How to prevent hackers on your site part 1: Website Hosting

Wordpress Security
In light of the recent Optus hacking, there have been a lot of people asking us about their website security, and what they can do to help protect their site and their data. This post is the first of a new series in which we address the simple things you can do as a website owner to keep your website as secure as possible. The number one first thing you can do to help keep your site secure is to invest in quality web hosting.  

Why is hosting important?

One thing we’ve noticed over the years is that most of the sites we’re asked to fix after they’ve been hacked are self-hosted, or using a small company who offer hosting as a side-service. Although it’s quite possible to set up and run your own hosting platform, even as a solopreneur, often the people who set up these hosting systems aren’t as technically literate or have the time on their hands as professional, dedicated host platform companies. There have been, for instance, a number of companies providing a hosting service with a cPanel license that they’ve not kept regularly updated with security patches. In these cases, it doesn’t matter how well-maintained you keep your own site, hackers are able to get in via poor hosting security.  

How can I tell what’s a quality host?

This is a good question. Like most things, you pay more for quality. So if the company you’re looking at hosting with seems comparatively cheap it can be an indicator that you’ll get a below-standard experience. It’s important to look for a host that offers good service. The thrree we most highly recommend are Kinsta , WP Engine, and WPX. All provide excellent service as well as 24/7 support. SiteGround is also a reputable host, but not quite in the same league as the others. SiteGround is a little cheaper though, which can be important if you’re trying to do things on a budget.  

Other important features to look for

In addition to fantastic service (which all three of the ones we’ve recommended above do provide) there are three core services that can make a huge difference in your website experience:  

1.     The ability to have a Staging site

A staging site is a place where you can make alterations to a duplicate copy of your site before altering the live site. This can be very important if you want to make large code changes, as it gives you the opportunity to test things out and look for any potential problems without any down-time on your live site. Sometimes small updates or changes to plugins or code can have larger ramifications. It is infinitely easier to discover this and find the solutions when a staging site is available.    

2.     Back-up options

One of the biggest problems we come across when trying to fix sites that have been broken is the absence of regular back-ups. A good quality host should provide regular automated back-ups, and the sites we can restore easily usually have access to their previous 30 days worth of back-ups. We can simply then restore the site from a back-up, and add tighter security in the area that the hack occurred. Site owners who don’t have a recent back-up to restore from can sometimes find the cost of fixes or website rebuilds prohibitive, sometimes up to $2-3,000 or more. It’s wise to keep this in perspective when you’re wondering whether to spend a couple of extra dollars on your hosting bill each month for regular back-ups.    

3.     Geo-blocking options

Another factor we have discovered over fixing a number of hacked sites is that most hacks come from the same handful of countries. At the moment, we’re seeing a lot coming from Russia, not surprisingly, a couple out of the Ukraine, but also places like India, Romania, and some parts of South America as well. Geo-blocking gives you the option to block users from these specific countries, which can help a lot in terms of security. Geo-blocking can also help prevent spam attacks and Distributed Disruption of Service (DDoS) attacks which can be very costly in terms of lost revenue and customer confidence.    

Our experience

  We can’t recommend highly enough the importance of quality web hosting. We moved our site to WP Engine after a number of hack attempts, and since then we’ve had very few issues. On the rare occasions where we have been attacked things have been very easy to fix because of the comprehensive set of tools that WP Engine has to get customers up and running fast. Please note, even with good hosting it’s still possible for your site to get hacked. In the upcoming posts we’ll address some of the reasons this is the case, and other tips to keep your site as secure as possible.    
Comments (0)

Leave a Reply

Your email address will not be published. Required fields are marked *