After dealing with some site/server security issues with one of our clients recently, 5 Ways to Secure Your Hosting Account is a very timely article we found that may help you avoid such a circumstance. The average webmaster probably needs to spend between 4 and 8 hours boosting the security of their websites, accounts, and servers. Hopefully we can help!
Here are 5 good tips that TemplateMonster’s article suggests:
1. Keep all Software Updated
Over at TemplateMonster, they suggest installing all available platform updates, checking to make sure your plugins are up to date, and backing up your database before making any changes or updates.
2. Clean up Your Accounts
Malicious hackers often identify user accounts on servers and attempt to compromise them by guessing passwords or bombarding the server with connection requests. Removing generic accounts and redundant users, as well as reviewing user permissions, etc, are all suggested as a way to clean up your hosting account and prevent attacks in the above article..
3. Lock-down Private Files
Some information stored to your server is not for public use and if you leave something sitting there that is meant to be private, it is only a matter of time before someone malicious finds it and uses it in whatever way they can to do harm to you or others. TemplateMonster suggests controlling access to any private files via your host’s control panel, using strong passwords, and setting appropriate rules in your .htaccess file.
4. Practice Good Password Etiquette
Using the same password, storing your passwords insecurely, and not updating your passwords can all lead to potential security compromises. Make sure you are following good password etiquette throughout your online presence.
5. Take Regular Backups
Even when trying to prevent it, sometimes hackers find a way in, and the damages can take weeks to fix. Make sure to utilize any offered backup solutions presented by your host, or start backing up yourself if they are not available.
Security is important.
As stated above, we recently spent several days dealing with a hacked server that we did not set up for a client initially. The server exhibited several of the issues presented by TemplateMonster’s article. Poor passwords were being used, user accounts were easily accessible and had broad permissions to access things on the server, some ports were open that did not need to be, there was a lot of junk on the server that needed to be cleaned up, and the hackers originally got in through an old WordPress installation that hadn’t been updated and had residual files lying around with known exploitable code in them. It was not fun, and it could have all been prevented!