When you are looking at website hosting you can always find loads of recommendations of who to use. These recommendations normally center around several details such as price, level of support and the resources available – for example the number of add-on domains that you get or the number of databases you can have.
Because of this information it is very easy to choose a hosting provider for your website but after that it is quite hard to find information on how to set up your hosting and how to keep your website safe, secure and online.
The aim of this article is to fill that information gap by providing 5 concise tips on how you can keep your website secure and online. These tips should benefit anyone that is running a website and for those of you that are running multiple websites it should benefit you even more.
Why is security and reliability so important?
I bet that a lot of people reading this right now are thinking to themselves – hmm, I don’t think this is really an issue; my website has been online for the past 12 months and I haven’t had any issues. This is a fair point but it highlights one of the biggest issues when it comes to website hosting and management. This issue is actually relevant right across computing. The problem is that everyone thinks that their setup is perfect right up until there is a problem. And if the setup is not in perfect condition and regularly tested when a problem does occur it can mean the end for your website(s).
I have had personal experience of this hence why I now take website security and maintenance so seriously. I have also see other webmasters and hosting providers experience similar problems and I have seen a few of them unable to recover.
So now that I have laid the foundations for this article by describing the importance of website security and maintenance I will proceed with the top 5 tips for ensuring that you don’t become victim to either website hacking or website downtime caused by any other reason.
1 – distribute the components of your website wherever possible
There are several components that are required to run a website – the three most important ones are domain registration, DNS and website hosting. It is a common mistake for people to keep all of these components in one place or with 1 hosting provider. The problem with this is that if you have an issue with that provider for any reason then you are risking your entire operation. A much better practice is to split those components up and leave their management with different providers.
For example, you could register your domain name with one provider such as GoDaddy or Namecheap. You could then have your DNS with another provider such as Dyn.com and you could have your website hosting with yet another provider – for example 1and1. Once you have these providers in place you can change your name servers and your DNS records accordingly so that each provider is responsible for just one part of your website management.
If anything went wrong with any of these providers it would be far easier to move that part of the management to another provider. For example, if your host goes down then you can simply repoint your DNS to a new host and restore your backup to have your site back up and running in a matter of hours.
2 – Back up your site regularly and to multiple locations
Backup is absolutely critical to the running of your website(s). Without a backup in place you are really waiting for disaster to strike and when it does you will not be able to recover, it’s as simple as that.
It doesn’t end there either – backups should be comprehensive, multi-faceted and regularly tested if you want to be able to rely on them in the event of a disaster.
The best way to set up your backups is to have at least two forms of backup in place – this could be a backup that is provided automatically by your hosting provider along with an additional backup that you set up yourself or even a regular manual backup depending on the size and complexity of your setup.
If you are using WHM then you can easily configure a backup schedule that will take all of your website off site to an FTP server. If you only have access to CPANEL then you can either set up a cron job coupled with a shell script to take regular backups or you can use the built in backup feature that comes with CPANEL to do regular backups manually.
Backups should also be periodically tested – at the simplest level this could just involve downloading and extracting a backup and then checking that all of the files are intact and that the database is readable. At a more complex level this might involve performing a test restore to a separate hosting server to be 100% certain that everything can be restored successfully in the event of a disaster.
All of this may seem like a lot of work but if you have ever been in a situation where you need to restore from a backup you will understand that it is well worth the effort.
3 – Keep each website on a separate hosting account
This is something that becomes much more relevant if you host more than 1 website and it is a common mistake that people make. If you do have more than one website, then you should keep your sites on separate hosts or set up reseller hosting. Reseller hosting will normally mean that you have access to WHM (The backend of CPANEL) and thus you can create what is technically a separate account for each of your websites. The alternative to this, and the way most people tend to host multiple websites, is to have a single CPANEL account and each domain added as an add-on domain.
The downside of having multiple domains hosted as add-on domains in a single CPANEL hosting account is that any issue effecting one of those sites can easily spread to all of those sites. This means that all of your sites go down together when you face an issue such as a hacking attempt and it also makes restoring from such an issue far more complicated.
A good example of this is if one of your websites got hacked – with multiple sites on the same account all of the files across all of those sites would potentially become infected – because they all share the same security permissions and the same physical location. However, if you have separate accounts set up for each of your websites then they are completely isolated from each other and this issue would be avoided. If one of your websites were to be hacked, then only that site would be affected and recovery would be far quicker.
4 – Avoid cheap web hosting
Cheap website hosting simply isn’t worth the hassle. Sure it may save you some money in the short term but all too often cheap website hosts will suffer from speed issues because they are over-subscribed or they will simply disappear when something goes wrong. The reason for this, and the problem with cheap website hosting, is that they often don’t have a high enough profit margin to cover the real costs of running a website hosting business – this could mean that they have no choice but to put more people on each web server than they really should or it could mean that they don’t have the support staff to properly support their customer base or it could even mean that they are not really implementing the correct hosting setup to cover themselves against hardware failure or any other issues that may occur.
If you are worried whatsoever about your website remaining online and stable, then you should definitely go for some of the better hosting providers rather than putting cost at the top of your list.
5 –take security seriously
Again this is extremely important and something that every webmaster should be thinking about all of the time. Running a website isn’t something that you can “set and forget”. It takes regular maintenance including monitoring security, updating your website and generally insuring that everything is working as it should.
If you are like many website owners and you run WordPress, then there is a great plugin called Word fence that will take care of a large part of the security side of things for you. Word fence is available on both a free and subscription basis the later coming with a few handy editions that the free version does not have enabled.
Once you have Word fence installed it can be configured to lock out users that try to log in unsuccessfully more than a couple of times, you can whitelist and blacklist IP addresses and also monitor your entire website for changed files, out of date files and much more.
Along with this pro-active monitoring you should also manually keep a check on your websites as well. In the case of WordPress this means regularly checking for and installing updates, disabled and uninstalling any unused plugins and keeping your themes up to date.
About The Author
This Article has been written Article by David Silvester. You can check his blog here.