Security Tips for Your Hordanso Hosting Account

Knowledgebase

Here is a practical security checklist for every Hordanso hosting customer. Following these steps significantly reduces your risk of being hacked.

Account Security

Use a strong, unique password for your Hordanso client portal — at least 16 characters with letters, numbers, and symbols. Never reuse passwords from other sites
Enable Two-Factor Authentication (2FA) on your client portal — see How to Enable 2FA (SEC-04)
Enable 2FA on your cPanel account — cPanel has its own 2FA option under Preferences > Two-Factor Authentication
Never share your cPanel credentials with untrusted third parties. If a developer needs access, create a sub-account with limited permissions

Keep WordPress core, themes, and plugins updated — most hacks exploit outdated software
Delete unused themes and plugins — inactive plugins can still be exploited
Use a security plugin — Wordfence (free) or Sucuri provide firewall, malware scanning, and login protection
Change the WordPress admin username from admin to something unique — admin is the first username hackers try
Enable login attempt limits — Wordfence does this automatically
Use HTTPS for your site and enforce it in Settings > General by setting both URLs to https://

Run AutoSSL regularly — an expired SSL leaves your visitors exposed
Set correct file permissions: files to 644, directories to 755
Regularly check cPanel > Error Logs for unusual activity
Never upload files from unknown sources — always scan with a virus checker first

Create a manual backup before any major change (plugin update, theme change, code edit)
Download a full cPanel backup monthly and store it on your computer or Google Drive
Test your backups periodically — a backup you cannot restore is useless

Set up Google Search Console and check the Security Issues tab monthly
Enable email alerts in Wordfence for any detected threats
Watch for sudden traffic drops — a site being deindexed by Google after a hack often shows as a traffic crash