Do you use shared web hosting to host your websites? Then you must be aware about the security issues, vulnerabilities and threats that come along with a Shared web hosting account. The question is: How to secure shared web hosting account and mitigate risks?
Today, in this post we will show you different ways to secure shared web hosting account and stay safe against hackers and cyber threats.
Let’s find out how to secure a shared web hosting account against threats.
How many times have you heard about someone’s website being hacked?
I am sure, several times but still you ignore the threat because your web hosting provider says they offer the best security, tools and protection and you believe those catchy lines that your website is safe.
The fact is that you cannot be safe 100% at all times, you can just work on hardening the security of your shared web hosting account.
While, many of us take it for granted by cooking up excuses in our mind such as “I don’t have a big website, why someone would hack us?” but let’s do some simple math here to help you understand what it really means getting hacked?
Let’s assume that you are a small business owner who has a decent website since past 2 years and you have put in $100 every month in SEO, hosting and content creation and worked hard have a great online presence to help customers find you.
Those expenses are $100×24 months = $2400, plus all the hard work that you had put in building a reputation online and suddenly all gone within seconds if your website is hacked.
Terrifying! Isn’t it? Well, it can be a nightmare if you are taking it lightly.
We encourage you to take the necessary steps mentioned in this post to secure shared web hosting account and protect your website and business.
I can feel it that you are getting concerned now about securing your shared web hosting account.
Don’t worry, we will show you how to secure shared web hosting account to protect your website and stay safe from hackers.
This post is useful mostly for those who use a shared web hosting account to host websites and small business owners who do not have much of a technical knowledge about web security and how they can secure shared web hosting account to protect their websites.
Take Backups through cPanel or Plesk control panel
When it comes to securing a shared web hosting account then you must know that no website or web application in this world can stay 100% safe.
Taking regular backups of your account ensures that even if your website comes under an attack from a hacker, you can simply replace the files with an original backup copy and get back to business.
Sounds simple, isn’t it?
Well, taking backups is pretty simple but the question is how often should you run backup wizard to take backups?
While an attack on a website can be of simple to severe in nature depending on what type of attack it is but in both the scenarios there will be damages of some kind to the website.
Since, it is easier to deal with the hacks that are simple in nature but some more severe hacks lead to placing a malicious code deep inside the code files and it is hard to locate them.
It is quite often with WordPress websites, Joomla websites and other open source CMS (content management system) based websites.
In such situations the best thing you can do is restore all the files from a backup copy of your website.
It’s pretty easy to restore the original website files through cPanel or Plesk and replace the affected version and you are done.
Your website will be like before, no data loss and you are back in the business within minutes.
With that being said, there are few things that you have to keep in mind always when it comes to backups.
Restoring a website takes few minutes if you have a backup already stored on the server.
All web hosts offer backup services whether free automated or paid backups but backup option is always there.
Since, restoration is not possible without a backup therefore backups are always available but the question how often should you take backups of your website files and database.
There are bound to be surprises, as over time you collect enormous amounts of data, which can complicate the restoration process depending on your web host.
And then there are other things to consider: database version, software version, PHP version (if you’re running a PHP website, that is), compatibility of these versions, and so on.
More than likely, you don’t have the skill set or the energy to get into all of this.
Considering the above situation that can turn into a nightmare for you and your business, we recommend you to go for a webhost that offers simple, quick and effective backup service such as Rambohost.com
Whether you have a backup service available from your webhost or not, you can always take backups of your WordPress website using All-in-one WP Migrate plugin within minutes and stay safe.
Frequency of backups
Now coming to the question: how often should you take back ups?
If your business completely relies on your website and online visitors then we recommend that you take backups atleast once a week.
In case you just have a website as a digital identity for your small business then you can take backups once in a month.
Since, we are talking about how to secure shared web hosting account, we assume that small business website do not have file size beyond 500 MB and so taking backups is not that complicated at all and if won’t burn your pocket.
We recommend that you discard backups older than a specific duration.
Now what this duration is, depends on your business entirely, though in most cases once-a-week backups held for the last month or two is more than enough.
In this way you can keep your free backup limits under control, your space free and your bandwidth usage in control.
Enable Two-factor Authentication
If you have been using twitter, facebook or gmail or any other website then you may have noticed that many times you are prompted to enable two-factor authentication by registering your mobile number.
