u00eb zbuloj\u00eb nj\u00eb cenueshm\u00ebri PHP, ai mund t\u00eb p\u00ebrdor\u00eb t\u00eb nj\u00ebjtin sulm kund\u00ebr miliona faqeve t\u00eb internetit \u2013 duke p\u00ebrfshir\u00eb edhe tuaj\u00ebn.<\/p>\n
N\u00ebse faqja juaj \u00ebsht\u00eb e komprometuar, nj\u00eb haker mund t\u00eb vjedh\u00eb t\u00eb dh\u00ebnat tuaja. Akoma m\u00eb keq, n\u00ebse merrni pagesa n\u00eb faqen tuaj, nj\u00eb shkelje e siguris\u00eb mund t\u00eb rezultoj\u00eb n\u00eb rr\u00ebmbimin ose publikimin e informacionit t\u00eb kart\u00ebs s\u00eb kreditit t\u00eb klient\u00ebve tuaj.<\/p>\n
Kjo do t\u00eb ket\u00eb pasoja t\u00eb menj\u00ebhershme p\u00ebr biznesin tuaj duke d\u00ebmtuar besimin e klientit dhe reputacionin tuaj. Megjithat\u00eb, mund t\u00eb ket\u00eb edhe implikime financiare afatgjata. N\u00eb vitin 2020, studiuesit vler\u00ebsuan se kostoja mesatare totale e nj\u00eb shkeljeje t\u00eb t\u00eb dh\u00ebnave ishte 3.86 milion\u00eb dollar\u00eb. Duke m\u00ebsuar praktikat e provuara t\u00eb siguris\u00eb p\u00ebr PHP, do t\u00eb jeni n\u00eb nj\u00eb pozicion t\u00eb fort\u00eb p\u00ebr t\u00eb shmangur k\u00ebto sulme.<\/p>\n
Haker\u00ebt jan\u00eb gjithmon\u00eb n\u00eb k\u00ebrkim t\u00eb m\u00ebnyrave p\u00ebr t\u00eb dep\u00ebrtuar n\u00eb faqen tuaj, duke p\u00ebrfshir\u00eb shfryt\u00ebzimin e PHP t\u00eb faqes suaj t\u00eb internetit. Le t\u00eb shohim tet\u00eb veprimet q\u00eb mund t\u00eb nd\u00ebrmerrni p\u00ebr t’u siguruar q\u00eb PHP nuk u jep sulmuesve nj\u00eb rrug\u00eb drejt t\u00eb dh\u00ebnave tuaja.<\/p>\n
Versionet e reja t\u00eb PHP shpesh prezantojn\u00eb rregullime p\u00ebr dob\u00ebsit\u00eb e siguris\u00eb. N\u00ebse nuk po ekzekutoni versionin m\u00eb t\u00eb fundit, haker\u00ebt mund t\u00eb ekspozojn\u00eb potencialisht ato dob\u00ebsi t\u00eb njohura. Prandaj, mbajtja e softuerit tuaj t\u00eb p\u00ebrdit\u00ebsuar \u00ebsht\u00eb nj\u00eb nga praktikat m\u00eb t\u00eb r\u00ebnd\u00ebsishme t\u00eb siguris\u00eb p\u00ebr PHP.<\/p>\n
Mund t\u00eb kontrolloni versionin m\u00eb t\u00eb fundit t\u00eb q\u00ebndruesh\u00ebm t\u00eb PHP n\u00eb faqen zyrtare t\u00eb internetit. N\u00ebse nuk e p\u00ebrdorni k\u00ebt\u00eb version, faqja juaj mund t\u00eb jet\u00eb n\u00eb rrezik.<\/p>\n
