Security is an important aspect of hosting services and running a website. The safety and smooth operations of your site depends so much on how secured your cloud hosting account really is. It also depends on the web application or CMS platform you are using as well as various other aspects. We are going to review some of these aspects and how you can secure your cloud hosting account in this article.
A Strong Password
I know this may seem like a simple tip that anyone knows, but you’d be surprised to know how many hosting accounts still use generic passwords such as “12345678” and “password”. Even worse, a lot of site owners still use their date of birth and other easy-to-guess information as their passwords.
This is definitely not the right approach to take. Malicious software and hackers can easily get into your hosting account or your CMS platform to do harmful things. It is better to secure your accounts from the start than to clean up the mess once your site has been hacked.
Another important tip to remember is to use different passwords – and preferably different usernames – for your cPanel account, domain manager account and the admin account of your CMS panel. If a two-factor authentication is provided by your cloud hosting company, activate this feature for an added measure of security.
Firewall and Port Configurations
If you are using a shared cloud hosting, this is not something you need to worry about. The cloud hosting company will do all the hard work for you, setting up the right firewall configuration for the entire cloud server and opening just the necessary ports for maximum security. If you use a cloud VPS, however, the task may be something you need to do yourself.
There is no surefire way to configure a firewall and ports for maximum security. Each CMS platform or web application requires different ports to be open. You also need to look at other services you use on the server. Emails, for instance, requires additional ports (usually ports 143, 993 and several others) to be open and accessible.
When I first set up my own VPS account, I learned the hard way that this is not something for amateurs. There are a lot of tutorials to follow out there and a lot of server administrators that offer their services. You can either follow a tutorial that works best for you or hire an experienced administrator to get everything set up properly.
Services and Roles
The next step is to take a look at the services running on your server or cloud hosting account. Essential services such as HTTPD or Apache, MySQL, mail-related services, antivirus and firewall are usually running constantly in the background. There are also additional services designed to do different things. You may have FTP daemon running, for example. When you need to upload files or manage your cloud hosting space, FTP can be very useful indeed. Once you don’t need it anymore, however, keeping it running will not only use up valuable server resources, but also pose serious security risks.
You can turn off services you are not using to increase security. The same can be said to users and user roles. Root access must only be allowed with a security certificate instead of the standard password login. This limits logins to select computers or SSH terminals only. Other than web-related users – usually marked www-data – you should not grant access to your server.
File and Folder Permissions
Never, and I seriously mean NEVER, take the shortcut of setting all file permission to 777. I once did this during testing, thinking that it is the easiest way to ensure my web application can access and modify the necessary files. Unfortunately, as easy as this may be, it is a HUGE security risk.
You are basically allowing every user to modify and execute files on your server. It is not a wise thing to do, since this could lead to all sorts of things. A malicious script can easily change front-end files to spread viruses or capture user data. Setting file and folder permissions correctly as just as important as having a strong password in the first place.
Most CMS platforms and web applications have each file it uses already preconfigured to work with the correct permission. You may have to change the ownership of the files and folders when installing the script. Static files can be set to read-only; images, for instance, don’t really need to be modified once they are uploaded.
Follow these basic cloud hosting security tips and you will have a good start with securing your account. There are still a lot to do in order to fully secure your cloud hosting account and maintain its level of security, so stay tuned for more updates right here on this site.