How Can They Hack You? Let Me Count The Ways

flatlay blue desktop

Website Security Is Fluid

It’s definitely not just installing a plugin and then forgetting about it. It’s a constant battle to outwit those who would like to gain access to vulnerable information. There are different areas of your site that can be vulnerable if not secured.

Today, we’re going talk about those different areas and why and how you need to keep them locked uptight.

Insecure Webhosting –

WordPress sites are hosted on a web server. Some hosts do no properly secure their hosting platforms. This makes all websites hosted on their server vulnerable to hacking attempts.

Using those bargain web hosting companies who don’t have the assets to protect your property can really hurt you in the long run!

screenshot of hostgator web hosting pricing

Using Weak Passwords

You have different passwords for different parts of your site and all of them need to be kept secure. Below is a list of passwords that need to be checked and possibly changed.

  • Your WordPress Admin
  • Web Hosting Control Panel
  • FTP Accounts
  • MySQL Database used for your site.
  • Email Accounts are used for WordPress admin or hosting accounts.

WordPress login page

 

Unprotected Access To WordPress Admin (WP-ADMIN DIRECTORY)

This gives a user access to perform different actions on your site. It is the most commonly attached area of a WP site.

12 tips to secure your wp-admin section

Incorrect File Permissions

Are a set of rules used by your web server. These rules s help your server control access to files on your site. Incorrect rules can give a hacker access to write and change those rules. Here’s a great article on WP BEGINNER on how to change these!

changing your file permissions in WordPress

Not Updating WordPress

Each new version fixes bugs and security vulnerabilities. If you don’t update you leave those vulnerabilities.

screenshot of a wordpress update screen

Not Updating Plugins & Themes

Same as updating WordPress. Not updating plugins and themes is dangerous can leave your site weak.

screenshot of a wp plugin update page

Using Plain FTP Instead Of SFTP/SSH

You should always choose SFTP access instead of FTP it is much more secure.

The key difference between FTP vs SFTP is that SFTP uses a secure channel to transfer files while FTP doesn’t. With SFTP, your connection is always secured and the data that moves between your FTP client and your web server is encrypted.

Using “Admin” As A WordPress Username

Never use “ADMIN” you should always use something unique. Enough said!

Nulled Themes & Plugins

Never use plugins and themes from unreliable sources. Malicious code can be put into either that can give a hacker access.

HERE’S WHY:

  • You Don’t Know What Else Is in the Code
  • Developers Need Money To Continue Improving Their Products
  • You Won’t Get Any Support From The Developer
  • You Won’t Get Any Automatic Updates

Not Securing WordPress Configuration WP_Config .PHP File

Wp_config contains your database login credentials. To keep that from happening add this piece of code.

The WordPress wp-config. php file contains very sensitive information about your WordPress installation, such as the WordPress security keys and the WordPress database connection details. You certainly do not want the content of this file to fall in the wrong hands, so WordPress wp-config. Here is a great article on how to secure these important files.

Not Changing WP Table Prefix

Change the wp_ prefix. Here’s a link that will take you to a blog post that will explain how to do this if interested.

The most important part of my job is to make sure your website stays safe, secure and user friendly and I take that very personally. If you’d like to have one person to go to with all of your website issues then let’s talk! Schedule a free consultation today!

LET’S TALK!

 

42Shares

Why Your Bargain Web Hosting Could Cost You More Than You Think

“We’ve all heard the old saying,

Time is money“,

well, it’s true and if you have “bargain” web hosting it could be costing you a fortune!

 

I’m sure you’ve seen those ads on Facebook, while you’re shopping, even when you’re trying to relax with a mindless game. $2.95 hosting! Save money!

Yes, it’s true you can get hosting from some companies for “VERY LOW PRICES“, but there’s another saying that I’m reminded of.

You get what you pay for”. Cheap isn’t always good especially when it comes to running your business or blog. 

 

First, it’s NEVER just $2.95 a month.

 

 Here is what you’re paying for an SSL Certificate if you have GoDaddy!

