Support article
How to prevent your website from being hacked
Learn practical ways to keep your website from being hacked with a secure device, strong passwords, backups, SSL and updates.
Introduction
Preventing a website from being hacked does not depend only on the server. It also depends on your passwords, your computer, the CMS you use and your maintenance habits.
At miHosting, security measures are applied on the servers, but if an attacker steals your credentials from your device or takes advantage of an old plugin, your website can still be compromised.
What a malicious hacker is
A malicious hacker is a person who uses technical knowledge to access systems, websites or accounts without permission. They may be looking for data, money, reputation, server resources or simply a way to use your website to attack others.
Why someone would attack your website
A website may be attacked in order to:
- Steal data.
- Send spam.
- Create phishing pages.
- Distribute malware.
- Redirect visitors.
- Damage your reputation.
- Use hosting resources.
- Demand a ransom for files.
Your website does not need to be large to become a target. Many attacks are automated.
Your computer also needs to be secure
If your PC has malware, your WordPress, FTP, email or control panel passwords can be stolen.
To protect it:
- Update the operating system and programs.
- Use antivirus and anti-malware tools.
- Enable the firewall.
- Do not install pirated software.
- Review browser extensions.
- Scan the device if you notice slowness or strange behavior.
How to know whether your computer was hacked
Common signs:
- Sudden slowness.
- Programs opening by themselves.
- Browser changes.
- Strange connections.
- Emails sent without permission.
- Passwords that stop working.
- Alerts about unknown logins.
If you suspect an infection, clean the device before changing passwords.
How to protect your website
Keep everything updated
Update WordPress, Prestashop, Joomla or the CMS you use, along with plugins, themes and modules.
Use strong passwords
Avoid passwords based on dictionary words. Use long, unique passwords.
Enable 2FA
Two-factor authentication reduces the risk if someone gets your password.
Make regular backups
miHosting creates backups, but it is still a good idea to keep your own copies too, especially before major changes.
Use SSL
An SSL certificate encrypts communication between the user and your website.
Use your hosting security tools
Depending on your panel or service, you may have measures such as:
- A web application firewall.
- IP blocking.
- Password-protected directories.
- Access rules.
- Server-side anti-malware systems.
At miHosting, real protection does not depend on a single measure. Server security is combined with detection, blocking and isolation tools to reduce risk.
Review permissions
As a general rule:
Files: 644
Directories: 755
Delete what you do not use
Remove old CMS installs, abandoned plugins, disabled themes and test folders.
Protect forms
Use CAPTCHA to reduce bots and form abuse.
Hide sensitive information
Avoid showing CMS versions, remove unnecessary files such as readme.html or license.txt, and make sure old copies or forgotten installs are not left exposed.
What happens if your website is suspended for security reasons
If a website is suspended because of a security issue, it is usually done to protect visitors and the server. This may happen if malware, phishing, spam or dangerous activity is detected.
In that case, open a support ticket so the situation can be reviewed.
Useful tips
- Do not use
adminas the username if you can avoid it. - Do not share passwords by email.
- Change passwords when a collaboration ends.
- Review administrator users.
- Keep an external copy of the website.
- Do not use templates from doubtful sources.
- Install only what you really need.
- Review access, files and unexpected changes regularly.
Frequently asked questions
Can I still be hacked even if my hosting has security
Yes. If your passwords are stolen or your CMS is vulnerable, the risk still exists.
What should I do if my website was already hacked
Change passwords, clean the device, review users, restore a clean copy and update everything.
Does a backup remove the problem
It can recover the website, but you still need to fix the cause of the attack.
Why do hackers attack small websites
Because many attacks are automated and look for any vulnerable website.
Conclusion
To prevent your website from being hacked, combine hosting security with good practices: a clean device, strong passwords, updates, backups, SSL and regular review.