editione1.0.0
Updated October 9, 2023In some cases you might have had a need for remote access to your actual website server. This might be because a third party was helping you set up the website, and using remote access software was easier for them (rather than giving them access via your account). This remote access usually works in the form of special access, or ports, being opened up on your website server itself. Opening up remote access is not as secret as it might seem—when attackers are scanning the internet for websites to attack, they are also checking to see what other access is opened up.
important With remote access being so different from just logging in via a website, you don’t immediately think about it when it comes to security. Remote access is often configured with just a password. Think of it like putting some heavy-duty locks on your front door, while leaving your windows unlocked. This access needs to be protected to the same degree as your accounts, including a unique password and 2FA.
confusion More often than not, though, it is not you using this access but the people you have hired to help with your website. Make security for this access a rule, and require third parties to follow the rules or their access will be turned off. With IT, there are usually multiple ways to achieve the same goal, so be empowered to challenge your hired IT support when they ask for things to be set up a certain way. Just because they know about IT, doesn’t mean they are security experts. They are often more likely to follow the path of least resistance to help with your website, rather than making it as secure as it can be.
Sadly, there is no central resource or place we can direct you to to get exact step-by-step instructions for performing these security changes. However, the more common platforms and software (such as WordPress, Joomla, Squarespace, Wix) have large communities online that tend to provide guides and help docs. When in doubt, do what any techie would do and Google it. At the end of all of this, your website will be a bit higher up the tree of website security and less likely to get attacked due to common and easy-to-find weaknesses.
Wpmundev’s guide to remote access for Wordpress (using SSH) and how it can be set up (the details may vary depending on hosting provider and setup)
Squarespace’s developer mode allows you to use FTP or Git to edit template files that your website it built on