I recently had two of my sites hacked one of them was using WordPress and this happened about six months ago, so I was thinking that it was because I was using WP with a poor user name and password, two days ago the other one was also hacked and on this one I’m not using WP, I also had a poor Cpanel password (5 letter password). So after this I will start using strong passwords but I was wondering if this is really where the hacker got into my site.
I would like to understand more about web security because right now all I know is that a strong password needs to be used and that’s it.
1 - What are the different ways a hacker can get into my server?
2 - What are the steps on securing your server, or is this something the host company takes care off?
3 - What are the general steps setting up a new site for the first time to make sure it will be secured (I know nothing is 100% secured)?
4 - Where can I get more information on web security? Is there a good book that you guys recommend?
Also are you using and FTP program? I love Filezilla, but somehow transferred a virus to my site using it one time. If you are using this software, try switching to something else like CoreFTPLite. It’s a lot slower, but seems to be more secure.
Thank you for your comments!
Wow thats bad new I love Filezilla. Is there any good ftp for Mac?
It is possible that another compromised site “crossed over” to yours. But I suspect this is unlikely as the host would probably catch this. Just the same, you should report the incident to your host.
It is more likely one of the reasons felgall mentioned. Bite the bullet - upgrade any old apps you’re using, check your folder/file permission settings, and do a scan of your computer.
Strong usernames and passwords are a good idea, but they are only one step in having a secure site.
Great points! Just to add to this, making sure you are not using the default ‘admin’ username. Hackers are aware most people don’t bother to change this.
Also are you using and FTP program? I love Filezilla, but somehow transferred a virus to my site using it one time. If you are using this software, try switching to something else like CoreFTPLite. It’s a lot slower, but seems to be more secure.
How about the server? I guess I don’t know understand how the servers work, I’m assuming that I’m renting a partition on one of the computers from my hosting service provider, IF I’m correct, what if someone attacks a different partition in the same computer (different client using the same hosting services).
Could a hacker get to my partition through a different partition within the same server?