According to WeLiveSecurity, during the first 4 months of 2022 there was a 20% increase, compared to the same period of the previous year, in the activity of computer threats.

These threats are of different types and do not distinguish between large and small sites. You may think that your site, however small, does not have a real attraction for cybercriminals and the truth is that you would be wrong.

Small websites are often used for multiple purposes, from injecting links in the event that your site has a good SEO position, through hosting code for cryptocurrency mining or simply to change its appearance, in the most innocent of ways. the cases.

Below, you will find the 8 most common threats that you can suffer in your hosting account.

1.- Insecure Passwords

Above all, for people who manage a good number of digital accounts, it can sometimes be annoying to establish strong passwords because of how difficult they are to remember, even with the use of some methods for memory fixation.

Many people use the same password to access different accounts, others remain fixed for a long time and others are simply too easy to discover.

The strongest passwords must meet a few requirements, such as:

●       Include letters and numbers.

●       Combine uppercase and lowercase letters.

●       Include special characters.

●       The length must be equal to or greater than 16 characters.

●       It must not have blank spaces.

Therefore, apply these criteria as soon as possible and change your passwords with certain frequency.

2.- Do not Change the Administration Username

Both Wordpress and cPanel set the popular admin as the default username. This is not only known, but also widely exploited by cyber attackers who only have the challenge of finding the password to access your website.

Among the most used techniques to know the password are the use of social engineering through emails, as well as brute force attacks with which they will try by trial and error.

So, changing the admin user name of both cPanel and Wordpress will help you make the attackers' job harder.

3.- Sites without HTTPS Certificates

When entering the electronic address of a site in a browser, it is possible to include the HTTP protocol, although it is not necessary. This protocol is always present and is responsible for serving web pages, but when it includes the letter S at the end, it indicates that the protocol is working with a security layer.

The S comes from an SSL or Secure Sockets Layer certificate, which is responsible for encrypting the data that travels through the network so that it cannot be understood by attackers, even if they manage to intercept it.

The use of SSL certificates is widespread on the web and is a trusted agent for the user, both knowledgeable and uninformed, as some browsers will label sites without this certificate as not secure.

Therefore, if you still do not have an SSL certificate, you can consult the support team of your hosting account to install it urgently.

4.- Don't Scan Your Website for Malicious Code

Some types of backdoor are injected code that allows the criminal to control the website that has been attacked. They are highly dangerous because:

1. They do not usually require a lot of space to fulfill the objective.
2. They are also not located in a specific place in the site storage.
3. The code can be a single line that doesn't draw attention to itself.

You can often find them in configuration files, plugin functions or even in plugins that are not active, but are hosted on your hosting account and in any corner within it.

They are frequently used to steal data, review files and access the digital accounts of compromised users.

There are a number of online tools you can use to detect malware on your website.

With this you can perform a first cleaning, but sometimes some codes are resistant so you will have to be much more thorough in the search for this code.

So it is important to combine this action with the use of firewalls or WAFs.

5.- Absence of a Support Policy

Backup policies are used to define how often and under what conditions the site will be backed up, capable of restoring service in the event of an attack.

Most hosting servers have automated tools for managing copies. But, it is not only important that you know them, but that you know how you can access them and also how you can make them yourself.

6.- Skip Update Requests

Some tools like Wordpress and its plugins often require the installation of updates to fix security holes that have been detected by their community.

If you skip these updates, you are leaving the door open for attackers to exploit the vulnerability and use your site for a purpose that is unclear to you.

The consequences would be the repercussions that it could have for your company, not only in economic terms but also in terms of trust and image that would affect future sales.

7.- Active File Edition Property

It is necessary to make sure that only authorized people can modify the content of your site, for this it is necessary to deactivate the edition of files. In Wordpress you can disable this editing by placing the wp-config.php file in public_html.

Open this file with the editor and add the following lines of code:

//disallow fileedit

'DISALLOW_FILE_EDIT', true

This will prevent attackers from changing your files.

8.- Have Directory Navigation Enabled

With this property active, anyone will be able to see the structure of your website. This is important information for the attacker since they will be able to choose where to store the malicious code so that it is less likely to be found or simply where to store it.

To avoid providing more data, locate the .htaccess file of your hosting, with the help of the File Manager of your cPanel, and include the code in the first line:

Options-Indexes

save and close.

This will increase the security of your website and reduce the risk of being attacked by cybercriminals.

Conclusions

Websites have suffered more attacks this year than in the past and both large and small sites have been subjected to this scourge. There are 8 common threats that can help your site get targeted by attackers:

1. Insecure passwords.
2. Do not change admin username.
3. Sites without HTTPS certificates.
4. Do not scan your site for malicious code.
5. Absence of a backup policy.
6. Ignore update requests.
7. Active file editing property.
8. Have directory browsing enabled.

Put these suggestions into practice in your hosting account and you will be able to avoid a bad time. If this content has been helpful to you, would you let me know? Thanks for your time ;-)