Whether you have a shared hosting account, a VPS, dedicated server, or an entire data center, security should be a top concern. The following are some tips to help you keep your web hosting secure no matter what type of service you have.
1. Secure FTP – At some point, you are going to need to transfer files to or from your server. FTP is not a secure method, but you can use FTPS or SFTP in order to encrypt your login and/or transfer. This method will require you to login with a shell (SSH) account. If you do not have one, you should request one from your hosting provider.
2. SSL – This is particularly necessary for ecommerce so that you can secure transactions, but even if you are not dealing with money, you might still want to consider SSL if you collect any form of user information. For example, if you run a social site that requires user logins, SSL is a good way to protect user passwords and other data.
3. Backups – Backup everything important, and then routinely verify that your backups work. You never know what might happen, so backups are the only way to keep your data truly safe and secure. Use some form of offsite backup, either in the cloud or on a local storage device (preferably not your home computer).
4. Maintenance, Updates, due diligence – Patch security holes, run regular software updates, and do the normal security routines of checking log files for suspicious activity and using any security monitoring tools you have. The general theme here is to be diligent. Be proactive rather than reactive, and you can keep your server safe.