diff --git a/security.md b/security.md
new file mode 100644
index 0000000..93c714a
--- /dev/null
+++ b/security.md
@@ -0,0 +1,21 @@
+Here are settings for secure installation
+
+### General
+. Please do not use simple passwords like 123456 or password.
+
+
+### Apache
+For Apache there is the .htaccess file, that has all you need for avoiding user access to files.
+
+### Nginx
+You have to add to your server directive of your page (in nginx.conf) deny to some files, like: 
+
+```
+location ^~ /sqlite.db3 {
+    deny all;
+}
+location ^~ /cronchk.php {
+    deny all;
+}
+```
+This has to be before any other location directive