Web hosting security is not something you can tackle in one sitting. Actually, it is a full-time gig that may even involve some sleepless nights. If you are prepared, however, you can greatly reduce your website’s risk of exposure and make it easier to track and fix security issues in the event that they do arise. The following is a basic hosting security checklist that should help you get started.
- Delete unused stuff – This is purposely vague because it could relate to unused accounts, databases, scripts, applications, or anything else that is simply collecting virtual dust on your server. This “stuff” is not being maintained and could eventually pose a security risk. If you no longer need it, remove it.
- Secure passwords – We cannot overemphasize this point enough. Poor passwords are the easiest way for attackers to get into your system. Keep them secure and change them regularly. Using a password generator may help.
- Hide configuration files – You are probably running at least one script or content management system. If it has configuration files containing your password or other sensitive data, you should keep them out of your root document directory (i.e. public_html or www) and encrypt them whenever possible.
- Secure file permissions – Very few people need more than read access to most of your files. eneral files on a Linux or Unix system usually have file permissions set to 644. If you do not need to make something executable or writeable, do not.
- Secure your local machine – It sounds improbable, but your local computer could pose a security threat to your website. Malware of various types can be transmitted, and if your local machine has been compromised, a hacker may be able to use a keylogger to glean your password from your FTP or other connection software.
Hosting security does not have to be frightening. Using good common sense and proactive caution, you can avoid many disasters and mitigate others without much difficulty.