With malware attacks increasing by 385% in 2020, site security is more important than ever. However, keeping your site safe from ransomware, malware, and other malicious activity can be a challenging and time-consuming task.
Fortunately, there are many ways to protect your website from the threat of malware and other cybersecurity issues. Many hosting providers enable customers to configure a range of site security settings using the popular Linux control dashboard cPanel.
In this post, we’ll explain what website security is and why it’s important. We’ll also provide seven actionable tips that you can use to improve your site security and protect your website with cPanel. Ready? Let’s get started!
Why Protecting Your Website Is Important
It takes time and money to create a high-quality website for your business. However, without the right level of security, you could be putting your site at risk.
According to cybersecurity statistics published by Forbes, one in three Americans have been a victim of ransomware attacks, and only five percent of companies ensure that their folders are properly protected. That’s why it’s so important for site owners to take steps to secure their websites on a regular basis.
However, although protecting against cybercrime is one of the main benefits of maintaining good site security protocols, there are also some other benefits, including:
- It helps to keep your employees safe. In the same way that your website can be at risk of malware attacks, your workers can be too. Viruses can pass from device to device. Therefore, if your site becomes infected, the devices your team members use to access the site may become compromised too.
- It can prevent your website from going down. Site owners should aim for as little website downtime as possible. Good cybersecurity measures can help you achieve this. By putting protective measures in place before attacks happen, you can prevent malware from causing issues that make you take your site offline to fix them.
- It can inspire confidence in your customers. For online businesses, reputation is everything, even when it comes to your website. By following good cybersecurity protocols and sharing this with your customers, you can help them feel safe and secure when using your site.
Next, we’ll take a look at cPanel, a commonly used control panel for WordPress sites. You can use it to make your website more secure without investing in any expensive plugins.
A Brief Introduction to cPanel
cPanel is a control application that enables you to carry out server tasks for your WordPress website:
It isn’t the only application of this type available, but it’s the most commonly used Linux control panel. cPanel provides users with an easy-to-use interface for carrying out essential server-side maintenance tasks, including:
- File management
- Database management
- Email management
- Site backups
It can make your site easier to manage due to its automated processes and 24/7 support team. As such, it could be worth considering if you’re looking to save time and effort on your website management.
There are also several ways in which you can use cPanel to enhance cybersecurity. Next, we’ll take a look at some of the things you can do to protect your website with this application.
How to Protect Your Website With cPanel (7 Essential Tips)
There are many site security plugins that you can use to enhance your cybersecurity. However, many of these are premium plugins that aren’t available for free. By using cPanel, you can secure your website using tools already at your disposal, so you don’t have to spend a penny. Here are our top seven tips for protecting your website with cPanel.
1. Update cPanel Regularly
Outdated elements on your website can lead to serious vulnerabilities. This is also true for cPanel. If it isn’t up to date, you could be leaving your site open to attacks and breaches.
Additionally, you could be missing out on access to new security features by using an outdated version. Updates are used to fix bugs, add new features, and improve the security of cPanel. As such, it could be a good idea to ensure that you are always using the latest version of the software.
The good news is that keeping cPanel up to date is fairly easy. Depending on your hosting package, you may not need to manually update it at all, as the system administrators may take care of it for you.
If you do need to update it manually, start by logging into WebHost Manager (WHM). In the upper right corner of the main WHM screen, you should be able to see the current version of cPanel you’re running:
If a new version is available, you’ll also see a box just underneath this giving you the option to Update Now. All you have to do is click on this and wait for it to finish upgrading (it might take a while). Note that the Update Now box isn’t visible in the image above, as we’re currently already running the latest stable build.
2. Choose Strong Passwords and Regularly Update Them
It’s imperative to ensure that all of your site entry points are protected by strong passwords. Without secure passwords in place, seasoned cybercriminals can easily infiltrate your site and install malware.
Thankfully, with cPanel, it’s easy for you to reset your password. It even comes with a password generator to help you protect your site using strong credentials. To keep your site as safe as possible, it’s recommended that you change all passwords on a regular basis. Configuring them around once a month is usually sufficient.
To change your cPanel password, log in and head to the Preferences tab, then click on Passwords and Security:
Next, you’ll be prompted to input your old password, as well as your new updated password. You’ll also see a score that tells you how weak or strong your credentials are. If your chosen password is too weak, you might want to click on Password Generator instead. This will automatically generate a new, stronger login:
Once you’ve done that, copy the generated password and paste it into the New Password field. Also, be sure to save it in a secure location that you can access in case you forget it and need a reminder.
When you’re ready, click on Save Password Now! Once you’ve done that, your update should be complete, and you can start using your new credentials.
3. Password Protect Your Vulnerable Directories
In addition to having a strong password for your cPanel account, it’s equally important to password protect your vulnerable directories. Doing this in cPanel enables you to limit access to certain content for specific users.
