Even though your website is hosted by a large web hosting company, you are still vulnerable to being attacked. It is up to you, as the website owner, to take responsibility for ensuring your websites are as secure as possible.
The number of internet users grows significantly each day, and many businesses are now run solely online. This means that there are plenty of opportunities for any type of site to become exploited. Unfortunately, there are hackers out there just waiting to inflict damage on as many sites as possible.
While any web host should have certain precautions in place, you want to add security into your list of considerations when selecting your hosting company. Some companies seem to be more vulnerable than others. In the last year or two, Hostgator has seen lots of outages and security issues. The result of this is that they have lost business due to their customers moving to other hosting companies.
A likely reason Hostgator has seen so many attacks is because they are one of the most popular and widely-used hosting companies; there’s not anything inherently “wrong” with what they’re doing, and the way they do things is pretty much the same as every other hosting company.
Highly trafficked servers are attractive to hackers because once they get in, they can inflict a greater amount of damage over a wider range of websites. A small no-name hosting company may only house a couple hundred or thousand websites, whereas Hostgator’s website claims that they are now hosting over 9 million domains!
Things to watch for include what type of methods your hosting company offers for uploading files. Most hosts will offer FTP (file transfer protocol) and this method makes use of a FTP client, such as FileZilla, to transfer files.
Another way to transfer files that is more secure is to use SFTP (Secure File Transfer Protocol) which provides the user with an additional layer of protection. SFTP is available on most hosting accounts these days.
Having an encrypted path from your browser to your web server is another priority, especially for ecommerce sites. Adding an SSL (secure sockets layer) certificate to your website helps keep all of your (and your customers) information secure as it is being transmitted from your web browser to the Internet. This includes banking information, emails, names and addresses.
Getting into the habit of performing backups of your website should be high on your priority list. If your host provides you with Cpanel access you can schedule your backups yourself. Ask your hosting provider how often they run backups and how they store them.
A good host will also have a sound practice in place for maintaining and updating their servers. This helps reduce the number of possible attacks and ensures that you have access to all the latest tools and resources inside your hosting account.
There will also be maintenance you need to do from your end on your website. For example, if you run your sites on WordPress, they come out with updates quite frequently. You will either have to install these updates yourself, or hire someone to do it for you. They are very easy to do and most are completed within a few minutes. It is suggested that you always backup your files before running any type of update, whether it be a WordPress core update, a theme update, or a plugin update.
Bear in mind that securing your website is a two-way street. Your web host should be doing all they can to minimize any downtime and prevent attacks. Then you need to do the same by not uploading scripts and software that have not been tested thoroughly, and by performing updates when needed.