Website Security – Excentric Creative Agency Ottawa https://excentric.ca Your Creative Partner Tue, 09 Feb 2021 15:08:07 +0000 en-US hourly 1 https://wordpress.org/?v=5.8.2 Top 3 WordPress Security Mistakes https://excentric.ca/top-3-wordpress-security-mistakes/ Tue, 24 Jul 2018 19:11:07 +0000 http://excentric.ca/?p=1702 Over the last 8 years the number of websites using WordPress has increased from 13% to 31%. While it hasn’t completely dominated the internet yet, WordPress use has grown consistently by 2-4% every year, and it is the most popular content management system (CMS) in use. As a WordPress user, this is good news and bad news. The good news is that with so many users, there is a strong community dedicated to the ...

The post Top 3 WordPress Security Mistakes appeared first on Excentric Creative Agency Ottawa.

]]>

Over the last 8 years the number of websites using WordPress has increased from 13% to 31%. While it hasn’t completely dominated the internet yet, WordPress use has grown consistently by 2-4% every year, and it is the most popular content management system (CMS) in use. As a WordPress user, this is good news and bad news. The good news is that with so many users, there is a strong community dedicated to the improvement and development of the CMS. The bad news is that with so many users, WordPress sites are often targeted by hackers.

WordPress Security Mistakes
HERE ARE THE TOP THREE WORDPRESS SECURITY MISTAKES YOU MIGHT BE MAKING ON YOUR OWN SITE:

1
Ignoring WordPress and WordPress Plugin Update Notifications

Keeping plugins up to date is the most important thing you can do to keep your website safe.

It’s easy to ignore the notifications when you log in to your website, but every time you put it off, you are putting your website in danger. Hackers search for known vulnerabilities in plugins and old versions of WordPress and then scour the web to find websites using those old versions. Sucuri.net reported that 25% of the websites they cleaned were exploited through three popular WordPress plugins – all of which had available updates that could have prevented the websites from being hacked (Q1, 2016).

Keeping your website up to date is easier said than done. Updating WordPress core files can cause plugin compatibility issues. Updating plugins can “break” your website. Before you update anything, make sure you have your site backed up.

Pro Tip

PRO TIP: Keeping WordPress up to date is much easier if you have a staging environment for your website. In a staging environment you create a private copy of the latest version of your website. This allows you to update your WordPress and plugin files and test the effects without affecting your live site. Once you are sure everything is compatible and your site is working as expected, you can copy the files from your staging environment over to your live website.

WordPress Plugins Causing Hacks

2
Storing Website Backup Files where your Website is Hosted

If you don’t know if, how often, or where your website is being backed up, you should find out – NOW. Backups can save you thousands and thousands of dollars in website cleaning and recovery fees.

Free Backup Plugins for WordPress

There are a number of free WordPress backup plugins you can use to make sure your website is safe:

The safest way to store your backup files are to save them to an alternate server location like Dropbox, Google Drive or Amazon. If your website comes under attack, your backup files saved on a different server will be safe from infection. Depending on how your backups are setup, you will probably still want to keep a backup on your website server for easy backup creation and restoration when your website is affected by user error (e.g. accidentally deleting something). Creating a local backup before doing any website editing is excellent protection against user error.

Pro Tip

PRO TIP: If you don’t have a backup and your site ends up being hacked, contact your website host before you pay for a cleaning service. Some website hosts take backups of all of their hosting space regularly and will offer restoration from their backups for a fee. It may not be the most current version of your site, but it may be a cheaper option than having your site cleaned.

3
Using the Default WordPress Username

One of the most popular ways for a hacker to gain access to your website is by using a “Brute Force Attack”. This kind of attack involves a hacker finding your login page and using software to try and “guess” your credentials. If you are using the default “admin” username that is recommended during the WordPress setup, you are cutting their work in half!

  • Always use unique usernames coupled with strong passwords
  • Never create more logins that you need
  • Don’t assign more permissions than necessary to each user
  • Delete unused or obsolete logins
Pro Tip

PRO TIP: Installing a good security plugin like Wordfence can help protect against brute force attacks and many other vulnerabilities. Security plugins help protect you by limiting login attempts, enabling two factor authentication, and blocking known blacklisted IP addresses.

The post Top 3 WordPress Security Mistakes appeared first on Excentric Creative Agency Ottawa.

]]>
Is your website at risk of being hijacked? https://excentric.ca/website-risk-hijacked-ssl/ Thu, 07 Jun 2018 14:18:50 +0000 http://excentric.ca/?p=1591 SSL Certificates: What are they? And why do I need one for my website? If you haven’t installed an SSL certificate yet, now is the time. Google has been encouraging website owners to make the switch to
HTTPS for quite a while. Starting in July 2018, Google will be displaying a “Not Secure” message in the browser URL field on websites that have not been secured yet.

The post Is your website at risk of being hijacked? appeared first on Excentric Creative Agency Ottawa.

]]>

THE ANSWER IS YES IF YOU DO NOT HAVE AN SSL CERTIFICATE
INSTALLED ON YOUR WEBSITE.

