I want to make and keep my website secure

At TransIP you can easily create your own website with, for example, WordPress or Joomla! You can of course also choose to build your website yourself.

Whatever you choose, it is important that your website is properly secured. This way you prevent malicious parties from misusing your website.

In this article we will give you some tips that will help you to make and keep your own website safe.

Update your website regularly

This is perhaps the most important tip we can give you. By keeping your website up-to-date, you prevent vulnerabilities of older versions of your website from being abused. It is recommended to check for updates to your website at least once a month.

WordPress

When using WordPress, it is important that you regularly check for updates for both WordPress itself and your plugins and themes.

Update WordPress: When you are logged in to the WordPress dashboard you will immediately see if there are updates available. Click on 'Dashboard' at the top left. If updates are available, you will see this next to 'Updates'.

Update WordPress plugins: Some plugins release a new update every week. We can imagine that you are not eager to check the plugins for updates every week.

You can therefore choose to automatically update your plug-ins by clicking 'Enable auto-updates' in the overview of installed plugins.

Update WordPress themes: Themes will not receive new updates so quickly, so here it is sufficient to occasionally consult your used theme to see if updates are available. Select your theme in your Dashboard and you will immediately see whether an update is available.

Joomla!

Are you using a Joomla! website? Then keep the updates of both Joomla! even if the used extensions in the holes.

Update Joomla!: When an update for Joomla! is available, you will see a notification of this on the Dashboard.

Update Joomla! extensions: The same goes for extensions. As soon as updates are available, you will receive a notification on your Dashboard. Then click on 'View Updates' to run it.

To run both types of extensions automatically, the separate extension 'Auto Update for Joomla' is also available.

Self-made websites or a different CMS

If you have built your website yourself, it is your responsibility to keep it up to date. If you have engaged a website builder for this, ask how they deal with updates to your website.

If you use a CMS other than WordPress or Joomla! before performing updates, we recommend that you consult the documentation of the CMS.

Plugins, themes and extensions

There are thousands of plugins, themes (WordPress) and extensions (Joomla!) available for your website. These plugins, themes and extensions are supported by the WordPress and Joomla! checked and are therefore usually the most reliable to use.

Take a good look at the reviews that are written for this. Based on this, you can quickly see whether a plug-in, theme or extension works properly and meets your requirements.

If you want to use a paid plugin, theme or extension, that is also possible. Please note that you purchase these via the developer's website and not from any random website that they also offer (for free). The latter is more often than not too good to be true, leaving you with malware or other unsafe software.

Captchas

If you use a contact form or a login page on your website, we recommend using a so-called Captcha. A Captcha is a check to prevent bots. For example, you prevent an abundance of login attempts being made and your website becomes temporarily inaccessible. A captcha on contact forms prevents them from being used for spam purposes.

There are numerous plugins (WordPress) and extensions (Joomla!) available to secure your website with a Captcha. If you use a custom website, you can also use reCaptcha from Google.

Tips

• For Wordpress, you have the choice to use WordFence, a security plugin that already takes many tasks out of your hands when it comes to security. You can find these on the Wordpress website.
   
• Unfortunately there is no easy solution like Wordfence available for Joomla, but you can find extensive documentation of what you can do to make the website more secure in the Joomla manual. Although the steps for Joomla! are slightly more technical in nature than with WordPress, you can achieve the same result with this.

Secure your control panel

We recommend that you keep your TransIP control panel safe in addition to your website. Therefore, do not only secure your control panel with a strong password, but also enable 2FA for an extra layer of security.

My website is infected

If your website is already infected, especially if this has already happened several times, a normal update is often no longer sufficient to solve the problem. In this case, check whether you are not using outdated plugins or themes, as you have already read above.

A manual update may already solve some issues. See here for how to do this with Wordpress. Unfortunately, there are no manuals for Joomla or other CMSs yet.

If even this doesn't solve the problem, we recommend restoring a backup of your website. If your website is hosted on one of our web hosting packages, you have free access to 30 backups over a 10-day period in the past.

You can read how to easily restore these backups in the article 'How do I use webhosting backups?'. Then make sure you choose a backup from a time when your website was still clean.

If updating your website or restoring a backup doesn't help, you can consider rebuilding your website from scratch as a last resort.

This can take a lot of time, but is ultimately the safest option to remove an infection with rogue files. Also check with a virus scanner whether your own PC does not contain any vulnerabilities.