Internet security has always been a major concern for businesses and website owners. In today’s online world, these threats are becoming more and more widespread and diverse in nature. With so many attack vectors and vulnerabilities being discovered daily, it’s more important than ever that you keep a close eye on potential security risks. In this article, we’ll go over some of the best practices you can employ to keep yourself and your website protected.
Protect Yourself
On the local level, individuals should ensure they are running all of the latest up-to-date software versions and actively updating your virus protection definitions. It’s always a good idea to change your passwords regularly, use stronger passwords, and never store them anywhere in plain-text. There are several password management applications out there that use encryption methods against your master password database which will make it very difficult to decrypt should the database fall into the wrong hands. An example is KeePass, a free open-source password manager that uses the best, and most secure encryption algorithms.
Protect Your Website
Unlike most local home networks protected by a gateway router’s firewall, your website is purposefully exposed to the entire internet. If it wasn’t, no one would be able to access your site. Because the internet never sleeps, our system administrators are actively watching our servers and networks 24 x 7 x 365 for potential security threats. We log and analyze malicious activity from every region of the globe at all times of day. This assures your hosting server remains secure and the integrity of your data is never compromised.
That being said, it is important to be aware that your website itself may still be vulnerable to several malicious attacks, such as Cross-site Scripting (XSS) attacks, SQL Injections (SQLi), Inclusion Vulnerabilities (LFI and RFI), Brute Force attacks, and many more. Many websites these days are built on content management systems (CMS) such as WordPress, Joomla, Drupal, etc. Each of these engines have third party themes, add-ons and plugins that can easily be installed to enhance website functionality. Unfortunately, as with any software source code, there is always the potential for bugs to be introduced, discovered and exploited. Your first line of defense in keeping your website secure is to consistently apply updates as they are released. If your CMS supports it, we also highly recommend enabling auto-updates which will take care of updating your site for you as new versions become available. If you are unsure how to do this, InMotion Hosting’s support center has additional information and instructions to guide you through the process.
While it’s always important to be vigilant in updating and managing your own website, rest assured that when a widespread vulnerability is disclosed, our security experts are immediately engaged. Often times, by identifying a unique pattern or string inside the attack vector, we are able to deploy defense mechanisms such as writing custom mod_security rules to protect our customers.
We’ve mentioned the importance of regularly rotating your passwords, but if your password is weak it can still easily be compromised via brute forcing or cracking, even if it was just changed yesterday. Here are some tips and suggestions which will keep you secure when choosing your next password:
- Passwords should be at least 12 characters in length (the longer, the better)
- Passwords should contain at least 1 character from each of the following groups:
- Lower-case letter (a-z)
- Upper-case letter (A-Z)
- Number (0-9)
- Common Symbol (e.g. %; &; +; ?)
Article written by: Erik Soroka, Tier 3 Architecture Manager at InMotion Hosting