How to Keep Your Site Secure

How to Keep Your Site Secure Beyond What Your Host Offers

Security and business go hand in hand. If you had a brick and mortar location, you would lock the doors at night and install some security cameras, wouldn’t you? It would be considered foolish not to. Yet, when it comes to a website we don’t necessarily talk about security in the same obvious way. This may have to do with differing levels of understanding of what actually goes into protecting an e-commerce operation or informational site. Often, the response is “Oh, IT takes care of all that stuff.” And that is usually the case. But, it’s important for business owners to know how their sites can be better secured even if they aren’t actually performing the implementation of these practices themselves.

 

Cybersecurity is gaining more mainstream attention for many reasons, whether it be political discussions or the reality of an ever more interconnected world. While you may not be running a bank or some other kind of high profile business that you think would make you a target, the truth is small businesses are targeted with fair regularity. In fact, 43% of cyber attacks actually target small businesses. Additionally, 48% of data security breaches occur due to malicious actors rather than human error.

 

All of this is to say that it’s important to fortify your website within reason. While you shouldn’t be losing sleep at night over it (making sales and generating leads are far more pressing concerns) it’s good to take the right steps to bolster your security for some piece of mind.

 

Your hosting company does provide some security measures to protect your managed VPS or dedicated server, but the bulk of it is really up to the user. If you’re concerned that your business’ website isn’t protected enough, there are some steps you can take to make it more secure. Here is what you should know about protecting your website beyond what your hosting company provides.

 

How Your Hosting Company Helps

 

You may notice that your managed VPS or dedicated server comes with a level of complementary DDOS protection. DDOS attacks, essentially an attempt to knock your website offline with a flood of artificial traffic, are a very common malicious event that affect many organizations every year. Your hosting company can’t guarantee protection from every kind of attack, but many of the major causes are covered. These include UDP floods, NTP amplification, DNS amplification, Syn flood, volume based attacks, and fragmented packet attacks.

 

However many other kinds of attacks are dealt with at the server level and rely on users following some best practices.

 

Configure cPanel Appropriately

 

At the server level, your cPanel access does give you a measure of control over how your installation handles nearly every kind of security configuration you can think of. The company has actually put out an extensive list of recommended settings that you may opt to follow. It is a bit of a deep dive. Your individual use case may mean some of these recommended settings won’t work for you, but unless you have highly specialized reasoning for that, it’s a good checklist to stick to.

 

Use HTTPS

 

A few years back this may have seemed like going the extra mile, but every modern browser nearly shames you into using HTTPS and with good reason. Ever notice the pronounced green lettering and lock next to a URL in Chrome if the site uses HTTPS? Going to a site without this seal of security feels almost dangerous in 2017. Ever since Google made the switch to HTTPS for all search traffic, Blogspot, and Gmail, it’s become expected that your site uses this security protocol as well. While it’s especially important to invest in an SSL certificate (which will get you this HTTPS designation) if you have an e-commerce site because you’re handling sensitive credit card information, there’s really no reason not to invest in one no matter what kind of site you have. SSL certificates don’t cost much and they’ll pay for themselves with improved customer confidence and SEO value.

 

Keep Software Up to Date

 

Best cPanel practices are good for securing your site in the backend as is making the switch to HTTPS. But that’s the server itself. What about what you’re actually putting on that VPS? The software that makes up the customer facing part of your site, such as a CMS if you choose to use one, has to be maintained as well. An outdated CMS is a major risk factor when it comes to having your site compromised. Most websites run a CMS of some kind, with the big names being WordPress (the most widely used), Joomla, and Drupal. These are open source technologies which mean their source code is public and ripe for exploiting.

 

This doesn’t mean you should avoid using a CMS. It certainly makes creating and updating your site a lot easier. But you must be diligent in running software updates, including updating whatever plugins or add-ons you’ve also installed to improve your site’s functionality.

