SpireTech Blog - Category: Web
Topics related to web hosting, design, wordpress, SEO, etc.
Today, the US Cybersecurity and Infrastructure Security Agency (CISA) announced that it has added single-factor authentication (SFA) to a rather short list of cybersecurity bad practices it recommends against.
The CISA’s “Bad Practices” list includes procedures that the federal government has deemed “extremely dangerous” and that should not be used by organizations in the public and private sectors, since they expose them to an unnecessary risk of their systems being hacked by threat actors.
Since the list was released in September 2017, it has been updated twice to include new practices that should be avoided at all costs.
In its latest update, CISA additionally added SFA to a list that includes bad practices such as using only one factor for authentication when authenticating into cloud or web applications; reusing passwords across multiple accounts (e.g. using the same password for a corporate and a personal email account); or exposing public folders to everyone with access to an organization’s IT resources. Read more...
Did you know we offer self-service payment options using our portal? Of course, it is fine to call us if you prefer – but anyone who receives an invoice from us can login to the portal using the link in the email. You can view payment history, invoices, and make payments. If you do not know your password, there is a forgot password function you can use to create a new password using your billing email.
In response to customer demand for increased site security, SpireTech is now offering Managed WordPress Hosting. The package includes monthly security updates to your WordPress site, and several other features:
- Monthly security updates to the WordPress framework, and the plugins and themes contained within
- Backups of the WordPress website and all data contained within once every 24 hours
- One hour per month of technical support, which includes:
- Minor content updates of textual content
- Upload and inclusion of customer-provided images
- Installation of plugins and any minor required configuration
- Installation of code snippets (such as Google Analytics)
- Modification of certain PHP configuration, such as version, memory limit, and other configuration variables
- DNS record edits, if DNS is hosted at SpireTech
Pricing is only $150 per month. Please contact us today if you’re interested!
Over the last two months, we have seen several customers have their WordPress websites hacked. Hackers installed a plugin or other backdoors and used the sites to send thousands of spam messages – or worse. All sites were successfully recovered from backup and repaired by our IT Service desk, which is a billable event.
Our investigation revealed that the hacks were due to sites not being kept up to date with security updates, or poor password management practices. Read the rest of this month’s articles to discover ways to secure your WordPress website, and Managed WordPress hosting.
In response to frequent WordPress hacks, we thought it might be helpful to write about some of the best practices we’ve used to secure WordPress websites.
- Use unique, strong passwords for your login. One of the techniques hackers use is a stolen password – a password you’ve used elsewhere – to login to your site. Another technique is to crack a weak password using a bot, repeatedly trying weak password combinations.
- Use Multifactor Authentication at your Wordpress login. Plugins such as “Google Authenticator” will implement this.
- Update your installation at least monthly. This includes updating WordPress itself, all plugins, and any themes you’ve installed.
- Change your login page. Bots will try the default login URL to find your login page. Simply changing this URL to something unique will give them nothing to probe. Plugins such as “WPS Hide Login” (https://wordpress.org/plugins/wps-hide-login/) can help make this change easily.
- Install a security plugin. Multiple plugins exist for free that will ban IP addresses that repeatedly try to access your login page, or change the default URL for you. Caution
Let’s encrypt, an industry nonprofit that issues free SSL certificates, had to revoke 3M certificates Wednesday March 4, 2020 due to a bug. SSL is the technology that gives websites the https “padlock” and is often used to secure other things like mail servers.
For more information, you can visit the Sophos security blog. We’ve already checked all SpireTech web hosting and Managed Services clients to see if anyone is affected, and installed new certificates where needed.
If you visit an https website and receive a certificate error in the next several days, it’s possible the site is affected. We don’t recommend proceeding to the site, instead consider notifying the site owner. Bad actors are already taking advantage of this and launching phishing emails and banners, so use caution. If you find that a website we host or server we manage for you is affected, please let us know and we’ll fix it right away. Read more...
used with permission from SBA.gov., by Anita Campbell
Bad online reviews can cause potential customers to shop elsewhere, negatively impacting your business’ bottom line. If your business has received a bad online review, here are steps you can take to handle it and minimize the damage.
Respond to Customer Reviews
Ignoring a bad review won’t make it go away. On the other hand, responding to customer reviews can result in better ratings and improve your business’ online reputation.
The Harvard Business Review analyzed tens of thousands of hotel reviews and responses from TripAdvisor. The study found that around a third of reviews on TripAdvisor receive a response and almost a half of hotels respond to reviews. According to the study, hotels that respond to customer reviews receive 12 percent more reviews and their ratings increase by an average of 0.12 stars.
used with permission from Norton by Symantec
Mention “cookies” and most people expect a chocolate chip treat to appear. When talking about computers, however, cookies aren’t on the dropdown menu. In fact, they’re not even physical objects. Yet they do a great deal of the work that makes it more convenient for you to browse the Internet — and they can be troublesome if you don’t know how to clear or delete cookies.
Meet the computer cookie
A computer “cookie” is more formally known as an HTTP cookie, a web cookie, an Internet cookie or a browser cookie. The name is a shorter version of “magic cookie,” which is a term for a packet of data that a computer receives and then sends back without changing or altering it.
No matter what it’s called, a computer cookie consists of information. When you visit a website, the website sends the cookie to your computer. Read more...
used with permission from FTC.gov, by Lesley Fair
Engage, connect, protect was the theme of a series of Small Business Security Roundtables the FTC sponsored last summer. We listened to businesses talk about the challenges they face in securing sensitive information and fending off cyber threats. We also heard that they want concrete advice from the FTC. For example, how can a small company – especially one that may not have the in-house expertise to host its own website – get down to business while also addressing these concerns?
In search of a solution, many businesses turn to web hosting firms to set up their website and email systems. In a just-published Staff Perspective, Do Web Hosts Protect Their Small Business Customers with Secure Hosting and Anti-Phishing Technologies?, the FTC’s Office of Technology Research & Investigation (OTech) looked at 11 web hosts that market their services to small businesses. (The Staff Perspective explains OTech’s methodology.) Read more...
used with permission from SBA.gov., by Anita Campbell
When it comes to online advertising, there’s a powerful technique called “retargeting.” On Google Adwords the approach has another name. Google calls it “remarketing,” but no matter what you call this method, it can be a game changer.
Retargeting enables you to show your ad to someone who has visited your site or seen your product online, even after they have left your site. You can also use this technique to turn an abandoned shopping cart into a sale. That’s because retargeting allows shoppers to see the product several times again in ads across the Web.
There are other marketing objectives you may want to consider, too. You can set retargeted ads to appear to users who visited your site, encouraging them to come back and register or sign up for your newsletter.
You are not limited to Google AdWords if you want to do retargeting. Read more...