Peter C – Security Blog https://blog.siteguarding.com Tue, 31 Oct 2017 05:48:11 +0000 en-US hourly 1 https://wordpress.org/?v=4.7.4 https://blog.siteguarding.com/wp-content/uploads/2016/07/cropped-Logo_sh_last_2_last-32x32.jpg Peter C – Security Blog https://blog.siteguarding.com 32 32 10+1 Tips How to Improve the Security of Your Magento 2 Store https://www.siteguarding.com/security-blog/101-tips-how-to-improve-the-security-of-your-magento-2-store/ Tue, 31 Oct 2017 05:48:11 +0000 https://blog.siteguarding.com/?p=492 Read More]]> magento antivirus

Security is the issue that should never be ignored by online merchants. And Magento 2 stores are not the exception to this rule. In this article, we will give you some useful tips how the security of your Magento 2 store can be improved. So, let’s start.

Update Your Magento 2 to the Latest Version

The Magento team regularly releases updates of its platform by adding new features and improving the old ones, in particular, the security issues. So, check for the latest updates from time to time to provide your web store with the latest protection solutions.

Use Reliable Magento 2 Extensions

The reason why Magento 2 extensions are so popular is that they allow enhancing the basic functionality of this platform. However, before installing any extension, make sure that this extension is provided by a truly reliable developer, not some defrauder. In addition, it’s recommended to download Magento 2 extensions from trustworthy resources, such as the Magento Marketplace site.

Create Encrypted Connection

If the data are transferred through an unencrypted connection, there is the risk that this data can be intercepted. However, this problem can be prevented by configuring secure URLs right in your Magento 2 Admin Panel.

To perform the configuration, go to Stores-Configuration. In the Configuration menu, expand the Web option. In the panel opened, find the Base URL (Secure) section and expand it. Here, you can configure the URLs to establish the encrypted connection.

Use Two-factor Authentication

As a rule, a secure Magento 2 password is not the guarantee of complete protection of your store from hacker attacks. Consider using two-factor authentication to further improve the security of your Magento 2 store and protect yourself from password-related risks that may appear in the future.

Create Backup Files

Make sure that you have a backup version of all your web store files in case your store is hacked. The possibilities of Magento 2 allow you to backup the entire database of your site, including the system and media files.

To perform the backup, in your Magento 2 Admin Panel, click on System and choose Backups in the Tools section. In the panel opened, you can manage the backup process of your files. After the configuration is completed, apply changes by clicking on the Save Config button.

Take Care of Your Email Address

Magento 2 automatically configures e-mail addresses through which users can easily recover their passwords. Still, if your email ID was hacked, your Magento 2 store becomes subjected to hacker attacks. So, make sure that the email address given by Magento is not publicly known (change it if needed) and protected with the two-factor authentication.

Limit Admin Access

To ensure that the Admin Panel of your store can be accessed from a particular IP address, just restrict the admin access in your Magento 2 settings. First, click System in your Magento 2 Admin Panel and choose User Roles in the Permissions section. In the panel opened, you can manage user roles in your store by clicking on the Add New Role button and ascribing the corresponding roles for particular user IDs.

Enable Admin Login CAPTCHA

CAPTCHA is the technology that prevents hackers and even bots from accessing the database of your site. You can enable this technology in your Magento 2 Admin Panel.

First, click on Stores in the Admin Panel and choose Configuration in the Settings section. In the Configuration menu opened, expand the Advanced section and choose Admin. On the page opened, expand the CAPTCHA section. Here, you can enable the CAPTCHA feature for your web store and configure its settings. Don’t forget to save the configured settings by clicking on the Save Config button.

Configure Action Log

If you use Magento 2 Commerce Edition, you can track the store admin activity through the Action Log feature. To enable the feature, in your Magento 2 Admin Panel, open Stores and choose Configuration in the Settings section. In the menu opened, expand the Advanced tab and choose Admin.

In the window opened, expand the Admin Actions Logging section. Here, you can configure the Action Log settings. When the configuration is completed, save changes.

Use Security Review Services

Magento security experts can give you useful recommendations on how to increase the protection of your store. Still, their tips do not always help to solve all the issues that you are dealing with. That’s why it’s recommended to use special services for analyzing web sites for potential security breaches at least once a year. By performing such checks, you can decide how the security of your store can be further improved.

