With shared hosting being widespread popular we thought we would make a blog post about how you can take measures and prevent your website from being hacked. Everyday lots of websites on the Internet are hacked and the owners of the websites are clueless as to why it happens. We want to educate users and help you to keep your website safe and secure.
Make a strong Password for Cpanel and FTP.
The easiest way hackers will get access to your website is by guessing your password. Keeping a strong password is crucial and is the first step in protecting your website.
Use a password with upper case and lower case, numbers and symbols or characters. Keep your Password normally more than 12 characters. You need to change your password every 2 months. Lastly if you provide your programmer access to your control panel then change your password once they are done operating. Passwords will easily be stolen if your computer is infected with a trojan or virus further therefore have a updated virus scanner and Trojan software.
Keep Your PC Clean and Virus Free.
As I previously mentioned keeping your pc secure from where you regularly log in into your accounts is crucial. Many hackers gain access to your site by placing a trojan, virus or keylogger on your PC. Use a good virus scanner and keep it up to date. Maintaining a clean PC is good practice as one of the most popular iFrame Hacks comes from an infected PC.
Also one of the most important thing is you should avoid logging in to your account from an unknown computer or a public computer.
Don’t place files or directories into your site’s web root (public_html) if you aren’t actively using them.
Remove old files and directories which are not in use infact it should be deleted as soon as you finish with them. Many people make the mistake of leaving old scripts, files and directories in place after their site no longer needs those items. Hackers may be able to use this old content to compromise your site. However, they can’t exploit these items if they aren’t hosted on your website anymore. This is why it is vital that you regularly look through your site for old content that is no longer needed. This advice also applies to other content and features on your site.
Keep Your Software/Scripts Up To Date.
Installing a script such as WordPress,Joomla or drupal or any other CMS and then leaving it to run itself is a sure way to invite hackers. Having a website on the Internet requires maintenance. You should always check your software or script provider for updates, patches or new versions. When software is released not only are there new features but security is always tightened and bugs are also fixed. Making sure your script is up to date helps maintaining your website safely.
If you run a CMS or forum be sure to avoid too many external plugins. Plugins are the main source for the hackers to gain unauthorized access to your account as they are not verified. Use them at your own risk.
Have you stopped using a database?
You should delete all the database which are not in use.
Is there a subdomain you no longer use?
Get rid of it and be sure to remove the directory the subdomain’s content was stored in, too.
Backup your data regularly!
Backing up your website is a must. You should always have a current copy of your website on your computer. I have seen too many people losing files or even there own website because they did not have a website backup. Your web host is NOT a backup provider so do not expect them to save you in case of a disaster. Always take a full website backup. Click here to know how to backup your website.After the backup is done you will get an email from you cpanel confirming the completion of the backup task and then you download the backup to your computer. Do not keep the backup on your web hosts server as that would not be logical. Following this backup steps can keep you away from a major headache because if your website is hacked then you can immideately contact your webhost provider to reset your password and then you can login and restore your earlier backup.Take regular backups and be tension free.
Don’t ever leave files and directories with write and execute permissions (777 permissions) in your web root.
Many scripts these day require you to set 777 permissions on files and or folder. This is NOT safe in any way and we highly recommend you do not do that. 777 allows users to read/write/execute meaning they have full access to that folder and file. To remedy this always use 755 or 644 permissions.
Research and Read
It is necessary to read the forums of the script provider to get the latest news about new updates,vulnerability and bugs.
No one can guarantee that there website is hacker free however being proactive and knowledgeable can go a long way!