Step 1 Keep software up to date
It may seem obvious, but ensuring you keep all software up to date is vital in keeping your website secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them. If website is built with open source software like wordpress, joola, prestashop etc. keep the all plugins and modules up to date.
Step 2 Beware Fake error messages
Be careful with how much information you give away in your error messages.
If you have a login form on your website you should think about the language you use to communicate failure when attempting logins. You should use generic messages like “Incorrect username or password” as not to specify when a user got half of the query right.
If an attacker tries a brute force attack to get a username and password and the error message gives away when one of the fields are correct then the attacker knows he has one of the fields and can concentrate on the other field.
Stet 3 Create a Backup
Create a manual backup of your website. This is very time consuming method for big website. login to Cpanel via FTP client like Filezila and download all the folder of your website in your PC drive.
Another way to take backup of website, ask your website hosting provider. Most of hosting providers keeps backup all the data till last week. In this way you will only lose the data of maximum one week.
Step 4 Try To Hack Your Website
Using the first technique described, he can hack the URL query string and cause an error to be displayed. You can do a simple test to hack into your own website via the URL querystring.
Step 5 Set Permissions
On the Linux operating system, permissions are view able as a three digit code where each digit is an integer between 0-7. The first digit represents permissions for the owner of the file, the second digit represents permissions for anyone assigned to the group that owns the file, and the third digit represents permissions for everyone else.
The assignations work as follows: 4 equals Read 2 equals Write 1 equals Execute 0 equals no permissions for that user As an example, take the permission code “644.” In this case, a “6” (or “4+2″) in the first position gives the file’s owner the ability to read and write the file. The “4” in the second and third positions means that both group users and internet users at large can read the file only – protecting the file from unexpected manipulations.
For more details about permissions
Read the following article or see the video for more details in permissions .what is permission and how it works.
To set your file permissions, log in to your cPanel’s File Manager or connect to your server via FTP. Once inside, you’ll see a list of your existing file permissions (as in the following example generated using the Filezilla FTP program): The final column in this example displays the folder and file permissions currently assigned to the website’s content. To change these permissions in Filezilla, simply right click the folder or file in question and select the “File permissions” option. Doing so will launch a screen that allows you to assign different permissions using a series of checkboxes Although your web host’s or FTP program’s backend might look slightly different, the basic process for changing permissions remains the same. If you have any questions about modifying your folder and file permissions.