Originally published on Hostgator.com on August 6, 2019 By
This article is part of HostGatorâs Web Pros Series. In this series, we feature articles from our team of experts here at HostGator. Our Product Managers, Linux Administrators, Marketers, and Tech Support engineers share their best tips for getting the most of your website.Â
Maintenance and stability are two of those concepts that often get brushed aside. Sure, theyâre great, but are they exciting? Not so much.
Itâs much more exciting to talk about innovating, creating, and inventing.
Of course, excitement isnât always a good thing. Itâs thrilling to experience huge traffic spikes when your latest blog post goes viral. Itâs also thrillingâand not in a good wayâwhen your site crashes because you ignored some base-level maintenance tasks.
Itâs often during those thrilling-in-a-bad-way times that we look at maintenance and stability with fresh eyes. Suddenly, these concepts look a lot more attractive.
Todayâs article is all about encouraging you to give website maintenance and stability the attention it deservesâby regularly following the best practices that create a stable, secure website. When things are stable, you can enjoy the thrill of a traffic spikeâwithout the nagging worry that your site canât quite support it.
Over nearly a decade of working with HostGator customers, Iâve seen firsthand what works, what doesnât, and what really doesnât when it comes to maintaining and supporting a stable, stress-free website. Today, Iâm sharing those learnings with you. If you want to enjoy peace of mind as a website owner, consider these best practices your guide.
Letâs dig in, shall we?
7 Best Practices to Follow for a Stable and Secure Website
Iâll let you in on a little secret: The best way to enjoy a stable and secure website is to start with the most secure, stable environment youâve got.Â
So, if youâre reading this while youâre in the phases of brainstorming your site, getting ready to register your domain name and select your hosting package, go ahead and give yourself a congratulatory pat on the back. Youâre reading this at the perfect time. Implement these best practices now, and youâll officially start with the most secure, stable environment possible.
Having said that, itâs never too late, and the best time is always now! There are always actions you take to make your website more stable and secure, whether your site is a year old or five.
Thatâs the great news. You can get pretty darn secure with fairly low effort on your part. You donât have to be a tech genius to enjoy a secure website.
Follow a few simple best practices, like the ones I outline below, and you make it a whole lot harder for the bad guys. Thatâs what counts.
1. Stay up to date on updates.
Once youâve launched your site, you want to keep things updated as frequently as possible. That includes your server, your CMS or builder software, and any plugins you may be using.
Keeping up with updates is the best way to keep your website secure. Many people get afraid of updating their website because they donât want it to breakâbut thatâs why you have backups (more on this in a second)! If something seems off after an update, you can quickly restore and itâs no big deal. Then, you simply wait for the developer to release a fix, and you try the update again.
The real risk with updates is delaying them. The more time you let pass between updates, the higher your risk. Itâs easier (and less risky) to update from 1.1 to 1.2, and 1.2 to 1.3, and so on, then it is to update from 1.1 to 2.0 when thereâs been 10 versions in between.
With each subsequent update you ignore, your website becomes incrementally less secure. But keep up with regular updates, and you have nothing to be afraid of. Thatâs why at HostGator, once you install WordPress with HostGator, we keep it updated on your behalf. Youâll still need to update your plugins and themes, but weâll handle the core WordPress updates for you!
Updates are so effective itâs almost funny. Embrace them! A regularly updated website is a well-defended website.
2. Use secure, unguessable passwords
Yes, itâs 2019, but passwords are still critically important. When it comes to creating a secure password, make sure you do these three things:
- Make them hard. Create a unique combination thatâs not a word from the dictionary or a phrase clearly identifiable to you. Include at least 12 characters of numbers, symbols, and upper and lower case letters.
- Donât reuse them. Every account you create should have its own unique password. Every single one.
- Change them often. Set up a calendar reminder to go through and update your passwords every few months. A password manager like LastPass, KeePassX, iCloud Keychain, or Google Password Manager can be a good tool for this.
This password guidance applies to your hosting account, your cPanel, and your CMS logins. It also applies to every user to whom you grant access to your site (speaking of which, you should keep a detailed list of these folks so you can revoke their access when needed).
Need help creating a password? Try HostGatorâs free Secure Password Generator.
3. Make your user names just as secure
Password security is still important, but in 2019, a secure password isnât enough. Your user names need to be just as secure.
If possible, follow the same three tips I outlined above when creating your usernames. Your usernames should be just as tough to guess, and just as unique, as your passwordsâand you should update them just as frequently, too.
Those same brute force attacks that go after passwords are equally effective at cracking usernames.
Take my name, for example. Automated software can easily start hammering through all the Sean Dundons in the world, eventually guessing that my username is sdundon, seandundon, or some other variant. Whatâs not as easy? Figuring out that my username is SD4812abb.
Donât let the ânameâ in username confuse you. Itâs better to have a username that anonymizes you, versus one that makes it clear youâre the person behind the account. Just as you wouldnât use your social security number as your email address, you shouldnât use your name as your user id.
4. Back up your website often, and in more than one place
Hereâs something scary to think about. In the modern internet age, itâs safe to assume that every website will become compromised at some point, just like everyoneâs home or car will inevitably be broken into.