Nj\u00eb certifikat\u00eb Secure Sockets Layer (SSL) \u00ebsht\u00eb thelb\u00ebsore p\u00ebr transferimin e sigurt t\u00eb skedar\u00ebve n\u00ebp\u00ebrmjet HyperText Transfer Protocol Secure (HTTPS) n\u00eb vend t\u00eb HyperText Transfer Protocol (HTTP). Kjo certifikat\u00eb \u00ebsht\u00eb e r\u00ebnd\u00ebsishme p\u00ebr \u00e7do faqe interneti, por \u00ebsht\u00eb ve\u00e7an\u00ebrisht jetike n\u00ebse grumbulloni ose transmetoni informacione t\u00eb ndjeshme, si p.sh. detajet e pages\u00ebs s\u00eb klient\u00ebve. N\u00ebse faqja juaj p\u00ebrmban funksionalitetin e qasjes, nj\u00eb certifikat\u00eb SSL mund t\u00eb parandaloj\u00eb gjithashtu pal\u00ebt e treta keqdash\u00ebse q\u00eb t\u00eb p\u00ebrgjojn\u00eb dhe vjedhin emrat e p\u00ebrdoruesve dhe fjal\u00ebkalimet e vizitor\u00ebve.<\/p>\n
N\u00eb Hostinkos Hosting, ne ofrojm\u00eb nj\u00eb s\u00ebr\u00eb certifikatash SSL nga nj\u00eb shum\u00ebllojshm\u00ebri e gjer\u00eb ofruesish. Ne kemi besim se do t\u00eb gjeni nj\u00eb zgjidhje q\u00eb plot\u00ebson nevojat tuaja ekzakte.<\/p>\n
Sulmet XSS ndodhin kur nj\u00eb haker shfryt\u00ebzon nj\u00eb dob\u00ebsi n\u00eb faqen tuaj t\u00eb internetit. Si pjes\u00eb e k\u00ebsaj nd\u00ebrhyrjeje, agjenti do t\u00eb ngarkoj\u00eb nj\u00eb skript me q\u00ebllim t\u00eb keq, i cili m\u00eb pas mund t\u00eb ekzekutohet n\u00eb an\u00ebn e klientit n\u00eb shfletues. Krimineli kibernetik gjithashtu mund t\u00eb ekzekutoj\u00eb skriptin n\u00eb serverin tuaj.<\/p>\n
Nj\u00eb shembull i nj\u00eb sulmi XSS \u00ebsht\u00eb kur faqja juaj pranon hyrjen e p\u00ebrdoruesit dhe e printon at\u00eb drejtp\u00ebrdrejt n\u00eb faqen e internetit. N\u00eb k\u00ebt\u00eb skenar, nj\u00eb haker mund t\u00eb ekzekutoj\u00eb kodin n\u00eb distanc\u00eb duke paraqitur JavaScript, HTML ose edhe CSS n\u00eb faqen tuaj t\u00eb internetit.<\/p>\n
Pal\u00ebt e treta t\u00eb k\u00ebqija shpesh p\u00ebrdorin sulme XSS p\u00ebr t\u00eb vjedhur t\u00eb dh\u00ebna, duke p\u00ebrfshir\u00eb fjal\u00ebkalimet e klient\u00ebve tuaj dhe informacionin e pages\u00ebs. Disa pushtime madje mund t\u00eb ndryshojn\u00eb m\u00ebnyr\u00ebn se si duket ose sillet faqja juaj. P\u00ebr shembull, haker\u00ebt mund t\u00eb p\u00ebrdorin nj\u00eb XSS p\u00ebr t\u00eb ridrejtuar vizitor\u00ebt tuaj n\u00eb nj\u00eb faqe tjet\u00ebr interneti.<\/p>\n
Sulmet XSS jan\u00eb jasht\u00ebzakonisht t\u00eb njohura me kriminel\u00ebt kibernetik\u00eb. N\u00eb vitin 2020, Wordfence identifikoi 330 milion\u00eb sulme XSS t\u00eb tentuara, duke e b\u00ebr\u00eb at\u00eb kategorin\u00eb e kat\u00ebrt m\u00eb t\u00eb shpesht\u00eb t\u00eb dob\u00ebsive t\u00eb sulmuara.<\/p>\n
