Frequently Asked Question

How can I prevent my account from being hacked?
Last Updated 8 years ago

This is a question that is also best answered by your webmaster or the script developers of the script(s) you have installed within your account. Here are some suggestions we have:

Keep scripts updated

Keep all scripts installed within your account updated to the latest version available.
Developers of web-based scripts release new updates to their software periodically. These updates often contain feature upgrades, but more importantly contain security updates as well. By keeping your scripts up to date, you ensure that the latest security holes are patched and only the content you post is displayed on your website.
If you have installed any scripts through Fantastico or Softaculous within your cPanel, you can have a notification emailed to you once a new version is available for any of the scripts you have installed.

Use secure passwords

Only use secure passwords. A secure password consists of letters, lowercase and uppercase, and numbers composed in a random pattern. At the very least, you want to ensure your passwords do not occur in a dictionary. It is not uncommon for hackers to attempt what is called a "Dictionary Attack". In such an attack, all of the words contained within a dictionary are guessed as a possible password. If your password occurs in the dictionary, such a brute-force guessing attack will succeed and allow unauthorized visitors access to privilleged information. Here are a few examples:
Bad Passwords: password sailboat admin yellow
Good Passwords (but don't use these exactly): hal2kejslIs9 122l0745Js Plwn24sueh37
Your passwords should be 8-15 characters in length and, if you cannot remember it, should be written down in a location only you are aware of. Do not share passwords with untrusted individuals.

Remove script install files

Remove any script install files from your account. Scripts usually let you know, after installation is complete, what files should be removed from your account. If you're not sure what can and cannot be removed, you will want to contact the script developers for assistance.

Password protect admin folders

Password protect the directory where any script's admin panels are located.
This is just added security to ensure only the individuals you want to have access to your script's admin panel have access. If you have access to cPanel, you can password protect a directory through your cPanel.

Secure Upload scripts

Make sure any upload scripts installed within your account are locked down so that only the individuals you want to be able to use them are able to do so.
Doing this could be something as simple as password protecting the directory where the upload script is located. It depends on how the upload script is installed. If you're not sure how to lock down your upload script(s), you will want to contact the script developers for more details on how to do so.

Unique MySQL users

Use a username and password to connect to a database that are only used to connect to that database.
What this means is do not use a username and password that are used to connect to other things related to your account. For example, scripts can be configured to connect to a database using the account's cPanel username and password. This is insecure because the database connection details specified within a script's configuration file are usually stored within a flat text file which can be read. If a hacker is able to read your script's configuration file, using a username and password that are only able to connect to the database specified within the configuration file will ensure the hacker does not gain access to anything else.

Security Plugins

Install any available security plugins that are recommended for your script(s).
If you're not sure of any, you could search for recommendations to see what other users of your script(s) recommend or you can contact the script developers directly and ask what they recommend.

Please Wait!

Please wait... it will take a second!