Your web servers are the focal point of all your website's security; they are where all of your information gets stored and because of this they essentially constitute what your website is.
Thus, it's not surprise that you have to keep these servers as secure as possible at all times to protect not only your online presence but also your customers and anyone else who entrusts you and your site with their sensitive private information.
Luckily, keeping your servers secure isn't really that hard and it's certainly not expensive. With a few straightforward and relatively easy to implement steps, you can eliminate an overwhelming part of your chances of getting hacked, seeing your site destroyed or your information stolen. Let's go over a few tips and tricks now.
Buy Dedicated Web Servers from a Reliable Provider
You will almost certainly be hosting your website or sites on a commercial hosting provider's servers, and this is a good idea, since they will already have their own professionally designed security measures in place. Nonetheless, not all hosting providers are created equal and not all types of hosting are equally secure. For one thing, for extra security and traffic handling capacity, you're better off buying your own dedicated server space from reliable webhost. This will cost you at least 5 times more per month than regular shared hosting, but having your own servers also makes your security much more solid and your ability to cope with Denial of service attacks more robust.
Buy Secure Hosting
In addition to buying dedicated server space, you should also review the security features your host provides to its clients. These should include: up-to-date server apps like PHP, MySQL, Apache and others, strong internal firewalls within the webhosts systems, automatic backups, internal antivirus protection, DDoS (distributed denial of service attack) protection and SFTP (secure file transfer protocol), which allows you to securely move files to your servers (thus website) from another machine.
Regularly Update All your Server and Website Applications
Your server based applications will probably be automatically updated by your hosting provider, but you will almost certainly have your own list of third party applications working on your website and installed on your servers; update these regularly. These might include applications like Flash, JavaScript or Adobe Acrobat and they could also include third party website content management systems like WordPress and all of their associated plugins. At least once a week, go through all of these applications and make sure that the versions you're using are the latest available. Outdated apps are a hacker's chief attack vectors.
Use Secure Passwords
Your hosting cPanel, servers, MySQL, FTP and any other password protected parts of your server and website controls should all be protected by highly secure passwords that are at least 10 characters long and consist of randomized upper and lowercase characters, numbers and symbols all jumbled together. An overly simple password can easily be cracked by dictionary attack software that can run millions of word combinations per second. You should be particularly careful about also adding internal passwords inside your cPanel and servers that give different levels of access to different people if you have multiple site administrators accessing your website's servers.
Secure Your Personal or Work Computer
A convenient and often forgotten access point for attackers trying to get into your servers will be your actual computer. This machine will probably contain the desktop File transfer protocol (FTP) application which you use to transfer files and media to your website. If this is the case, keep this machine safe! Install strong and regularly updated antivirus/anti spyware software on the computer, limit access to it to trusted people and make sure that both the computer and the FTP inside it are both password protected and have automatic login disabled, forcing you to type in your passwords each time you leave them for more than a few minutes.
A hacker can easily sneak hack software and malware into this computer and use it to gain access to your actual web servers either through direct attack or simply by recording the passwords you type in to reach all your secured systems. Again, keep the computers you use to access your servers secure!
Use Your Own Web Server Protection Software
Aside from the protection offered by your hosting provider's security software, you should also set up your own defense systems by using third party server and website protection applications. A powerful security software package can offer your servers diverse protection against viruses, malware, Trojan horses, data thieves, spy bots and DDoS attacks, amongst other things. Some very reliable and highly affordable server/website security products include membership software services such as Incapsula or Cloudflare.
Encrypt your Data Files
As a last quick server security tip, we should also mention internal data encryption. While encrypting any sensitive information stored on your server won't actually protect the server itself from attacks, it will at least ensure that anyone who does manage to hack your system has unreadable files on their hands, thus blocking them form finding out what sorts of customer data and other information you've got stored.
About the Author: John Dayton is a leading expert on server security tips. When he is not writing, you can find him at home or working as a consultant to partners like LWG Consulting.