SSL Certificate Shield

SSL CERTIFICATES:

WHAT ARE THEY? AND WHY DO I NEED ONE FOR MY WEBSITE?

If you haven’t installed an SSL certificate yet, now is the time. Google has been encouraging website owners to make the switch to HTTPS for quite a while. Starting in July 2018, Google will be displaying a “Not Secure” message in the browser URL field on websites that have not been secured yet:

Treatment of Unsecured Pages - Chrome

In Chrome 68, the omnibox will display “Not secure” for all HTTP pages. – Source: Chromium Blog

SSL Certificate Shield

Although there is no implementation date set yet, Chrome intends to make this messaging stronger over time. This is NOT what you want your customers to see as their first impression of your website.

Eventual treatment of unsecured pages in chrome

Source: Chromium Blog

Hold on… What is SSL?

Without getting too technical, SSL stands for Secure Sockets Layer. If you install an SSL certificate where you host your website, your website URL will start with “https” instead of “http”. This indicates a secure connection between your website and the visitor’s browser. Having a secure connection means that any information submitted on your website is encrypted before it’s sent to your web server so it can’t be hijacked by a third party.

Having a secure connection means that any information submitted on your website is encrypted before it’s sent to your web server so it can’t be hijacked by a third party.

Do I really need SSL?

I DON’T EVEN USE CHROME!

Maybe you don’t use Google Chrome so it doesn’t seem like a big deal to you – but as of April 2018, Chrome users account for 57% of the browser market share and their numbers are growing.

Even if you aren’t concerned about Chrome’s treatment of unsecured sites, privacy is becoming an increasingly important issue. In the past year we’ve seen companies like Facebook, eBay, Sears, Under Armour, Uber and many more all come under fire for data leaks. Even if the only information you collect on your website is contact information, you need to make sure there is no risk to your visitors. There has been a trend in legislation towards tighter regulation of personal data as it becomes clear how easy it is to misuse it.

Google Chrome Logo

Google accounts for 57% of browser market share

With over half of the world using Chrome, you should make sure that your site is secure.

What will happen if I don’t upgrade to SSL?

Higher Bounce Rates

Chrome users will see the warning that your site is insecure, and click back on their browser right away. This may cause a higher than normal bounce rate. A bounce rate is the percentage of visitors to your website who leave after viewing only one page for a short amount of time. A high bounce rate can contribute to lower search engine rankings because Google assumes the content on your page is not useful for the keyword being searched if a customer leaves your page quickly.

Lower Search Engine Rank

Your search engine ranking may drop slightly as Google will give secure websites preference in search results. This doesn’t mean that unsecured websites will fall to the bottom of the search results, but secured websites with similar ranking and authority will be shown before unsecured websites.

Low Trust Factor

Even if you don’t have an e-commerce website, if you are promoting a business or service and your website shows warnings that it’s not secure, you aren’t inspiring confidence in your brand. You may lose out on potential sales or leads without even realizing it.

Risking Customer Privacy

When you send unencrypted customer data back and forth between your website and the server, you have no way to protect your customer’s privacy. Depending on the type of data you collect, this could have major implications.

How much does an SSL certificate cost?

Cost can vary depending on the type of certificate you need and where you buy it from. The price can range from $4 a year to thousands of dollars for multi-domain and email server certificates. Some hosting providers include the cost in their hosting packages. The majority of people should be able to secure their website servers for under $100/yr.

Here are the three basic types of certificates that you can purchase:

Domain Validation (DV)

DV certificates confirm that the web pages are being served from the expected domain. There is no verification of the website owner, but the certificate verifies that they own the domain hosting the website. These can be issued within minutes and are generally under $10/year from discount providers. While not ideal for e-commerce websites, this type of certificate provides encryption suitable for basic websites.

Organization Validation (OV)

Before an OV certificate is issued, company credentials and website ownership are verified.This can take 1-3 days but provides customers with a higher level of trust. This is the type of certificate that would be suitable for most e-commerce websites.

Extended Validation (EV)

This type of certificate involves extensive verification of company credentials and can go so far as to check into bank accounts and business license registrations. An EV certificate signals the highest level of trust and when installed on your website your company name will appear in green before the web address in the browser. This is the type of certificate typically held by financial companies and other websites dealing with highly sensitive customer data. It can take 2-7 days to complete validation.

How do I install an SSL certificate?

Once you have purchased the right certificate, you can ask your website hosting company to install the certificate for you. This might be a service provided at an additional fee depending on your hosting package. You may also wish to ask your favourite agency (like Excentric) to do this for you.

Unfortunately, it’s not as simple as that. After your certificate has been installed, you will still see a warning that the site is not secure in your browser. To fix this, you will need to convert every link in the code of your website to every internal page, image, script and resource file to use http instead of https. Once complete, you will need to setup proper 301 redirects to indicate the new permanent URL of your website to Google and other web crawlers.

Ready to make your website secure?

WE MAKE HTTPS CONVERSION EASY!

Buy the certificate and leave the hard work to us. Use the contact form below to get a free quote.

[contact-form-7]

The post Is your website at risk of being hijacked? appeared first on Excentric Creative Agency Ottawa.

]]>