1. Download Your CMS from a Trusted Source.

CMS stands for a Content Management System. This is a type of website software that allows you to build your site with little to no coding involved. Due to their ease of use and versatility, CMSs are the preferred way of building websites nowadays.

There are literally hundreds of CMSs to choose from, both free and paid, so you should take your time and research what different CMSs have to offer. Once you pick the CMS that is right for you, you should pay special attention to the page that you use to download the CMS files. Our recommendation is to grab the files directly from the website of the CMS developer. Conversely, you should avoid downloading the CMS files from third-party websites as the CMS files could have been altered. Also, when you download your CMS from a third-party distributor, you are not guaranteed to get the very latest version of that CMS.

Tip: are you already an AwardSpace member? If so, you may be familiar with the Zacky Installer section of the Control Panel. Zacky Installer is a tool that allows you to easily set up popular CMSs like WordPress, Joomla, OpenCart, and others. The AwardSpace Administrator Team ensures that each CMS listed in Zacky Installer is fully compatible with our hosting platform and that it is running its latest available version. If you are not sure how to use Zacky Installer, you can read our detailed Zacky Installer tutorial. On our free hosting plan, Zacky Installer is able to set up popular CMSs like WordPress and Joomla. If you use a paid hosting package, on the other hand, you can install over a dozen powerful CMSs, including some of the most popular e-commerce packages like OpenCart and Prestashop.

2. Pick Your Plugins and Themes Carefully.

The aspect that makes CMSs so popular is the fact that most of them are built with extensibility in mind. This means that in most cases you can install third-party plugins to the CMS in order to gain new functionality. Similarly, all major CMS packages support third-party themes that can be used to introduce a completely new design aesthetic to your website.

When picking a theme or plugin, you should once again pay close attention to the website that you use to download these files. The download page should be either a part of the plugin/theme developer’s website or it should be a part of a plugin/theme directory that is officially sanctioned by the CMS creators. A good example of a trusted plugins directory for the WordPress CMS is the WordPress.org Plugin Directory where all plugins are vetted and tested before being added to the collection.

Not all plugins and themes are created equal, however. While browsing a plugin or a theme directory, you will likely notice star ratings, reviews, and download numbers for the various plugins/themes that are available. Below are two simple rules which will point you to the best plugins/themes to download:

• if several plugins/themes achieve the same outcome, download the one that has the highest number of downloads, even if its star rating is a bit lower than the competition.
• check the version history of each plugin/theme and pick one that gets updated on a regular basis.

3. Regularly Update Your CMS.

One very common mistake that novice website owners make is to “set and forget” their website, when in fact they should be doing the opposite. Having a site online requires regular maintenance and at the center of that maintenance, cycle is checking for updates for your CMS. Most CMSs nowadays have a built-in update mechanism, so performing this task should take you less than a minute. What is more, depending on your CMS, you may even be alerted via email once a new version of the CMS is available for download. If you are using WordPress, you can check our article on how to update the WordPress core. Our recommendation is to check for CMS updates at least twice per month and apply new updates as soon as possible.

4. Regularly Update Your Themes and Plugins.

Just like with the core CMS installation, you should also regularly check whether there are any updates for your installed plugins and themes. CMSs normally display a badge or a banner when new updates are available, so they should be easy to spot. If you use WordPress, you can learn how to update WordPress plugins and themes in this article. Checking for and installing updates at least twice per month will ensure that any newly-found bugs are quickly patched and that your site will remain protected.

5. Remove the Cruft.

Every so often it is a good idea to do what amounts to some “spring cleaning” of your website. Go over each installed plugin and theme and ask yourself if you really need it. Chances are that there will be a few plugins or themes that you installed as a test and then forgot about them. Removing these unnecessary pieces of software enhances the security of your website by reducing the points of failure and may even improve your site’s loading speed. You can read the following article in order to learn how to remove plugins from WordPress.

You should also consider removing or replacing any themes/plugins which haven’t seen an update in several months or years. If a plugin was last updated two years ago, for example, there’s a good chance that the developer has abandoned the project and you are now left vulnerable to attacks. Therefore, it is highly recommended that you check your site for abandoned themes and plugins at least once per year and have them replaced with alternatives that are still under active development.

6. Use a Strong Password and Two-Factor Authentication.

At the end of the day, choosing a strong password for your CMS login still matters. You need to avoid recycling the same password across multiple websites. Instead, you should create a unique, randomly-generated password for your CMS. The benefit of using a unique password is that even if another website where you have a registration gets hacked, the attackers can only get your password for that hacked site and your CMS installation will remain secure. There are plenty of websites and services that can generate secure passwords for you, including some completely free options, such as Random.org’s password generator.

