Waking up one day to figure out that your website has been compromised and injected with malicious codes is perhaps the most demoralizing thing you could experience, especially if this is the primary source of income. We at HostArmada value security above all else, and we have ensured that our servers provide the best possible security features to protect your business. Despite the scale of our protection systems, they cannot guarantee a 100% care-free card against ill intent because there are a dozen ways hackers could exploit your site. In 95% of the cases, this is through a loophole in your website's code, its plugins, themes, or modules it utilizes.
In this article, we try to teach you the most common practices which, in our experience, have proven themselves most effective in preventing websites from falling victim to hackers.
Most common reasons for hacked websites
Let's go over the reason why your website could have been hacked:
- First and foremost - outdated applications. Typically observed with open-source scripts such as WordPress, Joomla, Magento, or PrestaShop. We understand that running a business and continuously adding new content could be time-consuming, and in that process, you may leave out an essential aspect - updating your site. Having an outdated version is detrimental to your website as hackers will use known exploits for the outdated version in an attempt to inject malicious codes.
- Outdated plugins, modules, themes, or functionalities you have added to your websites. Updating the application itself is not enough. You need to make sure that ALL features that shape your site are up to date.
- Another reason could be weak username/password combinations for your website's administrative area and your clients’ accounts. You must ensure that both you, your webmasters, and your clients use strong passwords.
- You may be using weak cPanel/ClientArea/FTP passwords. Usually, when you sign up with us, the cPanel passwords we provide to you during this process is a randomly generated 15 string long password, which has a high-security score. As we offer cPanel hosting services, the main FTP account's password is the same as the cPanel, so you need to make sure that when signing up, you type in a strong password for your client area.
- Last but not the least important reason - an infected local computer. There are viruses known as "key-loggers" that write down your passwords and send them to the person who injected you with them.
Useful practices to prevent yourself from being hacked
Now that we have gone through the reasons, let's explore what you can do on your side to prevent malicious code injection and keep your applications safe:
- Keep your app updated whenever a new stable patch/build is released. Luckily for you, we at HostArmada want your online venture to prosper, therefore, we want to eliminate any tasks preventing you from focusing on your website. We offer updates for application FREE of charge. All you need to do is contact us by submitting a support ticket, and the rest will be history. Our technical experts have years of experience updating various applications, so your projects will be in good hands.
- Vendors that supplied you with a module, plugin, or theme will typically release security patches. You should always aim to apply them whenever they are available. We also offer FREE updates for plugins, themes, and modules. All you need to do is submit a support ticket, providing us with the files of the desired feature you want to apply a patch for, along with a relevant documentation/guide on the matter, and we will handle everything for you.
- To make sure registrants on your website utilize strong passwords, we recommend setting up a functionality, forcing them to use stronger passwords (such as a password score meter), and then set a minimum score of 90 for a password to be accepted during the registration. In addition to that, you can add a functionality generating a random 12-15 strings that will be applied inside the password field, which the client can utilize. He can copy this randomly generated password and store it within a file on his local machine, and instead of typing it each time, he can copy and paste it within the password text field.
- Change ALL your online passwords frequently (once every couple of months). In addition to that, we recommend using a password vault app such as LastPass, which provides excellent options to manage your passwords.
- Make sure you use a robust Anti-virus system on your local computer and run malware scans regularly.