Bonus Tip

The Magento 2 community, which always ready to help you with any security issues you face, grows constantly. What’s more important is that community members regularly release security reports related to the latest versions of Magento 2. So, visit Magento Forums to provide yourself with the latest Magento 2 security information!

Conclusion

The protection of a web store from hacker attacks should be the number one priority for Magento 2 store owners. Use the tips given in the article to enforce your site’s protection and leave no chance for hackers that may try to breach your security.

]]>
6 Tips How To Improve Magento Security https://www.siteguarding.com/security-blog/6-tips-how-to-improve-magento-security/ Sat, 07 Oct 2017 21:34:51 +0000 https://blog.siteguarding.com/?p=488 Read More]]> magento security

While working with a Magento-based website you will be surprised by the number of built-in security features. But safety is a vital point and additional measures to make your website safer are at the stake. Let’s check what I suggest:

  1. Try to be ahead of Magento security updates. Magento developers are working off their socks to provide merchants with more powerful safety system. They try to consider all possible risks and prevent they happen. As a result new Magento versions are stuffed with features and software to snatch detected security risks.
  2. Don’t be rash! Try to avoid simple passwords included your data birth and others the same. Use random letter and figure combinations and change it regularly from time-to-time. And don’t use the same or a little bit similar passwords for your multiple accounts. This is the best thing that prevents you despite what CMS you apply to each your account doesn’t refer to your store.
  3. If you are happy owner of large business, you need more people engaged into store operation. It considerably increases the risk to be broken. It’s a mistake to provide an access to all administrative staff. It’s more reasonable they use different user accounts.
  4. In the ocean of Magento extensions, try to choose exceptionally checked extensions developers. It’s good to test something new. In general an experiment is the best way to select the most suitable things. But remember that when security is at a stake it’s better to pass by any experiments and choose well-tried products.
  5. You know that bugs (equipment failure, staff mistakes, force majors and etc.) are killing business. In this light you always should have your data backup. The perfect thing when you make more than single backup and regularly take your website data backups. It will play directly into your website restore in case of security break.
  6. Let two-factor authentication become a habit. The random password is good but it doesn’t guarantee experienced hackers detect a well-made password ever. Sending a login code to a mobile device is good and prevalent practice. It provides your store are protected from unauthorized login case.

What other measures may be taken to keep a website protected? I’m looking forward to your personal recommendations! See you soon!

]]>
Ways to Avoid the Google Spam Filter https://www.siteguarding.com/security-blog/ways-to-avoid-the-google-spam-filter/ Sat, 13 May 2017 10:46:46 +0000 https://blog.siteguarding.com/?p=404 Read More]]> google spam

Google’s infamous spam filter has weeded out a lot of junk on the internet, but it has also weeded out a lot of quality sites that were guilty of nothing more than improper SEO tactics.

Google Webmaster Tools does let you know when you have been flagged for certain errors, but it doesn’t necessarily let you know if you are being put through Google’s spam filter. Luckily, Google has given you plenty of tips for avoiding the spam, but it is up to you if you follow them or not.

Keyword Stuffing Should Never Be Used

You aren’t earning your website any good ranks or favors by stuffing keywords. Google has made it clear that if you stuff your meta descriptions, content and tags with keywords, you are going to be flagged by their spam filter. The same goes for using irrelevant keywords just to rank. Use relevant keywords at a healthy density — no more than five percent.

Don’t Commit Redirects

Usually redirects are going to get you in trouble. While some redirects are unavoidable, that will turn Google spam filters on to your site. Some things to avoid with redirects include:

  1. Using unnecessary redirects — especially if you are redirecting someone from the homepage that just showed up on the search engine results page.
  2. Using splash pages as a way to replace the homepage URL.
  3. Using expired domains that had high traffic in the past just to redirect users to your own irrelevant, poor quality content.

Avoid All Bad Linking Activities

While the use of links can be beneficial to your readers, such as directing them to a relevant blog post on your site for further reading, most links just get you into trouble with Google. Google has made it clear they want high quality, relevant linking practices on sites, so:

  1. Stop using “click here” or “read more here” as your anchor text for links. These types of phrases instantly turn on Google spam to your site.
  2. Don’t use any link farm practices or link exchanges — whether they are relevant or not.
  3. Don’t use unclear anchor text to direct readers to other sites — such as using unclear text to send them to your affiliate marketing page.
  4. Don’t buy or participate in link sponsorship programs of any kind.
  5. Don’t link to off topic sites.

