Keeping Your Website Secure
Security breaches can result in data loss, downtime, and reputational damage. Follow these best practices to protect your hosting account and website.
1. Use Strong Passwords
- Use at least 12 characters combining uppercase, lowercase, numbers, and symbols.
- Use a different password for your Ellebyte dashboard, cPanel, FTP, and database.
- Consider using a password manager (Bitwarden, 1Password).
2. Keep Software Updated
- Update WordPress core, themes, and plugins regularly. Most security breaches exploit outdated software.
- Remove unused themes and plugins — they are still attack vectors even when inactive.
- Enable automatic minor updates where possible.
3. Set Correct File Permissions
Incorrect permissions can allow attackers to read or modify your files.
- Directories:
755 - Files:
644 - Config files with passwords:
600(owner read/write only)
Set permissions in cPanel File Manager by right-clicking a file/folder and selecting Change Permissions.
4. Enable Two-Factor Authentication
Enable 2FA on your Ellebyte dashboard and cPanel for an extra layer of protection. Even if your password is stolen, attackers cannot log in without the second factor.
5. Regular Backups
Premium and VIP plans include daily backups. Always maintain an offsite backup as well. Use cPanel → Backup Wizard to download a full account backup.
6. Protect wp-admin (WordPress)
- Add an extra HTTP authentication layer to
/wp-adminvia cPanel → Directory Privacy. - Limit login attempts with a plugin like Limit Login Attempts Reloaded.
- Change the default admin username from "admin" to something unique.