Tips on how to prevent your account from being hacked
The menace of hacking is a very serious issue for the today’s World Wide Web. It is really important to pay a lot of attention to the security of your cPanel account. It should be well-protected against manual attacks as well as against automatized means of getting access to your hosting account.
The security of our clients is of the highest priority for us. We have an effective firewall system along with a set of other security measures on ours servers. However, some aspects of cPanel account protection depend not on Naijadomains but on the owner of the account. In this article you will find several useful tips you can use to significantly improve your cPanel account’s security:
for cPanel paper_lantern theme
for cPanel x3 theme
for cPanel paper_lantern theme:
1. Use a safe username and password
This is quite an obvious thing, but having a secured password is definitely among the most important aspects of web security. Some people set a password which is easy to remember in order to avoid keeping it somewhere. It is strongly recommended to avoid using passwords which consist of dictionary words, names of your relatives, friends or pets, important dates, cities, etc. These passwords are not secure as it is really easy to find such information about you, especially if you have an account in any of social networks. In the Internet security there is even a special term ‘social engineering’ which suggests that some person can get your personal data without any additional means such as special software using methods of psychological manipulation. For example, some important personal data can be gathered during several online conversations with you by means of email, forum, chat or in a social network. So in case your password is your mother’s birthday, do not be surprised if your account gets hacked.
Also, hackers have special tools for cryptanalytic attacks (also known as brute-force attacks) which are intended to get your password. The main idea of such attacks is checking all possible words until the correct one is found. Such attacks can be successful if your password is a simple word from a dictionary.
It is strongly recommended to use passwords which consist of randomly mixed low and capital letters, special symbols and digits. Such password’s length should be not less than eight symbols. You can use any special program for passwords generation as well as in-built cPanel password generator. It can be found in cPanel > Change Password:
Another important aspect is a cPanel username.
By default, in a hosting welcome guide, you receive a generated username which consist of a part of your main domain name combined with several random letters. The cPanel username can be changed only by our representatives per your request in chat or ticket. There are some restrictions triggered by the cPanel functionality. Your username can consist only of alphanumeric characters (digits are also permitted, however, they are not permitted as the first symbol in the username). Also, the cPanel username cannot exceed eight symbols. It is not recommended to change it to your actual name or nickname as this information can be obtained easily by any other person.
2. Change your password regularly
It is strongly recommended to change your password from time to time. Also, we advise changing the password right after receiving the hosting welcome guide email.
Additionally, it makes sense to change passwords for your email accounts. This can be done in cPanel > Email Accounts menu:
3. Keep your username and password in a safe place
For example, avoid keeping your hosting welcome guide in your email account inbox in case you are not the only person who has access to it. Also, please, avoid storing your cPanel login details in a text file on your desktop, especially if you are not the only user of this computer. You can use Roboform, Lastpass or any other similar password saving software in that case.
Needless to say that it is not recommended to share your username and password with anyone.
4. Pay attention to the security of your computer
It is strongly recommended to have an effective firewall and antivirus software with the up-to-date databases on your personal computer. Please perform a full scan of your computer from time to time. Some viruses are intended to steal your login details and transmit them to someone who needs them. Also, there are special applications which are known as keyloggers. They gather a log of keyboard buttons pressed by you, make screenshots of your desktop and send this information to a hacker. Such software can be detected by a good antivirus program, so do not forget to check your PC regularly.
5. Use a secured connection when it is possible
For example, with Naijadomains you can connect by FTP in two ways. You can use a conventional port 21, or you can connect using a non-standard secured port 21098. If there are no network restrictions, it is recommended to use port 21098. Also, it is better to access your cPanel using non-standard port 2083 instead of standard port 80. A link which looks like http://cpanel.yourdomain.com uses port 80. If you wish to use port 2083, use link which looks like https://yourdomain.com:2083
6. Scan your webspace
To avoid having the files located in your hosting account being at hazard, it is recommended to use different means of scanning for malicious software. First of all, you can use an in-built cPanel virus scanner:
Also, you can use some free online scanners such as this one:
http://sitecheck.sucuri.net/scanner/
It is better to combine these two ways of checking your account for viruses. In order to prevent having viruses and malware on your account it is recommended to use themes and plugins only from trusted providers. In case you have any doubts regarding your account’s security, please feel free to contact our Support Team at any moment.
7. Always have a backup
Even though backups are scheduled on a weekly basis on our shared servers, it is recommended to keep a backup of your account somewhere in a safe place on your PC or a third-party server. Please do not forget to update it from time to time in order to avoid losing the important information. You can create a full cPanel backup in cPanel > Backups. Note, that if your account gets bigger than 10GB or contains more than 150 000 inodes, it will be automatically excluded from weekly backups:
Even a more advanced and convenient solution for creating backups is CodeGuard (later referred to as CG). Its main advantage is the possibility of creating *automatized* backups of your site. Using CG you can partially or completely restore your site in case of any changes that you wish to get rid of. As CG is fully integrated with your cPanel, only several clicks are required for you to start taking advantages of this great feature we have!
8. CMS security tips
If your site is built on WordPress, we recommend reading our WordPress security guides:
How to improve WordPress website security
How to set up internal protection for .htaccess
and use the security tips listed there to prevent hack attempts in the future.
