7 Web Hosting Tips to Help Secure Your Site

Online security is more important than ever. the Identity Theft Resource Center said 2021 set a record for the number of data breaches and ransomware payments totaled nearly $600 million in the first half of 2021 and the White House hosted a summit on how to combat these attacks. And these concerns aren’t just for large companies, they’re for anyone with a website.

Web hosting security vulnerabilities can compromise the personal information of visitors and the owner of a website. Cyberattacks that exploit these loopholes can also cause site owners to lose revenue by hiding or deleting information from their site. The exact risk to your site depends on the type of web hosting plan you have. Fortunately, many web hosting services offer a range of cybersecurity tools to help protect your site.

Here are seven important security tools to look for in a web hosting service.

SSL certificates

Secure Socket Layer (SSL) certificates are cryptographic protocols that encrypt and authenticate data between servers, machines, and applications running within a network. These help prevent third parties from intercepting, modifying or storing sensitive information such as a person’s credit card information.

Think of those certificates like the secret language you and your best friend invented when you were little: you know your friend says the professor is the worst, but the professor wonders why you’re arguing about how much banana pudding needed to fill a football field. SSL certificates ensure that your visitor information is all sent through the secret language.

Secure File Transfer Protocol

File transfer protocols, or FTP, are used to transfer large amounts of unencrypted data to your web hosting server, such as if you wanted to upload a video or multiple files to the server. Using an FTP does not provide users with a secure transfer method, leaving your data vulnerable to interception by third parties.

While many web hosting services offer FTP access by default, some web hosting services, like Ionos, offer secure FTP access by default instead. Secure FTP encrypts the data you transfer for greater security. So if you’re transferring sensitive data, just like you’re using SSL certificates, you know your data won’t end up in someone else’s hands.

Web Application Firewall

A web application firewall (WAF) protects web applications by filtering, monitoring, and blocking malicious web traffic intended to log data about site visitors or the site owner. All web traffic must pass through a WAF before reaching the server hosting your site. If the WAF sees suspicious web traffic trying to access the server, it blocks it. These firewalls can also prevent unauthorized data from leaving the web application. They act as checkpoints to and from web services to ensure that nothing malicious enters and nothing important exits.

Web application firewalls are like bouncers outside the club you and your friend went to over the weekend. The bouncers let you both in, but they kicked out the person behind you who was already slurring their words and acting like they owned the place.

Some web hosting services, like A2 Hosting, include WAFs in all of their web hosting plans. If you select a hosting plan that does not offer WAF, companies like imperva and Cloudbric offer WAF plans with additional security features. Some plans might also improve your web hosting security, even if your web hosting service offers WAFs. Some WAFs also offer reports and analytics to better identify and resolve vulnerabilities to protect data.

Virus and malware protection

Virus and malware protections are essential, especially if you have a shared hosting plan where you share a server with potentially hundreds of other users. While you and everyone else upload files and data for your sites to the same server, some of those files may contain a virus or malware without your knowledge. Once the file reaches the server, the malicious code contained in the file could impact all sites on the server. Your site could be vandalized or destroyed, causing you to lose visitors and/or revenue. The malicious code could also steal your data or the data of your visitors.

Think of the server as an apartment building and everyone inside the building as a website. If someone enters the building and they are sick, this illness can spread throughout the building. In this case, anti-virus and anti-malware protections prevent the disease from entering the building in the first place.

For shared hosting plans, the web hosting service is responsible for maintaining anti-virus and anti-malware protections. However, if you have a VPS or a dedicated server, you may need to install your own protections.


Not all web hosting services offer the same cybersecurity tools, but reading about web hosting plans can help you choose the best one for you.

Angela Lang/CNET

Distributed denial of service protection

Imagine you ask your parents a question, but your little brother doesn’t want your parents to give you the answer. Your brother gathers all his friends, neighborhood kids, classmates and anyone he finds and they all start screaming at the top of their lungs to drown out any other noise. You can’t hear yourself think, let alone what your parents are saying. This is what a Distributed Denial of Service (DDoS) attack looks like for your website.

Distributed denial of service attacks are the top cyber threat. These attacks flood your site with traffic from a network of malware infected and connected computers called a botnet. Increased traffic can prevent visitors from accessing your site, disrupt your work, and could overwhelm the server your site is on. No matter which hosting plan you choose – shared, VPS or dedicated – the increase in traffic consumes the resources available on your site and the server in general.

Web hosting services with DDoS protections in place are able to detect and prevent these firehose attacks from occurring. A WAF can help detect and mitigate DDoS attacks, but often this is not enough to prevent a DDoS. A tool to help prevent a DDoS attack is a anti-intrusion system. These network security tools monitor malicious web traffic activity and flag, block, and drop the activity.

Some web hosting services, like HostPapa and InMotion Hosting, display their DDoS prevention tools on their plan breakdown pages. If a web hosting service does not display their DDoS prevention tools, you should contact the service and ask if they offer these protections. Defenses against these attacks could save you and your site from losing revenue and visitors.

Backups of site data

Backups are components of disaster recovery and are a last resort in the event that your site is compromised, degraded, or deleted. A backup allows you to restore your site to its former glory. You can choose to manually back up your data or you can enable automatic backups so you can schedule when your data is backed up.

Having safe and secure backups minimizes the downtime of your site if it is compromised, which can save you visitors and revenue. Some web hosting sites, like bluehost and A2 Hosting, offer free automatic backups with their hosting plans – A2 Hosting also offers manual backups. However, lower tier web hosting plans may only offer manual backups, and automatic backups are available on higher tier plans.

Some backups, such as those provided by come on daddy, are stored on a secure cloud server. Other backups are stored on separate servers from the one where your site data is stored. These precautions ensure that if your server is compromised, your data is still safe. However, not all web hosting services take such precautions, and they may not indicate in their hosting plans where backups are stored. If this happens, contact the hosting service and ask if the backup is stored on the same server as your data. It might save you a headache later.

You can also save all your backups locally on your personal computer, hard drive or server. This is handy in case your web hosting service keeps backups for two weeks, but your site was compromised three weeks ago. In this case, it means that the server backup is also compromised. Having local backups would give you access to an uncompromised version of your site.

Managed Hosting Plans

Consider a managed hosting plan if you don’t have the time – or the experience – to monitor your website for security issues. With managed hosting plans, the web hosting service handles all potential administrative issues, security updates, patches, and provides additional resources for your site.

Managed hosting plans are a lot like hiring Batman’s butler, Alfred Pennyworth, to watch over your home and make sure everything is running smoothly. It can even provide defense if needed. Unmanaged hosting plans leave maintenance and security in your hands. For this reason, managed hosting plans are generally more secure than unmanaged hosting plans.

Where to look for these features when choosing a hosting service

Web hosting services display much of what is in their web hosting plans on their hosting comparison pages. This comparison page of A2 Hosting shows that it offers features like SSL certificates, DDoS protections, and virus scans. This page of Dreamhost shows that it offers features like SSL certificates, automated daily backups, and secure FTP. Having easy access to service comparisons is helpful when deciding which company to trust with your website.

However, you may need to contact your web hosting service to see if they offer security features that are not advertised.

To learn more about web hosting, see best web hosting services of 2022the best website builders of 2022 and 11 things to know before launching a website.

Now Playing:
Look at this:

Choosing a Web Host — Buyer’s Guide 2021


James S. Joseph