Securing Your Website

Greetings FlockHosters! One of the common questions that come through lately is “How do I secure my website?” so let’s dive into some options on how you can better secure your website and access to it!

Let’s Encrypt SSL

Off that bat let’s add a padlock to your website, and let’s do it for free. Yes free.

I have mentioned Let’s Encrypt certificates on the blog a few times, we are actually listed on Let’s Encrypt’s site as a provider (We are famous!) however not until the new build of the site will it be listed as a feature, but it is active on all accounts now. How do you enable it? Well good news, there’s a new video for that:

 

So it’s that easy! Still, if you have a question on adding this, don’t hesitate to ask for more help! But if you just walked through this – your site is a bit more secure now you are using SSL based content! If you are using WordPress and want to make the entire site over to SSL, just try the Really Simply SSL Plugin a great plugin to make all of your content SSL based. If you are getting some content that is not all going SSL try Why No Padlock – A great site to diagnose what’s not entirely secure.

Site File Management

Now if you are familiar with cPanel you’ll know there is a web based file manager but for most of you, it’s using FTP. Be it FileZilla, CuteFTP, SmartFTP, Transmit, Cyberduck you can quickly and easily migrate to the SSL version of communication so your content isn’t flowing over plain text. How do you do this? Look for an SSL option for starters, for most this should work just fine, however, if you hit any snags it will become a little bit easier this month using SSH Keys & SFTP – I’ll have a full guide on this walking you through it on Windows and Mac.

Now if you are using a CMS for site management, please make sure you use a plugin or adjust your configuration over to SSL as well so the easy option is in your site configuration where it lists your URL, likely something similar to this:

Site URL: http://mywebsite.com

Simply change it to:

Site URL: https://mywebsite.com

A lot of difference a simple S can do 🙂 This will force most of the common URL’s for your site to using the SSL login for your administration and keep things you do from writing an article to logging in all done over a secure connection.

Login Smart

If you are on a connection at your favorite local spot (I’d say the coffee shop, but honestly just about anywhere – McDonald’s, for instance, has access!) be sure you are logging in securely and your connection is secure!

If you are a Chrome User, I highly suggest checking out some of these options may offer a free browsing security, there are commercial options out there too like Private Internet Access which offer some great features for when you are browsing in less than safe options.

If you want to, however, have a browser set aside for secure browsing, Opera has you covered and even has an Android App & iOS App to secure your mobile devices too!

Auditing Security

Now last on my list is auditing. Your site may not be the first thing in your mind on a day to day basis, but to hackers and bots it’s a spot it can get its grubby little fingers into and do some damage, so why not set up a bit of free auditing on your site for some of the most common issues by using Gravity Scan.

Gravity Scan is a great app which you don’t even have to install anything on your site to get a scan! In a few minutes, it will scan and review all your visible URL’s and give you a run down if it finds anything.

Now if you want it to go deeper, it provides a single PHP file for you to download, then upload into the main folder of your website and it will deep scan, every file & folder gets a once over – now as you can see here on the blog on the right-hand side – I’ve got mine scanning daily and as proof of security it shows up with the last date things were scanned.

 

And that’s it!

While this isn’t maybe the most comprehensive article that could be written and fine tuning system security, etc. it will help get your feet wet! If you have any questions beyond what is covered here please do not hesitate to reach out! Here to help!

Announcements!

Happy Monday FlockHosters! First things first, a follow up on the server migrations, they went smoothly! Getting data moved around is time-consuming, and some minor hiccups with DNS and reverse DNS caused some minor headaches for a few customers, it was all quickly resolved and as it stands things are running smoothly!

So with things on the up and up, let’s move forward. A few announcements today:

Pricing

So I’ve hinted around at the changing of pricing to skip the whole business vs. personal packages, why have two? Why make it complicated? Let’s stop. Here’s the new pricing:

1 Package – Business or Personal:

  • $7 a month
  • $6 a month (Semi-Annual)
  • $5 a month (Annual)

Obviously, the savings is in pre-payment of a year, but even at $7, you can do any application, business or personal! Church hosting remains free, and with this change, a few other perks come into play for ALL customers (Church Hosting too!)

The actual plan will be announced May 2nd, with (Lord willing!) a new FlockHosting.com update! So stay tuned to what it will include, but for everyone here are a few more things to enjoy!

Enhanced Managed WordPress

Continuing to be a free add-on, this has just gotten a HUGE update, over the weekend I’ve deployed over 2TB of backup storage off-site, no longer are backups stored on your hosting package + some new security plugins as well as general maintenance scripts which will help automate and streamline your WordPress Installs.

You’ll also note it in your WordPress plugins as Managed WordPress now. Upgrade has allowed a lot of goodies. I’ll be working them into production over the next few weeks as the backup system takes hold and a few other things come into play including security added in for you and regular scans to alert me to problems.

Affordable VPN Add-on

While this is slated to launch June 1, I’ve settled on this idea as an add-on for not just this new package but any active customer at a yearly fee of $12. A dollar a month – and with a quick install of software, you’ll be running securely at your local coffee shop on shared network as you are traveling. Completely secure to help keep peering eyes from peeking in. 

If you do a lot of work at Coffee Shops, Traveling, or in general away from your home network, this will work great to help keep you secure!

Free SSL Certificates

As of today, all customers can find a Let’s Encrypt icon in their cPanel; this allows you to setup SSL on any of your configured domains at no cost what-so-ever. $0. Now these certificates only last a few months, then get auto-renewed – If you want a traditional certificate I do provide them at $30/yr but if you want a secure link to log in and manage your blog over SSL, it’s free, it’s quick and easy.

The certificate is also secure enough for taking online donations and will pass PCI compliance, so if you are running CloudFlare or similar applications for their SSL system, take them out of the loop and do it yourself! It’s free, and the system will keep you current and secure!

Prayer Board

Going live on Friday, I’ll make an official post then, but as I said in the previous video updates, I do want to have a strong community here at FlockHosting.

If I can count on you as a prayer warrior, I’d greatly appreciate it!

Last but not least…

T-Shirts, Mouse Pads, Key Chains – I want to get you guys decked out with FlockHosting gear.  I used to have a CafePress store ages ago, but never took off. I’m looking for some new designs, as well as building up a stock of goodies to give away.