Google spam could ruin your site’s rank if you’re not careful. By just following good SEO practices, you can avoid being tossed into the “spam” file. Even if you are considered spam, by taking the time to correct the errors you might be able to recover your site’s bad status.

]]>
Never Host Multiple Domains on One Hosting Account https://www.siteguarding.com/security-blog/never-host-multiple-domains-on-one-hosting-account/ Tue, 14 Feb 2017 09:29:42 +0000 https://blog.siteguarding.com/?p=393 Read More]]> secure hosting

That’s my rule of thumb. If you want to know why, when there are exceptions, and how to best manage multiple domains, then you should read this article.

Hosting companies are quick to sell you on the idea of hosting multiple domains on a single account. And webmasters are quick to do the math: $10 per month for 5 websites is cheaper than 5 x $10 per month. Well, you should know that there is a danger in this kind of thinking.

The way multiple domains work is they’re in separate folders within the root directory of your hosting account. And that means if a hacker gets into your account, they can access all of those folders. All your sites can be compromised at a single stroke. So all what hacker need is just an access to one of your websites.

If each domain is in a separate hosting account, you’ve isolated the individual sites. Assuming that you’ve got strong passwords on each account, that’s a lot of extra work for the hackers to do the damage they could do in a single account with multiple domains. This is why we at Siteguarding never keep multiple domains on the same hosting account. We always create a separate hosting account for each your website.

Some will argue that simply having good backups is enough and if your site gets hacked you can just restore all the domains with the backup. But most hacking isn’t about crashing sites – it’s about using sites to generate fake pages to scam search engines or to scrape data from your files and visitors or to send out spam emails. All of which can be happening without you knowing. Backups are only of use once you find out the hack has taken place, which may be long after the damage is done.

Others will argue that it’s easier to maintain multiple domains from a single account, but really, how often do you need to access your hosting account? Creating or deleting email account is probably the most common use, and for most small businesses, that doesn’t happen very often. It may take a little extra time and organization to maintain separate hosting accounts, but again, it’s very little compared to the danger of exposing multiple sites to a single hack.

]]>
WordPress Security and Website Antivirus https://www.siteguarding.com/security-blog/wordpress-security-and-website-antivirus/ Fri, 16 Dec 2016 08:50:02 +0000 https://blog.siteguarding.com/?p=388 Read More]]> website security new

In this article, we take a look at the importance of WordPress security and some of the basics of keeping your WordPress website secure. With the technology industry ever-growing, more and more hackers are praying on vulnerable websites and with that, WordPress security is as important as ever. If you don’t take the time to set up your website security in a way which not only protects your website, but protects the data flow between your website and your visitors, then you are putting a lot of things at risk. Not only that, but you are leaving your website open to unauthorized users who can cause some serious damage. So with that in mind, let’s jump right in.

Website Backups

Before we dig into how you are able to protect your website, let’s first discuss website backups. Nobody likes to imagine suffering from data loss. It’s bad enough to lose valuable data, but it’s worse if you don’t have a backup to retrieve that data.

If you were to fall victim to WordPress hacking, you never know what the hacker’s intention is. Whether it’s to obtain data or to simply cause mischief; you simply won’t know.

With this, it’s a good idea to take a backup of your website’s data at least once a week so that if something does go wrong, you can simply restore the backup and have as little data loss as possible.

How to Keep Your WordPress Website Secure

Below are some of the best ways possible to keep your WordPress website secure, none of which requires too much technological knowledge.

Updating WordPress. This is the number one basic step to take to keep your website secure. While many opt to have WordPress update automatically, if you are on the other side of it then it’s important that you update your WordPress when prompted. WordPress updates often contain security updates based on issues that they have found or have been found and by not keeping your website up to date, you’re willingly putting your website at risk.

Plugins. Not only should you keep your plugins up to date, similar to keeping WordPress up to date, but on top of that there are several security plugins available for free use. The most common WordPress security plugin is Website Antivirus; a necessity to maintaining a secure website. Although there are premium plugins out there, the free version is more than enough.

Using Clef. Clef is one of the newest and securest resources out there. Not only does it work alongside WordPress to ensure a secure account login, but it can be used for many other services too. With Clef, you are removing the need to enter a password thus eliminating the risk of your password being obtained through keylogging.

