Website Security Features That Matter Most

The Important Website Security Features That Matter

 

There is a lot of confusion out there about what security is necessary for a business website. Careful: there’s an army of companies touting their product and one solution rarely fits all. What’s more, the threat always evolves so security must also be a committed personal process – locally with computer use. Website security is as much personal computer discipline as it is website security features, so best to get up to speed.

Reliable security stems from people, from process and from technology all working together! And in case there is any confusion about what Secure Socket Layers (SSL) do, they protect visitors coming in from a browser that then interact or share information with your website. What follows emphasizes the most relevant security features to protect the website itself.

What Website Security Software Features Matter When It Comes To Preventing Your Website From Being Hacked?

1. Brute force blocking – a live feature for monitoring login page activity to lock out IP addresses that repeatedly attempt to *guess* a password and username login. A two factor authentication option that sends a code required for login entry along with a username and password to another device can be a great add- on, but for some it’s too much;

2. Country blocking – a feature designed to stop or end repeated aggressive & malicious activity originating from a geographic region or country. For instance, repeated failed logins or a large number of page not found errors that alerts to this malicious activity coming from the same country and blocks it. This plus a manual capability that allows for pre- empting the blocking of any county or IP deemed not necessary can be useful;

3. Scanning – a feature that continuously searches for Malware, Viruses and any security vulnerabilities;

4. Comment spam filters – this feature checks on the source IP of inbound comments and any URLs that are included AND

5. Firewall – a feature that identifies malicious traffic by IP address and then blocks the attacker from any further access. Top solutions automatically update firewall rules based upon the latest threats, blocking attacks based on known / updated attack patterns and IP addresses; 

6. Database back ups – so that in the worst case scenario you’re able to go back and re- establish the website database before it was hacked; hopefully, worst case, there’s no more than a lost post or some simple to re- do edits;

Check out our WordPress advanced security solution, which does all of the above and more. Features like tracking all nefarious activity targeting WP site worldwide and updating itself based upon that data make this solution stand alone as best in class. Plus we guarantee support for cleaning a site that has been hacked and also Google re- submission making this security package unique!

Related Information:

How To Manage Website Security – Locally At The Computer Level!

personal security practices

In a previous post titled “So, Why Does Google Want Us To Use SSL?” we shared that there is NO security guarantee, especially because there are different areas of vulnerability – none more important than local computer personal management. The threat evolves so security is a continuous process; it’s as much about securing local computer personal processes and behavior as it is configuring & managing website configurations. Be assured – security stems from people, process and technology – all working together!

 

How To Improve Website Security Locally At The Personal Computer Level

As website administrators’ & owners, here are the actions we can all take to harden & improve our personal processes and behavior in order to improve website security:

  • Limit Access: Minimize administrative access to website dashboards. The less people with Admin’ status, the less exposure to mistakes.
  • Raise The Website Login Bar: Respect usernames & passwords, encrypt them with non- dictionary based words and include a combination of lowercase & capital letters, numbers and/ or symbols;
  • Host Choice: A little knowledge ( or help ) for what different host & service packages do and do NOT offer, for instance that shared plans are probably a compromise is a first step. The cheaper the plan the more you may want to concern yourself; whereas, a good managed dedicated host plan should improve security a great deal.
  • Backups: Reliable database & theme backups, including testing to be sure a website can be restored from its backup if it is damaged.
  • Stay Up-to-Date: Stay up to date ( or get help ) with WordPress updates that not only advance the software’s features BUT harden its code against vulnerability. There should be an administrative support in place that checks the status of the site’s extensible components with some frequency.
  • Trusted Sources: Do not load plugin applications or themes from sources not vetted as trusted and reliable. Sorry folks, but FREE is becoming a recipe for disaster. Malicious people and organizations will distribute free ‘nulled’ plugins and themes with malicious code. So don’t just load up anything that comes down the pike.
  • Security Updates and News: Security vulnerability affects all software, WordPress being no different. To stay current, subscribe to reliable sources of information in order to be informed of the latest issues & trends.
  • Security Software: Use security software that not only helps protect in real-time by perpetually searching for Malware, Viruses and security vulnerabilities, but that firewalls identified attacker IP addresses. Even entire country blocking, temporarily or permanently, should be possible.
  • Working Environment: Be sure the local computer, browser and routers are up-to-date, free of spyware, malware, and virus infections. Anti- virus ( = malware that spreads from PC to PC ) and anti- malware software is recommended. Also secure your mobile devices. Install any updates as soon as they are available.
  • Personal Passwords: The goal with a username & password is to make it difficult for others, including machines, to guess. Hard for even a brute force attack to succeed. A key to this is making it Complex, Long, and Unique. And if an IP fails to enter a couple times, maybe 3 times, than to deny that IP