Ju mund t\u00eb mbroni nga ky sulm i shpesht\u00eb duke pastruar t\u00eb dh\u00ebnat tuaja. filter_var<\/em> i PHP p\u00ebrmban tregues dezinfektimi q\u00eb ju mund\u00ebsojn\u00eb t\u00eb kontrolloni t\u00eb gjitha t\u00eb dh\u00ebnat e dor\u00ebzuara nga p\u00ebrdoruesit. M\u00eb pas mund t\u00eb hiqni t\u00eb gjitha vlerat q\u00eb nuk jan\u00eb t\u00eb llojit t\u00eb pritur. P\u00ebr shembull, n\u00ebse b\u00ebni nj\u00eb thirrje te filter_var ($ val, FILTER_SANITIZE_NUMBER_INT),<\/em> t\u00eb gjith\u00eb karakteret q\u00eb nuk jan\u00eb numra do t\u00eb fshihen. Kjo mund t\u00eb ndihmoj\u00eb t\u00eb siguroheni q\u00eb po merrni t\u00eb dh\u00ebna legjitime dhe jo skripte me q\u00ebllim t\u00eb keq.<\/p>\n Ju gjithashtu mund t\u00eb p\u00ebrdorni v\u00ebrtetimin p\u00ebr t\u00eb verifikuar q\u00eb vlerat e dor\u00ebzuara nga p\u00ebrdoruesi p\u00ebrputhen me pritjet tuaja. Ju mund ta kryeni k\u00ebt\u00eb v\u00ebrtetim duke p\u00ebrdorur praktikat e siguris\u00eb filter_var<\/em> p\u00ebr funksionin PHP, t\u00eb tilla si filter_var ($ _GET [’email’], FILTER_VALIDATE_EMAIL)<\/em>.<\/p>\n N\u00ebse ky funksion jep nj\u00eb gabim, t\u00eb dh\u00ebnat ka t\u00eb ngjar\u00eb t\u00eb jen\u00eb t\u00eb pavlefshme. Mund t\u00eb m\u00ebsoni m\u00eb shum\u00eb rreth k\u00ebtyre praktikave t\u00eb r\u00ebnd\u00ebsishme t\u00eb siguris\u00eb p\u00ebr PHP n\u00eb dokumentacionin zyrtar t\u00eb ve\u00e7orive t\u00eb validimit.<\/p>\n N\u00ebse futni ndonj\u00eb ‘input’ t\u00eb p\u00ebrdoruesit drejtp\u00ebrdrejt n\u00eb nj\u00eb deklarat\u00eb SSL, ju po e lini faqen tuaj t\u00eb pambrojtur ndaj sulmeve t\u00eb injektimit SQL. K\u00ebtu nj\u00eb pal\u00eb e tret\u00eb keqdash\u00ebse p\u00ebrpiqet t\u00eb thyej\u00eb pyet\u00ebsorin e synuar SQL dhe n\u00eb vend t\u00eb k\u00ebsaj k\u00ebrkon informacione t\u00eb ndryshme, si p.sh. detajet e pages\u00ebs s\u00eb klientit.<\/p>\n P\u00ebr t’u mbrojtur kund\u00ebr k\u00ebtyre sulmeve t\u00eb injektimit, \u00ebsht\u00eb e r\u00ebnd\u00ebsishme t\u00eb siguroheni q\u00eb vlerat e futura jan\u00eb shmangur si\u00e7 duhet. Ju mund ta arrini k\u00ebt\u00eb duke p\u00ebrdorur nj\u00eb deklarat\u00eb t\u00eb p\u00ebrgatitur p\u00ebr t\u00eb ekzekutuar t\u00eb gjitha deklaratat tuaja SQL.<\/p>\n Si pjes\u00eb e nj\u00eb deklarate t\u00eb p\u00ebrgatitur, modeli i deklarat\u00ebs SQL krijohet dhe d\u00ebrgohet n\u00eb baz\u00ebn e t\u00eb dh\u00ebnave. Baza e t\u00eb dh\u00ebnave m\u00eb pas analizon, p\u00ebrpilon dhe kryen optimizimin e pyet\u00ebsor\u00ebve n\u00eb shabllonin SQL dhe ruan rezultatin pa e ekzekutuar at\u00eb.<\/p>\n M\u00eb pas aplikacioni lidh vlerat me parametrat dhe ekzekuton deklarat\u00ebn. Meqen\u00ebse parametrat transferohen m\u00eb von\u00eb duke p\u00ebrdorur nj\u00eb protokoll tjet\u00ebr, kjo nuk l\u00eb vend p\u00ebr nj\u00eb sulm t\u00eb injektimit SQL.