{"id":1353,"date":"2025-02-24T18:30:20","date_gmt":"2025-02-24T18:30:20","guid":{"rendered":"https:\/\/hosting-marketers.com\/news\/?p=1353"},"modified":"2025-02-24T19:41:46","modified_gmt":"2025-02-24T19:41:46","slug":"how-to-secure-your-wordpress-and-laravel-sites-on-a-hosting-marketers-shared-accounts","status":"publish","type":"post","link":"https:\/\/hosting-marketers.com\/news\/2025\/02\/24\/how-to-secure-your-wordpress-and-laravel-sites-on-a-hosting-marketers-shared-accounts\/","title":{"rendered":"How to Secure Your WordPress and Laravel Sites on a Hosting Marketers Shared Accounts"},"content":{"rendered":"\n

Website security is critical for protecting your data, preventing hacks, and ensuring your site runs smoothly. While your hosting provider has CSF Firewall<\/strong> to protect the server from external threats, securing your WordPress or Laravel site is your responsibility<\/strong>.<\/p>\n\n\n\n

Many hacks happen because of poor security practices<\/strong>\u2014such as outdated plugins, weak passwords, and misconfigured files. In this guide, we’ll walk through essential security measures<\/strong> and how to use the .htaccess<\/code> file<\/strong> to protect your site.<\/p>\n\n\n\n

\n\n\n\n

1. Understanding the .htaccess<\/code> File and Its Role in Security<\/strong><\/h2>\n\n\n\n

What is the .htaccess<\/code> File?<\/strong><\/h3>\n\n\n\n
    \n
  • The .htaccess<\/code> file (Hypertext Access) is a hidden configuration file<\/strong> used by Apache servers.<\/li>\n\n\n\n
  • It controls security settings, redirects, access restrictions, and caching<\/strong>.<\/li>\n\n\n\n
  • By default, it is hidden in the File Manager<\/strong>.<\/li>\n<\/ul>\n\n\n\n

    How to View the .htaccess<\/code> File in cPanel<\/strong><\/h3>\n\n\n\n
      \n
    1. Log in to cPanel<\/strong> and open the File Manager<\/strong>.<\/li>\n\n\n\n
    2. Navigate to your website\u2019s root directory (public_html<\/code> for WordPress, public\/<\/code> for Laravel).<\/li>\n\n\n\n
    3. Click the Settings<\/strong> button in the top-right corner.<\/li>\n\n\n\n
    4. Check the box “Show Hidden Files (dotfiles)”<\/strong>.<\/li>\n\n\n\n
    5. Click Save<\/strong>\u2014now you will see the .htaccess<\/code> file.<\/li>\n<\/ol>\n\n\n\n

      How .htaccess<\/code> Helps Secure Your Website<\/strong><\/h3>\n\n\n\n

      With .htaccess<\/code>, you can: ? <\/p>\n\n\n\n

      Block access to sensitive files<\/strong> (e.g., wp-config.php<\/code>, .env<\/code>).
      Disable directory browsing<\/strong> to prevent hackers from seeing your files.
      Prevent PHP execution in vulnerable folders<\/strong>.
      Restrict bot spam and brute-force attacks<\/strong>.<\/p>\n\n\n\n

      Let\u2019s explore how to use .htaccess<\/code> for better security.<\/p>\n\n\n\n

      \n\n\n\n

      2. Securing WordPress with .htaccess<\/code><\/strong><\/h2>\n\n\n\n

      Hackers target WordPress<\/strong> because of its popularity. With a few simple .htaccess<\/code> tweaks, you can make your site significantly more secure<\/strong>.<\/p>\n\n\n\n

      A. Restrict Access to wp-config.php<\/strong><\/h3>\n\n\n\n

      The wp-config.php<\/code> file contains database credentials<\/strong> and must be protected.<\/p>\n\n\n\n

      Solution:<\/strong> Add this to your .htaccess<\/code> file in the root directory (public_html<\/code>):<\/p>\n\n\n\n

