I recently had two of my sites hacked one of them was using WordPress and this happened about six months ago, so I was thinking that it was because I was using WP with a poor user name and password, two days ago the other one was also hacked and on this one I’m not using WP, I also had a poor Cpanel password (5 letter password). So after this I will start using strong passwords but I was wondering if this is really where the hacker got into my site.
I would like to understand more about web security because right now all I know is that a strong password needs to be used and that’s it.
1 - What are the different ways a hacker can get into my server?
2 - What are the steps on securing your server, or is this something the host company takes care off?
3 - What are the general steps setting up a new site for the first time to make sure it will be secured (I know nothing is 100% secured)?
4 - Where can I get more information on web security? Is there a good book that you guys recommend?
Thanks a lot!