<\/p>\n Ju gjithashtu mund t\u00eb v\u00ebrtetoni llojin e t\u00eb dh\u00ebnave t\u00eb hyrjes duke p\u00ebrdorur funksionin bind_param<\/em>. Ky funksion lidh parametrat me pyetjen SQL dhe i tregon baz\u00ebs s\u00eb t\u00eb dh\u00ebnave se cilat jan\u00eb k\u00ebto parametra. P\u00ebr shembull:<\/p>\n K\u00ebtu, SSS liston llojet e t\u00eb dh\u00ebnave q\u00eb duhet t\u00eb p\u00ebrfshijn\u00eb k\u00ebto parametra. K\u00ebto argumente mund t\u00eb jen\u00eb ose: \u00cbsht\u00eb gjithashtu e zgjuar t\u00eb p\u00ebrdoret Object Relational Mapping (ORM), t\u00eb tilla si Doctrine ose Eloquent. Kjo zvog\u00eblon shanset q\u00eb haker\u00ebt t\u00eb injektojn\u00eb pyet\u00ebsor SQL.<\/p>\n CSRF ndodh kur nj\u00eb haker kryen veprime t\u00eb pad\u00ebshiruara n\u00eb faqen tuaj t\u00eb internetit. Si pjes\u00eb e k\u00ebtij sulmi, pala e tret\u00eb e keqdash\u00ebse p\u00ebrpiqet t\u00eb transferoj\u00eb komanda me q\u00ebllim t\u00eb keq n\u00eb faqen tuaj.<\/p>\n Nd\u00ebrhyr\u00ebsi nuk mund t\u00eb shoh\u00eb p\u00ebrgjigjet ndaj k\u00ebrkesave t\u00eb falsifikuara, k\u00ebshtu q\u00eb sulmet CSRF synojn\u00eb kryesisht k\u00ebrkesat q\u00eb ndryshojn\u00eb gjendjen. Krimineli kibernetik mund t\u00eb d\u00ebrgoj\u00eb nj\u00eb lidhje ose t\u00eb ndryshoj\u00eb t\u00eb dh\u00ebnat n\u00eb nj\u00eb tag HTML, i cili shkakton nj\u00eb ndryshim t\u00eb gjendjes, si\u00e7 \u00ebsht\u00eb transferimi i fondeve ose modifikimi i kredencialeve t\u00eb qasjes s\u00eb p\u00ebrdoruesit.<\/p>\n P\u00ebr t\u00eb nisur nj\u00eb pushtim CSRF, nj\u00eb haker duhet t\u00eb dij\u00eb parametrat dhe kombinimet e vlerave q\u00eb p\u00ebrdorni n\u00eb fushat e hyrjes s\u00eb p\u00ebrdoruesit. Ju mund ta ndihmoni serverin t\u00eb zbuloj\u00eb k\u00ebrkesat e pavlefshme duke shtuar nj\u00eb paramet\u00ebr shtes\u00eb me nj\u00eb vler\u00eb q\u00eb \u00ebsht\u00eb e panjohur p\u00ebr hakerin.<\/p>\n Nj\u00eb qasje \u00ebsht\u00eb p\u00ebrdorimi i nj\u00eb token anti-CSRF. Ky \u00ebsht\u00eb nj\u00eb varg i rast\u00ebsish\u00ebm q\u00eb \u00ebsht\u00eb i njohur vet\u00ebm p\u00ebr shfletuesin e vizitorit dhe web aplikacionin tuaj. Zakonisht ruhet brenda nj\u00eb ndryshoreje sesioni. Ju mund ta shtoni k\u00ebt\u00eb token n\u00eb nj\u00eb fush\u00eb t\u00eb fshehur q\u00eb d\u00ebrgohet me k\u00ebrkes\u00ebn.