Web hosting users usually belong to two distinct categories. Those who are worried about possible hacker attacks and are continuously looking to improve their website security level, and those who do not care about it, until they get hacked.
Beyond all the advice, choosing a professional and reliable hosting provider always remains the main rule to follow.
Regardless of the category you fall into, you should take a look at the following tips to protect your website against hackers.
1. Password Selection
Many web hosting providers allow the user to autonomously choose the passwords for multiple accesses, such as SSH, FTP accounts, administration panels, CMS backend and MySQL databases.
Also, users select the exact passwords for different services and they do not note them offline. Often, these passwords are really simple to guess, which makes your website even more vulnerable.
For these reasons, you should diversify. In this way, if a hacker is able to lock a password, it is prevented from moving freely between the different accounts of your different services, thus improving hosting security.
Pro Tip: Choose Alphanumeric Passwords. Each one different for specific services, so that you may have unique access keys, at least for the critical components.
2. Block unwanted IP addresses
Configure the HTACCESS file to prevent access to files from unwanted bots.
A very useful advice is to block unwanted visitors coming from IP addresses known for spyware and bots malware activity.
Pro Tip: Wise Web Hosting Choice. If you want to sleep quietly, you must choose an hosting company that can provide additional security tools. Consider having SSL certificates, malware detection, security protocols (such as backup of important data) software update, server protection with additional firewalls, and also Intrusion Detective System (IDS) systems and Intrusion Prevention System (IPS). LCN, for example, offers free SSL certificates included in their web hosting packages, to protect your website’s data and customer info with secure, industry-standard 256-bit encryption. Google has also confirmed that SSL is now a ranking factor, so securing your site with SSL can help increase your search engine rankings.
3. Site Maintenance
Always remove anything no longer useful that is present on your space hosting. Sometimes, this is the hardest to follow, because with time you forget about abandoned and no longer used files.
For this reason, it is important to periodically review the unneeded files to run the site and remove them. The same is true for unused scripts, which are often the hacker's goal for exercising control over the account. The site maintenance and cleaning must also go through disabling all accounts (emails, FTPs, etc.) that are still active, but are no longer used by anyone as they may be forced and used by unauthorized persons.
Pro Tip: Disable Anonymous FTP users. Adopt FTP access filters to allow FTP admission only to certain IP addresses or pre-configured IP address classes.
4. Always Upgrade
Whatever applications are embedded in the site (CMS, chat, forums, etc.), you must always be sure that they are installed in the latest version available and updated (especially regarding security issues).
You should avoid waiting for the application installer made available by the provider to suggest updates. Instead, try to be as proactive as possible, by checking the availability of new security patches and updates directly from official sources.
In short, it's just about researching and applying the updates that you have to spend much of your work time on the site.
Pro Tip: Make Regular Backups. Also, eliminate unnecessary applications and files, and unused or unusable scripts.
5. Pay Attention to CMS
CMS like WordPress, Joomla, Drupal or Magento are widespread for their simplicity with which anyone can manage complex websites. This popularity, on the other hand, is also their disadvantage.
In fact, these platforms are often one of the favorite targets for hackers, because most installations allow a relatively easy access to the administrative access interface (for example, WordPress and its backend login “site address/wp-admin).
In addition, many CMS expose users to a further risk with themes and plugins, which facilitate hacker attacks. For this reason, be sure to only use plugins and themes from secure sources or official repositories. Avoid installing free items made available on untrustworthy sites, as access may just be hidden in files of such extensions.
Pro Tip: Hide Back End Address. Many commonly used CMS and platforms are easily attackable (see WordPress), so it is important to install special plugins or configure HTACCESS files to improve their security.
6. Keep Script and Java Applications Under Control
Scripts in general and Java applications allow developers to create custom features and thus make the web much more interactive.
Therefore, it is not recommended to completely avoid scripts, but it's important to monitor and keep them under control. Sometimes it's just necessary to verify they are up to date in features and protected from hacker attacks.
Pro Tip: Configure file permissions. The files that reside in the public access space of your web hosting should never have permissions greater than 644 or 755, to avoid being easily sabotaged. If you need to ensure higher permissions, make sure that the hosting space is not publicly accessible.