You already know that security is important for your website. You’ve locked down your WordPress installation, you’ve picked up an SSL certificate, your web site is secure.
But what about your actual Eco Web Hosting account?
What about the account that has your payment details, all your domain names, and all your hosting packages?
It doesn’t happen often, thankfully, but we have had times where domains have been transferred, websites defaced, or everything deleted, just because someone else had access to the account.
Here are a few tips for keeping your account secure, especially if you’re working with contractors or clients.
Never give out your Eco Web Hosting account details
This might seem to be the most obvious thing out there, but it always bears repeating. Don’t give out the details of your main account. Just don’t, okay?
Give them access to their hosting package
With our control panel, you can give someone access to their hosting package control panel directly with a separate login and password. This lets them do anything they want on their website, lets them change DNS settings on their domains, but they don’t have access to any other packages you have.
Create separate Eco Web Hosting accounts
Are you buying individual hosting packages for clients? Think about setting up separate Eco Web Hosting accounts for each client. Not only will it make it more secure if you have to give details to that client, but it’ll also make it easier to give your clients everything if you ever decide to stop working with them.
Use a password management system
With LastPass, you can set up a shared folder, which allows people to log in to sites with your details, but they can’t see or share the passwords. This still gives them access to your account, which can cause problems, but you can quickly remove access right after.
Keep changing your details
Do you have employees? Do they have access to your accounts? Have you changed your passwords after they left? It’s not even about spiteful former employees – it could be an old system left running with a former employee’s login. Much like how you have an onboarding process where you set up accounts for new employees, you should have an offboarding process, going through every possible account and removing access or changing passwords.
Don’t forget – Carphone Warehouse was fined £400,000 due to a massive data breach caused by a single out-of-date WordPress installation and a former employee’s login. Do you want that to happen to you?
Good luck, and stay safe!
(Featured image by Philipp Katzenberger on Unsplash)
