Like everything else in the world, to clean and protect a website there are certain information/tools required in order to get the job done – Just as we need utensils for cooking and preparing our lunch.
There are many ways in which a website can be accessed. However, we first need to understand the types of accesses available and their usability.
File Transfer Protocol (FTP Access)
Let’s start with probably the most popular one – this type of access allows us to transfer files between a server (host) and a computer client.
This type of connection is built on a client-server architecture and establishes two separate TCP connections:
- Command port; port 21 – Control connection to authenticate the user.
- Data port; port 20 – Data connection to transfer files/via host-to-host.
- Requires an authenticated user name and password to allow access.
- Can transfer large files.
- Files transferred to the host are stored on the host device.
There are different options by which you can connect to a website or hosting server via FTP. Firstly, an FTP account must be created for that specific website/server on the server itself. Usually, this is done via cPanel or some other server interface and then you can use software like FileZilla to establish an FTP connection. These programs make it super simple to establish a connection and transfer files. With this type of connection, the OneHourSiteFix team can in most cases properly scan and check all the website files.
To note…
When you initially connect via FTP, to authenticate you need a username and password. However, the data going between the web server and the FTP client is not encrypted, which means cybercriminals can basically eavesdrop on this channel and thus have access to sensitive information. For example, with a WordPress site, you could be transferring the wp-config.php file, which includes valuable info such as your database credentials – if a hacker were to get hold of this file, they would have everything they need to take over your WordPress site.
There are alternatives to FTP like SFTP and FTPS that have the goal of minimising or removing the security liability aspect of FTP. In short, SFTP stands for SSH File Transfer Protocol which indicates it is a subsystem of SSH (Secure Shell – more on this topic later in the text) and FTPS stands for FTP-SSL which indicates it corresponds to an FTP connection via an excerpted connection.
SSH Access (Secure Shell)
SSH allows us to remotely access a server through a secure channel in which all the information is encrypted so the info that goes through this channel is not readable, thus preventing third parties from discovering any sensitive data written during the entire session.
In addition to connecting and copying files securely, SSH allows us to:
- Simulate encrypted FTP sessions
- Manage RSA keys to avoid using passwords
- The TCP port assigned is usually 22.
- There are 2 versions of SSH, but today version 2 is more widely used as it has an improved key exchange algorithm that is not vulnerable to the security hole in version 1.
The image shows a typical command used in an SSH window. For Mac and Linux users SSH can be used directly from the terminal window. Meanwhile, Windows users need to have an SSH client. You can execute shell commands in the same way as you would if you were physically operating the remote computer.
The OneHourSiteFix team prefers this type of connection compared to FTP as it allows a faster, secure connection that usually has minimal restrictions, meaning they can really check the site and server in detail.
cPanel Access or Web Hosting Control Panel (WHCP)
These control panels facilitate everything within the hosting account. We could call it the friendliest way to control our site as it saves us from all the technical jargon and allows non-tech-savvy users to freely manage a server and a website thanks to its Graphical User Interface (GUI).
The control panel grants the users with buttons, links, and overall graphics in order to carry out tasks as follows:
- One-click software installation, e.g. WordPress app
- Domain, subdomain and subdirectories creation and management
- Email accounts management
- Database management
- User management
- File management
- Security management, etc.
Apart from this, Web Host Manager (WHM) provides full control of the dedicated server or VPS. Due to its wide array of features and ease of use, cPanel and WHM are very popular, especially among web hosting providers and developers alike.
Our OneHourSiteFix team prefers this type of access as it allows the widest range of options so that no matter what we find while cleaning the site or a server, we can with no time lost adjust our connection and fully protect the website.
Admin Panel Access
Website admin panel, e.g. WordPress admin is different from all of the above. Whilst previously described allow direct work on website or server files and configurations, an admin panel allows work only on the specific web installation. In most cases, it enables admins to create blogs posts or articles, to adjust their look and feel and in some cases even define eCommerce setups etc. These can be installed through cPanel with just one or two clicks, depending on your hosting provider. In short, the Content Management System (CMS) allows us to build a website without in-depth coding knowledge easily, but it will not allow you to access the bottom layer of code and files where the hacks are hidden.
Such access, although extremely useful when it comes to maintaining a website, is not sufficient when it comes to getting the site cleaned from hacks nor in case of some deeper coding issues. For these, some of the above-listed access types are needed.
Wrap Up
Finally, we hope that this brief article brought some light on the topic of connecting and managing a website. Each of these has a specific use, but in some scenarios can be substituted. Regardless of the type of access you use – it is always wise to fortify these details by using passwords difficult to decipher.
We Can Help Save Your Business
Author: Carlos Soto
SITE FIXED IN LESS THAN 1 HOUR
WordPress website defaced ? If we don’t fix a defaced website in less than 1 hour then we do it for FREE!. Luckily for us we are very good at fixing sites fast!
Leave A Comment