Security of your website is important and it’s always important to be reminded of the basics. The following are five examples of some basic security that we see regularly in the office that with VERY little effort clients can learn from and ensure a significantly better security experience for their websites.
Example One: Sharing Passwords via email
About once per week in our support office we get a support ticket from a client and the client provides their password in the ticket to allow us to troubleshoot. If you need to supply us with a password we would recommend first before you email it you change it, then the moment we finish working you change it back. If you prefer you can also call our team on 028 9507 2311 and verbally give us a password.
Example Two: Weak Passwords
It’s surprising how weak passwords are for many clients. Clients using things like password1234 is still commonplace. A local primary school who asked us to migrate their WordPress website from another provider had their WordPress user name ‘admin’ and the password was the school name with a 1 at the end. Another client yesterday had their user name for their CMS their company name and the password was the company name with 1234 at the end. We recommend clients think carefully about their passwords and ensure they are strong. Use websites such as www.strongpasswordgenerator.com for example and where possible change CMS user names to no standard – ie. not admin.
Example Three – Leaving Backups to Rot!
Last week we were working with a client who runs an eCommerce website who was migrating his server from another provider into us. As part of our testing and fixing errors we had to check some files in the public_html folder. Remember this folder is accessible from any web browser and any files in this folder can easily be downloaded. This client had been taking regular backups of his website and storing them in this folder. We advised the client that we would obviously not recommend this and we changed the permissions of these files to not allow them to be downloaded while we waited on instructions from the client.
Example Four – Password Change Policy
How often do you change your server root password or your main Reseller account password? We sometimes see clients whose servers are a few years old and whose root passwords are the same as they were when the server was deployed. This is extremely bad practice and we certainly recommend thinking out a password change policy.
Example Five – Lock your Server down
Are you a VPS client? If so we strongly recommend you work with us to lock your server down. Examples include disable direct root login and enable a switch user, restricting login to specific IP addresses, lock down ports, re-configure ssh for security etc. Many clients do not lock down their servers but we strongly recommend it and we will help you do it for no cost. Why not ask us to do this for you and we’ll be happy to help.