Surpass Hosting

Quick Security Guide


Passwords: So simple yet so important

Never use the same password twice. If any password is found by a culprit, they will try to use it to access other areas of your website. Never use the same password for your cPanel for another password located in a config.php file for example. If a culprit finds a way to read such a file, they will try to use the found password to access your entire account. And keep passwords complex, they should look a bit like this: xU76&5k7


Stay up-to-date! Keep an eye on your PHP scripts

Make sure your applications are always upgraded to the newest versions. Blogs, shopping carts, photo albums, calendars and basically any PHP-based script will have a vulnerability at some point in its lifetime. Keep this in mind and sign up for security alerts if the programmer provides them. Websites for most applications have forums, blogs and newsletters by email to keep the userbase updated on any changes, patches and version releases. If you are unsure if the program you use has any security problems, do a search for it on


Keep blank index files in all directories

It is a good idea to keep a blank index.html file in directories so that the contents cannot be easily viewed on the web. You can also use the Index Manager in cPanel instead to do this. Keep all of your files and directories under wraps!


Not using it? Remove it!

Old installations are crime invitations! If you test out the latest and greatest tool for your site and decide not to use it, please uninstall it and remove all related files. It can be tempting to leave everything there and forget about it, but it's not a good idea in the long run. The latest will soon turn into the exploited.


What if your site becomes a crime scene?

If something has happened and spam has been sent out from your site, or if files were uploaded that are not yours, the first thing you should do is change all of your passwords. Next, look over your site for old installations and check the versions of all of your applications. Upgrade as necessary. The check Error Log in cPanel for any suspicious requests. Finally, ask our Abuse Division for help. They can check what IP addresses have been accessing your space and retrieve final clues.


The truth is, it can happen to anyone - even if you think you have been extra careful. It normally takes one small break-in to truly realize just how desperately scammers search the web for holes. Any site is at risk, please remember that. The key things to remember will always be the importance of different passwords and the upkeep of any PHP applications you choose to install. Scammers are easily outsmarted so let's keep them out!

© Copyright 2002-2019 Surpass Hosting, LLC. All rights reserved.