Another great way to supercharge your CMS security is to activate two-factor authentication for your CMS login. The majority of popular CMSs offer this feature nowadays and the setup process is fairly straightforward. With two-factor authentication active, you will receive a text message or a push notification on your smartphone which will contain an additional one-time password that you need to enter whenever you log into your CMS from a new device.

7. Back Up Your Data.

No matter how diligently you maintain the security of your website, there is always a small possibility that it can be compromised by a third party. Because of this, it is certainly a good idea to perform regular backups of your CMS. If you are using one of our premium hosting plans, we will actually take care of this step for you by creating weekly backups on your behalf.

Conclusion

Running your own website can be a greatly rewarding experience – you can connect with people from all over the world who share your passions and interests. And with just a little bit of effort every now and then, you will be able to ensure your website’s smooth operation for years to come.

The post How Do I Enhance My Website Protection? appeared first on AwardSpace.com.

In this article, we will compare two of the most important ways you can enhance the protection of your website. More specifically, we will show you how using WHOIS privacy protection and SSL certificate encryption works and what are the benefits of implementing each security feature on your site.

What Is WHOIS Privacy Protection?

Arguably, one of the easiest and most effective ways to ensure that your website gets visited on a regular basis is to register a short and memorable domain name for it. During the domain registration process, however, you may notice that you are asked for a lot of personal information, such as your full name, street address, email address, and even your phone number. This information gets associated with your domain name and becomes a part of your domain’s public WHOIS record.

Fortunately, you can hide this information from the public in a way that does not break any laws or regulations. This is done by purchasing WHOIS privacy protection for your domain name. You can purchase the domain privacy protection add-on while you are in the process of buying your domain name or at a later point. Once your domain has privacy protection active, all of your personal information will be hidden from the public, while still offering a way for people to contact you if needed.

What Are the Unique Features of WHOIS Privacy Protection?

Getting your domain’s WHOIS record protected is all you would need to do if you wish to ensure that your contact information is not displayed on the web in relation to your domain name. Providing you with the option to protect your personal information is important to us, which is why WHOIS privacy protection can be obtained regardless of the hosting plan that you are currently using. In fact, your site can even be powered by our free hosting service and you would still be able to secure your domain’s privacy.

That said, we would be remiss if we fail to mention the effect the General Data Protection Regulation (GDPR) has had on the domain WHOIS system. As of May 2018, many domain name extensions come with privacy protection out of the box. In other words, some domain names come with basic privacy protection as soon as you purchase the domain name itself. For more information on the protections, afforded by the GDPR and how they differ from the WHOIS privacy protection add-on, you can check our article on what is WHOIS privacy protection.

What is SSL Certificate Encryption?

While having active WHOIS protection aims to hide the domain owner’s contact details from the public, an active SSL certificate encryption focuses on the data that is shared by the site’s visitors. More specifically, when you purchase an SSL certificate, any data that your visitors enter on your website will be protected. This data can be content that is meant to be viewed publicly, such as comments on a blog post, but it can also be sensitive information, such as the visitor’s username and password that they enter while logging into your website. For a more in-depth look into how SSL encryption works, you can read our article on what is an SSL certificate.

What are the Unique Features of SSL Certificate Encryption?

If you expect to collect sensitive visitor information, such as your visitors’ usernames and passwords, or perhaps their bank details for a payment, you are wholeheartedly recommended to learn how to install an SSL certificate on your website. Once the website has an active SSL certificate, every visitor will connect to it via a secure connection. The benefit of doing so is that other devices on the same network will not be able to read the information that is exchanged between your website and the visitor’s web browser. Utilizing SSL encryption requires advanced server functionality and as such having an active SSL certificate is only possible on one of our paid hosting packages.

Which Security Feature Is More Important?

If your website is built to carry out financial transactions, such as your visitors making purchases at your online store, having an SSL certificate is a must. The use of an SSL certificate is also highly recommended when you ask your visitors to enter their login credentials. In fact, nowadays most modern web browsers will alert you when a site’s login/payment form is not properly secured via SSL.

Conversely, WHOIS privacy protection is a great way to reduce the number of SPAM calls and emails you receive. In rare cases having your WHOIS information hidden may also protect you from identity fraud. Overall, your website should not experience any negative repercussions if your domain name does not have privacy protection active as this feature exists for the benefit of the domain owner only.

Are WHOIS Privacy Protection and Website Password Protection Mutually Exclusive?

The great news is that SSL encryption and domain privacy protection are fully compatible with one another. So it is entirely feasible to protect yourself from SPAM callers while also protecting your visitors’ sensitive information.

