What can I do to secure my site?

This article is intended for customers of MijnHostingPartner.nl who use web applications such as Wordpress and Joomla. These web applications can both be installed in a few clicks via the Web App Gallery which can be found in the Control Panel. Both use an easy to use administration environment. There are several forums where information about these web applications can be found.

The reason these applications are so popular is because they are free. However, what is a disadvantage is that malicious people also focus on these types of websites. Partly because it is open source there are often leaks in the applications. This article is intended to explain to our customers which steps you can take to reduce the risk of being hacked.


Step 1: Your Passwords.

Pay attention to what you set for password within the WordPress/Joomla admin and FTP account. For example, don't think of passwords like: Test1234$ / Welcome12!@ etc.
What is a better example for a password you can find below:


  • HR$OgR27hNf0m!8B2oDdBCNw
  • vBu2seYo#B7c9WOB3IU-wOZ4


For more information about a strong password you can read our article here. We also have a Random Password Generator


Step 2: The write permission.

There are two types of write permissions covered in this step.

1. The read/write permissions of an FTP account.
2. The read/write permissions of a folder (file manager).

1.The read/write permissions of an FTP account.

If you set the read/write permissions of a folder correctly then no malicious files can be added to it. There are several reasons why this happens:
One reason to abuse your site is that people want to turn it into a botnet. A botnet can be used to launch further attacks and send spam. Another reason is to carry out phishing attacks.

The write permissions should be set correctly if you want to upload files via FTP. So if you are working on the site then you can set this to read and write.
Once you are done working on the site you can set it to read only.

To limit the write permissions for the FTP account you can apply the following:


What can I do to secure my site?

2.
Below is the example with read-only access. So as soon as you want to start working with your website you have to turn on the write permissions again. Note that write permissions only need to be given to the site itself, not to the NETWORK SERVICE.
More information on write permissions can be found in the article.
As soon as you are not going to work on the site for a longer period you can turn off write permissions again.


What can I do to secure my site?


Step 3: Plug-ins and additions to Wordpress and Joomla.

An advantage of Wordpress and Joomla is that there are plenty of plug-ins and extensions for it so you can customize it to your liking.
The disadvantage of these plug-ins is that they may be unsafe right from the start and may contain leaks that can cause damage.
Never download plug-ins from a third site or a site that is not officially Wordpress or Joomla. If you stay within the admin environment to download plug-ins then you can be almost certain that you are on the right site.
If you want to download from plug-ins or updates then you can check the following links among others:

International Wordpress site: WordPress
Dutch Wordpress site: Dutch WordPressInternational

Joomla site: Joomla ExtensionsWhen

you want to install a plug-in on your site pay attention to the following things:




































  • Are the reviews positive?
  • Has anyone had problems with it?
  • Are a handful of people using it or is it used by a large community and updated regularly?
  • How old is the plug-in and what version of Wordpress/Joomla is it made for?


Step 4: Backup your site

If you have not made a back-up of the site you can read here how you can do it. As soon as you do this in the way described in the article a complete backup is made of your hosting space. This includes the databases of your Wordpress or Joomla site. If you only backup your website files then this will not make much sense. Joomla and Wordpress do not function without the corresponding database.

If your website files are damaged and/or infected then you always have a backup of the latest (working) version of your website. In case of a hack you only need to change the passwords after restoring.
There is also the option to run a backup through a Scheduled Task (Cron Job). In this way a backup is made automatically at a set time. More on this can be found here.

Step 5: SFTPEen a
normal FTP connection does not use encryption when you connect with an FTP client to upload files to your space. To connect via SFTP you can use the following settings:




What can I do to secure my site?



Step 6: SSL certificate

The advantage of a SSL certificate is that the connection between visitor and website is always encrypted. So the visitor knows that he is connected to the right site and that any data he gives is encrypted over the line. There are several options for an SSL certificate:

General Information SSL Certificate



Step 7: Log Files

If you look through FTP or through the file manager in the control panel you will see three folders in the home directory:

  • Data
  • Logs
  • wwwroot


The most important folder is the wwwroot. This folder contains your website files. Without this folder or files in it, no website will actually be visible. But the Logs folder can be very helpful for post analysis to find out what happened.
In the log files the URL requests can be found, on the basis of this you can roughly see when what happened. For example, a long list of login requests can be seen in these logs.


Step 7: Keeping your website and plug-ins up to date.

It is very important to keep your website and plug-ins up to date, because the code and plug-ins of a good CMS are constantly updated and made more secure. If you are running the latest version of WordPress and you have an outdated plug-in, this is an easy way for malicious people to penetrate your website.
We recommend staying informed and following developments. On the website of WordPress and Joomla is always well indicated when a new version can be downloaded.

How to update your website can be found in the following articles.

- Updating WordPress.
- Joomla Update.


If you have other questions, suggestions or comments you can always create a ticket via the customer panel or see if someone from the chat is present on our website.






keywords: wordpress word press pres joomla joomla! security hacked hacked hack