Securing Your New Web Site
You wouldn’t leave your door unlocked at night when you go to bed, nor would you buy a million dollar home and fail to insure it, but too many novice webmasters fail to take simple steps to protect their sites from disasters, either acts of God or human-caused.
Backup! Backup! Backup!
Many Web hosts offer automated backup services, either on a daily or weekly basis. You should check to see if those backups are made to a server in a completely different physical location. If your Web site is hosted on a server in Dallas, backups to New Jersey will protect you if disaster strikes the place where the server is in Dallas.
Even if your hosting company makes backups of your site, they usually are done according to their own schedule and they will not guarantee you against loss. Therefore, you should also make your own backups. Some control panel software offered by hosts makes this easy by allowing you to create zipped up files of your entire Web site, email, and other server settings. You will want to download these backups to your own computer. However, computers can be stolen, fires can destroy equipment, and hard drives can fail, so to really play it safe it is best to make another copy that you store in another location. A good way to do this is to purchase a portable drive that you keep either at a trustworthy friend or relative’s house or in a safe deposit box at a bank.
Also, be sure to backup any other files related to your Web site that are not on the server. Downloaded email and Web site content you are working on but have yet to upload should be backed up in a different location too.
When should you back up?
* As often as necessary to prevent your site from losing critical irreplaceable content. If your site is a static one, then you only need to backup when you change content. But if you have a site with online forums or other user-created content, back up as frequently as possible.
* Before you make critical changes to your site. If you upgrade the software that your site uses, or make other changes about which you are unsure of the results, it is a good idea to backup your site beforehand so that you can revert to the backup if the changes don’t turn out like you expected. Even if everything seems fine after you make the changes, keep the backups as long as you have space for them. You might suddenly discover a critical file has been missing for a year and the only way to restore it is from an older backup file.
Hacking
There is no 100% foolproof way of protecting your site from getting hacked. Even security experts working for the US military will tell you that their job mainly consists of monitoring attacks in progress, not preventing them. A good hosting company will monitor its server to prevent and stop hacking to the best of their ability. However, it is also necessary for you to take some steps of your own to protect your site’s content and the integrity of your users’ data.
If you follow the guidelines above about backups, then you will be in a good position if a hacker simply destroys or alters content on your site, as you will simply need to restore the site from a backup.
If you install open source or commercial software on your server, be sure to keep abreast of any software updates available that might plug any security holes that are found by the developers.
If you are planning on doing any E-commerce on your site or collecting other sensitive data from your site users, it is a good idea to get an SSL certificate, which encrypts the data sent to and from the server. This will not only protect the integrity of your data but also make your customers feel more secure doing business with you. The best way to get a certificate is to purchase one from a reputable company, like Verisign.
Make sure the personal computer you use to access the server is free of any spyware that might capture the passwords that you use to access your site or the server. Keep your anti-virus and other malware software definitions up-to-date, run them frequently, and install a firewall.
Just as with any other password, don’t write it down somewhere where someone else might find it, and be sure you can trust people you hire to develop or maintain your site and only give them password access to as much of your server or site as necessary to do their job. Any passwords you use or assign should not be easy to guess and should be changed frequently.
I've been designing sites on the web since 1999. He is a fan of WebHostingPad and helps others find rock-bottom web hosting prices at the site www.webhostingpadspecialoffer.com.