How To Keep Your Site Secure
Due to the nature of the internet there are many people trying to hack and exploit sites, most of the time there is nothing personal about it hackers do it just because they can. While our servers are built to be secure to provide a better service for our customers nothing is full proof. The operating system we use for our shared hosting servers is CloudLinux. This has an important secuirty feature called CageFS. CageFS is a virtualized file system and a set of tools to contain each user in its own 'cage'. This makes sure no other user on the server can see each other, detect each others presence or see any usernames on the server so if one customer has any malcious files in their account they cannot be transfered into your hosting area. At the same time no the user's environment will be fully functional. Below are tips on how make sure your hosting space is secure.
Remove any malicious files or files you don't recognise from your hosting area
You don't need to go over board as some PHP applications may generate other files that you might not be familiar with. Just be on the look out for any files with unusual or suspicious names.
Keep your applications such as content management systemsand scripts up to date.
This is extrememly important! One of the main reasons of sites being attacked are because their applications such as Wordpress, Joomla or any other application isn't kept up to date. Old applications have security holes as hackers have alot of time to get to know the application and any vulnerabilites with it. If you having used the auto installer in Plesk there is an option to keep your application update to date automatically. While this is a good idea please be aware that functionality of your site may be affected as the new version of the application may not working with some plugins.
Keep your plugins up to date
As well as keeping the applications you use up to date, it is equally important to keep your plugins up to date. Only install plugins you feel are safe. Make sure the updated plugin is certified to work with the version of your application.
Always use a strong password, change passwords regularly and delete accounts that are no longer in use.
Delete any databases/applications that aren't in use
They are a source of possible entry by attackers. By removing them you remove any possibility of hackers exploiting any outdated scripts.
Generally most website files should have permissions set to 644 and directories set to 755. File permissions can be edited via FTP or in your control panel. NEVER set your directory permissions to be 777 permanently unless specfically told by your application.
Make sure your local machine is secure
Run regular anti-virus on your machine. If your computer is infected, a virus can easily transfer itself from your infected computer onto your website in an attempt to infect other computers. Viruses, malware and keyloggers can be installed on your machine without you even knowing so scan your computer even if you don't think you have been infected.
Was this answer helpful?
Recommended FTP Clients
Recommended Windows FTP ClientsFilezillaCyberduckFireFTPSmartFTPCoreFTPRecommended Mac FTP...
Uploading Your Website
There are many different ways to transfer files to and from our servers. We recommend using a FTP...