In rare cases, you may notice that WHOIS privacy protection is not available for purchase. If that happens, you should contact the 24/7 Sales team for more information. In all likelihood, the lack of a WHOIS option is tied to the domain name extension you are using and not to the use of an SSL certificate.

Conclusion

Both WHOIS privacy protection and SSL certificate encryption are easy to set up and have no negative side effects when activated. As such, every site owner should be employing both features in order to boost the security and privacy of their website and domain name. If any issues arise during the order or configuration of either feature, our 24/7 Support and Sales Teams are ready to offer assistance.

The post What Is the Difference Between WHOIS Privacy Protection and SSL Certificate Encryption? appeared first on AwardSpace.com.

What Is WHOIS Privacy Protection?

Whenever you register a domain name, you are asked to provide your personal contact information. In some cases, this data would be available to anyone out there, but thanks to WHOIS Privacy Protection, you can legally hide it without any adverse effects. For more information on how this domain privacy protection works, you can check our article on what is WHOIS privacy protection.

What Are the Unique Features of WHOIS Privacy Protection?

Purchasing domain privacy protection is the only way to ensure that your personal information stays hidden from the public, while still allowing those with legitimate reasons for contacting you to send you a message. And unlike a lot of other security features, every domain owner can protect their WHOIS data, even clients who are using our free hosting plan. Domain privacy protection can be added to a domain name you already own, or you can purchase a new domain along with the privacy add-on. To learn how to activate this feature, you can refer to our article on how to buy domain privacy protection.

What is Website Password Protection?

While WHOIS privacy protection focuses on hiding your personal data, website password protection aims to limit access to pages on your website which contain sensitive or privileged information. To achieve this, each visitor is required to enter a valid username and password. If either of those pieces of information is incorrect, the protected page is not displayed. To learn more about the intricacies of this security feature, you can refer to our article on what is website password protection.

What are the Unique Features of Website Password Protection?

When you set up password protection for your website, you can close off parts of it and make these protected sections accessible only to a small number of visitors. You can also assign unique username/password combinations to each visitor. Since this is a more advanced feature, it is only available if you are using one of our paid hosting plans. If you are already using our paid hosting platform, you can go ahead and learn how to set up website password protection.

Which Security Feature Is More Important?

Leaving your WHOIS information open to the public can have undesirable effects, such as an increase in unwanted advertisements over the phone and via email. In extreme cases, your information may also be used in identity fraud. And because of this reason, we consider WHOIS privacy protection to be more important. As such, we highly recommend limiting access to your WHOIS contact details by purchasing privacy protection for your domain name.

In case your website contains personal information not meant for public viewing, website password protection can be just as important, if not even more so. The good news is that password protection can be applied within seconds and it takes effect instantly.

Are WHOIS Privacy Protection and Website Password Protection Mutually Exclusive?

The great thing about these two security features is that they can be applied to the same website at the same time. There are no compatibility issues or conflicts when your site is both WHOIS and Password Protected. As such, you can confidently hide your contact details while also protecting website pages that contain sensitive information.

Conclusion

Maintaining your site security may not be the most exciting or rewarding part of running a website, however, it is nonetheless essential in the long term. Having your website and WHOIS data secured will bring you peace of mind and can potentially save you a lot of time and frustration as you would not need to deal with security breaches and SPAM callers. Overall, we would highly recommend implementing both security measures as early as possible, ideally while you are still building your website.

The post What is the Difference Between WHOIS Privacy Protection and Website Password Protection? appeared first on AwardSpace.com.

What Is Website Password Protection?

Website password protection is one of the most fundamental, yet vital protections, that you can equip your site with. When a website is password-protected, its contents will not be accessible unless your visitors know the correct username/password combination. In order to be able to take advantage of this feature, you need to be using one of our paid hosting plans. For a more in-depth look at this security feature, you can read our article on what is website password protection.

What Are the Unique Features of Website Password Protection?

By implementing password protection into your website, you are able to control who has access to your site’s content. This can be useful if you are building a website that will be used by a single person or a select group of people.

Another scenario in which password protection comes in handy is during the actual website design and development process. By protecting your under-construction site, you are ensuring that nobody sees it before it is ready for prime time.

Lastly, we would be remiss if we fail to mention that setting password protection does not need to cover your whole website. In fact, you can protect only certain folders within your site’s structure. This gives you the best of both worlds – an open portion of the site that everyone can access and a password-protected part for visitors with prior authorization. Begin adding password protection to your websites by following our in-depth tutorial on how to use website password protection.

