How to keep your website secure and safe

The recent cPanel hack has made it clear we all need to be more vigilant in our website security.

8 May 2026 4 min read

This week a bug was reported with cPanel which acts as the hosting platform for millions of websites across the world.

If you are one of those people who were affected, typically if you are on shared hosting, then it really makes you think about how to keep your website secure in a world of increasing hacks and bots.

Over the last few weeks we have also experienced servers with high CPU usage, malware and other issues caused by spambots.

Unfortunately, it’s not something that will go away and with AI it is sure to just increase in complexity and number.

You can however take some measures to mitigate for the disastrous effects of down-time and unauthorised access to your site.

Doing so can make the journey to getting live again easier, and less stressful for you and your team.

For the purposes of this article we’re focusing on WordPress based websites since they are typically the most common but these recommendations could apply to other platforms too.

Make sure you have backups

We all remember this one when our data is compromised, yet it’s the most obvious one.

If something goes wrong, it’s really important you can revert back.

Not only that, but having a place where you can access your information even when your main site is down can be very helpful.

With backups it’s a good idea to have more than one also: a staging site, off-site backups, even a remote copy if you want to be vigilant.

Choose good quality hosting

Over the years we have tried all kinds of hosting from AWS, Cloudflare, Ionos, 123-Reg, Godaddy, Heart, Fasthosts and so many more.

For a simple, 4-5 page website, basic web hosting is sufficient.

However, if you have a high-traffic website, you are running PPC ads, or you are doing ecommerce, then do not skimp on good qualilty website hosting.

The extra money you might be saving will be wasted on time lost fixing your site, downtime, fixing bugs and errors, and a generally bad user experience for your customer.

Good quality webhosting will include daily/weekly/monthly backups, excellent customer support, and an easy to use admin panel which you can use to get your site back on its feet quickly.

Choose strong passwords

Very obvious again and you will be surprised how many clients still use <name>123! in as many places as they can.

Strong passwords – for admin, customers and other people who need to login will keep your systems secure and less prone to being compromised.

WordPress has some in-built functionality to enforce strong passwords.

Use 2FA

A great tool to keep your site secure is using 2 Factor Authentication which means as well as a password you will need to input a code sent to your device.

This can be sent via SMS, email or using an authentication app.

By ensuring everyone who needs uses 2FA it adds an extra layer of security to your site.

Use a Captcha service

We tend to opt for Google Captcha on our site as it’s free and fairly easy to add on.

There are other alternatives however and by adding these you can reduce the amount of spam which comes in via forms.

Doing something as simple as this can make a big difference between getting thousands of nonsense spam emails or not every morning.

Keep your plugins updated

WordPress websites which are not frequently updated can suffer from security issues so always keep an eye on this.

Especially important if you have a high-traffic site, make sure your website plugins and WordPress itself are up to date.

Sometimes updating plugins without care can cause your site to go down, so make sure you know what you asre doing.

If you don’t get in touch with someone who does.

Use Cloudflare

Cloudflare is a great tool for improving security on your site.

It acts as a layer between your server and the outside world, thereby filtering out a lot of bad traffic and helping keep your site secure.

Many large and small companies use Cloudflare, and the free version is very good in its own right.

Robots.txt rate limiting

A possible idea for when your site is hammered by bots.

Introduce rate limiting via your robots.txt file.

This sends out an instruction to handle bot traffic in a more manageable way, preventing server overload.

Sometimes small technical configurations can provide surprising solutions.

Don’t put your emails on your webserver

Finally, something we often see with cPanel hosted websites: your email accounts are on the same server.

In the past this was a reasonable way of saving money by not having to purchase extra email hosting.

In recent years it’s not a good idea.

If your server goes down, say goodbye to email access.

Also, email deliverability via webhosting is poor these days and we are regularly asking business clients to move to a larger provider.

What else can you do to improve website security?

We are aware that some of the above recommendations would not necessarily help if your hosting goes down.

It all depends on your budget and how important the website is to your business.

Other ideas could be:

  • Have fallback servers/load balancers
  • Move away from shared hosting to dedicated servers
  • Use monitoring to keep an eye on server uptime
  • Add-on more robust security tools, firewalls and detection software

Ultimately there are always things you can do to decrease the risk of your site going down.

Sometimes the issue is more about your setup rather than external factors only.

If you need help and advice please contact us and we can discuss further.

  0800 002 5152
  Castlemill, Dudley, DY4 7UF.
Contact Us