Does Your Web Host Offer These Best Practices?

Hosting a website can be complex and is often best left to a specialist provider. You should try to choose a company that is experienced and follows industry-standard best practices, in particular those outlined below. This can give you greater peace of mind when handing over control.

Image Credit

User Access and Passwords

Your web host provider should follow best practice in terms of user access and password management. This includes ensuring that each account holder/user has only the permissions/privileges that are required to carry out their role. Each user should have their own unique login, and there should be no ‘shared’ logins. Upload capability should be restricted by size and file type to prevent outsiders gaining access via executable files.

From a password perspective, a secure password manager should be used, and the users with highest privileges should have the most complex passwords and use multi-factor authentication.

Updates

Best practice in this area involves constantly updating the platform and the associated software. This ensures that all known security issues are tackled. Most systems are able to run updates automatically in the background.

Image Credit

Backups

These should be automated and happen often enough to capture the vast majority of changes to content/layout. A strategy should be used that mixes full-backups with incremental or differential ones. Backups should be stored on a different server to your ‘live’ files (to enable full recovery if needed) and ideally should be mirrored across servers in several geographical locations.

Operating System (OS)

You should be allowed to choose which OS (Operating System) you want on your web server – either Windows or Linux. The best practice for Windows is to limit access by default and only allow Microsoft personnel to access the servers if a security flaw is discovered. For Linux, best practice is to install specific programs to protect against targeted malware.

There are many expert companies offering web hosting solutions – such as those found at https://www.names.co.uk/web-hosting.

Firewalls, Encryption, and DDoS Protection

A web application firewall (or WAF) should be used to monitor HTTP traffic and to prevent SQL injections and cross-site scripting. High-level encryption (via SSL technology) should always be used for any data that is transferred to/from the servers.

DDoS prevention should in place at network level, and servers and websites should be protected using the most advanced mitigation/prevention tools that are available.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.