With shared hosting being so popular we thought we would make a blog post about how you can take proactive measures and prevent your website from being hacked. Each day hundreds of websites on the Internet are hacked and the owners of the websites are clueless as to why it happens. We want to educate users and help you to keep your website secure and safe.
Make a Strong Password for Cpanel and FTP
The easiest way hackers can get access to your website is by guessing your password. Keeping a strong password is crucial and is the first step in protecting your website.
Use a password with Upper case and lower case, numbers and symbols or characters. The longer the password the better. Change your password every 3 months at minimal. Lastly if you give your programmer access to your control panel always change your password once they are done working. Passwords can easily be stolen if your computer is infected with a trojan or virus as well so have a current virus scanner and Trojan software.
Personally I use: http://malwarebytes.org/mbam-download.php
The program is free and looks for Malware/Trojans. I recommend running it once a month.
Keep Your Software/Scripts Up To Date
Installing a script such as WordPress or Joomla and then leaving it to run itself is a sure way to invite hackers. Having a website on the Internet requires maintenance and up-keeping. You should ALWAYS check your software or script provider for updates, patches or new versions. When software is released not only are there new features but security is always tightened and bugs are also fixed. Making sure your script is up to date is critical is maintaining a safe website.
If you run a CMS or forum be sure to avoid too many random plugins. Plugins are a very easy way for hackers to attack as they are not verified by the original script provider in most cases. Use them at your own risk.
Blaming Others or Your Host
Okay so you got hacked and now submit a ticket to your web host and they give you advice but do not ‘fix’ the hacked website. Well, being in the industry for so many years I wanted to get this point straight. Web Hosting companies are not responsible for your website getting hacked. You are responsible for keeping your password secure and your website safe. As a web host we understand that you may not know what to do when you get hacked but the best method is doing some research. Do not expect your web host to clean your website. Your web host provides space and bandwidth. When your site is hacked it means you had some form of a vulnerability in your script or your password was leaked somehow. Being proactive is the best way to have a safe website on the Internet.
Keep Your PC Clean and Virus Free
As I previously mentioned keeping your local PC secure is crucial. A high percentage of hackers gain access to your website by placing a trojan, virus or key logger on your computer. I cannot stress enough on how important it is to keep your computer secure and safe. Use a good virus scanner and keep it up to date. Also keep a trojan scanner on your computer. Maintaining a clean PC is good practice as one of the most popular iFrame Hacks comes from an infected PC.
Here is a forum post I found on the iframe hack that may help
Backup your website!
I cannot stress this enough. Backing up your website is a must. You should always have a current copy of your website on your computer. I have seen too many people lose files or even there own website because they did not have a website backup. Your web host is NOT a backup provider so do not expect them to save you in case of a disaster. Always, always, always have a full site backup.
You can go inside the cPanel and click on the Backup Wizard icon to generate a full backup of all of your files and databases. This is the safest way to make a backup. After the backup is done you will get an email and then can download the backup to your computer. Do not keep the backup on your web hosts server as that would not be logical. As you read this, login to your cPanel and make a backup 🙂
Keep the files on your PC or a USB Key or External Hard Drive, it can save you from a major headache.
Avoid putting All Your Websites on One Hosting Plan (Get separate plans)
Yes it can cost more but there are many security risks when you put all your website on one hosting plan. With unlimited Addon Domains we understand it is tempting but personally it is much safer to have a separate control panel for each of your website. This way when you give a programmer access to your website they do not have access to all of your websites. Also, if your site gets hacked they can only access that one account, not all of your websites. You can prevent this by purchasing a Reseller Account or buying more than one Web Hosting plan even if you have unlimited space and bandwidth on your current plan.
Research and Read
No one expects you to read all the tech new and virus info. With the search engines at your finger tips you can find a vast amount of valuable information and tip on how to have a safe home for your website on the Internet. Just check your script providers forums, read some articles and general knowledge of what you’re doing can be very beneficial.
Secure Your File and Folder Permissions (CHMOD)
Many scripts these day require you to set 777 permissions on files and or folder. This is NOT safe in any way and we highly recommend you do not do that. 777 allows users to read/write/execute meaning they have full access to that folder and file. To remedy this always use 755 or 644 permissions. Your script should still operate without any issues at all. This is a very important piece of advice in my mind and I highly recommend you check your website and use 755 or 644 file and folder permissions to keep secure.
No one can guarantee that there website is hacker free however being proactive and knowledgeable can go a long way!
