How to prevent your hosting account from being hacked

The menace of hacking is a very serious issue for the today’s World Wide Web. It is really important to pay a lot of attention to the security of your cPanel account. It should be well-protected against manual attacks as well as against automatized means of getting access to your hosting account.

The security of our clients is of the highest priority for us. We have an effective firewall system along with a set of other security measures on our servers. However, some aspects of cPanel account protection depend not on Namecheap but on the owner of the account. In this article you will find several useful tips you can use to significantly improve your cPanel account’s security.





1. Use a safe username and password


This is quite an obvious thing, but having a secure password is definitely among the most important aspects of web security. Some people set a password which is easy to remember in order to avoid keeping it somewhere. It is strongly recommended to avoid using passwords which consist of dictionary words, names of your relatives, friends or pets, important dates, cities, etc. These passwords are not secure as it is really easy to find such information about you, especially if you have an account in any of social networks.

In the Internet security there is even a special term 'social engineering' which suggests that some person can get your personal data without any additional means such as special software using methods of psychological manipulation. For example, some important personal data can be gathered during several online conversations with you by means of email, forum, chat or in a social network. So in case your password is your mother’s birthday, do not be surprised if your account gets hacked.

Also, hackers have special tools for cryptanalytic attacks (also known as brute-force attacks) which are intended to get your password. The main idea of such attacks is checking all possible words until the correct one is found. Such attacks can be successful if your password is a simple word from a dictionary.

It is strongly recommended to use passwords which consist of randomly mixed low and capital letters, special symbols and digits. Such password’s length should be not less than eight symbols. You can use any special program for passwords generation as well as in-built cPanel password generator. It can be found in cPanel >> Password & Security.

For cPanel Basic Theme:




For cPanel Retro Theme:




Another important aspect is a cPanel username.

By default, in a hosting welcome guide, you receive a generated username which consists of a part of your main domain name combined with several random letters. The cPanel username can be changed only by our representatives per your request in chat or ticket. There are some restrictions triggered by the cPanel functionality. Your username can consist only of alphanumeric characters (digits are also permitted, however, they are not permitted as the first symbol in the username). Also, the cPanel username cannot exceed eight symbols. It is not recommended to change it to your actual name or nickname as this information can be obtained easily by any other person.



It is strongly recommended to change your password from time to time. Also, we advise changing the password right after receiving the hosting welcome guide email.

Additionally, it makes sense to change passwords for your email accounts. This can be done in cPanel >>Email Accounts menu.

For cPanel Basic Theme:




For cPanel Retro Theme:





For example, avoid keeping Your Hosting Welcome Guide in your email account inbox in case you are not the only person who has access to it. Also, please, avoid storing your cPanel login details in a text file on your desktop, especially if you are not the only user of this computer. You can use Roboform, LastPass or any other similar password saving software in that case.

Needless to say that it is not recommended to share your username and password with anyone.



It is strongly recommended to have an effective firewall and antivirus software with the up-to-date databases on your personal computer. Please perform a full scan of your computer from time to time. Some viruses are intended to steal your login details and transmit them to someone who needs them. Also, there are special applications which are known as keyloggers. They gather a log of keyboard buttons pressed by you, make screenshots of your desktop and send this information to a hacker. Such software can be detected by a good antivirus program, so do not forget to check your PC regularly.



For example, with Namecheap you can connect by FTP in two ways. You can use a conventional port 21, or you can connect using a non-standard secured port 21098. If there are no network restrictions, it is recommended to use port 21098. Also, it is better to access your cPanel using non-standard port 2083 instead of standard port 80. A link which looks like http://cpanel.yourdomain.com uses port 80. If you wish to use port 2083, use link which looks like https://yourdomain.com:2083



To avoid having the files located in your hosting account being at hazard, it is recommended to use different means of scanning for malicious software. First of all, you can use an in-built cPanel Virus Scanner.

For cPanel Basic Theme:



For cPanel Retro Theme:


Also, you can use some free online scanners such as this one:
http://sitecheck.sucuri.net/scanner/

It is better to combine these two ways of checking your account for viruses. In order to prevent having viruses and malware on your account, it is recommended to use themes and plugins only from trusted providers. In case you have any doubts regarding your account’s security, please feel free to contact our Support Team at any moment.



Even though backups are scheduled on a weekly basis on our shared servers, it is recommended to keep a backup of your account somewhere in a safe place on your PC or a third-party server. Please do not forget to update it from time to time in order to avoid losing the important information. You can create a full cPanel backup in cPanel >> Backup.

For cPanel Basic Theme:





For cPanel Retro Theme:




PLEASE NOTE: If your account gets bigger than 25GB or contains more than 200 000 inodes, it will be automatically excluded from weekly backups.

Even a more advanced and convenient solution for creating backups is CodeGuard (later referred to as CG). Its main advantage is the possibility of creating automatized backups of your site. Using CG you can partially or completely restore your site in case of any changes that you wish to get rid of. As CG is fully integrated with your cPanel, only several clicks are required for you to start taking advantages of this great feature we have!


8. CMS security tips


If your site is built on WordPress, we recommend reading our WordPress security guides:

How to improve WordPress website security
How to set up internal protection for .htaccess

and use the security tips listed there to prevent hack attempts in the future.

Following these simple recommendations, you can improve your account’s security greatly. From our side, we do our best to keep your account safe, but if you undertake these measures, a level of security increases drastically. We recommend you not to ignore the safety of your data and always feel free to contact our Support Team in case you have any questions or complications.



Comments

We welcome your comments, questions, corrections and additional information relating to this article. Your comments may take some time to appear. Please be aware that off-topic comments will be deleted.

If you need specific help with your account, feel free to contact our Support Team. Thank you.

Need help? We're always here for you.

× Close