We do not many cases but there is always a website was hacked and asked the same questions, how was my website hacked? And how to protect them?
There are a few reasons for your website was hacked. Occasionally, we can only share the possibilities until further investigation like checking the log files.
It is difficult to eliminate totally but we suggest you protect them. This will make hacking difficult or not possible.
Hackers are looking for backdoors to penetrate your website, only if you can shut it, Here are some inexpensive ways to protect your website.
- updated script and plugins – if you are using WordPress, Joomla or similar, always have up-to-date CMS, plugins and the PHP.
- Limited your SQL connection or to local connection only.
- Restrict your administration login page.
- Use malware scanner to scan your website daily during off-peak.
- Use WAF like Sucuri Firewall, you update less often which is useful to some.
- Computers access to the website backend and control panel must install and scan by a good anti-virus/malware and up-to-date definition.
- Use Strong Password for all users.
- A penetration test. You can find a free solution online.
- Use mod_security cPHulk brute-Force or Fail2ban – these can be found in popular cPanel or Plesk Onyx.
- Use Firewall like CSF or APF. However, I don’t really recommend a software firewall. They can paralyse the website if you are under attacks while it takes resources from your server.
Lastly, you always have a backup copy can restore an up-to-date website.