      <Files wp-config.php>
          Require all denied
      <\/Files>
      <\/code><\/pre>\n\n\n\n
      This prevents unauthorized access<\/strong> to the most sensitive file in WordPress.<\/p>\n\n\n\n
      \n\n\n\n
      B. Disable Directory Browsing<\/strong><\/h3>\n\n\n\n
      If a hacker visits a folder without an index.php<\/code> file, they might see all the files inside<\/strong>.<\/p>\n\n\n\n
      Solution:<\/strong> Prevent this by adding:<\/p>\n\n\n\n
      Options All -Indexes
      <\/code><\/pre>\n\n\n\n
      Now, if someone tries to access a directory, they will see a 403 Forbidden error<\/strong> instead.<\/p>\n\n\n\n
      \n\n\n\n
      C. Block XML-RPC to Prevent Brute-Force Attacks<\/strong><\/h3>\n\n\n\n
      WordPress XML-RPC<\/strong> allows remote connections, but hackers exploit it for brute-force attacks<\/strong>.<\/p>\n\n\n\n
      Solution:<\/strong> Disable it with:<\/p>\n\n\n\n
      <Files xmlrpc.php>
          Require all denied
      <\/Files>
      <\/code><\/pre>\n\n\n\n
      If you don\u2019t use Jetpack<\/strong> or external WordPress apps, this should be disabled<\/strong>.<\/p>\n\n\n\n
      \n\n\n\n
      D. Restrict Access to wp-includes<\/strong><\/h3>\n\n\n\n
      The wp-includes<\/code> folder contains core WordPress files<\/strong>. Hackers try to inject malicious scripts here.<\/p>\n\n\n\n
      Solution:<\/strong> Block access by adding this to .htaccess<\/code> in the root directory:<\/p>\n\n\n\n
      <IfModule mod_rewrite.c>
          RewriteEngine On
          RewriteBase \/
          RewriteRule ^wp-includes\/ - [F,L]
      <\/IfModule>
      <\/code><\/pre>\n\n\n\n
      This prevents direct access to the wp-includes<\/code> folder.<\/p>\n\n\n\n
      If there is no .htaccess<\/code> file in wp-includes\/<\/code>, create one<\/strong> and add the above code.<\/p>\n\n\n\n
      \n\n\n\n
      E. Prevent PHP Execution in wp-content\/uploads<\/strong><\/h3>\n\n\n\n
      The wp-content\/uploads\/<\/code> folder stores images and files but should never execute PHP scripts<\/strong>.<\/p>\n\n\n\n
      If there is no .htaccess<\/code> file in wp-content\/uploads\/<\/code>, create one<\/strong> by:<\/p>\n\n\n\n
        \n
      1. Opening cPanel File Manager<\/strong>.<\/li>\n\n\n\n
      2. Navigating to<\/strong> \/wp-content\/uploads\/<\/code>.<\/li>\n\n\n\n
      3. Creating a new file<\/strong> named .htaccess<\/code>.<\/li>\n\n\n\n
      4. Adding this code:<\/strong><\/li>\n<\/ol>\n\n\n\n
        <FilesMatch \"\\.(php|phtml|php3|php4|php5|php7|php8)$\">
            Require all denied
        <\/FilesMatch>
        <\/code><\/pre>\n\n\n\n
        ?This ensures only media files can be accessed<\/strong>, preventing malware execution<\/strong>.<\/p>\n\n\n\n
        \n\n\n\n
        F. Prevent PHP Execution in wp-content<\/strong><\/h3>\n\n\n\n
        Some plugins store files inside wp-content\/<\/code>.<\/strong> Hackers may try to run PHP scripts in these directories<\/strong>.<\/p>\n\n\n\n
        ? If there is no .htaccess<\/code> file in wp-content\/<\/code>, create one<\/strong> and add:<\/p>\n\n\n\n
        <FilesMatch \"\\.(php|phtml|php3|php4|php5|php7|php8)$\">
            Require all denied
        <\/FilesMatch>
        <\/code><\/pre>\n\n\n\n
        This stops hackers from running unauthorized PHP scripts<\/strong> in wp-content\/<\/code>.<\/p>\n\n\n\n
        \n\n\n\n
        G. Set Up Browser Caching for Security & Performance<\/strong><\/h3>\n\n\n\n
        This prevents browsers from reloading unnecessary resources<\/strong>.<\/p>\n\n\n\n
        Solution:<\/strong> Add this to .htaccess<\/code> in the root directory:<\/p>\n\n\n\n
        <IfModule mod_expires.c>
            ExpiresActive on
            ExpiresByType text\/css \"access plus 1 year\"
            ExpiresByType image\/jpeg \"access plus 1 year\"
            ExpiresByType image\/png \"access plus 1 year\"
            ExpiresByType text\/javascript \"access plus 1 year\"
        <\/IfModule>
        <\/code><\/pre>\n\n\n\n
        This improves performance and security<\/strong>.<\/p>\n\n\n\n
        \n\n\n\n
        3. Best Practices for WordPress Security<\/strong><\/h2>\n\n\n\n
        Always Update WordPress, Plugins, and Themes<\/strong><\/h3>\n\n\n\n
          \n
        • Why?<\/strong> Outdated software is the #1 cause of hacks<\/strong>.<\/li>\n\n\n\n
        • How?<\/strong> Go to Dashboard > Updates<\/code> and update everything regularly.<\/li>\n\n\n\n
        • Enable automatic updates<\/strong> for security patches.<\/li>\n<\/ul>\n\n\n\n
          Delete Unused Plugins and Themes<\/strong><\/h3>\n\n\n\n
            \n
          • Inactive themes\/plugins<\/strong> can still be hacked.<\/li>\n\n\n\n
          • They consume server resources<\/strong> and increase security risks<\/strong>.<\/li>\n\n\n\n
          • Go to Appearance > Themes<\/code> and Plugins > Installed Plugins<\/code> to delete unused ones.<\/li>\n<\/ul>\n\n\n\n
            Use a Security Plugin<\/strong><\/h3>\n\n\n\n
              \n
            • Wordfence<\/strong>, iThemes Security<\/strong>, or Sucuri Security<\/strong> can:\n
                \n
              • Monitor login attempts<\/strong> and block suspicious activity<\/strong>.<\/li>\n\n\n\n
              • Scan for malware<\/strong>.<\/li>\n\n\n\n
              • Enable two-factor authentication (2FA)<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n
                \n\n\n\n
                4. Regular Backups: Your Last Line of Defense<\/strong><\/h2>\n\n\n\n
                No matter how secure your site is, always have backups<\/strong> in case something goes wrong.<\/p>\n\n\n\n
                Recommended Backup Methods:<\/strong><\/h3>\n\n\n\n
                  \n
                • cPanel > Backup Wizard<\/strong> (Manual backups).<\/li>\n\n\n\n
                • UpdraftPlus (WordPress Plugin)<\/strong> for automatic backups.<\/li>\n<\/ul>\n\n\n\n
                  \n\n\n\n
                  Final Thoughts<\/strong> For WordPress<\/h2>\n\n\n\n
                  Securing your WordPress website is not difficult<\/strong>, but it requires ongoing effort<\/strong>.<\/p>\n\n\n\n
                  Protect .htaccess<\/code>, wp-config.php<\/code>, .env<\/code><\/strong>
                  Disable unnecessary scripts (XML-RPC, directory browsing, PHP execution in storage)<\/strong>
                  Update regularly & delete unused themes\/plugins<\/strong>
                  Use security plugins (Wordfence, iThemes Security, Laravel Rate Limiting)<\/strong>
                  Perform regular backups<\/strong><\/p>\n\n\n\n
                  Even though your hosting provider, Hosting Marketers, has CSF Firewall<\/strong>, website security is your responsibility<\/strong>. Follow these best practices, and your site will be far less vulnerable to attacks<\/strong>.<\/p>\n\n\n\n


