It is essential as a website owner to understand the importance of securing your website, and just as crucial, how to keep control of this vital asset in your business.
With the constant threat of hackers and data breaches, it is a huge risk and liability issue for your business if you lose control of these four logins, because if you do, you will jeopardize your entire online presence.
These are the four essential logins you must have to maintain control of your business’s entire online presence.
1. Registrar Login
A registrar is where you buy your domain name — such as GoDaddy, the world’s largest domain name registrar. When you buy your domain name, you have ownership over that website address, or more accurately, leasehold over it, until the term runs out. It’s leased on an annual basis, typically $10 to $15 per year. You can pay for multiple years in advance. And you have control as long as it’s registered in your name or your company name.
But don’t let the $10-per-year price point be a meter of value. Your registrar login controls everything. If a third party were to gain control of this one login, they could change the settings for your domain and steal all of your website traffic and emails.
2. DNS – Domain Name System
The DNS is a system for naming computers and network services. It is really just a list of IP addresses and settings for your website, email and other online and internal IT assets.
Your DNS is hosted in one of three places:
- At the registrar (i.e. GoDaddy) where you purchased your domain. (See previous section)
- At the web server where your website’s files and database reside. (See next section)
- Or at a third party.
In terms of third parties, some IT companies like to take control of the DNS management as it makes their jobs easier. Our experience has shown that this is also a strategic move to make it harder for clients of these IT companies to switch IT service providers. So, we tend to recommend not hosting your DNS settings with one of your suppliers.
Instead, we recommend a third party service such as CloudFlare. CloudFlare is a CDN (content delivery network) that provides an extra level of security and some caching functionality to speed up websites. The big benefit for us, our clients, and third party IT providers is it allows us to have a login for just the DNS that we can share without having to provide IT people access to the registrar or server. You need to know where your DNS settings are hosted and ensure that you have access as this gives you the freedom to switch service providers as your business requires.
3. Web Server
The web server is the hardware, the physical computer that stores your website’s data and component files and delivers them to the end-user’s device. It is located in a warehouse somewhere in the world, usually in a data centre location in the United States or Canada.
This server has a login to a user interface that provide capabilities for administrators to control the server/account settings through a standard web browser. Most hosting companies use either the cPanel or Plesk interfaces. Therefore, you need your cPanel or Plesk login to control your website’s server.
Yardstick Services uses WordPress and Joomla as our preferred Content Management Systems (CMS). Every website owner needs to have their administrator (WordPress) or super administrator (Joomla) login. These are user types that have the highest level of permissions with full access to all of the features and functions within the CMS. This is sometimes also called the “backend” of your website.
With these four logins, business owners will not have any issues controlling their assets, switching suppliers, or switching servers, which are all things that inevitability happen as businesses grow and relationships evolve. You need to have these logins so if one of these problems occurs down the road or if you have to make a strategic decision, you won’t be restrained because you don’t have a login.
Q: How do I retrieve my login if I misplaced it or forgot it?
A: All of these systems have an email password recovery process. Because these are critical systems, most of the providers of these services will only send the password to the email that is one file as the account owner or administrator. Therefore, if you register your domain name, it’s important that the email on file is current and in use and can’t be taken away by a staff member.
Undoubtedly you have accumulated numerous “unique” passwords (do not use the same password for multiple sites). Keep them in a safe and secure location; and no, not on a spreadsheet in a folder labeled passwords, or in your little black book (think fire, water damage). Yardstick Services recommends a password manager system that is secure and easily sharable, such as LastPass. LastPass will store all your passwords in an encrypted format, plus they can easily generate random passwords at the click of a button.
If you have any questions about logins or website security for either WordPress or Joomla websites, please feel free to comment below, send an email or give us a call: 604.474.3631.