This article will show you some steps you can take to secure your CMS / web application, such as WordPress, Joomla, Drupal and others.
- While we take every precaution to ensure our shared servers are secure, it is important that as a customer, you use strong passwords and take measures to ensure security of your service.
- Nearly all hacked or compromised websites are due to customers using out of date software or not having their file and folder permissions set correctly.
The permissions on your configuration files should be: 6, 0, 0. You can set this via FTP, or through your control panel’s file manager.
To change the permissions in cPanel you can follow these steps:
1. Log into your cPanel Account
2. Navigate to the File Manager
3. If prompted, select the ‘Web Root (public_html/www)’ option.
4. Find the folder that you installed your application to. This is usually the public_html folder.
5. Locate your configuration file. Here are the default locations of some popular CMS web applications:
- WordPress: /wp-config.php
- Joomla: /configuration.php
- Drupal: /sites/default/settings.php
6. After you have selected your configuration file, click the Change Permissions icon at the top of the page.
7. Ensure that only Read User and Write User are ticked (making the Permission 6 0 0).
8. Click on ‘Change Permission’ to apply the change.
Complete: You have now secured your CMS / web application’s configuration file.
This is just one of the many actions that can be taken to improve the security of your website. It is always important to ensure you have a strong cPanel username and password as the most basic step.
Your Web application provider may be able to provide other ways to improve security, for example, restricting access to your admin area using .htaccess rules. Here are some helpful links for popular web applications which we recommend reading.
- WordPress: http://codex.wordpress.org/Hardening_WordPress
- Joomla: http://docs.joomla.org/Security
- Drupal: http://drupal.org/security/secure-configuration
Sucuri provides a free site scan which can be used to detect any malicious content on your website: http://sitecheck.sucuri.net/scanner/