The recent tsunami of updates and security fixes has once again shown how much work we, as admins and hosting providers, have to do to keep servers reasonably secure and up to date. Most of us probably monitor our servers from an admin point of view: OS updates, DirectAdmin updates, PHP versions, webserver logs, mail queues, security tools, backups, abuse handling, and so on.
But there is another side to this: the customer’s own responsibility inside their hosting account.
Examples I regularly see, or try to prevent, are things like:
So my question is:
Do you actively educate your users about these things?
And if so, how?
For example:
But there is another side to this: the customer’s own responsibility inside their hosting account.
Examples I regularly see, or try to prevent, are things like:
- uploading their own pma or admin tools in a subdirectory and never updating them
- old WordPress installs, themes or plugins
- test sites that are forgotten but still publicly reachable
- outdated PHP versions because “the site still works”
- unmanaged mailboxes, full mailboxes, weak passwords or old forwarders
- nobody checking 4xx/5xx errors until the site is completely broken
- unused domains, subdomains or databases left behind for years.
So my question is:
Do you actively educate your users about these things?
And if so, how?
For example:
- Do you send periodic security or maintenance reports?
- Do you warn users about outdated PHP versions, CMS installs or suspicious files?
- Do you provide a checklist for customers?
- Do you scan hosting accounts and report findings back to the customer?
- Do you enforce cleanup or only advise?
- Do you have any automation around this?
- What actually works in practice, without overwhelming non-technical users?