Peter C – Security Blog Wed, 21 Feb 2018 11:42:59 +0000 en-US hourly 1 https://wordpress.org/?v=4.9.6 https://blog.siteguarding.com/wp-content/uploads/2016/07/cropped-Logo_sh_last_2_last-32x32.jpg Peter C – Security Blog 32 32 Mining Malware Detection and Removal Tips / Tue, 20 Feb 2018 15:49:59 +0000 https://blog.siteguarding.com/?p=503 Read More]]> mining trojan

The hidden mining for cryptocurrency is not a new topic, although there are almost no worthy technical instructions for its detection and elimination. There is only a lot of scattered information and articles of doubtful content. Why? Because everyone benefits from mining world-wide cryptography, except, of course, the one who does not get a penny from this and does not even suspect that he has become a part of the global computer network.

How does it work? It’s simple – without the knowledge of the user, for example, when you open any file, the malware mining script is installed, which is connected to one of the mining pools and begins to produce cryptocurrency. Mining pools often choose the most appropriate option for a specific hardware configuration by themselves among them there are: coinhive mining script, monero mining script, Java Script miner.

Payments are made to the information in the “employer” account details, and he has the right to connect to his account any number of PCs, and no one requires him the evidence that they belong to him or their owners have approved this action.

That’s why pools are an ideal option for creating your own mining network (botnet). And they are doing it now (or trying to) all of whom are not lazy – from pros to schoolchildren, regulars of all sorts of “dark forums” with plums of “trouble-free and tested” schemes.

How to detect and remove

If you notice when you visiting any site that your computer has started to make noise and get warm, then most likely there is a hidden mining on this site. Look at the CPU usage statistics, when the processor is mined the processor will be heavily loaded. Then you need to scan the entire system for viruses and malware. However, these measures, which you can undertake by your own, are extremely superficial.

An integrated approach to solve the problem is needed. SiteGuarding.com company solves this problem quickly and effectively.

]]>
Magento vs WordPress: which is the most secure? / Thu, 18 Jan 2018 12:29:33 +0000 https://blog.siteguarding.com/?p=498 Read More]]> magento security

Magento is still the most popular ecommerce platform. It’s known as the most trusted platform with a high functionality and customizability level. WordPress is considered the fastest growing CMS currently. Initially, it’s referred to blogs because its main functionality is aimed at easy blog keeping. By the way, its developers have succeeded in turning it into the perfectly well content management system.

Magento or WordPress? This is a question which like many similar ones have no right answer. It depends on which goals you would like to achieve.

If your primary aim is to sell products via online stores, it will be definitely better for you to choose Magento platform. The truth is this CMS is specially created for trading through the Internet. By the way, if you are not interested in ecommerce and just would like to create and post some amazing contents, WordPress is what you actually need.

WordPress is traditionally famous for its plugins. Besides its own extensions, WordPress is ready to offer multiple third-party plugins. But there is one sad fact. The security of such third parties products is up in the air. And this is the main point you should take into consideration when choosing WordPress for ecommerce.

At the same time, Magento doesn’t need any additional plugins itself. It has the native functionality which is enough for creating secure stores. But as a rule, the owners of major business always try to empower their stores and install different extensions with useful features. By the way, all the Magento plugins meet the highest security requirements.

Security is actually what vendors are worrying about primarily. The first reason is their customers make online payments and they should be ensured their classified information under strong protection. So, what makes Magento the most secure platform for ecommerce?

  • Security patches and timely notification

As Magento security center informs in 2015 they released 7 security patches and two more in 2016. All those who joined to their security alert registry are immediately informed about security updates. So that, vendors are always aware of what else they can do for providing the highest protection of their stores.

  • Free tool for scanning

If you miss some security news or just with a view to prevention you always can scan your Magento website for free. There is a special tool for scanning and detecting vulnerabilities for you to be sure your website is under protection.

  • Availability of multiple security plugins

There is a great number of Magento security extensions. They can estimate limits or block threats, scan vulnerabilities, empower passwords, scan changed files. Some of them can be downloaded from Magento Connect or reliable 3rd party websites.

By the way, you need to be carefully attentive with the Magento 2 extensions and Magento themes. Those of them which are pulled down from the Magento Marketplace/Connect are subject to cyber attack mostly. And it’s also needed to remember about updations and always use updated versions of Magento plugins and Magento templates.

