The number of things to think about when setting up your website is tremendous. Many of them are contingent plans that won’t bear fruit immediately but might save your hide later down the line. Backup is one such example. Others will silently protect your site in the background, and you’ll never even notice how much they’re helping. A good firewall fills this role. And then there are some things that you won’t use immediately, but which will help you down the line. And they need to be set up in advance. Thinking about how to access your site securely from anywhere falls into this category.
It might seem low on your priority list. But it’s one of those things that are important, but not necessarily urgent. As a result, it’s easy to keep postponing it until the time comes when you need to make changes on your site from an unfamiliar location. And that’s when you could be in danger. In this article, let’s go over the dangers of not having a solution in place, and what you can do about it.
Why You Need a Plan to Access your Site Securely
If you find yourself in a Starbucks on public WiFi, it goes without saying that you should have an encrypted tunnel to your site that no one can snoop on. To an extent, this is mitigated with HTTPS encryption, but it’s also a bit dicey relying solely on HTTPS to protect you. For one, your SSL protection might be incomplete. I’ve seen some sites have admin pages over plain HTTP! Solutions like HSTS can help, but it’ll simply not allow you to access your site without HTTPS. If you need to make changes urgently, it’s not a solution.
Do NOT Use Plain FTP!
Under no circumstances, should you EVER use vanilla FTP to connect to your site. With FTP, your passwords are sent in plaintext over the Internet. If you happen to be using airport WiFi, for example, connecting to your site via FTP is begging to be hacked.
So here are some ways to securely access your site from remote locations anywhere in the world.
Method 1: Use a Paid VPN
The most secure way to access your site on an untrusted network is to use a VPN service. A VPN creates a secure connection between your device and a remote server, which then connects to the destination site using a secure channel. This trusted connection is encrypted to prevent snooping even on open WiFi networks.
Now it must be mentioned that this requires placing your trust in the VPN company itself. Which is why I suggest you stay away from any “free” VPNs that have an incentive to try and do shady stuff like insert advertisements or snoop on your traffic.
Running your own VPN is Best – But Complicated
Ideally, you would spin up your own VPS and create a VPN using that. Since the remote server belongs to you, it can be trusted implicitly. Unfortunately, setting up a VPN network on a server by yourself isn’t for everyone. In the absence of such expertise, you should sign up for a VPN service. Here are a few reliable VPN services you can use:
- Cloudflare’s WARP
- Private Internet Access
- Mozilla VPN
There are plenty of others, of course, but these are the ones I trust.
Method 2: Use SFTP to Access your Files
If you need to access your server files, then you have two secure options:
- Using your web host’s file manager
All web hosts will have an admin panel (often cPanel), that will have a secure way for you to access your files. But the interface can be a bit clunky, as well as take time to connect. For a better long-term solution, I suggest you use SFTP. Here’s a NameHero tutorial on how to set up SFTP. It’s a bit of an involved process, so follow the instructions carefully!
Bottom Line: Think Ahead When it Comes to Security
The moral of the story is that you should always have a plan for semi-common situations when it comes to security. Accessing your site from unknown and untrusted networks is always a risk, and requires an explicit, previously thought-out strategy. Hopefully, the pointers in this article will help keep your site secure!
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!