                  Securing Laravel Websites on Apache and Nginx Servers<\/strong><\/h1>\n\n\n\n
                  Laravel is one of the most secure PHP frameworks, but misconfigured settings, exposed files, and weak authentication<\/strong> can still lead to vulnerabilities. Whether you’re running Apache<\/strong> or Nginx<\/strong>, you must take extra security measures<\/strong> to protect your application.<\/p>\n\n\n\n
                  Your hosting server already has CSF Firewall<\/strong>, but you need to harden your Laravel application<\/strong> to prevent common attacks like SQL injection, file uploads, unauthorized access, and brute-force login attempts<\/strong>.<\/p>\n\n\n\n
                  \n\n\n\n
                  1. Protect the .env<\/code> File<\/strong><\/h2>\n\n\n\n
                  The .env<\/code> file stores database credentials, API keys, and application settings<\/strong>. If exposed, attackers can steal sensitive data and take over your site<\/strong>.<\/p>\n\n\n\n
                  For Apache (Add to .htaccess<\/code> in Laravel Root)<\/strong><\/h3>\n\n\n\n
                  ? If there is no .htaccess<\/code> file in the Laravel root directory, create one<\/strong> and add:<\/p>\n\n\n\n
                  <FilesMatch \"^\\.env$\">
                      Require all denied
                  <\/FilesMatch>
                  <\/code><\/pre>\n\n\n\n
                  For Nginx (Add to Server Block)<\/strong><\/h3>\n\n\n\n
                  For Nginx users<\/strong>, edit your site’s configuration file (e.g., \/etc\/nginx\/sites-available\/yourdomain.com<\/code>) and add:<\/p>\n\n\n\n
                  location ~ \/\\.env {
                      deny all;
                  }
                  <\/code><\/pre>\n\n\n\n
                  This ensures no one can access yourdomain.com\/.env<\/code><\/strong>.<\/p>\n\n\n\n
                  \n\n\n\n
                  2. Prevent PHP Execution in Storage and Public Uploads<\/strong><\/h2>\n\n\n\n
                  Laravel allows users to upload files, but hackers may try to upload malicious PHP scripts disguised as images<\/strong>.<\/p>\n\n\n\n
                  For Apache (Add .htaccess<\/code> to \/storage\/<\/code> and \/public\/uploads\/<\/code>)<\/strong><\/h3>\n\n\n\n
                  ? If there is no .htaccess<\/code> file in these directories, create one<\/strong> and add:<\/p>\n\n\n\n
                  <FilesMatch \"\\.(php|phtml|php3|php4|php5|php7|php8)$\">
                      Require all denied
                  <\/FilesMatch>
                  <\/code><\/pre>\n\n\n\n
                  For Nginx (Add to Server Block)<\/strong><\/h3>\n\n\n\n
                  For Nginx users<\/strong>, edit your site’s configuration file and add:<\/p>\n\n\n\n
                  location \/storage {
                      location ~* \\.php$ {
                          deny all;
                      }
                  }

