Protect Your Website Before It Crashes
by Dharma Kelleher
It is a dangerous place out there, not only in the physical world, but online as well. Identity thieves, hackers, viruses, and malicious bots abound. Also, servers can fail, and databases can become corrupted. Keeping a website safe from these threats isn’t easy. Here’s how I do it.
Start with a Good Hosting Company
In my years as a web developer, I’ve dealt with all sorts of web hosting companies. Some are amazing (and usually pricy), while others are an absolute nightmare to deal with.
Most hacks don’t come through an individual website. The server itself is hacked, often because the software wasn’t updated and the hacker found a security hole. A good host updates their hosting software regularly.
My favorite hosts include WP Engine and ICDsoft. Others, including Bluehost, Dreamhost, and A Small Orange aren’t too bad. I’m not a big fan of GoDaddy. And you should avoid Yahoo, Web.com, and MediaTemple. These opinions are based on my experience as a developer. Your mileage may vary. If you love GoDaddy and it works for you, that’s fine. But there are better hosts out there.
Use a Secure, Updated Platform
A secure website uses input validation (making sure users enter the correct type of data in forms), data sanitation (making sure data from the database are of the proper type), and other security protocols to protect against malicious code injections that can destroy a database and bring down a website.
Most content management systems (CMS) such as WordPress, Joomla, and Drupal follow these practices. They are regularly updated to plug newly discovered security holes, as well as improve overall functionality.
One potential vulnerability with any CMS is plugins, which are often developed by third parties. If the plugin developers don’t properly secure the plugin, it could expose the website to hackers. Use only plugins that are updated regularly and highly ranked.
Use a Security Plugin on Content Management Systems
As a WordPress developer, I use the iThemes Security plugin to help lock down a website. It’s free, comprehensive, and easy to use.
It blocks you from using “admin” as your user name. Until recently, WordPress used “admin” as the default username. This made a hacker’s job that much easier because they already had half of a user’s login information. iThemes Security also prevents you from using an easy-to-hack passwords, preferring more complex, randomized passwords.
This plugin can block after-hours access to the back end of your site and detects brute force attempts on your login screen, blacklisting the IP addresses generating those attacks are coming from. You’d be surprised how often this happens.
Security services such as Sucuri are also an option.
If you use a CMS other than WordPress, research the available security plugins for your framework.
Back up Your Site Regularly
Most decent web hosts back up their servers nightly. Or so they say. I recently ran into a situation where a host claimed to do that, but couldn’t find the backups after the RAM card on a server went bad. I nearly lost a week’s worth of data.
Fortunately, I use a premium (not free) WordPress plugin, also from iThemes, called Backup Buddy. Oh, how I love this plugin. I use Backup Buddy mostly to migrate sites from one server to another or from one host to another. However, Backup Buddy is primarily designed to generate regular backups and send them offsite to an email address, a Dropbox folder, etc.
A CMS is run from a combination of files and a database. With Backup Buddy, you can run a backup on just the files, just the database, or both.
I generally run a full backup once a week and back up the database (which tends to be smaller) daily. You can set the backup schedules based on how often you update your site.
With Backup Buddy, I can have a crashed site back up in minutes. It is fabulous.
Remember, it’s a dangerous virtual world. Be prepared.
Dharma Kelleher writes gritty, engaging fiction about gay, trans* and queer-identified characters. She works as a professional web developer for ZenPunk Web Works. Her hobbies include riding motorcycles, making snarky comments on Facebook, and shocking people with her latest haircut. Learn more about her and her writing at dharmakelleher.com.