<\/p>\n Serveri do ta pranoj\u00eb k\u00ebrkes\u00ebn tuaj vet\u00ebm n\u00ebse vlerat e ndryshores s\u00eb sesionit dhe fusha e form\u00ebs s\u00eb fshehur p\u00ebrputhen. P\u00ebr shkak t\u00eb politik\u00ebs s\u00eb origjin\u00ebs s\u00eb nj\u00ebjt\u00eb, haker\u00ebt nuk mund t\u00eb lexojn\u00eb p\u00ebrgjigjen q\u00eb p\u00ebrmban token.<\/p>\n P\u00ebrndryshe, mund t\u00eb p\u00ebrdorni atributin e cookie-ve SameSite. Kjo parandalon q\u00eb shfletuesit t\u00eb shtojn\u00eb automatikisht cookie n\u00eb k\u00ebrkesa, pavar\u00ebsisht se nga e kan\u00eb origjin\u00ebn. Ju mund t\u00eb shtoni atributin SameSite n\u00eb header t\u00eb p\u00ebrgjigjes SetCookie kur serveri l\u00ebshon nj\u00eb cookie:<\/p>\n N\u00ebse e vendosni atributin SameSite n\u00eb Strict, shfletuesi nuk do t\u00eb p\u00ebrfshij\u00eb skedarin cockies n\u00eb asnj\u00eb k\u00ebrkes\u00eb q\u00eb vjen nga nj\u00eb sajt tjet\u00ebr. Megjithat\u00eb, kjo mund t\u00eb ndikoj\u00eb n\u00eb P\u00ebrvoj\u00ebn e P\u00ebrdoruesit (UX).<\/p>\n Rr\u00ebmbimi i sesionit (ang. session hijacking) ndodh kur nj\u00eb haker vjedh fshehurazi ID-n\u00eb e sesionit t\u00eb vizitorit. Kjo ID m\u00eb pas d\u00ebrgohet te serveri, ku grupi $_SESSION<\/em> validon ruajtjen e tij n\u00eb stack.<\/p>\n N\u00eb k\u00ebt\u00eb pik\u00eb, hakeri do t\u00eb ket\u00eb akses n\u00eb web aplikacion. Rr\u00ebmbimi i sesionit mund t\u00eb ndodh\u00eb n\u00ebp\u00ebrmjet nj\u00eb sulmi XSS, ose kur agjenti fiton hyrjen n\u00eb drejtorin\u00eb ku ruani t\u00eb dh\u00ebnat e sesionit.<\/p>\n P\u00ebr t\u00eb parandaluar q\u00eb kjo t\u00eb ndodh\u00eb, ne rekomandojm\u00eb lidhjen e ID-s\u00eb s\u00eb sesionit me vetit\u00eb e tjera t\u00eb p\u00ebrdoruesit ose klientit. Nj\u00eb m\u00ebnyr\u00eb e mundshme p\u00ebr ta b\u00ebr\u00eb k\u00ebt\u00eb \u00ebsht\u00eb duke e lidhur sesionin me adres\u00ebn IP t\u00eb klientit:<\/p>\n N\u00ebse web aplikacioni zbulon ndonj\u00eb ndryshim n\u00eb k\u00ebt\u00eb ve\u00e7ori n\u00eb mes t\u00eb nj\u00eb sesioni t\u00eb vendosur, \u00ebsht\u00eb nj\u00eb tregues i fort\u00eb se nj\u00eb pal\u00eb e tret\u00eb po p\u00ebrpiqet t\u00eb kap\u00eb sesionin. M\u00eb pas mund t\u00eb nd\u00ebrmerrni veprime p\u00ebr t\u00eb mbrojtur faqen tuaj t\u00eb internetit dhe vizitor\u00ebt tuaj. P\u00ebr shembull, ju mund t\u00eb p\u00ebrfundoni sesionin e dyshimt\u00eb.