Choosing the perfect option for your business to organize please pay attention to the following fact. Despite WordPress is easy to use, simple to customize and flexible enough, Magento is a key player in the market of ecommerce platforms. The reason is not only its extended functionality which allows creating a store from scratch, the main its advantage is a high level of security.  When it comes to WordPress based websites, they are the most vulnerable for being attacked. There is no reliable protection system compared to Magento which always faces to the payments and personal data storage.

]]>
10+1 Tips How to Improve the Security of Your Magento 2 Store / Tue, 31 Oct 2017 05:48:11 +0000 https://blog.siteguarding.com/?p=492 Read More]]> magento antivirus

Security is the issue that should never be ignored by online merchants. And Magento 2 stores are not the exception to this rule. In this article, we will give you some useful tips how the security of your Magento 2 store can be improved. So, let’s start.

Update Your Magento 2 to the Latest Version

The Magento team regularly releases updates of its platform by adding new features and improving the old ones, in particular, the security issues. So, check for the latest updates from time to time to provide your web store with the latest protection solutions.

Use Reliable Magento 2 Extensions

The reason why Magento 2 extensions are so popular is that they allow enhancing the basic functionality of this platform. However, before installing any extension, make sure that this extension is provided by a truly reliable developer, not some defrauder. In addition, it’s recommended to download Magento 2 extensions from trustworthy resources, such as the Magento Marketplace site.

Create Encrypted Connection

If the data are transferred through an unencrypted connection, there is the risk that this data can be intercepted. However, this problem can be prevented by configuring secure URLs right in your Magento 2 Admin Panel.

To perform the configuration, go to Stores-Configuration. In the Configuration menu, expand the Web option. In the panel opened, find the Base URL (Secure) section and expand it. Here, you can configure the URLs to establish the encrypted connection.

Use Two-factor Authentication

As a rule, a secure Magento 2 password is not the guarantee of complete protection of your store from hacker attacks. Consider using two-factor authentication to further improve the security of your Magento 2 store and protect yourself from password-related risks that may appear in the future.

Create Backup Files

Make sure that you have a backup version of all your web store files in case your store is hacked. The possibilities of Magento 2 allow you to backup the entire database of your site, including the system and media files.

To perform the backup, in your Magento 2 Admin Panel, click on System and choose Backups in the Tools section. In the panel opened, you can manage the backup process of your files. After the configuration is completed, apply changes by clicking on the Save Config button.

Take Care of Your Email Address

Magento 2 automatically configures e-mail addresses through which users can easily recover their passwords. Still, if your email ID was hacked, your Magento 2 store becomes subjected to hacker attacks. So, make sure that the email address given by Magento is not publicly known (change it if needed) and protected with the two-factor authentication.

Limit Admin Access

To ensure that the Admin Panel of your store can be accessed from a particular IP address, just restrict the admin access in your Magento 2 settings. First, click System in your Magento 2 Admin Panel and choose User Roles in the Permissions section. In the panel opened, you can manage user roles in your store by clicking on the Add New Role button and ascribing the corresponding roles for particular user IDs.

Enable Admin Login CAPTCHA

CAPTCHA is the technology that prevents hackers and even bots from accessing the database of your site. You can enable this technology in your Magento 2 Admin Panel.

First, click on Stores in the Admin Panel and choose Configuration in the Settings section. In the Configuration menu opened, expand the Advanced section and choose Admin. On the page opened, expand the CAPTCHA section. Here, you can enable the CAPTCHA feature for your web store and configure its settings. Don’t forget to save the configured settings by clicking on the Save Config button.

Configure Action Log

If you use Magento 2 Commerce Edition, you can track the store admin activity through the Action Log feature. To enable the feature, in your Magento 2 Admin Panel, open Stores and choose Configuration in the Settings section. In the menu opened, expand the Advanced tab and choose Admin.

In the window opened, expand the Admin Actions Logging section. Here, you can configure the Action Log settings. When the configuration is completed, save changes.

Use Security Review Services

Magento security experts can give you useful recommendations on how to increase the protection of your store. Still, their tips do not always help to solve all the issues that you are dealing with. That’s why it’s recommended to use special services for analyzing web sites for potential security breaches at least once a year. By performing such checks, you can decide how the security of your store can be further improved.

Bonus Tip

The Magento 2 community, which always ready to help you with any security issues you face, grows constantly. What’s more important is that community members regularly release security reports related to the latest versions of Magento 2. So, visit Magento Forums to provide yourself with the latest Magento 2 security information!

Conclusion

The protection of a web store from hacker attacks should be the number one priority for Magento 2 store owners. Use the tips given in the article to enforce your site’s protection and leave no chance for hackers that may try to breach your security.

]]>
6 Tips How To Improve Magento Security / Sat, 07 Oct 2017 21:34:51 +0000 https://blog.siteguarding.com/?p=488 Read More]]> magento security

While working with a Magento-based website you will be surprised by the number of built-in security features. But safety is a vital point and additional measures to make your website safer are at the stake. Let’s check what I suggest:

  1. Try to be ahead of Magento security updates. Magento developers are working off their socks to provide merchants with more powerful safety system. They try to consider all possible risks and prevent they happen. As a result new Magento versions are stuffed with features and software to snatch detected security risks.
  2. Don’t be rash! Try to avoid simple passwords included your data birth and others the same. Use random letter and figure combinations and change it regularly from time-to-time. And don’t use the same or a little bit similar passwords for your multiple accounts. This is the best thing that prevents you despite what CMS you apply to each your account doesn’t refer to your store.
  3. If you are happy owner of large business, you need more people engaged into store operation. It considerably increases the risk to be broken. It’s a mistake to provide an access to all administrative staff. It’s more reasonable they use different user accounts.
  4. In the ocean of Magento extensions, try to choose exceptionally checked extensions developers. It’s good to test something new. In general an experiment is the best way to select the most suitable things. But remember that when security is at a stake it’s better to pass by any experiments and choose well-tried products.
  5. You know that bugs (equipment failure, staff mistakes, force majors and etc.) are killing business. In this light you always should have your data backup. The perfect thing when you make more than single backup and regularly take your website data backups. It will play directly into your website restore in case of security break.
  6. Let two-factor authentication become a habit. The random password is good but it doesn’t guarantee experienced hackers detect a well-made password ever. Sending a login code to a mobile device is good and prevalent practice. It provides your store are protected from unauthorized login case.

What other measures may be taken to keep a website protected? I’m looking forward to your personal recommendations! See you soon!

]]>
Ways to Avoid the Google Spam Filter / Sat, 13 May 2017 10:46:46 +0000 https://blog.siteguarding.com/?p=404 Read More]]> google spam

Google’s infamous spam filter has weeded out a lot of junk on the internet, but it has also weeded out a lot of quality sites that were guilty of nothing more than improper SEO tactics.

Google Webmaster Tools does let you know when you have been flagged for certain errors, but it doesn’t necessarily let you know if you are being put through Google’s spam filter. Luckily, Google has given you plenty of tips for avoiding the spam, but it is up to you if you follow them or not.

Keyword Stuffing Should Never Be Used

You aren’t earning your website any good ranks or favors by stuffing keywords. Google has made it clear that if you stuff your meta descriptions, content and tags with keywords, you are going to be flagged by their spam filter. The same goes for using irrelevant keywords just to rank. Use relevant keywords at a healthy density — no more than five percent.

Don’t Commit Redirects

Usually redirects are going to get you in trouble. While some redirects are unavoidable, that will turn Google spam filters on to your site. Some things to avoid with redirects include:

  1. Using unnecessary redirects — especially if you are redirecting someone from the homepage that just showed up on the search engine results page.
  2. Using splash pages as a way to replace the homepage URL.
  3. Using expired domains that had high traffic in the past just to redirect users to your own irrelevant, poor quality content.

Avoid All Bad Linking Activities

While the use of links can be beneficial to your readers, such as directing them to a relevant blog post on your site for further reading, most links just get you into trouble with Google. Google has made it clear they want high quality, relevant linking practices on sites, so:

  1. Stop using “click here” or “read more here” as your anchor text for links. These types of phrases instantly turn on Google spam to your site.
  2. Don’t use any link farm practices or link exchanges — whether they are relevant or not.
  3. Don’t use unclear anchor text to direct readers to other sites — such as using unclear text to send them to your affiliate marketing page.
  4. Don’t buy or participate in link sponsorship programs of any kind.
  5. Don’t link to off topic sites.

Google spam could ruin your site’s rank if you’re not careful. By just following good SEO practices, you can avoid being tossed into the “spam” file. Even if you are considered spam, by taking the time to correct the errors you might be able to recover your site’s bad status.

]]>
Never Host Multiple Domains on One Hosting Account / Tue, 14 Feb 2017 09:29:42 +0000 https://blog.siteguarding.com/?p=393 Read More]]> secure hosting

That’s my rule of thumb. If you want to know why, when there are exceptions, and how to best manage multiple domains, then you should read this article.

Hosting companies are quick to sell you on the idea of hosting multiple domains on a single account. And webmasters are quick to do the math: $10 per month for 5 websites is cheaper than 5 x $10 per month. Well, you should know that there is a danger in this kind of thinking.

The way multiple domains work is they’re in separate folders within the root directory of your hosting account. And that means if a hacker gets into your account, they can access all of those folders. All your sites can be compromised at a single stroke. So all what hacker need is just an access to one of your websites.

If each domain is in a separate hosting account, you’ve isolated the individual sites. Assuming that you’ve got strong passwords on each account, that’s a lot of extra work for the hackers to do the damage they could do in a single account with multiple domains. This is why we at Siteguarding never keep multiple domains on the same hosting account. We always create a separate hosting account for each your website.

Some will argue that simply having good backups is enough and if your site gets hacked you can just restore all the domains with the backup. But most hacking isn’t about crashing sites – it’s about using sites to generate fake pages to scam search engines or to scrape data from your files and visitors or to send out spam emails. All of which can be happening without you knowing. Backups are only of use once you find out the hack has taken place, which may be long after the damage is done.

Others will argue that it’s easier to maintain multiple domains from a single account, but really, how often do you need to access your hosting account? Creating or deleting email account is probably the most common use, and for most small businesses, that doesn’t happen very often. It may take a little extra time and organization to maintain separate hosting accounts, but again, it’s very little compared to the danger of exposing multiple sites to a single hack.

]]>
WordPress Security and Website Antivirus / Fri, 16 Dec 2016 08:50:02 +0000 https://blog.siteguarding.com/?p=388 Read More]]> website security new

In this article, we take a look at the importance of WordPress security and some of the basics of keeping your WordPress website secure. With the technology industry ever-growing, more and more hackers are praying on vulnerable websites and with that, WordPress security is as important as ever. If you don’t take the time to set up your website security in a way which not only protects your website, but protects the data flow between your website and your visitors, then you are putting a lot of things at risk. Not only that, but you are leaving your website open to unauthorized users who can cause some serious damage. So with that in mind, let’s jump right in.

Website Backups

Before we dig into how you are able to protect your website, let’s first discuss website backups. Nobody likes to imagine suffering from data loss. It’s bad enough to lose valuable data, but it’s worse if you don’t have a backup to retrieve that data.

If you were to fall victim to WordPress hacking, you never know what the hacker’s intention is. Whether it’s to obtain data or to simply cause mischief; you simply won’t know.

With this, it’s a good idea to take a backup of your website’s data at least once a week so that if something does go wrong, you can simply restore the backup and have as little data loss as possible.

How to Keep Your WordPress Website Secure

Below are some of the best ways possible to keep your WordPress website secure, none of which requires too much technological knowledge.

Updating WordPress. This is the number one basic step to take to keep your website secure. While many opt to have WordPress update automatically, if you are on the other side of it then it’s important that you update your WordPress when prompted. WordPress updates often contain security updates based on issues that they have found or have been found and by not keeping your website up to date, you’re willingly putting your website at risk.

Plugins. Not only should you keep your plugins up to date, similar to keeping WordPress up to date, but on top of that there are several security plugins available for free use. The most common WordPress security plugin is Website Antivirus; a necessity to maintaining a secure website. Although there are premium plugins out there, the free version is more than enough.

Using Clef. Clef is one of the newest and securest resources out there. Not only does it work alongside WordPress to ensure a secure account login, but it can be used for many other services too. With Clef, you are removing the need to enter a password thus eliminating the risk of your password being obtained through keylogging.