And while personal practices and computer management are everyone’s responsibility, this post does not suggest busy professionals can handle it all; it does however suggest there should be knowledgeable WordPress support to manage what you may not be able too. And please, ask us about Advanced WordPress Security and Host Management

Related News:
So, Why Does Google Want Us To Use SSL? 
The Truth About Hacked Websites 

,

The Truth About Hacked WordPress Websites

The Truth About Hacked WordPress Websites | WordPress Hack Support

WordPress’ security boils down to how it is deployed! In fact, security is necessary with any software online and what follows serves as an argument (all things considered) for why WordPress outperforms all the rest!

WordPress has seen some security concerns and it’s due part to upstart solutions trying to discredit it as a competitive tactic and part because the dominant market share solution is always a target. For hackers looking to maximize a return on their effort, it’s only logical they target the leading solution. Why is WordPress the leader versus all the other website software solutions, ‘open source’ or proprietary? To start, there is nothing close to its’ massive choice of sophisticated theme, plugin application and support for any taste or need. WordPress, due to its almost unlimited worldwide support, reacts to vulnerability faster than anything else ever could. Versus proprietary content management (CMS) solutions, ‘the power of many’ means better and much faster! And WordPress allows a marketer to own her website and it’s accumulated digital web footprint. She is never trapped and can move her site from host to host when needed.

However, month over month WordPress creators (i.e. plugin application, website theme and core WP) deploy updates, which may include code upgrades, new features, even security patches AND it all requires some management. Often it’s a simple click of a button, but in some circumstances issues occur. If so, there is always support and a timely manageable fix! Themes and plugin applications should be researched, for instance Envato marketplace offers reviews and vetting. Needless to say, we support security and even hacked WordPress website owners

On WordPress Security: Matt Mullenweg, co-creator of WordPress

“As the most widely used CMS ( Content Management System ) in the world, many people use and deploy the open source version of WordPress ( WordPress.org ) in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.”

How To Avoid Being Hacked

At least for WordPress users, which is the lion’s share of business websites on the World Wide Web today, management should both understand and deal with this emerging threat including:

  • responsible local computer use, so they don’t become the vulnerability;
  • sincere respect for protecting usernames & passwords, encrypt them with non- dictionary based words and include a combination of lowercase & capital letters, numbers and/ or symbols;
  • knowledge for what different host & service packages do and do NOT offer, shared plans won’t support with what follows; whereas, a good managed host plan may;
  • prioritized attention for WordPress upgrade(s) execution;
  • (equally) prioritized attention for plugin application and theme upgrades;
  • a VERY conservative approach for what 3rd party applications are allowed into the website, you can’t just load up with every cool thing that comes down the pike;
  • protective software, like for instance WordFence, that not only helps protect WordPress in real-time with upgrade update warnings, but that blocks identified attacker IP addresses on all WordPress
    sites running Wordfence;
  • protective software that perpetually searches for Malware, Viruses and security vulnerabilities, that also helps to remove it AND (last, but certainly not least nor the last needed);
  • a reliable firewall AND
  • HT Access protection to lock out any outside access to particular files in the website.

As mentioned above, we support hacked WordPress website owners

Website Hack Types

Sometimes the result of a website hack is

  1. one page buried deep and out of sight, but covertly used to promote drugs, porn’ or worse;
  2. the site’s host is used to generate email SPAM which also gets the domain blacklisted;
  3. a page that has subtle maybe hidden links placed, links no one would knowingly add in their own pages, AND
  4. worst case – the website is used to load malware on to all visitor computers.

