InMotion Hosting recently published an excellent blog post on Digital Security and Keeping Your Website Safe. I’ve listed below what I consider the most important tips from the list along with some comments based on my own experiences.
Make Sure All the Software on your Server is Up to Date
Experts agree that the biggest vulnerability most site owners have is outdated software. It’s always extremely important that you install the latest updates to your website software containing security patches to prevent attacks. But, it’s equally vital to make sure all of the other software on your server is up to date—even if you rarely or never use it. Ideally, you would delete any extraneous software you’re not making use of on your server. In any case, if you have software on your website server, make sure it’s up to date!
I definitely speak from personal experience on this topic. Years ago, I had a Joomla site that I wasn’t doing much with. Unfortunately, I had also neglected to update to the latest version of Joomla. So, you guessed it. Not only was that site hacked, but other sites of mine on the same server were also affected. Bottom line: Keep your software updated!
Use Rotated Complex Passwords
In addition to lower case and capital letters, numbers, and special characters, a great way to make your passwords harder to crack is to include a longer phrase as part of it. This is a great tip that I’ve used to prevent automated malicious programs from guessing my passwords. For added security, it’s a good idea to rotate or change your passwords periodically. And of course, don’t use the same password for everything.
Check File Permissions
File permissions determine what level of access a user has to those files (read, write, execute). File permissions are represented by a hex number determined by what options are allowed (e.g. a value of 777 means that anyone has full access to that file). You normally should have your file permissions set to a lower value. And, if a software vendor states that you must set your permissions to 777 in order for the program to work, I’d look to a different software package!
For the complete list of website security tips, be sure to check out the InMotion Hosting Blog.