Can you say, “Ouch!”

An SSL is a necessary investment and if you can get it for free? Hello?!?

You’re Probably Asking, “Who Cares!”

 

This is one of the most important decisions that you will make for your business. Web Hosting is the necessary foundation and just like with everything else some foundations are stronger than others.

A 1-second delay in page load time can lead to:

  • a 7% loss in conversions
  • 11% fewer pageviews
  • 16% decrease in customer satisfaction.

 

graphic showing losses in dollars amount

When deciding on web hosting you need to take 3 main factors into account.

 

  • SPEED

  • SECURITY

  • SUPPORT

SPEED

As I said above even a fraction of a second adds up to $$ and as a small business owner, we need to get as much bang for our bucks as possible.

 

Like my husband always says, “the proof is in the pudding”.

Below are 6 of my web hosting clients who have agreed to let me share these stats with you.

As you can also see, every single one of them passed the tests with flying colors and it’s because of the foundation that the sites are hosted on.

HOW DO THEY DO THAT?


 

  • PROVIDING A CDN
  • UTILIZES FLYCACHE
  • INSTANT REFRESH

SAFETY

EVERY PLAN COMES WITH A FREE SSL CERTIFICATE

 

Every plan comes with a FREE SSL which was mentioned above (definitely worth mentioning again).
 

EACH PLAN COMES WITH MALWARE PROTECTION & MALWARE REMOVAL IF NEEDED!

SUPPORT

 

Last but certainly not last in this list of pros!

TRUE LIVE 24/7 SUPPORT

 

THEY DON’T “WALK YOU THROUGH” DIFFICULT SITUATIONS.

 

YOU ASK, THEY PERFORM…
THAT’S REALLY IT!

 

  • AUTOHEALING TECHNOLOGY

  • DAILY BACKUPS

  • ONE BUTTON RESTORE

 

 

We offer three plan sizes

We Have Just What You Need...

Website Maintenance

Website Maintenance is like an insurance policy for your business. Keeping your site maintained is an important responsibility. We take care of it so you don't have to.

What it includes:

  • Website backups w/ offsite storage
  • WordPress Update 2 x
  • Theme updates 2 x
  • Plugin updates 2 x
  • Database Optimization  2x
  • Malware Scan 2 x
  • Speed test 1 x
  • Site Performance Report 1x
  • "Eyes On" site checks
  • Discounted hourly rate
  • MailChimp support
  • Google Analytics support
  • 25% Discount on any services.
$199.99 Annually



Premium Website Management

With Premium Website Management you get the best of both worlds plus even more. This is for the girl who has everything and no time for anything.

What it includes:

  • Premium hosting
  • CDN
  • Server-side daily backups
  • Offsite backups 2x monthly
  • WordPress core updates
  • Free SSL certificates
  • Uptime monitoring
  • One-button emergency restore
  • Malware protection
  • Staging site for development
  • Theme & plugin updates 2 x
  • Spam removal 2 x
  • Database optimization 2 x
  • "Eyes-On" site check 2 x
  • Speed check 1 x
  • Access to Genesis Framework
  • Access to StudioPress themes
  • Website performance Report 1 x
  • Integration Monitoring (MailChimp, Paypal, or Google Analytics.
  • Unlimited Tech Support


Save By Paying Annually. Get two months FREE!



Website Hosting

By partnering with Flywheel we offer a feature-rich plan that will keep your website secure & running its best. Unlike other hosts, you don't pay extra for the necessities needed to run an online business.

What it includes:

  • Onsite daily backups
  • Free SSL Certificate
  • CDN
  • Uptime Monitoring
  • One Button emergency restore
  • Malware Protection/removal
  • Staging Site For Development

 


 

 

Save By Paying Annually



19Shares

The Must-Have Guide To WordPress Website Maintenance That Every Entrepreneur & Blogger Needs In Their Arsenal

flatlay desktop in pink and seafoam green

“Why Should I Care About Website Maintenance?”

