Security measures on Web Hosting

Sometimes when visiting a website, the browser or antivirus software displays a warning about a potential threat. This usually means the site's files have been infected with malicious code.

Malware spreads by injecting <iframe> tags into index files or encoding itself using JavaScript. Attackers may also modify the .htaccess file to redirect visitors to malicious pages.

How sites get infected

Most attacks are automated: a list of websites running popular CMS platforms (WordPress, Joomla, and others) with known vulnerabilities is compiled, and malicious code is injected into their files at scale. This is why keeping your CMS and plugins up to date matters.

Another common vector is an infected local machine. Malware on a computer can intercept FTP credentials stored in FTP clients and send them to an attacker, who then uses them to access and modify site files directly.

Precautions

• Never store credentials in plain text or unprotected locations.
• Set correct file permissions: 644 for files, 755 for directories.
• Keep your CMS and all plugins up to date. Subscribe to security update notifications via email or RSS.
• Use long, complex passwords with non-default usernames, and change them regularly.
• Never save passwords in FTP clients — malware frequently targets stored credentials there.
• Use antivirus software and keep its definitions up to date.
• Install operating system updates as they are released.
• Avoid outdated browsers, especially Internet Explorer below version 7.
• Don't upload unknown scripts to your hosting account — nulled (pirated) premium plugins and themes often contain malware.
• Don't follow unknown links in emails, social networks, or messaging apps.
• Keep regular local backups of your websites.

If your site is already infected

Contact support to request a site restore from a backup. Once restored, change your FTP and database passwords, then update your CMS and all plugins to their latest versions.