If the security of your website or blog is not something that you worry too much about, then you might want to start giving it at least some consideration. Some unlucky web owners are experiencing their sites being attacked repeatedly despite, in their opinion, having done everything possible to prevent it. But have they?
Given that so many websites are stored on a shared server and are meant to be protected by the host that is housing them, it’s disturbing that so many recorded hacking incidents and attempts are reported with such regularity. If you are one of the small to medium sized web owners who pay your host to keep your sites safe, then it might just be time to reconsider your position on the matter, and review if shared hosting is giving your online assets the protection that you expect.
One of the reasons that website owners choose a particular hosting company is because of their security guarantee. This applies to all levels of hosting, so it is not surprising that those with smaller sites opt for the shared server facility as a way to save money.
Security protection, plus lower price point, equals cost effective hosting for the average and more serious site owner alike. Any genuine hosting company will present to their shared server customers that, despite the lower hosting fees, they offer regular backups, maintain extensive firewall guard and safety measures from all hacking efforts. These hacking attempts can and do commonly occur in the following forms;
- Phishing – hackers break into shared servers to update the server configuration, allowing phishing pages to display from a subdirectory of every site hosted on the affected server. Phishing encourages the site users to enter private details into a fake website that looks almost the same as the original.
- DoS and DDoS – denial of service and distributed denial of service hacks flood the servers with fake traffic, so internal access is not required to indefinitely suspend the servers access to the web.
- Rogue access – wireless access points that have been left unsecured by ignorant hosting staff allow for outside breeches and entry by hackers
- Back door access – hackers take full advantage of configuration issues, administrative errors, poor passwords and improperly secured dial ups.
In all of these events, the hacker’s purpose is to crash servers, bring down networks and gain access to customers’ personal financial and other details.
Despite what you might now be thinking, servers by default are very secure. The security problem specifically for shared servers however, is that there can be more than 500 people on the same server, each with their own FTP account. With so many people sharing the one server, the inexperienced or lazy account holders in the group will use extremely basic passwords.
These passwords are easily cracked by hackers who can then gain access to that person’s other sites, often because the same passwords are used on all sites. Such simple errors by web owners are amplified when hackers run automated scripts against server passwords. Additionally, a break-in on one account on the server exposes the rest of the sites on that shared server. With easy passwords being such fair game for the unethical, it is difficult to blame the hosting service for these incidents of break-in.
Hacking can however, occur also through vulnerabilities in control panel administration, as well as in security holes in plugins and addons in applications like WordPress. If you are one of the site owners who stores their websites on a hosting company’s shared server, then here are some tips that can help you to thwart the attempts of hackers to access your properties;
- Upgrade the applications you are using, in particular WordPress. This will help to prevent automated scripts picking up holes in older versions. This also applies to older versions of themes and plugins.
- If you are using WordPress, then secure and harden it
- Change your user identity to something other than “admin”, plus use a better password than for example password123
- Upgrade applications (help desk, forums) other than WordPress that may also be leaking entry points.
- Communicate with your web host to ensure where possible that the newest version of their operating system, like Linux, is operating.
- Be wary of any contact from ‘your’ web host asking for password or personal details.
Any website can be fair game for the sinister intentions of hackers and, like it or not, that includes sites on shared hosting servers. With the popularity of this hosting option, the likelihood of your sites being hacked is a genuine possibility, however it is not something that you can spend your time stressing about, since ‘most’ sites span their lifetime without issue.
The best chance that you have of protecting your sites, is to make use of strong passwords, upgrade all of your applications, and converse with your hosting company to ensure that they are also being diligent with their system security.