Although there are many potential vulnerabilities that can be exploited by hackers, one that you do not need to worry about is server security. Our servers have advanced security modules that assure the best possible protection, such as mod_security, Suhosin PHP hardening, PHP open_basedir protection, and others.
We also have an automatic Malware Scanner on your hPanel that will help identify and remove malicious files on your account.
Whether you suspect that your account or site has been hacked or want to prevent it, read on to find out about:
Why Did It Happen?
The most common reasons are:
Outdated web application. Using older versions of your CMS (WordPress, PrestaShop, Joomla, etc.)
Outdated or nulled extensions. Third-party extensions such as plugins, modules, or themes can be vulnerable if outdated. Also, be aware of paid extensions offered for free on unofficial sites, as they may have been modified to include malware
Weak or exposed passwords. Using passwords that are easy to guess, repeating the same password across different services, or that were publicly posted (eg. you have it written down on a sticky note on your monitor)
Infected local computer. Some computer viruses can steal your login information and use it to add malicious code to your web files
What to Do if a Profile or Site Is Hacked?
There are a few things to look for that can indicate a potential hack:
Changes on your hosting account or files that were not made by you or someone you have authorized, such as a developer managing your website
Unrecognized accesses registered in the Login History of your Account Activity
Your hosting’s resource usage changed unexpectedly
If you notice these or other unusual changes, the recommended actions are:
Checking your devices for any viruses
Checking your browser for any suspicious extensions
Changing the passwords for all of your accounts associated with the site - devices, hosting account, e-mail, FTP access, and so on
Restoring the website using a backup from a date when it was working perfectly fine and then updating all of your plugins, theme, and CMS itself. Optionally, you can download your website files and check them with an antivirus application.
How to Prevent It?
Here are some measures you can take to protect your account and your sites:
Never provide your login and password to anyone. If you wish for a developer to manage your website, you can use our Access Manager feature
Scan regularly all your devices with an up-to-date antivirus
Keep your CMS and application extensions updated to the latest version
Download extensions/plugins/modules/themes only from trusted sources
Always use secure and strong passwords. You can find some useful recommendations here: How to create a strong password?
Enable social login for your hosting account, as well as two-step authentication for your CMS admin dashboard
By following these practices, you will ensure maximum protection for your website!
Additional resources:
If you're using a VPS, check this article: What to Do if Your VPS Has Been Hacked?