Websites are often the target of hackers for various reasons. Some people target websites for political reasons while others do so for fun. If you have a website, it’s crucial that you do what it takes to keep it as secure and safe as possible.
People often make the mistake of relying on web admins to ensure their sites are safe. As it is your website, it is your responsibility to make sure that happens. If you would like to know more about how to make sure your site and server are secure, take a look at these following tips.
Is your website using SSL or TLS?
Those two terms might sound like a couple of acronyms to you. But they are essential for ensuring your website traffic is secure. Conventional websites (those that start with “http://”) are unsecured.
That means it’s possible for hackers to snoop on any information sent or received from your browser to the server. The good news is things are different with secure websites (those that are prefixed “https://”).
Any data sent or received from the server gets encrypted. SSL and TLS encryption is “one-way.” In layman’s terms, you can’t decrypt any information unless you know what that information was in the first place! It could take anything up to a few thousand years to try various combinations of characters to get password data, for example.
In fact, Google recommends that all websites use encryption. Regardless of whether personal information gets transmitted or not. In search engine optimization circles, doing so helps your site to “rank” higher in search engines!
These days it’s cheap and quick to get an SSL or TLS certificate organized for your website. Most web hosting services allow you to install those certificates yourself. Although some may prefer if you ask them to do it for you.
How do you access your server?
As someone that administers your website, you will doubtless be using an FTP client to download and upload files. You can use the standard FTP protocol, but that isn’t recommend as it’s not secure.
There’s the option of using “secure” FTP, but not all hosts offer this facility. Perhaps the best way of accessing your server is by using SSH (secure shell). It’s the equivalent of using a “command prompt” in Windows or the Terminal window in Mac OS X.
If you’re planning to move hosts and want to go with iPage, for example, you should ask the question “Do I get SSH with iPage hosting.” It’s not essential, but it’s the most secure method of managing your web server.
Is your website hosted separately to others?
If you aren’t using a cheap hosting plan, it’s likely you are using what’s known as a virtual private server or VPS. To all intents and purposes, you have access to your server’s operating system and features. Except that your site is on a shared server.
With such a setup, it’s difficult for one website to affect the operation of others on the same physical server. That’s because each site runs in its own “space.” If you use a cheap, shared hosting platform, the opposite is true.
If possible, you should opt for a dedicated server. That is where only your website is run on a physical server.