A Quick Guide to Web Hosting Best Practices
By PaperStreet on September 19, 2022 in PaperStreet Web Hosting & Support
A web host is a position of great responsibility. Many businesses depend on their website as the key to their livelihood. As such a web host needs to do all they can to maintain these websites and protect the security of its customers.
At PaperStreet, we pride ourselves on the stability of our web hosting services. We created this quick read to assist other web hosts as well as inform website owners as to the best practices that their host should provide.
How to Keep Your Clients Protected
Follow best practices with passwords.
All passwords should be two things: Unique and strong. Never reuse passwords. Don’t create clever systems in your mind to memorize passwords for dozens of websites. Instead, create a unique – and strong – password for every service.
A “strong” password is one that contains >15 characters and includes a mix of random letters, numbers, and symbols. If this sounds difficult, it doesn’t have to be. Password storage solutions like LastPass or BitWarden enable you to keep passwords for every site you visit in a single location.
Be skeptical.
“Social engineering” is a term for subverting security measures by manipulating people. The human in control of any security plan is likely its most vulnerable part. People want to cooperate; we want to help.
Nevertheless, your instinct should be to resist any urge to give information when it is requested online. Verify sources. If someone claims to represent a reputable business, double check with a phone call to the business.
If someone does not need the information, don’t give them access. Further, always require multiple levels of control for critical items.
When allowing user inputs, always check what is entered.
If website visitors are able to enter anything into your website that is then handled by server code, safety precautions must be in place. Data that is submitted must be treated carefully as harmful code can be “injected” this way by hackers.
Sanitize your inputs. Typically this means to run the user-submitted data through a function that strips it of any kind of coding syntax that could execute and cause damage.
Have a plan for any potential threats.
No one expects to be hacked or attacked but having a plan in place can help you react faster and greatly reduce the impact it has on you or your business. Backups are very important in this whether backups for your website or backup codes for accounts that may be breached.
Additional Web Hosting Tips
Caching – Have a system that can cache web pages for faster loading.
DDoS – Have a plan to mitigate denial of service attacks.
Malware Detection – Run routine scans on all files on the network
Login Lockdown – Lock down logins after a specific number of attempts, or rate limit.
SSL / TLS – Always use a SSL.
Terms of Use – Always have a terms of use that limits domains, storage, bandwidth, email, websites, etc.
sFTP – Use this instead of FTP
A Note for Business Owners
As a business owner, you need to research and select a reliable web host. That said, you can’t be expected to understand the ins and outs of web security. If some aspect of your current web host seems suspicious or simply undependable, then trust your instincts. You certainly don’t have to select PaperStreet to host your site, though we hope you do. Instead, we offer these caveats to help business owners protect their livelihood.
