When looking for web hosting, many of us can find ourselves guilty of pursuing factors which influence our choice, such as price. Although technically this is correct since all our needs are different, I find that many people are often swayed the traditional price-performance ratio issue.
We often fail to look past that towards the details that can really matter – one of the most important of which is security and reliability. The issue of security can mean the difference between huge amounts of downtime leading to potential loss of revenue and a smooth sailing website.
How much time and effort you need to be prepared to dedicate to your website security can depend quite a fair bit on who you host with and what plan you buy in to. I have worked with many web hosting providers before and the experience can vary greatly, from a nightmare to a sweet dream.
Ideally, you will be able to find the latter without having to face nightmares when paying your web hosting bill!
Here are some of the things you can look out for in terms of security when shopping for a web host,
1. Secure FTP
Using a web host will always mean that you need to move files onto a remote server. One issue which may arise is during the transfer of files itself. If you attempt to move files over an unsecured connection, your data could possibly be intercepted and stolen.
To prevent this, some web hosts allow the use of SFTP which almost all FTP clients like WinSCP can handle. SFTP makes use of the SSH protocol to ensure that the connection between your client and the server is authenticated and safe for use.
2. Secure Sockets Layer (SSL)
An SSL certificate is a digital certificate which resides on your server and acts as proof to incoming connections that your site is what it says it is. This helps users know which sites are safe to browse or not.
While all hosts support the use of SSL, not all of them will help with SSL or have free SSL – Let’s Encrypt, which you may need for basic websites. By looking out for details on SSL handling by the host you can at least hope for some minimal level of assistance.
3. Site Backups
While you may think that this is a “duh” point, it is important to ensure that not only does your potential web host offer backup facilities, but there are also other details entailed. For example, how often are the backups performed and how many image copies of each data backup are carried out?
Aside from backups, try to learn about how data can be restored. For example, do you have to wait for technical assistance from your host or can you do a self-restore when necessary? Always keeps independent backup copies in addition to the backups your host claims to carry out.
4. Server Maintenance
Servers are fragile equipment and prone to faults at times. This can be mitigated by the routine monitoring and inspection of servers, in addition to periodic maintenance. Remember that server maintenance not only applies to hardware but software as well.
A web host which carries out regular maintenance is less likely to fall prey to issues such as vulnerability exploits or the like. Ideally, your web host will publish a formal security protocol – the strongest indication that it has a server maintenance regime.
5. Malware Scanning
Of course, just as individual computers are liable to Malware infection, so too are servers (they’ve just computers too!) make sure that you look out for a server which has an active Malware scanner which routinely does sweeps of its servers. Ideally, the Malware scanner would do this in real time, but there are pros and cons of that as well.
Malware infections can do more harm than just bring down your website. If you get ‘marked’ by search engines like Google as being infected by Malware, they will attempt to divert web traffic away from your site!
6. Ask the Right Questions
Reading through specification lists is great since you will be paying attention to detail. However, there may be cases when some of what you need to know may not be spelled out in black and white on the web host’s site.
Get in touch with a customer service representative and see if they will answer some questions for you. Most of them will have all the answers you need. To learn more about the host, try to ask more questions such as the following;
- What are your protocols in case of a DDoS attack?
- What level of support will I be given in terms of security?
- If my site gets infected with Malware how will you respond?
- Can you share more details on your backup and recovery process?
- Are all your accounts isolated from each other?
- How long are your server logs kept?
7. Track Your Site Status
At the end of the day, it is also important to take some of the burden of site monitoring on to yourself. This doesn’t have to be difficult or arduous thanks to automated tools such as Uptime Robot.
There are literally a ton of tools like this you can configure to send you an alert if something goes wrong with your site. Knowing quickly will help you get in touch with the support staff on hand at your web host which will (hopefully) minimize potential downtime.
Security for your website isn’t a one-way road which you have to traverse on your own. With the assistance of a good host and the right tools, you can make your website a safe, reliable place for your visitors which doesn’t need 24/7 expert IT staff to monitor.
Focus on core security concepts and ask the right questions before you sign on and you will be way ahead of the pack in terms of security. Of course, there are other ways to secure your site more directly, but those can take place regardless of which host you sign up with.
The same is true for security and compliance responsibilities when moving to a hosted cloud environment. Your provider will have a set of items they are responsible for, and you as the customer will have items that you are responsible for.