Protecting your website against attacks is essential if you want to keep your project safe, reliable, and running without interruptions. In this article, we explain how to protect your website from hackers step by step, using tools available in your hosting plan with Bacan.com and simple best practices you can start applying today.
Why is it important to protect your site?
An unprotected website can become a victim of:
Code injection attacks (SQL, malicious scripts)
Unauthorized access
Spam and automated bots
File hijacking (ransomware)
Theft of user or customer data
An attack can take your site offline, damage your Google rankings, or even expose private information.
10 practical ways to protect your website
1. Install an SSL certificate (HTTPS)
This encrypts the information that enters and leaves your website.
-
At Bacan.com, you can activate a free SSL certificate with Let's Encrypt from cPanel or DirectAdmin:
DirectAdmin:
Home > Account Manager > Domain Setup > Select domain > SSL CertificatescPanel:
Security > SSL/TLS > Let's Encrypt
2. Always update your CMS and plugins
If you use WordPress, Joomla, Drupal, or any similar platform, keep everything up to date.
Many attacks take advantage of vulnerabilities in outdated plugins, themes, or templates.
3. Use strong, unique passwords
Do not use passwords like 123456 or admin2023. Create long passwords with letters, numbers, and symbols.
Example: gA7$dK!f9Lm*2024
You can also enable two-factor authentication (2FA) in cPanel or in your website administration system.
4. Enable hosting-based protection tools
At Bacan.com you have tools such as:
ModSecurity (web firewall): blocks suspicious requests automatically.
Hotlink protection: prevents other websites from using your images directly and consuming your bandwidth.
Password-protected directories: lets you restrict access to specific folders on your site.
5. Avoid nulled or pirated plugins and themes
These almost always come with backdoors, malware, or malicious code.
6. Make frequent backups
If something goes wrong, a backup copy can save your project.
You can create backups from cPanel or DirectAdmin.
You can also automate them, for example with Softaculous in WordPress.
7. Hide sensitive information
Avoid showing CMS versions on the frontend.
Remove files such as
readme.htmlandlicense.txt.Use correct file permissions, for example
644for files and755for folders.
8. Block suspicious access by IP
You can use your panel's IP manager to block repeated login attempts or IPs from countries where you do not operate.
9. Protect forms and comments
Use CAPTCHA or reCAPTCHA to stop bots in contact forms, signups, and comment sections.
10. Monitor your site regularly
Tools such as:
Wordfence for WordPress
Sucuri SiteCheck as a free online scanner
Softaculous Security Scanner in some control panels
help you detect malware, suspicious files, and unusual access patterns.
What if I have already been hacked?
Do not worry. At Bacan.com we can help you:
Restore your site from a backup
Review your account for malware
Apply preventive measures
Just open a ticket from your client area and our technical team will assist you.