For a new website, that’s great. You might have a few visitors trickling in at first. Maybe you went for the economical approach and opted for the cheapest hosting plan you could find. During those early days, you can withstand an occasional hour or two of downtime when other users consume all of the bandwidth – no one will scream at you.
However, once your traffic starts taking off and you establish a certain level of readership and a regular following – you’ll find that people depend on you for regular content. They depend on your uptime. You’ll also find that you’re more likely to get attacked by hackers looking to either sabotage your site or, even worse, hijack your domain – you need secure web hosting and to protect your domain.
If you haven’t seen Aibek’s interview on Foundora, check it out. He describes how the MUO domain was once hijacked and held hostage for $2000. Seriously. So here at MUO, we are now really big into security. You can check out Saikat’s list of browser security checks or Damien’s list of WordPress security plugins. However, what I want to touch on a bit today is your domain and hosting security.
Protecting Your Domain
At first, that domain name that you’ve registered seems ridiculously cheap considering that it represents what should eventually become your brand. The domain name is how people are going to learn about you, link to you, and recognize you. In time, it will represent everything that your website stands for. It’s going to serve on the front lines of your SEO battles. As your site grows, your domain name becomes the single most critical element of your business.
Private domain registration is your first wall of defense against domain hijacking. The problem with the early days of domain registration is that you had your private contact information tied to the Whois record – meaning anyone that searched for the registration records of your URL could identify where you lived, your phone number and your email address. With your email address, hackers may start to send phishing emails with the hopes that you’re gullible enough to bite.
By now, you should know better than to click on such emails. Never, ever log into your domain account from a link within an email. Always go directly to the registrar’s website and log into your domain account directly. Even though it might double the yearly cost of your domain, private domain registration will also cut down on telemarketers. Before I started using private domains, I had SEO companies constantly calling to ask whether I wanted to use their services for my website. Avoid the hassle – hide your identity with private registration.
Protecting Your Website
There are a number of areas within your hosting account that you’ll need to double check to verify that you have a secure web hosting account. The most important is obviously the password that you use to log into the hosting account itself. Go into the account settings and change your password. Most hosts now feature a gauge that tells you how strong your password is.
Choose a password that has capital and lower case numbers, letters, and even a special character or two thrown in for good measure. Try to follow the guidelines below for the best security.
- Never use the same password for your host account as you used for your domain registration.
- Never use the same password for domain registration as you use for your email account.
- Use a unique, strong password on all three systems – just make sure they are all different.
By avoiding the same password on different accounts, you significantly reduce the risk that if one account is ever hacked, the hacker will not have access to your other systems.
Another security concern to review on your site is folder permissions. Check folders within your public_html folder to ensure that they are either 755 or 644 for www readability. You should not find any folders that are set with 777 for permissions.
Also, take some time to review the security tools that your web host offers. Sometimes there are some pretty cool utilities that you can use to further lock down your hosting account and private directories or files from prying eyes. For example, I’ve discovered that my hosting account offers a useful password protection feature on any select web directory that I choose.
Finally, go into your admin panel for your MySQL databases and double check all of the passwords there too. They shouldn’t match any of your other passwords, and they should be ultra-strong passwords, just like all of your others.
In the end, the ultimate security in protecting your domain from being hijacked comes from the private domain registration service. For a small additional fee, you’ll have tremendous peace of mind knowing that scammers, spammers and other criminals can’t see or even hope to access your personal information. Beyond that tool, make sure to lock down your hosting and email accounts as well, and you’ll enjoy years of trouble-free website ownership.
What other tips do you have for protecting your domain from hijackers or hackers? Has your domain ever been hijacked? Share your advice and experiences in the comments section below.
Image credit: IngerM