                  location \/public\/uploads {
                      location ~* \\.php$ {
                          deny all;
                      }
                  }
                  <\/code><\/pre>\n\n\n\n
                  This stops hackers from running unauthorized PHP files inside storage and uploads folders<\/strong>.<\/p>\n\n\n\n
                  \n\n\n\n
                  3. Disable Debug Mode in Production<\/strong><\/h2>\n\n\n\n
                  By default, Laravel’s .env<\/code> file contains:<\/p>\n\n\n\n
                  APP_DEBUG=true
                  <\/code><\/pre>\n\n\n\n
                  Leaving APP_DEBUG<\/code> enabled in production can expose sensitive errors to hackers<\/strong>.<\/p>\n\n\n\n
                  Change it to false<\/code> in .env<\/code><\/strong>:<\/p>\n\n\n\n
                  APP_DEBUG=false
                  <\/code><\/pre>\n\n\n\n
                  This hides error messages<\/strong> that attackers could use to find vulnerabilities.<\/p>\n\n\n\n
                  \n\n\n\n
                  4. Implement Rate Limiting to Prevent Brute-Force Attacks<\/strong><\/h2>\n\n\n\n
                  Laravel has built-in rate limiting<\/strong> to prevent hackers from making multiple login attempts<\/strong>.<\/p>\n\n\n\n
                   In routes\/web.php<\/code>, apply rate limiting to login routes:<\/strong><\/p>\n\n\n\n
                  Route::middleware(['throttle:5,1'])->post('\/login', 'LoginController@login');
                  <\/code><\/pre>\n\n\n\n
                  This limits login attempts to 5 per minute<\/strong>, reducing brute-force risks.<\/p>\n\n\n\n
                  For Nginx: Limit Requests at the Server Level<\/strong><\/h3>\n\n\n\n
                  To further enhance security<\/strong>, add rate-limiting<\/strong> to your Nginx configuration:<\/p>\n\n\n\n
                  limit_req_zone $binary_remote_addr zone=login:10m rate=5r\/m;

