Do you know how to protect your website from hackers and other malicious attacks? The Linux shared hosting security can be compromised and must be treated with priority. This post is itself an answer to how to protect your website from hackers hosted on a Linux server? or how to secure a website hosted on the Linux server?
Although, the web hosting company takes all the essential steps to make sure there are no security loopholes. Timely, they do software and hardware-level upgrades but the spammers and hackers also use advanced techniques to find security bugs.
To stay away from all the threats and secure Linux shared hosting, there are a few things, which can be done on your end and needs your attention.
Tips to Protect Your Website from Hackers
Some of the security measures, which you can initiate from your side to prevent shared hosting from hackers.
1. Regular Backup
It is necessary to take regular backup. In case of website hacking, you can restore backup to make your website live again. Most of the web hosting companies are not providing routine backup. So, it’s your responsibility to take backup daily or weekly.
2. Keep updated with third-party vendors
With advanced techniques in hacking a website hacker’s use a considerate technique when the servers are, updating for newer versions of software’s and scripts. So make sure you keep updated with current versions, as outdated versions are more vulnerable to these attacks.
3. Use Firewall and SSL
It is mandatory to install and use a Firewall to filter a certain type of web traffic. Through a Firewall, you can monitor incoming and outgoing web traffic and block attacker’s IP addresses.
Nowadays, SSL is freely available and anyone can use it. It transports encrypted data from the user computer to the web server and secures your website.
4. Permissions should be locked down
Anyone with user-level access can get in to access file with 777 permissions so make provisions to set all permissions to 555 and set the directories to 444. Avoid using open permissions for assistance you can see the main page for chmod.
5. Creating ACL for non-public sections
Take advantage of a .htaccess file to protect files and data that are not meant for public views, which can be viewed by only some of the permitted IP’s.
6. Regular changing of your password
Always create a strong password. Make a habit to change your FTP/SSH, Control panel, software admin, email and any other passwords once in every few months and never use same passwords for multiple elements. Never use your account password for third-party vendors as they store your passwords in clear text within config files.
7. Periodically cleaning of your account is necessary
Cleaning of unwanted material like pages, scripts, databases, mailboxes, email addresses and FTP accounts which are no longer in use should be cleaned on regular basis.
8. Keep all your domains separate
If you are hosting multiple domains on one account then make it a point to use add-on domains.
9. Logs should be reviewed on a regular basis
Reviewing all your server logs, access logs, traffic logs and the file integrity checker logs on regular basis. Ask your host about the modsec_audit.log for your domain if he is using layer 7 firewall such as mod_security.
10. Get Co-operation from Linux Host
Be concerned that your host is regularly updating the software’s at the server and network level, which you can do by consulting, the server administrator about all the security measures taken at their level.
11. Clean Your Website
Any extra email account, FTP Account, unused script, and unused third-party application can be a reason for threats. It’s recommended to remove all if you’re not using them.
12. Multiple backups of Sensitive Information
You must keep backups of sensitive information and passwords at multiple places. You may keep this information somewhere offline, where it is accessible only to you.
13. Keep your Computer Up to date
You must login to your website or web hosting server from an updated computer. The computer must have a paid antivirus software to stay safe from personal data exploitation, website login password, server login details, FTP password etc. Must disconnect internet after completing your website work to stay protected from hackers.
14. Web Space Scanning
Regularly scan your web space using inbuilt cPanel antivirus scanner. You can also use third-party online scanner e.g. http://www.eset.com/us/online-scanner/
It is far better to use both ways to look for viruses and malware on your account. Never use pirated themes and plugins.
15. Hide CMS Information
Which Content Management System you are using can lead to a security threat. So, if possible hide CMS and plugin details so that browsers can’t identify them. There are a few plugins which can do this for you.
Today, Cloudflare’s free and paid both plans are quite popular among webmasters. Cloudflare can add an additional layer of security to your website and keep your website safe from all possible attacks. I recommend you to install Cloudflare on your cPanel account.
17. Reliable Web Hosting
Always buy a reliable web hosting from top companies. They hire technical staff with high skilled knowledge, can monitor your website, and stop hackers up to some extent.
If you have some tips to add to this list then must share with our readers through comments. Please, don’t forget to share content on social media.