Hereâs something even scarier: It takes 197 days on average before you find out youâve been compromised and someoneâs accessed your website data.
Your website getting hacked is bad luck. Not being prepared to boot it back up is bad business, when you consider the number of easy, automatic, and low-cost website backup services you have out there.
At HostGator, we have CodeGuard. Even the most basic plan starts at just a couple bucks a month, and includes automatic daily backups for 5 websites, unlimited databases and files, and 3 restores.
Once you purchase CodeGuard, youâll need to login to your HostGator portal to start the backups. Click the Hosting tab on the left, then Manage.
This will take you to the CodeGuard dashboard. There, CodeGuard will begin an initial backup on your website. Once thatâs finished, CodeGuard will continue making automatic daily backups whenever there is a change to your website. You donât have to do anything else â it really is that easy. Moving forward, you can follow these same steps to login to the HostGator portal and check the status of your CodeGuard backups:
Regardless of which website backup service you use, I strongly recommend the following:
- Schedule your backups to run often (at least daily).Â
- Create a new backup with each change you make on your website. This allows you to instantly restore your site to a specific moment in time.
- Keep your old backups for at least a year. Even if your website is acting fine, it doesnât mean it can necessarily be trusted. Like I said above, it could take half a year before you find out youâve been hacked.
- Make a backup of your backups, and store it in another secure place, like on a different server or on a separate hard drive at your house.
- Backup your database, too. People often donât realize they need to backup more than their files, but those are only part of your website. For a successful restore, you need to backup your files and your database at the same time, and save them together.
5. Choose a well-known, reliable website building option
It seems like a new web builder gets released every day. Okay, thatâs a bit of a stretch, but my point is: there are a ton of options for building a website today.
There are the big names weâre familiar with. These are the established Content Management Systems (CMS), like WordPress, Magento, Drupal, and Joomla. Many web hosts also offer drag-and-drop web builders (we even have one here, named Gator).
Then there are dozens (hundreds?) of newer options, many of which arenât quite baked yet.
Whatever you choose to build your website, make sure you pick something that youâre comfortable with, and that is established. By established, I mean something that you can Google and find no shortage of videos, blog articles, support documentation. There should be forums, social media, and a community.
For example, if you search for âset up wordpress with hostgator,â youâll find our own branded help articles, along with blogs and YouTube tutorials by other users and IT pros.
Your website is not the place to be experimenting; itâs your business. If you run into an issue with your website, you want to be able to find knowledgeable experts easily. Your website building software should be established enough for you to be able to hire the kid down the street to help you out if you run into a jam.
6. Follow a simple approach to web design
Along the same lines, you donât need to be bleeding-edge with your website design. Sure, it should feel unique, and it should represent you or your brand, but you want to keep things simple and recognizable for your users.
Donât get creative with standards. If thereâs a common mechanism for menus and navigation, stick with that. You want the design of your website to be familiar enough that people instantly understand how to use it.
Use the same approach with your site functionality, too. Donât go add a hundred plugins to your site in an attempt to piecemeal together some functionality. Instead, seek out plugins that offer a more comprehensive feature set so you can minimize the total number of plugins you use.
Everything you add to your website makes it less secure. For instance, the WordPress platform itself is super secure and rigorously tested. The same canât necessarily be said for their plugin library. If youâre on WordPress, always vet your plugins to confirm that theyâre compatible with your version of WordPress, that theyâre regularly updated, and that the reviews are positive.
7. Use SSLs
An SSL certificate is that handy little green lock you see when you visit a secure website.
SSL stands for Secure Sockets Layer, a technology which protects and encrypts any data transferred between a visitorâs browser and your web server. In simpler terms, it shields your customerâs data (like their name, credit cards, account info) form getting hacked. Even if your site is hacked, and this data gets stolen, the hacker wonât be able to decode it.
SSLs have become quite popular in recent years, as privacy becomes a growing concern. Itâs also been a Google ranking factor since 2014, so youâll enjoy a nice (albeit little) SEO boost from adding SSL to your site.
As they increasingly become a web standard, SSL certificates are more affordable than ever. At HostGator, we include them for free with all of our hosting plans. Activating your free SSL with HostGator just takes a few steps. I walk you through the process in this video:
Securing Your Website for the Future
If I could leave you with one last piece of advice, itâd be this: Be creative with your content and your services, not with your website. Itâs not the 1990s anymore. Crazy mouseover effects and Comic Sans are no longer the âitâ thing.
If you want a secure website that works well, avoid beta technologies and flashy new software. Stick with reliable providers that have been around for years, with a large user base and a wealth of online resources for you to lean on.
For even more protection, check out SiteLock. This website security checker scans your site for malware, removing it automatically and protecting your site from attack.
Hereâs to your secure, stable website!Â
Sean has been working with HostGator customers for over 8 years, leading a variety of teams from systems administration and monitoring to support and customer experience. An unabashed Linux geek at heart, Seanâs #1 priority as product manager is to ensure that everyone can make their voice heard around the world, regardless of their technical level.