I've taken over our site and I'm trying to make a few aspects more secure. Originally it was just posts here and there, some minor, hand held php editing, but this is getting deep now.
The biggest issue is this: We have a .com/login addition to our site. When there, credentials are required. However, someone clever can navigate out of this area without additional credentials by manipulating this part of the url: "content.php?user=MANIPULATE&folder=MANIPULATE". There's two ways to do it: Either they know another folder and enter that in the two areas, or they can enter our company name and the very worse possible thing happens, it takes them to the root folder where all the folders are (folder is called "projects").
This is dangerous, and we like to keep our clients info private. How can I require credentials at any navigation?
I included the "content.php" part of the url to say that I assume I may have to edit this php or add the .htaccess in this area. Our login site is controlled by 3 phps that I have, a login.php, a check_login.php and a site_config.php. These 3, to my best understanding, control the password to add users and the makeup of those pages.
I feel as tho an htaccess in the login folder would suffice, but I wouldn't begin to know how to build it.
Not to ask for the world, but another smaller issue is this:
A while back, we realized individuals applied via our careers site could search our company name and eventually be lead to our /themes/uploads folder. I put a robots.txt to prevent that, but still, someone could still access the material if they know the url. This isn't too difficult since many of these WordPress themes are built the same. This goes for our /images folder, etc. Now, the trick is, I learned how to prevent access altogether, and I got a nice forbid error. But if I forbid access to images (I had set up a "images_test" folder to be sure) I lose the links that WordPress/BlueHost has to certain images required by our custom CSS.
How can I have my cake and eat it too? Prevent these from being viewed but also maintain their links?
It seems there are alot of security holes and your site is large, how about using sessions and insert checks for every page, and use methods="post" for forms, there are also nice php functions that help in processing page requests before a page is sent, like the mysql_prep() just as an example