Setting Up WordPress. When initially setting up the WordPress platform, there are a few things that you can do to further benefit your security setup. A few of these things are:

  • Change the default database prefix. By default, it is “wp_”, although this makes it easier for hackers to pinpoint your table name.
  • Change the login page. Rather than the standard domain.com/wp-admin/ login page, change it to something that only the required administration will know. On top of that, customize the page to make it somewhat different to the default page. By doing so, you are making it harder for bots to target your logins.
  • Have someone else setup WordPress for you. Lastly, if you aren’t sure on how to set up WordPress from a secure standpoint, have someone else take a look at it for you. There’s no shame in asking for help!

To Conclude…

Taking everything that we’ve discussed here into account, there’s no reason for you not to take the time to secure your WordPress website. Not only does it take only a short amount of time to do, but by securing your website there are absolutely no downsides in doing so. You are benefiting yourself, and you are benefiting your users.

]]>
WORDPRESS SECURITY AUDIT https://www.siteguarding.com/security-blog/wordpress-security-audit/ Fri, 16 Dec 2016 07:51:50 +0000 https://blog.siteguarding.com/?p=380 Read More]]> wordpress security

You probably don’t know this, but every day, there are probes trying to get into your WordPress account; they are always searching for security weaknesses and if you fail to do some WordPress security audit on your site, you never can tell, they might eventually get it. These probes are generally looking for weaknesses, and most times, the location of your webmail or your website’s MySQL database. There are chances that they might also be looking for a previous hacker’s file located on your website server space in order to gain full control of your website.

Therefore, the security of your website falls in your hands. So, if you are there thinking the security of your website is the responsibility of your hosting provider, then you need to have a rethink. Your website host, WordPress in this case, is majorly concerned about the security of their servers and all of the applications they run on them. They don’t care a bit about the scripts and applications you run.

Since the people probing your website barely use an IP address more than once, it will be difficult for you to block them by banning their IP addresses from gaining access to your website. Probes use different proxy servers and different names; some common ones include, Toata, Wantsfly and Morfeus. In one session, a typical probe can take up to 50 attempts in order to locate different combinations of directory folder names or common locations. So, in order to minimize the risk of the probes getting what they want, you need to run a WordPress Security Audit.

One of the most effective ways to do this is to utilize the services of the WordPress security exploit scanner plugin.

WORDPRESS VIRUS SCANNER

This plugin is one of the best scanners when it comes to detecting signs of suspicious activity on your website. It scans every database and file, searching for compromised files that have been uploaded or left on your website by hackers. To keep your website safe you have to scan website for malware at least once a week. Hackers leave a trail of modified contents and scripts whenever they compromise a website. These contents and scripts can be found by searching through every file on the website, manually. Some methods used by hackers to hide their spam links or codes are very obvious. For instance, they make use of CSS to hide text; these strings are the things we can search for. Contents can also be hidden in the database, and codes can also be run in the database. Spam links are sometimes placed amongst the comments and also on blog posts. Search engines will notice them but the visitors of your website will not see them because they are hidden by CSS. In an attack launched on WordPress some time ago, hackers exploited the WP plugin system in order for them to run their own codes. Files with the extension of image files were uploaded and added to the list of active plugins. Therefore, despite the fact that the files didn’t have a .php extension, the codes that had been written in them were still able to run.

This plugin goes through your website and tries to bring out all of these changed database records and files. It is the perfect plugin for the audit of your WordPress.

CHECKING YOUR WEBSITE’S SECURITY?

One easy way to check WordPress security is to check WordPress’ stats for 404 file not found errors. If you notice a lot of errors for file locations and files that literally don’t exist on your website, then your site is being probed for weakness that could be exploited. You need to make routine checks of your own website folders and file so as for you to determine the ones that you haven’t installed. If you should find anything, make sure to first check with your website host in order to ascertain that they haven’t installed what you found before deleting them. Sometimes these files cannot be deleted by you, you will need the help of your site’s administrator in order to delete them.

]]>
How to Clean Website Malware https://www.siteguarding.com/security-blog/how-to-clean-website-malware/ Thu, 03 Nov 2016 04:10:26 +0000 https://blog.siteguarding.com/?p=371 Read More]]> website malware clean

Do you suspect a hacker attacked you? Are now thinking on how to clean my website from malware? You got to the right place. We will explain to you how to clean up malware for inexperienced users. Every day hackers get into websites and block to infect them to spread more infections.

