Every entrepreneur's nightmare is having their website hacked - not only for the security of client information, but also for the brand’s reputation. If you want to keep your website as safe as possible from hackers, you should take a closer look at your web hosting. After all, an attack occurs once every 39 seconds.
Web hosting is much more than simply choosing the cheapest provider that meets your needs for storage and bandwidth. It’s important to check with your hosting provider and understand their security procedures to ensure your website isn’t at risk for common security threats.
Want a full list of web hosting must-haves? Check out our secure web hosting cheat sheet.
1. Know your host’s backup and restore policies
Website backups are a key component of your website’s security plan. You should understand where your backups are located as well as the backup retention and restore policies. For example, is only the most recent nightly backup available or are there multiple restore points from hours, days, or months prior? The nitty-gritty can be confusing, but the retention policy (how many backups are taken and how long they are retained) is going to be highly important when you realize that you need to do a restore.
You also need to understand what level of support your hosting company is providing. Will they help you restore your website from backup, and what is their guaranteed turnaround time? By getting the scoop on these backup details, you won’t be floundering when a disaster happens and you need to restore a backup.
2. Clarify alerts and reports you’ll receive as part of network monitoring
Your host should be monitoring the network for any signs of trouble and sending you reports about any unusual activity. Make sure your contact information is updated for urgent alerts and you’ve clarified when you’ll receive reports about monitoring activity.
You should also ask about what specific type of monitoring they are performing. There is a big difference between basic ping monitoring, which all hosting companies should provide, and more advanced monitoring of specific protocols or services, such as HTTP/HTTPS monitoring and monitoring for successful access to a database on a routine basis.
When only using basic monitoring, it is common for a site to be reporting as up when in reality it is down because a specific component of the site is not working. Make sure you have coordinated with your web hosting provider the specific types of monitoring your site requires to ensure it is operating correctly.
3. Use and keep up-to-date SSL security certificates
Who’s in charge of making sure your SSL certificates are valid and updated? Sometimes this service isn’t included in web hosting services, so you need to make sure you are keeping an eye on this. It’s vital that you have SSL on your site to ensure all information moving between the server and your user’s computers is encrypted.
4. Ensure user permissions make sense
Don’t give everybody full admin permissions to the backend of your website just because it’s easier. All your user permissions should be limited so that it’s less likely a hacker has full access to your site if a specific user account is compromised. You can even set up certain parameters to prevent unusual activity, such as requiring SSH to log into the server, whitelisting specific IPs for maintenance, and disabling logins from the root user. (You can get a full list of actions on our secure web hosting cheat sheet.)
5. Keep up strict password policies
Passwords policies seem straightforward enough, but when pressed for time, most people don’t follow them. You’re playing with fire and asking to get hacked!
Enforce the security of your website by requiring mandatory passwords changes at least every 90 days, a secure password manager such as LastPass, and minimum length and character type password requirements. You should also be enforcing 2-factor authentication on the backend of your website so that if a password is compromised, there is a 2nd unique code that would be required to gain access, a code that the hacker would not have. We’ve written a how-to on how to add 2-factor authentication to your WordPress site here.
Our world has evolved and if you’re not paying attention to your web hosting, or hiring a company that manages it for you, you’re putting yourself at great business and financial risk. Make sure to tie up loose ends by talking to your tech team about implementing these security measures. By checking these protocols and creating your own organization strategy, you’ll better secure your web hosting.
Bonus: If you’d rather not worry about all the complexities of running a fast, secure, and reliable website, Onsharp offers secure, managed web hosting and we’d love to discuss with you how we can make your website more secure.
Download the PDF version
Click on the button below to download the PDF version of this blog post. Feel free to print or share with your business colleagues, or send them a link to this article.