Go through our basic site security checklist While we do not specifically offer security support on an account-level basis, the following checklist is a good overall checklist of security tips you can review to make sure your site is as secure as possible. Our servers are secure, it is the code you upload or put on Mr.Hosts Servers that compromise the overall security of your site.
- Remove malicious files and/or files you are not familiar with.While many PHP applications generate files you may not be familiar with, it is important to watch for files or directories that may sound suspicious such as ‘wellsfargo’ or ‘abbybank’.
- Update all scripts/applications to the newest versions available.Old security holes are updated and remedied in new versions of software, so updating to the newest versions available ensures that you are running the most secure option available. If you installed these applications using Simple Scripts, automatic updates are available by clicking the ‘Update Now’ button. For installations done with Fantastico, the main Fantastico screen will show a link on the right-hand side of the screen with the available versions you can upgrade to.
- Update all plugins to the newest versions available.Just because your applications have been updated doesn’t mean the plugins you use have been also. Popular plugins for WordPress, Joomla, Drupal, etc are created for specific application versions. When updating your applications, make sure the plugins you’re using are also certified to work with the newest version of your software.
- Delete any databases/applications from your account that are no longer in use.Each databases/application you have installed on your account is another possible point of entry for attackers. By removing applications/databases that are no longer used, you will be eliminating the potential for those outdated scripts to be exploited.
- Fix dangerously writable permissions.Most website files should be set at 644, and folders should be set to 755. This can be adjusted in an FTP client or by manually changing it in the Control Panel File Manager by selecting the file, and clicking on the icon at the top of the screen that says, ‘Change Permissions’.
- Hide your configuration files.Moving your config.php and other files containing passwords to a secure directory outside of the ‘public_html’ folder will make them inaccessible to general web surfing.
- Connect to your account using a secure network.If you’re connecting to the internet using a wireless connection, make sure the wireless network is using a method of security such as WPA or WEP encryption.
- Make sure your local computer is secure.One of the biggest security holes in internet site security is accessing your site from an insecure computer. Viruses, malware, and keyloggers can be installed on your computer covertly and can be used to obtain your username/password credentials or to infect your website files themselves. Practice good at-home computer security by regularly running a reliable anti-virus/spyware scanner. Below is a link to high-quality, free software that can help you maintain a safe, healthy computer.
Know where to look to get help.
PC Tools Anti-Virus: http://www.pctools.com/free-antivirus/
AVG Free Antivirus: http://free.avg.com/ca-en/homepage
Ad-Aware Anti-Malware: http://www.lavasoft.com/single/trialpay.php