Web Hosting Security Precautions
From OCS Support Wiki
Contents |
Introduction
This article will discuss some of the security measures you can take to help protect your OCS Solutions hosting account, your website visitors, and your data from security risks.
Your Account Security
Good account security begins first by ensuring only you or people you trust can access your account. By default, with a new account, the account holder is the only person who can access the account. We cannot stop you from sharing your access credentials with any other party, and sometimes this is necessary to give to technical contacts like web designers, but we recommend that you strongly consider the security impacts of sharing this information and who you're sharing it with.
To make any change to your account with OCS Solutions, we'll require the billing password or the last 4 digits of the credit card on file or the last PayPal transaction ID. There are no exceptions to this rule, we must have this information to process your request. It is advised you share this information with no one. Your hosting account and billing password can be different, and we strongly advise you to login to hosting control panel and change your password once you get it setup. This will not change your billing password, just your web hosting account password.
Your Computer's Security
Ensuring that the computer you use to access secure administration parts of your site (i.e. cPanel, webmail, FTP) is secure is also very important. We have seen attacks before where a malicious program was able to send stored passwords to a spammer who attempted to gain access to a customer's account.
To keep your computer safe, a good place to start is:
- Make sure that you have all of the latest updates from your operating system and computer manufacturer. For Windows users, ensure that Windows Update is on and set to automatically download and install updates. For Mac users, use the Software Update feature from the Apple menu. For Linux users, ensure that either automatic updates are on or you check for updates frequently.
- We recommend using a security suite, including an anti-virus and firewall for Windows users and keeping it up to date.
- Mac users should read their documentation from Apple on securing their Mac, and reference useful articles on Mac OS X security basics like this one
- Linux users are advised to not use the root account on their machine to do their daily work, instead use a regular user account, and to be familiar with basic Linux security.
- Avoid storing passwords on your computer. If you must do this, ensure that they are encrypted when they're stored.
Website Security
Your data stored on OCS Solutions servers is safe. While our security is very strict and most limits are hard to circumvent, permissions can be set in certain circumstances that would allow others potential access to your data. You may wish for this to occur, but we recommend you consider the situation carefully before altering any security settings on your account if you don't. If in doubt, please contact us and we will assist you in determining if a change is necessary.
Website Scripts and Applications
When you install a script or web application on your website (for example: WordPress, Drupal, or Joomla), you must keep it updated with the latest security updates that are released from the vendor of that application from time to time. Failing to do this can open up a security hole in your site that can allow for site defacement, the transmission of SPAM through your account, or data deletion. If you do not know how to keep these scripts updated, we recommend you contact our web design support team and we will provide details on a plan to keep your site up to date.
