While web development is something I tend not to do, but despite that have somehow done quite a lot over the years (I’m still trying to figure that one out,) I was having a think about web security the other day. Now, with so many various web content management systems and forum scripts, it’s not surprising the amount of vulnerabilites they tend to accumulate.

Now many websites are essentially static content, but run content management systems because of the powerful functionality they leverage and how easy they make it to modify your site content. But as these systems become older and aren’t updated, there’s a tendency for the security vulnerabilities to be uncovered and exploited. So my thoughts were, how about securing the CMS really tightly (.htaccess and IP range locking, or whatever takes your fancy) and then bake the essentially generated PHP (for example) files to public html files whenever a change is made. The scripts which are susceptible to exploitation are locked away more securely than they would be otherwise. Just a musing.