1. Always have a backup copy of your entire website and its databases.
2. Change cPanel password monthly. Please use strong passwords (with high and low register Aa-Zz and special symbols) and we recommend you to change the passwords for all your email accounts as well. If you access your email with a POP or IMAP email client such as Microsoft Outlook, change its configuration settings so it knows the correct new password for each account.
3. Do not store passwords on the local machine in document format or in your browser;
4. Update all third party scripts to latest versions (e.g. Joomla!, WordPress, Magentoo or any other CMS)
Don’t load your website with every cool script, gadget, feature, function, and code snippet you can find on the web. Any one of them could let a hacker into your site. Before you use something new, read its vulnerability report
5. Enable CloudFlare in cPanel
CloudFlare is a broad security solution that is designed to provide protection from many forms of malicious activity online including: comment spam, email harvesting, SQL injection, cross-site scripting, credential hacking, web software vulnerability and DDoS (denial of service) attacks.
6. Examine your own PHP or HTML code for security holes
The following PHP functions can be tricked into fetching a malicious script from a remote server and running it as part of the currently executing script:
7. Find and repair all the malicious changes that were made
8. Use .htaccess or cPanel > Deny IP to block the hacker’s HTTP access to your site
If you identified the hacker’s IP address, one site where you can look it up to get more information about it is http://whois.domaintools.com/.
You can ban the IP address from your site using your public_html/.htaccess file.
You need to insert the following line in a part of the file that is not enclosed in HTML-like tags.
deny from 18.104.22.168
The 111’s is the IP address to block.
If the hacker returns with a different IP that is in the same IP range (i.e. using the same ISP), you can block the whole range for a while, although that carries the risk of banning legitimate visitors, too.