There are some other more complex cases, in which other features are exploded. A deeper technical knowledge is needed to get rid of those menaces. To enhance your security is important once your site has been compromised. You can follow some security best practices on password protection, form filling, and security updates.

Unfortunately, that is not enough for advanced hackers. They already know how to go around most security measures to break a site. Advanced protection like antivirus for websites and continuous monitoring services is advisable.

The Hidden Menace

Hackers are aware of people looking for strange things embedded on their web pages. The suspicious text will immediately lead to looking on how to clean my website from malware, and then they won’t be able to use that particular site anymore.

Even novice hackers will use a particular attribute to display malicious links. The display=none attribute will prevent visitors and site owners from finding the intruder links. Nobody looks for how to clean up malware until they have irrefutable evidence of a problem.

A naked human eye cannot see the malicious links, but search engine bots can. You can get de-indexed from search engines like Google if such links are found. It is easy to find the unwanted links, but you have to look for them. Here is what you should do:

  1. Open your source code on a web browser.
    • Most browsers let you go to the Page Source under the View menu.
  2. Check for the and tags for strange links.
  3. Look for links next to the “display=none” attribute.

If you know your code, then you will quickly identify the links that should not be there. If this is the first time you are looking at it, the malicious code will usually lead to porn or gambling websites. You can check the links you found or if they are obvious, just ban them.

To remove the unwanted links, you have to change the existing files, eliminating the unwanted links. Once you have changed it, double check if the links are really gone. If you have not identified the source of the infection, it is a good idea to change your admin password. Make it a strong one to avoid further intruders inside your site. Also, change the FTP password and set the file permission (chmod) attributes to read only.

To make a fresh installation of WordPress or any other software you are using to manage your site is advisable. This will ensure no injected files were left in the previous attack. But again, there might be a security issue left.

All these actions might prevent further intrusions to your website. However, some other vulnerability could have been exploded. Check if you have the most recent updates and look in a couple of days if your code is free of unwanted links. Take another week before you can declare victory over the links you just eradicated. If the problem continues, it is best to look for professional help.

Google’s Diagnosis

To identify if you need to clean up malware from your site, you can look at Google’s diagnosis from your website. Google ranks if it is safe to browse on your web page. To view your report, go to the following place:

http://www.google.com/safebrowsing/diagnostic?site=[SITE NAME]

Before you enter the address in your browser, change the [SITE NAME] to your site address. You will be able to know if you need assistance on cleaning website from malware, but Google will not display the sort of malware you have been attacked. You can try to scan your website with our free scanner or use Norton free scan. You can make a free website scan here:

https://www.siteguarding.com/en/sitecheck

http://safeweb.norton.com/

If you have a problem, our scanner will give you the solution. Norton has a broad range of products for end users and websites.

Closing Advice

Every malware is different, and you should get professional help who know how to clean up malware. Most times, when a site has been compromised, there are symptoms you can see. However back doors can be left even after you have cleaned your site from those symptoms.

It is important to contact the experts and get a deep cleaning. Get them to continuously monitor your web page. Even if there are no visible symptoms, and you just have occasional low performance, you can be infected. Hackers use your computer power to host sites, redirect traffic, commit fraud, send spam or any other possible criminal activity you can think of. They might not want to address you or your visitors, and those are the worse infections.

To remain unseen is the objective when your website is used for criminal activity. It can lead to legal issues to the rightful owner. While the investigations are taking place, your site might be closed, and you will lose ranking and traffic. It is better to prevent than regret. Besides following the best practice on security for websites, get a professional company to monitor your page.

]]>
How to Protect Your Website From Hackers https://www.siteguarding.com/security-blog/how-to-protect-your-website-from-hackers/ Wed, 26 Oct 2016 13:50:21 +0000 https://blog.siteguarding.com/?p=363 Read More]]> hack-blog

One of the biggest false beliefs circulated in the internet ownership and website security community is that “your site is not a big one, so there’s nothing worth being hacked for”. This particular belief has always led to dismay, because to the site owner’s surprise, he/she gets hacked and may lose everything. In fact, this popular belief may actually be propagated by hackers, because it creates laxity in the web owners, keeping their guards down and making their defenses exploitable. The truth is that websites get hacked all the time, size and function do not matter at all.

