How to keep your website protected
When it comes to keeping your website protected from hackers and viruses the first thing to understand is that you could be a target.
Many people tend to think that their website has nothing worth being hacked for but hackers don’t always compromise the security of a website to steal data, there can be a variety of reasons why.
Those reasons include using your account or server as an email relay for spam or phishing which uses email to trick people into giving up confidential details by sending a legitimate looking email, also another method is using a server as a zombie in a DDOS botnet.
So how can you protect your website from being compromised?
Firstly make sure that all of your software is up to date. It’s a simple step that is vital in protecting your website. Make sure updates are frequently applied to your website CMS whether that be WordPress, Drupal, Joomla or something else and any software that is running on your computer to ensure that a hacker or virus cannot find any ‘holes’ to exploit.
If you have a shared, reseller or managed hosting solution from us then you will not need to worry about updating the server operating system and software as we will carry out those updates on your behalf, however if hosted elsewhere and unsure you should contact your hosting provider to double check.
The next step would be to ensure that all of your passwords are secure. Again this seems like a simple action to point out but even though everyone knows that passwords should be lengthy and complex people don’t actually apply this knowledge.
It’s absolutely crucial that you apply strong passwords to your website admin area and hosting account settings such as email users, control panel access, etc. If your website also requires customer logins it would also be good practise to protect your users and enforce password requirements to ensure their details are protected. This may not be the most popular feature of your website with users however it will stop their data from being compromised.
Web application firewall
A web application firewall (WAF) is a server software that applies a set of rules to an HTTP conversation. These rules help block viral attacks and hacks such as cross-site scripting (XSS) and SQL injection.
All of our shared and reseller servers run a WAF ruleset that is updated daily to help protect against known threats and exploits to popular applications and software. Clients on a managed server can opt to have our WAF installed on request for a small additional cost.
As well as providing improvements to site loading speed, Cloudflare also brings extra security features so your website as it sits between the website visitor and our server acting as a detection layer and barrier against known threats. Cloudflare can be set to automatically block or require verification on connections from IP addresses known to be troublesome and any visitor exhibiting suspicious behaviour (trying to run known exploits).
All of our hosting accounts can enable Cloudflare via the hosting control panel allowing you to be up and running within just a few minutes. Also included within our Cloudflare addon is access to the Railgun feature which normally requires a $200 p/mth account when a direct Cloudflare client.
All of these relatively simple solutions can protect your website from attacks that could be carried out and detrimental to your business and/or your users.