 

First, let’s look at the numbers:

 

  • 60 Million websites are created with WordPress.
  •  

  • 39% of the top 10 million websites use WordPress.
  •  

  • 500 + WordPress sites every single day are created.

 

Website maintenance addresses every single part of your website. and each part is just as important as the next. For the purposes of this post, I’m going to break it down into three sections.

  1. SECURITY
  2.  

  3. PERFORMANCE
  4.  

  5. HOW TO PROPERLY MAINTAIN YOUR SITE, PLUS A LITTLE EXTRA

 

HACKING:

 

  • 49% of hacked WordPress sites are caused by vulnerabilities on your hosting platform.
  •  

  • 52% of WordPress vulnerabilities come from plugins.
  •  

  • 44% of hacking was caused by outdated WordPress sites.

 

**INTERESTING FACT**:

 

In 2011, 18 million users were compromised due to a hack!

 

I. MAINTENANCE: HOSTING:

 

Let’s cover those:

 

Hosting platforms:

 

  1. Shared Hosting (GoDaddy, Bluehost, etc.) This is where your website shares a server with a bunch of other websites.
     

    1. Service overload is the #1 reason your site is slow, your getting site suspensions or 500 errors. Your website is sitting there with 200+ other websites. These packages run anywhere from $3-$5, but like with anything else you get what you pay for.
    2. Pay for extra features like necessary SSL certificates.
    3.  

  2.  

  3. DIY VPS
     

    1. More for developers & bootstrap startups. Can cause lots of problems if a mistake is made.
    2. Great if you’re smart, savvy, and need to save money.
    3.  

  4. Managed WordPress Hosting (Flywheel, WP Engine)
     

    1. Hosts handle all of the backend-related tasks plus offer support when you need it.
    2. Saves you time and hassle.
    3. $25 – $150 monthly for these plans (but they cover things like SSL’s that most shared hosting charges extra for.

 

II. MAINTENANCE: PHP ISSUES

 

PHP – PHP is an open-source server-side scripting & programming language that’s primarily used for web development.

  • The build of the core WordPress is written in PHP along with your themes & plugins.
  • Should be 7.0 or higher.
  • Faster speeds improved security.

BEWARE OF HOSTS OFFERING HHVM AS AN ALTERNATIVE TO PHP. HHVM IS NO LONGER A SUITABLE SOLUTION.

 

III. MAINTENANCE: THEMES

 

It’s very important to choose the right theme from the very beginning.

Every element in a theme has some impact on your overall speed!

THINGS TO CONSIDER WHEN CHOOSING A THEME:

  • Start with a fast, lightweight theme that is built with only the features that you need. OR
  • A more feature-rich theme but you can disable features that aren’t in use:

THINGS LIKE:

  1. Google fonts.
  2. Font Awesome
  3. Icons
  4. Sliders
  5. Galleries
  6. Videos
  7. Parallax Scripts

BEWARE OF PAGE BUILDERS AS THEY CAN INCREASE LOAD TIMES. YOU SHOULD BE ABLE TO TURN OFF.

 

IV. MAINTENANCE: PLUGINS

 

THINGS TO CONSIDER:

  • Too many can slow down your site.
  • Quality is as important as quantity.

MOST POPULAR:

  1. SEO By Yoast
  2. Akismet
  3. JetPack
  4. Wordfence
  5. Contact Form 7.

 

V. OTHER THINGS TO THINK ABOUT

 

Here is a list of settings and other tweaks you should or can make to your websites.

 

  • Change your WordPress login. By this, I’m not talking about changing your username and password. In this instance, I’m talking about changing the /wp-admin/ to something else. Think about it almost every website uses this same login extension. By changing this you make it nearly impossible to sign in to your website because only you would know the new extension. You can use anything you want. This can be accomplished with a plugin.
  •  

  • Disable, remove or tweak your plugins. A simple setting can mean the difference between a slow website and fast website.
  •  

  • Disable Pingbacks from other sites, (Disable all both from you and from other sites).
  •  

  • Limit the number of posts in your feed. No more than 10 is best.
  •  

  • Caching is the most important and easiest way to speed up your website. BENEFITS: Your server uses fewer resources. Can easily reduce your page speed by over 33%!
  •  

  • Image Optimization can significantly impact your overall page speeds. More important than Javascript, CSS & Fonts. Images make up on average 34% of a web page’s overall weight. The trick is to find that delicate balance between load times and acceptable image quality.
  •  

  • Important to also consider when thinking about the images on your site is the format type of file. Compression can reduce your image size by as much as 5 times!
     

