How to ensure your site has the right kind of security, plus keep your critical web & domain credentials secure and accessible.

It’s Sunday evening and you get a text message from a friend of yours who is also a customer. She says “hey, thought you’d like to know your website is down!” What do you do? Call your hosting provider. Most likely there is a simple, fast fix for this. However, we’ve seen too many times where it isn’t. Where the call goes like this:

“Hey, my website is a blank page!” 

“One of my clients just told me you cannot log into my membership/courseware website any more” 

Or worst yet:

“My website has been defaced!” (Although this is much more rare these days.) 

These scenarios are worthy of a few minutes of panic. Let’s explore how this goes if you do not have good website hosting (and what, precisely, that is.)

  1. You call your hosting provider to be told that they only back up your site weekly or monthly so your last backup will take away orders or customers from 7 to 30 days ago, not to mention all of your updates in that time
  2. You call your hosting provider to realize that the database that runs your membership/courseware system is damaged and the backup is 30 days (or 7 days) ago. You will lose member data, registration data and other critical information. 

If you have good, quality hosting with 24/7 monitoring and exceptional humans behind the scene:

  1. You call your hosting provider to discover that your backup is from 12 hours ago. It’s restored in 15 minutes.
  2. Your provider restores yesterday’s database backup in 60 minutes and your course site is working again.
  3. Your site is restored to it’s previously backed-up state, and credentials are changed to protect it.

Hosting matters. Quality hosting doesn’t go down very often, it’s easy to get ahold of your tech team and someone you know personally is on the case. 

If you’re hosting with SaaS platforms like SquareSpace, Shopify or BigCommerce, you have some of the same issues but you’re not at all in control of these. You can put in a ticket, but you’ll have to watch their status updates page for alerts on when they’ve resolved the issue. The good news is, these companies have 24/7 monitoring (like all good hosting does) and someone is on the case, although you probably cannot talk with them via phone or text. You may have to wait a few hours for your site to be restored. 

How often do these things happen? Do you really need to worry about it? Today, the complexity of web security and servers is much greater than it used to be. And the bots are more sophisticated.

There ARE things you can do to protect your website:

A server’s security is one layer

A website’s security is another

The first involves choosing good hosting, this is server security. Your hosting provider should do at a minimum, daily backups that can be restored for you. They should offer malware scanning, and have security alerts you can sign up to receive. Check your current package to see if these things are being done. If not, request these services ASAP!  Anything that seems suspicious, get on chat with them right away to ask if the notifications are legitmate. 

On your site itself, run good security tools – we like and install the iThemes suite – iThemes Security Pro, Updraft Plus or Backup Buddy.  We have daily, weekly, monthly backups set to run automatically both at the server AND on the website itself. We run login analyzers (no more than 3 attempts before the IP address is blocked), including Loginizer Security.

Most hosting providers will not help you with  your WordPress or other software installed on their server. Only SaaS providers (like SquareSpace, Shopify or Big Commerce) will do this for you. You’ll be responsible for your own WordPress installation or commerce applications, so be sure you know who manages your website, what they’re doing and what tools they have to protect and secure your site. Your host should have experience with website security and disaster recovery (even taking courses online to help them stay up to speed on vulnerabilities.) 

Above all, security is WORTH any investment required. In a world where your web presence is everything, having it go down would be disastrous and losing data could be catastrophic. Fortunately, it’s straightforward to install, configure and protect your online assets. 

Interested in learning more about web security? Fill out our form below: