In today’s digital-first world, website security issues can spell huge losses for businesses. If your websites are compromised, you’re facing data loss, downtime, and reputational damage – not to mention the loss of dev time as you try to solve the issue.

 

The good news for agencies and freelancers, is that there are lots of ways you can avoid risk, protect your sites from threats, and offer secure hosting to your clients – and as security geeks, we’re here to guide you through them.

 

So, from offsite backups to PCI compliance, here’s everything you need to know about how to keep your sites protected from online threats.

Take offsite backups

Should the worst happen, offsite backups mean you have complete peace of mind that none of your work has been completely lost.

 

How? In short, offsite backups protect your work by saving a copy of your site at a different location to your server, where it will wait, ready to be restored, if you hit a technical hitch or a new deployment doesn’t work out.

Backups

Since they’re not part of your server at filesystem level, hackers would never be able to access your encrypted, backed-up data. Ever.

 

Some hosting providers save their backups on-site in their usual data centre. But, in an unexpected disaster like a fire, for example, that could mean losing your site and all your backups, all at once.

That’s why, at Nimbus, all our backups are 100% offsite. You can make one anytime you like – plus, we’ll automatically take another at 2am every single night so you don’t even have to think about it.

 

We recommend checking your web hosting provider’s policy on backups and looking for a provider who offers offsite backup hosting, so you can be sure that your sites are safe from even the most unpredictable threats.

Ensure PCI compliance

Payment Card Industry (PCI) compliance is an important addition to any site that handles customer credit, debit and card data.

ecommerce and PCI

If you’re an eCommerce site that does not direct customers via a third party payment system (like PayPal, Stripe or WorldPay, who cover you as standard), you must ensure your own site is PCI compliant in order to prevent the misuse of information.

 

All the information you need to prepare your infrastructure for PCI Compliance testing can be found on the PCI Data Security Standards website: www.pcisecuritystandards.org.

At Nimbus, this feature can be enabled with the flick of a toggle. Hosting multiple eCommerce sites on one server? You’re all covered. Otherwise, you’ll need to make sure your site segments and controls access to payment data, has a secure processing network, and uses strong access control methods, amongst other failsafes.

Discover our all-in-one hosting platform.

Our website hosting platform is full of tools to make managing your client portfolio easier than ever.

Enable two-factor authentication

For the tech geeks among us, two-factor authentication is a type of multi-factor authentication – one that requires two methods of identity verification before granting access.

Server security

In practice, it just means you’ll need a username, password, and a second method – often a smartphone app – to approve login requests, keeping unverified users out of your accounts and making sure the right users get in quickly.

 

We roll this out as standard – and our platform even allows you to easily enable apps like Google Authenticator or Authy; simply scan the QR code and you’re ready to go.

We’d recommend adding two-factor authentication as a second layer of security, though bear in mind that it isn’t enough to guarantee a locked-down site alone. Like many of these features, it should form part of a larger security strategy in order to prove most effective.

Set-up MySQL access

Sometimes it makes sense to allow database access to external developers or clients without opening up your entire server.

 

MySQL is a database management system that allows you to control who accesses your website’s database by creating a list of allowed IP addresses – to which new users have to receive permission to join.

 

It’s just another way to ensure that the only people who can access your site are approved by you – and malicious actors can’t get in.

Organise Automatic Server Security Updates

Hackers are constantly updating their methods. That means everyone else needs to do the same to keep ahead of them.

 

It’s vital to keep on top of updates, patches and changes to your software to ensure that any security gaps are filled before your sites come under threat.

WP Updates

Whatever your hosting platform, making sure you keep aware of which software you’re running, and any updates it may need, is crucial to maintaining security.

 

Some platforms, like ours, offer automatic updates – so you know that your security is constantly improving in the background, while you focus on delivering for your clients.

By organising any updates to happen automatically, you’ll know that a missed update won’t be the reason a vulnerability occurs on your site. Fully up-to-date installations are the most secure, and the best base to build upon.

Manage User Access

A big part of navigating secure hosting is making sure your servers and sites are locked down against unauthorised access.

 

But it can take a team to get a website off the ground – which means widening access to your sites and servers.

 

With managed user access, you can easily manage your permissions: letting people in, timing people out, and getting visibility over who’s been where, and when. You can even give total control access to users or whole teams, whether or not they’re with you in the office.

 

So if you need to show a client what you’ve been working on, or get input from an external expert? You can do it with confidence.

Block nuisance bots & IPs

We all know that unexpectedly heavy traffic loads can cause slow-loading sites, and even downtime.

Site security

To protect against aggressive bots, scrapers and malicious crawlers, you need to keep aware of the newest threats and make sure they’re blocked from hitting your server.

 

On the Nimbus platform, we offer a built-in bot-blocker which is always running, and constantly updating to keep these threats from hitting your sites.

You can also find security plugins with their own databases of known malicious bots – just make sure the plugins you choose to download are trusted and verified, or you’ll risk compromising your security further.

Secure hosting, managed

When you’re in control of client websites, ensuring they’re locked down against any security issues can play heavily on your mind – monopolising valuable time and attention.

 

Establishing strong site security often means juggling a lot of moving pieces, but with this handy checklist of steps, you can be confident that your sites and servers are as protected as they can be.

Security, as easy as flipping toggles

And if you want to streamline your security processes and get total visibility from one central dashboard, you can rely on the Nimbus platform to make security simple.  We’re working hard to make sure ambitious agencies and freelancers have all the tools they need to look like superheroes.

 

Book a platform tour to find out more about our intuitive hosting platform.

 

Related: Understanding PCI compliance

John Headshot

POSTED BY John

I'm John, and I work in the dev team. We bring you the coolest time-saving features in our awesome hosting app.

3 quick facts:
Expert Lego builder 👷‍♂️ Reasonable guitar player 🎸 Avid watcher of Peppa Pig 🐷

Discover your complete hosting platform.

See all your servers, sites and clients in one easy-to-use dashboard packed with helpful features: a library of one-click tools, updates you can activate in a flip of a toggle, speed reports, and more. Everything’s designed to make your life easier.