the 4 areas of web security defined

4 Areas of Web Security A Business Owner Must Manage


Your web security is about risk reduction because the risk will NEVER BE ZERO. There is no perfect security solution or guarantee because the hacks are forever working on new methods as we all go on about the business day. Serious business people must get familiar with these 4 areas of security in order to stack the ‘web security odds’ in their favor! 


1. Local Computers & Communication

– simply put, your computer is the biggest area of vulnerability and where most hacks begin (i.e. keystroke malware will expose all logins) 

– best to have virus and (we also recommend having) malware scanning software (i.e.

– be reluctant to click on links or react to anything in an email unless you are absolutely certain of who it came from

– if inclined to pursue, search the website domain on Google before visiting = Google crawls the world wide web’s website
pages for malware- and nefarious activity


2. Website Security

– there are good & bad security software options, some only suited for particular things, so be sure to research your website security solution

– firewalls matter and FREE website security solutions do not offer firewalls

– inconvenient as it may be we must all manually-encrypt login page URLs, usernames, and passwords using a non-obvious combination of letters, numbers, and symbols

– when offered – use dual identification techniques

3. Website Updates Management

– manage a business website as if it is under attack… because it is! 

– good website software, like WordPress, advances its code and because the advances arrive in the way of code updates, they must be managed  

– and WordPress not only brings core software updates, but the website theme and any applications the site has will get updates … these advance usability or harden code against vulnerability to hack

(SSL) Secure Socket Layers  = Browser to Website ConnectionsWHY DOES GOOGLE WANT US TO USE SSL?

– Google has stated SSL is necessary

– now they make it visible in the browser, meaning you are either an ‘I’ for insecure or a ‘Lock’ icon for a secure website

– SSL protects the exchange of information between a browser and a website from hacks that might otherwise get in between that connection MEANING this is NOT website, so much as it is ‘web security’

– it may seem an obvious need for e-commerce, but exposure also stems from visitors filling out website contact forms and website owners logging in to their websites from a browser!

Managing a web presence can be difficult for busy business people so we provide a series of different webmaster & host management options, including advanced website security, to relieve folks of that burden.  Ask us about client-friendly webmaster services!

About Hacked WebsitesGoogle And Hacked Websites

Google blacklists around 10,000 websites every day for being hacked, removing these sites from their search results. But WHY? Because these websites have been invaded by nefarious software, possibly aiming to download malware to visitor computers and Google is trying to protect people on the web.

Website Management (And WordPress)

Website security boils down to how it is managed! If you let a website sit without a) proper security support and b) management of updates then its odds for being hacked are multiplied. In fact, security & management is necessary with any good software online. What follows will serve as useful information, plus some opinion for why WordPress is the best solution for business!

When it comes to security with WordPress website software the issue is going to be LESS vulnerability and MORE management. Any rumors to the contrary are more due to ‘upstart website solution companies’ attempting to discredit WP as a competitive tactic than they are factual. WordPress is, after all, the dominant market share solution for business websites – making it a target. And by the way, we fix WordPress website issues. 

Website Hack Examples

The result of a website hack can be:

  1. the site is taken over and used to promote drugs, porn, or any other thing the hacker desires ;
  2. the site is set up for and used to generate email SPAM, which also typically gets the website URL /domain blacklisted;
  3. a page that has subtle, maybe hidden, links (that no one would knowingly add to their own pages) that take visitors elsewhere AND
  4. worst case – the website is used to load malware on to all visitor computers.

Hacked Website Warnings By Google
Google Chrome Hacked Website Warning

A troubling situation for business owners is when Google (because it crawls all websites) identifies a website that is hacked and its Chrome browser discourages visitors with big red warning signs to avoid the website. Even more distressing to a website owner is the fact Google shares its’ ‘hacked website list’ with the other browsers. When hacked no one should expect to slide by with the folks coming in from IE, Safari, or Firefox because eventually, those will be warning people to avoid the website.

In fact, thank goodness for Google’s efforts or we > as information consumers ourselves < would all be in a lot of danger.

