Category : Security

Blog categories:
  • CMS (2)
  • E-Commerce (1)
  • General (4)
  • Security (3)
  • SEO (4)
  • Tips & Tricks (8)
  • Web Hosting (1)
  • WordPress (11)
  • 4 Steps to protect your website investment

    Step 1: Backup your entire website

    Make sure you have a worst case scenario backup plan. Sure any web hosting service worth it’s salt will keep backups of your website but don’t just rely on that. What if they went out of business and shut down operations suddenly, would you be able to get your website back online with another hosting provider? What if your website was hacked but you didn’t notice it for several weeks, would your hosting provider have a clean backup to restore? Take these matters into your own hands and have a backup plan in place. Make sure you have your own backup of your website. Make sure your backup includes everything needed to get your website back online. If you update your website regularly you should save a new backup at regular intervals.

    Step 2: Keep your website software up-to-date

    Cyber-criminals and hackers are constantly scanning the web for websites with security vulnerabilities. Popular CMS software such as WordPress is scrutinised for any security weaknesses that can be exploited. If any security holes are exposed the WordPress team responds quickly with a security update. But you must update your website software to the latest version of WordPress to make sure you have all the security updates. If you are running an old version of WordPress, it may have known security holes which leaves your website vulnerable to attack. So make sure you regularly update to the latest version of WordPress (or whatever CMS software you are running). Beware that updating the software can have it’s risks – the upgrade could fail leaving your website inaccessible or there could be incompatibility issues, so it is important to backup your site prior to upgrading. WordPress plugins should also be kept up to date for the same reason. You can read the release notes for WordPress and plugins to determine if the latest release includes any security updates.

    Step 3: Use strong passwords and keep them safe

    A weak administration password could be the biggest security hole in your website. It is best to use passwords of at least 10 characters. They should contain a combination of upper case, lower case, numbers and symbols. It is safer not to use the same password for multiple different purposes. It is also recommended to change your passwords from time to time. That can mean a lot of passwords to remember so a secure password storage utility such as KeePass (Win), KeePassX (Mac, Linux) or Password Safe (Win) comes in handy for keeping track of all those passwords in a secure manner.

    Step 4: Ensure your website is configured as securely as possible

    Certain measures can be taken to add an extra layer of protection from hackers scanning your website beyond what is provided by the out-of-the-box content management system. e.g. Certain information that does not need to be displayed but could be of help to hackers can be hidden. For WordPress websites there are security add-ons that assist you with making your website more secure. One that we use and recommend is Better WordPress Security.

    Hack Attack

    Flicking through Time Magazine on the plane back to NZ, I came accross an interesting read regarding website hacking. It is astonishing how organised these hacker organisations are, so much so that some of them even offer customer support!

    Here’s the article: Read more »

    An alternative to storing passwords in FileZilla or other FTP clients

    One of my client’s websites got hacked recently but fortunately he was able to restore the website and tighten up security. He also discovered how the attack happened – his own computer got infected with malware which got access to a file created by the popular FTP client, FileZilla. That file contained his FTP connection details for his website, including password in plain text. Yes, FileZilla stores all the site connection details that you save in the site manager in a plain text XML file. This seems very unsecure. The FileZilla developers contend that it is the job of the Operating System to keep your information secure and that even if they encrypted it, malware authors would easily decipher it. However, I am of the opinion that encrypting the passwords would make it more difficult for the hackers and therefore would improve the security.

    Read more »

    © 2024 Stellar Web Works Ltd., A Website Design Company based in Nelson, New Zealand