Where can I move my stuff that might be more secure?

[DDSvpsHost]

So I thought of a scenario that could be of assistance:

Supposing I have about ten sites on a Hosting account but they all keep getting hacked (at the same time!) Where can I move my stuff that might be more secure?

Supposing they're all wordpress sites for clients and they go down every couple of weeks even though I make sure I clean out the vulnerabilities, do scans, firewall via plugins, correct file permissions, hardened htaccess, etc etc.
This is getting frustrating and exhausting. I heard Cpanel can also be a source of vulnerabilities.

Any ideas? Thanks in advance

 

[SIG]

How come your websites get hacked so many times?

There is something wrong with them or with the server you host them on.

If you are sure that all of your website are secure, then your server has issues - ask the support team from your hosting to check it out and fix it. If you know how to fix vulnerabilities and other security related stuff, I don't see any other problem, except your server is not configured correctly and is vulnerable to exploits.

WordPress, plugins and themes need to updated as soon as new updates come out.

Keep an eye on sites which expose the exploits and vulnerabilities like [URLnf="https://packetstormsecurity.com"]this[/URLnf]

But unfortunately 0day vulns cannot be discovered ASAP.

 

[professorrosado]

If you use Wordfence, you should be able to monitor the attacks and know where they are coming from.

Your wording leads me to think that you may be reinstalling the sites using some backup? The backup may be infected (database).

I would wipe everything off that account and first secure cPanel with mod_security, password change complete including emails, FTP, etc.

Set up completely new WP installs and install all security plugins, set and just sit and monitor these skeleton sites for the next 2-3 weeks to see if you are still getting attacked. Use this time period to harden your security and skills in WP security. If after a reasonable period, you are not hacked, then you can begin to build out your sites again - I wouldn't use any back up at all.

Set up a regular password change period for your whole cPanel account, FTP and emails.
Do the same for each WP install - regular periodic password and user changes.
Monitor your security plugin monitoring features daily and respond quickly to probing into your site and backend (sorry for the unintentional pun).

 

[RDO Servers]

A website itself having a exploitable hole is the number 1 reason for sites getting hacked. However, the fact that all of your site's are getting jacket at the same time is also reason for concern.

Where are you hosting your sites? Shared account, reseller, VPS, or dedicated?

If your not already, I would move to a reseller account. Then put each site is a different customer account as this will help keeping them isolated from the other sites.

Also make sure your account info, ftp, control panel, etc is secured. Update all passwords with a long randomly generated password and don't use the same password for everything.

Less likely, but also possible is you have a Trojan or key logger on your PC that is sending the hackers your logins as soon as you login. Make sure you do a scan on your PC.