<\/p>\n Vet\u00ebm kini parasysh se nj\u00eb haker i aft\u00eb mund t\u00eb jet\u00eb n\u00eb gjendje t\u00eb rip\u00ebrdor\u00eb t\u00eb nj\u00ebjt\u00ebn adres\u00eb IP q\u00eb i \u00ebsht\u00eb caktuar vizitorit. Ata mund ta arrijn\u00eb k\u00ebt\u00eb duke p\u00ebrdorur t\u00eb nj\u00ebjtin proxy web-outbound<\/em> ose duke modifikuar manualisht User-Agent-in p\u00ebr t\u00eb imituar vizitorin. Sidoqoft\u00eb, nd\u00ebrsa lidhja nuk \u00ebsht\u00eb e garantuar se do t’ju mbroj\u00eb kund\u00ebr k\u00ebtij lloji t\u00eb sulmit t\u00eb sofistikuar t\u00eb rr\u00ebmbimit t\u00eb sesioneve, ai mund ta b\u00ebj\u00eb faqen tuaj m\u00eb pak t\u00eb ndjeshme.<\/p>\n Mesazhet e gabimit jan\u00eb jetike kur nd\u00ebrtoni dhe testoni faqen tuaj t\u00eb internetit. K\u00ebto mesazhe mund t\u00eb ofrojn\u00eb informacion t\u00eb vlefsh\u00ebm p\u00ebr \u00e7do problem me faqen tuaj, gj\u00eb q\u00eb mund t’ju ndihmoj\u00eb t’i zgjidhni \u00e7\u00ebshtjet n\u00eb m\u00ebnyr\u00eb m\u00eb efikase. Njoftimet e gabimeve mund t\u00eb theksojn\u00eb gjithashtu probleme delikate q\u00eb p\u00ebrndryshe nuk mund t’i keni v\u00ebn\u00eb re.<\/p>\n Fatkeq\u00ebsisht, haker\u00ebt mund t\u00eb armatizojn\u00eb mesazhet e gabimit kund\u00ebr jush. Nj\u00eb kriminel kibernetik mund t\u00eb p\u00ebrdor\u00eb informacionin q\u00eb p\u00ebrmban p\u00ebr t\u00eb m\u00ebsuar m\u00eb shum\u00eb rreth sajtit tuaj dhe p\u00ebr t\u00eb identifikuar \u00e7do boshll\u00ebk sigurie q\u00eb mund t\u00eb shfryt\u00ebzoj\u00eb.<\/p>\n P\u00ebr k\u00ebt\u00eb arsye, \u00ebsht\u00eb e r\u00ebnd\u00ebsishme t\u00eb fshehni mesazhet e gabimit kur vendosni faqen tuaj n\u00eb nj\u00eb server live. P\u00ebr ta arritur k\u00ebt\u00eb, ju rekomandojm\u00eb t\u00eb vendosni parametrin e m\u00ebposht\u00ebm n\u00eb skedarin php.ini t\u00eb faqes suaj:<\/p>\n N\u00eb m\u00ebnyr\u00eb tipike, ju nuk do t\u00eb d\u00ebshironi t’i hidhni t\u00ebr\u00ebsisht k\u00ebto mesazhe gabimi, pasi ato mund t\u00eb jen\u00eb t\u00eb dobishme p\u00ebr diagnostikimin e \u00e7do problemi n\u00eb t\u00eb ardhmen. Ju mund t\u00eb regjistroni gabimet PHP n\u00eb nj\u00eb skedar specifik duke p\u00ebrdorur komand\u00ebn e m\u00ebposhtme:<\/p>\n Kjo do t\u00eb regjistroj\u00eb t\u00eb gjitha gabimet tuaja PHP n\u00eb nj\u00eb skedar t\u00eb quajtur php_error.log<\/em>. Ju mund t\u00eb ndryshoni emrin e k\u00ebtij skedari n\u00ebse d\u00ebshironi.<\/p>\n Hostimi \u00ebsht\u00eb nj\u00eb faktor vendimtar n\u00eb sigurimin e faqes tuaj kund\u00ebr nj\u00eb game t\u00eb gjer\u00eb sulmesh, duke p\u00ebrfshir\u00eb ata q\u00eb synojn\u00eb n\u00eb m\u00ebnyr\u00eb specifike PHP. N\u00eb Hostinkos Hosting, t\u00eb gjitha planet tona t\u00eb pritjes vijn\u00eb me nj\u00eb s\u00ebr\u00eb ve\u00e7orish t\u00eb integruara sigurie, duke p\u00ebrfshir\u00eb mbrojtjen HackScan, e cila mund t\u00eb ndihmoj\u00eb n\u00eb bllokimin e haker\u00ebve p\u00ebrpara se t\u00eb d\u00ebmtojn\u00eb faqen tuaj.