This article describes you why a server may be hacked, how it’s exploited and how to prevent shared hosting from hackers. The threat of hacking is a very serious issue in the today’s World Wide Web.
When a hacker will access your website it will be like a nightmare for you. The hackers will usually delete all of your important files with vital databases from your account.
Not only your data is at risk but your google ranking will be dropped i.e. you will be removed from the Google search index.
In today’s digital world, Google delisting will absolutely cause serious damage to your online business. And dealing with a hacked website is really a big dilemma.
So Prevention is always better than cure. It is really very important to pay consciousness to secure your shared hosting cPanel account from hackers with very few basic steps.
Basic Security Methods to prevent Shared Hosting from Hackers
By executing these basic security practices can notably make your website safe and secure.
While these practices can’t promise full protection from all hacker attacks, but it will put you lead your competitors who do not have any website protection and security at all. Here are some actions you need to know so you can protect your website from being hacked easily:
1. Regular Backups
Your web hosting company takes backup regularly. ButDon’t depend on your hosting provider to keep a backup for you. Back up all your data repeatedly.
Make backups of your website and save them on an external hard drive. Never let your website visitors see that you got hacked. Just change the server or password and use your backup to get your website up and live again.
2. Use Strong Passwords
It is strongly recommended to change your password from time to time. Also, I recommend you to change the password right after receiving a cPanel hosting welcome e-mail from your hosting provider. You can change the cPanel password by these steps.
I also recommend you to change the passwords for your e-mail accounts as well. Check this article to manage email accounts in cPanel and Plesk.
The password used by most of the people use is password1234 or their username or their own name.
This is insane! If you do this you are actually leaving the keys in the door to your website.
The rules for password creation are:
- never use any password in Plain English language
- should use a mix of uppercase, lowercase and numbers
- add a few of random symbols like this +*<#
- Use cPanel Password generator
3. Keep your Web Site Clean
If You have any extra email account, FTP Account, and any other unused third-party application. I recommend you to remove then if you are not using them.
Especially, if there is any unused a script on your website, remove it as early as possible. Hackers enjoy taking advantage of outdated scripts.
4. Use Strong Protocols
When connecting to your web hosting services, I recommend you to use secure connections wherever possible. It includes SSL connections for email and using SFTP instead of the common FTP protocol.
It is recommended to access your cPanel using encrypted port 2083 instead of unencrypted port 2082. If you want to use port 2083 then, please, use link which looks like https://yourdomainname.com:2083
5. Use Firewall & SSL
Using an SSL certificate assures that any data transmitted into your website is encrypted which helps you to keep your website data secure.
SSL protects the data from being observed upon by hackers. SSL is so essential these days that you can be penalized in Google’s search listings if you aren’t using it, which can negatively impact your SEO efforts. Get it done!
It is strongly recommended to have an effective firewall. Be sure your server should only allow entrance to traffic that is certainly necessary.
A host based firewall and network-based firewalls should be used on a server like IPTables which will monitors and controls the incoming and outgoing network traffic based on predetermined security rules.
6. Third Party Application Updates
Either what applications or software you are using on your website, you should contribute to security releases and updates of third party applications.
Whenever the new CMS update comes out, don’t wait for Softaculous or some other auto installers scripts to update with the latest upgrade.
Updated applications protect your website from known security vulnerabilities and will help to keep hackers away from taking advantage of the older out-of-date software.
7. Store Sensitive Information Offline
I recommend you to store your sensitive information and passwords somewhere offline. As hackers can get the access to your computer if it is vulnerable to any virus.
So you can also buy the online password storage packages and these are a great step of making sure you can always locate your passwords wherever you are. You can try Passpack or Last Pass as they are free if you don’t have too many passwords.
8. Keep your Computer Up to date
You should also assure that the computers you are using to access the administrative interfaces and control panels of your website are free from malware and viruses.
As when you connect to FTP from viruses PC then a hacker can easily exploit your passwords. Be sure to install a reliable antivirus program that has the capability to track hackers on your machine.
If you aren’t using the Internet on your machine be sure to disconnect it so that hackers can’t access your system.
9. Web Space Scanning
To avoid having the files located in your hosting account being at risk it is recommended to use different means of scanning for malicious software. First of all, you can use an inbuilt cPanel virus scanner. Also, you can use some free online scanners such as this:
Also, you can use some free online scanners such as this:
It is better to combine these two ways of checking your account for viruses. In order to prevent having viruses and malware on your account, it is recommended to use themes and plugins only from trusted providers.
10. CMS Security Tips
Content Management Systems such as Joomla, WordPress, and Drupal are commonly used for their simple and easy to use interfaces. CMS server security is necessary to make sure hackers don’t get access to your system files.
However, if you are using the outdated version , then a hacker can easily exploit vulnerabilities to gain access to your website. When possible, hide your plugins and so that browsers can’t identify what CMS your website is using. There are often extensions that can be installed that automatically remove this information from files on your website.
When possible, hide your plugins and so that browsers can’t identify what CMS your website is using. There are often extensions that can be installed that automatically remove this information from files on your website.
11. Enable CloudFare
I recommend you to enable CloudFlare in your cPanel hosting account. CloudFlare provides security protection against all of these types of threats and more to keep your website safe. You can check more about CloudFlare on here.
12. File Permissions
Here I am getting little technical to use this tip. All os your websites have series of files and folders that are stored on your hosting account. These files and folders have permissions set that can control who can read, write and execute that files and folders.
On the Linux operating system, these permission sets are three digit number in an integer between 0 to 7.
The first number represents permissions for the owner of the file, the second number represents permissions for that user assigned to that group and who owns the file and the third digit represents permissions for everyone else.
Here 4 means Read
2 means Write
1 means Execute
0 means no permissions to user
If you will give all files permissions to 7-7-7 i.e it is an invitation to hackers to access your website files and can change or delete the files. So changing permissions should be very careful.
13. Reliable Hosting Company
One of the best way to prevent your website from hackers is that choose a reliable web hosting company. All of the web hosting companies can’t provide you the same level of security.
Your web host should have the technical staff with high skilled knowledge and can monitor your servers and can stop hackers to reach your website.
But your hosting provider is not always to blame. It could be your own fault too. Most web hosting companies will protect their servers and your website to some extent.
It’s important to realize that the content in your account is up you. As an owner, you should keep your passwords secure and your scripts bug-free by using virus scans, clearing browser history, and being aware of general protection and security issues is the best way to prevent your website from being hacked.
As an owner, you should keep your passwords secure and your scripts bug-free by using virus scans, clearing browser history, and being aware of general protection and security issues is the best way to prevent your website from being hacked.
Bonus tip- Hire a Hacker
One of my favorite and preferred security services is bugcrowd.com . They actually run “bug bounties” that concentrate on finding security vulnerabilities in your website or application.
You have to put up a prize (say, $500) and invite a bunch of white-hat hackers (they are good guys) to try to break into your site and steal some data. Those who hacked your website then win some money.
Once that white hat hackers will give you that list then you can do preventive measures accordingly before the bad guys give you a bad day. If you are very serious about the security of your website bug bounty is very best way to spend your profits or cash.
If you are very serious about the security of your website bug bounty is very best way to spend your profits or cash.