Skip to content

Tighten Up Your Web Hosting Account’s Security

Out of all of the elements included with engaging in online activities, security should always be at the forefront of your mind. The majority of today’s Internet users have experienced at least one instance of malware, viruses, or hacking and in many cases, these horrible scenarios and their consequences can be prevented. Here are some recommendations on tightening up your web hosting account’s security.

Backup Your Website

Backing up your website’s information is a crucial prevention method in the case of a disaster. Those who do not back up their website’s data will never be able to restore their site to a per-disaster state. If you simply do not have the time to do this, find a web hosting company that offers a regularly-scheduled backup service.

Tough-to-Crack Passwords

You also must have passwords that are extremely difficult to penetrate. The average Internet user tends to choose a weak password that consists of only alphanumerical characters. Using a simple password will make you more vulnerable to threatening network intrusions. So make sure your password is not easy to recall or extremely short in length; every account you possess should have its own unique password because if one is hacked, the others will remain safe.

Letters should be in both cases and combined with special characters, all randomly dispersed throughout the password. “No-no” words to never use include a loved one’s name or dictionary term; they are too easy to guess. If you find the above password tips to be too much to remember, try using a random password generator.

Update Your Scripts

One other security aspect to keep in mind besides your password strength is your scripts and software. Both should be kept updated in a regular fashion; this is key to an overall web hosting security plan but often overlooked. You must take the time to ensure you website is completely updated and operating on the most recent version of the software you utilize. If you turn on your computer and see pending security patches or updates waiting to be installed, run them immediately.

Do Not Forget About Your Software

This also holds true for your site’s software. For example, if you have a forum, be sure you are operating on the current phpBB software. Or if you run an e-commerce site, you do not want to let your version of osCommerce become outdated, leaving your customer’s personal information exposed to the hackers of the world. If a web application or script is outdated, almost any hacker can get complete access to your web host account and will not need your login information to do so.

In order to prevent this from happening, keep the following in mind for both scripts and software. If a software or scripts offers an optional newsletter, be sure to sign up as you will be instantly notified if either one has a new update. Do not neglect to secure the authentication data for your database; it should be secured and invisible to others. And if you have files that provide global access to your site’s directories, ditch them.

This Post Has One Comment

  1. Nice article. I would like to add a few other tips as well.

    Since most websites are infected by stolen FTP passwords, and these passwords are stolen by a virus that’s infected a PC that’s used to FTP files to websites, you should take extra steps to prevent this.

    The virus works in basically two ways.

    First, it looks for the files that many FTP programs use to store the saved login credentials. You know, so you don’t have to type them in every time. Many free FTP programs, like FileZilla, store these login credentials in a plain text format.

    For instance, if you have FileZilla installed on a Windows XP PC, look in:

    C:\Documents and Settings\(user)\Application Data\FileZilla\sitemanager.xml

    There in plain text, easily readable, are the address, username and password for every website you have FTP access to. That’s all the information the hacker wants and it’s all right there!

    The second way the virus works is by “sniffing” the outgoing FTP traffic. Since FTP transmits all data, including the username and password, in plain text, it’s easy for the virus to see and steal the information that way as well.

    So, your first line of protection should be, a good strong anti-virus. I’m tired of hearing people say they use: Spybot and Adaware as their defense so they “know” they don’t have a virus. Unless you’re using Ad-aware’s latest technology, you’re not very well protected. Nothing against Spybot, but it’s not one of the best.

    Many people have had good success with one of the following: Kaspersky, Avast or Vipre.

    Next, you need a good quality FTP program. One that encrypts the password so it’s not so easy to steal and use. WS_FTP by Ipswitch is such a program. Sure you have to buy it, but I consider that cheap insurance against getting a website or two infected.

    Then, ask your hosting provider if they support SFTP. This protocol works just like FTP, but it sends all traffic encrypted so it’s not so easy to sniff.

    That’s my extra advice. This is advice we’ve provided to the owners of the 20,000+ websites we’ve cleaned after their infection.

Comments are closed.

Back To Top

Pin It on Pinterest