How To Avoid Being Hacked

At least for WordPress users, which is the lion’s share of business websites on the World Wide Web today, management should understand the ever-emerging threat of being hacked by having:

  • responsible local computer use, so the PC itself doesn’t become the vulnerability;
  • sincere respect for protecting usernames & passwords, encrypt them with non-dictionary-based words and include a combination of lowercase & capital letters, numbers, and/or symbols;
  • knowledge for what different host & service packages do and do NOT offer; cheap shared plans won’t support much; whereas, a well managed host plan may;
  • prioritized attention for WordPress upgrade(s) execution;
  • (equally) prioritized attention for plugin application and theme upgrades;
  • a VERY conservative approach for what 3rd party applications are allowed into the website, DO NOT just load up every cool thing that comes down the pike;
  • protective software that in real-time by blocks an identified attackers’ IP addresses from visiting WP websites all over the world;
  • protective software that perpetually scans for Malware, Viruses, and security vulnerabilities; that also helps to remove it and a reliable firewall AND THEN FINALLY
  • HT Access protection to lock out any outside access to particular files in the website’s database.

As mentioned above, we support hacked website ownersKinetic Knowledge offers WordPress Host and Management services that can help to both service and protect against these very issues.

Website Fix & Troubleshooting and ‘Hacked Business Website’ Cleaning Services

While we see it quite often nowadays, more recently a company approached us about their (GoDaddy hosted) WordPress website. They were in a state of emergency because their site had been hacked! To add insult to injury, Chrome (Google’s browser) was warning all visitors to avoid their website … OR risk personal harm. A quick review showed the website was a year plus behind on its core WordPress updates, including updates to a plugin known to have a vulnerability. The site’s management had been poor and, as a result, it had been hacked & loaded up with malware!

The addition of malware detection software, a series of WordPress & WordPress plugin upgrades, the removal & replacement of the before- mentioned application and then a series of scan projects allowed for this website to be rid of its’ malware. The site was then submitted to and accepted by Google in good standing. For this company, it was a temporary traffic & sales death penalty not to mention a complete nerve-racking experience.

Believe it or not, it happens every single day. Microsoft, Twitter, Facebook, Drupal, NBC … the list goes on … have all been hacked! Unfortunately, it may be happening to you right now and you just don’t know it yet. These hackers deploy bots to crawl the web and look for vulnerabilities in the website, database, or application(s) code that allows for invasion with their malicious code. All-day long these nefarious bots crawl the world wide web and search for these vulnerable websites. When, for instance, a vulnerable application is identified they pounce… so unless you wish to manage it, best to look for Specialized WordPress Management Host Services.


Revolution Slider: Widely Used WordPress Plugin Application Hacked!

A few years back the Revolution Slider application for WordPress was temporarily unsafe and rumored to have allowed over 100,000 websites to be hacked. While it was fixed and upgrades were released rapidly, people should know that upgrade management (in most cases) did not come rapidly, if at all, AND THAT WAS USER ERROR! WordPress was not the problem and, while the plugin was a temporary problem, the longer-term problem is a website owner that fails to manage to update. Today, anything but thorough software management is a big potential problem.

NOTE: The web and its great tools are advancing with or without us! And folks, typical “shared host plans” DO NOT update or manage website software! $10- $25 a month likely doesn’t cover that kind of support.


On WordPress Security: Matt Mullenweg, Co-Creator of WordPress

“As the most widely used CMS ( Content Management System ) in the world, many people use and deploy the open-source version of WordPress ( ) in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.”

Why is WordPress the website solution leader, the ‘open source’ or proprietary question?

To start, it is without rival for choice of sophisticated theme (= design) or plugin application (= functionality) choices. WordPress, due to its unified worldwide support, also identifies vulnerability to hacking faster than any other solution ever has or could. Versus proprietary content management (CMS) solutions, ‘the power of many’ vested interests proves to be better faster! And unlike proprietary solutions that prioritize their own business first, WordPress allows a marketer to OWN its’ website and accumulated digital web footprint. A marketer is never trapped and can move her website from host to host whenever needed.

