How To Prevent Web Hosting Data Loss or Compromise

prevent-web-hosting-loss-with-backup-as-a-service

As a website owner, web hosting data loss through an account compromise, malware infection, or carelessness can be devastating to your business. You can prevent this from happening or minimize the impact when it happens with these couple of suggestions below. Do not consider them exhaustive though, but rather, a step in the right direction.

As humans, we have this ability to always “assume” even when there is no data to back up our assumptions.

Things happen …

But “it happens to other people” …

Until it happens to us.

In so doing, we leave off things that we should do.

We leave off acting even when the small voice keeps nudging us to act.

Until we found ourselves wishing “I should have …”.

Why are we telling you this?

Because we have repeatedly seen customers ignoring simple suggestions to strengthen their web hosting accounts.

That is, despite the fact we have provided great tools/workflow that are simple & easy to implement.

We have seen customers not bothering with back-ups.

That is, despite the fact that we have provided easy-to-use 3 different self-service backup options.

We have seen customers not acting when our systems send a notification to update an application or its supporting resources (for example WordPress core, plugin, or theme).

That is despite the fact that most of the time, such update is rolled out to patch security vulnerabilities.

Or to enhance performance.

Or for it to be compatible with new technologies.

The fact is that as humans, we are not particularly good at understanding probability.

Especially when it comes to guessing the odds of things that could happen in our lives.

What happens to others, may happen to you if the same conditions apply.

Yes, the chances may be infinitely small.

But the odds are not really stacked in your favor.

This is true for good things that one wishes happen to him, her, or them.

And for bad things such as a compromised website, lost data, etc that a website owner or business wouldn’t want to happen to him, her, or them.

Two-Factor (2FA) Authentication

If you are a website owner and want to decrease the chance of your website being infected with malware, start with the easiest steps to secure your web hosting account.

Implement a simple two-factor authentication on every single login you have.

First, download and install either:

When you install and enable either of these authenticators, anyone accessing your account must provide both their password and a one-time passcode generated by the Authenticator application to log in.

To implement this on your cPanel, scroll down to Security, click the Two-Factor Authentication for cPanel and follow the step-by-step guide.

If you are a reseller, a cPanel private virtual or dedicated server customer, visit Security Center >>> Two-Factor Authentication for WHM.

For Plesk, visit Extensions, search for Google Authenticator, click on the Open button, then select the checkbox Enable Multi-factor Authentication.

For your billing portal, visit https://dashboard.webhostingmagic.com/clientarea.php?action=security

If you are using WordPress, use Trusona https://wordpress.org/plugins/trusona/ to augment what our systems are already doing to protect you.

For Drupal, see the Two-factor Authentication (TFA) modules at https://www.drupal.org/docs/contributed-modules/step-by-step-guides-to-configure-various-2fa-mfa-tfa-methods

For Joomla!, https://docs.joomla.org/J3.x:Two_Factor_Authentication

For the rest, just “google” for the option available to you.

But please don’t stop there.

Visit cPanel >> Security >> SSH Access and take a look at existing SSH keys.

If you see any that you are not familiar with, Deauthorize to revoke authorization for the key.

Then click the Delete Key option to delete the key.

If you are comfortable with command lines, visit cPanel >> Advanced >> Terminal for cPanel and run the flowing command:

cat .ssh/authorized_keys

Data Backups

There is this misconception that if I’m hosting my website with ACME web hosting company, my data is & will always be available and intact.

Nothing can be farther than the truth.

If you are not actively paying for a separate backup service, chances are that if you found yourself in a situation where you need the most current data, you will likely get the previous week’s (or month’s) backup.

With some hosting companies, you may not even get any.

It doesn’t matter if it is the biggest cloud hosting provider in the world.

Or the most minor web hosting outfit.

There is simply nothing like free lunch.

We offer customers granular control over their backups via our self-service backup options at Web Hosting Magic.

Customers can backup and restore their:

  • Home directory Files
  • Databases
  • Database Users
  • Email Accounts
  • FTP Accounts
  • Cron Jobs
  • DNS Zones
  • SSL Certificates

We recommend using this option when making major changes to your hosting account.

You can also use this option to back up the account on daily basis.

Moreover, our systems also religiously back up your data automatically.

This off-site backup (with 99.9999% availability) is done once per week.

We also offer a daily backup-as-a-service option to customers.

When purchased, the system backs up your data once every 24 hrs to a secure off-site location.

If anything happens, you get the exact copy of your data as it was within the past 24 hrs.

For businesses with a need for hourly replication, we also have an option that takes a real-time snapshot of your data every hour.

If anything happens, you get the exact copy of your data as it was within the past 60 minutes.

For customers using our 1-click application installer, you can also back up your application to either of these locations:

  • SFTP
  • Google Drive
  • DropBox
  • your local machine/workstation

The thing is that the process of cleaning up a compromised hosting account is complex and time-consuming.

What these options above does for you is that if anything should happen, you will have the data you need to restore the account to a pristine condition.

Without any of these options, you will have to rebuild the websites, re-install & re-configure the applications, recreate the email addresses, etc.

It is something no business should willingly subject themselves to.

Beyond the fact you will lose customers/visitors and spend a huge amount of time & resources, Google may even black-list the website.

No one wants to be that cautionary tale.

Like so many things in life, the appalling reality of a situation only became apparent after the fact.

We hope that you can take advantage of these options to avoid “Oh, I should have …”.

Want to start backing up your data every day?

With this, your data will be backed up each day.

If you need hourly backups, please do let our billing team know.

Optionally, you can use our CodeGuard Website Backup.

With CodeGuard Website Backup, your website is backed up daily and if disaster strikes, you can restore your site to a previous point in time at the click of a button.

Please, help us help you.

If you have been lax about the security of your web hosting account, do take it more seriously.

By Trax Armstrong

Trax lives inside a simulation. He likes coffee & sushi, loves meditative solitude, reads a lot, and watches Star Trek religiously when he is not interfacing with the datastream.