Is your WordPress site Secure?

Is your WordPress site Secure?

I’ve spoken with two people this week who lost access to their website, as a direct result of not keeping on top of security updates. 

Both of them are WordPress sites – a popular platform, with lots of additional functionality available through third-party plugins. Its popularity means it is often the target of hacking attempts too though, which is why it is vital to ensure that the core code and any plugins or themes in use are regularly updated. Whilst some of the updates are functional (adding new functionality or making things easier to use), some are security patches resolving vulnerabilities that have been detected in the code.

To give you an idea of how some people take advantage of this, here’s the message I received from one of the people I spoke to:

Is your WordPress site Secure? 1

…it has been hijacked. Someone, a few months ago wanted some money or else.
He honoured his word.
So now it’s closed until, I can find some one to sort it out on a charitable basis for now.

Someone had managed to gain access to the site, remove the existing admin logins, and make themselves the only admin for the site. When they did not receive the money they asked for, they deleted the entire site.

The Charity were not in a position to resolve the issue themselves. Their hosting provider gave them a backup of the site, but said that the backup contained the malware used to exploit the site still, and would not put it live for them until they paid to have it checked and cleaned.

Another person contacted me after noticing their website was not loading. Instead, an error message was shown. She eventually found out that her hosting provider had taken the site offline after they discovered malware on it. They had written to her two months ago, but the email had been overlooked. Their automated malware scanning system had noticed the code, and highlighted the infected file. Eventually, the host removed the malware on the site and restored access…it took two minutes, but they had done nothing for two months.

She doesn’t know when the website was taken offline: it may have been down for the whole two months! Their only recommendation was that she pay an additional £5 per month for a scanning service…. a service which clearly was already running since they had previously notified her of malware.

 

Tips for keeping your site secure

There are several measures that can be taken to help protect a WordPress site. Here’s our top recommendations:

  1. Regularly update the core code, themes and plugins
  2. Take regular backups in case of disaster recovery
  3. Avoid having a user called ‘admin’
  4. Use unique complex passwords

If you want to take things a step further, then you may also want to use a security plugin to detect – and block – unusual activity. These typically look for attempts to login as ‘admin’, repeated failed logins of any kind, or repeated 404 errors; and then block that IP address for a period of time. Two-factor authentication is also worth considering, requiring a user to respond to an emailed link or other form of additional authentication when trying to login. Some security plugins also give you the option of changing the URL used to login to the site, or present a captcha to detect bots on the login screens.

Some webhosting providers have additional tools available to help keep your site safe and secure. Sometimes these tools are provided as standard, sometimes they charge a premium for them.

Our hosting provides a ‘checksum report’ for the core WordPress code, which ensures there are no changes to the main code. Malware scanning, permissions check and on-demand backups are also included on every site as standard.

For sites connected to our WordPress Management Platform, regular backups are taken and stored off-server, and every site is checked at least once a week for any code updates. A staging environment is also available so that changes can be tested without affecting the live site. Additional security is also applied to most sites automatically, and provided as standard on all sites that we actively manage. All from just £10 a month.

Do check what your host provides, take a backup of your site today, and ensure all the updates have been applied.

Schedule a Tech Surgery Consultation

If you’re unsure about any of this, or want it taken care of for you, then get in touch today and we’ll make all the necessary arrangements. A one-off Tech Surgery is currently just £25, and in most cases will cover the work needed.

New Year: New…

New Year: New…

Hands up, who went with some “new year new me“-type resolution at the start of the month either for yourself or your business? Kept it up?

Here’s the thing though, do you really need or mean “new”? To throw away all the years of experience and learning that brought you to where you are today?

Take the best things you have already, and improve them. Strip away the things that don’t serve you, and replace them. Refine and reform; grow and move on; but don’t start again completely from scratch.

If your car needs a new tyre, you don’t buy a new car. Though many of us will know that feeling of it costing so much to get a car through its MOT and service that it’s best to give up and buy another.

But what’s all this got to do with IT?

Many of the same questions and analogies apply.

Is your laptop or website ready to handle everything this year will throw at it? That doesn’t necessarily mean scrap what you have and buy new, but build on what you have so that it helps you achieve all that you need it to.

