5 Steps To Secure Your Web Hosting Account
5 Steps To Secure Your Web Hosting Account
In this day and age, having your account compromised can be very common. In the wake of increasingly common international incidents such as the recent Wannacry attack, it’s more important than ever to make sure you take the necessary precautions to secure your account.
Avoiding account compromises is simpler than you might think, and fear not – you don’t need to spend hours examining files for a possible intrusion!
If you take a few precautionary measures, you’ll be much less likely to be targeted by hackers and malicious users. This blog will outline a few of the steps you can take to secure your web hosting account.
Ensure all scripts and plugins are updated
This goes without saying, but it’s very important to keep all your scripts, plugins, and platforms updated to the latest version.
Outdated WordPress plugins are one of the popular back doors for hackers looking to access your account, and we find that it’s easily the most common point of entry. Updates to plugins help to solve this issue as they patch out known bugs and security vulnerabilities, so you have the best chance of avoiding a compromise.
Automatic updates can be enabled for most platforms and this is highly advised, so that you can let the system do the work rather than having to remember to update!
Using an outdated setup is opening your doors to someone wishing to gain access – hackers know the ins and outs of the code and will exploit any known vulnerabilities and bugs in older versions.
Check your file and directory permissions
Files and directories in your hosting account are assigned permissions which dictate who can read, write and execute the file.
It’s important to check this as you don’t want to be giving all visitors access to all of your files, and you certainly don’t want visitors with malicious intent to be able to modify your files!
Taking WordPress as an example, the permissions for files would usually be 644 and 755 for directories (in some cases you may want to use 640 and 750 respectively). You should make sure not to use 777 permissions unless there is a very specific scenario requiring this.
Using permissions such as these will ensure that only the correct users can access and modify your files and directories, preventing any unauthorized modifications.
Below is a screenshot of the default WordPress files and directories, and their respective permissions:
Use a secure password
It goes without saying that your password should be as secure as possible.
With the data gathering techniques available to malicious attackers, such as investigating your publicly available social media information, it can often be possible for them to guess your password based solely on the information you’ve posted online.
You should make sure to use a password that’s completely unrelated to any personal details – for example it’s a very bad idea to use your name or hometown as your password!
Ideally you should have at least 8 characters, a mix of numbers and characters including upper case characters. This will give you the best prevention against brute force attacks – the longer and more complex the password, the better.
As these passwords can be difficult to remember, the easiest method to keep track of your passwords is using a password manager such as LastPass to consolidate all of your login details.
Use a security plugin
If you’re using a content management system (CMS) such as WordPress, one of the best ways to secure your account can be to utilize one of the many security plugins.
Many CMS platforms can be vulnerable to forms of attack such as XMLRPC, SQL injection or brute force attacks. WordPress for example has vulnerabilities that are often resolved when a new version is released – however by the time it’s released the malicious attackers may have found a backdoor already.
One of the most popular plugins we see on WordPress is Wordfence – this plugins contains features such as firewall and brute force protection, regular security scans and statistics, to name a few. The majority of these plugins are free as well so there’s no reason not to give it a try!
While you will also need to remember to keep your plugins updated, a security plugin is one of the best ways you can lock your account down and prevent compromises.
Schedule regular backups
Taking regular backups is an incredibly important step in securing your hosting account.
In the unfortunate case of an account compromise and loss of data, you need a reliable way to restore your account to a working state – losing all of your work can be catastrophic.
Luckily backing up your account is made simple with most CMS platforms or web hosting control panels.
Take cPanel for example – their backup wizard makes backing up your data an easy job. In the simple, easy to navigate interface you can choose to backup your account or restore a backup, as well as choose an entire account backup or only certain areas of your account.
Using this tool allows you to quickly and easily backup your account, but ideally you want to schedule backups so that you don’t have to create them manually.
With cPanel, you can use the Cron Jobs feature to schedule a script to run at a certain time.
Using a script with commands such as the following will allow you to schedule backups:
#!/bin/bash tar czf ~/backups/backup_`date +%Y_%m_%d`.tgz ~/public_html
If you’re using WordPress then you’re in luck – they have an option which will enable automatic backups of your WordPress installation: