| title | excerpt | updated |
|---|---|---|
How to secure your website? |
Find out how to make your website more secure |
2024-01-29 |
This guide will provide you with basic knowledge to ensure that your services are always available, protect your data integrity and secure the access to your solutions. It only applies to websites hosted on OVHcloud shared servers.
This guide is organised in stages in an increasing order of technical difficulty. The security of your site will be measured by the element concerning it that is least protected. We therefore recommend that you carry out all of the actions described here.
However, if you experience any difficulties completing some of these steps, please do not hesitate to contact the OVHcloud community or our partners.
Find out how to secure your website.
Warning
OVHcloud provides services that you are responsible for with regard to their configuration and management. It is therefore your responsibility to ensure that they function properly.
We have published this guide to assist you as much as we can with common tasks. We recommend contacting a specialist provider and/or getting in touch with the publisher of the interface or software if you encounter any difficulties. OVHcloud cannot assist you in this regard. You can find more information in the “Go further” section of this guide.
- an OVHcloud Web Hosting plan
- having the login details to access your hosting plan’s storage space
- access to the OVHcloud Control Panel
- access to the admin interface for your website{.external}
This first step is essential. Infecting your computer with a malicious software can potentially give to a dishonest person access to all of your keyboard input. As a result, the credentials you use to log in on your OVHcloud Control Panel or the admin interface for your website would be compromised.
In addition, the growing phenomenon of ransomwares{.external} (about 400 cases in France in 2020) may not only lead to the encryption of all your personal data, but also jeopardise your business by making all your data, devices and softwares inaccessible.
First, check the security of your Windows, Mac or Linux desktop:
- check your machine for updates;
- run a full scan of your desktop, after updating your antivirus/anti-malware software;
- change your desktop admin password regularly (for more information on how to create strong passwords, follow the instructions of this guide.
To secure your customer account, enable two-factor authentication and follow the instructions of this guide.
Remember to update your customer account informations and to add a backup email to your account.
In the event of your login details being lost and/or the primary email address for your OVHcloud customer account being unavailable, a backup email or updated personal information will be essential to help you regain access to your solutions.
[!primary]
Regularly backing up your data, no matter which solution you choose, is the most important security operation for you to make. It will always be possible to reinstall a software or order a set of new devices, but the recovery of data, once they have been deleted by mistake or after your hard drive has crashed, will rarely be possible.
OVHcloud regularly backs up your data on its infrastructure. However, a handling error such as a delete operation launched manually on a live database, or a non-renewal of your services, will result in the permanent loss of your data and all their backups.
Start by backing up the data that makes up your (FTP AND database files), following the instructions in this guide. Import them on your desktop or on an external device, such as a NAS server or an USB key.
Website management software (CMS) also provides the ability to install automatic backup plugins.
Check the official forums for your favourite CMS or contact the OVHcloud community.
Phishing emails are a security threat to your website because they can contain or lead to the installation of malwares. To learn how to recognise and protect yourself from them, see this guide.
If your services are not renewed, OVHcloud has the legal obligation to delete all data associated with your hosting plan, as well as all of their backups, when your subscription expires. We systemically send follow-up e-mails to our customers reminding them of their renewal dates before the end of their actual subscription.
However, these follow-up emails may arrive in your spam or you may have the email address associated with your OVHcloud account may have been typed incorrectly by mistake or may no longer be available.
If your website plays a major role in your professional activity, enable automatic renewal across all of your OVHcloud services.
We also recommend checking regularly the validity of the payment methods you have registered.
Check your website updates regularly, following the instructions in this guide.
Also remember to use a recent version of the PHP programming language on your hosting plan.
Set up an encrypted connection to your website using the HTTPS protocol by following this guide. By enabling this protocol, you can encrypt all of the information sent via your website (particularly data entered by your users on its forms).
Forms on websites ca be targeted by hackers/spammers. Protect your forms against their attacks by implementing CAPTCHA plugins on your website.
Add a security plugin recommended by the CMS publisher to your website:
- WordPress{.external}
- Joomla{.external}
- Drupal{.external}
- PrestaShop{.external}
In this step, you will need to log in to your FTP space. It involves technical skills to recognise possible malicious files on your web hosting. If you experience any difficulties with this verification, please do not hesitate to contact our partners.
If you have any doubts regarding the safety of data within your FTP server, please also carry out the checks in step 1 once again and change the password on your FTP space.
As said in the step 2 of this guide, to regurlaly perform backups of your website’s data (FTP files and database) is the most important security action for you to make regarding website.
But even having backups of your website on your desktop can not be considered as sufficient: you also need to test theses backups (especially the databases) to ensure that they will work properly the day you need them.
You can perform these tests locally, for example by importing your data on WAMP{.external}. Then you need also to be sure that you configure your WAMP server with the same parameters than OVHcloud web hosting servers.
You can also create a test version of your website (e.g.: test.mydomain.tld) within another folder in your FTP server (you can still use a basic template).
The .htaccess file is an Apache configuration (HTTP) file that is run by your Web Hosting plan’s Web server. With it, you can notably:
-
protect a directory or your website’s administration interface by attaching it to a .htpasswd file; The .htaccess file is an Apache configuration (HTTP) file that is run by your Web Hosting plan’s web server. With it, you can notably:
-
Protect a directory or your website’s administration interface by attaching it to a .htpasswd file.
What to do if your WordPress site is hacked
Responding when your hosting is deactivated for security purposes
For specialised services (SEO, development, etc.), contact your OVHcloud partners.
Join our community of users.