How do I secure my site?

These are some of the things we recommend you do to help secure your website.


1) Keep software/scripts up to date. You need to regularly monitor the web sites of the developers of any scripts you use. Watch for security and bug fix patches and smaller point (0.0.x) releases. You should not wait to install these. Do so as soon as you can. Hackers look for slightly outdated versions with a confirmed security flaw and try to exploit it, often on the same day a new release is out or sometimes even earlier than that.


2) Use secure passwords. We already implement password policies that require you to use a password of a certain strength, however, make sure that your password is stored securely, putting passwords on your desktop or in fact anywhere on your computer is a bad idea. Physically writing your passwords down is the best way forward.


3) Make sure your files are using the correct CHMOD Permissions. CHMOD File Permissions assign a specific value to every file/folder on your server, which allows different levels of access. CHMOD Permission range from 000 (No access) to 777 (Full access), you must decide which files get what permissions, but be warned that some third party software requires higher permissions to operate properly. You need to balance out features with security and make an informed decision.


4) Don’t use Generic Usernames. Using common words for usernames such as admin, administrator or Site Owner can cause many implications because you are simply making the job of the hacker’s a lot easier.


6) Don’t place files or directories into your site’s web root (public_html) if you aren’t actively using them. Remove old files and directories as soon as you are finished with them. A lot of people make the mistake of leaving old scripts, files, and directories in place after their site no longer needs those items. Hackers, scammers, and spammers may be able to use this old or forgotten content to compromise your site. However, they cannot exploit these things if they aren’t hosted on your site anymore.


7) Remove old accounts. Any Email Accounts, Databases, FTP Accounts, etc. should be removed once you are done with them. Why leave one more account at risk of being compromised if it isn't being used anymore?

Hopefully those tips above should give you a hand on what to do from now onwards to prevent your website being hacked.

  • 2 Users Found This Useful
Was this answer helpful?

Related Articles

Full list of features

Below is a full list of all the options that will be available within your cPanel account:...

What name servers should I use for my website?

The name servers vary depending on the server that your account is on. Please search your email...

My site is displaying errors, help!

Errors can appear on websites for a number of reasons. Usually, these issues are quick to...

My site is being slow, what should I do?

If your website is being slow, we suggest doing the following: – Try to access your domain...

How do I create a database?

You can create MySQL Databases via your cPanel account. There is an excellent guide on the...