Keeping your Website & Hosting account Secure

Public Web Hosting servers are often targeted by hackers and spammers.  The following points should be considered to keep your cPanel account and CMS secure in order to avoid or at least limit the chances of being exploited.  Too often do we have calls from clients complaining of the amount of spam they receive; or their website/domain being blacklisted and emails returned as rejected; most of which are all avoidable by employing some security standards.

  • SECURE PASSWORDS – I cannot stress this enough.  Use the built in password generator or choose a password of atleast 8 characters combining UPPERCASE, lowercase letters, numbers (12345, etc.) and special characters (e.g. @#$%&).  Secure passwords should be used for your top level cPanel account, CMS accounts, email addresses, FTP accounts and your mySQL Database users.  Attackers will and do try all entry points.  Use www.howsecureismypassword.net to test the complexity of your password.
  • SHARED SSL – The shared SSL certificate is installed on vps.isishosting.net.  Use this domain to login to cPanel, for FTP access and for Mail SMTP.  For complete configuration, contact us.
  • UPDATE CMS – OpenSource CMS packages (i.e. WordPress, Drupal, Joomla, etc.) are often targeted as they’re used by many across the globe.  Developers often release security updates to address vulnerabilities that are often discovered and exploited by attackers.  The built in Installatron software manager can be configured to automatically keep your site up to date.
  • CMS PLUGINS & THEMES – Further to the core CMS package, plugins/modules & themes are also known to contain bugs.  Keep them updated, disable/remove unneeded plugins and disable default/unused themes.  ‘Wordfence’ is a recommended plugin for WordPress to assist with security compliance.
    Recommended Modules/Plugins:
    – WordPress (Wordfence)
    – Drupal  (Security Review, Flood Control, Paranoia, Login Security, Hacked)
    Read full CMS Report for more
  • CLOUDFLARE – Utilise the FREE CloudFlare service integrated with our Server.  CloudFlare not only increases the performance of your website and saves bandwidth, it will assist in blocking malicious attacks on your website.
  • ANTI-VIRUS – Your own computer is not immune!  Install and update an Anti-Virus package on your computer.  Particularly one that includes internet/mail/spam filtering.
  • MAIL SERVER SETTINGS – Set the ‘Default Address’ within your cPanel account to :fail: or similar rather than delivering all unrouted mail to a single account.  If the server accepts mail from spammers, they will keep sending and inevetibly flood your Server.  If you configure to appropriate option here to reject the mail, spammers will eventually stop trying to deliver mail to those addresses.  Further, ensure DKIM and SPF options are enabled within the Mail Authentication section of cPanel.
  • OBSCURE EMAIL ADDRESSES – Spammers and bots crawl website for easily readable email addresses to target is their spam campaigns.  By obscuring the email address on your website so bots are unable to capture addresses, you reduce the chance of your address being spammed. Example Drupal Module – SpamSpan