Website Security Hints and Tips

A padlock locking an 'at' signIn this series of articles we focus on ways to make your WordPress based website more secure against hackers.

I’ve also built a sister site which is focused specifically on security for WordPress websites. It’s written for non-technical people and includes guides, ‘how-to’s and useful security tools. You can find it here.

Ransomware, the fastest growing cyber-crime at present, can be devastating if you’re not prepared for it. Do take the time to read the information on the No More Ransom website to get the latest information on how to protect yourself and recover after an attack – Click here.

Cyber crime is a growing industry. We cannot advise you strongly enough to be eternally vigilant against hackers and other cyber criminals.

14 Easy Ways to Make Your Website More Secure

Unless you have a specific interest in cyber security you probably don’t stay abreast of the latest trends in hacking and cyber-crime. I do have an interest – a keen interest – because I want to make sure that Abledragon websites are as secure as possible. Same for the websites that we build and maintain… Read more

Protect Yourself Against Ransomware and Some Ways to Recover from an Attack

I’ve written here, here and here about ransomware, probably the fastest growing type of cyber-crime at the moment, and steps you can take to protect yourself. I talked about making sure you have backups of both your computer system and your data (stored off-line so they are safe from infection). As long as you have… Read more

What is a Zero Day Attack?

A zero-day attack sounds like something out of ‘Starship Troopers’, or ‘Back to the Future’. But it’s much more boring, I’m afraid. A zero-day attack is one that exploits a zero-day vulnerability – a code vulnerability that slipped through the cracks and has been discovered by the bad guys, who plant their malware or otherwise… Read more

Stay Safe Online – 30 Steps You Can Take

Robert Mueller (special counsel investigating Russian interference in the 2016 US election) indicted 13 individuals and 3 companies a few days ago. If you read the summaries of what he’s discovered so far in the course of his investigations you should be having a serious think about your own personal security online. To summarise the… Read more

Massive Brute Force Attack on WordPress Websites

Back in December there was a massive brute force attack on WordPress-based websites. Around 190,000 websites were attacked, from 10,000 different IP addresses, and up to 14 million attacks were made, per hour. This was one of the largest attacks ever, and I learnt of it from the Wordfence blog – you will find the… Read more

A Pointless but Mean WordPress Hack

Just a short note today about an (apparently) pointless website threat. . . I just read this post on the Sucuri blog that describes a hack, the only purpose of which is to completely wipe out a website. As that article points out (and as I have said many times) hacks generally have an ulterior… Read more

What can we learn from the WannaCry ransom ware attack..?

The WannaCry (WannaCrypto2) ransomware attack that crippled the NHS in the UK and locked up more than 230,000 computers in 150 countries, and demanded a payment of US$300 each, in 28 different languages, to unlock them, was wholly and easily preventable. By anyone who owns a computer. The attack was successful because the computers that… Read more

You’ve Just Logged in to Your Online Bank Account to Find it’s Been Emptied – 2 Ways to Protect Yourself

Ever been told you’ve just lost your job? How about ‘Hello…, this is the police – we need to advise that we’ve arrested your son’..? That twisting feeling in your stomach when you hear those words is exactly what you’ll feel when you discover someone has illegally accessed your bank account and cleaned it out… Read more

Hacking of Websites up by 32% in 2016 – Google

Think your website is too small to be hacked..? Think again: Google reported recently on its webmasters blog in the section on the State of Website Security in 2016 that the number of websites hacked during 2016 was 32% higher than in 2015. As I’ve written before on this site: hacking websites is one of… Read more

The Risk of an Expired Domain Infecting Your Site Visitor’s Computers

Another twist on what can happen if you don’t keep your plugins up to date: your website visitors can be re-directed to a site that, at the least, will present them with spammy ads and, at worst, will attempt to infect their computers. A recent article on the Sucuri blog reported on a plugin that… Read more

Shopping Online? Beware this New Phishing Scam

A nasty new phishing scam has been revealed by Sucuri in an article posted this week: legitimate e-commerce sites are being hacked and a re-direct inserted into the checkout page. This redirect takes buyers to a fake checkout page, from where the hackers steal the buyer’s credit card details, or PayPal email, and the website… Read more

Is Your TV Being Used to Generate Distributed Denial of Service Attacks?

