Getting hacked can sound terrifying when you heavily rely on your digital business. However, you need to remember to not panic! All you need to do is take care to a reasonable extent to protect your data and your access – i.e. follow the advice below. Combell scans your hosting for malware every few weeks and will report issues. If you suspect something is off, you can ask us for a manual scan of your hosting.
IN THIS ARTICLE
General rules to prevent your website from getting hacked:
- Enable web filters
Make sure your web filters are enabled in your control panel. Your web filters will be activated by default. They should only be turned off in very rare and specific cases, when actively recommended by Support. They do a very important job. Web filters monitor your traffic and disable suspicious activity for a period of time to protect you. - Use strong passwords
Always use strong passwords. For everything. We know you have heard this one already. However, more than half of Internet users do not work with password managers. This leads to trusting your memory for your passwords which leads to using certain words, phrases or dates being used for your passwords and using the same password for multiple websites and apps. All of those are bad practices because they make your passwords guessable and breakable. You need to make sure you use strong passwords for all your WordPress users, FTP-users, for the login of your control panel and your database. If you need help with any of these, use the relative article: - Enable two-factor authentication
2FA, as it frequently spelled, is any login method that introduces another step to your login process, other than the username and password. Most frequently, you will use your smartphone via an SMS or a 2FA app to receive a temporary authentication code to gain access. We offer 2FA for your control panel access in Combell. You can start by enabling that one. But frankly, you should use it with any app and website that will offer it to you – your browser, your social media, your password managers, etc. - Try to host one website on one hosting account (hosting package)
Although you have the option of placing multiple sites within one hosting package via Subsites, this will expose you to some additional risk. If one of the sites within the hosting gets hacked, the hacker has access to the entire web space and can immediately infect all other sites. This makes discovering and clearing vulnerabilities the more difficult. - Take advantage of autopatching
Enable autopatching from your control panel. Autopatching detects suspicious code in your files and (depending on your settings) edits them to remove vulnerabilities for to being hijacked for spam, DDoS attacks and more;
Protect your CMS
- Update your CMS often
If you are using a CMS to manage your website, your best bet is to keep it updated and keep it simple. Due to the large-scale use of those apps, the developers get acquainted with any vulnerabilities and introduce protections in every update. Update your core CMS, themes and plugins regularly. - Use the more popular CMS, themes and plugins
Use the more popular CMS. The same is valid for using themes and plugins with more downloads and good reviews – you can consider those safe. - Be careful with plugins
Use as few plugins as possible, and only approved by the CMS developers. - Check out our detailed article with more tips on how to protect your WordPress.
Protect your workstation
Keep your workstation virus and malware free. Sadly, if your home or work computer is infected, there are ways your hosting data may be compromised as well. It is not hosted locally, but your login might be exposed.
- Use anti-virus protection
Use an anti-virus and anti-malware software and always keep it updated. - Use strong passwords
Use strong passwords and update them frequently. Preferably, use a secure password manager. Passwords that are easy to remember are also easy to hack. - Update your OS
Similarly to CMS vulerabilities, your OS might have vulnerabilities, too. Update your OS as frequently as possible. The new version will have improevements and protections the old one did not. - Use secure Wi-Fi only
Use a strong password and do not share it with just anyone. Avoid using unreliable public Wi-Fi. - Be cautious with suspicious files
Abstain from downloading suspicious files. Have a critical look at messages you receive from unknown senders. And, of course, be suspicious towards reward pop-ups. - Keep backups
Make backups regularly and store them securely.