Here are five easy, practical ways to keep your hosting account secure as your website grows.
1. Keep all software updated
Most small business owners use software like WordPress or Drupal to publish content and manage their website. If you run an ecommerce store, you might use an application such as osCommerce or Magento.
Over time, these scripts and applications are updated and revised by their developers. Often, these updates offer vital protection against bugs and security vulnerabilities. Keeping your software updated takes just minutes, but remember: repairing a hacked website could take far longer - or could be completely impossible, depending on the severity of the attack.
- To keep your data secure and ensure your website isn’t compromised by hackers, install security patches and updates as soon as they’re made available.
- Regularly check your plugins and add-ons for updates and install those too.
- Always back up databases before installing new updates - just in case something goes wrong.
2. Clean up your accounts
When you first set up your web hosting account, you’ll probably need to create multiple logins for things like FTP, email and database access.
Over time, as your website matures, your needs will change. Some of the accounts you created will become redundant. You may have provided co-workers or freelancers with accounts, then stopped working with those people, leaving their login details in limbo.
- Regularly review all of the user permissions and accounts in your web hosting control panel.
- Remove any users that are redundant to reduce the risk of someone hacking into your hosting account, or misusing a login that has been long forgotten.
- Remove any generic accounts that are no longer required.
3. Lockdown private files
Not all of the files uploaded to your web server will be intended for public access. You may upload project ideas, contracts and test data; you may also exchange security details or use your web server as a storage hub for archived material.
Over time, some of the data you’ve uploaded may be neglected or forgotten, and that could present a security problem. Allowing unauthorised access to sensitive client files is a major no-no.
- Use the tools in your host’s control panel to lock down access to files and directories that should be private, and periodically review security on any sensitive data.
- Use password protection settings on directories.
- Set rules via .htaccess files if you are comfortable with writing the syntax, but take care: a badly-written line in a .htaccess file can cause extensive problems with your website.
4. Practice good password etiquette
Most web hosting accounts are set up by a technician at the hosting company, and that person will provide you with multiple logins. You may be given one username and password for your control panel, one for your database(s), one for each email account, and a login for FTP.
Although it’s tempting to use the same password everywhere, don’t do it. Should a hacker gain access to your password in one part of the hosting account, s/he could theoretically wreak havoc with every part of your website, email accounts and more.
- Set all your passwords individually and use a mix of uppercase letters, lowercase letters, special characters and numbers.
- If you make a note of passwords, use a secure password vault from a reputable vendor.
- Every couple of months, change your passwords - and don’t use the same one twice.
5. Take regular backups
Despite every business’ best efforts, sometimes the worst happens. Hackers may find a way to access your website, even if you are vigilant, and the damage they cause may take days or weeks to fix.
Some web hosting companies back up customers’ files, folders and databases as a matter of course; some may offer backups as an extra, chargeable service. If you’re not sure whether your host offers this kind of protection, check their website or check out some independent hosting reviews to find out what their backup policy is.
- If your host offers backups, find out how easy they are to access and whether you have to pay to retrieve lost files.
- If your host doesn’t offer backups, get into the habit of regularly backing up your files and folders. Don’t forget to back up any MySQL databases and email mailboxes too.
- Your host’s control panel may offer backup tools to make the process easier, giving you complete peace of mind in the battle to secure your website.
Creating and developing a website involves a huge investment of time, and your website will quickly become a ‘shop window’ for your brand. It makes sense to ensure that your investment is protected. Regular backups are a must, but it’s also crucial to consider wider issues around security: protection against hacking, unauthorized access and strong passwords, for example. Although it isn't possible to completely insure against every attack or mishap, thinking ahead and securing your hosting account will help to ensure you are in the best possible position if the worst happens.