Setting Up WordPress. When initially setting up the WordPress platform, there are a few things that you can do to further benefit your security setup. A few of these things are:

  • Change the default database prefix. By default, it is “wp_”, although this makes it easier for hackers to pinpoint your table name.
  • Change the login page. Rather than the standard domain.com/wp-admin/ login page, change it to something that only the required administration will know. On top of that, customize the page to make it somewhat different to the default page. By doing so, you are making it harder for bots to target your logins.
  • Have someone else setup WordPress for you. Lastly, if you aren’t sure on how to set up WordPress from a secure standpoint, have someone else take a look at it for you. There’s no shame in asking for help!

To Conclude…

Taking everything that we’ve discussed here into account, there’s no reason for you not to take the time to secure your WordPress website. Not only does it take only a short amount of time to do, but by securing your website there are absolutely no downsides in doing so. You are benefiting yourself, and you are benefiting your users.

]]>
WORDPRESS SECURITY AUDIT / Fri, 16 Dec 2016 07:51:50 +0000 https://blog.siteguarding.com/?p=380 Read More]]> wordpress security

You probably don’t know this, but every day, there are probes trying to get into your WordPress account; they are always searching for security weaknesses and if you fail to do some WordPress security audit on your site, you never can tell, they might eventually get it. These probes are generally looking for weaknesses, and most times, the location of your webmail or your website’s MySQL database. There are chances that they might also be looking for a previous hacker’s file located on your website server space in order to gain full control of your website.

Therefore, the security of your website falls in your hands. So, if you are there thinking the security of your website is the responsibility of your hosting provider, then you need to have a rethink. Your website host, WordPress in this case, is majorly concerned about the security of their servers and all of the applications they run on them. They don’t care a bit about the scripts and applications you run.

Since the people probing your website barely use an IP address more than once, it will be difficult for you to block them by banning their IP addresses from gaining access to your website. Probes use different proxy servers and different names; some common ones include, Toata, Wantsfly and Morfeus. In one session, a typical probe can take up to 50 attempts in order to locate different combinations of directory folder names or common locations. So, in order to minimize the risk of the probes getting what they want, you need to run a WordPress Security Audit.

One of the most effective ways to do this is to utilize the services of the WordPress security exploit scanner plugin.

WORDPRESS VIRUS SCANNER

This plugin is one of the best scanners when it comes to detecting signs of suspicious activity on your website. It scans every database and file, searching for compromised files that have been uploaded or left on your website by hackers. To keep your website safe you have to scan website for malware at least once a week. Hackers leave a trail of modified contents and scripts whenever they compromise a website. These contents and scripts can be found by searching through every file on the website, manually. Some methods used by hackers to hide their spam links or codes are very obvious. For instance, they make use of CSS to hide text; these strings are the things we can search for. Contents can also be hidden in the database, and codes can also be run in the database. Spam links are sometimes placed amongst the comments and also on blog posts. Search engines will notice them but the visitors of your website will not see them because they are hidden by CSS. In an attack launched on WordPress some time ago, hackers exploited the WP plugin system in order for them to run their own codes. Files with the extension of image files were uploaded and added to the list of active plugins. Therefore, despite the fact that the files didn’t have a .php extension, the codes that had been written in them were still able to run.

This plugin goes through your website and tries to bring out all of these changed database records and files. It is the perfect plugin for the audit of your WordPress.

CHECKING YOUR WEBSITE’S SECURITY?

One easy way to check WordPress security is to check WordPress’ stats for 404 file not found errors. If you notice a lot of errors for file locations and files that literally don’t exist on your website, then your site is being probed for weakness that could be exploited. You need to make routine checks of your own website folders and file so as for you to determine the ones that you haven’t installed. If you should find anything, make sure to first check with your website host in order to ascertain that they haven’t installed what you found before deleting them. Sometimes these files cannot be deleted by you, you will need the help of your site’s administrator in order to delete them.

]]>
How to Clean Website Malware / Thu, 03 Nov 2016 04:10:26 +0000 https://blog.siteguarding.com/?p=371 Read More]]> website malware clean

Do you suspect a hacker attacked you? Are now thinking on how to clean my website from malware? You got to the right place. We will explain to you how to clean up malware for inexperienced users. Every day hackers get into websites and block to infect them to spread more infections.

