Shared hosting is the most popular choice by lots of people for its ease of use, low cost and rich features. Comparing to all other hosting solutions, we can put up website online in least time. However, because of the shared environment, there're hundreds or even thousands of other websites, security is a must concern. We have reviewed the top tactics for website protection under shared server and hopefully our readers will benefit from it.
Unlike VPS or dedicated server service, there're many uncertain factors for security setup. What we can do is to apply as much rules as we can to ensure the best security for our websites.
Use strong password
Strong password should be used for whatever online service. No matter for hosting control panel or website admin login, it's necessary to set a strong password and keep it at safe place. You might also consider to change passwords every few periods for best security. If you operate a business website, it's necessary to apply a fail try blocking so people who try to login via bad credentials will be blocked.
Use secure website software
Website script is core of security. No matter if you programmed by yourself or use any existing CMS, you should evaluate its security seriously. More and more people use cms softwares today thus it's crucial to use the right one. This includes two points – The software overall performance and your familiarity to it. Because many softwares are open sourced and everybody be able to view its source codes, you must find a reliable solution. Those leading softwares like joomla/drupal are supported and tested by thousands of users with frequent security fix. They're highly recommended if you like to use such solutions. Those less popular solutions should be avoid for business site creation since there's less support articles and you can't learn good experience from other users.
No matter what software you use, it's quite important to keep updated with the latest software release. Those vendors are always active in collecting customer feedbacks and do testing by theirselves to find security holes then apply hot fixes. Once there're enough bugs to fix and new features requirements, they will release new versions. Hence it's crucial to keep updated on your website for best security protection.
Disable database remote access
Mysql database remote access is disabled by default in . Web masters always have to enable the connection for easy remote maintenance. But once you finished the work, you should disable this feature so no people can hack into your data easily.
Scan your files regularly
This includes both file permission and virus affections. Many security issues are produced by permission settings other than website itself. By default, all permissions are good enough in control panel because it's generated by optimized server settings. However, we always need to edit it sometimes. For example some app installations require full 777 permissions to proceed, but once installed, we don't have to keep everything under such permission so we must remember to reverse it back.
For other website volunabilities, we highly suggest use some reputable service like 6scan. Once we set the service, 6scan will frequently check your site and give out good reports for potential security issues. The best of the best is it will provide step by step fix. We personally received multiple warnings from 6scan service and applied several crucial fixes.
Use a good hosting provider
The most important part. No matter how you secure your website, if it's hosted on bad server with bad support, all your efforts worth nothing. A good web hosting service will save your half work in configuring a secure site. What's considered a good hosting regarding to security?
- Leading server/network setup. Server hardware/software should be up to date and installed from reputable data center space. It's the best if hosting company manages their own data centers.
- Good selling policy. No overselling can avoid lots of potential issues no matter for performance or security.
- Ease of use. An ease of use service can simplify the process of securing account & fixing potential issues.
By following above rules we might have found it's not cheap to get such service. Price and quality are always on the same level. If we need high performance and quality security protection, those several bucks per year service should never be considered. Instead, a little more paying will actually save a lot in hosting a healthy site.