Having a fully functioning e-mail delivery system, we now want to ensure that we secure it as best we can, namely, by preventing both unauthorized access and exposure to potential vulnerabilities.
In this chapter, you will learn some techniques to further restrict and secure your phpList installation. These include:
- Changing the administrator password
- Confirming
.htaccess mod_accessrestrictions - Securing the admin pages with an additional (.htaccess
mod_auth)password - Confirming appropriate filesystem permissions
Your password is the "key" to your phpList installation. Just as you wouldn't leave your house keys outside the front door, or your PIN number written onto your bank cards, security begins with effective password management.
A strong password is one that is difficult to detect by humans or computers. It is generally accepted that a strong password:
- Is unique to this application (that is, don't use the same password that you use elsewhere).
- Is at least eight characters long.
- Contains numbers and letters in both upper and lower case. Consider using symbols too.
There are several websites that will help generate / validate strong passwords. (Just search the web for "how strong is my password?").
Hopefully, you'll already have changed the "admin" password from the default "phplist", but make sure it's set to a strong password that won't be guessable (that is, if your domain is "fuzzyslippers.com", don't make the password "fuzzyslippers!").
To change the admin password, click on the admins link on the main page:
Click on your admin account (you can have multiple administrators):
Change your password (displayed in clear text) and click on Save Changes:
