How can I protect my website from attackers?
Frequently Asked Questions • General | update | security | infectionThere are some very important tips that any web hosting user should follow in order to be as safe as possible from malicious people and bot attacks.
-
The most important thing would be to use complex, unique passwords everywhere and keep them in a secure environment, preferably in a free password manager like KeePass and under no circumstances communicate passwords to other people.
-
Make sure that the device from which you access the hosting account, the related control panel (cPanel, Plesk, Webuzo, etc.) as well as the email addresses and the website administration panel has an updated firewall and antivirus installed and activated at day to prevent the device from being infected and implicitly losing the confidentiality of the data you have access to.
-
Incorrectly set permissions on site directories/files are another high risk factor. We recommend never using 777 permissions on any file or folder. Correct permissions are usually 755 for directories and 644 for files. Setting 777 permissions on any file or directory can provide a window of access for any attacker or bot to exploit its vulnerabilities.
-
If any form of contact form, registration, account creation is implemented in the site, it will have to be protected by implementing some security plugins like CAPTCHA or reCAPTCHA to prevent the registration of bots that can subsequently generate SPAM through the form in question.
-
Out-of-date scripts, related apps, themes and modules are also a big risk to your site. If updates published by the developer are not applied in a timely manner, the site may be compromised due to vulnerabilities, which the developer fixes through these updates. Make sure the site is always up to date with the latest updates.
-
If there are any scripts, modules, themes that are no longer used, they should be removed immediately. Usually they become forgotten, without the necessary maintenance and become a risk for the site.
- Under no circumstances should pirated (nulled) software be used, as they usually come with deep security vulnerabilities designed to be easily exploited after installation.