Multiple websites on one hosting account can be a security risk
I wanted to bring to light a security risk that you may be taking and not even know it…having multiple websites on one hosting account.
What is the big deal?
Now, you may be wondering–what is the big deal? I can have unlimited domains under my ClickHOST BETTER Hosting Plan. And, you can…but, what generally happens is you have one “good” site that represents your business. This site drives traffic to your on-line presence. You love and care for this site; it is your baby. Then you add another domain under the same user account, maybe it is a business idea you are toying with. Maybe it is for a new blog on why Pet Rocks should make a comeback. Or, maybe you just want to create a test site before you implement changes on your “good” site. Okay, now you have several CMS instances on the same user account.
Pet Rocks really shouldn’t make a comeback
Some time goes by…you forget about that new start-up concept site. Turns out, Pet Rocks really shouldn’t make a comeback, and you have implemented the updates to your “good” site, but forgot to delete the test site. Overtime, these add-on instances become out of date and become susceptible to security vulnerabilities. Did we learn nothing from our blog, Why Update WordPress? Once an attacker has found a way to infiltrate one of these vulnerable sites, then any susceptibility on them can be used to cross-contaminate all your sites and compromise your whole account. It’s frustrating, but the hackers don’t care how important a site is to you or that you haven’t looked at it in months, all they want is a way to get in and do their dirty work.
We scan regularly for malware
As a Hosting Provider, we take the security of your website very seriously! We scan for malware regularly and keep you informed and assist with clean-up when the unfortunate happens.
But, there are some things that you can do too. We suggest that you keep only the necessary files, themes and plugins that allow your site to function as desired. And, keep software versions updated. Use multiple domains under one user account only if they are related to the same business and can be managed as such. That way, you can keep better track of test sites or landing pages that have a shelf-life. Put new business websites on their own hosting account, so you can close the account if/when the business concept is no longer viable. Above all, do regular audits and housekeeping of your sites.
Also, don’t forget about your old Joomla or Drupal backups in your hosting account. These old versions of your website are easily compromised too. If you want to keep them, then be sure to create an archive of the files and delete the CMS files.
It is not a matter of if you will get a virus; it is more of a question of when. Be a responsible website and hosting account owner. Keep separate hosting accounts as needed, do regular maintenance, and you can reduce your chances.
Do you have an experience that you want to share with us?