• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
Top 10 Website Hardening Steps

Who is Responsible for the Security of Your Website?

May 17, 2019Josh Hammer

61
SHARES
FacebookTwitterSubscribe

On a daily basis at Sucuri, we hear things like:

“My host takes care of my website security.”

“I have never been hacked, so why should I care?”

Or here’s a personal favorite:

“I’ll take care of it if (when) it happens.”

Let’s be honest, no one wants to think about the possibility of their site being hacked.

I have been in the website security industry for a few years now and have seen so many horror stories it’s unreal.   From the newspaper editor who had a Pharma hack (Viagra ads) show up on her site, to the child-clown service with porn site redirects.

Imagine the damage these type of attacks can do to your brand reputation.  Think about how long it would take for you to notice it? Do you visit your site daily? Would a person you don’t know be able to contact you if your site maliciously redirected visitors?

The Security of Your Website is Your Responsibility

Hosting Companies and Website Security

The reality here is that hosts are there to display your site (and they are very good at that). However, security is often an afterthought.  The hosting market is so competitive that some are even advertising hosting for $1.99. Do you really think that for $1.99 you will have a fully secured site on top of that? I don’t know about you, but I was always told—you get what you pay for.

Some fully managed hosting companies do a pretty good job at securing your site. But even then, it is not their main concern. Only a company which focuses on malware research can keep up with changing hacking trends and attack vectors.

Who Cares More about Your Website?

At the end of the day, who has invested the most in your business success and your website? You, of course.   So now that we know why, how about some simple hows.

How to Protect Your Website

You can  subscribe to our website security platform and worry no more. However, if you are still not ready to take that step, there are ways to protect your site for free.

Have Website Backups

First, the fall back—backups.  Every site should have a backup just in case %#@* hits the fan.  The important part here is you should have multiple website backups and they should be off site.   Don’t save your backup on the web host.

I mention multiple backups because we have seen malware lay dormant only to pop up after a month later and restore a backup with malware. This can be devastating.

Website Monitoring

Simple website monitoring means looking at file sizes either with a free plugin or on a manual basis. Website monitoring can tell you whether something has changed. For example, if a file has doubled in size and no update has been done, this should be an indicator that something malicious has been added to the file.

Website Protection

You should add protection to your website via a website firewall  or rule sets. In short, a basic website firewall is a bunch of rules that define what can and cannot access a site.

You can manually do this. However, setting up rules can be  time consuming and if you miss something, it could make the entire effort worthless.

Here are some examples of .htaccess rules you can use to mitigate threats to your website. Though this article is not very recent, it is still relevant and gives you an idea of what you can do given your time availability and technical know-how you might have.

Conclusion

In the end, it is usually easier and (since time is money) cheaper to hire a professional website security company to do it all for you. When you get to that point, let us know because we eat and breath website security and would be happy to take care of you.

61
SHARES
FacebookTwitterSubscribe

Categories: Security Education, Web Pros, Website SecurityTags: Best Practices, Website Backup, Website Monitoring

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

How to Add Security to Customer Websites Email Course

Referral Program Guide

Website Security for your Customers

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2019 Sucuri Inc. All rights reserved

We use tools, such as cookies, to enable essential services and functionality on our site and to collect data on how visitors interact with our site, products and services. By clicking Continue, you agree to our use of these tools for advertising, analytics and support.Continue Read More
Privacy & Cookies Policy

Necessary Always Enabled