As those of you who know me, I take website security very seriously so that my clients don’t have to. For those of you who aren’t hosting with me, however, I want to call attention this post by Wordfence (a popular WordPress security plugin) outlining the security concerns every website owner should be asking their hosting company.
For those of you who don’t quite understand the lingo used in the article, however … I’m going to do a 5-part series tackling each of these questions in detail so that you can know enough about these things to make the right decisions for your business. So without further ado:
Are you running up-to-date versions of the following products: CPanel, Operating System, Caching Technology, PHP, phpMyAdmin and MySQL?
Zomg, what are those? Well, let’s talk about each one of them so that you know:
- cPanel is the software that contains your site. Many hosting companies use it. You can log in through the cPanel to see things like your File Manager and e-mail accounts so that you can manage your site. It is also where you can manage add-on domains and see your site stats. Some cPanels come with programs (like Scriptalicious or Fantastico) to auto-install software like WordPress.
- Operating System is what your site runs on. While a personal computer may run on an operating system like Windows or MacOS, most WordPress servers run on an operating system called Linux. Some run on NGINX, UNIX or Windows instead, but a majority are on something like RedHat Linux — which can also be called a LAMP platform.
- Caching Technology is built into the hosting at some server companies like WP Engine or GoDaddy Managed WordPress. This increases your site speed by keeping local copies of your site instead of accessing the database and building the page every time.
- PHP is the programming language that runs WordPress, which is why the files all end in .php. It requires software on the server to compile those .php files and send them to the web browser as a complete webpage.
- phpMyAdmin is the software, usually accessed through your cPanel, that lets you control the content in your database manually.
- MySQL is the software that runs your database.
So why should you care?
These software programs are the backbone of your site. If they are not kept up to date, you can have backdoors (vulnerabilities) in your system that will allow hackers to get in. If a hacker gets into your account through the hosting software, they won’t just have access to your site — they will have access to all sites in your account, your e-mail accounts, your databases, and all your files. They could set up their own sites using your hosting account, spam people, get your hosting account and domains blacklisted, and even more.
Beyond the security aspect of software updates, new versions of WordPress and all your plugins come with minimum hosting requirements. If your server is running old technology, you might not be able to use the latest features and functionality on your site — and if you can’t update your site without it breaking, the front end of your site becomes vulnerable to malware as well.
How do I know what to ask for?
WordPress has a handy template here that you can use to ask your host if they are using the minimum versions you need for support.
If you are using cPanel, you can sometimes log into your account and see the software versions being used on the sidebar.
Ready for more?
In the next part of this series, I’ll be talking about the walls between accounts on shared hosting. If you don’t want to miss it, you should sign up for Super Alerts!