One of the common concerns about a web dev tool like Instant IDE is whether or not it’s secure enough to be used on your (or your clients) valuable websites. So in this article I just want to take a few minutes and explain in detail how we went to great lengths to offer an appropriately secure web-based IDE.
Starting with the basics…
- First and foremost Instant IDE has been professionally coded to produce a web application that abides by strict “good practices” coding standards. This helps ensure that things are reliable and predictable.
- From here we prevent the Instant IDE directory from being indexed by way of a simple HTACCESS code snippet.
- Then you have the secure, session-based login form that ensures that only those who know the correct username and password will gain access (and these passwords are stored in “hashed” form to ensure that only the creator of such passwords know their actual value).
At this point Instant IDE is necessarily secure, but it’s easy to take things even further…
- The Instant IDE root directory can be renamed to anything you like. This means that if you decide to, you can name it something nearly impossible to guess and therefore essentially hidden from the outside world. The Instant IDE Manager Plugin makes this super simple by defaulting to a completely random directory name prior to its one-click install. So if you want to make it even more difficult for bots or search engines or any outside source from even locating your Instant IDE directory then this is the way to go.
- The included Instant IDE .htaccess file provides some commented-out security measures that can be enabled in a few taps of your keyboard. Things like IP Access Restriction, Password Protected Directories, and Forces SSL are some of the possibilities. Learn more about increasing security through the included HTACCESS file by reading the related article linked to below.
- Because Instant IDE is purely a file-based application (meaning there is not database interaction) it can be quickly installed and uninstalled either through FTP or the Instant IDE Manger Plugin. This means that if you’re going to go long periods of time between its use you can always just uninstall/delete Instant IDE until you’re ready to install and use it again on that particular website. It can literally be re-installed, account created, and logged into in about the same amount of time it takes you to open up and utilize your local FTP application. So other than permanent dev/sandbox sites where security is either less important or the site is already completely locked down, you can simply turn on/off Instant IDE through the simple Install/Uninstall process, ensuring the greatest amount of security possible.
The above represents an overview of how Instant IDE is already secured and can be even further secured, but it’s certainly not an exhaustive list. The bottom line is that Instant IDE is secure out of the box and can be practically “locked down” with a few further steps, but everything on the web is only as secure as the one using and managing the software. Whether we’re talking about Instant IDE or WordPress or your own custom website platform, YOU are the most critical part of security! It starts with a well coded, secure application, but ultimately ends with a smart user. So just be safe, use a strong password, and you should be good to go!
