security

WordPress sites are vulnerable to new hacker attacks. Is yours secure?

Posted by | News, Websites | No Comments
Over the last week WordPress sites worldwide have been attacked by hackers. So what? you may say. We all know hackers are busy 24/7 trying to cause havoc. But this time it's a biggun. Apparently a botnet of tens of thousands of computers has been busily squirrelling away at any WP site using 'admin' as the login username. Here's what the BBC's website has to say: 'The botnet targets WordPress users with the username "admin", trying thousands of possible passwords. The attack began a week after WordPress beefed up its security with an optional two-step authentication log-in option. The site currently powers 64m websites read by 371m people each month. According to survey websiteĀ W3Techs, around 17% of the world's websites are powered by WordPress.' So your first step, therefore, is to change your username. Now. (Any WP sites I set up, by the way, don't use 'admin' as the username. It's just too obvious.) You should also update to the latest version of WordPress (remember to back up first!) and use the optional two-step authentication with a secret number. Yes, it's one more thing to remember but a darned sight easier than rebuilding your website. Next, install a plugin such as Better WP Security. I also recommend installing your website in a separate folder on your server rather than in the root folder. Just don't call the folder WordPress or Website! If you want help beefing up the security on your site, please do get in touch with me so I can help you ward off hackers.
Security

Keeping your site secure with updates

Posted by | Services, Websites | No Comments
SecurityWhen we hand over a site to a client, it comes with instructions and the reassurance that we will always help if our client forgets any key or not so key issues regarding maintenance and adding posts, pages and media. One of those instructions is to always perform available updates on core WordPress software and also plugins which have new versions available. Why is this so important? Security. The interweb is scattered with hackers, and system updates make your site more secure. The updates typically address security issues as well as added functionality. No software is immune to security problems, but updates reduce the vulnerability of your site, as do other measures we take when setting up your site for you. Updating your WordPress core software isn't hard to do, but we know many of you forget to look at your Updates settings, so from time to time we check your sites for you and update core software and appropriate plugins on your behalf. If you're nervous about the words "we recommend you back up your website first" just ask us to do it all for you; it doesn't take long at all and we have yet to encounter any problems doing a core upgrade. We do notice a difference between web hosts though - there are some hosts out there running outdated versions of PHP on their server which means we can't update the core software (we do contact them and pester them to give us access to PHP5.X.X). It does pay to get a web hosting company which uses up-to-date tools - in our case we can offer you hosting for $54 a year, hint hint! Shameless plug aside, if we can't - or you can't - update your core software and/or plugins because of your web host, it may be time to shift hosts. WordPress is one of the most popular web building platforms in the world right now, and any reputable web hosting company should be able to support it and its updates. If you have any questions about upgrading your software or plugins, contact us and we'll talk you through it, show you how to do it, or do it for you.

Hacking – it could happen to you on Facebook

Posted by | Social Media, Websites | No Comments
One of my clients phoned me, rather distressed, on Saturday. Someone had hacked her Facebook page and also her Hotmail account...and her email account associated with her own website. Like many of us, remembering a dozen complicated passwords is a pain, so my client had used one password for all three and admittedly it was a relatively low security one. I've now given her a new email account for her website with a mother of a password, but she's still unable to access her Facebook page and her Hotmail account, which she uses for business. The ramifications of the Hotmail account being hacked are pretty serious. This person is a consultant with high-level professional clients. She has had to go into damage control mode and send her clients a note stating that her account has been hacked and to disregard any messages sent from her Hotmail account effective last Friday night. What's making it hard for her to get back on track and get her Facebook and Hotmail accounts back is that the hacker has changed secret questions and answers, and now she is having a tough time proving she is who she is. Facebook can send you a new password via text message, but my client got a new mobile phone earlier this year and didn't update that in her Facebook account. And it's pointless Facebook sending her a new password to her email account, because the account linked with Facebook is, you guessed it, the Hotmail account. We don't know whether this has been a random hacking attack or a deliberate attack from someone she knows, but my client has called the police and reported it. Facebook is a hotbed for hackers. We've all heard about tribute pages which have been hacked into, to the distress of the friends and family of the person the page was a tribute to. This is the first time someone I know - let alone a client - has been hacked on Facebook. All of us think "It won't happen to me", but be vigilant, and change your FB password to something a lot more difficult for hackers to guess. Your security is your identity.