Hacked Website Warnings By GoogleGoogle Chrome Hacked Website Warning

Even more troubling for business owners, when Google (because it crawls all websites) identifies a hacked site its’ Chrome browser will discourage anyone from visiting it with big red warning signs. “This site may download malware to your PC, advance at your own risk!” is basically the message. Even worse, Google shares their ‘hacked website list’ with most other browsers too, so no one should expect to slide by with the folks coming in from Safari or Firefox either. And truthfully, thank goodness for Google’s efforts … or we’d all be in a lot of trouble.

Kinetic Knowledge offers WordPress Host Management services that can help service & protect against these very issues.

Revolution Slider: Widely Used WordPress Slider Plugin Application Hacked!

The Revolution Slider application for WordPress was temporarily unsafe last year and rumored to have allowed over 100,000 websites to be hacked. While it was fixed and the upgrades were released for updating, people should know the security patch upgrade came rapidly. Its’ upgrade management in most of these cases did not come rapidly, in many cases not at all … AND THAT WAS USER ERROR!

WordPress was not the problem, and while the plugin was a temporary problem, the longer term problem is any site owner that fails to tend to their website or to seek out WordPress support that will. Anything less than thorough software management nowadays is a big potential problem.

NOTE: The web and its great tools are advancing with or without us! And folks, typical “shared host plans” DO NOT update or manage your website software! $10- $15 a month likely doesn’t cover that kind of support.

We Support Hacked WordPress Websites – Business Website Hacked | Business Website Cleaned

Hazardous MaterialsWhile we see it quite often nowadays, more recently a company approached us about their (GoDaddy shared host plan) WordPress website. They were in a state of emergency because the site had been hacked! And to add insult to injury, Chrome (Google’s browser) was warning all visitors to avoid their Malware infested site … OR risk personal harm.

A little looking around showed the website was a year or two behind on its core WordPress updates, including updates to a particular plugin known to have a massive vulnerability ( i.e. Revolution Slider ). The site’s management had been poor and, as a result, it had been identified as vulnerable, hacked and loaded up with malware!

The addition of malware detection software, a series of WordPress & WordPress plugin upgrades, the removal & replacement of the before- mentioned slider application and then a series of scan projects allowed for this website to be rid of its’ malware. The site was then both submitted to and accepted by Google in good standing, which happened quickly. And for this company, it was a temporary traffic & sales death penalty not to mention a completely nerve- racking experience.

Believe it or not, it happens every single day. Microsoft, Twitter, Facebook, Drupal, NBC … the list goes on … have all been hacked! Unfortunately, it may be happening to you right now and you just don’t know it yet. These hackers deploy bots to crawl the web and look for vulnerabilities in website, database or application(s) code that allows for invasion with their malicious code. All day long these nefarious bots crawl the world wide web and search for these vulnerable websites. When, for instance, a vulnerable application is identified they pounce… so unless you wish to manage it, best to look for Specialized WordPress Management Host Services.

Is It My Website? = Is It My Digital Footprint?

Website Digital Footprint Ownership Modern Full Width Responsive Design by Kinetic KnowledgeWebsites and Digital Footprint Ownership

 

IS IT MY WEBSITE? DO I CONTROL MY CURRENT AND FUTURE MARKETING VISIBILITY ONLINE?

 

With Kinetic Knowledge the answer is always “yes!” With us you are never ever trapped and you can always move your website from host to host. This is important because with so many website providers the answer is often “no, you can’t take it with you” AND that’s a big problem when you consider what a website’s accumulated ‘Digital Footprint’ is worth to your business.

What will or have you been trying to accomplish with a website? What is the BIG picture? Hopefully it is search engine indexing for lots of keywords from all your individual pages? Bookmarks? Back links? Social popularity in shares, likes, pins and Plus 1’s? Visibility? Traffic? All of it relates directly to records of your content/page URL or ‘permalinks’ out all over the web. All in places where anybody, anywhere at any time can discover you … and it can translate to sales at any moment! 

The question often stems from whether or not a business can take a site it has developed from one host to another. Time, effort and ( past & future ) money is always at stake SO before investing even a moment of time be sure to understand the consequences of not owning it all; be sure to understand the long term value lost and what’s truly at stake when you lose not only a website, but its digital footprint!

