Your website is one of the most vulnerable parts of your IT setup, and the consequences of it being hacked can be very severe. The fact that your website is exposed to the world means that it is an easy target for hackers, and if it is compromised, it quickly becomes clear to all of your customers that you’ve been hacked.
Websites are compromised very frequently, even those belonging to huge companies that should really have security measures in place to stop this happening. Earlier this year, for instance, the website of the Dublin tram system was hacked. Visitors to the Luas website were greeted by the hackers’ message threatening to publish the stolen information unless they were paid one Bitcoin (approximately 3,300 Euros or $3,800 U.S.). Though the motivation for this attack appears to have been monetary gain, the hackers could have easily used their control of the site to spread malware or collect user information via a phishing attack.
For small businesses and individuals, it is often not feasible to spend hours setting up advanced security protocols for your website. Some companies can afford to outsource security, and there are certainly some benefits to that approach. Most of us, however, rely on the security tools and systems put in place by our web host.
That means that security should be one of your primary concerns when choosing a web host, and you should be aware that platforms take different approaches to ensuring the security of your site. Two of the most popular e-commerce platforms, Shopify and WooCommerce, have significant differences: Shopify handles security for you, whereas WooCommerce relies on your web host being secure.
Check out the security features that the best web hosting providers offer you, so you can choose a provider who takes security as seriously as you do.
First and foremost, a good web host needs to provide you with a stable, secure access management system. This system should include ways of managing both admin and customer access to your website.
Back-end access to your site should be locked down to just those IP addresses that you use. In addition, Secure Socket Shell (SSH) should always be used when you log into your website servers. These steps are among the most important to secure new websites, and significantly limit the ability of hackers to gain access to your site.
When it comes to customer accounts, a quality web host provides you with a sophisticated account management system. Depending on the complexity of your site, you may need several levels of access to it: admin access for yourself, but also author accounts and shopping accounts. The level of access for each type of account should be limited to the absolute minimum required, and if possible you should mandate that everyone – including your customers – uses a strong password.
SSL, firewalls and network monitoring
A good web host provides these tools built into their content management system (CMS) and allows you to see the traffic that is passing through your website, as well as between the different parts of it. These systems monitor traffic to your website to identify suspicious activity while also detecting intrusions into your site.
Equally important is that your web host offers secure socket layer (SSL), a powerful form of encryption based on the advanced encryption standard. This encrypts the data passing between your website and the computers of your visitors. It is effective and can prevent many common forms of cyberattacks, including man-in-the-middle attacks and account spoofing. If you don’t have SSL, your customers are not going to trust your website is secure, and many browsers now block access to sites that are not secured in this way.
Finally, you should ensure that your site is protected with a firewall. A web application firewall (WAF) is similar to the firewall that sits on your home computer but controls the traffic flowing through your web applications. Web applications can be vulnerable to common forms of cyberattacks, such as SQL injection, and with a WAF you can limit your vulnerability to this kind of attack.
Most web hosts now offer you a choice of an operating system for your web server. There are two main options: a Windows-based OS and a Linux-based OS. Which of these you choose should depend on your level of technical expertise.
Windows-based systems limit admin privileges by default and require you to enter a password to gain this level of access. In principle, this can limit the damage that an attacker can do if your web server is compromised. In addition, Microsoft systems are administered by Microsoft personnel, who can offer support if a security flaw is detected.
Linux systems are often regarded as inherently more secure simply because there are fewer known threats for this OS. Linux systems require you to take a more hands-on approach to security management, but this does not necessarily mean that you are on your own: the open-source community is always available to help you learn how to manage your system.
In general, though, if you are new to web hosting, go for Windows. If you are a little more experienced or have the time and inclination to learn more advanced techniques, go for Linux.
Plugins, applications and updates
The CMS provided by the best web hosts automatically updates every time a new security update is released and should warn you if you are using out-of-date plugins. The process of running unused plugins is one of the biggest sources of vulnerabilities for small websites, and you should regularly audit how many you have installed on your site.
WordPress is a particular good CMS when it comes to managing plugins, which is one of the reasons it has become the most popular CMS in the world, with almost 30% of the entire Internet running on this platform. Unfortunately, even though the system highlights the danger of using unsupported plugins, many people don’t follow the best WordPress security practices, and so leave themselves open to attack.
The bottom line
This last point is important because it’s worth noting that even the best web host will not be able to protect you against every threat. While a good web host will provide you with the security tools necessary to secure your site, it’s up to you to use them.
So when shopping around for a web host, make sure you choose one that provides you with security tools, but also remember that this is only the beginning. You should also read up on the most common types of cyberattacks, how to protect yourself from a data breach, and make sure you know how to use your WAF and SSL systems.
Ultimately, you should recognize that your website is the most exposed part of your IT infrastructure, and as a result is the most tempting target for hackers. But by choosing a good web host, you can make their life a lot more difficult.