                  server {
                      location \/login {
                          limit_req zone=login burst=10 nodelay;
                      }
                  }
                  <\/code><\/pre>\n\n\n\n
                  This prevents bots from hammering your login page with repeated requests<\/strong>.<\/p>\n\n\n\n
                  \n\n\n\n
                  5. Restrict Public Access to Laravel Folders<\/strong><\/h2>\n\n\n\n
                  By default, only the \/public\/<\/code> folder should be accessible<\/strong> to visitors. Exposing other folders like app\/<\/code>, storage\/<\/code>, and vendor\/<\/code> can lead to serious security risks<\/strong>.<\/p>\n\n\n\n
                  For Apache Users<\/strong><\/h3>\n\n\n\n
                  If Laravel is installed directly in public_html\/<\/code>, move all files except the \/public\/<\/code> folder to a subdirectory<\/strong>, such as:<\/p>\n\n\n\n
                  \/home\/youruser\/laravel_project\/
                  \/home\/youruser\/public_html\/  (Only contains Laravel\u2019s \/public folder)
                  <\/code><\/pre>\n\n\n\n
                  Then, edit index.php<\/code> inside \/public\/<\/code><\/strong>:<\/p>\n\n\n\n
                  require __DIR__.'\/..\/laravel_project\/bootstrap\/autoload.php';
                  $app = require_once __DIR__.'\/..\/laravel_project\/bootstrap\/app.php';
                  <\/code><\/pre>\n\n\n\n
                  This ensures only the public files are accessible<\/strong>, keeping your Laravel core files safe.<\/p>\n\n\n\n
                  For Nginx Users<\/strong><\/h3>\n\n\n\n
                  Edit your Nginx configuration and point the document root to the \/public\/<\/code> folder only<\/strong>:<\/p>\n\n\n\n
                  server {
                      listen 80;
                      server_name yourdomain.com;
                      root \/home\/youruser\/laravel_project\/public;

                      index index.php index.html index.htm;

