You have a website, possibly built with WordPress (over 27% of websites are) and it’s all working nicely. You can just leave it to tick along, doing its own thing right?
As a provider of web hosting, I’d like to share some of the common issues we see clients facing on a regular basis. If you recognise and address these issues you are more likely to see your website running like clockwork.
1. Assume your email account is under attack
Someone somewhere (or most likely an automated programme) will at some point attempt to gain access of your email account. Web hosts have mechinisms in place to deflect such attacks but your password is the first line of defense and needs to be secure.
The attackers motive may be to gain access and then subsequently reset a password on a service such as Paypal or your banking account for moneytary reward. It may be so they can send spam to litteraly thousands of recipients. It does not matter that you only use your account for infrequent mail or mass mail, the hacker does not know this and will be attempting to gain access.
Your password must therefore be secure. Sadly as much as we tweet, email and write to clients advising what a secure password is, many choose not to implent one. If your password includes a name or a dictionary word — change it. Now. If you can remember your password — change it. A good password looks like “h b&*FDJkJT7*3\” — not “apple123″.
2. Assume your hosting account is under attack
Someone somewhere (or most likely an automated programme) will at some point attempt to gain access of your hosting account — sound familiar? It does not matter what the content of your site is — an attempt to hack it will be made. If your hosting account password is gained then not only can your hosting be deleted or modified but your email and databases also. Again, ensure your hosting account is protected with a secure password.
3. Update your scripts regularly
If you run a popular script, WordPress or Joomla for example, you are at risk from hackers that run programmes to detect the presence of the software and then systematically and automatically attempt to crack vulnerabilities. If you are not running the latest versions of the scripts it is only a matter of time before vulnerabilities are identified and taken advantage of. Thankfully the update process is getting easier with some software supporting automated updates. Take advantage of this functionality if it is present in your applications.
4. Don’t ignore communications from your web host
As a webhost we email clients from time to time with important information concerning the operation of their website. Just recently we emailed every client advising of an update of PHP and mySQL. We also posted on our social media channels but still some clients were not aware of the upgrade having simply deleted the email. As a result, their sites stopped working as they had not upgraded their software to a newer release to run on the current stable editions of PHP and mySQL. Make sure you subscribe to at least one communication channel from your host and always read the messages to see if they could impact on your service.
5. Backup your site
Most webhosts backup servers, but often only in case of a catestrophic server failure not to repair or resore individual sites or files. It is therefore vital you keep a regular backup of all your site files. This should include email, databases and all the files on the server.
Frequency of your backup will depend upon how often your content changes and the impact of the changes. A billing system used for invoicing clients may need to be backed up several times a week whereas a static website may only need backing up quarterly.
6. Be aware of, and take steps to prevent malware
Malware is short for malicious software and it represents a serious security threat to both the server and visitors to your website. It occurs when a third party, usually a hacker of some form, places code on your server with ill intent. Maybe to redirect visitors to another site, assist in a Distributed Denial of Service Attack or to spread a virus.
The most common causes for a site to become infected with Malware are:
a. Outdated scripts (such as WordPress or Joomla)
b. Outdated script plugins
c. Inappropriate file permissions
d. Insufficiently secure passwords for databases and FTP
f. XSS or SQL Injection (usually as a result of outdated scripts or poor code)
Sucri, a company that specialises in the removal of infections and malware and the ongoing monitoring of sites offer a free scanning service at http://ow.ly/sO7bN. It is worth checking your site from time to time to see that everything is in order.
7. Check your disk space and bandwidth usage
A common sign that something is wrong with a website is an increase in bandwidth or disk space usage. If you notice a spike, just check things are as they should be. Check your email usage in case your hosting has been compromised and is sending thousands of spam emails promoting the benefits of viagra!
8. My site is not available!
If you can not view your website or access email the first action is to determine if the problem is just for you or everyone. Many webhosts will block just your access to the server if you enter an email or FTP password incorrectly a few times. It’s inconvenient, but could be helping protect your content.
You can test to see if just your IP address has been blocked or if your website is down for everyone at http://www.downforeveryoneorjustme.com. If the site is just down for you, it may be your IP address is blocked. Some hosts offer tools to unblock your IP address.
A quick fix if you can’t access your site may be to reboot your modem/router. This often forces your ISP to issue a new IP address, one not blocked by your webserver, and therefore gives you server access again.
And finally some bonus tips regarding passwords!
Protect your password:
- Memorize your password, do not write it down. Consider using a tool like Lastpass or 1password.
- Do not share your password. Create a new account instead..
- Never use one password for all your logins.
- Don’t provide your password to someone for assistance unless you verify they need the password and they are who they say they are.
- Avoid logging in from public computers.
- Change your password frequently.
Tips for choosing a password:
- Avoid dictionary words.
- Avoid familiar items (names, phone numbers, etc.).
- Use a combination of letters, numbers, and special characters.
- Use more characters (8+).