Once you’ve added password protection to a directory, your site will prompt visitors to enter a username and password in their web browsers before they can access it. This helps to keep sensitive content secure from unauthorized access.
To add password protection to a directory, start by logging into cPanel. Next, scroll down to the Files section and click on Directory Privacy:
Here, you should be able to see a list of all your directories. Click on Edit next to the name of the folder you want to protect. On the next page, tick the box next to the text that says Password protect this directory. Then, type in a name for the protected directory below and click on Save:
Once you’ve done that, you should see a brief ‘success’ message. Click on Go Back, then enter a Username and Password in the appropriate text boxes, and then click on Save.
Note: You can also automatically generate a strong password by clicking on the Password Generator button:
If you ever want to remove the password protection, repeat the steps above to navigate to the directory again. Then, clear the Password protect this directory checkbox.
4. Enable cPHulk Brute-Force Protection
cPHulk is another useful service provided by cPanel that helps to protect your server against brute force attacks. These attacks involve an attacker using an automated system to attempt to guess your username and passwords by repeatedly trying different combinations in rapid succession.
Using cPHulk through cPanel will enable you to block the IP address or accounts exhibiting suspicious behavior automatically. This prevents attackers from carrying out any further attempts to log in, thus preventing them from gaining unauthorized access and installing malware on your site.
To enable CPHulk Brite-Force protection, you’ll first need to log in to WHM. From there, navigate to Security Center in the left-hand sidebar, and click on cPHulk Brute Force Protection:
Next, you can toggle the button to ON to enable cPHulk protection:
Once it’s enabled, you can tweak the Configuration Settings. For example, you can specify how many failed login attempts are required to lock IP addresses out, and how long they should be locked out for. Once you’re done making changes, click on Save:
Note that aside from Configuration Settings, several other tabs are available on this page: Whitelist Management, Blacklist Management, and History Reports.
You can whitelist and blacklist certain IP addresses manually by navigating to the appropriate tab. This is useful in certain circumstances. For example, it may be a good idea to whitelist your own IP to avoid a lockout from your server.
If you ever need to see a log of what actions cPHulk has taken, you can do so by clicking on the History Reports tab.
5. Protect Against Hotlinking
Hotlinking (sometimes called ‘direct linking’) refers to when another website links out directly to content hosted on your website, such as image files. When visitors to their website load the page, your site serves the image files they see. This allows the other website to effectively ‘steal’ your bandwidth and use it to show pictures to their visitors.
Naturally, this is something you’ll probably want to avoid. Fortunately, you can do so easily. All you have to do is configure hotlink protection using cPanel. Here’s how to go about it.
First, log in to cPanel and scroll down to the Security section. Then, click on the Hotlink Protection icon:
On the next page, you can toggle Hotlink protection ON or OFF. You can also change your configuration settings. For example, you might want to specify certain URLs that are allowed to access your files (cPanel will automatically populate this box with suggested local URLs):
Next, you can also specify the specific file extensions you want to block direct access to by adding them to the Block direct access for the following extensions box (make sure you separate each file extension by a comma):
Again, the above box should be automatically pre-populated with commonly hotlinked file extensions. However, you might want to add extra file extensions that aren’t already included.
You can also add a URL to the Redirect requests to the following URL text box:
This will serve users from blocked sites with the specified URL page instead of the hotlinked file. Once you’re done making changes to the settings, just click on Submit.
6. Utilize Patchman by SITELOCK
Patchman is a really useful security service that helps to prevent your site from being hacked. Once installed, it will automatically scan your website for malware. If it detects any potential threats, it immediately emails you to notify you of them. If you don’t resolve the issue within 24 hours, Patchman will quarantine the affected files to protect your site:
Not only that, but Patchman also detects whether your WordPress, Drupa, or Joomla installation requires patching. Again, it will notify you of this by email and automatically apply the patch if you don’t fix it yourself within a week.
However, if you want to manage your settings or carry out specific administrative tasks, you can do so by accessing the Patchman dashboard.
7. Use Secure Shell File Transfer Protocol (SFTP)
SFTP stands for Secure Shell File Transfer Protocol. As the name suggests, it’s a secure version of the regular File Transfer Protocol (FTP). It uses the Secure Shell protocol to encrypt transfers.
If you didn’t already know, FTP is how you transfer files between your computer and your hosting server to make them accessible to the public and vice-versa. These files are often confidential and may include sensitive data such as usernames and passwords.
The problem is that the original FTP protocol doesn’t encrypt this data, which leaves it vulnerable to interception by attackers. If you want to prevent hackers from getting access to your data, it’s recommended that you encrypt it by using STFP instead.
In order to transfer files using SFTP, you’ll need your main cPanel account’s private key for authentication. To find it, log in to cPanel and scroll down to the Security section. Then, click on SSH Access: