The Important Website Security Features That Matter

 

There is a lot of confusion out there about what security is necessary for a business website. Careful: there’s an army of companies touting their product and one solution rarely fits all. What’s more, the threat always evolves so security must also be a committed personal process – locally with computer use. Website security is as much personal computer discipline as it is website security features, so best to get up to speed.

Reliable security stems from people, from process and from technology all working together! And in case there is any confusion about what Secure Socket Layers (SSL) do, they protect visitors coming in from a browser that then interact or share information with your website. What follows emphasizes the most relevant security features to protect the website itself.

What Website Security Software Features Matter When It Comes To Preventing Your Website From Being Hacked?

1. Brute force blocking – a live feature for monitoring login page activity to lock out IP addresses that repeatedly attempt to *guess* a password and username login. A two factor authentication option that sends a code required for login entry along with a username and password to another device can be a great add- on, but for some it’s too much;

2. Country blocking – a feature designed to stop or end repeated aggressive & malicious activity originating from a geographic region or country. For instance, repeated failed logins or a large number of page not found errors that alerts to this malicious activity coming from the same country and blocks it. This plus a manual capability that allows for pre- empting the blocking of any county or IP deemed not necessary can be useful;

3. Scanning – a feature that continuously searches for Malware, Viruses and any security vulnerabilities;

4. Comment spam filters – this feature checks on the source IP of inbound comments and any URLs that are included AND

5. Firewall – a feature that identifies malicious traffic by IP address and then blocks the attacker from any further access. Top solutions automatically update firewall rules based upon the latest threats, blocking attacks based on known / updated attack patterns and IP addresses; 

6. Database back ups – so that in the worst case scenario you’re able to go back and re- establish the website database before it was hacked; hopefully, worst case, there’s no more than a lost post or some simple to re- do edits;

Check out our WordPress advanced security solution, which does all of the above and more. Features like tracking all nefarious activity targeting WP site worldwide and updating itself based upon that data make this solution stand alone as best in class. Plus we guarantee support for cleaning a site that has been hacked and also Google re- submission making this security package unique!

Related Information:

personal security practices

In a previous post titled “So, Why Does Google Want Us To Use SSL?” we shared that there is NO security guarantee, especially because there are different areas of vulnerability – none more important than local/ personal computer management. The threat evolves SO security is a continuous process; it’s as much about securing local computer personal processes and behavior as it is managing website configurations.

Be assured – security stems from people, process and technology – all working together!

 

How To Improve Website Security Locally At The Personal Computer Level

As website administrators’ & owners, here are the actions we can all take to harden & improve our personal processes and behavior in order to improve website security:

  • Limit Access: Minimize administrative access to website dashboards. The less people with Admin’ status, the less exposure to mistakes.
  • Raise The Website Login Bar: Respect usernames & passwords, encrypt them with non- dictionary based words and include a combination of lowercase & capital letters, numbers and/ or symbols;
  • Host Choice: A little knowledge ( or help ) for what different host & service packages do and do NOT offer, for instance that shared plans are probably a compromise is a first step. The cheaper the plan the more you may want to concern yourself; whereas, a good managed dedicated host plan should improve security a great deal.
  • Backups: Reliable database & theme backups, including testing to be sure a website can be restored from its backup if it is damaged.
  • Stay Up-to-Date: Stay up to date ( or get help ) with WordPress updates that not only advance the software’s features BUT harden its code against vulnerability. There should be an administrative support in place that checks the status of the site’s extensible components with some frequency.
  • Trusted Sources: Do not load plugin applications or themes from sources not vetted as trusted and reliable. Sorry folks, but FREE is becoming a recipe for disaster. Malicious people and organizations will distribute free ‘nulled’ plugins and themes with malicious code. So don’t just load up anything that comes down the pike.
  • Security Updates and News: Security vulnerability affects all software, WordPress being no different. To stay current, subscribe to reliable sources of information in order to be informed of the latest issues & trends.
  • Security Software: Use security software that not only helps protect in real-time by perpetually searching for Malware, Viruses and security vulnerabilities, but that firewalls identified attacker IP addresses. Even entire country blocking, temporarily or permanently, should be possible.
  • Working Environment: Be sure the local computer, browser and routers are up-to-date, free of spyware, malware, and virus infections. Anti- virus ( = malware that spreads from PC to PC ) and anti- malware software is recommended. Also secure your mobile devices. Install any updates as soon as they are available.
  • Personal Passwords: The goal with a username & password is to make it difficult for others, including machines, to guess. Hard for even a brute force attack to succeed. A key to this is making it Complex, Long, and Unique. And if an IP fails to enter a couple times, maybe 3 times, than to deny that IP

And while personal practices and computer management are everyone’s responsibility, this post does not suggest busy professionals can handle it all; it does however suggest there should be knowledgeable WordPress support to manage what you may not be able too. And please, ask us about Advanced WordPress Security and Host Management

Related News:
So, Why Does Google Want Us To Use SSL? 
The Truth About Hacked Websites 

custom wordpress | kinetic knowledgeDefine Shared Hosting

  Lately we have been aiming to inform on some of the technical aspects of WordPress and website management for the serious business, including the importance of digital footprint management and the different types of WordPress.

  Because of the way host options are often sold (to ‘less than informed buyers’) one can easily end up with the wrong solution. While WordPress offers  a business unrivaled power & flexibility, the way it is hosted matters!

