For your continued website security and to reduce the chances of being hacked or otherwise compromised we strongly recommend you follow these tips to protect yourself and your hosting account.
- Passwords. Strong passwords help protect you and your files
- Use a different password for all applications, email accounts, FTP accounts, etc.
- Never “reset” your password back to an old one
- Do not use dictionary-level words for passwords
- Create a strong password: use a combination of upper and lower-case letters, symbols and numbers
- Always be diligent about protecting your passwords
- Reset your passwords on a regular basis (good practice is every 90 days)
VERY IMPORTANT: Update your software! It is critical that all third-party scripts are kept current and up-to-date. This is the greatest security risk and the #1 reason why websites are compromised.
When a company updates their web software, it is often to patch a potential security breach, specifically in programs such as WordPress and Joomla. Hackers look for websites with outdated software as they already know what vulnerabilities they can exploit to break into a script or program. To avoid this, ensure you subscribe to your application’s mailing list, as this will provide you with the latest information regarding software updates and vulnerabilities. Although it can be an annoying task, you will be rewarded with better security, and possibly more features and functionality. HostPapa provides an easy way to update your software and stay current – Install your software using Softaculous!
Keep permissions locked down. Setting the wrong permission on files can be an open invitation for hackers: anyone with user-level access can access a file with 777 permission. It is generally good practice to ensure permissions are set to 555 (all read and execute) for directories and 444 (all read) for files unless a specific program requires them to be set to something different. Avoid using very open permissions such as 777, 755, 666 or 644.
Clean up your file manager when possible. This includes deleting pages, scripts, databases, mailboxes, email addresses and FTP accounts that you no longer use, as well as uninstalling software that you no longer need. Removing custom scripts, software and pages that you no longer use helps to limit possible entry points for a hacker and leaves you with fewer pages and scripts to secure.
Protect your computer. Protection from malware is just as important as security on your web hosting server. There are specific types of malware and spyware which are designed to download the store passwords from FTP clients such as FileZilla and Dreamweaver, and these details can then be used to upload malicious content to your website. Here are some tips to reduce the possibility of malware being active on your home computer:
- Install a good Anti-Virus/Anti-Spyware package
- Complete full scans of your system on a regular basis
- Ensure that you are receiving software and definition updates and always check for new updates or versions of your FTP Client
Be careful with using tell-a-friend scripts or submission forms. These scripts are notorious for receiving large amounts of email spam. Many of these scripts act as a gateway for spammers to send unsolicited emails through your website – which will ultimately result in your account with us being suspended or banned.
To prevent this from happening, please implement the following:
Use a reputable script with a CAPTCHA phrase. This will place a unique image or phrase on your website, which requires a user to read and enter the characters that they see. This will reduce the possibility of automated software filling out your form, lowering the chance of spammers compromising your website.
HostPapa also offers Protection Power to help you detect threats to your website and protect your website visitors, along with Automated Website Backup to automatically back up your website, emails, and database daily and SSL certificates to offer your visitors peace of mind.
If you need help with your HostPapa account, please open a support ticket from your dashboard.