Since July is Security Month for us, we should write something up about keeping your shared hosting account secured. Most hosting companies will have their shared hosting servers pretty well nailed down. However, you do come across some hosting companies that haven’t bothered and your website would be potentially opened to nasties such as XIS attacks and brute-forcing. This guide will only cover the shared hosting side, the customers side. A guide for a server administrator will be out soon.
So read this simple, easy to follow guide on how to keep your hosting account safe. Making your account safe is the best thing you can do for your personal site, blog or online business!
Did you know, you can actually win one of ten copies of BitDefender Total Security 2010 for free. Yes, you heard that right. For FREE! You can enter the competition right here.
Using a secure password
This is a major tip for all hosting accounts. Using a secure password that only you know and can remember. I’m not going to rabble on about this because Terence has already posted something about keeping a secure password. You can read this here.
Keeping your permissions safe
The next thing you should make sure of is that your permissions are safe and secure. Usually, having your permissions as 644 is recommended. This means, only the owner of this file can read and write and everyone else can only read. Make sure you check your hosting control panel file manager for the permissions that are set for your files.
As you can see from the gallery of images (below this paragraph) I’ve set the permissions on in cPanel (you can click on it to make it larger). As you can see, the user (which is you) can read and write while everyone else can read. This ensures only you can write to the file and have no other party change it. Once you have done that, make sure any other files are set as 644, you can see in the screenshot to the right that all my files are set as 644.
Using .htaccess to secure your hidden directories.
Many software programs have hidden directories that have important operational scripts in. Such as database scripts and general stuff that makes that application work. Thats the same as scripts you install in your hosting account using Fantastico or Installatron, or even installing them by yourself. Some online programs will do this by themselves and secure it up for you. However, its always good to add an extra layer of security for those scripts and even your own. Firstly, you need to create, or open an existing .htaccess file. We want to make that .htaccess file secure, add this at the top:
<Files .htaccess> order allow,deny deny from all </Files>
This will ensure no one can read your .htaccess file and find out about your secret directories. Another line which you should add underneath that is:
Options -Indexes
This line will disable the viewing of directories and instead show a 403 Forbidden page. Many exploits are by hackers viewing inside directories and finding files they shouldn’t and then gaining unauthorised access.
You can view more information on .htaccess security here, on MrMarkeh’s Developer Blog – Link.
Asking your hosting provider.
Another great way to keep your account secure is to ask your hosting provider to secure it for you! Usually they have people on hand to help you keep your account safe and secure from hackers. Just submit a ticket to their support team and ask.
That concludes my post about keeping your account secure. Make sure you work with your hosting provider to ensure your account is secure. Its better to be safe than sorry!
Did you know, you can actually win one of ten copies of BitDefender Total Security 2010 for free. Yes, you heard that right. For FREE! You can enter the competition right here.