Average 30,000 Websites Are Hacked Daily, Just because it looks great, does not mean the security is good!
Why do websites get hacked?
- Weak Passwords, Guessed Passwords e.g. 123456
- Software Outdated, The engine your website is using is outdated.
- Exploited Software, Plugins, Addons are they the latest version?
- User Negligence, Assuming your website is safe.
- Difficulty Understanding the Software
Increasing your security
- Keep software up-to-date
- Generate a secure and random passwords
- Use Password Managers such as LastPass
- Enable 2 Factor Authentication
- Use SSL, Protect Sensitive Data
Just like your home, there is no such thing as too much security. A website is hacked/exploited because of a loophole in the programming which allowed the user to gain control over your website and the database. Would you leave your window open at home? This is also a security exploit; a user can climb through to gain advance and take what you have to offer.
To secure your home, you would fit an alarm system and in some cases CCTV and warning signs as a deterrent to potential burglars looking to get an easy sale on what you have.
NO WEBSITE OR SERVICE IN THE WORLD IS 100% SECURE, BUT YOU CAN IMPROVE IT!
Your website is the same, hackers are looking for that unique piece of code that allows them to gain access to your website and take what you have. This could be (although usually encrypted and not stored on the servers) partial of not all the details required for them to make a payment online.
What do we need to make a payment online?
- The customers 16-digit card number
- The customers expiry code on the back.
- The 3-digit security number.
But my card requires verification?
Not a problem, remember you also stored the customers address and telephone number along side any other information you wanted to collect about the user.
But my card protects me from online fraud? Is that what your bank said? Don’t be stupid.
We can now purchase a computer anywhere in the world for around £10 which allows us to pose as YOU in your CITY just normally buying items online. We don’t need to be in the same country to receive it, that’s why we have postage. – Anonymous, you just lost £250 effortlessly.
Did you say you had 100 customers? 100 x £250 each… That’s a nice holiday. You didn’t’ take our business insurance either because it was too expensive, or you didn’t think you needed it. We know you didn’t, because we made the same mistake.
It is NOT your developer’s responsibility to keep your website safe and secure, they can only do so much. 99% of the time the issue is between the chair and monitor. YOU.
You’re an absolute idiot if you think using one password will secure everything. Sorry to be rude but, that’s going to break the wall down of my password is secure.
If you provided us with your password, how many services will that allow us to sign in with? Because that’s the first thing a hacker tries. EVERYTHING.
We did the same thing many moons ago, we know what services are vulnerable the most.
Use a password manager such as “LastPass” and generate a minimum of a 10-character password. You DO NOT need to remember it! 99% of online services allow you to enter your password once on the device your using so why do you need to set the same password for every service available. You don’t.
REMEMBER: When you sign up to LastPass.com, set a password you WILL remember. Make it secure, use numbers and letters alongside symbols such as @ – Most common.
But what if they get my LASTPASS password, that means they got everything right? Wrong. That’s why 2 Factor Authentication was invented.
This system supports 2 factor authentication which we will teach you about below. Is last pass secure? The short answer YES! – The long answer, nothing every is 100% secure. We use it, we trust it based on the facts and figures. Your less secure without it.
Advanced users can read here. (https://lastpass.com/support.php?cmd=showfaq&id=6926)
SIGN UP: https://lastpass.com/f?30412742
Signed up? Great now what! – This software will remember all those complicated and random passwords, so you don’t have to. You have no excuse to be secure.
Your going to love this, remember when you used to type in your password every time you had to sign in? LastPass does this for you. Automatically remembers and enters your username and passwords into form fields so you don’t have to.
Right, so you get the point. You can now use a tool to save all those random numbers and passwords which mean absolutely nothing to you.
Now, if a service your using online is hacked, well, the hacker has a damn good chance of 1.8 million to 1 (random figure) of every getting access to anything else you do. Congratulations you took to first step into becoming secure.
Change the password to ALL services you can think of, INCLUDING any email accounts. If your emails are hosted with us, then ask us to secure the password for you. – All you must do is add the account to LastPass to save it for future use!
Enable 2 Factor Authentication
2 Factor Authentications is “2 Factor” meaning it requires 2 methods to be able to authenticate you. E.g. You sign in with your password, but to make sure its you we also want you to verify your 6-digit code we just sent to your mobile phone.
There are more advanced methods to use with 2 Factor including the user of the google App “Google Authenticator” which we use too.
You can also buy a Yuba-Key, it’s a USB stick that contains a unique code that is unique to you. Insert it via USB every time you need to authenticate yourself via “2 Factor Authentication” (https://www.amazon.co.uk/FIDO-U2F-Security-Key-co-creator/dp/B00NLKA0D8/ref=sr_1_4?ie=UTF8&qid=1516703978&sr=8-4&keywords=yubikey)
Goal, a minimum of 2 methods required to be able to access your account. Sound good?
If you have got this far, you’re doing well. Now we need to look at securing your website and the software required to keep it running. The websites we provide are usually using WordPress or Open Cart as an engine but if your unsure, then ask us.
BACKUP YOUR WEBSITE FIRST BEFORE MAKING ANY CHANGES BELOW, WE ARE NOT RESPONSIBLE FOR YOUR WEBSITES DEATH
If your hosting is with us, your website is backed up on a daily for free.
SECURE YOUR WORDPRESS WEBSITE
How to Change your WordPress Website Password
Sign into your WordPress Website Control Panel:
Generate a secure password using LastPass (https://lastpass.com/generatepassword.php)
WordPress -> Users -> Edit User -> Scroll to the Bottom -> Enter New Password
(This also applies for any other accounts you have in WordPress; any user could be your weak point)
How to update your WordPress software:
WordPress -> Dashboard -> Updates -> Update Now
How to update your WordPress Plugins:
WordPress -> Dashboard -> Updates -> Scroll Down -> Tick All Plugins -> Update Plugins
SECURE YOUR OPENCART WEBSITE:
How to change your Open Cart Password:
Open cart -> Users -> Users -> Edit -> New Password
How to update your Open Cart Website:
Because this is a complicated job to do, we unfortunately won’t be able to teach you how to do it. You can find extensive guides online on how to do this.
If your hosting with us, we can upgrade your website for a fixed fee of £99.99.
PROTECT SENSITIVE DATA BEING TRANSMITTED
That green padlock known as an SSL Certificate. Does your website sell items online? If so, it should be secure. If your hosting your website with us the chances are you already have one. Simply visit your website and see if you have a green padlock in your browser like the one below.
If not, get your website transferred to us if not already and we will install an SSL certificate for free.
An SSL encrypts the connection from our servers to your customer preventing data from being leaked when users (customers) submit data online.
SECURE YOUR EMAIL ACCOUNTS
Emails… Webmail. – If your emails are hosted with us e.g. firstname.lastname@example.org, the chances are we have given you an email address and a secure password to get setup and going with.
BUT, this does not mean you can not login and make it more secure. To do this, follow the guide below.
- Login to Webmail using your email address and password provided.
- In the top right-hand side click your email address e.g. email@example.com
- Then select “Password and Security”
- Use LastPass again to generate a secure password.
Now that was easy huh?
Email accounts can be used as a primary method of exploiting other services also! “Forgot Password” functions on most services often email you a password reset link which then allows you to access the service. Your EMAIL ACCOUNT is your SECURITY. Protect it!