There are some other more complex cases, in which other features are exploded. A deeper technical knowledge is needed to get rid of those menaces. To enhance your security is important once your site has been compromised. You can follow some security best practices on password protection, form filling, and security updates.

Unfortunately, that is not enough for advanced hackers. They already know how to go around most security measures to break a site. Advanced protection like antivirus for websites and continuous monitoring services is advisable.

The Hidden Menace

Hackers are aware of people looking for strange things embedded on their web pages. The suspicious text will immediately lead to looking on how to clean my website from malware, and then they won’t be able to use that particular site anymore.

Even novice hackers will use a particular attribute to display malicious links. The display=none attribute will prevent visitors and site owners from finding the intruder links. Nobody looks for how to clean up malware until they have irrefutable evidence of a problem.

A naked human eye cannot see the malicious links, but search engine bots can. You can get de-indexed from search engines like Google if such links are found. It is easy to find the unwanted links, but you have to look for them. Here is what you should do:

  1. Open your source code on a web browser.
    • Most browsers let you go to the Page Source under the View menu.
  2. Check for the and tags for strange links.
  3. Look for links next to the “display=none” attribute.

If you know your code, then you will quickly identify the links that should not be there. If this is the first time you are looking at it, the malicious code will usually lead to porn or gambling websites. You can check the links you found or if they are obvious, just ban them.

To remove the unwanted links, you have to change the existing files, eliminating the unwanted links. Once you have changed it, double check if the links are really gone. If you have not identified the source of the infection, it is a good idea to change your admin password. Make it a strong one to avoid further intruders inside your site. Also, change the FTP password and set the file permission (chmod) attributes to read only.

To make a fresh installation of WordPress or any other software you are using to manage your site is advisable. This will ensure no injected files were left in the previous attack. But again, there might be a security issue left.

All these actions might prevent further intrusions to your website. However, some other vulnerability could have been exploded. Check if you have the most recent updates and look in a couple of days if your code is free of unwanted links. Take another week before you can declare victory over the links you just eradicated. If the problem continues, it is best to look for professional help.

Google’s Diagnosis

To identify if you need to clean up malware from your site, you can look at Google’s diagnosis from your website. Google ranks if it is safe to browse on your web page. To view your report, go to the following place:

http://www.google.com/safebrowsing/diagnostic?site=[SITE NAME]

Before you enter the address in your browser, change the [SITE NAME] to your site address. You will be able to know if you need assistance on cleaning website from malware, but Google will not display the sort of malware you have been attacked. You can try to scan your website with our free scanner or use Norton free scan. You can make a free website scan here:

https://www.siteguarding.com/en/sitecheck

http://safeweb.norton.com/

If you have a problem, our scanner will give you the solution. Norton has a broad range of products for end users and websites.

Closing Advice

Every malware is different, and you should get professional help who know how to clean up malware. Most times, when a site has been compromised, there are symptoms you can see. However back doors can be left even after you have cleaned your site from those symptoms.

It is important to contact the experts and get a deep cleaning. Get them to continuously monitor your web page. Even if there are no visible symptoms, and you just have occasional low performance, you can be infected. Hackers use your computer power to host sites, redirect traffic, commit fraud, send spam or any other possible criminal activity you can think of. They might not want to address you or your visitors, and those are the worse infections.

To remain unseen is the objective when your website is used for criminal activity. It can lead to legal issues to the rightful owner. While the investigations are taking place, your site might be closed, and you will lose ranking and traffic. It is better to prevent than regret. Besides following the best practice on security for websites, get a professional company to monitor your page.

]]>
How to Protect Your Website From Hackers / Wed, 26 Oct 2016 13:50:21 +0000 https://blog.siteguarding.com/?p=363 Read More]]> hack-blog

One of the biggest false beliefs circulated in the internet ownership and website security community is that “your site is not a big one, so there’s nothing worth being hacked for”. This particular belief has always led to dismay, because to the site owner’s surprise, he/she gets hacked and may lose everything. In fact, this popular belief may actually be propagated by hackers, because it creates laxity in the web owners, keeping their guards down and making their defenses exploitable. The truth is that websites get hacked all the time, size and function do not matter at all.

