To protect your website from attacks, you should regularly maintain your website and the applications behind it.
We have summarized the most important tips to be observed in this article.
Webhosting protection
Update your website
To guard against attacks, it’s important to keep all of your installations up-to-date, including the core installation and all plugins, extensions and themes. This applies to all content management systems (CMS), such as WordPress, Joomla!, Drupal, TYPO3, phpBB, Magento, etc.
Passwords
For maximum security, always use a secure password.
This should not be a readily comprehensible word; it should contain uppercase and lowercase letters as well as numbers/special characters; and it should be at least 8 characters long.
Two-factor authentication
You can additionally protect access to the Hostpoint Control Panel with your Hostpoint ID using two-factor authentication. This enables you to prevent unauthorised persons from accessing your contracts or services. You can find instructions on how to set this up here: Where do I activate two-factor authentication?
Unused web pages, plugins and themes
If you have created web pages and installed any plugins or themes that you no longer use, you should delete them. If one of these installations/components is obsolete and accessible via the web, a hacker could launch an attack from it.
Security plugins for your website
Depending on the application you are using, it is worth installing a firewall and a two-factor plugin. These help secure your website.
WordPress for example offers several tools:
Backups
If you perform regular local backups, you’ve already taken a big step. If something happens, you will be able to quickly restore your data (files and database).
This article shows you how to back up your data locally from your Hostpoint Control Panel: How do I create a backup?
If this happens, contact our Abuse Team to be on the safe side: abuse@hostpoint.ch.
Local protection
Operating system
Your locally installed operating system is an important element in the protection of your infrastructure and therefore your website too.
Regardless of the software maker, it is always important to use the latest version to prevent old security vulnerabilities from being exploited.
So make sure to regularly update your operating system. Many operating systems allow you to install these updates automatically.
Antivirus/Firewall
Antivirus protection is important for all operating systems.
Viruses can spread quickly on operating systems that are not up-to-date – this applies not only to Windows, but also to Apple macOS, for example.
Always install an antivirus program and firewall to prevent as many attack vectors as possible.
Software
All of the software you use (Office, e-mail client, etc.) must be updated on a regular basis.
Security vulnerabilities can crop up anywhere, and regular updates protect your software from being misuse.
Browser
You use your browser to directly access your website, server or e-mails. So it’s crucial that you close any security holes to protect them.
Older browser versions sometimes contain dangerous vulnerabilities, so always make sure to install all browser updates.
Free applications
You should not use software obtained for free (or that is normally subject to charge but offered free on unofficial websites). Or proceed with great caution at the very least.
These applications often include malicious code, which can harvest your password or install additional malware, for example.
So you should only install applications from official sources and consider whether an application is truly “free”, or whether it’s making money in some other way.
E-mail security and prevention
Mobile
If you have set up your e-mail account on a smartphone or tablet, it is important to keep the device up-to-date.
Just like a PC or Mac, an obsolete version may contain security holes that can be exploited by unknown parties.
Many reputable antivirus programs now offer versions for smartphones as well.
Unknown devices
If you are checking your e-mails from a device that does not belong to you, that is not up-to-date or has been manipulated in some way, it is possible that the data you enter may be copied!
You should avoid saving your passwords on such devices.
WLAN connections
Only use WLAN connections that are encrypted; unsecured networks can open the door for data theft.
When setting up an e-mail account, make sure that you always use TLS/SSL. The correct settings for your e-mail software can be found here: Enable SSL for Mailaccounts
Spam and phishing e-mails
The people sending these e-mails are trying to get their hands on information that will put money in their pockets, one way or another. Usually these e-mails include attachments containing viruses or links to manipulated websites.
Phishing e-mails often look deceptively real and come from known (yet faked) senders. An article on this topic can be found here: Fake E-Mails in circulation
For support requests please use this form instead.