Now and then, the fear of getting a website hacked has been increasing day by day. There are millions of websites on the web, and many get hacked every day.
In the last couple of years, it's been a drastic change in the security majors. It's vital to take essential steps to secure your website.
Have you heard about Leeching and what's Leech protection? In a few public forums, you may have seen people posting their username and password to fix an issue for their website.
When you run a multi-user website, and any of the users post their username and password publicly, unauthorized visitors can use their credentials to access the secure area of your site, it's called leeching.
It's crucial to stop everyone from accessing all the sensitive directories of your website. It's better to offer limited access to your authors and contributors.
You will be happy to know that cPanel offers a solution to stop leeching by limiting the number of times a user can access the secure area of your website within a two-hour period.
In this tutorial, I am going to walk you through a simple process to enable leech protection for your site's directories.
Enable Leech Protection for the Secure Area
If we talk about leech protection a few years, it wasn't possible because not all web hosting companies were offering cPanel access to their users.
But now, almost every company provides access to cPanel, which is convenient to harden your site's security.
Let's have a look at the process to enable leech protection from cPanel.
As usual, log in to your cPanel account and search for the security section. You can easily find a Leech Protection icon, click to open.
On this new screen, you can see tons of directories to secure. You can enable leech protection for any of the directories.
For now, it's better to choose public_html, because all of your website's data is available in this directory. If you have an FTP account, make sure, you protect it.
Click on public_html.
This is the page, where you require to fill out all the information about enabling leech protection for your public_html directory.
- Number of Logins per Username Allowed in a 2-Hour Period (It's recommended to choose 4 login attempts, you can also pick two, the choice is yours.)
- URL to redirect Leech users to (The best idea is to redirect them to an error page, maybe a 404 error page. If you have created any custom error page, fill in its URL.)
- Fill in the email address, to which, you want an email notification whenever the leech protection redirects a user from the site. (Don't forget to tick the checkbox.)
- Disable Compromised Accounts (It's a great way to suspend the accounts of the users, who have shared their login credentials publicly.)
Click on Enable button.
At this page, you can see the notification, Leech Protection Enabled, with the details you have filled out on the previous page.
Congrats, you have successfully enabled leech protection for your public_html directory. Depending on your choice and the sensitive data you store, you should secure other directories, too.
You should also know that you can disable leech protection, whenever you wish. Just choose the directory, and instead of enabling, you can see disable button.
There is nothing complicated.
Is it Hard to Secure Your Website Directories
Every time a user tries to build a website, they may encounter so many issues because of the lack of security basics. Securing a website isn't as hard as people think.
If you search the web, you can find thousands of articles to use the advanced tricks to harden your website's security. But only a few articles mention leech protection.
If you keep trying to add more and more security layers, you can manage to have a secure website, without anyone's help.
When I started using cPanel, it was so confusing, but you ask today, I can confidently say that cPanel is one of the most accessible tools I have ever used.
The leech protection option is built-in, and you can enable it regardless of your website platform. Some people might use WordPress; others may have an interest in using Joomla.
Follow the steps and secure your sensitive data.