  Let’s start by describing the most common host plan:

‘Shared Hosting’ is host service where many websites reside on one server. Generally, it is the most economical option versus Virtual Private or Dedicated because so many company websites share the cost of a provider’s server maintenance. Of course, ‘Shared Hosting’ is economical because it is often  oversubscribed. In order for it’s provider to maintain a profit it’s likely shorting services & capacity.
 

Better Website Hosting

  A modern website with a Content Management System (CMS) requires more than a host, it requires management! Learning how to use WordPress can be relatively easy, but for it to function at its’ best it will need management a basic Shared Hosting plan isn’t going to deliver. For instance, with oversubscription there’s likely going to be more and more security exposure to all those random sites; with oversubscription there’s going to be less resources for speed AND then who’s going to manage updates, plugins, bugs & security patches? Certainly not the average ‘shared host’ and certainly not with a custom website.  

  In order for a WordPress website to function at maximum capacity there are server-side resources required. Those contractor websites | kinetic knowledgeinclude scripting languages like PHP, as well as database systems like MySQL. There’s caching, 3rd party application integration, content backup,  and complex security issues that will all tax a server! There’s general human concern! In a general Shared Hosting environment, where RAM and CPU are often limited by the sheer number of random sites subscribed, page loads will slow. And slow pages can have a ‘ripple effect’ that, defeats the whole purpose of being there. After all, do any of us like or even trust slow loading pages & websites?

  GoDaddy, for instance, is a great resource for registering domains. And their Shared Hosting service may be fine for the average static website, but many report they can be way oversubscribed. Rumors of slow loading pages during the workday persist. They are also versed in ‘customer support dialogue’, database updates, installing caching plugins, etc., and the legendary up-selling ensues. Ultimately, with the average ‘bare bones shared hosting’ plan, a business gets a minimal amount of service for a economic price.  

  Here are some basic requirements for hosting a sophisticated WordPress site.

WordPress | Kinetic KnowledgeWordPress Server Requirements

  • PHP version 5.2.4 or greater
  • MySQL version 5.0.15 or greater
  • Apache mod_rewrite module (for clean URIs known as Permalinks)
  • Service!

And then please have a look at a Comprehensive Managed Hosting, Managed WordPress, Customer & Marketing Support Services package to see an example of how a host might better support a serious business.

 

 

Recently I saw a relatively high profile social networking consultant recommend his audience use a super cheap host service, with unlimited bandwidth and a free one click WordPress install.

He spoke nothing of the potential pitfalls, probably had no idea himself… BUT I felt we should write something on the subject here for those considering that kind of a service.

Forgive me, this may concern you!

Define Shared Hosting

For the layperson, shared hosting is where the host serves multiple sites from a single Web server. Although shared hosting is a less expensive way for a business to create a web presence, it’s typically priced based upon the bet you won’t use much in the way of server resources. If you’ve chosen cut throat pricing to host your business site, it’s  likely you’ve chosen shared hosting!

If Hosting Sounds Too Good To Be True, It Is!

What shared hosting also means, is you are on a server full of other random sites AND you are potentially at the mercy of all the other sites activity. Shared hosting is usually not sufficient for any one site with potentially high traffic spikes.

You’ve spent time and energy to build products services and a brand, but when you [or anyone else on your server, for that matter] get a popular moment are you prepared? For example, say Digg.com points to your site one day and there’s a traffic surge. With shared hosting, there’s a good chance you’ll go down before you ever benefit from that surge. And if so, what of the reward for all your hard work?

If your site grows in popularity, are there even options to optimize your server for additional traffic? If so, you either pay up or you probably need to move… having learned a hard lesson! Here’s the next one: what is the cost to transfer your site and content seamlessly? Have you thought any about the retention of your data, images and video files? How about your back links? Your subscribers? Search indexing? How much will it cost to get someone experienced enough to successfully transfer all you have accumulated and want to protect?

Hosting with a FREE WordPress Install?

What does a one click install mean anyway? Does it even address WordPress updates, or that the software quickly becomes problematic if you’re not updating it? If a major security release ever came along, will they tell you? Are they responsible? And if so, are you waiting until the installer decides to update… rather than right away?

Do you have any custom design? Any custom configuration? Certainly you have custom Search Engine Optimization? How about plugins? Are you using or embedding any 3rd party software? Analytics maybe? Cool widgets, maybe the weather? And what if all those fun features begin to hog resources; will your shared host simply shut you down with no explanation. Got a question about modifying something or adding a new feature? Either plan on lots of research in the WP support forums, assuming someone there has even dealt with your problem before. And folks, our CTO used to manage those forums! He’ll be the first to tell you  the volume is such, dozens of questions go unanswered. What would you expect when the forums are volunteer?

What Serious Business People Do?

So, what’s an incident really going to cost you? $150 $250? How about the next? Experienced and trusted WP developers aren’t cheap. Just because WP is open source, free to download and install, doesn’t mean it isn’t a complicated piece of software that requires various web technology disciplines to fix, customize or optimize.

And as for unlimited bandwidth, has that been defined? Know that if your server can’t handle peak traffic then having it is probably useless. Need immediate service? Good luck!

Folks, ultimately with shared hosting you may need to be realistic about potential down time, limitations on service, the possibility of things breaking and additional costs.

What do serious business people do? They get a dedicated Web server, either in- house or out with a managed service… maybe like ours. With us, there’s not only realtime customer service platform with human interaction, but complete WordPress care & updating. Throw in server optimization, technology advancement, storage, security, online marketing education,… and you’ve got our standard comprehensive services package!