How can I protect my website from attackers?

Frequently Asked Questions General | update | security | infection
In this article we will give you some tips that you should follow to be as safe as possible from attackers.
by Mihai BobriucViews 459Updated now 1 yearPublished 18/08/2022

There are some very important tips that any web hosting user should follow in order to be as safe as possible from malicious people and bot attacks.

  1.  The most important thing would be to use complex, unique passwords everywhere and keep them in a secure environment, preferably in a free password manager like KeePass and under no circumstances communicate passwords to other people.

  2. Make sure that the device from which you access the hosting account, the related control panel (cPanel, Plesk, Webuzo, etc.) as well as the email addresses and the website administration panel has an updated firewall and antivirus installed and activated at day to prevent the device from being infected and implicitly losing the confidentiality of the data you have access to.

  3. Incorrectly set permissions on site directories/files are another high risk factor. We recommend never using 777 permissions on any file or folder. Correct permissions are usually 755 for directories and 644 for files. Setting 777 permissions on any file or directory can provide a window of access for any attacker or bot to exploit its vulnerabilities.

  4. If any form of contact form, registration, account creation is implemented in the site, it will have to be protected by implementing some security plugins like CAPTCHA or reCAPTCHA to prevent the registration of bots that can subsequently generate SPAM through the form in question.

  5. Out-of-date scripts, related apps, themes and modules are also a big risk to your site. If updates published by the developer are not applied in a timely manner, the site may be compromised due to vulnerabilities, which the developer fixes through these updates. Make sure the site is always up to date with the latest updates.

  6. If there are any scripts, modules, themes that are no longer used, they should be removed immediately. Usually they become forgotten, without the necessary maintenance and become a risk for the site.

  7. Under no circumstances should pirated (nulled) software be used, as they usually come with deep security vulnerabilities designed to be easily exploited after installation.

Similar Articles

2
How can we tell if an email message is a phishing attempt?Frequently Asked Questions General | email | phishing | mail | spam
This article explains how you can check certain aspects of a PHISHING email message.
by Mihai BobriucViews 740Updated now 1 yearPublished 09/11/2022
What does the code 'EPP' stand for?Frequently Asked Questions Domains | epp | transfer | key | code
Most domains have some type of security when it comes to transfer.
by Mihai BobriucViews 759Updated now 1 yearPublished 31/08/2018
What is a PIN code and what is it used for?Frequently Asked Questions Commercial | pin | phone | voip | security
Telephone security system
by Mark DohiViews 702Updated now 1 yearPublished 28/06/2022
What is the difference between a VPS and a Dedicated server?Frequently Asked Questions Technical | vps | dedicated server | virtualization | virtual machine
Two similar services, but with notable differences
by Mark DohiViews 637Updated now 2 yearsPublished 30/04/2022
What is associated contact technical support?Frequently Asked Questions Tehnic | support | technical | assistance
The new Hostico technical support system offered at the contact level
by Mark DohiViews 586Updated now 1 yearPublished 12/07/2022