there are 50 website i have hosted on go daddy share hosting server . i faced a problem that someone traverse my all websites index.php file and replace the content of index.php file with other content that shows message to user that "WEBSITE IS HACKED". all my websites were developed on core php language , but some of the website where build using wordpress CMS . when it happen first time , i didn't took it serius , i just edited the index.php file and again i put my own code . i had back-up of index.php and i put that content on server .
but after some time , it happen again and again , hacker was upload own index.php file in each of my server directory , even in my css,js and also in my images folder . i took it too seriously and here what i had done and then never it happen again :
seriously , if there is wordpress website on your share hosting server and also some other websites , you are taking a big rick . wordpress is free CMS , to build website in wordpress , you use third party free plugins that are very danger for security purpose . it may impact your other website also . so first of all , remove wordpress website , build it using own codes .
use .htaccess file and make other file as default home page . if a hacker place index.php file in your directory , then still this file is treated as useless file on your server , because there is no link with this file , user will never see the content of this file and never see the message as "your website hacked" . make the default index file name in such a way that no one can guess and upload the same file on your server .
.htaccess file is a file with no name , just only extension as .htacces , it contains the codes that tell the server that how to treat the url request on your website . here , how you can create a default index.php file as another file , in the example below , i'm showing you how you can create abc.php file as index.php file :
DirectoryIndex index.php abc.php
RewriteRule ^index.php abc.php [NC]
RewriteRule ^index.html abc.php [NC]
RewriteRule ^home abc.php [NC]
that't it , now abc.php file is your default index.php file
its really a very important point than above two , hosting company matter . actually i didn't changed because switching large amount of website to another hosting server is really very painful . if you have just 7-8 websites , you can switch , dont wait , because in future , it may be very critical situation , suppose u have 100 website running in server and all got hacked , to repair all these , it take much time . so do not wait , it may be hacked again and you have to invest a lots of time to repair all websites
check your all directory and remove the unknown file . these files contain danger codes when executed it can delete your files from server . so take a look in all your folders and make sure there is no miscellaneous files .
keep changing hosting,cpanel,and ftp accounts username and password in each 15 days . make it strong that no one can even guess . its also one of the important point . changing password in each 15 days is good for you .
when working with form , validate each input fields strongly . use captcha code in contact form . when giving file uploading permission to user , validate it 's type . make sure user uploading the same type of file that you are allowing in form . if validation not made, user can upload any kind of file and can execute the upload file on server , this will be very harmful .