How to secure your website?
Learn how to make your website more secure
Learn how to make your website more secure
Last updated 10th December 2021
This guide will provide you with basic knowledge to ensure that your services are always available, protect your data integrity and secure the access to your solutions. It only applies to websites hosted on OVHcloud shared servers.
This guide is organised in stages in an increasing order of technical difficulty. The security of your site will be measured by the element concerning it that is least protected. We therefore recommend that you carry out all of the actions described here.
However, if you experience any difficulties completing some of these steps, please do not hesitate to contact the OVHcloud community or our partners.
Find out how to secure your website.
OVHcloud provides services that you are responsible for with regard to their configuration and management. It is therefore your responsibility to ensure that they function properly.
We have published this guide to assist you as much as we can with common tasks. We recommend contacting a specialist provider and/or getting in touch with the publisher of the interface or software if you encounter any difficulties. OVHcloud cannot assist you in this regard. You can find more information in the “Go further” section of this guide.
This first step is essential. Infecting your computer with a malicious software can potentially give to a dishonest person access to all of your keyboard input. As a result, the credentials you use to log in on your OVHcloud Control Panel or the admin interface for your website would be compromised.
In addition, the growing phenomenon of ransomwares (about 400 cases in France in 2020) may not only lead to the encryption of all your personal data, but also jeopardise your business by making all your data, devices and softwares inaccessible.
First, check the security of your Windows, Mac or Linux desktop:
Remember to update your customer account informations and to add a backup email to your account.
In the event of your login details being lost and/or the primary email address for your OVHcloud customer account being unavailable, a backup email or updated personal information will be essential to help you regain access to your solutions.
Regularly backing up your data, no matter which solution you choose, is the most important security operation for you to make. It will always be possible to reinstall a software or order a set of new devices, but the recovery of data, once they have been deleted by mistake or after your hard drive has crashed, will rarely be possible.
OVHcloud regularly backs up your data on its infrastructure. However, a handling error such as a delete operation launched manually on a live database, or a non-renewal of your services, will result in the permanent loss of your data and all their backups.
Start by backing up the data that makes up your (FTP AND database files), following the instructions in this guide for FTP files and this one for the database. Import them on your desktop or on an external device, such as a NAS server or an USB key.
Website management software (CMS) also provides the ability to install automatic backup plugins.
Check the official forums for your favourite CMS or contact the OVHcloud community.
Phishing emails are a security threat to your website because they can contain or lead to the installation of malwares. To learn how to recognise and protect yourself from them, see this guide.
If your services are not renewed, OVHcloud has the legal obligation to delete all data associated with your hosting plan, as well as all of their backups, when your subscription expires. We systemically send follow-up e-mails to our customers reminding them of their renewal dates before the end of their actual subscription.
However, these follow-up emails may arrive in your spam or you may have the email address associated with your OVHcloud account may have been typed incorrectly by mistake or may no longer be available.
If your website plays a major role in your professional activity, enable automatic renewal across all of your OVHcloud services.
We also recommend checking regularly the validity of the payment methods you have registered.
Check your website updates regularly, following the instructions in this guide.
Also remember to use a recent version of the PHP programming language on your hosting plan.
Set up an encrypted connection to your website using the HTTPS protocol by following this guide. By enabling this protocol, you can encrypt all of the information sent via your website (particularly data entered by your users on its forms).
Forms on websites can be targeted by hackers/spammers. Protect your forms against their attacks by implementing CAPTCHA plugins on your website.
Add a security plugin recommended by the CMS publisher to your website:
In this step, you will need to log in to your FTP space. It involves technical skills to recognise possible malicious files on your web hosting. If you experience any difficulties with this verification, please do not hesitate to contact our partners.
But even having backups of your website on your desktop can not be considered as sufficient: you also need to test theses backups (especially the databases) to ensure that they will work properly the day you need them.
You can perform these tests locally, for example by importing your data on WAMP. Then you need also to be sure that you configure your WAMP server with the same parameters than OVHcloud web hosting servers.
You can also create a test version of your website (e.g.: test.mydomain.tld) within another folder in your FTP server (you can still use a basic template).
For specialised services (SEO, development, etc.), contact your OVHcloud partners.
If you would like assistance using and configuring your OVHcloud solutions, please refer to our support offers.
Join our community of users on https://community.ovh.com/en/.
Please feel free to give any suggestions in order to improve this documentation.
Whether your feedback is about images, content, or structure, please share it, so that we can improve it together.
Your support requests will not be processed via this form. To do this, please use the "Create a ticket" form.
Thank you. Your feedback has been received.
Access your community space. Ask questions, search for information, post content, and interact with other OVHcloud Community members.Discuss with the OVHcloud community