You Need an SSL Certificate for your Website Now
Does your current web hosting plan allow you to enable HTTPS?
In the Introduction to WordPress Security article in the Wordfence Learning Center, they explain why it is crucial to only log into your website via a secure connection. If you aren’t currently logging into your site securely, drop everything you are doing and go fix that right away. The cost of an SSL certificate is minimal (for instance Go Daddy’s annual SSL certificate is about $70). An attacker who is listening to your network traffic can steal your username and password, taking control of your website if it is not secured. The cost of restoring your site after a hack is expensive and depending upon the severity, could cost thousands given downtime, reinstalling software, restoring backup, etc.
There are additional benefits to running https. It will improve your SEO rankings and it will protect any other data you are capturing via forms and payment screens on the rest of your site.
We strongly recommend that you run an https-only website. If you need help purchasing and implementing an SSL certificate for your site, please email us at email@example.com.
In the last year, more and more of my clients have gotten their website hacked. There are a few simple steps you can take to help prevent cyber-criminals from accessing your website:
- Software Updates. Old software makes it easy for cyber-criminals to compromise your site by using widely available exploits. If you have a WordPress site, keep the software and Plug ins current.
- Change Passwords and Make Them STRONG. I recommend that my clients change the passwords for their FTP, WordPress dashboard, etc. routinely. Don’t use your name, company name or any easy to figure out combination.
- Limit Access. Make sure you know who has access to your servers, and that only those people are accessing your servers. If you allow someone access to your FTP temporarily, be sure to cancel that user login once the task is complete.
- Check Your Server Frequently. If you have a WordPress site, check your Theme Functions and Header for malware. An unexpected spike in traffic will help alert you that your simple webserver has been turned into a costly spam site.
Just because your company may not store customer credit card data on their server, doesn’t mean it’s not a target. Criminals will use your servers to attack others or to market items like Viagra or Pay Day loans. Taking the time to follow the simple steps above could save you a lot of time and money in the long run.
Security Alert – Mal/JavaJar-B | Threat Alert—Jan. 14, 2013
We are notifying you of a major internet security threat that a new Trojan horse called Mal/JavaJar-B has been found that exploits a vulnerability in Oracle’s Java 7 and affects even the latest version of the runtime (7u10). The malware has currently been seen attacking Windows, Linux and Unix systems.
The Department of Homeland Security said attackers could trick targets into visiting malicious websites that would infect their PCs with software capable of exploiting the bug in Java. An attacker could also infect a legitimate website by uploading malicious software that would infect machines of computer users who trust that site because they have previously visited it without experiencing any problems.
Developers of several popular hacker tools, known as exploit kits, used to attack PCs, have added software that allows hackers to exploit the newly discovered bug in Java to attack computers.
Users can immediately protect themselves in the following ways:
• STOPzilla users will be delivered a patch today which prevents the infection as part of their
normal update service.
• By disabling Java content in their browser
• Downloading the latest version of Java: http://java.com/en/download/java_update.jsp
To disable Java in your browser Go to the Java Control Panel that is installed along with the runtime, and in the Security section uncheck the option to “Enable Java content in the browser,” which will disable the browser plug-in.
Read more about the threat and Oracle’s fix at Foxnews.com or at CNN.com.
Please forward this email to protect your friends and family