Archive for the ‘Security’ Category

Give yourself some peace of mind and let your website protect itself from attacks

Friday, March 23rd, 2018

Cyber attacks are on the rise and while large scale attacks are generally aimed at large corporations or nation-states, the more common recipient of these unwanted incursions website owners.

These attacks can result in issues that range from malware infestations to a complete loss of online data. Finding out from your web host or worse, a client, that your website is infecting users computers with viruses, displaying inappropriate material or even down completely is a headache that any business owner would want to avoid. If these issues do occur, there are things can can be done through your host or third party vendors but at that point it can be very expensive to undo any damage.

The better option is to try to avoid the issue in the first place. That ounce of prevention you have heard so much about is soooooo much less trouble than the pound of cure offered up after the fact.

So what can you do? You have a website, sure, but that does not automatically make you techie enough to deal with this kind of issue, right? Wrong! There are some simple solutions out there that are designed for people like you to be able to implement without having to involve the likes of your nerdy, computer geek neighbor, Todd. Sure, his casual wardrobe of vintage Sci-Fi t-shirts and flip-flops is cool but you don’t really want his cheeto-dust covered fingers anywhere near your site if you can avoid it. Doing it yourself does not have to be scary and you have some options.

Integrated protection

For WordPress site owners the answer can be found in the form of a plugin called Wordfence. It is a very robust plugin that will block brute force attacks – that can result in your site being compromised in the first place while at the same time scanning your site for malware on a regular basis to make sure that nothing slipped through. It will even notify you when someone is trying to get in, it finds something wrong or even when your plugins have updates available.

You can search for it right from the add plugin page in you site admin and installing it can be done with the click of a button. After it is installed and activated, the plugin will walk you through things to get you setup right. The out-of-the-box setup works for most sites but you can adjust things however you like simply by checking boxes. Don’t get me wrong, there is plenty of nerdy stuff in there for the Todds of the world to geek out on but with the base settings in place, your site can stay blissfully cheeto-dust free. The base plugin won’t cost you anything and it has all of the features that most site owners need. That said, if you are more of a more-is-more kind of person, they do offer a premium version that includes added features and other support to slake your need to have everything available.

Protection Services

If your site requires a little bit more than a plugin will provide, there are services available to fit your needs. Most web hosts offer some type of this service but if your are going to go that route, I would make sure that you are getting what you need before committing your resources. Some sound good on the surface but when the odoriferous material strikes the oscillating machinery, what it sounded like at first does not always reflect what is provided. When looking into things like this, shop around. I recommend Sucuri.net as an option, especially when comparing services offered directly from your host.

These types of services obviously will never match the low price-point for FREE but they often provide multiple levels of service to to fit your budget. As would be expected, a little more in the way of tech-savvy my be required with these types of services but they generally have support available to explain things or even set things up for you.

No matter whether you are a micro-entrepreneur with a simple site or a business with a more involved web presence, setting your website up to protect itself will save you time and money in the event that you become a victim of any kind of cyber attack.

Show your website some love through regular backups

Wednesday, February 14th, 2018

Once they are setup initially, websites are something that we all take for granted. This casual attitude toward something that is a core component to any business anymore can be problematic, especially in the event that something unforeseen happens.

Just think of all that time you spent developing your site with a designer, writer, marketing consultant or maybe it was all you, all the time. In any case, much time and energy was spent getting your site ready for prime time. Without regular backups all that time could have been for naught in the case of a hosting mishap or worse if you are the victim of the latest malware sweeping the net. WordPress is an awesome platform that works for businesses of any size but as its reach grows (currently 26% of indexed sites), so does the threat posed by possible attack. Automatic does a pretty good job of keeping WordPress ahead of the curve (as do plugin vendors) but if you are not as fastidious as you should be in your updates, breaches can occur and that can be devastating to a site owner.

Malware can be as simple as some kind of redirect added to your site header and it can be as insidious as to infect all files on your site as well as your database content. There are cleaning services that are offered by most hosts but these can be expensive. The better option for most business is to have regular site backups to rely on so you can easily roll things back to a clean state prior to the issue. The more regular the backups, the better chance you will have of not losing anything in the process.

