Category Archives: Security

Referrer Spam — What It Is and How to Stop It

road-sign-464655_640Those of us who live in the light often forget that the internet is like any dense concentration of people — it has a seedy underbelly. Sure, we hear about the latest hacks of government and corporate servers, but there’s little we can personally do about those intrusions, so we shrug it off and go about our daily lives.

But what about the less nefarious, yet still damaging minor crooks of the web? They often fly under the radar, ruining our lives in tiny increments rather than gigantic swaths of destruction. For the small business or solo blogger trying to make it in this world, one particularly annoying breed of this type — the referrer spammer — has begun to proliferate to the point that it is beginning to cause people serious damage. Continue reading

How Not to Get Hacked

Backlit keyboardFor the longest time, it was possible to pretend that if you didn’t engage in any unsafe web browsing practices and employed a competent host for your website, you would be safe from the malicious actions of hackers. I say pretend because this was never actually true, but it was easy to believe that small business owners just weren’t large enough targets to be worth attacking.

Well, in the age of big box security leaks, NSA snooping, easily lost mobile devices chock full of personal data and hackers that are increasingly targeting smaller targets, I would say that the illusion can no longer stand. It is imperative that everyone, even small businesses, protect themselves from the ravages a hacking attack can wreak.

But for many, the barrier to protecting themselves is simply a lack of understanding, or a fear of approaching something that seems too technical from the outside. Never fear! There are many steps even the most technically challenged can take to protect themselves, and if you stick around, I’ll tell you about a few.

The Host With The Most

Despite what I said earlier, having a really good web host in place is your first and most important line of defense. When deciding on a hosting platform, make sure that you choose one with top-notch security measures. Once you’ve engaged said host, always use strong passwords for your accounts and databases. If you’re not using a password manager to keep track of and generate your passwords, you should be. There are a number of competitive managers out there, including Roboform, One Password and Lastpass. Lastpass even has a free secure password generator you can use without signing up for anything, so no excuses! In addition, you would be wise to change your passwords regularly, at least once a quarter. The more often you change your password, the safer you will be.

WordPress Is Soft

Here at Solamar, we love WordPress and use it exclusively for our web projects, but out of the box it’s pretty soft on defense. This is bad, because hackers will be trying to break into your (yes, your!) WordPress platform every single day. If you have a site that has an audience, then it could be as much as hundreds of times a day.

To combat this, you need to do something called hardening, which essentially means bolstering your site’s defenses and plugging any security holes that might exist. The fine folks who make WordPress have created an informative and extensive guide to doing just that, so I recommend you check it out, and go over it with your sysadmin or other tech guru. We’ll be addressing some of the more easy to approach things it mentions later on, so don’t worry if it’s too confusing a read.

Be Judicious With Your Users

You can give anyone you want access to your site, but you shouldn’t. Every person who has access is another weak point in your chain of defense, so the only people who should be given access to your site are the people who actually need it in order to accomplish something. You can also give users permission to do things within WordPress, so try to make sure even the people you do give access to only have access to the things they specifically need.

Also, make sure that when assigning users their usernames you don’t use anything obvious. DO NOT make “admin” your administrative username, or anything else that resembles your name or the name of your business! The more non-standard your usernames are, the more difficult your site will be to hack.

Plugin Your Security

A great way to jumpstart your website’s security is to utilize a security plugin. There are tons of these available for WordPress, from simple plugins like iThemes Security to more comprehensive and expensive systems like Sucuri. Other options include Wordfence, All-In-One Security and Firewall and Bulletproof Security. Take some time to browse through these options, see which one is right for you and install it. Your site will take care of a number of security issues in one solid punch!

However, other than your security plugin, it is important that you limit your use of plugins to only those that are essential, and even then, only use ones that are reputable and updated regularly.

Use a Firewall

Firewalls such as Sucuri’s are the ultimate protection, a security layer that sits between the internet and your server.  These tools are designed to catch the most virulent attacks before they even touch your server, but they all come with a cost. However, if you are under abnormal attack, then it’s well worth the cost.

Want to make sure that your website is a secure as possible? Give the Solamarites a shout, and we’ll beef up your defenses in no time!