Site Security - It is a Multi-Faceted Endeavor and .htaccess is a Must!
As an ecommerce business owner, you certainly understand the critical importance of protecting customer personal and financial information as purchases are made on your site. You monitor this security regularly and update it as needed. Insecure checkout procedures are simply disasters waiting to happen, and so you are fully diligent! How about other security that you may not even be thinking about?
Cyber crime is not just about hacking into your checkout process. It can be many other things, as recent horror stories disclose. Criminals have stolen the PayPal logo and sent mass email notifications requesting that account holders update their information; bank logos have been stolen for the same purposes. Stealing your logos, images, and other site content, and then re-directing customers to a "fake" site has become rampant, and unsuspecting customers make purchases and, worse, provide credit card information to these criminals, who can then wreck havoc on the customers' lives!
You owe it to your customers and to yourself to do everything in your power to prevent hackers from stealing from you, whether it be from re-direction or simply stealing content, articles and blogs, etc. that you have worked hard to develop for your visitors/customers. You do this by using an .htaccess file, so that you then prevent anything from being "lifted" from your site and re-used elsewhere.
As a business owner, you may not understand what an .htaccess file is and exactly what it accomplishes, but that does not matter. A professional webmaster or website developer will, and you can be certain that s/he will understand exactly how to use it in your best interests.
Basically, an .htaccess file will determine exactly who can access your files to make changes, to copy, to delete, etc., and it sets up firewalls that hackers cannot penetrate to steal from you. As well, it protects you as you do many other things. Suppose, for example, that you have a new website, and you want to re-direct your customers from your old one. .htaccess can place error messages onto your site which inform customers that a page no longer exists or provide a secure URL address to navigate to your new site.
Often, when hackers steal your images, they are also stealing your bandwidth, as they do not re-upload that image to their servers. Part of .htaccess provides hotlink protection that will now allow such activity!
If you have suspicions that other sites are accessing your files, you can ban such sites from any access to your site. You developer (on staff or contracted) will know exactly how to add code to your .htaccess file to ban them.
Your .htaccess file can also hold specific password protection that will only allow certain individuals access to any of your directory files. This is certainly an important feature, expecially if those passwords are very strong.
Are their drawbacks? Of course, just as there are with any security protocol.
1. .htaccess files only work if the codes are exactly correct. An extra space, one to many hash marks, etc. will render them useless, so be very careful when installing them.
2. As with anything, there is always the possibility that unauthorized users can open you .htaccess files and alter/delete them. Preventing this requires regular and diligent checking!
.htaccess is by no means the ultimate security tool. It is, however, an important piece in your overall security tool box, as you strive to protect yourself and your customers from hacking and highjacking. Security is a never-ending battle, and you must accept this fact and continually evaluate and update your security measures.