Want a full list of web hosting must-haves? Check out our secure web hosting cheat sheet.
Website backups are a key component of your website’s security plan. You should understand where your backups are located as well as the backup retention and restore policies. For example, is only the most recent nightly backup available or are there multiple restore points from hours, days, or months prior? The nitty-gritty can be confusing, but the retention policy (how many backups are taken and how long they are retained) is going to be highly important when you realize that you need to do a restore.
You also need to understand what level of support your hosting company is providing. Will they help you restore your website from backup, and what is their guaranteed turnaround time? By getting the scoop on these backup details, you won’t be floundering when a disaster happens and you need to restore a backup.
Your host should be monitoring the network for any signs of trouble and sending you reports about any unusual activity. Make sure your contact information is updated for urgent alerts and you’ve clarified when you’ll receive reports about monitoring activity.
You should also ask about what specific type of monitoring they are performing. There is a big difference between basic ping monitoring, which all hosting companies should provide, and more advanced monitoring of specific protocols or services, such as HTTP/HTTPS monitoring and monitoring for successful access to a database on a routine basis.
When only using basic monitoring, it is common for a site to be reporting as up when in reality it is down because a specific component of the site is not working. Make sure you have coordinated with your web hosting provider the specific types of monitoring your site requires to ensure it is operating correctly.
Who’s in charge of making sure your SSL certificates are valid and updated? Sometimes this service isn’t included in web hosting services, so you need to make sure you are keeping an eye on this. It’s vital that you have SSL on your site to ensure all information moving between the server and your user’s computers is encrypted.
Don’t give everybody full admin permissions to the backend of your website just because it’s easier. All your user permissions should be limited so that it’s less likely a hacker has full access to your site if a specific user account is compromised. You can even set up certain parameters to prevent unusual activity, such as requiring SSH to log into the server, whitelisting specific IPs for maintenance, and disabling logins from the root user. (You can get a full list of actions on our secure web hosting cheat sheet.)
Passwords policies seem straightforward enough, but when pressed for time, most people don’t follow them. You’re playing with fire and asking to get hacked!
Enforce the security of your website by requiring mandatory passwords changes at least every 90 days, a secure password manager such as LastPass, and minimum length and character type password requirements. You should also be enforcing 2-factor authentication on the backend of your website so that if a password is compromised, there is a 2nd unique code that would be required to gain access, a code that the hacker would not have. We’ve written a how-to on how to add 2-factor authentication to your WordPress site here.
Our world has evolved and if you’re not paying attention to your web hosting, or hiring a company that manages it for you, you’re putting yourself at great business and financial risk. Make sure to tie up loose ends by talking to your tech team about implementing these security measures. By checking these protocols and creating your own organization strategy, you’ll better secure your web hosting.
Are you considering a website redesign? We have compiled our top 21 tips for a successful website redesign. They are easy to understand and include videos, links, lists, and examples to guide you. Click the button below to check out the guide.