Although it goes without saying that the security of the server your website is hosted on is the responsibility of the service provider, you shouldn’t go and choose a provider with your eyes closed about it. In fact, you should be aware of at least the basics involved in keeping your site – and hence your visitors and customers – secure. This applies double if you own an ecommerce site.
People who do business with you should be able to do so without putting their personal and financial information at risk. You should take all it requires to ensure your servers and your websites are as secure as possible. Of course, in a world where everyone seems to be hacking into someone else’s site you might not feel too reassured or see the point of it – but you are still obligated to do the best you can.
When selecting a web hosting provider, you should be able to determine if they are the safest option for you. How do you do that? Below are a few basic standards you should look into:
Up-to-date Firewalls: a firewall is essential for any device that connects to the internet and especially if they are hosting providers. It should be regularly updated and configured as well as monitored by professionals.
Up-to-date Ant-Virus Software: a good hosting provider will have the latest version of the most effective ant-virus software; a better one will have at least two of them.
Physical Security of Servers: servers shouldn’t be accessed by unauthorized personnel, be it remotely or physically. A good sign of a hosting provider would be the amount of investment it has put into physically securing its servers. The best of them have server farms in more than one location to ensure continuity in case disasters strike.
Strictly Enforced Password Policies: although it might be a pain to remember passwords with special characters in them, good hosting providers make sure their clients use them. They also make them change their passwords at regular intervals. Again, this shouldn’t be taken as an inconvenience. A site is only as secure as its admin password – if that is stolen, all is stolen.
Identifying IP Addresses: a good hosting provider should keep track of the IP addresses of its customers. If someone tries to access their servers from an address that is known for hacking or malicious attacks the necessary precautions need to be taken. Methods of confirming genuine clients using email, phones or other proof of identity requests should be put in place.
Separate Free and Premium Hosting: no sensible hosting provider will offer free and paid hosting from the same server. The free accounts are often used by hackers to lure visitors to their sites where they infect their computers with malicious software. This can:
- Affect the other clients on the server.
- Raise a red flag that will make sites block the server’s IP address – thus effectively sealing off access to other entirely legitimate sites on the server.
- Destroy the reputation of the other sites for being co-hosted with a website that is known to be malicious.
Prevention or Limiting of Scripts: responsible hosting providers either fully block or allow very limited use of scripts and/or executable commands. This makes sense especially if the servers happen to be running Linux or other UNIX-based operating systems. Whether intended or not, lax control can result in clients running scripts that can damage (or even completely destroy) the server’s system files.
Monitoring, Maintenance and Back Up: keeping a server running optimally is no easy feat. Providers should ensure un-interrupted service by monitoring activities on their servers (caused by malicious code running , for example), regular maintenance needs to be done on the hardware as well as the software and regular backups should be taken to minimize disaster recovery times.
Server-Client Communication Security: web hosting providers should offer extended security features to their clients. Secure Socket Layer (SSL) certificates should be made available to ecommerce sites so all their communication and transactions with clients are encrypted. Similarly, SFTP or Secure FTP should be offered to developers or website owners so all the data they upload/download to/from the hosting servers are also encrypted.
PCI Compliance: not all the security measures are expected from the hosting provider. Clients’ sites too – especially if they are ecommerce sites – are expected to meet certain standards defined under “PCI Compliance”. A good hosting provider will ensure that all the sites on its servers meet these standards. A few of the rules state:
- Clients shouldn’t use default passwords of third-party software.
- Their customers’ credit/debit card data should be protected.
- Encryption of credit/debit card transactions should be implemented.
- Ensure all software and applications used on/by the site meet security standards.
- Restrict access to credit/debit card data to authorized personnel only.
So, the next time you go out shopping for a hosting provider take this list along and see which provider offers the most of the mentioned features – there you will find your winner.