 

Don’t Make Admin So Obvious

 

You’ll want to do a little renaming to better throw off any hackers who want to go straight to the source. A CMS like WordPress often automatically creates a very simple URL for access. For example, try going to a site you know uses WordPress and adding /wp-admin to the end of the URL. If you get to the log in screen, you know that site owner didn’t take the extra step to secure their site and change the default login URL.

 

Additionally, change your folder names. There are scripts that can be deployed by malicious third parties to scan the directories on your server to look for folders labeled “admin” or something similar. By renaming your admin folders to something recognizable only to yourself and your team you can get an easy win here. By masking some obvious entry points, you can add an extra layer of security that isn’t too technical in nature.

 

Installing Security Software

 

You can install some software to monitor and protect your site as well. One popular choice is a web application firewall. A web application firewall is essentially a cloud-based firewall that you subscribe to to protect your site from hacking attacks. A web application firewall can inspect the traffic coming into your site, identify malicious requests to stop them, protect from spam, SQL injections, and brute force attacks.

 

You may also opt to use an entire security package. There are many companies that offer monitoring services, vulnerability analyzers, virus scans, and all sorts of bell and whistles. If you want to outsource your security, these services will do that for a price.

 

Conclusion

 

KnownHost provides the servers and hosting environments you need to succeed. With 24/7 customer support, industry leading uptime, complementary DDOS protection, and a variety of hosting plans suitable for businesses of all sizes, KnownHost aims to meet all of your business needs. Contact us today and speak with one of our team members about which managed VPS or dedicated server plan would make the most sense for your business. Let’s partner together to help you reach your goals.

Read More

Business Testimonials

How to Get the Most Out of Business Testimonials

One of the first things most of us do when we evaluate a product or service is look for reviews. In fact, an incredible 90% of people reported that positive reviews make them likelier to buy, while 86% said that negative ones make them likelier to look elsewhere. In a similar poll, 88% of people said that they trust reviews as much as personal recommendations.

 

In other words, the opinions of other people who have already purchased your product or service are deeply important to convincing people to buy from you. The use of testimonials (statements from pleased customers) can give visitors a sense of the customer perspective right on your site, so that they can understand what the experience might be like once they’ve committed to your company.

 

Here are some thought-leader tips and legal recommendations for the use of testimonials:

 

  1. Build social proof into your business.

 

First, as a general rule, you want to think about all your existing customers as an opportunity to establish social proof to new ones. Cody McKibben of Thrilling Heroics advises to identify a dozen of your customers that are bringing the most revenue to your business. Ask them for feedback, and see if they have some positive things to say. Once you better understand which ones are particularly enthusiastic, you can take their comments and turn them into case studies or testimonials.

 

  1. Ask for details.

 

Your testimonials will be less compelling if all of them say, in so many words, that you’re great and your service is awesome – without going into any specifics of their journey with you. Ask your client to get granular with their experience, and to use exact data if they have it, explains Chris Garrett of Copyblogger. Instead of “Our sales grew enormously,” get them to zero in on the real impact, such as, “It increased our sales by 178% within 90 days.”

 

  1. Provide full information for the speaker.

 

Sometimes testimonials will say that “Mike” liked the product, or that “Susie (Topeka, KS)” thought your service was spectacular. How can anyone know if those comments are real or if those people even exist? Make it possible for visitors to your site to verify your testimonials through names and links to the happy customer’s social profile or website, suggests Juha Liikala of Stripped Bare Media. Few people will go beyond that step to confirm with the person that the comments are theirs; however, that simple effort to allow people to check your sources shows transparency and will make them feel more confident with your business.

 

  1. Select testimonials that discuss important benefits.

 

Sometimes testimonials can be strongly positive but off-focus in terms of helping you prove how helpful your product is, explains Derek Gehl in Entrepreneur. For that reason, when someone gives you a glowing response that is centered on nonessentials, it’s less helpful than when someone describes how it solved their problem. “It’s fun to hear that your super-duper floor cleaner smells nice or that the bottle doesn’t drip,” says Gehl. “But have you established that it cleans their floors well?”

