Now that we covered most basic types of attacks its time to give some extra tips to owners of e-commerce websites.As most of the internet population that own some site is actually trying to sell something they have bigger risk of getting hacked because not only ethical hackers who are seeking for information will target them but also bad guys who want credit card and other money related information(paypals and other payment accounts)so they should be even more focused on their websites security than owners of the websites that don't sell anything.They should apply all the above protections against those basic attacks and they should consider how to stay safe even if their website

gets hacked.Because if information from database gets disclosed they have allot to lose.That is what this course part is all about.
BASIC THINGS TO STAY SAFE
Main thing you want to protect here is database and there is lot of ways how u can do it.I suggest that you use all the tips on your website's database instead using just some.
First thing someone will look once they gain access to your host is configuration file that contains nonecrypted information for connecting to database,so first thing that should be done is to move configuration data to some other file above public_html and make necessary editing in original configuration file to so when server need to connect to your database it knows that info is stored in other file.I will explain how to do this in details in some other tutorial.Main thing that you are achieving here is that your configuration file stay on the same place but with no real info.So when someone find it they are actually getting fake data.
Next thing also important and it related to above is to encrypt those two php files.Configuration with fake info and real one which is above public_html.

How will you encrypt them its up to you,there are allot of tools and frameworks that will do the job for you like phplockit,ioncube,zend and more.You can also encrypt it with php functions like gzinflate and similar which is not recommended because they are too easy to decrypt.One thing you can do is to „fake it here“.All of you that used those kind of tools know that on every php file they encrypt they leave details in comment like website from where tool originated and name of the tool.So thing you can do here is to encrypt your file for example with ioncube and put in comments from zend.This will confuse non experienced people allot.So you will get rid of good % of attackers.
But what if someone manages to get your database?They will have what they need?Not if you do some tweaking there.First when making your website make sure you use e-commerce script that have ability to encrypt data inside database.Oscommerce have that option for example,but its not the only one allot of other e-commerce scripts have that option too.So make sure you use it!!Next thing is if your script is using some key stored in php file encrypt that file also to make it allot harder for attackers to get.
Good tip is to store sensitive data on other server in the way that all normal information are stored in database on same server but credit cards for example are stored on some other server.This will require some coding unless you find some precoded script to do it.
There is allot more tips and tricks to stay safe but i won't mention them here since this would turn into a book if i continue.