A few simple habits go a long way to keeping your website secure. Here's a checklist of the most impactful measures.
Strong Passwords
- Use a unique password for every account.
- Aim for at least 12 characters with a mix of case, numbers, and symbols.
- Use a password manager so you don't have to remember them.
- Enable two-factor authentication wherever available.
Keep Software Updated
- Keep your CMS, plugins, and themes up to date.
- Remove extensions and plugins you're no longer using.
- Turn on automatic updates where you can.
Use HTTPS
All websites hosted with us get a free SSL certificate automatically — see How to Install an SSL Certificate and Force HTTPS to verify it's working and force all traffic onto HTTPS.
Regular Backups
Your website is backed up automatically every 6 hours. For added safety, download a manual backup before making major changes — see Download and Upload Website Backups.
Correct File Permissions
- Directories:
755 - Files:
644 - Never set anything to
777.
Monitor Your Site
- Review error logs after making changes.
- Track failed login attempts on your admin area.
- Consider a reputable security plugin for your CMS.
Additional Protections
ModSecurity (our built-in web application firewall) is enabled by default on all sites. See How to Enable or Disable ModSecurity for more detail.
