How to Secure Your Website
As a web hosting account user with a shared hosting plan, it is very important that you take the the necessary precautions in order to avoid hacker intrusions, or the use of dangerous scripts that could not only give another group of individuals full access to your account and data, but also give them access to the server's ressources for illegal purposes (e.g., sending SPAM).
It is important that you understand that, as the account's owner, you are ultimately responsible for any files or content present on your account. We can not inspect each file and script sent to our servers to guarantee the security of our servers, so it is important to inspect each script (especially PHP and Perl) and web application to ensure that it is:
- Safe, meaning that there are no documented security flaws on the Internet (a Google search with the name of the software and the word "vulnerability" could help you identify these flaws).
- Up-to-date. It is important to always install the most recent versions of your software, in order to benefit from fixes to security flaws as soon as they are identified. Older versions of software are often exploited by hackers via well known security flaws.
- Well protected by a secure password. You are strongly encouraged to use a password with more than 8 characters, and that combines letters and numbers. Do not use the same password for different services, and change your passwords every 3 months.
It is important to insist on this last point. An insecure password is the origin of more than 50% of illegal accesses to accounts, so it is quite important to use a very robust password for both cPanel access and databases.
Other tips are:
- Do not install unverified scripts (verification by professionals), or created by "friends having learnt PHP last week". PHP programming is easy to learn, but difficult to master. It is quite likely that a novice having written a script has not taken all necessary measures to guarantee its security.
- Always delete the installation folders of software once they are installed, and do not leave files with 777 permissions (such files can be modified by anyone with access to the server).
- Do not list the files in a folder on your hosting account (this can be deactivated through an option in the cPanel).
- Be particularly cautious about Joomla, Mambo, and phpBB. These applications all have important security flaws in previous versions, and must therefore be often updated.
- Perform regular backups of your web site after each major change. If your account is hacked, you could lose weeks, or even months, of work. Although we perform daily automatic backups of your account, it is always preferable that you keep a local (on your computer) copy of all the files on the server.
- Never reveal the password of your hosting account, and never send it by email.
Article ID: #HC5110