Software security can be a complex subject, there are often simple steps that can be taken to immediately enhance security.
Content management systems (CMS) like Wordpress, Joomla, Drupal and so many others allow business owners to quickly and efficiently build their online presences. These CMS scripts are highly customizable, have rich plugins, modules, extensions, etc. It is easier to get a website up and running without years of learning required.
There are many webmasters who do not understand how to make sure their website is secure, or even understand the importance of securing their website. Following few steps all webmasters should take to keep their websites secure.
Step #1 – Use strong & Complex Password
Use a strong and complex password. Do not use same password for cPanel, Wordpress, FTP, MySQL etc.
Hostfav has strong hardware firewall, security scanner, Anti-virus. No matter how many firewalls and security software are installed on Hostfav Hosting server and in your machine, there is always a key for complete access using your password. There are a lot of programs and tools available that attempt to determine passwords by guessing common passwords or randomly generating passwords.
How to create a Strong Password:
- Be 8 characters or longer,
- Use a combination of upper and lower case letters, and
- Include at least one numeric and/or special character (&, ?, @, etc.), punctuation, and spaces.
Other Important Password-Related Guidelines
- Your account is your responsibility. Do not share your password with others.
- Do not base your password on personal information that someone who knows you may be able to guess.
- Do not use your HostFav's password for access to third-party systems (e.g., online shopping, newspapers, travel websites)
- Avoid letting website browsers save or store your passwords.
- You are more likely to forget the password if you do not type it in regularly.
- Make sure you always log out of programs or web sites and close browser when you are done working with them, especially on public computers.
- Protect your passwords and treat them as valuables.
Step #2 – Software and scripts up-to-date
To protect your website is to make sure any Software or scripts you've installed are up-to-date. If you are running an old version or Wordpress, Joomla, phpbb or a simple script, make sure you upgrade them to latest version. Because many of these tools are created as open-source software programs, their code is easily available.
Hackers can pour over this code, looking for security loopholes that allow them to take control of your website by exploiting any software or script weaknesses.
Step #3 – Plugins, Addons and Modules
If you are running CMS sites like Wordpress, Joomla, Drupal, etc., you always upload and install plugins and addons. Before you install any plugins and addons check if the developers of those scripts take good care for their codes to keep it clean and up-to-date.
Read plugins and addons reviews online. Most of the time weak plugins and addons codes cause hacking.
Step #4 – User Access
It's important that every user has the appropriate permission they require to do their job. If you provide access to a tech or a temp webmaster, make sure disable account after job done.
Do not share same password. Create a separate username and password for every user.
Step #5 – Change Default Scripts Settings
If you are using any open source script or CMS, always change their default settings.
Change admin directory’s path. You can use cPanel’s Directory Privacy feature to add additional security.
You can avoid a large number of attacks simply by changing the default settings when you installing your script or CMS.
Step #6 – Use one Website in one Hosting Account
If you have an unlimited web hosting plan, you would like to host all your website under same account. Which is one of the worst security practices.
If one website is compromised, there is a change of other sites will be compromised.
Hosting all sites in the same location creates a high security list.
Use separate hosting account for your each site.
Step #7 – Protect your directory and file permission
All websites have series of files and folders that are stored on your web hosting account. Each of these files and folders is assigned a set of permissions that controls who can read, write and execute any file or folder.
Most of time while installing new scripts they ask you to CHMOD to 777, for some files, some times that may be fatal. When a Defacer comes into your site files it becomes easier to modify/edit/delete the files with 777, if you public_html folder has those permissions your basically done, and hacked. But if it doesn’t then he can only modify the ones with those permissions. When you finish the installation you bring back all the old permissions.
Step #8 – Developer's and Management PCs are protected.
Make sure Developers and Management PCs are protected. Anti-virus software with latest virus defination are running. Hacker may use information from your PC to access your hosting sites.
Do not save passwords in plain text files.
Do not install software from unknown sources.
Step #9 – Scan your website
Periodically scan your websites using 3rd-party Security Scanner and Virus Scanner.
Step #10 – Backups
Take backup of your websites periodically.
Making backups of your website is very important, but storing these backups on your web server is a major security risk. These backups invariably contain unpatched versions of your CMS and extensions which are publicly available, giving hackers easy access to your server.