LyteHosting implements various security measures to protect our servers, helping to prevent unauthorized access to your account. However, breaches caused by weak passwords or vulnerabilities in the software you install cannot be prevented solely through general server security.
Understanding common security threats can enhance account security. It is crucial to take proactive measures and prepare for recovery in case of a breach.
What Security Measures Does LyteHosting Provide?
LyteHosting is protected against DDoS attacks (UDP flood). We enforce robust custom firewall rules and extensive mod security configurations to safeguard our servers from various threats. In cases of severe flooding, our data center activates network-level flood protection. Our data centers are highly secure facilities with restricted access. Additionally, we employ confidential security measures and best practices to enhance server protection.
What Security Measures Are My Responsibility?
When hosting your website with LyteHosting, you are responsible for:
- Maintaining strong password security
- Managing your account settings
- Keeping all installed website applications up to date
- Ensuring your site is free from malware
- Monitoring how your account is accessed and used
It is also your responsibility to ensure that scripts and programs installed on your account are secure, and that directory permissions are properly configured. We recommend setting directory permissions to be as restrictive as possible, preferably at 755 on Linux hosting accounts.
LyteHosting conducts routine audits to identify weak account passwords. If your password is flagged as vulnerable, you will receive a notification and must update it within a given timeframe. Failure to use a strong password may result in account suspension until compliance is met. A strong password should have at least eight characters, including one uppercase letter, one lowercase letter, one number, and one special character (e.g., "@"). Avoid using dictionary words or your username in passwords.
Understanding these responsibilities is vital, as compromised accounts may be disabled or terminated by our Terms of Service. Ignoring notifications about security issues could result in account suspension.
How Can I Enhance My Website Security?
LyteHosting recommends several steps to help secure your website and protect your account:
1. Update passwords regularly
Compromised passwords often result from brute-force attacks or keylogging malware.
- Brute-force attacks: Attackers use automated tools to guess passwords through repeated attempts. While our servers have protections in place, we strongly suggest creating complex passwords using at least three of the following character types:
- Uppercase letters (A-Z)
- Lowercase letters (a-z)
- Numbers (0-9)
- Special characters (-_.,!@#$%^&*)
Avoid reusing old passwords. Once compromised, a password remains unsafe indefinitely. If you revert to an old password, your account may become vulnerable again.
- Keyloggers and malware: Passwords can be stolen through malware that captures keystrokes or extracts saved credentials from FTP programs. To prevent this, run full virus and malware scans on all devices accessing your LyteHosting account.
2. Keep Scripts and CMS Installations Updated
Many security breaches occur due to outdated or vulnerable applications. To prevent such attacks:
- Regularly update CMS installations and associated themes, plugins, and extensions.
- Use built-in update features in CMS platforms whenever possible.
Resources for updates:
3. Regularly back up your website
Regular backups help restore your site in case of a security breach. LyteHosting provides weekly backups for Shared, Reseller, and VPS accounts as per our Backup Policy. You can also create your backups for added security. For automatic daily backups and version control, consider using CodeGuard, which protects against malware, hackers, and broken code.
Additional Security Measures
Use secure connections: Connect securely to your account via SFTP, FTPS, or secure cPanel login.
Set proper file permissions: On Linux hosting accounts, set file permissions to 644 and directory permissions to 755.
Remove unused scripts and databases: This minimizes vulnerabilities from outdated applications.
Move configuration files: Store sensitive files outside the public HTML directory to prevent unauthorized access.
Edit your php.ini file: Add the following lines:
register_globals = Off
display_error = Off
Avoid using proxy sites to access your account.
Use secure email connections: Enable SSL for POP3 or IMAP when sending sensitive data.
Avoid public or open Wi-Fi networks when accessing your account.