Number of web sites including government site that were being compromised increased nowadays. Even though all web owners have taken numerous measures to keep their server and web sites hosted secure, there is more that needs to be done in order to avoid to compromise your account.
Due to many of our clients were not that tech savy, we will try to explain in plain words how to make your web sites safe, secure and far away from hackers.
Here are some simple but yet important steps that need to be followed and missing one of them will put your website at risk.
Use hard to guess password or strong password and keep it safe!
Many web sites were hacked because they use an easy to guess password such as “123456” or “password123”. Remember you MUST USE A HARD TO GUESS PASSWORD (also known as STRONG PASSWORD)! Strong password includes random letters (includes upper and lower case letters), numbers and special symbols/character (example of a strong password is “~j6%d#3G&^H$*4m&”). After creating a strong password you shall store it securely so that others will not have an access or see it.
Always keep your scripts updated!
Always make sure you keep your scripts updated in its latest version at all times. Majority of accounts that were hacked or compromised are cause by an out of date script such as Joomla or WordPress. You should check for updates regularly and apply them to your installations. Installed Scripts plugins, modules or extensions must also required to be keep updated to latest version. If you don’t have any knowledge how to update your script, always refer to the script’s documentation which contains steps on how you can update your script.
Set proper permissions!
Your account can also be compromised if you are using wrong permissions for your files and/or folders. Files and folders permissions shall never set to 777 permissions due to it will make it wide-open for hackers. 711 permission is recommended to be used in Folders and files shall be set in permission 644 except for those files which contain sensitive information, such as your script configuration file which contains your database login details which shall be set to 600 permission. Setting file in permission 600, you will only be having read/write access and no one else will be able to open the configuration file and steal your password. You can use file manager in cPanel or FTP client software to set the permissions.
Applying these 3 simple steps to all your web sites will help you ease problem of having a compromised account.