Sites for reference – Magento & HTTP headers

An online checker for gzip output from servers:

And for those file permissions to make a site secure for Magento:

find . -type f -exec chmod 400 {} \;
find . -type d -exec chmod 500 {} \;
find var/ -type f -exec chmod 600 {} \;
find media/ -type f -exec chmod 600 {} \;
find var/ -type d -exec chmod 700 {} \;
find media/ -type d -exec chmod 700 {} ;
But if you want to add in an extension, you need to set them thus:

find . -type d -exec chmod 700 {} \;
find . -type f -exec chmod 600 {} \;
Then reset the file permissions with the first set of commands after the extenions are loaded.

These commands really lock down the server and it can be a pain to reset the permissions to allow updates etc., but if you’re having troubles with hack attempts, this is one way to be sure you haven’t left the key under the mat.