Build. Hack. Play. It's just what we do.

Top 10 Ways to Protect Against People Hacking Your Hosting Account

If you own and run a website, one thing you have to watch out for is preventing your hosting account and website from being hacked. Even if your site is only a personal one, for family and friends, hackers do not care. “These nefarious people can use any type of website to their advantage, so you want to make sure that your site and hosting account is not vulnerable to hacks.”, says Chris Rodriguez of

Remember these 10 tips to keep your hosting account safe from hackers:

#1 Do Not Put Files Into Your Web Root (public_html) If They Are Not Being Used


Take out any old file and directory if you are not using them anymore. Many people just leave old files, directories and scripts on their site even when they are not using them. Hackers can use this information to hack into your site. So, look through your website folders once per month to make sure there is nothing sitting there that is no longer used.

#2 Get Rid of Subdomains You Do Not Need

Also, be sure to take out the directory that the content for the subdomain was stored in as well. Scammers really like to exploit scripts and related content to install phishing websites and then use the sites to collect private data. Or they will use your account to send out spam.

#3 Do Not Leave Files and Directories With Write/Execute Permissions in Web Root

People do not think much about it, but if you leave files and directories that are readable/writable by other users, that is extremely risky. Many hackers can exploit non­secured scripts to place/run files from your web hosting account.


#4 Behave As If All Scripts and Files Are Very Dangerous

You should behave as if all scripts on your hosting account are exploitable. Why? Because they are! Even a script that has gone through a lot of security testing can be exploited by a hacker. New bugs and flaws in security are found every day, and your secure script may not be anymore.


#5 Backup Your Data

Backing up data is crucial to the security of your website and hosting account. How often you are backing up will depend upon how much you change your content. If your site has forums and you do not want to lose those posts, you will probably want to back up the site daily. But if you do not have a lot of dynamic content, once a week or even once a month may suffice.


#6 Use Very Hard to Guess Passwords

The days of using ‘password123' as your password are over. You should make your password for your domain account hard to guess. Do not use obvious words or data that a hacker can guess such as your birthday, name of your dog, or God forbid your social security number. Your password should be long and have letters and numbers. Upper and lower case letters and even a symbol is a good idea too. Yes, it’s a pain, but password that is hard to crack will save you in the long run. Also, one last thing to note on passwords is that you should change your password monthly.


#7 Do Not Put Your Email Address on the Internet

If you have to put your email address in a public forum, make sure that spambots can’t grab it. To do this, write out your email in a way that humans will understand, but machines won’t. For instance, joseph AT website dot com


#8 Do Not Use a Contact Form

There are some contact scripts that are fairly secure, but hackers can figure out ways to send out spam emails with your form without you knowing about it.


#9 Do Not Set Up an Obvious Email Address

It makes sense to use an email such as, but hackers and spammers will grab those emails once they know your domain name is in use. Use the names of employees, or make it a little harder for the hackers, such as, or


#10 Set Your Default Email Address to:Fail

Many web hosts have the ability to stop hackers from finding all active email addresses in your hosting account. But you will need to set your default email address to :fail for this to work.


For more information about how to avoid problems with hackers, watch this helpful video on how hackers steal domain passwords

Share This Story