I'm not a security expert…but I know one.
I'm not a black belt technical support specialist…but I have a couple on staff.
I'm not an expert in hosting technologies…but I have a team who are.
So what do I, the owner of a small hosting company like Niche Simple SEO Hosting, specialize in? Holding hands. Talking people off the ledge. Educating customers about why their busted wordpress template is not (in most cases) a hosting issue, but pilot error.
I specialize in negotiating the crocodile infested waters we call web hosting.
Truth is, I'm the guy with all the responsibility that comes with guarding hundreds of customers business files on a multitude of servers. I'm the guy that monitors my hosting support desk on my iPhone app just so I can sleep a little better because I know that 1000s of hackers are trying to bust down the firewall doors every day.
Luckily, we have our servers in a lock box. And I've got a team that stands in front of the lock box armed with all the combat tools required.
When I read posts on Regina's blog about web hosts being hacked, I really feel for them – the host that is. I assume that the sites are recoverable (we'll talk about that in a minute). But the web host is getting killed by the customers for having lousy security when it really is an up hill battle against hackers and…customers.
The reality is this:
A shared server is like a dangerous neighborhood. It's not safe to go there without weighing the risks.
Even dedicated servers can be hacked, but dozens – sometimes 100s – of customers who don't know FTP from LOL are loading up suspect files, old PHP scripts with proven security holes, and malicious trojans or key loggers without even knowing it.
Just let me say this: If you knew how often your servers were being attacked each day from hackers outside and customers already inside, you'd really worry about your online safety. So, the key is to do what you can to protect yourself.
You DO backup your files, right?
Before I started Niche Simple two years ago, backup was something other people talked about and I didn't do very frequently or well.
Now, I'm obsessed with it…so much so, that I have a dedicated server (yes, I have to pay for them too) that's specifically used to synch my personal backups.
But I don't stop with that. There's more:
1) Make sure your host is doing daily, weekly and monthly backups. I don't know how many times I called the tech guys and said, “Oops, I just deleted a directory…” only to have it restored from yesterday's backup within an hour or so. Usually, the easiest way to handle a hack quickly is to do a restore from the server backup.
2) Make sure you have a complete local backup. Your backup should replicate your server file structure. For example, if you have an html website, be sure that you work from your local copy and load the latest changes by synchronizing via FTP. I personally use Dreamweaver, but there are other tools. Your local copy always contains your latest changes.
3) Do site backups AND database backups. What if you had two years of daily blogging and the server hard drive died along with the dB backup. You could easily restore your site, but your content – remember that two years of content you created – is gone. And with it, the value of your blog. One trick I found was to create a specific e-mail account such as gmail, set your dB to back up daily and send it to the email account. Set your e-mail to delete all e-mail after 2 weeks and bingo, you've got a dB backup for the last two weeks available in case of the emergency.
4) Off site storage is a big part of backup strategy. I use two services for two different reasons.
SugarSync is just an awesome backup and synchronization utility. Install a little app on your computer and it will synch the directories and files you request to your sync account online. It's secure and easy. But the best part is that you can access all your files from any computer or iPhone as long as you have internet connection. Get 2gb of storage for free and then upgrade if you need more. After I researched and tested it, I sprang for the 500gb premium package for $399 a year and now have my entire computer synchronized online. I love it.
The other service is the very popular Dropbox. I use it to communicate on an hourly basis with my outsourced teams. We share files and create shared workspaces. Dropbox is much better for shared working data, but not nearly as thorough and intuitive as SugarSync.
I find that both are essential.
5) And finally, external hard drives are a good last resort. Replicating everything on external hard drives is easy, but risky. When I lose data, it's because I rely on an external hard drive. I currently have 8 sitting on my shelf at home. Six of those are dead. All are less than 3 years old. That tells you how reliable they are – at least for me. But in a pinch, I'll add stuff to an external hard drive just to make sure I'm completely backed up.
What else can you do to protect yourself?
I'm terrible at this. That doesn't mean you should be too!
Delete copies of scripts you're not using, old programs, and anything else that's outlived it's original purpose. Yes, it's tedious to sit in front of the computer and wade through each folder looking for old stuff. But delete a script you're not using, and you're shutting a door that can't swing open any longer for a hacker.
Get to know your hosting provider.
Believe it or not, I have multiple hosting accounts at different companies. (It's called competitive research.) I load them with one or two sites just to monitor the service. I use a free monitoring service from Basic State to stay abreast of up times and compare them to my own Niche Simple accounts.
Monitoring services that measure too frequently can be maddening, so be careful. Basic State checks your site every 15 minutes. That's good. If your site is down more than 15 minutes, you've got hosting issues. It could be a number of things, but a good host will know about the problem long before you or your monitoring service.
If your monitoring service checks your site every minute, you'll get a lot of false reports.
I won't go into it now, but just know that your server resets itself legitimately often each day if you're on shared hosting. For a few seconds your site may “seem” down or slow to respond when in fact, it's just doing what it has to do.
Manned by real human beings…
On one of those other hosting companies that I used (and it's a big one), I discovered my site was flagged at Google as an attack site. That will freak you out if it's never happened before, guaranteed. But getting unflagged is a simple process: Fix the site and resubmit through the webmaster tools.
But after signing in through the live chat client to discuss the hack, my chat rep responded by putting a long disclaimer in the response box that basically said, “Hacks on your site are your problem. We don't help in any way and are not responsible. You have to fix it. Go away…”
Well, they didn't really say that last part, but that's exactly what I did.
I moved the site to another host after I cleaned the files. And when we set up our support at Niche Simple, one of the keys was to make sure we had a staff who could help people fix problems – if if they were self-inflicted.
Finally, check your sites.
This is really important. If, like me, you have a lot of sites, access them regularly just to see if everything appears right. I have some clients who've discovered that a site was compromised when they visited for the first time in months. It's like real estate investing; it's important to do a drive by occasionally.
If you'd like to know more about Niche Simple SEO Hosting and why you must include SEO Hosting to any online strategy, go to the accounts page to understand how to leverage the power of multiple servers and multiple IP addresses.