Why Security Matters
Why do you need to secure your hosting account? The virtual world is booming, but so is the darker underside of the internet. Various hacks have made news this past year, and it’s likely only going to get worse.
Websites aren’t immune to these attacks. In fact, they’re increasingly vulnerable since they live in virtual space.
So how do you protect your website in a world where hacks are getting more sophisticated? We have a few tips:
Turn on Malware Scanning
Malware can be incredibly disruptive to websites. It can result in site defacement, stolen information, and more.
Plus, it’s stealthy. You won’t always know you have malware. And what’s worse — you might not be able to figure out how it infected your site in the first place. Malware can break into your website through a number of devious methods, like old software, other devices, and more.
Curious about the kind of symptoms malware displays? Check out our blog for more info: Detect Malware on Your Website (Before It’s Too Late).
To combat this stealthiness, we recommend enabling our malware scanning tool in your Pair hosting account’s Account Control Center (ACC). This free tool will scan 10,000 of your files per week. If any suspicious items are detected, it will notify you right away.
Want more protection? Check out our paid malware packages. They offer daily scanning of ALL your site files. If any malware is found, our Security Team will clean it up for you. We’ll also update old WordPress installs and harden your site security upon request.
Create Backups
Website backups are invaluable for several reasons. Not only are they great to have around in the case of user error, but they can be a site-saver if malware ever infects your site.
Without site backups to roll back to, you may end up manually removing malware, which often requires time, effort, and security know-how.
So, backups are a great way to round out your site security. That being said, how do you know what backups you need?
We have a few suggestions.
First, set up site backups on your hosting account. You can take these manually or use a hosting account feature, such as WordPress automatic backups.
Next, download and store a copy of these backups on your personal device. That way, if something infects your hosting account backups, you still have a clean copy on your personal device.
Lastly, we recommend creating a copy of the backup and placing it on a removable storage device (like a USB stick or removable hard drive). This ensures that you have a backup even if the worst happens and both your hosting account and personal device are compromised.
In the event of an exploit, our paid malware scanning service keeps a malware-free backup of your site for 60 days.
Remove Unnecessary Account Access
Who has access to your site? Do you have a designer or site admin who works in your site’s backend? Perhaps you have a blog writer who publishes posts on your WordPress site.
If you’re not the only one who has access, we recommend taking stock of the following things:
- Who has access?
- What do they have access to?
- Do they need access?
Asking yourself these three questions will help you identify possible vulnerabilities.
You may be thinking, “I trust them. They’d never do anything to hurt my site.” And you’d probably be right. However, anyone who has access is a potential opening for malware to slip through. While they may not intentionally harm your site, every access point into your website has the potential for exploitation.
So you should only give access to someone who absolutely needs it. And remove their access as soon as they no longer need it. You can always give them access again later.
This guidance doesn’t just apply to your hosting account – you should also monitor CMS and other website software access. Some CMS, like WordPress, allow different levels of access. Using these access tiers can keep a bad situation from turning into a site-wrecking one. For example, if a user is only permitted to create new blogs, then that’s the only thing a malicious entity can do if it breaks into that account. On the other hand, if you give that user full admin privileges, that malicious entity also has access.
Audit Your Passwords
When was the last time you changed your passwords? Passwords on the internet are as common as sand on a beach. But unlike sand, passwords can make or break your site security.
We have a few recommendations when it comes to passwords.
First, use strong passwords.
What constitutes a strong password?
Strong passwords usually contain:
- eight characters or longer
- upper and lower case, numbers, and symbols
Why eight characters or longer? Well, the longer the password, the harder it will be for a password-cracking program to brute-force your password. Varying your character choice, too, can make it harder for passwords to be cracked.
Stay away from special dates or personal information.
With social media and the rise of online identities, it’s increasingly easy to obtain someone’s personal information online. If a hacker targets you specifically, it may only take a few minutes of searching for them to find your pet’s name, your anniversary, your children’s birthday, etc. With that information, they can factor that into their brute-force attempts.
So, to be safe from pointed attacks, it’s recommended to not include any personal information in your passwords.
Don’t reuse passwords.
For the best password security, use a unique password every time. Brute force attacks aren’t the only type of attack that could compromise your passwords. Hacks and leaks often take sensitive information and post it on the dark web. If you reuse your passwords, and one of those passwords is leaked, then every other account that uses that password is compromised.
By making unique passwords every time, you won’t have to worry if one is leaked. You can simply change it.
Tip: Worried you won’t be able to remember all your passwords? A password manager is a great way to keep track of all your unique passwords.
Keep Your Software Updated
We’ve said it many times, but it bears repeating. Keeping your software up-to-date is imperative for site security.
Software isn’t invulnerable. In fact, the flaws are often discovered after its initial launch. When such problems are discovered, authors who properly maintain their software will release an update to patch the flaw.
That’s why updates are so important. If you’re not updating your software, you’re not getting the latest protection.
So keep your software updated. If you have a hard time keeping on top of updates, look into ways to make it easier. For example, the WordPress CMS recently released a feature that automatically updates your themes and plugins.
Vet Your Software
This tip is similar to the last one, but different enough to warrant its own mention. Like we said in the previous section, third-party software should be updated to keep up-to-date on security. However, what happens if that software is no longer being maintained?
There are many reasons why a software might be abandoned: Developers leaving for other projects. A company deciding to allocate resources elsewhere. Software age and alternatives outweighing the benefits of keeping the software patched.
And if the software isn’t being maintained, that means any security issues aren’t being fixed, either. Plus, it’s also vulnerable to malware. If a software becomes infected, it could infect every device and website that downloads it.
So keep tabs on your software to ensure it’s being maintained. Otherwise, it may become a weak spot in your site.
I Suspect I Already Have Malware
Is your website exhibiting the tell-tale signs of malware? If so, you can reach out to our security team with questions or opt in to our paid malware protection to have our security team complete the cleanup for you.
