Advanced security on your hosting

If you are reading this page then you are on your way to being proactive and actively taking steps to help reduce the risk of attacks on your hosting. While no-one can promise you the risk will ever be zero, we can work together to ensure that its as low as possible.

Backup! Always backup before changing files and files or major settings on your account. We have a guide in the wiki for that if you need instructions.

Change your passwords

A good starting point. Change all your passwords to stop any unwanted immediate access, this includes your client account password (We can also do this for you if you like), your cPanel hosting administration area password and FTP passwords. Most people forget this, but its just as crucial a step.

Tip: Start using a password manager and make sure to use a strong generated password.

Emails and Spam

Head into the cPanel and secure up your emails - make sure Apache Spam Assassin is enabled, enable (and setup if required) DKIM and SPF keys for your mail. Lastly, change and use strong secure email passwords for existing accounts.

Password protection of files

Secure your folders and files with the correct permissions, also control what can be accessed (and by who) by using a .htaccess file. We also have guides for this in the wiki.

Update your website files

If you are using WordPress, Joomla (or any other CMS), and it is not already using the stable current version, take a minute to update. Why? Because out-of-date software is leading cause of infections. This includes your CMS version, plugins, themes, and any other extension type. Also if using a content system make sure to update addons or extensions (and remove the ones you are no longer using!).

Using a database content system?

Change your CMS content system administrator password. If you are using WordPress, Joomla, osCommerce or any CMS, change your administrator password. Then - also take a minute to check and verify you know all the users in your panel. If possible (a bit advanced) reset your mysql user and password and database name and link it up fresh to your CMS.

Clean up users

Now that all the above has been done it is a good time to clean up accounts, so remove any users with admin access that are not necessary. This is also a good time to force password resets for all users.

Use a cloud or proxy

Running your site through a cloud or cache service like cloudflare will help add an additional layer of security on your site. Plus as a bonus these services will speed up your site and some are free - so set it up now!

Tip: Clean your garage. Too often the issues we see plaguing our clients are caused by “soup kitchen” servers. Old installations of their content management systems, themes or plugins. Over time these old installs become forgotten but grow ripe with malware that’s ready to infest their entire server after each clean. Take a minute to separate those things that belong on a test, staging and production server.
這篇文章有幫助嗎? 42 Users Found This Useful (44 Votes)

Powered by WHMCompleteSolution