 

  1. Highlight impressive customers.

Of course you want for all of your customers to be satisfied; but when you approach people for testimonials, says Firas Kittaneh of Amerisleep, the best ones are people whose names or companies will be recognizable to visitors. That’s especially the case if it’s someone who is an influencer within your demographic’s industry.

 

  1. Choose testimonials that compare.

 

When people are looking at your site and shopping for a new product or service, they are comparing you to everything else that’s out there. Because they are in that “comparison” mindset, it helps to show them statements that discuss what you offer in relationship to an alternative. For instance, a particularly strong testimonial will come from someone who was dissatisfied with a competitor before they became your customer. By using their perspective, you’ll establish how your product is preferable to another option that your prospective buyers might be considering.

 

  1. Be careful how much you groom them.

 

You want these comments to sound natural, and their organic nature can be lost if you do too much editing. “Those small grammar and language quirks help the reader connect and demonstrate they are real,” says Garrett.

 

  1. Showcase testimonials that overcome objections.

 

The sales process isn’t just about explaining what’s great about your service; i.e., explaining why the person should say yes to you. It’s about identifying ways in which it will not cause the customer any problems; i.e., describing why the individual should not say no. When you use testimonials, their strength in helping you sell will be improved if the customer discusses how they overcame their own objections – that they had concerns but ended up realizing they were in good hands.

 

  1. Create a page that is solely focused on them.

 

While it can help to feature testimonials on your homepage or elsewhere as pieces of a page, you also want to have a whole page that is focused on them entirely.

 

  1. Pick out testimonials that back up your claims.

 

What are the special capabilities of your product or service? How are you claiming that it is different and better than everything else that’s out there? Since you have a vested interest in the customer buying, they will take everything you say less seriously than anything they can gather from an objective third party.If you say your product can do something,” says Gehl, “your testimonials should back up your promises, complete with actual facts and figures.”

 

  1. Don’t make them up.

 

If you are just starting your business or think contacting your customers to get their thoughts could be a huge pain, you may want to skip that part of the process and just write some things you think a happy customer might say. Beyond being unethical, that route is also typically ineffective. Remember Mike and Susie from Topeka? Just like no one is likely to believe their thoughts are real (or that even the people are real), no one will probably be tricked by coming up with your own customer comments.

 

  1. [Legal] Testimonials should be accurate.

 

To continue with the ideas from #11, the Federal Trade Commission (FTC) stipulates that whenever someone endorses your product or service (as in a testimonial), it should be factual. One aspect of accuracy is that it’s unlawful to highlight someone who had an unusually positive experience with your product if their results were atypical. If the results aren’t typical, that should be stated clearly in a disclaimer (which can be referenced through an asterisk with small print at the bottom of your page).

 

  1. [Legal] Get permission in writing.

 

Email your customer and ask them if you can use their comments. You need their OK in writing so that you aren’t put at risk if they later change their mind. Along the same lines, your terms and conditions can state that user reviews may be used in your marketing material.

 

  1. [Legal] Don’t copy-paste from Facebook.

 

Typically, a social media site will have terms and conditions stating that user-generated content is owned by the user. “[I]f you copy and paste the testimonial,” says Leah Hamilton in Kissmetrics, “you are infringing on the intellectual property rights of the person who wrote the review, which is not the best way to treat people who love your product!”

 

*****

 

Are you wanting to wow potential customers and make more sales? One way to keep people on your site is with strong hosting performance, backed up by 24/7 American-based support. That’s what we offer at KnownHost, as described by our satisfied customers: See our VPS client testimonials.

Read More

Excellent E-Commerce Customer Service

12 Principles for Excellent E-commerce Customer Service

One of the most important ways that businesses differentiate themselves from their competitors online is through the quality of their support. It’s an especially important part of success in e-commerce, since people are often using e-commerce because they want a convenient, fast and easy experience – so they want help to be immediate and effective when they need it.

