Securing a WordPress installation is certainly not a new topic. A quick Google search will turn up a large number of guides on how to go about doing this. Many of these have great information already but this task can often seem tedious to those that are inexperienced or don’t have a lot of time to spend on it. Given that WordPress is by far the most popular script that our clients use on our servers, I wanted to quickly highlight a couple of plugins that we find very useful in mitigating various issues that we’ve observed.

Better WP Security

The Better WP Security plugin offers a set of very straight forward steps that you can follow to help secure your WordPress installation as you can see below. Continue reading →

A couple of our recent posts have covered how to keep your login information secure and how to secure your local environment. In the latter we briefly mentioned how important it was to browse the web safely. Malicious content being served from a website is by far one of the biggest and most common threats to the security of your computer. The best advice that I can offer concerning safe web browsing is simple: trust nothing.

It should come as no surprise that browsing unsavory websites, such as those containing adult or pirated content, comes with risks of infecting your computer. Unfortunately this same potential exists with every single website out there. Some might think that since they are visiting a reputable company’s website that it is safe and that is not the case. Back in February NBC’s website was compromised and ended up serving malicious content to users. Just this past August the New York Times’ DNS was hijacked leaving near endless possibilities for attackers to abuse. Again my advice on handling this would be to trust nothing. Continue reading →

A couple of months ago we briefly covered how to help keep your login information secure. Some of the biggest threats to maintaining secure login information are your own computers and devices (phones, tablets, etc.). It is unfortunately quite common for a computer to be infected and any login information used on it compromised as a result. Here are a few important things to consider which can help to greatly reduce your chances of being infected.

Patch / Update Your Software

This is the golden rule as far as security is concerned and there really is no excuse to not be keeping your software updated. Attackers are quick to target new vulnerabilities so it is very important that all patches be applied in a timely manner. The three main things to keep note of would be:

• Operating System – It doesn’t matter if you use Windows, Linux, or even a Mac. All of them can be vulnerable and need to be kept updated.
• Anti-virus Software & Definitions – Should anything get through, your AV software needs to be current so that it has the best possible chance of preventing an infection.
• Browser Related Software – This would include your web browser of choice along with all plugins. Flash, Java, and Adobe Reader are all commonly targeted by malicious websites. Continue reading →

Your login information is the key to your hosting account. Much like your car keys, house keys, and ATM pin, you don’t want your login information stolen. We all know that a strong password is a good idea and that we shouldn’t be writing down logins on post-it notes next to our computer. Those topics have been well covered for many years. We’re going to cover a few of the less obvious, although equally important, aspects to keeping your login information secure.

Encryption

Login information should always be submitted over SSL. This is easily confirmed by looking for “https” in your browser’s URL bar. Extended validation SSL certificates, like the one we use for our main website, portal, and billing system, will even show up green in the web browser as seen below.

Continue reading →

My wife and I are both dog lovers and finally rescued our first dog, a Golden Retriever named Carson, two years ago. Carson was a puppy at the time and we were determined to have a well behaved dog so we began crate training him from day one. As a dog owner, you have to understand that a crate (or cage) isn’t just a means of punishment. It is intended to be a safe place for the dog to escape to while also providing safety to the dog and your belongings while you’re away. As it turns out, Carson loved his crate and would even willingly take a nap in it on occasion.

Enjoying his crate aside from the tennis ball teasing.

We could leave the house knowing that Carson was safe and secure in his own environment. If we had not put him in his cage, things would have turned out differently. Continue reading →

Securing an online presence can be one of the most difficult tasks that our clients face. We spend a tremendous amount of time keeping a watchful eye on security advisories, applying patches, etc. just to make sure our servers remain secure. This is often very hard for resellers and web developers alike to keep up with.

For instance, let’s take your average WordPress based website. Not only do you have to make sure the WordPress core stays updated but you also have to do the same for all plugins and themes that are being used. It is very common for a WordPress site to have more than 10 plugins and a handful of themes installed at once. Fortunately, WordPress has a good interface for managing and installing these updates easily. Often times everything can be upgraded in just a few clicks. However, this still requires that someone login to the WordPress admin interface and perform the upgrades. For resellers managing hundreds of sites this can be tedious at best and it is easy for one to get overlooked.

Continue reading →