When it comes to security, there are a few different ways in which you can protect yourself from malicious attacks and make sure your information is secure. One of the best ways is to make sure you have a secure password for every computer, website, email and account that you have online (see Best Practice: Creating a Secure Password). This article will outline a few best practices for protecting your website from compromise. In addition to the security measures outlined below, Liquid Web has security services that can be added on to your server to keep your sites secure, check them out on our website.

General Security Best Practices

Use and force https, even if you need to use a self-signed certificate.
An SSL Certificate helps to protect any sensitive information sent through your website. See our article Installing a Service SSL in cPanel to find out how to add one to your site. If you don’t have an SSL certificate, you can get a free certificate for your site. Find out how in our article Using Let’s Encrypt for SSL Encryption.
Create secure passwords for yourself and any additional users.
You can see our article Best Practice: Creating a Secure Password for best practices of setting a strong password.
Change passwords (admin and user) at regular intervals.
Changing passwords every 90 days is a good rule of thumb. You can also see our article Best Practices: Setting a Required Password Strength to make sure users are also using strong passwords.
Set your Symlink Protection in WHM to “on” in your Apache Settings if you have EasyApache 4.
In WHM, you can set this in the Apache Configuration section.
Make sure old backups/migrated copies of data are not public for download.
Hackers can access these host-spots of data if they are public, and many times, these contain sensitive data that attackers can use to exploit your site. A good rule of thumb when looking at your domain’s doc_root is, if you can download it, so can the attackers.
Maintain regularly scheduled backups in case of a security emergency and occasionally test your restoration process to make sure the backups are viable.

CMS Specific Best Practices

Make sure your CMS is up to date.
CMS developers regularly roll out updates to help keep your information and site secure from malicious compromise. It is important to make sure that you are using the most up-to-date version.
Keep themes, modules, plugins and templates up to date.
Even if you update the core CMS, files, themes, templates, modules, and plugins can all be subject to compromise if they are not kept up to date as well. Liquid Web provides Softaculous in cPanel to help you manage CMS updates and installations. See our article What Is a Content Management System (CMS)? for more information on how to safely update and install your CMS.
Limiting to one domain per cPanel account.
This will help prevent cross-site contamination. It is understandable that you may have a blog, store and forum for one site, but allowing more than one domain per cPanel account can cause issues. For example, if you have multiple WordPress or Joomla sites under one account, sites could be compromised and a hacker could gain access to folders containing other sites. If you want to separate an existing addon domain into its own cPanel account, see Converting an Addon Domain to a Separate CPanel Account.
Separate databases used for separate CMS installations/sites.
In the same way as having multiple CMS sites under a cPanel account, having databases that include more than one set of CMS data, the data can become compromised and access to other sites databases. In our article, Creating a cPanel User Account, you can see how to create accounts for each CMS site on your server.
Create separate unique users for database access.
You can add MySQL users to your database with individual permissions and logins. See our article, Creating a MySQL User for more information.
Harden your CMS to discourage attackers.
Both WordPress and Joomla have excellent resources on hardening your CMS. Take a look at Joomla’s Security Checklist and the WordPress Codex on Hardening for information on how to best protect your CMS.