Month over month WordPress creators (i.e. plugin application, website theme, and core WP code) deploy updates, which may include new features or security updates AND so it requires some management. Often that’s a simple click of a button, but in some circumstances help is necessary. If so, there is never a lack of WordPress support and a timely manageable fix! Themes and plugin applications should be researched, for instance via the WordPress Codex and Envato marketplace. Both offer in-depth reviews, commentary, and vetting for a ‘best case scenario’ when searching for any business website requirement. Needless to say, Kinetic Knowledge supports general management, development, design, and website security for hacked WordPress website owners.

spoof email | spoofing Spoof Email: Be Careful With Email Links And Attachments

We have mentioned before that your business computer (see: Web Security A Business Must Manage) is by far the biggest area of vulnerability and where most hack attempts are focused. Due to a rash of ‘spoof email‘, we feel compelled to send a BIG heads-up blog post here on this subject.

What Is Spoof Email Or Spoofing?

It’s a malicious practice where email is sent from an unknown source DISGUISED as a source (i.e. email address) known to you. Spoofing is prevalent in email because email lacks a high level of security. Technically, SMTP (i.e. Internet standard for email transmission) fails to offer authentication, so it becomes a place readily available for hacks meant to forge and impersonate known email addresses.

Why Do Hacks Attempt To Spoof Email?

The attacker knows that if you receive a spoofed email that appears to be from a known source, it is likely to be opened and acted upon. The email may request personal information, like an account number, or a click that can launch an attack. If reacted to as planned, it may allow the spoofer to A. gather then use an account for identity theft purposes OR B. to download malware to your device.

A. Account Nos. > access to bank accounts or other login accounts where contact details may be changed to then steal or gain control

B. Malware > programs that when downloaded can cause significant computer damage, the triggering of unexpected activities, remote access to the device, the deletion of files, and much more.

How To Deal With / What To Do With Email We Are Unsure Of 

We all need email: text will never replace email communication for the depth of information it can offer as well as its ease for organization. However, we can get smarter about how we react to links or attachments in our email.

  1. First question all links & attachments in an email!
  2. Then search all links sent and prior to clicking them in Google. Do it by copying them to another browser with Google opened. If the link is a problem Google will likely know.
  3. Finally and so far as attachments go, email the known source direct AND NOT in direct response to the suspected email. Ask, “did you send an email with an attachment?” If not, you know it was not them and the problem is avoided. If so and you wish to remain super careful, ask maybe if they can drop the attachment in a secure environment rather then sending it via email. Dropbox, for instance, will automatically scan all dropped files for malware before it can cause harm to your device.

It Has Become An ‘SSL World Wide Web’!

So, how important is SSL (SSL/ HTTPS defined) to your business? Back in 2014 Google announced that SSL, or HTTPS rather than HTTP in your page URLs, would be used as a ranking signal. And the truth is it likely represents one lower weighted signal (Google uses up to 200 depending on how competitive a subject is) that has just a little effect on SEO. For those of us ‘splitting SEO hairs’ every single signal matters, but in fact activating HTTPS will hardly change keyword rankings.

HOWEVER BE TOLD, SSL matters a great deal to business!

secured by SSL = HTTPS


Protects People When Browsing Websites Online

Rankings explained, a business owner must be concerned with online user experience. Prospective buyers must not only feel safe when visiting a website and exchanging information, but when they are buying products or services. Several browsers NOW show visitors an ‘ i ‘ or a ‘not secure’ message when your website does NOT have an SSL certificate and/or an HTTPS connection. It’s very discouraging to an innocent visitor to see a warning in their browser, at best.

After all, gaining the trust of visitors who may become future customers is everything. If they do not become immediate buyers just their visit time, their sharing to social networks and/or even their linking to pages from their own websites are all important SEO signals!

Google Has Become Adamant About Being SSL!

Come July 2018, Google Chrome, which is the world’s most popular web browser, will start marking ALL websites as ‘ i ‘ insecure if they are not HTTPS. So it’s inevitable that we are going to be in an all SSL = HTTPS world wide web soon.

And so, it is incredibly important websites make the switch to HTTPS. The process of setting up an SSL can be confusing and even frustrating- so let us know if you have any questions and/ or need assistance.