Yesterday I covered some basic security tips for WordPress blogs. Today I am covering some of the very basic things you can do to make your site or blog more secure cPanel, the panel through which you set up the basic self-hosting service particulars of your site.
I am not a computer programmer or software specialist, but I tell such folks that I know enough to be dangerous. I do install and maintain much of my own site software. I have been using computers, dare I say it, since the late 1970s. I have learned a few things along the way and offer this information as is in order to familiarize my readers with some of the security problems and solutions that may inform them. But as a caution, if you are not comfortable changing something in your setup, don’t do it. If you do change something, keep a log of exactly what you did. As always, back everything up before you make any changes.
A Host You Can Reach
– panel often has a video tutorial available. Ask your hosting service if such a video is available if you do not know where to access it. Cannot easily get in touch with someone from your hosting company? Get another one. Make sure you have in person support, live cha
t, and a support phone number. Having the ability to submit a support ticket is not good enough.
What the Crooks Want
cPanel is essentially a dashboard through which you adjust and install software components of your website. It is the gateway to the physical server space you rent from a hosting service. Most hackers are trying to get to your server space where they can install their software to do all sorts of nefarious things.
How They Do It
Those pesky spam comments may be much more than a way to get stupid links on your site. The message could contain code you cannot see that, if you have not secured the files they want to get to, will inject code into your databases. Don’t have databases? Yes you do. They are created to manage user names, comments, likes, and a host of other information that it takes to have a pretty, shiny website or blog. So you want to secure as many files as possible.
Know Your cPanel
Per the image of the cPanel shown below, there are several parts of the panel that concern different functions of your site. When you log in and go to your cPanel, just click the arrow at the right on your panel to open or minimize the various sections.
Preferences: This is where you access tutorials, like the ones I mentioned above, and your basic access info.
Mail: if you have an email address associated with your website, you may want to enable “Spam Assassin and configure the options to fit your needs.
Files: Several things under this section of which you probably want to take advantage. Backups of your entire site is the best kind of security. You can create backups here. You can also ban people from loading files and retrieving their files from your server through anonymous FTP. FTP is file transfer protocol. Just disable it. If any hacker finds this FTP door open, they will let themselves in and turn your site into their play thing. Disable Anonymous FTP.
Logs: There is nothing here that you can enable, however the data that is available here, such as the ip addresses of all the computers that have visited your site (people, bots, and hackers) will be in these log files. If you scan the data, you know who is getting into, or trying to get into, your site. I recommend looking at these raw stats. Just don’t confuse these stats with Google Analytics or the like.
Security: While all of the options available in this section are worthwhile, I don’t recommend that basic users do much more than enable HotLink Protection to preserve their bandwidth. If you don’t do this people can link to you images and elements of your website and display your content on their sites while you are actually paying for the bandwidth they use to access and display it.
Domains: Don’t mess with this unless you know what you are doing. It really does not have much to do with basic security.
Databases: Again, don’t mess with these unless you know what you are doing. MySQL database injection malware resides in these databases, but unless you know what you are doing, just don’t mess with these.
Software/Services: Unless you know enough to install your own software, once again I don’t recommend doing much here. This is where most basic bloggy types access Fantastico and install WordPress.
Advanced: Unless you are advanced at cPanel configuration, I do not recommend accessing these functions.
Hope this helps someone. And really, if you don’t do anything else, disable anonymous FTP under the Files section. If someone else takes care of this part of the process of having a blog for you, talk to them about these things.