WHAT IS AT STAKE WITH YOUR DIGITAL FOOTPRINT?

A website is the beginning and a means for future marketing. While marketing, search engine optimization and social voice require time, effort and money it all works toward building a long term brand or ‘digital footprint’. What is the technical definition of a ‘digital footprint?

It is a forever growing record of digital interactions recorded via page URLs or permalinks. A cumulative record, for instance, used by search engines to rank a site and its content versus the competition. It’s a page URL that maybe several people have bookmarked (or linked too, shared and/ or liked) possibly to recommend it to others or to save as a reference for when they are ‘ready to buy’. Its a lot of potential new business opportunities … assuming those URL records can stand the test of time.

And for this reason, not owning it can be a big long term mistake.

WHEN IS A WEBSITE AND DIGITAL FOOTPRINT NOT MINE?

You see the ads for curiously cheap or even free websites. Ever wonder how or even why it’s free? Maybe the provider is selling something else so profitable [i.e. shared hosting or PPC service plans] it makes throwing in a template website worth doing for free. It can be a classic ‘bait & switch’ for the unsuspecting, and logic has that virtually no one can afford to offer any products or service for free!

Maybe the host offers a platform that suits an immediate need more cost effectively for you than building your own site. There’s the free subdomain of WordPress.com [i.e. mystore.wordpress.com] option, where authority gained from digital transactions are passed along to the primary wordpress.com domain… and that’s fair for free. Free or cheap is nice, but not if a marketer wants the opportunity to both build and protect its’ long term historical build & record of digital capital interactions … and its potential for future business growth.

FORM FOLLOWS FUNCTION

An architect might tell you that the shape or FORM of a building should be based upon its intended FUNCTION or purpose. Let’s parallel a ‘digital footprint’ in a way that defines what a website’s purpose SHOULD be.

The data trail left by interactions in a digital environment or, better yet, the size of a companies’ “online presence” measured by its’ history of interactions is it’s ‘digital footprint’. Inputs to a ‘digital footprint’ may include location, search engine crawls, keyword use and indexing, links, content amount, bookmarks, recommendations, social network activity, direct subscriptions and many more ‘signals’ that lend themselves to visibility (or a website’s function) over time. 

Why does a company build a website in the first place? Hopefully not only to own a Website Digital Footprint Ownership Modern Full Width Responsive Design by Kinetic Knowledgewebsite, but to be ever more visible online; to drive traffic, capture leads and generate business. For perspective, disregard all the signals a marketer’s website can accumulate in it’s ‘footprint’ over time. Rather, look solely at one – the time a business begins hosting its’ website on a particular URL. Time or ‘date stamp’ is a signal and it counts toward a search engine’s definition of authority in a competitive environment. Depending on the level of competition for visibility and traffic, for instance maybe in a less competitive geographic region, ‘date stamp’ for when a business arrived with some content at its’ URL can be enough to outrank the competition. And to outrank is, in theory, to drive traffic and potential new business. But remember, the time record is URL based! Worthless if you don’t own it! 

Most subjects and geographic regions are a great deal more competitive for traffic, but using the one signal demonstrates the larger value proposition and what’s at stake. The big picture is not just that a business should own its’ website, but it should be in control of an entire history of interactions and the means to grow its’ visibility forever and ever! 

WORDPRESS.ORG AND PORTABILITY

Custom WordPress | Website Digital Footprint Ownership | Modern Full Width Responsive Design by Kinetic KnowledgeWordPress.org is open source software available under the ‘General Public License’ or GPL, which *generally* (within GPL scope) gives its’ user the right to do with it what they wish. Open source software might loosely be defined as base software code one can manage, develop, advance and/or launch applications (like themes and plugins) from without having to rewrite that base code. With WordPress.org and a little knowledge or help, a business can change hosts and never concern themselves with whether or not it’s all theirs. What’s more, there is nothing that compares when it comes to support. Whether for people that can pick it up and support generally or virtually any imagine- able application need, already built and ready for plugging in. There’s more support for WordPress than any other solution at any time. Ever. Period.