Dear Esteemed Client,
This is to inform you that we are updating php/ mysql patches to latest versions, so we recommend you to update all scripts on your website within the next 72hrs to avoid any issues with your hosting account on our platforms.
Here are a few tips for securing your hosting account:
1. Ensure that all database configurations for your account are using a custom generated user and password combination and that this information is not stored in plain text if at all possible.
2. Do not ever use your cPanel username and password to access your databases for your site as that is an extreme security risk.
3. Ensure that all scripts (such as WordPress, Joomla!, Drupal and the like), plugins/modules/components are updated to the most recent released version as new versions are released primarily to address known security vulnerabilities in these scripts.
4. Change the permissions for all configuration files (such as wp-config.php or configuration.php) to 600 or 400 (either read only for the user only, or read and write for the user only), that way the file is only readable and editable for the user.
5. Disable any and all plugins that you are not using and/or are not critical to your site. Plugins that you're not using can lead to compromises later as they are likely to be forgotten and thus not updated and can also lead to resource issues with your site as well.
6. If you have an images directory, add this code to the .htaccess in there to prevent execution of scripts in that directory, as malware is often added in there.
7. Back your site up daily; either via your host or one of the many trusted WordPress backup plugins such as VaultPress, BackupBuddy, BackWPup, BlogVault, etc.
8. Never use the default “admin” username.
9. Create a unique and difficult password that contains upper-case and lower-case letters, numbers and symbols. Avoid any permutations of your name or the name of your site. The more random the better.
10. Secure your wp-config.php file.
11. Hide your username.
12. Hide your version of WordPress.
13. Limit login attempts.
14. Disable file editing in the dashboard by adding the following to your wp-config.php file: define( ‘DISALLOW_FILE_EDIT’, true);
16. Install WordPress File Monitor Plus to receive notifications every time your files are edited.
17. Always use SFTP when logging in to your site via an FTP client or your hosting panel.
Please let us know if you require further assistance or information and thanks for your continuous business.
Monday, August 24, 2015