Although reliable web hosting providers make it a priority to secure their networks and the hosting environments of their customers, it is still advisable to take it upon yourself to make sure your website is secure.  If you have no idea of where to start, use this checklist as your guide to preventing a security disaster

Managed Your Site Over Encrypted Connections

Utilizing weak or completely unencrypted connections such as FTP or HTTP to maintain your website makes you quite susceptible to password sniffing and man-in-the-middle exploits.  Therefore, you should make it a habit to use proven encrypted protocols like SSH to securely access resources and transmit data.  If you don’t, someone can easily access your website and enjoy all the same privileges as yourself.

Consider Stronger, Cross-platform Encryption

While many do not realize it, SSL (Secure Sockets Layer) is no longer the powerful, impenetrable encryption protocol it used to be.  This is why you should consider looking into Transport Layer Security or TLS, the successor to SSL encryption.  Whatever protocol you choose, make sure it does not unnecessarily limit your user base like many proprietary-specific platforms have been known to do.  This could result in a resistance to use secure encryption mechanisms for those who need access to your site, especially those who require access on the back-end.

Only Make Connections from a Secure Network

Try to avoid making connections from networks that have unspecified security characteristics or those that are known for inadequate security such as the open wireless access at the local coffee shop.  This is extremely important whenever you have a need to log into your server for administrative purposes or to access vital resources.  If you absolutely must access your web server or site via an unsecured network, be sure to use a secure proxy so the connection to your destination is at least originating from a proxy on a secure network.  This can be done utilizing either an OpenSSH or PuTTY secure proxy.

Favor Key-based Authentication Instead of Password Authentication

Though it certainly provides some level of protection, password authentication has proven to be much easier to crack than key-based authentication.  The goal of a password is make it easier to recall login details and access secure website resources.  However, key-based authentication is more secure because if you create a single encryption key and keep it separate from the authorized system until needed, you will have stronger authentication credentials that are far more difficult to crack.

Never Share Login Credentials

Though convenient, sharing login credentials can lead to a number of security issues.   This is something that should not only be stressed to your system administrator or webmaster, but also every user that has login credentials to access your site.  Sharing such sensitive information only widens the probability of those credentials being exposed to malicious parties you don’t want anywhere near the fragile elements of your site.  The more these details are shared, the harder it becomes to create a trail that allows you to pinpoint the source of the problem.  To prevent this, enforce a no sharing policy and stick to it.

Related Blog Posts

• January 12, 2010 -- Important Web Hosting Security Terms (0)
  The search for a good web hosting company can be very confusing, especially with the ever increasing selection. Each company promises they are the best, so who ...
• August 19, 2009 -- The Need for Penetration Testing (0)
  By now, you have probably heard the saying that no website is ever 100% secure.  While this is certainly true, it doesn’t mean that you should not take every me...
• June 4, 2009 -- Tips for Keeping Your Website Safe (1)
  What most webmasters and hosting customers do not understand is that no website is ever 100% secure.  And while there are dangers seemingly lurking at every cor...