My Hosting Partner.com
My Hosting Partner.com

Categories

What can I do to secure my website?

This article is aimed in particular at customers of MijnHostingPartner.nl who use web applications such as Wordpress and Joomla. These web applications can both be installed with just a few clicks via the customer panel. Both use an easy-to-use administration environment. There are several forums where you can find information about these web applications.

The reason why these applications are so popular is that they are free. A disadvantage, however, is that malicious actors also focus on these types of websites. Since they are partly open source applications, there are often leaks in these applications (especially in outdated or unmaintained plugins and themes). The purpose of this article is to explain to our customers in more detail what steps you can take to minimize the risk of a hacker attack.


Step 1: Your passwords.

Pay attention to which passwords you set within the WordPress/Joomla administration and FTP account. For example, do not think of passwords like: Test1234$ / Welcome12!@ etc.
A better example of a password can be found below:

  • kH4832XUbso
  • ZUTdk3t!wQe#

What can I do to secure my website?


Also make sure that you use our Generate option for the important passwords in the customer area. This will create a strong password by default that you can use.


Step 2: The write permissions.

The read/write permissions of a folder or the website


The permissions of a website are also an important factor for the security of your website if you always have full write permissions on it. Then something can go wrong more quickly than if you have restricted rights. We have stored the necessary standard rights for many content management systems in the customer panel. This means you can easily enforce them or restrict them to the rights required for working on the website.

You can find these in the customer panel -> My products -> Product -> Websites tab in the left-hand menu -> Select website -> File rights.

They can then be set here as required,

What can I do to secure my website?


As soon as you do not work on the website for a longer period of time, you can deactivate the write permissions. If you want to make major updates to the website, you can activate the Install or Update permissions. This opens them temporarily and restricts them again by default after 7 days. So don't forget to do this.


Step 3: Plugins and add-ons for WordPress and Joomla.

One advantage of WordPress and Joomla is that there are lots of plugins and add-ons that you can use to customize the site to your liking.
The disadvantage of these plugins is that they may be insecure from the start and contain leaks that can cause damage.
Never download plugins via a third-party website or a website that is not officially from WordPress or Joomla. If you stay in the administration environment to download plugins, you can be pretty sure that you are on the right page.
If you want to download plugins or updates, you can use the following links, among others:

International WordPress website: https://wordpress.org/plugins/
Dutch WordPress website: https://nl.wordpress.org/plugins/

International Joomla website: https://extensions.joomla.org/

If you want to install a plugin on your website, pay attention to the following:

  • Are the reviews positive?
  • Has anyone had problems with it?
  • Is it only used by a handful of people or is it used by a large community and updated regularly?
  • How old is the plugin and for which version of WordPress/Joomla is it intended?


Step 4: Backup your website

If you have not yet created a backup of your website, you can read how to do this in this article. If you do this in the way described in the article, a complete backup of your hosting space will be created. This also includes the databases of your WordPress or Joomla website. If you only back up the files of your website, this makes little sense. Joomla and WordPress do not work without the corresponding database.

If your website files are corrupted and/or infected, you always have a backup of the last (working) version of your website. In the event of a hack, you only need to change the passwords after restoring.
It is also possible to run a backup via a scheduled task (cron job). In this way, a backup is automatically created at a specific time. You can find out more about this here.

Step 5: SFTP
A normal FTP connection does not use encryption when you connect to an FTP client to upload files to your storage space. To establish a connection via SFTP, you can use the following settings:


What can I do to secure my website?



Step 6: SSL certificate

The advantage of an SSL certificate is that the connection between the visitor and the website is always encrypted. In this way, the visitor knows that he is connected to the correct website and that all data he enters is encrypted over the line. There are various options for an SSL certificate:

https://www.mijnhostingpartner.nl/client/knowledgebase/beveiliging/algemene-informatie-ssl-certificaat/





Step 7: Log files

If you look via FTP or via the file manager in the control panel, you will see three folders in the home directory:

  • Data
  • Logs
  • wwwroot


The most important folder is wwwroot. This folder contains the files of your website. Without this folder or the files it contains, no website is really visible. But the Logs folder can be very helpful in a later analysis to find out what happened.
The URL requests can be found in the log files, which you can use to roughly identify what happened when. For example, a long list of login requests can be seen in these logs.


Step 7: Keep your website and pluginsup to date.

It is very important to keep your website and plugins up to date, as the code and plugins of a good CMS are constantly being updated and made more secure. If you are using the latest version of Wordpress and have an outdated plugin, this is an easy way for malicious people to gain access.
We recommend staying up to date and following developments. The websites of Wordpress and Joomla always indicate when a new version can be downloaded.

You can find out how to update your website in the following articles.

- Update Wordpress.
- Update Joomla.



We hope that this article clarifies how you can secure your website. If you have any suggestions about this, you can report them via the chat or a ticket.
If you have further questions or comments, you can always create a ticket via the customer panel or see if someone from the chat is present on our website.




Tags: wordpress word press pres joomla joomla! security hacked hacked hacking