    • PNG – Higher quality images – larger file size
    • JPEG – Good quality and size.
    • Compression types for JPEG | LOSSY COMPRESSION MEANS: Eliminating some of the data (may come out pixelated). LOSSLESS COMPRESSION: Doesn’t decrease quality by removing unnecessary metadata. ** Choose one that compresses and optimizes images externally.
    • GIFS – Kill your website performance.
    • Delete the number of revisions in both drafts and updated versions. To limit the number of revisions you can use a plugin like Optimize Database & Delete Revisions plugin or you can add this code to your .php function files. define (‘WP_POST_REVISIONS, 10’); YOU CAN CHANGE THE NUMBER TO ANY AMOUNT YOU WANT. You can also disable revisions altogether.
    • Clean up your WP_OPTIONS TABLE & Autoloaded data.
      • Here you will find things like; Site URL, Home URL, admin email, default categories, posts per page, time format, etc.
      • Settings for plugins, themes, widgets (remove old deactivated).
      • Temporarily cached data.
      • 4 – Field columns:
        • option_id
        • option_name
        • option_value
        • option_autoload These you can change, but be careful.

 

MY MAINTENANCE ROUTINE:

 

  1. Create a clean backup of your site before making any changes whether it’s updating a theme or changing a plugin. EVERY. SINGLE. TIME. The sites I manage are backed up every single day.
  2.  

  3. Check sites for updates starting with WordPress, moving on to themes, and then plugins. Twice every month.
  4.  

  5. Optimize databases (I use the Optimize Database While Deleting Revisions or the WP-Optimize plugins to accomplish this. Most of the above settings above can be done here). Twice every month.
  6.  

  7. Scan for malware using Wordfence or another Security plugin of your choice. TIP: Make sure your hosting isn’t doing this already! Twice every month.
  8.  

  9. Check your site speed with GT Metrix. (free) I do this once a month.
  10.  

  11. Do a font-end visual check. Sometimes updates can make small changes to your site. It’s good to take a good look at this time. Check that email opt-in to make sure it’s working, social media buttons, or other important parts of your site. Twice monthly or after any changes.

 

IF YOU THINKING

“THERE’S NO WAY I HAVE TIME FOR ALL OF THIS”

I GET IT. LIFE IS CRAZY, BUSY THESE DAYS.

MONEY IS TIGHT 

YOUR PLATE IS JUST TOO FULL

THEN I HAVE THE ANSWER FOR YOU!

 

Not sure what kind of help you need?

 

I offer a FREE 30 MINUTE DISCOVERY CALL! 

 

I’ve worked with Rena on all kinds of techy type projects and I can say with full confidence that she is responsible, timely, affordable, knowledgeable willing to take initiative, able to learn on the fly, and has a knack for all those server maintenances and WordPress issues that flouncy designers don’t want to deal with. I would recommend her highly!

Julie Stoian

JulieStoian.com

GO CALL HER RIGHT NOW! SHE IS AWESOME!
She answers emails in a very TIMELY manner. She is quick and gets the job done even if she’s never done it before.

I find her a joy. There is always an email shot back to me to say job completed. Stop dragging your feet and sign up for her services. Money well spent!

Elizabeth Kirkpatrick

TheVintageContessa.net

get the plan button
5Shares

Are You Ready To Take Your SEO Strategy To The Next Level?

GRAB YOUR FREE SEO PLANNER & BLOG POST SEO PLANNER!

PLUS GET INSPIRATION, TIPS & DISCOUNTS!

You have Successfully Subscribed!