SpireTech Company News and Tips
In response to customer demand for increased site security, SpireTech is now offering Managed WordPress Hosting. The package includes monthly security updates to your WordPress site, and several other features:
- Monthly security updates to the WordPress framework, and the plugins and themes contained within
- Backups of the WordPress website and all data contained within once every 24 hours
- One hour per month of technical support, which includes:
- Minor content updates of textual content
- Upload and inclusion of customer-provided images
- Installation of plugins and any minor required configuration
- Installation of code snippets (such as Google Analytics)
- Modification of certain PHP configuration, such as version, memory limit, and other configuration variables
- DNS record edits, if DNS is hosted at SpireTech
Pricing is only $150 per month. Please contact us today if you’re interested!
Over the last two months, we have seen several customers have their WordPress websites hacked. Hackers installed a plugin or other backdoors and used the sites to send thousands of spam messages – or worse. All sites were successfully recovered from backup and repaired by our IT Service desk, which is a billable event.
Our investigation revealed that the hacks were due to sites not being kept up to date with security updates, or poor password management practices. Read the rest of this month’s articles to discover ways to secure your WordPress website, and Managed WordPress hosting.
In response to frequent WordPress hacks, we thought it might be helpful to write about some of the best practices we’ve used to secure WordPress websites.
- Use unique, strong passwords for your login. One of the techniques hackers use is a stolen password – a password you’ve used elsewhere – to login to your site. Another technique is to crack a weak password using a bot, repeatedly trying weak password combinations.
- Use Multifactor Authentication at your Wordpress login. Plugins such as “Google Authenticator” will implement this.
- Update your installation at least monthly. This includes updating WordPress itself, all plugins, and any themes you’ve installed.
- Change your login page. Bots will try the default login URL to find your login page. Simply changing this URL to something unique will give them nothing to probe. Plugins such as “WPS Hide Login” (https://wordpress.org/plugins/wps-hide-login/) can help make this change easily.
- Install a security plugin. Multiple plugins exist for free that will ban IP addresses that repeatedly try to access your login page, or change the default URL for you. Caution
Microsoft announced changes coming to their Stream video product to better integrate it with the rest of the M365 ecosystem. Currently, recordings are stored in Stream, which requires accessing a separate site to view recordings of teams meetings. The service will be revised starting in October to store Recordings in OneDrive or SharePoint. Here are the guidelines and timing we’ve been provided:
- Early October (October 5, 2020) – You can enable the Teams Meeting policy to have meeting recordings saved to OneDrive and SharePoint instead of Microsoft Stream (Classic). Requires use of powershell to enable this policy.
- End of October (October 31, 2020) – Meeting recordings in OneDrive and SharePoint will have support for English captions via the Teams transcription feature.
- Early to mid-November (Rolling out between November 1 -15 , 2020) – All new Teams meeting recordings will be saved to OneDrive and SharePoint .
Microsoft has issued guidance around the changes in behavior you will notice:
- Meeting storage:
- Non-Channel meetings will be stored in the OneDrive of the person who clicked the record button in a special folder labeled “Recordings” – that sits at the top of the recorder’s OneDrive.
Most clients have us update their systems on Tuesday nights – but we can’t update them if they are powered off. Please remember to leave your systems plugged in and powered up when you receive the update reminder – it helps us keep your systems updated and secure. Thank you.
We’ve recently had discussions with clients that are considering strategies for closing their offices and going entirely virtual. Some clients still need to have windows servers, and their employees are currently connecting to a mostly empty office and using a VPN to access their applications and data.
Are you paying for an empty office too? Did you know SpireTech has a datacenter? You may be able to relocate your server and firewall to our datacenter, and save a ton of money on office rent. Your connectivity will improve too, due to the much higher internet speeds available in our datacenter.
Server colocation with SpireTech starts at only a few hundred dollars per month – and includes fault-tolerant, very high speed internet, UPS and generator power. Options and prices are available at our Portland Server Colocation website. If you are interested, give us a call today to discuss and get a free quote. Read more...
As the summer comes to a close and kids get ready to return to school (virtually), we thought it’d be a good time to reflect on what we’ve all accomplished together over these last several months. We’ve been busy, driving key initiatives, and helping clients transform to the new normal. Here are a few things we’ve accomplished together:
- Shifted almost everyone to multi-factor authentication on email and VPN accounts
- Helped everyone transition to working virtually
- Implemented Teams and Sharepoint/Onedrive at many clients – this work is ongoing
- Mostly eradicated windows 7 from our networks
- Switched everyone to Sophos Anti-virus
- Improved our overall security posture
These efforts all take planning, discussion, and cooperation from our respective teams. We appreciate how everyone has come together during these times to get things done, both internally and externally. Thanks!
Last month, we wrote that this new service from Microsoft promised to be a disruptive technology. We’ve since learned that discounts will soon be announced on your first year of service. While we aren’t able to disclose those numbers or timing yet, let’s say the traditional telecom and PBX vendors should be quaking in their shoes, because the savings before the discounts are substantial.
The convenience of being able to use your bluetooth headset with your computer, the Teams app on your phone, or a compatible desktop phone to make/receive business calls from anywhere without being tethered to the office promises to be a game-changer and key enabler for WFH moving forward. Since it’s integrated with Microsoft Teams, you don’t need to change your mode of working from one communication device to another.
We’ve already had several clients express interest in moving to Microsoft 365 Business Voice, and projects are starting soon. If you want to learn more or get on the list, get in touch!
Many of us are still working remotely, and a lot of our communication and meetings are occurring using Microsoft Teams. Here are some things we’re doing to try and stay better connected during this time:
- Add a tab to your team for a document or information you’d like to stay front and center. This could be some key performance indicators (KPI’s), goals, core values, or some other information you’d like your team to be reminded of.
- “Social hour” meetings. We hold informal get-together’s at 4:30 once every week or two. This enables us to bond and talk about non-business issues and catch up on major developments in each other’s personal lives.
- Lights, camera, action! At SpireTech, we ask our staff during scheduled meetings to have their cameras on. We don’t require it for quick 1:1 teams calls, but for scheduled meetings it is preferred. This really helps bring people together during an otherwise fairly isolated time and is a nice replacement while we’re lacking the ability to meet in a conference room.
We’ve had a few clients ask us about remote worker policies. We view this as an HR issue with possible legal implications, so you’ll want to seek advice appropriate to your firm. We’ve all had to relax the standards around eligibility and physical environment during Covid, but the policies around attendance and security still apply. Here’s some food for thought if you have yet to implement a remote work policy.
Working from home is a privilege and may be allowed in some circumstances subject to the following guidelines. If your supervisor approves your working from home on a particular day instead of being present in the office, you must comply with the following guidelines:
- Eligibility Not all positions are eligible for working remotely. If your position involves frequent or important interaction with other employees or clients, it may not be possible or practical for you to successfully work remotely. If you are unable to work at your normally assigned position and time, working from home must be pre-approved by your direct supervisor.