There are a great many backup plugins available for wordpress and they all offer different levels of protection for what you need. When considering one, you need to make sure that it not only can backup everything you need backed up (DB, site files, etc) but it also has the ability to restore things easily. I have used many of these plugins over time and most of them will allow you to back things up easily enough but restoration is a bit more complex.

Of all the plugins I have used, Updraft Plus is hands down, the best across the board. It will not only allow you to backup your database, theme files, uploads and wordpress core files but it allows you to save them locally or on a remote server and is a snap to restore any part or all of the above from each backup it does. The plugin is free for basic use which should be more than enough for most entrepreneurs or small businesses. It also offers a number of individual premium add-ons that can make things easier for cloning and/or migrating your site to another domain, support for network/multisite installations of WordPress, enhanced scheduling or additional remote storage options. There is even a premium option that will allow you to restore from another products’ backup.

Whether you take my advice on using Updraft Plus specifically or not, you should definitely show your website some love with the regular backups it deserves. It will save your sanity in the event of any website based calamity.

In case you are still questioning things, you should simply heed the immortal words of Eric Stratton when he said, “You’d better listen to him, Flounder. He’s in Pre-med.” He was spot on with that advice because you don’t want someone like me to have to doctor your site after a series of unfortunate events or even an individual one.

Remember this mantra and you will be set. Backup early and backup often!

3 Simple ways to help secure your WordPress site

Monday, April 15th, 2013

Website security is not always a major consideration for small businesses but there are a few simple things that can be done to help prevent becoming another statistic when things pop up like the recent Brute Force attacks against WordPress sites.

Admin Account
If you are currently using the “admin” account on your site, we recommend that you change it but this is easier said than done. Although you cannot change a username to something different on the WordPress system you can create a new username and then delete the “admin” account once you are finished. Also keep in mind that email addresses on the system have to be unique so you will need to change the email address associated with the “admin” account before continuing. To convert your existing “admin” account to something different, follow the instructions below:

  1. Login to your WordPress Admin and go to “Users” in the left menu
  2. Find the “admin” account and click to edit.
  3. Once in the account, go down the the email address field and change it to a different address (assuming you want the same email address associated with the new account)
  4. Click “Update Profile” to save the changes to the “admin” account
  5. Once you are out of the account, go to the top of the page (or the side menu if you prefer) and click the “Add New” button
  6. Fill in the new username (anything you like other than “admin”), email address (if you changed the one associated with the “admin” account you can now use your old email here) and Password.
  7. Set your role as “Administrator” in the drop down list
  8. Click the “Add New User” button
  9. Once the account is created you will need to logout of the WordPress Admin and log back in using your new account
  10. After you log back in you will want to go back to “Users” and delete the “admin” account. Make sure during the process that you do not delete the posts associated with the account. You will want to attribute them to your new account instead so you do not lose any ground during this transition.

Strong Passwords
It is recommended that you update your passwords on a regular basis and more importantly to use very strong passwords. Make sure to use a combination of capital and lower case letters along with special characters like !@#$%^ (don’t worry, that was not an cartoon expletive, those are the characters I meant). Using numbers as well is also helpful. The best case is to create something that is easy to remember but hard to guess using a dictionary type attack. An easy way to do this is using elite speak (substituting numbers and special characters for letters in words you can remember). A better way to do this is to get a password logging program like “LastPass” and allow it to automatically generate super secure passwords for you. You create one secure password for the system and then allow it to generate and remember the secure passwords for you.

Plugins
Better account security can always be augmented with plugins that can be added to your site to limit the number of failed login attempts and some that can even allow you to blacklist IPs that are generating brute force traffic. You can go with a simple plugin like Limit Login Attempts that will allow you to set the number of times a user can attempt to login before they are punished for a period of time. You can also go with something more involved like Wordfence that not only limits login attempts but secures files on your site, and will allow you to scan for anomalies in your core WordPress system files and fix them as well as allowing you to blacklist IP’s. Some sites may experience performance issues while using Wordfence depending on their complexity so you will need to test it before you decide to deploy it for the long term

If you do not feel comfortable making these changes to your site on your own, your web developer will likely be happy to help you integrate whatever you need.

However you do things, taking a little time to make these simple changes now can save you some incredible headaches later and will help keep you ahead of the curve for future cyber attacks.