What Is SSL Certificate Encryption?

SSL certificate encryption enables your visitors to connect to your website using a secure connection. The SSL certificate is installed on your domain name and is capable of securing every single connection that your visitors make to your website. SSL certificates require advanced server functionality and as such, they are only available to customers using our paid hosting platform.

What Are the Unique Features of SSL Certificate Encryption?

Unlike website password protection, the main goal of an SSL certificate is to secure the connection that is used to transmit data between the visitor’s web browser and the web server that powers the website that is being visited. Once the connection is secured, all transmitted data gets encrypted automatically. In a secure connection, the server and the client’s web browser are the only two entities that can decrypt the data. To learn even more about how SSL works, you can check our article on what is an SSL certificate.

Providing an encrypted connection protects your visitors from threats known as man-in-the-middle attacks. In these kinds of attacks, a third party will try to intercept bits of data that are sent from the server to your visitor’s web browser or vice versa. If these pieces of information are not encrypted via SSL, the attacker will be able to read them. If the connection is encrypted, however, all the attacker would see is gibberish. As such, it is vital that an SSL certificate is used, especially when your website will be handling sensitive visitor information, such as their login credentials or their bank details.

As an added bonus, Google’s search algorithms prefer websites that are secured with an SSL certificate. So if you wish to get a boost in your search rankings, all you need to do is to install an SSL certificate on your domain. If you are not sure how to install an SSL certificate, you can follow our SSL installation guide.

Which Security Feature Is More Important?

The way you prioritize one security feature over another depends entirely on the type of website you have and the information you are storing there. If you use your website to take orders from clients and collect sensitive information like names, addresses, and bank information, having an SSL certificate is of paramount importance. If, on the other hand, your site displays privileged information that is not meant for everybody, you should go ahead and password-protect your website.

Are SSL Certificate Encryption and Website Password Protection Mutually Exclusive?

They are not. In fact, they go great together. The vast majority of websites out there employ both security features. When SSL certificate encryption and password protection are used in combination, you can have visitors who are able to securely connect to your website and access pages that are not available to the public.

Conclusion

While neither of these security features is required to have a site online, each of them can bring tremendous value to your website. The use of SSL encryption is nearly universal nowadays and as such, we believe that every site owner should purchase an SSL certificate for their website. The use of website password protection is a bit more niche and may not be applicable to your website. Therefore, you should implement password protection only if you have web content that should not be publicly accessible.

The post What Is the Difference Between SSL Certificate Encryption and Website Password Protection? appeared first on AwardSpace.com.

What is Website Password Protection?

When you enable website password protection, you will be asked for a username and a password on every visit to your site. If you are unable to provide valid login credentials, an error page will be displayed and your site content will not be shown.

How does Website Password Protection Work?

At its core, website password protection restricts access to a specific directory in your hosting space. You get to choose this directory as well as the username and password which are used to gain access. The password protection can be applied to any directory – from a subfolder to your main domain directory.

The feature is managed through a dedicated Password Protection section in the Control Panel. If you have trouble setting up password protection for your site, you can check our in-depth guide on how to add website password protection.

Does Password Protection Cover Sub-Directories As Well?

Yes, the website password protection covers all sub-directories which are located in the target protected directory. As such, if you secure the root folder for your domain name, all of your site contents will become private. If a visitor tries to gain access without knowing the correct username and password, they would be presented with the following page:

Can I Allow Additional Users to Access My Protected Directory?

Yes, once you have set up password protection for your website, you can create as many additional users as you need. Each new user will have the ability to both read and create files in the protected directory.

Does Website Password Protection Work over FTP?

No, the website password protection feature is designed to protect from unauthorized HTTP access only. In other words, it is effective when someone tries to visit your site in their web browser. Website password protection is not able to secure a directory when you are viewing it in our File Manager, an FTP client, or via SSH.

Can I Use Website Password Protection on the Free Hosting Plan?

At this time, website password protection is a feature only available on our paid hosting plans. If you are using our Free Hosting Plan, you may consider upgrading to the paid hosting platform.

The post What Is Website Password Protection? appeared first on AwardSpace.com.

What Is WHOIS?

WHOIS is essentially a collection of data about your domain name that third parties may have access to. The WHOIS record associated with your domain includes general information about the domain name itself as well as contact information about you, the domain owner.

What Kind of Information Does a WHOIS Record Store?

A typical WHOIS record will include, among other things, the domain status, the registration and expiration dates, the name of the domain registrar, and the nameservers currently associated with the domain name. In addition, information about the registrant (domain owner) is also kept, such as the name, email, street address, and phone number.

