WordPress security gets all the attention, but the server underneath it matters just as much. cPanel, your PHP version, SSL certificates, and email configuration are all attack surface — and they're easy to forget because they're not in the WordPress dashboard.
The checklist
- Run a supported PHP version — old PHP is unpatched and slow.
- Keep cPanel and server software current; apply security updates promptly.
- Force HTTPS and keep SSL certificates from lapsing.
- Lock down file permissions and disable directory listing.
- Configure SPF, DKIM, and DMARC so your email is trusted.
- Remove unused addon domains, databases, and email accounts.
- Review access logs regularly for unusual patterns.
Why it's worth the effort
Most of these take minutes and prevent the kind of problem that takes days to fix. A hardened server quietly absorbs attacks that would otherwise become outages.
When to call in help
If your site is already down, hacked, or eating bandwidth, every hour of guesswork costs money. Ximbalo runs a full diagnostic, finds the root cause, and gives you a clear repair estimate before any work begins.
Book a consult or request a $250 assessment from the homepage — we get you back online and hardened against the next attack.