I cannot stress enough how important security is when is comes to your web hosting account. There are a few proactive ways to help ensure that your web hosting account is safe and secure. Hopefully, preventing your data or clients data being compromised. The first step to security is to ALWAYS keep a backup of your website an or any important files you have on the server. Backup anytime a critical change is made and store the backup on your home computer, USB key or even an external hard drive. I cannot stress enough how important it is to backup your website as disasters can happen at any time. To create a full backup of your account, login to your cPanel and click on the Backup Wizard icon. Follow the steps to create a FULL account backup. The server will generate a backup and provide you with a download so you can store it on your computer or any other means of backup. For detailed instructions on how to backup your website through cPanel click here.
The next step to securing your website is your cpanel password. Many people change their password to something very simple but with today’s technology a combination of only letters and numbers is not secure enough. First off, don’t change your password just because the one we provided was ‘too hard to remember’. There is a reason it’s hard to remember! The following are a few tips that you can take in regards to password security:
- Never use the same password for more than one purpose or account online.
- If your password is short or easy to remember, it’s most likely insecure.
- Always try to include a mix of Upper and Lower case letters as well as numbers and special characters.
- Make sure you do not tell anyone your password, even the person designing your website should not have your main cpanel password.
- Use the ‘Generate password’ option in cpanel if you are having difficulty choosing a password.
Moving on, security is not only based on a secure password. Updating your website script is a key factor in web hosting security. As a hosting customer it is your responsibility to make sure your website is up to date and running the latest secure version of your software. Whether you use a forum, blog, image gallery or shopping cart script, make sure you check for updates and run the latest version of the software. I have seen many people run an old version of Joomla or WordPress or even OsCommerce and get compromised. In most cases where a client may report an account having been exploited, the incident that took place was a result of a lack of proper attention to the script installed within that individuals hosting account. Outdated web applications and scripts can easily allow an individual to gain full access to your hosting account without the need for any login information. If you have or are planing on installing any script to your account the following tip should help!
- Use strong passwords and cycle your passwords regularly (every 2 – 4 weeks)
- Subscribe to the scripts mailing list or whatever alert system they make available. These lists are generally are only updated when a new update is made available for the script.
- Backup and Update your account regularly!
- Don’t forget to secure your database authentication data! You are most likely leaving this data within a regular text file. Make sure the file is permissioned securely and is not visible or available to anyone on the web.
- Delete any install files or chmod 777 files that give global access to your directories.
- Ask us for help! We can give you advice and in most cases help you make the right decision in terms of security.
In the end keeping your website secure is just as important as keeping the bad guys out of your home. You have to be proactive and keep up to date. It can happen to anyone and taking preventive measures is a great way to maintain your account. At HostUpon we want our customers to understand that the Internet is never going to be 100% secure and each hosting account needs to be well maintained, monitored and backed up by the account owner.
If you have any questions regarding the security of your website please do not hesistate to contact us anytime.