Skip to content
Help Center

How do I protect my site against hacker attacks?

Avoid attacks on your website with these 10 security measures. A practical guide to protecting your site from your hosting account with key tools and advice.

Protecting your website against attacks is essential if you want to keep your project safe, reliable, and running without interruptions. In this article, we explain how to protect your website from hackers step by step, using tools available in your hosting plan with Bacan.com and simple best practices you can start applying today.


Why is it important to protect your site?

An unprotected website can become a victim of:

  • Code injection attacks (SQL, malicious scripts)

  • Unauthorized access

  • Spam and automated bots

  • File hijacking (ransomware)

  • Theft of user or customer data

An attack can take your site offline, damage your Google rankings, or even expose private information.


10 practical ways to protect your website


1. Install an SSL certificate (HTTPS)

This encrypts the information that enters and leaves your website.

  • At Bacan.com, you can activate a free SSL certificate with Let's Encrypt from cPanel or DirectAdmin:

    DirectAdmin:
    Home > Account Manager > Domain Setup > Select domain > SSL Certificates

    cPanel:
    Security > SSL/TLS > Let's Encrypt


2. Always update your CMS and plugins

If you use WordPress, Joomla, Drupal, or any similar platform, keep everything up to date.

Many attacks take advantage of vulnerabilities in outdated plugins, themes, or templates.


3. Use strong, unique passwords

Do not use passwords like 123456 or admin2023. Create long passwords with letters, numbers, and symbols.

Example: gA7$dK!f9Lm*2024

You can also enable two-factor authentication (2FA) in cPanel or in your website administration system.


4. Enable hosting-based protection tools

At Bacan.com you have tools such as:

  • ModSecurity (web firewall): blocks suspicious requests automatically.

  • Hotlink protection: prevents other websites from using your images directly and consuming your bandwidth.

  • Password-protected directories: lets you restrict access to specific folders on your site.


5. Avoid nulled or pirated plugins and themes

These almost always come with backdoors, malware, or malicious code.


6. Make frequent backups

If something goes wrong, a backup copy can save your project.

  • You can create backups from cPanel or DirectAdmin.

  • You can also automate them, for example with Softaculous in WordPress.


7. Hide sensitive information

  • Avoid showing CMS versions on the frontend.

  • Remove files such as readme.html and license.txt.

  • Use correct file permissions, for example 644 for files and 755 for folders.


8. Block suspicious access by IP

You can use your panel's IP manager to block repeated login attempts or IPs from countries where you do not operate.


9. Protect forms and comments

Use CAPTCHA or reCAPTCHA to stop bots in contact forms, signups, and comment sections.


10. Monitor your site regularly

Tools such as:

  • Wordfence for WordPress

  • Sucuri SiteCheck as a free online scanner

  • Softaculous Security Scanner in some control panels

help you detect malware, suspicious files, and unusual access patterns.


What if I have already been hacked?

Do not worry. At Bacan.com we can help you:

  • Restore your site from a backup

  • Review your account for malware

  • Apply preventive measures

Just open a ticket from your client area and our technical team will assist you.