Following these simple recommendations, you can improve your account’s security greatly. From our side we do our best to keep your account safe, but if you undertake these measures, a level of security increases drastically. We recommend you not to ignore the safety of your data and always feel free to contact our Support Team in case you have any questions or complications.
1. Use a safe username and password
This is quite an obvious thing, but having a secured password is definitely among the most important aspects of web security. Some people set a password which is easy to remember in order to avoid keeping it somewhere. It is strongly recommended to avoid using passwords which consist of dictionary words, names of your relatives, friends or pets, important dates, cities, etc. These passwords are not secure as it is really easy to find such information about you, especially if you have an account in any of social networks. In the Internet security there is even a special term ‘social engineering’ which suggests that some person can get your personal data without any additional means such as special software using methods of psychological manipulation. For example, some important personal data can be gathered during several online conversations with you by means of email, forum, chat or in a social network. So in case your password is your mother’s birthday, do not be surprised if your account gets hacked.
Also, hackers have special tools for cryptanalytic attacks (also known as brute-force attacks) which are intended to get your password. The main idea of such attacks is checking all possible words until the correct one is found. Such attacks can be successful if your password is a simple word from a dictionary.
It is strongly recommended to use passwords which consist of randomly mixed low and capital letters, special symbols and digits. Such password’s length should be not less than eight symbols. You can use any special program for passwords generation as well as in-built cPanel password generator. It can be found in cPanel > Change Password:
Another important aspect is a cPanel username.
By default, in a hosting welcome guide, you receive a generated username which consist of a part of your main domain name combined with several random letters. The cPanel username can be changed only by our representatives per your request in chat or ticket. There are some restrictions triggered by the cPanel functionality. Your username can consist only of alphanumeric characters (digits are also permitted, however, they are not permitted as the first symbol in the username). Also, the cPanel username cannot exceed eight symbols. It is not recommended to change it to your actual name or nickname as this information can be obtained easily by any other person.
2. Change your password regularly
It is strongly recommended to change your password from time to time. Also, we advise changing the password right after receiving the hosting welcome guide email. The cPanel password can be changed in cPanel > Change Password. By the way, we recommend checking Allow MySQL password change as this option lets you synchronize the password with the password for phpMyAdmin:
Additionally, it makes sense to change passwords for your email accounts. This can be done in cPanel > Email Accounts menu:
3. Keep your username and password in a safe place
For example, avoid keeping your hosting welcome guide in your email account inbox in case you are not the only person who has access to it. Also, please, avoid storing your cPanel login details in a text file on your desktop, especially if you are not the only user of this computer. You can use Roboform, Lastpass or any other similar password saving software in that case.
Needless to say that it is not recommended to share your username and password with anyone.
4. Pay attention to the security of your computer
It is strongly recommended to have an effective firewall and antivirus software with the up-to-date databases on your personal computer. Please perform a full scan of your computer from time to time. Some viruses are intended to steal your login details and transmit them to someone who needs them. Also, there are special applications which are known as keyloggers. They gather a log of keyboard buttons pressed by you, make screenshots of your desktop and send this information to a hacker. Such software can be detected by a good antivirus program, so do not forget to check your PC regularly.
5. Use a secured connection when it is possible
For example, with Naijadomains you can connect by FTP in two ways. You can use a conventional port 21, or you can connect using a non-standard secured port 21098. If there are no network restrictions, it is recommended to use port 21098. Also, it is better to access your cPanel using non-standard port 2083 instead of standard port 80. A link which looks like http://cpanel.yourdomain.com uses port 80. If you wish to use port 2083, use link which looks like https://yourdomain.com:2083
6. Scan your webspace
To avoid having the files located in your hosting account being at hazard, it is recommended to use different means of scanning for malicious software. First of all, you can use an in-built cPanel virus scanner:
Also, you can use some free online scanners such as this one:
http://sitecheck.sucuri.net/scanner/
It is better to combine these two ways of checking your account for viruses. In order to prevent having viruses and malware on your account it is recommended to use themes and plugins only from trusted providers. In case you have any doubts regarding your account’s security, please feel free to contact our Support Team at any moment.
7. Always have a backup
Even though backups are scheduled on a weekly basis on our shared servers, it is recommended to keep a backup of your account somewhere in a safe place on your PC or a third-party server. Please do not forget to update it from time to time in order to avoid losing the important information. You can create a full cPanel backup in cPanel > Backups. Note, that if your account gets bigger than 10GB or contains more than 150 000 inodes, it will be automatically excluded from weekly backups:
Even a more advanced and convenient solution for creating backups is CodeGuard (later referred to as CG). Its main advantage is the possibility of creating *automatized* backups of your site. Using CG you can partially or completely restore your site in case of any changes that you wish to get rid of. As CG is fully integrated with your cPanel, only several clicks are required for you to start taking advantages of this great feature we have!
8. CMS security tips
If your site is built on WordPress, we recommend reading our WordPress security guides:
How to improve WordPress website security
How to set up internal protection for .htaccess
and use the security tips listed there to prevent hack attempts in the future.
Following these simple recommendations, you can improve your account’s security greatly. From our side we do our best to keep your account safe, but if you undertake these measures, a level of security increases drastically. We recommend you not to ignore the safety of your data and always feel free to contact our Support Team in case you have any questions or complications.