How can you keep your web sites secure?

The number of web sites being compromised today is increasing every day. Although, we have taken multiple measures to keep the server and web sites hosted on it secure, there is more that needs to be done in order to avoid a compromise of your account. We are aware that many of our customers are not tech savy so we will try explain in plain words how you can keep your web sites secure and far away from hackers.

There are some simple steps that need to be followed. All of them are important and if you miss to complete even one of them then your web site is at risk.

  • Choose a hard to guess password and keep it safe!

A high amount of the web sites are hacked because they use easy to guess passwords such as “12345” or “john123”. Your password must be hard to guess! It should include random letters, numbers and special symbols. A good example of a strong password is “h7#zlP;9@jB9{2Frq!bV”. You should also store your password securely so that others can’t access or see it.

  • Keep your scripts up to date!

You need to keep your scripts running with the latest version at all times. In 90% of the cases where an account was compromised with us, the cause was an out of date script such as WordPress or Joomla. You should check regularly for updates and apply them to your installations. If you installed any plugins, modules or extensions to your scripts then you must keep them updated to latest version as well. If you don’t know how to update the script you are using you should refer to the documentation of that script which will contain steps how you can complete the update of your script. That will keep your web site secure.

  • Set proper permissions!

Wrong permissions of your files and/or folders may result in a compromise of your account. You should never set 777 permissions to any file or folder as that will make it wide-open for hackers. Folders’ permission should be set to 711 and files’ permission to 644 except for the files which contain passwords and other sensitive information. Usually, that is your configuration file for the script you installed which contains your database login details. For WordPress it is called wp-config.php. You will need to find out the name and location of the configuration file for the script you are using and set its permissions to 600. In that way, you will be the only one with read/write access and noone else will be able to open the configuration file and steal your password. You can set the permissions via the File manager in cPanel or via your favorite  FTP client.

Follow these 3 simple steps for all your web sites and you will never have problems with hackers compromising your account.

Write a Comment