Web Hosting Guide
Website Security

Website security entials more than just relying on your web hosting provider having an SSL secure server. You must also do your part to ensure website security for yourself and your customers. This article provides the minimum amount of website security you should consider for your website.

Website security is not just one thing and may vary from site to site and from web host to web host in the details of how it is managed. Website security almost always, however, includes the following:

• Using SFTP instead of FTP. SFTP stands for Secure File Transfer Protocol and it is a secure form of the FTP web hosting protocol. Unlike FTP, SFTP encrypts the files and folders that it is used to upload and download, whereas simple FTP sends data in plain text. Plain text data can be subject to snooping, and the password information, as well as the data, can be obtained, allowing the entire system to be compromised. SFTP encrypts the log-in as well as the data, making it much more difficult for the password to be collected from outside. Your web host's Help Center will provide you with more information about using SFTP.

• Creating Password Protected Directories. If you have more than one person with access to your website or want to keep the search engine bots away, you should password protect the directories that you want to have secure. By setting up FTP users, you can control access by people. Again, your web hosting Help Desk will be able to provide additional information.

• Change the Default Passwords for Your Control Panel. Altering the log-in username and password on your control panel as soon as you access your account for the first time (whether you use a set-up wizard or some other means) is a good idea to increase your website security.

• Use Secure Control Panel Log-in Techniques. This may vary with your web host and the control panel they provide. For cPanel, for example, HostMonster advises logging in directly rather than through their site, using the URL <http://www.YourAddress/securecontrolpanel>, where your address is your domain name. Using this method encrypts the log-in, preventing detection. HostMonster warns that if you do not have a private SSL Certificate for your domain, a security warning will be triggered by this action, but they say that this can safely be ignored and does not affect the log-in security.

• Use Strong Passwords. Considering that some websites that you use probably have security restrictions for password creation (such as minimum of 6 characters, no real words, mix of letters, numbers and symbols required), you might be able to guess that this is a good idea for you to do with your own website. It's also worthwhile to have different passwords for different aspects of your site, such as your control panel, your FTP user accounts, and your email: even though it may challenge your memory, it will make your site safer.

• Check the Permissions on Your Files and Folders. Just as the files on your computer have permissions, so do the files on your website. Make sure to set them as desired after you upload them.

• Choose a Web Host That's Serious About Security. Your website security doesn't only depend on the steps you take to secure it: it depends on your web host having ssl secure servers and data center, an efficient cooling system, a well-maintained fire suppression system, and regular back-ups. Choose your web host carefully.

• VPS and Dedicated Hosting Are Safer than Shared Hosting. 

Separation from other sites is safer, period. You are not as vulnerable to the choices that other customers make and you can implement protection that isn't allowed on shared sites.


Only $2.25/mo, Free Security Suite, Unlimited space, Unlimited bandwidth - Host Unlimited Sites!
Visit iPage

Only $3.49/mo!!! for Unlimited disk space, Unlimited bandwidth and Solid Web Hosting.
Visit BlueHost

Starting at $1.00/mo, PHP & PERL, 10 GB Storage Space, Unlimited Data Transfer, Microsoft FrontPage™
Visit GoDaddy

Only $3.96/mo!!! for Unlimited disk space, Unlimited bandwidth and Best Green Web Hosting
Visit GreenGeeks