We’ve already been busy adding e-commerce (a shop) to a couple of websites this month, and text messaging options to a couple of systems. We’ve added WhatsApp for Business to the ways in which we can be contacted and posted stories onto various social channels to help people find us.

An area we’ve been particularly busy in this month so far though is computer repairs and new system setup. 

I already mentioned a car MOT/service: something we’re all aware of and – memory permitting – get done every year. Computers and laptops need this just as much though. It’s quite normal for there to be unneeded files taking up space, unused apps and services loading at startup that slow things down, or maybe even a need for additional memory.

Our managedSupport application already automates a lot of this, and our online health scan tool will highlight areas that need attention if you want the self-service route, we still recommend having a proper HealthCheck or tune-up at least once a year.

Our HealthCheck service can be provided in person or remotely, and we’re offering a crazy low price on this if you’re able to leave your laptop with us for a day or two (we can work on two or three at once, enabling us to charge less).

January 20.19 HealthCheck promotion

So here’s the deal…. Our Laptop/PC HealthCheck is usually £45, but if you’re able to drop it off to us and leave it with us for 48-72 hours, we’ll run the full HealthCheck and tune-up service on the device for just £20.19 – we thought it had a certain ring to it!

Text or WhatsApp us on 01268 833345 and we’ll arrange to book you in.

What’s the catch?

There is none. Some of the tune-up service is now automated, and most of it involves a lot of waiting for processes to finish. We can be doing other things in that time, or work on 2-3 laptops at once.

We’ll perform all the checks, tests and optimisations that we do on a full-price HealthCheck, and provide the same level of reporting afterwards. We’ll invite you to have another HealthCheck in six months time, but there is no obligation.

We do recommend having our managedSupport and CryptoPrevent applications installed as well though. These apps provide enhanced security and give you easy access to some common maintenance tasks, help and advice. We’ll install them both half-price alongside the promotion – £7.50 – if you want us to. Again though, no obligation.

Steve Westrop | Director, S6 Connect

IT/Biz Consultant, Disabled Dad, Voice of Reason, Champion of Change,...

Steve has a professional background in Education and Charity Management, having worked with numerous local and national businesses and non-profits, and a micro-multinational, in roles through to Operations Director.

Founding S6 Connect as a Company limited by guarantee in 2010 after parenthood and disability changed life significantly, Steve is passionate about helping people, businesses and communities to get the most from technology, saving them time & money (or gold).

Changes to Cloud Backup (for PC and Laptop)

Changes to Cloud Backup (for PC and Laptop)

We’ve made some changes to the branding of our cloud backup application.
 
This service has been provided through a partnership with LiveDrive for several years, and we had paid for custom branding.
 
To avoid needing to increase the price, this service is no longer branded as “Save Store Share” and you will be prompted to update the app in the next few days, and see it simply as “LiveDrive“. It’s exactly the same service, with the same security and peace of mind, but you will also now receive an updated app to manage the service, with a fresher interface (this was not rolled out to custom branded accounts).
 
The first screen you will see when opening the app is the “Control Centre” which will look similar to this:
Changes to Cloud Backup (for PC and Laptop) 3
 
From here you can change your backup settings, restore deleted files (previously required an additional app) and view files on the web. Your existing settings should transfer across though, so no action is needed.
 
If you are prompted to update/replace the app, go ahead – it’s safe to do so.
 
Once that’s done you can leave it to do its own thing and not think about it again!
Of course, if you’re confused or concerned, or want us to run the update and check the settings for you, just let me know.
 
You can schedule remote support online, or text or WhatsApp on 01268 833 345.
 
Steve Westrop | Director, S6 Connect

IT/Biz Consultant, Disabled Dad, Voice of Reason, Champion of Change,...

Steve has a professional background in Education and Charity Management, having worked with numerous local and national businesses and non-profits, and a micro-multinational, in roles through to Operations Director.

Founding S6 Connect as a Company limited by guarantee in 2010 after parenthood and disability changed life significantly, Steve is passionate about helping people, businesses and communities to get the most from technology, saving them time & money (or gold).