<\/p>\n Ne gjithashtu e kuptojm\u00eb se nevojat e siguris\u00eb s\u00eb \u00e7do faqe interneti jan\u00eb unike. Kjo \u00ebsht\u00eb arsyeja pse ne sigurojm\u00eb q\u00eb ju t\u00eb keni akses t\u00eb leht\u00eb n\u00eb t\u00eb gjitha shtesat q\u00eb ju nevojiten p\u00ebr t\u00eb siguruar faqen tuaj t\u00eb internetit. T\u00eb gjitha planet tona p\u00ebrfshijn\u00eb panelin e kontrollit cPanel miq\u00ebsor p\u00ebr p\u00ebrdoruesit dhe instaluesin Softaculous.<\/p>\n N\u00eb Hostinkos Hosting, t\u00eb gjitha planet tona vijn\u00eb me ve\u00e7ori t\u00eb integruara sigurie q\u00eb mund t\u00eb ndihmojn\u00eb n\u00eb forcimin e mbrojtjes suaj kund\u00ebr t\u00eb gjitha sulmeve t\u00eb njohura t\u00eb bazuara n\u00eb PHP, duke p\u00ebrfshir\u00eb XSS!<\/p>\n","protected":false},"excerpt":{"rendered":" Si nj\u00eb pronar i p\u00ebrgjegjsh\u00ebm i uebfaqes, ka t\u00eb ngjar\u00eb t\u00eb d\u00ebshironi t\u00eb b\u00ebni gjith\u00e7ka n\u00eb fuqin\u00eb tuaj p\u00ebr t’i mbajtur vizitor\u00ebt tuaj t\u00eb sigurt. Sidoqoft\u00eb, ekziston nj\u00eb aspekt i siguris\u00eb q\u00eb \u00ebsht\u00eb i leht\u00eb p\u00ebr t’u anashkaluar: Hypertext Preprocessor, i njohur m\u00eb mir\u00eb si […]<\/p>\n","protected":false},"author":1,"featured_media":4460,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[6,4],"tags":[874,876,875,30],"class_list":["post-4458","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-design","category-wordpress","tag-php-security","tag-security-practices","tag-sql","tag-ssl"],"yoast_head":"\n4. P\u00ebrdorni deklarata (statements) t\u00eb p\u00ebrgatitura SQL<\/h3>\n
$stmt->bind_param(\"sss\", $firstname, $mbiemri, $email);<\/pre>\n
i (integer)<\/code>,\u00a0d (double)<\/code>,\u00a0s (string)<\/code>, ose b (BLOB)<\/code>. Duke i treguar baz\u00ebs s\u00eb t\u00eb dh\u00ebnave se \u00e7far\u00eb lloji t\u00eb t\u00eb dh\u00ebnave duhet t\u00eb prisni, ju mund t\u00eb minimizoni m\u00eb tej rrezikun e injektimeve SQL.<\/p>\n5. Mbrohuni kund\u00ebr sulmeve CSRF<\/h3>\n
SetCookie: SessionId=sYMnfCUrAlmqVVZn9dqevxyFpKZt30NN; SameSite=Strict;<\/pre>\n
6. Nd\u00ebrlidhni IP adres\u00ebn tuaj me ID t\u00eb sesionit<\/h3>\n
$IP = getenv ( \"REMOTE_ADDR\" );<\/pre>\n
7. Fshih t\u00eb gjitha gabimet n\u00eb produksion<\/h3>\n
display_errors=Off<\/pre>\n
log_errors=On\nerror_log=\/var\/log\/httpd\/php_error.log<\/pre>\n
8. Zgjidhni nj\u00eb ofrues t\u00eb besuesh\u00ebm t\u00eb hostimit<\/h3>\n