 

Does this perspective toward the supreme importance of customer service sound inflated? Consider that more than three-quarters of consumers have abandoned a shopping cart because they became frustrated with the quality of service, according to statistics compiled by Help Scout. Plus, the aphorism that “bad news travels fast” holds true: word of a customer service failure gets to more than double the people that a service success does.

 

Since customer service is such a critical piece of your business, it’s wise to fine-tune it as much as you can. Here are some thoughts on customer service excellence:

 

#1 – Open by listening.

 

As is also true with sales and marketing, leading with the ear rather than the mouth can be a powerful way to connect and problem-solve, notes Jamie Carmichael of UK business directory Yell.com.

 

What is the customer saying? As you listen, make sure you understand what they want (with clarifying questions as needed) and provide your best expertise.

 

#2 – Give fast and accurate answers.

 

Obviously, the purpose of customer service is functional: people want answers and to move on with their days. One simple and straightforward way to solve problems faster is simply to be available at all times, 24/7. That way no one is ever having to check your hours and jot down a note to get in touch the next day; they can simply take action.

Typical ways that companies provide help 24/7 are through live chat and through content, such as a blog or a knowledge base.

 

#3 – Simplify the process to quit your service.

 

Make it easy for people to cancel your service whenever they decide that makes sense. Typically people have already decided they are going to close the account before they get in touch with you, so efforts to try to retain their business will often prove futile. Plus, if canceling is easy and respectful, they’re likelier to come back.

 

“[F]ollow up with a phone call or email or survey to determine the reason for their departure,” advises business coach Donna Guntner of Foxonlinelearning, “but don’t force them to go through this process to exit.”

 

#4 – It’s positive to provide brief explanations.

 

Despite the overarching effort to be as efficient as possible with customers, it’s also not entirely positive to feel that you want the interaction to be completed rapidly. It can be very helpful to express why something the customer wants can’t happen – what exactly it is that’s in the way. A little bit more time can humanize the experience more. Being as open as you can with your conversations makes the tone feel that you are people working together toward the same basic goals, rather than a sort of cog in an anonymous system.

 

#5 – Become an expert at apologizing.

 

When something goes wrong in a customer’s use of your service, accept blame as possible. That’s helpful, according to help desk software LiveHelpNow, because admitting to fault on your end can defuse potential conflict. Keep in mind that the customer may still walk away upset if you give them a refund. For cases in which your company was clearly in the wrong, apologize profusely and mention the steps that actually should have been taken by the company.

 

#6 – Be cautious about automation.

 

It makes sense why so many businesses are turning toward automation to solve many of their customer service issues: it’s highly affordable. However, as Carmichael notes, be aware that the result is often very expensive in terms of the user experience suffering. When someone is trying to move quickly, they may become frustrated talking with a bot – especially if the bot is malfunctioning or otherwise failing to properly address their issue.

 

#7 – Understand that each situation is unique.

 

You of course want to have standardized, cookie-cutter ways to solve the most common problems that arise. However, there will be times that the policies related to a particular product or service don’t apply. Watch our for these exceptions to your rules. You will earn trust and loyalty from customers by recognizing that their case is special and suggesting a customized solution.

 

#8 – Go to your customer for answers.

 

If you are having difficulty figuring out a solution, ask your customer for their perspective. They probably has something in mind that they feel would make sense given the circumstances. Even if that final answer is not exactly what you want, the customer may also feel that they are not getting exactly what they’d hoped.

 

Although it may be a compromise to zero in on something workable, this approach allows you ”to end on a positive note,” notes Guntner, “and while the customer may not return to you, he probably also won’t tell everyone he meets that you’re an ogre, either.”

 

#9 – Provide simple calls to action.

