How to prevent your hosting account from being hacked
Tips on how to prevent your account from being hacked
The menace of hacking is a very serious issue for the today’s World Wide Web. It is really important to pay a lot of attention to security of your cPanel account. It should be well-protected against manual attacks as well as against automatized means of getting access to your hosting account.
The security of our clients is of the highest priority for us. On our servers we have an effective firewall system along with a complex of other security measures.
However, some aspects of cPanel account protection depend not on Namecheap but on the owner of the account. In this article you will find several useful tips you can use to significantly improve your cPanel account’s security.
1. Use safe username and password
This is a quite obvious thing but having a secured password is definitely among the most important aspects of web security. Some people set a password which is easy to remember in order to avoid keeping it somewhere except for memory. It is strongly recommended to avoid using passwords which consist of dictionary words, names of your relatives, friends or pets, important dates, cities, etc. These passwords are not secure as it is really easy to find such information about you especially if you have an account in any of social networks. In Internet security there is even a special term «social engineering» which suggests that some person can get your personal data without any additional means such as special software using methods of psychological manipulation. For example, some important personal data can be gathered during several online conversations with you by means of e-mail, forum, chat or in social network. So in case your password is a date of your mother’s birth then do not be surprised if your account gets hacked.
Also, hackers have special tools for cryptanalytic attacks (also known as Brute-force attacks) which are intended to get your password. The main idea of such attacks is checking all possible words until the correct one is found. Such attacks can be successful if your password is a simple word from a dictionary.
It is strongly recommended to use passwords which consist of randomly mixed low and capital letters, special symbols and digits. Such password’s length should be not less than eight symbols. You can use any special program for passwords generation as well as in-built cPanel password generator. It can be found in cPanel -> Change Password:
Another important aspect is a cPanel username.
By default in a hosting welcome guide you receive a generated username which consist of a part of your main domain name in complex with several random letters. cPanel username can be changed only by our representatives per your request in chat or ticket. There are some restrictions triggered by cPanel functionality. Your username can consist only of alphanumeric characters (digits are also permitted, however they are not permitted as the first symbol in the username). Also cPanel username cannot be longer than eight symbols. It is not recommended to change it to your actual name or nickname as this information can be obtained easily by any other person.
2. Change your password regularly
It is strongly recommended to change your password from time to time. Also we advise changing the password right after receiving a hosting welcome guide e-mail. cPanel password can be changed in cPanel > Change Password. By the way, we recommend checking Allow MySQL password change as this option lets you synchronize the password with the password for phpMyAdmin:
Additionally, it makes sense to change passwords for your e-mail accounts as well. This can be done in cPanel > E-mail Accounts:
3. Keep your username and password in a safe place
For example, avoid keeping your hosting welcome guide in the inbox of an e-mail account in case you are not the only person who has access to it. Also, please, avoid storing your cPanel login details in a text file on your desktop especially if you are not the only user of this computer. You can use roboform, lastpass or any other similar password saving software in that case.
Needless to say it is not recommended to share your username and password with anyone.
4. Pay attention to security of your computer.
It is strongly recommended to have an effective firewall and antivirus software with the up-to-date databases on your personal computer. Please, perform a full scan of your computer from time to time. Some viruses are intended to steal your login details and transmit them to someone who needs them. Also there are special applications which are known as keyloggers. They gather a log of keyboard buttons pressed by you, make screenshots of your desktop and send this information to a hacker. Such software can be detected by a good antivirus program so do not forget to check your PC regularly.
5. Use a secured connection when it is possible
For example, with Namecheap you can connect by FTP in two ways. You can use a conventional port 21 or you can connect using a non-standard secured port 21098. If there are no network restrictions then it is recommended to use port 21098. Also, it is better to access your cPanel using non-standard port 2083 instead of standard port 80. A link which looks like http://cpanel.yourdomain.com uses port 80. If you wish to use port 2083 then, please, use link which looks like https://yourdomain.com:2083
6. Scan your webspace
To avoid having the files located in your hosting account being at hazard it is recommended to use different means of scanning for malicious software. First of all you can use an in-built cPanel virus scanner:
Also you can use some free online scanners such as this:
http://sitecheck.sucuri.net/scanner/
It is better to combine these two ways of checking your account for viruses. In order to prevent having viruses and malware on your account it is recommended to use themes and plugins only from trusted providers. In case you have any suspects regarding your account’s security then, please, feel free to contact our Support Team at any moment.
7. Always have a backup
Even though backups are scheduled on a weekly basis on our shared servers it is recommended to keep a backup of your account somewhere in a safe place on your PC or third party server. Please do not forget to update it from time to time in order to avoid losing the important information. You can create a full cPanel backup in cPanel > Backups. Note, that if your account gets bigger than 10GB or contains more than 150 000 inodes then it will be automatically excluded from weekly backups:
Even more advanced and convenient solution for creating backups is CodeGuard (later, CG). It’s main advantage is the possibility of creating *automatized* backups of your site. Using CG you can partially completely restore your site if there any changes arose, which you wish to get rid of. As CG is fully integrated in your cPanel, only several clicks are required for you to start taking advantages of this great feature we have!
8. Enable CloudFlare
We recommend you enabling CloudFlare in your cPanel. It is a great solution which improves your account’s performance and security. It can help you in protecting your account against DDoS attacks, SQL injections and other similar threats.
You can find more information in our guide How to enable CloudFlare for your domain name.
Update all third party scripts to the latest versions (e.g. Joomla!, WordPress, Magentoo or any other CMS).
Don’t load your website with every script, theme, gadget, feature, function, and code snippet you can find on the web. Each of them could let a hacker into your site. Before you use something new, read its vulnerability report.
9. CMS security tips
If your site is build on WordPress we recommend you to read our WordPress security guides:
CMS Security Issues. WordPress Security and Optimization
Internal Protection “.htaccess” (Manual setup)
and use the security tips listed there to prevent hack attempts in the future.
Following these simple recommendations you can improve your account’s security greatly. From our side we do our best to keep your account safe but if you undertake these measures a level of security increases drastically. We recommend our clients not to ignore the safety of data and always feel free to contact our Support Team in case you have any questions or complications.