Protect your site by following these 3 steps. In fact you're placing unnecessary risk on your business if you're not taking these basic steps to protect your site access and communication.
Protect Your Site Access and Communication
Protect your site with SSL (secure sockets layer):
Why you need SSL to protect your site:
To protect confidential user information, including your username and password, when using your web browser.
A secure encrypted connection where you communicate with a site using https in the url not http. Banks and other financial institutions employ this on their web sites but you should also ask yourself - Shouldn't I be making a secure login to MY sites? Yes you should.
- A static IP address for your web site. You get this from your web hosting service.
- An SSL certificate. You may get this from a variety of vendors - e.g. your hosting service (Hostgator, Godaddy, Bluehost, etc), your domain registrar (Namecheap, Godaddy, etc.), other security vendors (thawte, verisign, etc) All Hostgator shared accounts have access to a free shared SSL certificate.
If you have a VPS or dedicated server and don't know how to implement the SSL certificate, speak with your web hosting service, most will point you to "how to" instructions or install for you.
See this post if you're on a Hostgator shared hosting account: How to setup and use your free shared SSL certificate.
Use it to:
Login to your website - e.g. to login to your WordPress administration area through your web browser. This prevents your username and password from being intercepted in clear text . Also, use it to protect financial or other sensitive data transactions where security is critical.
Protect your site with SSH (secure shell):
Why you need SSH to protect your site:
To encrypt confidential user information, including your username and password, when using remote administration programs, not limited to your web browser.
A secure way to move files from one machine to another across an insecure network (e.g. www). Provides for encrypted login and encrypted command execution. One common use is to pair it with our next utility, ftp.
- SSH enabled for your website. Contact your web hosting provider to enable. Hostgator does not charge for this but check with your hosting provider. Your hosting service will provide you with the port on which to connect. You will need this port when configuring your SFTP client.If you're on a Hostgator shared account you can skip this next paragraph.
- If you want additional security by logging in using key based authentication, then you'll need a Hostgator VPS or dedicated server account in addition to SSH client software such as PuTTY. PuTTY is a client program for the SSH protocol. For our purposes we will use PuTTY tools, either puttygen or pagaent to create "keys". These keys are what will provide our encrypted communications. Check with your webhost for their requirements on using SSH keys. Once your keys are successfully configured and you have tested logging in, you may want to disable username and password authentication for additional security.
See this article How To Create SSH Keys and Disable Password Authentication for a step by step walkthrough.
Use it to:
Encrypt and secure communications across an insecure stream. If your site uses username and password for authentication then you will just need to confirm that ssh has been enabled for your site and use SFTP to connect.
Protect your site with SFTP (secure file transfer protocol):
Why you need SFTP to protect your site:
To protect private data over an insecure data stream (e.g. the internet).
An SFTP client program will provide a convenient but secure method for transferring files between computers.
A client software program that's capable of secure file transfer - SFTP. An example of this is the popular FileZilla. YOU MUST CONFIGURE FileZilla TO USE SFTP. When used in default mode, as simply an FTP client, FileZilla is NOT secure. Other examples of SFTP client programs are WinSCP for Windows and Fetch for the Mac.
See this post on How To Configure FileZilla and WinSCP to Protect Your Site.
Use it to:
Securely transfer files, whether it's images, video or WordPress themes and plugins to and from your website. Both FileZilla and WinSCP also provide the ability to directly edit text based files on your server as well as view the permissions of files and folders. FileZilla displays permissions in number format while WinSCP displays permissions in text format.