Majority of security breaches are not necessarily attempts to steal your data or deface your website, but are devious attempts at turning your server into an email relay for spam or to a temporary web server, usually to serve illegal files. In this article we will try to give you some tips on how to protect your website from hackers.As terrible as this may seem, keeping these people at bay is very possible and all requirements for this are of extreme importance. There are a few fundamental actions you can take to keep your site out of sight to these website vandals and make sure it takes a lot of hard work for hackers to find your website.

Update Everything You Have

Whether you’ve created a DIY site on a third party turnkey platform or chose to build from scratch with your development team, as a site owner, you must make sure that every piece of software run by you is up to date. CMS providers like Joomla, Ilk and WordPress stay on constant guard, continuously scouring for holes to plug in their systems and hit the internet with regular patches and updates to ensure that their software is impervious to attacks. Make sure you run these updates and always have the most recent version supporting your site at all times.

If your site uses third party plug-ins, you should stay updated with information about their updates and make sure all are implemented in a timely fashion. Lots of sites often make the mistake of including plug-ins that fall into disuse with time. Ensure that you do regular cleanups, wipe out all unused, old and non-updated plug-ins, they pose the threat of being a gateway for hackers to exploit and wreck your site.

Reinforce Security Around Your Site

Just as you install antivirus on your desktop before browsing the web and securely lock your doors before leaving your house, you should also install a security system to be your site’s first line of defense against malicious attacks by hackers. This first line of defense is always a web application firewall. These are designed to inspect incoming traffic, identify and sift out malicious requests, protecting your website from SPAM, cross site scripting, brute force attacks and other high level threats. You can take a look at website antivirus we offer.

A few years ago, web application firewalls were solely hardware appliances but quite recently, a few providers of Security-As-a-Service (SecAaS) have begun to use cloud hosting technology to water down the prices of security solutions. As a result of this, all website owners can now rent a cloud based web application firewall without costly security appliances or even a dedicated hosting server. Better yet, you won’t need a course in website security or hire security experts to utilize these services.

With a huge amount of websites getting hacked every year, it has become obvious that hosting providers cannot efficiently handle all website security threats and the rise of cloud based web application firewalls is quickly filling its void.

HTTPS

Hyper Text Transfer Protocol Secure (HTTPS) is a secure communications protocol that transfers sensitive information between a web site and a web server. Moving your website to this protocol definitely means adding an encryption Transport Layer Security (TLS) or a Secure Sockets Layer (SSL) to your HTTP ensuring extra security from hackers for yours and your users’ data.

Although HTTPS is necessary for all online transactions, the ratio of sites that run on HTTP outnumbers them 100’s: 1. Currently, adding a secure protocol layer won’t only guarantee security, it will help search ranking as GOOGLE has recently announced that HTTPS will be taken as a ranking factor.

Use Strong Passwords And Change Them Regularly

Brute force attacks work mainly by guessing username/password combinations. These have been reported to be on an alarming rise in the last two years as thousands of attacks are detected every day across the web. Brute force and dictionary attacks can be effectively eliminated by using strong passwords. Strong passwords aren’t just important for only email and financial transactions; they are even doubly important for your website server, admin and database passwords.

What makes up a strong password? A strong password should be a combination of alphanumeric characters, upper and lower case letters and symbols and should be at least 12 characters long. A combination like this can prevent brute force attacks.

Passwords should also not be the same for all website logins. Change your passwords regularly to ensure breach-proof security and store users’ data in an encrypted form. This way, if your security is breached, there’s no way your attackers can steal your users’ information.

Conceal Your Admin Directories

One of the easiest ways hackers access your site’s data is by heading straight into your admin directories.

The scripts used by hackers scan directories on your web server looking for names like, ‘admin’, ‘login’ or ‘access’ etc. then focus all their energy on accessing these files to compromise your website security. Most popular CMS’s give you total control over names of your directories; a great idea would be to rename your admin folders. Pick names that would make these folders inconspicuous and communicate it only to your webmasters. This method can greatly reduce the risk of a potential breach.

One fact that every business owner knows and understands is that, “your reputation is everything”, therefore no cost can be too much as long as it secures your website and safeguards your reputation.

]]>