WordPress Security Guide

Wordpress Security

Hosting and server level security

When it comes to securing WordPress, it’s best to start from the ground up. When you host your website with a hosting company that isn’t sufficiently security-conscious, if any site on a server is hacked, there’s a chance that any other site on that same server could be vulnerable.

After researching a ton of options, WPengine appears to be the most secure option on the market for WordPress hosting. They aren’t cheap, but you get quite a lot for what you pay. And because they have partnered with Sucuri, so if your site ever gets hacked, they’ll fix it for free.

If you HAVE to use another host for whatever reason, or need to host on your own servers, there are a few things to keep in mind: Continue reading…

The Illusion of Security

Padlock and Chain Security

To put it bluntly, nothing is truly secure, in the same way that nothing is truly private. There is no such thing as hack-proof.

This is important to understand, because the illusion of security is a dangerous thing. Believing you are secure leads to complacency, and when you are complacent and lazy, you make yourself a target.

The trick then, be it for web security or personal security, is NOT to make yourself “secure”…rather, it is to make yourself secure enough.

What constitutes secure enough varies wildly depending on who you are, or what entity you represent. A mom and pop small business website isn’t a terribly tempting target to hackers. Because of that, they will put very little if any effort into gaining access, focusing only on the most simple of vulnerabilities (poor password, common security flaws in the CMS, etc.) To make yourself secure enough against hackers like that takes very little time and effort (in fact, simply using a web host like WPengine would probably be sufficient). Continue reading…

How to Keep Your Email Safe from Hackers and Identity Thieves

Email Security

Believe it or not, most hackers are lazy. They use tools that automate much of the hacking process, and focus primarily on low hanging fruit, easy targets. Unfortunately, because the average person has little formal security training, a savvy hacker has numerous advantages and far too many people are easy targets.

One of the most common methods of hacking an individual starts with email, so we are going to cover a few key tips for keeping your email accounts (and the other accounts connected to that email) safe and secure from hackers.

1 – Beware of Email Attachments – One of the most common tactics hackers use is sending a legitimate sounding email with an attachment (Word doc, PDF, ZIP file, etc.). Upon opening said attachment, a malicious script can run, infecting your computer with a virus or malware.

At this point, numerous things can happen, depending on the virus or malware used. You could be locked out of your computer, forced to pay a ransom to unencrypt your hard drive. A key logger could be installed to capture everything you type going forward. Your web cam could be activated remotely to spy on you…lots of nasty things are possible. Continue reading…

Does Your Password Suck? A Good Password Manager Can Help

hacked password hash

Let’s face it, passwords suck. There are so many sites out there, and it’s practically impossible to have a different password everywhere that we can remember without cutting some corners. Unfortunately, when it comes to online security, you are only as safe as the weakest link in the security chain…and for the most part, the weakest link is your password.

For example, here are the top 10 passwords from the massive Adobe hack:

  1. 123456
  2. 123456789
  3. password
  4. adobe123
  5. 12345678
  6. Qwerty
  7. 1234567
  8. 111111
  9. Photoshop
  10. 123123

Continue reading…