                      location \/ {
                          try_files $uri $uri\/ \/index.php?$query_string;
                      }
                  }
                  <\/code><\/pre>\n\n\n\n
                  Now, only files inside \/public\/<\/code> are accessible<\/strong>, preventing unauthorized access to Laravel’s core files.<\/p>\n\n\n\n
                  \n\n\n\n
                  6. Force HTTPS for Secure Connections<\/strong><\/h2>\n\n\n\n
                  Always enforce HTTPS<\/strong> to prevent data interception<\/strong>.<\/p>\n\n\n\n
                  For Laravel (Edit app\/Providers\/AppServiceProvider.php<\/code>)<\/strong><\/h3>\n\n\n\n
                  public function boot()
                  {
                      if (config('app.env') === 'production') {
                          \\URL::forceScheme('https');
                      }
                  }
                  <\/code><\/pre>\n\n\n\n
                  For Nginx (Force Redirect to HTTPS)<\/strong><\/h3>\n\n\n\n
                  Edit your Nginx configuration file and add:<\/p>\n\n\n\n
                  server {
                      listen 80;
                      server_name yourdomain.com;
                      return 301 https:\/\/$host$request_uri;
                  }
                  <\/code><\/pre>\n\n\n\n
                  Now, all traffic is automatically redirected to HTTPS<\/strong>.<\/p>\n\n\n\n
                  \n\n\n\n
                  7. Remove Unused Packages & Keep Laravel Updated<\/strong><\/h2>\n\n\n\n
                  Unused packages increase security risks<\/strong>.<\/p>\n\n\n\n
                  Check for Unused Packages<\/strong><\/h3>\n\n\n\n
                  Run:<\/p>\n\n\n\n
                  composer show --all
                  <\/code><\/pre>\n\n\n\n
                  To remove an unused package:<\/p>\n\n\n\n
                  composer remove package-name
                  <\/code><\/pre>\n\n\n\n
                  Regular updates<\/strong> fix security vulnerabilities, so always run:<\/p>\n\n\n\n
                  composer update
                  <\/code><\/pre>\n\n\n\n
                  Keeping Laravel updated ensures your site stays protected against new threats!<\/strong><\/p>\n\n\n\n
                  \n\n\n\n
                  Final Thoughts<\/strong><\/h2>\n\n\n\n
                  Laravel is a secure framework<\/strong>, but misconfigured settings can expose your application to attacks<\/strong>.<\/p>\n\n\n\n
                  Summary of Key Security Steps:<\/strong><\/h3>\n\n\n\n
                  Protect .env<\/code> with .htaccess<\/code> (Apache) or Nginx rules<\/strong>
                  Disable PHP execution in storage\/<\/code> and public\/uploads\/<\/code><\/strong>
                  Turn off APP_DEBUG<\/code> in production<\/strong>
                  Enable rate limiting for login and API routes<\/strong>
                  Restrict access to core Laravel folders (Apache & Nginx)<\/strong>
                  Force HTTPS for secure connections<\/strong>
                  Regularly update Laravel and remove unused packages<\/strong><\/p>\n\n\n\n
                  By implementing these steps, your Laravel application will be far more secure<\/strong> against attacks! ?<\/p>\n","protected":false},"excerpt":{"rendered":"
                  Website security is critical for protecting your data, preventing hacks, and ensuring your site runs smoothly. While your hosting provider has CSF Firewall to protect the server from external threats, securing your WordPress or Laravel site is your responsibility. Many hacks happen because of poor security practices\u2014such as outdated plugins, weak passwords, and misconfigured files. […]<\/p>\n","protected":false},"author":1,"featured_media":1354,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[88,2,158],"tags":[206,207],"class_list":["post-1353","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-hosting-marketers-news","category-worpress-security","tag-websitesecurity-cybersecurity-onlinesafety-protectyourwebsite-securewebsites","tag-wordpresssecurity-wordpresstips-wpsecurity-wordpressprotection-securewordpress"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/02\/security.jpg?fit=1024%2C1024&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/p9Yxzd-lP","jetpack-related-posts":[{"id":1367,"url":"https:\/\/hosting-marketers.com\/news\/2025\/04\/15\/12-essential-steps-to-secure-your-laravel-website-on-cpanel\/","url_meta":{"origin":1353,"position":0},"title":"12 Essential Steps to Secure Your Laravel Website on cPanel","author":"Admin","date":"April 15, 2025","format":false,"excerpt":"Laravel is a powerful and flexible PHP framework \u2014 but with that power comes responsibility. If you're running your Laravel application on a cPanel server, securing your environment is critical. At Hosting Marketers, we use LiteSpeed, CloudLinux, CPGuard, and Cloudflare, providing a robust foundation \u2014 but the app itself must\u2026","rel":"","context":"In "security"","block_context":{"text":"security","link":"https:\/\/hosting-marketers.com\/news\/category\/security\/"},"img":{"alt_text":"Laravel security is not optional \u2014 and at Hosting Marketers, we make sure you start with the best protection possible. By combining strong server-level firewalls with smart application-level hardening, your Laravel website can stay one step ahead of hackers.","src":"https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_15_08-AM.png?fit=800%2C1200&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_15_08-AM.png?fit=800%2C1200&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_15_08-AM.png?fit=800%2C1200&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_15_08-AM.png?fit=800%2C1200&ssl=1&resize=700%2C400 2x"},"classes":[]},{"id":551,"url":"https:\/\/hosting-marketers.com\/news\/2015\/12\/10\/a-few-steps-to-protect-your-wordpress-from-hackers\/","url_meta":{"origin":1353,"position":1},"title":"a few steps to protect your wordpress from hackers","author":"Admin","date":"December 10, 2015","format":false,"excerpt":"1- Stay UPDATED \u00e2\u20ac\u201c Run the latest version of WordPress, and upgrade your plugins and themes as quick as possible. 