There are 8 main rules on how to prevent you from attacking your website:

by Gaurav Gupta
To the clients of web hosting and web design we always recommend the following 8 rules to avoid attacks to your site and to lose your information.
-Always have a backup of your entire website and its databases.
-Change cPanel monthly password. Use strong passwords (with high and low Aa-Zz and special symbols), we recommend that you change passwords for all your email accounts as well. If you have access to your e-mail with a POP or IMAP email client such as Microsoft Outlook, change the configuration settings so that you know the correct password for each new account.
-Do not save passwords on the local machine in the document format or in your browser;
-Update all third-party scripts for the latest versions (e.g. Joomla, Word Press, Magento or any other CMS) Do not load your website with all the cool scripts, gadget, feature, function, and snippet you can find in the Web. Any of them could allow a hacker to attack your site. Before using anything new, read the vulnerability report that comes with scripts web.
-Enable Cloud Flare in cPanel Cloud Flare is a comprehensive security solution, which is designed to provide protection against multiple forms of malicious activity online, including: unwanted comments, email collection, SQL injection, cross-site scripting, hacking Credential, web software vulnerabilities and DDoS attacks (denial of service). Cloud Flare is enabled for our hosting clients at webhosting.com.bo
-Examine your own PHP or HTML code for security holes. The following PHP functions can be fooled to go looking for a malicious script from a remote server and run it as part of the script that is running: include ($ variable); Require ($ variable); Include once ($ variable); Require once ($ variable);
-Find and repair all the malicious changes that were made.
-Htaccess or cPanel> Block IP to block hacker HTTP access to your site If you have identified the hacker’s IP address, a site where you can see for more information about it is https://whois.domaintools.com/. You can ban the IP address of your site using your public_html / htaccess file. You need to put the following line in a part of the file that is not enclosed in HTML tags. Deny from 111.111.111.111 The 111 is the IP address to block. If the hacker returns with a different IP that is in the same IP range (that is, using the same ISP), it can block the entire range for a while, even though it carries the risk of banning legitimate visitors, as well.