In order to reduce security risks to a minimum, a holistic approach to security is required. Our security processes are born out of a clear definition of the threats to our system. Hosting resellers come in all shapes and sizes, from one person web design and web development shops to larger digital agencies. One thing all hosting resellers share in common, though, is a project-based revenue model that’s often “spikey”.
Don’t be fooled. Security standards are vital to any hosting business, large or small. Education is the first step to protecting your online brand. Here, I’ll cover some best practices to follow in your website management operations, as well as some key security features to look for in a prospective web hosting company.
Web Host Security Features to Look for:
1. Backups and Restore Points
People often overlook backups as an element of security. Backups both provide and require security. A secure backup provides a trusted repository for the latest copies of the system and data that can be deployed to restore a known, clean system to operation. It is important to ask about a hosting company’s backup schedule and restore policies. If your hosting provider has any paid backup plan, it is always good to go with it.
2. Enable Two-Factor Authentication
Two-factor authentication (2FA), sometimes referred to as two-step verification or dual factor authentication, is a security process in which the user provides two different authentication factors to verify themselves to better protect both the user’s credentials and the resources the user can access.
Two-factor authentication greatly minimizes the risk of a hacker gaining access to your customers’ sites or your own server through phishing scams and other means.
3. Offer SSL Certificates
There was a time when offering SSL certificates to all of your customers would have been cost-prohibitive. But thanks to the not-for-profit Internet Security Research Group’s open certificate authority Let’s Encrypt, hosting resellers can now offer SSL certificates to all of their customers at no cost. In addition, issuing and installing these certificates has never been easier thanks to features like cPanel’s AutoSSL.
Offering SSL to your customers is a smart move for a variety of reasons. You also get the added benefit of improving the SEO rankings and conversion rates for all of your customers’ sites, which can only help improve customer satisfaction and retention.
4. Enable ModSecurity
ModSecurity is an open-source web application firewall that’s supported by most web servers, including Apache, Nginx, and IIS. It protects websites against a range of attacks, including cross website scripting, bad user agents, SQL injection, trojans, session hijacking, and other common exploits. You may easily manage it from cPanel >> Modsecurity >> ON/OFF
5. Update Software Regularly
Regularly patching software components like your OS, control panel, database, CMS and plugins is crucial to reducing the risk of a security breach affecting your customers.
Latest versions are patched to fix all known security holes. Change any default settings, such as the admin login name, that individuals can find and use to break in. If you have custom themes, plugins, or similar software, it is a good idea to keep fresh copies of the install files. If they have malfunctioned or been compromised, that problem will be saved on the backup. The install files ensure you can get back to a pristine working copy.
6. Security Scans
You should understand which protective actions your hosting provider will perform and what you must do on your own to protect your website. Does the support team run scans on the files in your account, and can you see the reports? If your account becomes infected, does the support plan include help in identifying and removing the malware? The server security steps we describe starting with step 6 will take you a long way toward keeping malware off your website.
There are a growing number of security scanning solutions available to help hosting resellers identify security vulnerabilities.
Sucuri offers a free tool that you can use to perform a scan of your customers’ websites for malware, blacklisting status, website errors, and out-of-date software. They also offer monthly paid plans that automatically monitor your customers’ sites for security vulnerabilities, remove malware, provide DDoS and brute force protection, and provide blacklist removal.
7. Offer CDN to All of Your Customers
CDNs are a very effective way to offload requests from your server to those of a CDN provider and reduce the attack vectors on your server. CDNs used to be cost-prohibitive, but today many CDN providers like CloudFlare offer free tiers of service that include basic DDoS mitigation, further improving the security of your customer’s sites.