Why Should I Consider Hiding My WHOIS Contact Details?

Having your personal contact details publicly available is not recommended for two major reasons. The first is that people who engage in identity fraud may decide to abuse the contact information you are providing to the public. The second reason to consider protecting your details is that telemarketers and email spammers regularly scan the WHOIS database for unprotected contact details and use those for cold calling and the sending of unsolicited (SPAM) messages.

What Is WHOIS Privacy Protection?

WHOIS Privacy Protection is an optional purchase that provides you with a legitimate way of hiding all personally identifiable information, such as your name, email, street address, and phone number from the public WHOIS record. Once purchased, the privacy protection is applied automatically to your domain’s WHOIS record.

You have the option of purchasing WHOIS privacy protection for your domain name while you order the domain name or at a later point through the Domain Manager section of the Control Panel.

Can Anyone Access the WHOIS Record for My Domain and See My Personal Information?

In the past, it was possible to get a domain owner’s contact details simply by requesting the WHOIS record for their domain name from the public WHOIS database. In 2018, the European Parliament passed the General Data Protection Regulation (GDPR) in an attempt to preserve consumer privacy. Thus, the GDPR forced domain registrars to limit the amount of information that is shown in the public WHOIS database. As such, nowadays there’s a good chance that your personal information is already redacted.

In Which Cases Does the GDPR Protect My Information from Being Displayed on a WHOIS Record?

Whether your domain is protected by the GDPR or not depends on the extension that your domain name uses. If your domain name ends in one of the extensions listed below, then your personal contact information will be protected, even if you do not purchase WHOIS Privacy Protection:
.com, .net, .org, .info, .uk, .org.uk, .co.uk, .biz, .tv, .me, .cc, and .cm

Conversely, if your domain name uses one of the extensions listed below, then your domain name’s WHOIS record will not be protected by the GDPR:
.us, .eu, .de, .be, .ca, .asia, .jp, and .in

What Type of WHOIS Record Data Is Protected by the GDPR?

The GDPR protects all personally identifiable information, such as your name, email address, phone number and street address. Other information which does not identify you is still present in the WHOIS record and is accessible by everyone. Examples of freely accessible information include the domain registrar name, the nameservers in use, the domain’s expiration and registration dates and the domain status.

Is There a Difference Between the Protection Offered by the WHOIS Privacy Protection and the GDPR?

Both the GDPR and the WHOIS Privacy Protection add-on accomplish the same objective with only two notable differences – the scope of the protection that is offered and the way each method handles your email address.

Which Offers Me Better Privacy – the GDPR or the WHOIS Privacy Protection?

In response to the GDPR, domain registrars have adopted what is known as a gated WHOIS system. In this new system, your personal information is not available to the public, however, individuals with legitimate reasons for obtaining your contact details can still be granted access to your full WHOIS record. For example, a law enforcement official can request your data from the domain registrar if it pertains to an ongoing investigation or a trademark/copyright holder may request your personal information for the purpose of contacting you if your site happens to violate their trademark or copyright.

In contrast to the protections afforded by the GDPR, if you have purchased WHOIS Privacy Protection for your domain name, people would not be able to obtain your personal information, even if they have a legitimate reason for contacting you.

If I Am Violating a Trademark or a Copyright and I Am Using WHOIS Privacy Protection, How Would the Trademark/Copyright Holder Notify Me?

This is the second notable difference between the two types of protection:

While the GDPR will redact your email address outright, having WHOIS Privacy Protection actually just masks your email address while still offering a way for people to contact you.

Should I Get WHOIS Privacy Protection for My Domain Name?

If your domain name uses an extension that is afforded protection by the GDPR, then in most cases you would not need to purchase the additional WHOIS Privacy Protection. If your domain name is not protected by the GDPR, on the other hand, you may consider purchasing WHOIS Privacy Protection. To learn more about the buying process, you can refer to our article on how to purchase WHOIS Privacy Protection for a domain name or you may contact our 24/7 Sales team.

Does Having WHOIS Privacy Protection Also Protect My Website?

WHOIS Privacy Protection is only able to hide your personal details in your domain’s WHOIS record and it does not offer any additional security features. If you are looking to hide your site’s contents from the public, you may be interested in learning how to add password protection to a website. For a more detailed comparison between WHOIS privacy protection and website password protection, you can check our article on what are the differences between WHOIS privacy protection and website password protection. If, on the other hand, you wish to strengthen the security of your visitors, you may read our article on how an SSL connection encryption differs from WHOIS privacy protection and then consider purchasing an SSL certificate for your website.

The post What is WHOIS Privacy Protection? appeared first on AwardSpace.com.