Potential Security Pitfalls In Web Hosting

It's more possible than ever before to run a website of your own and to get your words out there onto the internet - but it comes with a few pitfalls, not least when it comes to security. Here are a few of the most important things you should be thinking about when you consider security for your new website.

Password Safety

You'll have heard all this before, but it's important that you make sure you're careful to set good passwords. Different services have different rules for what your password should be, but it's worth bearing in mind that length is probably more important than randomness or a variety of characters - the famous example most often used to illustrate this is that "correct horse battery staple" is a much more secure password than "Password1!", despite the fact that the latter is more likely to be accepted by many sign-up forms.

Phishing Attacks

Phishing scams come up in all kinds of corners of the internet, and they can be a pretty big problem. Basically, you'll get what looks like an email from the customer service department of a service you use - like your web hosts, for example - that prompts you to follow a link to something that looks just like your web host's website, where you'll put in your username and password. The website is a clone, though, and all you will have done is give your password - and therefore full control of your website - to the phisher.

Thankfully, you can avoid falling prey to this by doing two simple things every time you get an email from your web host - or from anyone. First, check the address it came from; it should always be from the proper domain. (If your web host's URL is www.goodwebhosting.com, that bit in the middle is the 'domain' - and all emails from them should come from [email protected] to be legitimate.)

Second, never enter your username and password without checking the domain URL you're at. It should be www.goodwebhosting.com/login or something similar - if that 'goodwebhosting' part isn't there in the right place, before the .com or other top-level domain, you're putting yourself at risk.

Site Content

Make sure that you're limiting the damage a hacker could do if they did get in. Delete old and unwanted files from your website, and encrypt personal data like passwords or credit card details.

Scripts

Make sure that your scripts and other bits of code are well-written and kept up to date. Exploits are discovered all the time - the recent Heartbleed controversy is a good example of this - and while they're usually fixed very quickly (as Heartbleed was) those fixes don't magically come into place unless the script has been updated from your end. Keep on top of concerns like these, and be careful to only use code written by people who know what they're doing and know how to keep you and your website safe.