- Code: Select all
1. Launch your favorite browser.
2. Enter the following URL in your address bar: http://localhost
3. You should then see the XAMPP splash page. Click "English." You will then see the XAMPP administrator panel, where you can find the XAMPP status and security configuration settings.
4. Click "Security."
5. XAMPP will then perform a security audit in your Windows system and setup. You will likely see errors; do not panic. Since you have not secured your XAMPP installation yet, you will likely see the following warnings:
These XAMPP pages are accessible by network for everyone -UNSECURE
The MySQL admin user root has NO password - UNSECURE
PhpMyAdmin is free accessible by network - UNSECURE
The FileZilla FTP password is still 'wampp' - UNSECURE
PHP is NOT running in "safe mode" – UNSECURE
A POP3 server like Mercury Mail is not running or is blocked by a firewall! - Unknown
7. The priority items to be fixed are: Directory Permissions, MySQL Password and PHPMyAdmin. Click the link: http://localhost/security/xamppsecurity.php that appears below the warning messages.
8. Under the MySQL section: “Root” Password, assign a new password and make sure to take note of it by writing it down in a safe location. Select “cookie” for PHPMyAdmin authentication.
Warning: Do NOT check “Save plain password in text file?”
Click “Password Changing.” You should then see: “The root password was successfully changed. Please restart MYSQL for loading these changes!”
9. To restart MySQL, go to the XAMPP Control panel (screenshot shown previously). Click “Stop” for MySQL. This will stop the MySQL service. It should look like the image below:
Click the “Start” button again to restart MySQL and implement your new password settings. If you see “running” under MySQL service, it has successfully restarted.
10. Now go back to the XAMPP security page (http://localhost/security/index.php). Let’s secure the XAMPP directory by implementing “Directory protection (.htaccess).”
First, enter the desired username and password under “XAMPP DIRECTORY PROTECTION (.htaccess).” Take note of these credentials and write them down in a safe location.
Warning: Do NOT check the “Safe plain password in text file?”
Now, click “Make Safe the XAMPP directory.” If the changes are successful, you should see the message:
SUCCESS: The XAMPP directory is protected now! All personal data was saved in the following file:
The password gets encrypted once it is stored in that location.
11. You can stop the “Filezilla” service in the XAMPP Control panel, as it is not required to test applications. The two most important services for developing web applications are Apache and MySQL. These should not be disabled if you want to properly test your applications locally.
but i think that not enought. some one can give me more tip to secure my webserver.
- i use ssl, what mod i can disabe in apache for more secure
- what function i can disable to anti backdoor and localhack, anti hacker
- how can i protect mysql database
- what way i can secure my winserver ?
please help me. thanks a lot