Access RestrictionWeb hosts should limit access to their machines included in the infrastructure. This access should only be reserved for trained and authorized technicians. SSH (Secure Socket Shell), or its equivalent, should be utilized when logging into the server. As an added precaution, password-protected RSA keys can be used. A host can also whitelist authorized IPs for maintenance. Clients can do or modify this through the control panel included in their account. Logins from the user root should be disabled in order to prevent bad actors from exploiting this access point. Equivalent permission can then be given to authorized admin logins.
Network MonitoringA web hosting company should regularly monitor the network for intrusions or unauthorized activity. This helps prevent server or other related issues from eventually growing into a bigger problem.
SSL and FirewallSSL (Secure Sockets Layer) encryption ensures that sensitive data flowing through a website is kept secure and private. It allows users and visitors to place their trust in a website. However, while it secures the communication between a website and a user, it does not necessarily secure the server from a cyber attack. A WAF (Web Application Firewall) is required to monitor HTTP traffic flowing through web applications. Unlike a network firewall, a WAF provides more specific security because it understands the specific requirements of a web application. With some configuration, it can even prevent SQL injections, cross-site scripting, vulnerability probing and other techniques.
DDoS PreventionA DDoS (Distributed Denial of Service) attack is a simple yet effective cyber attack that can plague popular websites. Through this attack, bad actors flood a website’s servers with so much traffic that it becomes unavailable to real visitors. DDoS is hard to handle when it’s already occurring. Therefore, the best solution will always be for a web host to take precautions against DDoS attacks before they happen. They should also have the proper tools to mitigate DDoS attacks when they do occur.
Malware Detection and RemovalWeb hosts should inform clients of the protective actions each party must respectively perform to secure the website. Regular file scans should be performed on client accounts who should then be allowed to see the reports. This is usually a feature in any decent hosting plan. Finally, a hosting company support plan should include help in identifying and removing malware. Software like ClamAV and rkhunter can be installed to keep malware out a host server.
Operating SystemIf you’re an individual looking for a web host, one of the options you’re given is the OS (Operating System) of your web server. There are currently two operating systems to choose from -- Windows-based OS and Linux-based OS. Clients choose which of the two they prefer based on their site’s technical requirements. Needless to say, these two operating systems have respective security advantages over the other. Windows-based web servers limit access by default. Users are logged in as standard users and will need to request permission and enter a password before they are allowed to enjoy the privileges granted by the main administrator. This can, in theory, prevent an intruder from doing any real damage whether that intruder is a malicious program or an employee. Additionally, only authorized Microsoft personnel handle these web servers in the event that a security flaw is detected. Not only does this mean that you’re getting assistance from well-trained Microsoft programmers, but you’re also preventing dishonest individuals from exploiting these flaws. On the other hand, Linux-based web servers come with fewer known threats since the Linux OS isn’t as widely used as its counterpart. Also, most hosting services can install programs that protect Linux-hosted sites from Windows-targeted malware. In the event that flaws are spotted, the open source community behind Linux usually responds quickly to patch the problem.
Password and User AccessPasswords should be matched with the different user categories for a website. The strongest passwords should be reserved for admin staff and guest authors since they have the most potential to impact the site. In the event of a suspected hacking attempt, all passwords must immediately be changed. These changes can also be required when updating the CMS (Content Management System). The importance of formulating strong passwords must be stressed to all users. Alternatively, a password manager can be utilized to both formulate and keep strong passwords. Avoid usernames in the form of “[email protected]” as they’re quite common and easily attacked. Lastly, the different user categories must be permitted with only the bare minimum level of access privileges they need for their purposes. Never allow unrestricted file uploads and limit these uploads only to what users need. This helps prevent intruders into the site.
Plugins, Applications, and UpdatesWhen selecting plugins and applications for a website, consider their age, amount of installs and updates. This lets you find out whether or not the software is still active. Inactive software may be rife with security issues. Only install software from trustworthy sources to protect from possible malware infections. Remember to immediately change default settings, such as login credentials, to prevent them being used in hacking attempts. Your CMS, and all installed software for that matter, must be immediately updated whenever the updates become available. This prevents hackers from exploiting the security vulnerabilities possessed by the older version of these software.
BackupsAn offsite backup is a must for larger sites. These backups should be automatic and frequent in order to maximize site uptime despite server failure. Automatic backups ensure that they don’t depend on fallible human memory. Frequent backups ensure that they keep up with the latest content from the website. You might also consider encrypting the data on these backups to add an extra layer of security to sensitive information. These backups will then need to be tested to determine if they work as intended. Always keep fresh install files for installed software. This ensures that a clean working copy is available in the event that the current software malfunctions or becomes compromised.