Paramount Web Hosting recommends a number of actions and services which can help you maintain security on your website. The following security tips are offered in order to help our clients maintain site security and protect their accounts.
Update Scripts and CMS Installations
The vast majority of account compromises are caused by malicious users who have found exploits in scripts installed on an account. Therefore, the best advice we can offer is to make sure that all CMS installations, as well as any related themes, plugins and other add-ons, are kept up-to-date. Most CMS software has an option to update from within the administration panel
Another common form of compromise is due to exploited passwords. These compromises can occur in one of two ways: a brute force compromise or through virus/malware on a local computer.
Brute Force Compromise
In a brute force compromise, the attacker will repeatedly guess the password until the correct combination is guessed. While our servers do have certain amounts of brute force protection enabled, we suggest creating a complex password made up of at least three of the four major character types.
- Uppercase Letters (A-Z)
- Lowercase Letters (a-z)
- Numbers (0-9)
- Special characters (-_.,!@#$%^&*)
When updating passwords, we also suggest that you do not use previously used passwords. This is due to the fact that once a password has been compromised, it will remain that way indefinitely. So, if a password is reverted back, the account will most likely be compromised again.
Viruses and Malware
Another form of password compromise occurs when account passwords are stolen using viruses/malware located on local computers from which accounts are accessed. This malware sniffs out passwords used and stored by FTP and other programs. In order to protect against this form of attack, full virus and malware scans should be run on all computers which access the account to ensure that they are clean. We recommend following the instructions found here:
Make Regular Backups
Be sure to make regular backups of your account in case there is a compromise. If you cant do the backup, please sign up for our hosting service and keep your files protected.
It is highly recommended that you keep a backup of all your files in case of missing or deleted files.