2- Have a strong password. 3- Disable PHP Execution in Certain WordPress Directories \u00e2\u20ac\u201c This disables PHP execution in the upload directories and other directories of your choice. Basically so\u2026","rel":"","context":"In "worpress security"","block_context":{"text":"worpress security","link":"https:\/\/hosting-marketers.com\/news\/category\/worpress-security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1371,"url":"https:\/\/hosting-marketers.com\/news\/2025\/04\/15\/the-ultimate-wordpress-security-guide-for-cpanel-users-2025-edition\/","url_meta":{"origin":1353,"position":2},"title":"The Ultimate WordPress Security Guide for cPanel Users (2025 Edition)","author":"Admin","date":"April 15, 2025","format":false,"excerpt":"WordPress powers over 40% of all websites \u2014 which makes it a prime target for hackers. If you\u2019re hosting with cPanel and using WordPress, security should be your top priority. At Hosting Marketers, we give you the tools (LiteSpeed, CloudLinux, CPGuard, Cloudflare) \u2014 but here\u2019s what you need to do\u2026","rel":"","context":"In "security"","block_context":{"text":"security","link":"https:\/\/hosting-marketers.com\/news\/category\/security\/"},"img":{"alt_text":"Protect your WordPress site from hackers with this complete security guide. Learn how to harden your site using cPanel, PHP updates, file permissions, .htaccess rules, and best practices.","src":"https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_36_03-AM.png?fit=1200%2C800&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_36_03-AM.png?fit=1200%2C800&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_36_03-AM.png?fit=1200%2C800&ssl=1&resize=525%2C300 1.5x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_36_03-AM.png?fit=1200%2C800&ssl=1&resize=700%2C400 2x, https:\/\/i0.wp.com\/hosting-marketers.com\/news\/wp-content\/uploads\/2025\/04\/ChatGPT-Image-Apr-15-2025-06_36_03-AM.png?fit=1200%2C800&ssl=1&resize=1050%2C600 3x"},"classes":[]},{"id":429,"url":"https:\/\/hosting-marketers.com\/news\/2013\/12\/18\/time-zone-how-to-change-it-on-shared-cpanel-servers\/","url_meta":{"origin":1353,"position":3},"title":"Time Zone, how to change it on shared cpanel servers","author":"Admin","date":"December 18, 2013","format":false,"excerpt":"You cannot change it, not on a shared server, but it is possible to change it for your account by editing the PHP script or adding a line to the .htaccess file. You can change the time zone being displayed with a PHP script. (Unfortunately, I cannot tell you where\u2026","rel":"","context":"In "php time zones"","block_context":{"text":"php time zones","link":"https:\/\/hosting-marketers.com\/news\/category\/php-time-zones\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":138,"url":"https:\/\/hosting-marketers.com\/news\/2009\/11\/19\/register_globals-on-servers-with-suexec\/","url_meta":{"origin":1353,"position":4},"title":"register_globals on servers with SuExec","author":"Admin","date":"November 19, 2009","format":false,"excerpt":"First of all allowing register_globals on, on a server is real stupid, it is a security risk that no hosting company should accept, but sometimes for old scripts it is necessary to have it on, in this case should be enabled on the customer account on the .htaccess file or\u2026","rel":"","context":"In "Hosting Marketers News"","block_context":{"text":"Hosting Marketers News","link":"https:\/\/hosting-marketers.com\/news\/category\/hosting-marketers-news\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":184,"url":"https:\/\/hosting-marketers.com\/news\/2010\/11\/02\/what-to-do-when-your-site-is-hacked-or-when-you-arrive-at-your-site-you-this-warning-reported-attack-page\/","url_meta":{"origin":1353,"position":5},"title":"what to do when your site is hacked or when you arrive at your site you see this warning: Reported Attack Page!","author":"Admin","date":"November 2, 2010","format":false,"excerpt":"What to look for The three most common forms of badware that StopBadware sees on compromised sites are: 1. Malicious scripts 2. .htaccess redirects 3. Hidden iframes Malicious scripts Malicious scripts are often used to redirect site visitors to a different website and\/or load badware from another source. These scripts\u2026","rel":"","context":"In "Reported Attack Page!"","block_context":{"text":"Reported Attack Page!","link":"https:\/\/hosting-marketers.com\/news\/category\/reported-attack-page\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/posts\/1353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/comments?post=1353"}],"version-history":[{"count":6,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/posts\/1353\/revisions"}],"predecessor-version":[{"id":1365,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/posts\/1353\/revisions\/1365"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/media\/1354"}],"wp:attachment":[{"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/media?parent=1353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/categories?post=1353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hosting-marketers.com\/news\/wp-json\/wp\/v2\/tags?post=1353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}