 

If your customer needs to take a set of steps, make sure that you convey instructions properly, and that everything is fully understood. You can deliver an extraordinarily streamlined and effective checkout process, but a customer or prospect may still leave irritated if you aren’t paying as much attention to your support.

 

How important are next steps? Carmichael actually suggests that every single time you talk to a customer who has a problem, you should close out the call with clear actions that should follow the call (on both sides, as applicable).

 

#10 – Be respectful and friendly.

 

Customer service should be infused with positivity. Greet them, use their names, and always express appreciation for their business. Be grateful, and consider building in a customer loyalty program and even setting aside an annual customer appreciation day.

 

#11 – Don’t over-reference your legal files, and make sure they aren’t excessive.

 

No one wants to have to leaf through a small-print agreement filled with difficult-to-decipher legalese to determine exactly what your stated policies are. Yes, you can fill your Terms of Service contract with parameters intended to protect you; but that will not always mean that the customer is happy in the end. In fact, it can be a good idea to highlight anything in those pages that might be unfavorable to a customer later.

 

#12 – Be amazing.

 

Customer service should be considered a central concern, not something that’s optional. It’s necessary to be thoughtful, and to set aside a substantial investment and time, if you want exceptional customer service – around which you can strengthen your brand. With each one-on-one interaction, bear in mind that the customer will feel incredible if they get the sense that you are taking extra steps to help them. “This feeling comes across not only in what you do, but how you do it and, perhaps more importantly, why you’re doing it,” explains Carmichael.

 

*****

 

Do you want out-of-this-world support? At KnownHost, our Birmingham, Alabama, support office is staffed 24/7/365 – so that we are here for you day and night. Compare our managed VPS hosting plans.

Read More

What Can You Do with a Virtual Server?

What Can You Do with a Virtual Server?

This article describes what a virtual private server (VPS) is and how it relates to other major technology concepts: virtual private networks, the virtual machine (VM), shared hosting, and dedicated hosting. We then look at especially compelling reasons to use a VPS and a few of the most prominent ways that one can be used.

 

  • Virtual Private Network vs. Virtual Private Server
  • Getting to Know the Virtual Server
  • Strong Reasons for Adopting a VPS
  • Typical Uses of a VPS
  • Managed vs. Unmanaged

 

Virtual Private Network vs. Virtual Private Server

 

Two major concepts that have closely aligned names are the virtual private network (VPN) and the virtual private server (VPS). While both are virtualized and centered on privacy and security, that’s about as far as the similarity goes.

 

VPN: This technology allows you to securely use the internet and connect to private networks (such as a company’s internal one). All traffic is passed through an encrypted tunnel, and each device uses a remote, proxy server – concealing your IP address, what you do, and where you are.

 

VPS: The virtual private server is an advanced, secure way to divide the resources of a physical server (the main host) within a data center. A hosting provider creates VPSs by slicing up one piece of hardware into multiple, independently operating instances.

 

Getting to Know the Virtual Server

 

Perhaps the best way to approach the virtual private server is the idea of a virtual machine. A VM allows you to run an emulation of a computer within your computer, drawing on the resources of the physical one –  disk space, RAM, CPU, etc. This tactic allows you to run an entirely separate operating system (OS) solely for the purposes of the VM, even if its type and version of OS are identical to what’s on your hardware.

 

Because you only are using a portion of the resources for the VM, you can have several of them running on one computer or server, as is common with hosting services. A hosting provider that offers VPS hosting has a vast number of physical servers that each contain multiple virtual machines. While demarcation and intrusion prevention within the physical machine is not a huge concern on your own PC, VPS hosts must have security safeguards in place to ensure isolation of each customer’s server. That’s why the terminology virtual private server is used – to denote the attention paid to privacy and the server programs that are typically loaded onto this type of VM.

 

Strong Reasons for Adopting a VPS

 

Shared hosting, cloud hosting, and dedicated hosting are the three main alternatives to a VPS.