Two-factor authentication means using a two-step process for verifying users before logging them in and handing over the reins (more details here).
Why two-factor authentication?
Suppose if someone happens to guess or otherwise steal your password and tries to log in from their computer, they will be challenged to prove their identity by entering a code sent to the registered mobile number.
Since, the attacker does not have access to the code sent on your registered mobile number his login attempt is automatically blocked.
Frankly speaking, some people choose passwords poorly that are easy to guess and some browser-based hacks can also retrieve your passwords therefore it’s best to enable two-factor authentication to protect shared hosting account and website.
For WordPress websites, there are several plugins that you can choose, making the task very easy and fast.
Always Avoid Untrusted Sources for downloading plugins, themes or libraries
Often WordPress website gets hacked due to a security flaw in a theme or plugin that you have downloaded from an untrusted source online.
While it is obvious that you want to add new features, UI, styles and graphics to your website for which you look for themes and plugins but are you sure about the source of the themes and plugins?
Third-party plugins or themes can be a source for several hidden problems.
They can contain malicious code that can steal your saved passwords or credit card info.
They might be poorly coded, thus becoming a weak link in your website’s security once installed.
Do not rely on your developer’s words completely or trust him/her blindly when they say that your website is secure and they have audited the code for security flaws.
No code, website or web application can be 100% secure, you have to apply security measures to keep it secure.
Remember to download themes, plugins or code libraries only from the trusted sources and one of the best sources to download plugins and themes for WordPress is to download them from the WordPress respiratory via the Admin of your Website.
For WordPress users we suggest sticking to the officially available plugins in the WordPress respiratory because they are strictly checked for code quality and safety, and the same goes for other platforms out there such as Joomla or Drupal.
Choose Strong Passwords
Choosing Strong Password for securing shared hosting account is the basic step that you should always keep in mind.
The problem with the “strong” passwords we come up with is that it is not easy to memorize them.
But beware; with a little knowledge of your personal life and the aid of a Dictionary Attack, the chances of hacking your shared hosting account are very high.
We always recommend you to create stronger passwords with combination of Uppercare, lowercare and special characters and then writing them down in your personal diary or notepad which only you can access.
However, using a free random password generator service from Avast that allows you to generate complicated and lengthy passwords in seconds can really help you secure shared web hosting account.
Please don’t go easy on the tool — make it work to the maximum.
The best thing is that you don’t need to memorize these complicated and secure passwords, you can download the free Avast tool that will store your passwords for you in a secure environment.
Think about it like this – passwords that you can memorize easily are not secure enough and easy to crack.
Instead, try to generate a random password and use it to secure shared web hosting account and stay safe.
Additionally, we recommend you to install All-in-one WP security plugin to secure WordPress website.
It is a comprehensive, easy to use, stable and well supported WordPress security plugin that secures a WordPress website by offering unmatched security and firewall features.
If you run a WordPress website that allows user registration and login then All-in-one WP security plugin can stop brute force attacks and forced login attempts.
Update the old software and scripts to the new version
It is highly recommended that you upgrade to the new version of software(s) and scripts running on your server.
Either you can ask your web hosting provider to install the latest version of OS, scripts and databases or you can do it manually through the administration panel of your hosting account.
Most of the web hosting providers always run the latest version of software(s) and scripts on their servers but in case you notice that your hosting server is still running outdated versions then it is time to update.
Why updates are recommended? Because new software versions are released to largely patch security loopholes discovered in the previous releases and updating to the latest versions also speeds up your website.
Please don’t take this lightly as outdated versions of WordPress, server OS, web server software and databases are vulnerable and you are risking your website and data running outdated versions.
If you’re rolling your eyes at this, I’m with you — there’s nothing more painful than having to constantly check, test, update and discard stuff that doesn’t work.
If you are getting restless about this then it is time to login to your Admin Panel of WordPress as well as your shared web hosting account and check what’s need to be updated because your digital business identity is everything when it comes to being successful online.
There are several methods and techniques to secure shared web hosting account and we have tried to mention those methods that you can easily follow to secure your hosting account.
There’s no one technique or method that can secure shared web hosting account as there are new types of threats that emerge almost everyday and the topic of security keeps evolving.
When it comes to WordPress, it’s not a very secure platform by architecture and so does the WordPress Shared Web Hosting services.
So, it becomes extremely important to choose a well-known web hosting that offers top-notch security and reliable hosting.