Majority of security breaches are not necessarily attempts to steal your data or deface your website, but are devious attempts at turning your server into an email relay for spam or to a temporary web server, usually to serve illegal files. In this article we will try to give you some tips on how to protect your website from hackers.As terrible as this may seem, keeping these people at bay is very possible and all requirements for this are of extreme importance. There are a few fundamental actions you can take to keep your site out of sight to these website vandals and make sure it takes a lot of hard work for hackers to find your website.

Update Everything You Have

Whether you’ve created a DIY site on a third party turnkey platform or chose to build from scratch with your development team, as a site owner, you must make sure that every piece of software run by you is up to date. CMS providers like Joomla, Ilk and WordPress stay on constant guard, continuously scouring for holes to plug in their systems and hit the internet with regular patches and updates to ensure that their software is impervious to attacks. Make sure you run these updates and always have the most recent version supporting your site at all times.

If your site uses third party plug-ins, you should stay updated with information about their updates and make sure all are implemented in a timely fashion. Lots of sites often make the mistake of including plug-ins that fall into disuse with time. Ensure that you do regular cleanups, wipe out all unused, old and non-updated plug-ins, they pose the threat of being a gateway for hackers to exploit and wreck your site.

Reinforce Security Around Your Site

Just as you install antivirus on your desktop before browsing the web and securely lock your doors before leaving your house, you should also install a security system to be your site’s first line of defense against malicious attacks by hackers. This first line of defense is always a web application firewall. These are designed to inspect incoming traffic, identify and sift out malicious requests, protecting your website from SPAM, cross site scripting, brute force attacks and other high level threats. You can take a look at website antivirus we offer.

A few years ago, web application firewalls were solely hardware appliances but quite recently, a few providers of Security-As-a-Service (SecAaS) have begun to use cloud hosting technology to water down the prices of security solutions. As a result of this, all website owners can now rent a cloud based web application firewall without costly security appliances or even a dedicated hosting server. Better yet, you won’t need a course in website security or hire security experts to utilize these services.

With a huge amount of websites getting hacked every year, it has become obvious that hosting providers cannot efficiently handle all website security threats and the rise of cloud based web application firewalls is quickly filling its void.

HTTPS

Hyper Text Transfer Protocol Secure (HTTPS) is a secure communications protocol that transfers sensitive information between a web site and a web server. Moving your website to this protocol definitely means adding an encryption Transport Layer Security (TLS) or a Secure Sockets Layer (SSL) to your HTTP ensuring extra security from hackers for yours and your users’ data.

Although HTTPS is necessary for all online transactions, the ratio of sites that run on HTTP outnumbers them 100’s: 1. Currently, adding a secure protocol layer won’t only guarantee security, it will help search ranking as GOOGLE has recently announced that HTTPS will be taken as a ranking factor.

Use Strong Passwords And Change Them Regularly

Brute force attacks work mainly by guessing username/password combinations. These have been reported to be on an alarming rise in the last two years as thousands of attacks are detected every day across the web. Brute force and dictionary attacks can be effectively eliminated by using strong passwords. Strong passwords aren’t just important for only email and financial transactions; they are even doubly important for your website server, admin and database passwords.

What makes up a strong password? A strong password should be a combination of alphanumeric characters, upper and lower case letters and symbols and should be at least 12 characters long. A combination like this can prevent brute force attacks.

Passwords should also not be the same for all website logins. Change your passwords regularly to ensure breach-proof security and store users’ data in an encrypted form. This way, if your security is breached, there’s no way your attackers can steal your users’ information.

Conceal Your Admin Directories

One of the easiest ways hackers access your site’s data is by heading straight into your admin directories.

The scripts used by hackers scan directories on your web server looking for names like, ‘admin’, ‘login’ or ‘access’ etc. then focus all their energy on accessing these files to compromise your website security. Most popular CMS’s give you total control over names of your directories; a great idea would be to rename your admin folders. Pick names that would make these folders inconspicuous and communicate it only to your webmasters. This method can greatly reduce the risk of a potential breach.

One fact that every business owner knows and understands is that, “your reputation is everything”, therefore no cost can be too much as long as it secures your website and safeguards your reputation.

]]>
How to Secure Website from Hackers https://www.siteguarding.com/security-blog/how-to-secure-website-from-hackers/ Thu, 29 Sep 2016 09:00:57 +0000 https://blog.siteguarding.com/?p=336 Read More]]> secure website

Do you get padlocks and locks for your home? Only if you are homeless, you won’t answer yes to this question. On this article, we will learn how to get padlocks and locks for your home page, which is equivalent to how to secure your website from hackers.If you use sensitive information, like your customer’s names and credit card information, then you are enforced by law to have a secure site. How to make website secure  becomes more relevant, and you could have legal problems if you fail to protect others information.

