NavigationContentFooter
Jump toSuggest an edit
Was this page helpful?

Understanding security measures on a shared hosting

Reviewed on 30 June 2025Published on 30 June 2025

Your Web Hosting plan is on a shared server, meaning multiple websites are hosted on the same physical machine. While we have strong protections in place to isolate client environments, you are still responsible for some configurations.

This page teaches you about security best practices and how to secure your space properly.

General best practicesLink to this anchor

  • Choose a strong password for your account and update it regularly
  • Use unique usernames and passwords for each account and service
  • Back up your data manually or using the backup hosting option to prevent loss in case of technical issues
  • Use the security features provided by your control panel, such as SSL/TLS certificates
  • Keep your software and plugins up-to-date for the highest level of security
  • Enable the two-factor authentication feature provided by cPanel
  • Limit access to files and databases to prevent abuses
  • Contact our support team if you have any questions or issues

Dedicated IP addressesLink to this anchor

By default, your hosting plan uses a shared IP address, meaning that the same IP is used by multiple clients on the same server. In case of abuse (if another client sends spam, for example), the shared IP can be blacklisted by other providers, which can block all data coming from the server, thus preventing outgoing mail from being sent.

To avoid this, Scaleway offers a dedicated IP option:

  • You get a unique IP address used only by your hosting
  • You control your own reputation (especially for email delivery)

File and folder permission settingsLink to this anchor

You can also keep your website secure by correctly setting file and folder permissions.

Standard filesLink to this anchor

File permissions for files such as HTML, CSS, JavaScript, images, etc. should all be set to 644. A permission of 644 means that the owner of the file will read and write permissions, while other users will only have read permissions.

FoldersLink to this anchor

Permissions for folders should be set at 755, meaning that the owner of the file has every right on the folder, while other users can only read and execute the folder but not alter it.

Sensitive filesLink to this anchor

Sensitive files such as configuration files (.env files, or wp-config.php files for WordPress) should only be accessible by the owner. As such, they should be set to permissions 600.

PHP scriptsLink to this anchor

It is recommended to set PHP scripts to the 755 permissions. In some cases, 744 can be used to restrict execution to the owner of the script only.

Note

It is essential to review these permissions regularly to make sure that your hosting is not accessible to other users, and has not been compromised.

Was this page helpful?
API DocsScaleway consoleDedibox consoleScaleway LearningScaleway.comPricingBlogCareers
© 2023-2025 – Scaleway