Tag Archives: security

Phishing: Don’t Take the Bait

No, this post is not about something that is fun and entertaining. It’s not a misspelling of a relaxing sport that involves trying to catch tuna, trout, or salmon with a pole, reel and hook. Nor is it about an American rock band with a dedicated following.

So, what is phishing?

Even though it sounds like the two others, the phishing we’re talking about here is a serious cybercrime attack that casts a wide net hoping to ensnare as many people as possible using forged emails, telephone calls or texts with malicious attachments. According to the FTC, “Phishing is when you get emails, texts or calls that seem to be from people you know. But they’re actually from scammers. They want you to click on a link or give personal information (like a password) so they can steal your money or identity, and maybe get access to your computer.”

Continue reading

8 Simple Steps to Keep Your WordPress Site Secure

padlock-597495_640-cropIt’s ironic that securing a WordPress website is called “hardening.” The process is a bit  like adding more stones and rocks to bolster a fortress. But, remembering all the details of WordPress security is so much “harder” (and so much more important to keeping hackers away) than a rock wall!

Sure, you could stick your head in the ground like an ostrich and make-believe that small business owners aren’t worth hacking. However, as we mentioned in a previous post, we live “…in the age of big box security leaks, NSA snooping, easily lost mobile devices chock full of personal data and hackers that are increasingly targeting smaller targets.” And since WordPress is pretty soft on defense, it’s seriously important to step up and combat the attacks.

That’s why it’s worth repeatedly telling you about how to best protect your WordPress site. Especially when these 8 simple steps can help even the most technically challenged secure their website. Continue reading

WordPress Plugins We Love: iThemes Security

ithemes-securityOne of the reasons we love WordPress so much is the vast number of plugins it has available to extend the built-in functionality. But since there are over 40,000 plugins available in the repository, we thought it would be fun to help you sort through the pile by recommending a few of our favorites. These will be plugins we use all the time, have thoroughly tested and highly suggest using if you are looking for what they offer.

Next up on our tour through awesome WordPress plugins we love — iThemes Security! Made by the same people who make BackupBuddy, the first plugin we recommended, iThemes Security is the go-to security plugin for WordPress.

No matter what you think, you do need a security plugin. WordPress is awesome, but out of the box it isn’t the most secure platform. In a world where hacks against all sizes of websites get more and more common, security must be high on your list of priorities. The good news is that, like all things WordPress, the solution is easy! While there are a number of security-related plugins available that all claim to patch up WordPress security, iThemes Security is the clear winner. Why is it so great? Stick around, and we’ll sneak you the answer. Continue reading

Why We Still Use WordPress in 2016

Wordpress

I like new things. I’m an early adopter, meaning I have to have the latest tech right when it’s on the bleeding edge. I prefer seeing movies in the theatre. I enjoy wearing fashionable attire. So why is it, when it comes to web development, that I (and all of the fine folks here at Solamar) still use WordPress, a Content Management System (CMS) that has been around since 2003?!

I mean, newer options have certainly become available during that lengthy tenure, surely WordPress has been surpassed by something more recent and shiny, right? Right?! Wrong.

While there are comparable offerings on the table, none of them hit all of the buttons that WordPress does when it comes to being a supple development tool, an easy system for clients to understand with a robust and supportive user community.

As the web has grown and changed, so too has WordPress, keeping pace with our needs and desires without sacrificing stability to the whims of the moment. That is why, here in the fuuuuuuuture, we still use the crusty ol’ dame. She may be getting on in years, but she still kicks butt with the best of them.

Here then, are a few great reasons you too should be using WordPress in 2016. Continue reading

How Not to Get Hacked

Backlit keyboardFor the longest time, it was possible to pretend that if you didn’t engage in any unsafe web browsing practices and employed a competent host for your website, you would be safe from the malicious actions of hackers. I say pretend because this was never actually true, but it was easy to believe that small business owners just weren’t large enough targets to be worth attacking.

Well, in the age of big box security leaks, NSA snooping, easily lost mobile devices chock full of personal data and hackers that are increasingly targeting smaller targets, I would say that the illusion can no longer stand. It is imperative that everyone, even small businesses, protect themselves from the ravages a hacking attack can wreak.

But for many, the barrier to protecting themselves is simply a lack of understanding, or a fear of approaching something that seems too technical from the outside. Never fear! There are many steps even the most technically challenged can take to protect themselves, and if you stick around, I’ll tell you about a few.

The Host With The Most

Despite what I said earlier, having a really good web host in place is your first and most important line of defense. When deciding on a hosting platform, make sure that you choose one with top-notch security measures. Once you’ve engaged said host, always use strong passwords for your accounts and databases. If you’re not using a password manager to keep track of and generate your passwords, you should be. There are a number of competitive managers out there, including Roboform, One Password and Lastpass. Lastpass even has a free secure password generator you can use without signing up for anything, so no excuses! In addition, you would be wise to change your passwords regularly, at least once a quarter. The more often you change your password, the safer you will be.

WordPress Is Soft

Here at Solamar, we love WordPress and use it exclusively for our web projects, but out of the box it’s pretty soft on defense. This is bad, because hackers will be trying to break into your (yes, your!) WordPress platform every single day. If you have a site that has an audience, then it could be as much as hundreds of times a day.

To combat this, you need to do something called hardening, which essentially means bolstering your site’s defenses and plugging any security holes that might exist. The fine folks who make WordPress have created an informative and extensive guide to doing just that, so I recommend you check it out, and go over it with your sysadmin or other tech guru. We’ll be addressing some of the more easy to approach things it mentions later on, so don’t worry if it’s too confusing a read.

Be Judicious With Your Users

You can give anyone you want access to your site, but you shouldn’t. Every person who has access is another weak point in your chain of defense, so the only people who should be given access to your site are the people who actually need it in order to accomplish something. You can also give users permission to do things within WordPress, so try to make sure even the people you do give access to only have access to the things they specifically need.

Also, make sure that when assigning users their usernames you don’t use anything obvious. DO NOT make “admin” your administrative username, or anything else that resembles your name or the name of your business! The more non-standard your usernames are, the more difficult your site will be to hack.

Plugin Your Security

A great way to jumpstart your website’s security is to utilize a security plugin. There are tons of these available for WordPress, from simple plugins like iThemes Security to more comprehensive and expensive systems like Sucuri. Other options include Wordfence, All-In-One Security and Firewall and Bulletproof Security. Take some time to browse through these options, see which one is right for you and install it. Your site will take care of a number of security issues in one solid punch!

However, other than your security plugin, it is important that you limit your use of plugins to only those that are essential, and even then, only use ones that are reputable and updated regularly.

Use a Firewall

Firewalls such as Sucuri’s are the ultimate protection, a security layer that sits between the internet and your server.  These tools are designed to catch the most virulent attacks before they even touch your server, but they all come with a cost. However, if you are under abnormal attack, then it’s well worth the cost.

Want to make sure that your website is a secure as possible? Give the Solamarites a shout, and we’ll beef up your defenses in no time!