 

Shared hosting: With shared hosting, your site is stored and served from the same physical machine as many other customers – possibly hundreds of them. All domains are drawing from the same CPU, RAM, and other resources.  This type of hosting is the lowest-priced option. However, your site’s speed and reliability suffer from other users, and you don’t get root access.

 

Cloud hosting: This type of hosting is slightly more expensive than shared hosting (similarly priced to VPS hosting). Rather than using a single server to store and load your site, a cloud system distributes resources across many different computers for faster response times. However, this model typically doesn’t give you root access, and its distributed structure presents fundamental security challenges.

 

Dedicated hosting: This format means that an entire physical server is used solely for your site and applications. While you do have all the resources reserved for your own purposes, a dedicated server is substantially more expensive than shared hosting.

The primary reasons that someone will choose a VPS are performance, flexibility, error-proof sandbox, and security. Let’s look at each of those factors:

 

  •  – Performance – When you switch to a VPS, you will get guaranteed resources. That means traffic spikes on other domains stored on the physical server won’t slow down your site.
  •  – Flexibility – A VPS can be considered your own remote computer. While the primary purpose of a VPS for most hosting customers is to serve websites, you can perform any functions on your VPS (within the hosting provider’s guidelines) as you can on a PC.
  •  – Error-proof sandbox – Virtual private servers give you “do-over” potential because they exist within a virtual sandbox. Damaging a virtual server won’t impact the operating system running on the hardware itself. “The VPS can be rebooted or reinstalled without much issue except maybe for lost data (so always keep backups),” notes Joel Lee of MakeUseOf. “On a dedicated host, a mistake could cause permanent damage.”
  •  – Security – Other users within the physical server can’t hack your virtual sandbox and access your VPS through the relatively simple means they can on a shared server.

 

Typical Uses of a VPS

 

Above, we got a basic sense of what a VPS is and factors that make it attractive. Now, let’s look at some of the ways that this route is useful to people on a day-to-day basis:

 

  1. Serving a website

 

The main reason that someone signs up for a VPS is that they need a server through which to run their site. When you adopt one, you should notice that your site is performing better than it was on a shared account (because of the guaranteed allotment of resources). Also, the full root access gives you better control. You are able to install and get rid of whatever programs you want.

 

Example: You can use a VPS to run your e-commerce platform (Magento, WooCommerce, Shopify, etc.). With the stronger resources of a VPS over shared hosting, you have a competitive advantage over many other sites in terms of stability, speed, and general user experience.

 

  1. Hosting a server or business files

 

Sometimes people will use a VPS to run a Minecraft server or host Mumble for private chatting. Businesses will often use it to host media or other files.

 

  1. Testing

Virtual servers are a cost-effective way to test anything before you bring it live. That includes new environments, operating systems, applications, frameworks, or anything else.

 

  1. Torrents

 

You can use a VPS for torrenting, in which case the machine is called a seedbox. By moving your torrent activity to a VPS, you clear out that bandwidth on your local system and designate a 24/7 machine for that purpose.

 

  1. Backups

 

You can also use a VPS for the storage of key files. That’s something that customers will often do if there is extra space available beyond what they need for their primary purposes. Assuming that it’s leftover space, you are able to effectively get free file storage in this way – and it’s within a private environment, so your security is strong.

 

Managed vs. Unmanaged

 

One final key consideration when you look into a virtual private server is whether you want to get an unmanaged or managed VPS plan.

 

If you are unsure which way to go and perhaps don’t feel technically confident with a VPS, “it is recommended that you go with a managed VPS solution,” advises Creativeoverflow. “[I]t is better to go ahead with a specialist hosting company that can manage the technical aspects of your VPS solution.”

 

*****

 

Are you considering a virtual private server to run your website or for any other purpose? At KnownHost, our hosting packages – all of which are managed based on our 15+ years of experience – offer great speed, incredible support, and a 99.9% uptime guarantee. Compare managed VPS plans.

Read More