Sound too much like science fiction? Unfortunately not. Anything that is connected to the Internet can be used in a Distributed Denial of Service (DDoS) attack – as Sucuri has reported. In that instance Closed Circuit TVs were used – 25,513 of them, scattered around the globe. So, as the Internet of Things develops and… Read more

Domain Renewal Scam – Beware

An interesting blog post on Sucuri talks about a domain renewal scam being carried out via normal mail, as opposed to email (the usual medium). Domain scams are where you receive an email (or, in this case, a snail mail) urging you to renew your domain, but which is not from the company with which… Read more

Ransom Ware goes Commercial

The ransom ware that I’m covering here is mostly a threat to computers, rather than websites, but I’ve covered it because keeping your computer clean and safe is a key part of keeping your website clean and safe – as I explained here. A new iteration of ransomware has appeared that threatens to greatly increase… Read more

Report on Website Hacking Trends from Sucuri

Sucuri has just released a report on a study they did through the first quarter of 2016 on hacking trends affecting Content Management Systems (of which WordPress is one). The report is available from the Sucuri website but you can also download it by clicking here. In that study they analysed the hacks on 11,485… Read more

The Top Way Hackers Gain Access to WordPress Websites and What Happens Then

When your website is hacked bad things happen: it will be removed from the search listings and the major browsers will prevent anyone from reaching it (if visitors type in the address themselves). Basically, you go dark. That will cut off all sales or leads you were getting from your website overnight. I wrote about… Read more

Even Good WordPress Plugins Can Become Malicious

You go to all the trouble of finding high quality plugins from reputable authors (or from the WordPress plugin repository) for your website and suddenly you find you’ve been hacked. “How can it be?” you ask yourself. One possible reason is that, somehow, that carefully chosen ‘good’ plugin has gone bad. Let’s look at some… Read more

Protecting Your Website Against Hackers is not Enough – See What Other Steps You Should Take

I’ve written several times about steps you can take to strengthen your WordPress website against hackers – you can find the articles here. But strengthening your WordPress site itself is not enough. You need to consider everything you do online, starting with your own computer. The two most successful types of attacks on WordPress websites… Read more

Think Your Website is Too Small to be Hacked? Some Facts that May Change Your Mind . . .

Some time ago I wrote about the website security risks you need to manage. But the Internet being what it is, times have quickly moved on. Cybercrime is growing at an extraordinary rate and the hackers are becoming increasingly vicious with their victims. The article I linked to above refers to 3 situations in 2015… Read more

If You Use the Same Password to Log In to More than One Online Account You Have a Problem

Another article on passwords and online security – but I make no apologies, it’s a serious subject! Cybercrime is growing ridiculously quickly and causes its victims very serious damage (I wrote back here about how it puts businesses out of business). I am continuously surprised at the number of people I talk to who dismissively… Read more

How Much Will You Lose When Your Website is Hacked? (Hint: It Could be Your Business)

I was at a session on cyber security yesterday, presented by KPMG. It comprised presentations by leading experts on trends in cyber-crime and the steps large organisations should be considering in order to secure their IT systems. While Abledragon does not deal with large corporates, the lessons around securing your website are as relevant, and… Read more

How to Make Your WordPress Website 44 Times More Secure Against Brute Force Attacks

I’ve mentioned on many occasions (to anyone who will listen!) the importance of using long, complex passwords. I recently came across an article on WordPress security that touched on the importance of creating strong passwords. This was written in the context of comparing the benefits of adding just one character to your password against being… Read more

Here’s What Happens When Your Website is Hacked

I often find that it’s difficult to get people who are not familiar with working online to appreciate the risks and effects of being hacked. Recently the website of Jon Morrow, whose site I visit occasionally, was hacked. Luckily Google had spotted it and warned me before getting into the site that it had been… Read more

Security Risks for WordPress and 10 Easy Mitigation Steps

Your website is your online property and you need to take the same approach to securing it as you do your ‘real world’ business premises. As importantly: failure to properly secure your website makes the Internet less safe for other users because you are helping the cyber-criminals to carry out their dirty tricks. It makes… Read more