Other consequences include severe reputation damage, to be banned from search engines and to be an instrument to spam porn. In the worse cases, you can get in troubles if your site is used for illegal activities.

Prevention is your best choice, and we will explore how to secure your website from hackers to prevent any undesirable consequences from happening to your home page.

Discourage the Hackers

Going back to padlocks, which home is more likely to get robbed? A home with no padlocks, or one with a tiny padlock at the entrance? Of course, a thief will prefer to get into a home with no padlocks, since it will be easier to get in.

The same occurs with websites. If you learn how to secure your website from hackers, even if it is the smallest and most basic security measure, the hacker will go to the site with less protection. There are many unguarded sites around, and applying some tools on how to make website secure is just a simple way to discourage the hackers.

The Basics on How to Secure your Website from Hackers

Tiny padlocks are the basic security measures you can take on how to make website secure from hackers. This include:

  1. Keep your updates up today.
  2. Strong user names and passwords for everybody: admin and basic
  3. Set a password policy, which should include:
    • Limited attempts to log-in.
    • Periodically changing passwords.
    • Never send passwords by mail.
  4. Set an expiration time to logins when they are inactive.
  5. Change default settings, like:
    • The default prefix (wp_) of your database.
    • Use a plug-in to change your default admin
  6. Use tools to de-index your admin page. A common trick is to use the robots.txt file.
  7. Set uploading limitations, such as:
    • Eliminate the possibility to upload files if your site does not require this feature.
    • Store any uploaded file outside your root directory.
    • Use scripts to gain access to uploaded information.
  8. Remove the auto fill option of all your forms.

All these are settings any basic user who has put a website on his own can do. They are best practices you should consider when building a new website.

Administration Tools to help on How to make Website Secure

Before we go to the advanced tools and services to assist you on how to secure your website, let’s take a look at some other basics you should follow. These administration tools are not directly related to your home page, but they are useful and can help you avoid hackers attacks.

Especially if your server is located in your office, the following are simple advice you cannot miss. If you host it somewhere else, then, they are not as critical. However, this advice will keep the computer accessing your administration panel safe, and that can prevent your information from being stolen at this point.

The minimum administration tools to set on website security are:

  1. Get a Firewall for your network.
  2. Scan all your computers, not just your host server. Scan your website with website scanner to detect backdoors and preinstalled viruses.
  3. Get security applications for all endpoints on your network. Even the free options are better than nothing.

Backup your site when it is healthy. It might be of use if you need to recover from an attack. It will also protect you from hardware failures. The best is to backup every day at the lowest traffic time on a separate machine. To backup multiple times a day for sites with lots of activity is recommended. If you have a host service, ensure that your contract includes regular backups. Most vendors do it.

Advanced tips on How to secure your Website

There are some other things you can do in your search on how to secure your website from hackers. This is a list of just some of the advanced things you can implement on your web page:

  1. To use SSL certificates for encryption is a must if you are dealing with personal information.
  2. Don’t trust any application claiming that they can hide your code. The code to your website is how the page is displayed in the web browser. Most likely you will get an infection.
  3. Test your site for SQL and XSS injections. You can use the free tools on sites like NetSparker.
  4. Use a debugger to manually compromise your site or other automated tools which are available online. If you can, then hackers will. Be careful, because some sites using this sort of tools are just for fishing.
  5. Install security plugins. Your host vendor might give them up for free. Other sites also give up plugins to cover the most common vulnerabilities.

These are just some of the advanced things you can do to help on how to secure your website from hackers. There are much more. To get your hands on how to make website secure from hackers can be time-consuming. It is better to look for a professional service and save some time.

There are dedicated companies that will assist you with all the security issues for your website. A complete offer can be found on www.siteguarding.com. But there are many others. Your current vendor of antivirus service might help. Search for options and evaluate the benefits.

]]>
WordPress Malware Removal https://www.siteguarding.com/security-blog/wordpress-malware-removal/ Wed, 14 Sep 2016 15:22:50 +0000 https://blog.siteguarding.com/?p=320 Read More]]> wordpress malware removal

The malware is not good for the computer as well as the websites. It can create problems for the owners of the website or computers. The malware can help hacking of a website as well as the computer. The hackers use malware particularly to hack the websites or PCs and introduce their mean activities. The malware can increase the cyber crime. The suspicious activities indicated on the web sites by the host servers, antivirus, and firewalls are due to the malware that is downloaded to the computer or website.

