I hope you find my writing and business tips and observations useful. My business and blog are dedicated to helping businesses communicate clearly and reach their potential.
Read, subscribe to my newsletter, enjoy!Tash
Website hosting security
After getting hacked earlier this week, I thought it might be timely to cover some things to look at for security through your web host – and as I am not a technical expert, I’d love to hear your tips too so we can all have the best chance of avoiding these time wasters.
So here are some tips from me…
- who are you sharing a server with? Dedicated server hosting is the most secure option but also a lot more expensive. My host has servers just for their clients which I see as the next best thing as at least I am not sharing with just anybody and my host has put some precautions in place (such as minimum 70 strength passwords)
- does your host/server have a SSL certificate? This may be shared with everyone on the sever but it certainly beats no certificate at all!
- where are the servers located? The recent flooding in Victoria shows the value of storing servers somewhere high (on top of a mountain isn’t quite what I mean though! Off the floor and preferably in a room protected against flooding to some extent). Are they protected from other physical dangers too?
- what physical security applies to the servers? Are they in locked cupboards in secure buildings? Is there 24 hour security (guards, cameras, sensors) turned on?
- what routines and programs does your host use to monitor the servers for attacks and errors? For example, my host now constantly runs a security scan and a program that detects prohibited activity
- does your host offer suitable privacy protection? Your information and your payment details should be kept private and safe
- who can access the server shells? This is the core of the operation and is where real damage can be done to websites – ideally very few people even within the host company can access this
- what back ups does the host do? where do they store these back ups (on site or remotely)? I’m glad to say my host does daily and weekly back ups so were able to reinstall everything from a back up after Tuesday’s attack – and they did a more recent back up of the databases, too. I would not have wanted to replace all that work and data myself or have lost it completely.
I have discovered that not many hosts cover this information on their website so I suggest you ask them questions. It is easy to just trust them and even to take the cheapest option but think about the consequences of loosing your website (for an hour, a day, a week…) or of having your website damaged and perhaps clients’ information breached. Makes asking a few questions a small but critical task doesn’t it?
According to WAtoday, the threat of an attack on a medium sized business has grown by 54% in the last year. That makes it a pretty big risk and something to be aware of in business budgeting, planning and contingency. I hope it never happens to you.
What steps have you taken to secure your website hosting?
Hosting location not important
Michelle of Shel Designs added an article to her latest newsletter about where your domain name is registered. She states that where your domain name and hosting are located are not important for your site’s ranking. In fact, she writes “Where it is registered or hosted will not affect the way Google (and other search engines) rank your site.”
I have had clients advised to change their registration and hosting to improve their rankings and it really annoys me when I know they could improve rankings easily in other ways instead of paying a lot of money to move without benefit.
The only ways I think hosting affects a website are:
- great distances between a site visitor/user and the server can make it a little slower. So hosting a .com.au site in Australia or New Zealand would make no significant difference but hosting in the USA might load a little slower
- time zones can make it harder to get assistance
- a drastic event near the server can impact a distant site even though the event wouldn’t otherwise impact on it. For example, when the tsunami hit Asia a few years ago, a number of cables were disturbed under the sea. If your site connected to its server via those cables it may have been unavailable whereas an Australian server connection wouldn’t have been damaged. Obviously, this isn’t a frequent occurrence.
Next time someone tells you to move your website, remember that a reputable distant server/host is better than a close one you don’t know or trust. And it really doesn’t matter where you register your domain name, other than for your pocket (there is a huge variation in registration fees.)
Recent Comments