Final steps to secure codeigniter commerce site on vps?

I am about to launch my e-commerce site, which is built on the codeigniter framework, and I was just wondering if there are some not so obvious security things I should do before 开发者_高级运维launching.

I have an SSL cert already to handle in site credit card processing, and I have changed the codeigniter config files to supress php errors etc. I also am utilizing the csrf_protection library and using the tank auth library for logins/registrations.

Is there anything else I should be doing here?

What have you done to secure the VPS itself?

Some examples:

• Configured access restrictions on your database and other applications
• SSH access is secured correctly
• Disabled root login
• Removed or secured any other web-facing code, such as phpMyAdmin
• Set up iptables if necessary to block access to local applications

Do you have all your software up-to-date? You should make sure there are no security updates for the entire OS.

Also, make sure you don't use easy-to-guess passwords on any admin accounts. When in doubt, make them long and hard to guess.

If you are handling credit cards internally, you should have had to meet PCI Compliance Standards.

SSL Certificate Check: http://www.digicert.com/help/