To write guest posts for us, please follow the link below
Write Guest Articles for us
Thus, it's not surprise that you have to keep these servers as secure as possible at all times to protect not only your online presence but also your customers and anyone else who entrusts you and your site with their sensitive private information.
Luckily, keeping your servers secure isn't really that hard and it's certainly not expensive. With a few straightforward and relatively easy to implement steps, you can eliminate an overwhelming part of your chances of getting hacked, seeing your site destroyed or your information stolen. Let's go over a few tips and tricks now.
Buy Dedicated Web Servers from a Reliable Provider
You will almost certainly be hosting your website or sites on a commercial hosting provider's servers, and this is a good idea, since they will already have their own professionally designed security measures in place. Nonetheless, not all hosting providers are created equal and not all types of hosting are equally secure. For one thing, for extra security and traffic handling capacity, you're better off buying your own dedicated server space from reliable webhost. This will cost you at least 5 times more per month than regular shared hosting, but having your own servers also makes your security much more solid and your ability to cope with Denial of service attacks more robust.
Buy Secure Hosting
In addition to buying dedicated server space, you should also review the security features your host provides to its clients. These should include: up-to-date server apps like PHP, MySQL, Apache and others, strong internal firewalls within the webhosts systems, automatic backups, internal antivirus protection, DDoS (distributed denial of service attack) protection and SFTP (secure file transfer protocol), which allows you to securely move files to your servers (thus website) from another machine.
Regularly Update All your Server and Website Applications
Your server based applications will probably be automatically updated by your hosting provider, but you will almost certainly have your own list of third party applications working on your website and installed on your servers; update these regularly. These might include applications like Flash, JavaScript or Adobe Acrobat and they could also include third party website content management systems like WordPress and all of their associated plugins. At least once a week, go through all of these applications and make sure that the versions you're using are the latest available. Outdated apps are a hacker's chief attack vectors.
Use Secure Passwords
Your hosting cPanel, servers, MySQL, FTP and any other password protected parts of your server and website controls should all be protected by highly secure passwords that are at least 10 characters long and consist of randomized upper and lowercase characters, numbers and symbols all jumbled together. An overly simple password can easily be cracked by dictionary attack software that can run millions of word combinations per second. You should be particularly careful about also adding internal passwords inside your cPanel and servers that give different levels of access to different people if you have multiple site administrators accessing your website's servers.
Secure Your Personal or Work Computer
A convenient and often forgotten access point for attackers trying to get into your servers will be your actual computer. This machine will probably contain the desktop File transfer protocol (FTP) application which you use to transfer files and media to your website. If this is the case, keep this machine safe! Install strong and regularly updated antivirus/anti spyware software on the computer, limit access to it to trusted people and make sure that both the computer and the FTP inside it are both password protected and have automatic login disabled, forcing you to type in your passwords each time you leave them for more than a few minutes.
A hacker can easily sneak hack software and malware into this computer and use it to gain access to your actual web servers either through direct attack or simply by recording the passwords you type in to reach all your secured systems. Again, keep the computers you use to access your servers secure!
Use Your Own Web Server Protection Software
Aside from the protection offered by your hosting provider's security software, you should also set up your own defense systems by using third party server and website protection applications. A powerful security software package can offer your servers diverse protection against viruses, malware, Trojan horses, data thieves, spy bots and DDoS attacks, amongst other things. Some very reliable and highly affordable server/website security products include membership software services such as Incapsula or Cloudflare.
Encrypt your Data Files
As a last quick server security tip, we should also mention internal data encryption. While encrypting any sensitive information stored on your server won't actually protect the server itself from attacks, it will at least ensure that anyone who does manage to hack your system has unreadable files on their hands, thus blocking them form finding out what sorts of customer data and other information you've got stored.
About the Author: John Dayton is a leading expert on server security tips. When he is not writing, you can find him at home or working as a consultant to partners like LWG Consulting.
To write guest posts for us, please follow the link below
Write Guest Articles for us
Comments
Post a Comment