Basic Site Security Checklist
If you are using assistive technology and are unable to read any part of the HostMonster website, or otherwise have difficulties using the HostMonster website, please call 866-573-HOST and our customer service team will assist you.
Skip to main content

HostMonster Web Hosting Help

Basic Site Security Checklist

Summary

By design our servers are secure. The security level of your site depends on the code that is uploaded to HostMonster's Servers.

The following check list is a good collection of security tips offered for review to ensure your web site is as secure as possible.




Remove malicious files and/or folders you are not familiar with.

While many PHP applications generate files you may not be familiar with, it is important to watch for files or directories that may sound suspicious such as 'wellsfargo' or 'abbybank'.

Update all scripts/applications to the newest versions available.

Old security holes are updated and remedied in new versions of software, so updating to the newest versions available ensures that you are running the most secure option available. If you installed these applications using MOJO Marketplace, automatic updates are available by clicking the 'Upgrade' button. For installations done with Fantastico, the main Fantastico screen will show a link on the right-hand side of the screen with the available versions you can upgrade to. In addition, go to the script's official site and subscribe to their updates list or security announcements list/feed.

Update all plugins to the newest versions available.

Just because your applications have been updated doesn't mean the plugins you use have been also. Popular plugins for Wordpress, Joomla, Drupal, etc are created for specific application versions. When updating your applications, make sure the plugins you're using are also certified to work with the newest version of your software. In addition, go to each plugin's official site and subscribe to their updates list or security announcements list/feed.

Change passwords on accounts or delete unused ones.

In case a hacker got one of your passwords, change them all.

  • In your cPanel, click Update Password to change your cPanel password.
  • Update the password(s) for your FTP Accounts. In FTP Accounts click "Change Password" if you still use the account or "Delete" if the account is no longer being used.
  • If your website has an administrative section or pages change it's password(s) also.

Delete any databases/applications from your account that are no longer in use.

Each databases/application you have installed on your account is another possible point of entry for attackers. By removing applications/databases that are no longer used, you will be eliminating the potential for those outdated scripts to be exploited.

Fix dangerously writeable permissions.

Most website files should be set at 644, and folders should be set to 755. This can be adjusted in an FTP client or by manually changing it in the Control Panel File Manager by selecting the file, and clicking on the icon at the top of the screen that says, 'Change Permissions'.

Hide your configuration files.

Moving your config.php and other files containing passwords to a secure directory outside of the 'public_html' folder will make them inaccessible to general web surfing.

Tweak your php.ini file.

The 'php.ini' file on your account is file that adjusts how PHP behaves on your account. By adjusting the properties of this file, you can greatly increase aspects of your security. This file is generally located in your 'public_html' directory. If you're unable to see this file, you may need to manually generate one. You can manually generate one by logging into your Control Panel and clicking the 'PHP Config' icon located in the section called 'Software/Services'. You'd then click the button that says, 'Install Master PHP.ini File'. This will install a file in your 'public_html' directory called 'php.ini.default'. To make this file active, you will then need to rename it to 'php.ini'.

  • Tweak 1 - Set 'register_globals' to Off.
  • Tweak 2 - Set 'display_error' to Off.

Connect to your account using a secure network.

If you're connecting to the internet using a wireless connection, make sure the wireless network is using a method of security such as WPA or WEP encryption.

Make sure your local computer is secure.

One of the biggest security holes in Internet site security is accessing your site from an insecure computer. Viruses, malware and keyloggers can be installed on your computer covertly and can be used to obtain your username/password credentials or to infect your website files themselves. Practice good at-home computer security by regularly running a reliable anti-virus/spyware scanner.

Connect to your email securely

If you use an email application, like Outlook or Mac Mail, be sure to use SSL when connecting to the email server. This will help prevent theft of sensitive information from your email as it travels from your computer to the email server. You should be able to view and adjust the connection settings inside your email application.

Anti-Virus Applications

Here are a few high-quality, free applications that can help you maintain a safe, healthy computer.

Windows

Mac

Linux Based



Was this resource helpful?

Did this resolve your issue?


Please add any other comments or suggestions about this content:





Recommended Help Content

You have invested a significant amount of time creating and perfecting your website, and you're ready to publish it for the world to see! Are you really though? Use this checklist to ensure your site is ready for publication.
Knowledgebase Article 83,694 views tags: checklist guide list practice publication publish site website

How to remove the "This site may harm your computer" warning in Google search results.
Knowledgebase Article 365,860 views tags: block blocking google malware

How do I increase my file size limit in my PHP application?
Knowledgebase Article 636,066 views tags: optimize php upload uploads

Related Help Content

This article will explain why you see "Your WordPress site appears to be infected with malware. Please update to remedy this problem."
Knowledgebase Article 199,227 views tags: malware wordpress wordpresstools

Two-factor authentication is ideal for anyone looking to increase their account security.
Knowledgebase Article 214,463 views tags: account password security

Changing PHP versions, load custom Apache mods, and other Apache/PHP customizations
Knowledgebase Article 154,358 views tags: easyapache php vps whm

Many popular website platforms use PHP for rendering their content. It’s common for these sites to have automatic update tools to ensure that they work with the latest version of PHP, however sometimes a theme or plugin for these services may prevent them from updating or may not work with a newer
Knowledgebase Article 158,704 views tags: deprecation discontinue end php upgrade

How to change your PHP version in your hosting account
Knowledgebase Article 902,767 views tags: config php selection version

How do I change the PHP environment for my site with php.ini?
Knowledgebase Article 809,372 views tags: configuration ini php server

If you suspect malicious content, hacks or a virus on your VPS/Dedicated account here are some tools located in your WHM that you can use.
Knowledgebase Article 194,335 views tags: clamav dedi dedicated malware virus vps

This article will explain the benefits of SiteLock for small businesses.
Knowledgebase Article 137,780 views tags: security sitelock

This site utilizes JavaScript to function correctly. Looks like it's disabled on your browser. Please enable it for your best experience.

For instructions on enabling JavaScript, click here