LIMITED OFFER on WordPress Managed Hosting

LIMITED OFFER on WordPress Managed Hosting

We’ve updated our WordPress Management service and WordPress Hosting, to provide simpler pricing but we’re also adding offering 20% off the great new prices for a limited time with code WPM20.

From as little as £25 a month you get:

  • UK-based Hosting
  • Email addresses
  • SSL certificate
  • WordPress installed
  • Premium Themes
  • Premium Plugins
  • Regular Backups
  • Enhanced Security
  • Regular Updates
  • Training Videos

WordPress is extremely popular but does need regular maintenance. We’ll take care of all of that for you, so you can concentrate on what you do best.

We have three packages available, which can include dedicated help, advice and even content creation if needed. We’re happy to chat first to make sure you don’t pay more than you need to of course.

Enter code WPM20 at Checkout to get 20% off the published prices. You can also opt to have us create your homepage for you for the crazy low price of just £95 during this promotion.

As always, if you have any questions, get in contact with us today!

 

Changes to Remote Support and device management

We’re making some changes to the provision of remote support and remote device management, and currently trialling a new application and platform for this.

We currently use a number of different apps to provide remote support (accessing your computer to resolve an issue, or sharing our screen with you to demonstrate how to do something) depending on needs and availability.

Zoom is usually used for all scheduled meetings, since this provides the ability to talk via the application as well as viewing or sharing screens or webcams during the meeting. It’s easy to use and most customers have been able to access it without any problem. It doesn’t provide any form of ‘unattended access’, and is intended mainly as a way of holding an online meeting and sharing content, though does have the option for us to request to control your mouse and keyboard. We will continue to use Zoom for most of our Consulting Calls.

Our managed Internet security and anti-virus service, provided by Avast  (previously AVG), includes the option for us to connect remotely to any computer that we manage, but this connection can generally only be made from our offices, and is not suitable for ad-hoc remote support. We’ve rarely used it, but will continue to include this option in Avast CloudCare deployments.

Our managedSupport application includes an option to request remote support on-demand, and this is the application that will be changing. Branded as ‘LiveWire screenshare’ this service gave several options and was often used for quick remote support sessions where we needed to troubleshoot an issue on a computer, or when Zoom could not be used for some reason. It also gave us the option of ‘broadcasting’ our screen via a webpage for training purposes. However, this application has provided unreliable lately and for this reason we are replacing it.

This will mean pushing out an update in the settings of our managedSupport application, so that the new app loads on-demand instead. It also provides the option of installing an application to run in the background, enabling us to request access at any time as needed, rather than first having to guide customers through loading the remote support application. Security is always important to us though, so this option is exactly that – an option – and customers would be prompted to allow or reject the access request. We are able to access from any of our devices, including mobile access, and will also be able to provide support for some mobile devices using this application in future.

We’ll be using both the LiveWire and SOS Connect applications through August, and intend to have the migration completed the first week of September.

If you have any questions about this, or want to see a demonstration of how these tools are used to help provide ongoing support, please let us know.

Website building with WordPress

Website building with WordPress

wordpress-logo-stacked-rgbWordPress has become a massively popular platform for website building. Initially considered primarily for “blogging” it has almost universal-appeal and powers thousands – if not millions – of websites globally.

Many of our sites are powered by WordPress, and we recently introduced a WordPress Management service which enables us to help keep your website and it’s underlying database in good shape by installing the S6Connect:WP plugin.

We’ll be adding a specialist WordPress managed hosting service to our updated online order management system shortly, providing:

  • Powerful feature-rich web-hosting account with the latest version of WP pre-installed
  • Domain Name registration or transfer included (including .uk .com .org and others)
  • Assistance with initial site setup, including optimisation and SEO tools/configuration
  • Access to several premium plugins and other tools via our developer licence agreements
  • S6Connect:WP Managed Service to keep the site and database in good shape
  • Ongoing updates including critical updates, theme and plugin patches and more
  • Additional webspace for other services if needed, and domain-based email addresses
  • Discount on additional S6 Connect services, including SaveStoreShare online backup
  • FREE unlimited installations of our CryptoLocker ‘ransomware’ protection tool

Contact us today to discuss your ideas and take advantage of this package from just £60 a year