Malware is a term that is used to define the problems that the websites and computers face. It could be in the form of the intrusive and hostile software. It includes;

  • The viruses,
  • Trojan horses,
  • Worms,
  • Spyware,
  • Adware,
  • Ransomware,
  • Scareware,
  • And other malicious activities.

The malware can take other forms that might include;

  • Executable code,
  • Active content,
  • Scripts,
  • And other software.

Penetration of the Malware

The hackers and cyber criminals know various techniques to introduce or inject the malware into the system of the target owner. The malware is introduced into the PCs as well as the websites that can cause enough damage.

These viruses are introduced into the system in two ways;

  • Social engineering technique
  • And system infection without the knowledge of the user.

Removing the Malware on Wordpress CMS

The webmasters can remove the malware through different means. There are different techniques and methods involve that is in the knowledge of experts only. We do  offer services to the websites to remove the malware. We have been providing enough information to the website owners and webmasters how to protect their websites from hackers and viruses. As well as we offer services to the websites that include website data backups, website protection and safety, WordPress antivirus, WordPress monitoring tool and WordPress security extensions. These services combined will reduce the risk of the website from getting hacked or losing the data.

Importance of Malware Removal

It is extremely important to remove the malware. The website is your business, and the computer is your property. You do not want anyone to interfere with your work. The hackers usually hack the websites or enter into the computers because they are on a mission of hacking the high profile or WordPress sites. And the hackers these days want to prove their capabilities in the field of cyber crime. The hacking of the websites and computers is common these days, and it is usually done through the malware incorporation. The webmasters might lose all the important data, files and content that may cause enough damage to the business. Some of the important and confidential information can be breached, and the login credentials can be available to the hacker. So it is important to remove the malware.

Malware Removal Ways

There are different ways in which the malware can be removed from the particular website or computer. The siteguarding.com offers the services to remove the WordPress malware by providing WordPress antivirus, WordPress monitoring tool, and WordPress security extensions. The different ways include;

Cleaning the Basics

You need to start from the scratch. The cleaning of the website is important as it will remove the malware that is in the content or files of the website. It can be hidden or open to the tools installed in the computers. The cleaning involves different steps that need to be followed.

Using the Live Scanners

The live scanners are important that help the website to scan for the malicious activities or malware on the website. The live scanners are important as the false positives are the risks that are accepted by the webmasters other than the false negatives that are web malware. Review the website regularly. You can indicate particular areas to check other than missing them that can cause damage to the website.

Default WP Structure of File

The WordPress is always organized and featured in a default state. The core files and directories must be checked that can help indicate the issues regarding the hidden malware content. It is extremely important to use the file monitoring tools that will help the website to gain any information regarding the malware files.

File permissions

The WordPress provides useful information regarding the file permissions and specific permissions to install the WordPress. The file permissions must be limited, and it must be changed according to the proper technique.

Disabling the Plug-ins

A very important step includes disabling the plug-ins. It will help the scanner to identify and find the location of the malware. It is usually found in the plug-ins directory that is why you are advised to disable the plug-ins. Disabling means that you cannot use it. Do not confuse it with the removing of the Plug-ins.

WordPress Malware Removal Steps

The malware removal includes proper steps that have to be followed to remove the malware and restore the WordPress site.

  • You must lock the WordPress by the WPSecurityLock that will keep the criminals out of the territory.
  • Set your passwords according to proper guidelines given by the host servers and companies.
  • Scan the website and locate for any of the malware in the data.
  • Remove the malicious codes and files that are incorporated into your website.
  • Use the backup to restore the website and revert it to the last and latest position before hacking.
  • Use new and unique authentication keys to disable the cookies.
  • The permission sets must be corrected for the directories and files of the server.
  • Aware the users about the website maintenance on the website interface.
  • Final check-up of the website’
  • Remove the malware warnings from the search engines.
  • Scan malware for about a month.
  • Receive a diagnostic report by the secure server.

The wordpress malware removal can be achieved through the services offered by the siteguarding.com. The malware removal is important and follows the steps to remove it properly and get rid of the malicious activities.

]]>