Think Your Simple Business Website is Worthless to Hackers? Wrong!

Posted on April 20, 2016 by WebSideView

websideview business website

Having self-employed and business owner friends generally means a part of our downtime conversations involve us picking each others brains about our respective areas of expertise.

It’s a great benefit to having friends in different professions and we’re all lucky to be in such a situation. I’m sure you’ve all done it and I’m guessing it went a little like this:

“You’re a (insert profession here), what should I do if…”

“I’ve got this problem…”

“How do you sort…”

This particular weekend turned out to be my turn, focusing on business website security (plus other things) and raising the question:

Why would a hacker attack my business website?

I don’t have anything valuable. I don’t have credit card details or anything worth stealing.

This single question inevitably resulted in a debate that provided further insight into how business/self-employed people generally see website development and maintenance:

  1. Once a website is built that’s the end. It’s done now so I don’t need to look at it again.
  2. I paid you enough money to build the website so why would I need to keep paying you to look after it? It should just work.
  3. My website isn’t of any value to hackers because I don’t have anything of value to steal.

Needless to say,

Ignorance is bliss (until something goes wrong, then it sucks)

People are either unaware of what to expect or have preconceived ideas about what a website should be, how it should be developed and how much they should pay.

Often stating that website maintenance isn’t as big a deal as building because you don’t need to do as much (this is true in part but not when there’s a new threat!).

Unfortunately, this is not the case (we would love it to be) however, website maintenance is a big deal, taking time, knowledge and awareness.

A perfectly good example would be the following:

It’s similar to buying an owning a car.

When you buy a car everything is great but we all know that a car has to go for a service and MOT to make sure that everything is working okay. Otherwise things can go drastically wrong and end up costing you a fortune when you could have nipped the problem in the bud before it escalated.

This is the same situation with websites. You have to regularly service your website to mitigate against future problems.

However, there is one major difference:

The world of the internet is constantly changing and evolving.

It is our job as website developers and consultants to keep up-to-date with new developments, threats and techniques so we can allow you to focus on your business.

With the added pressure of somehow forecasting and preventing the bad things that could happen and reacting quickly enough to protect you and your business when they do happen.

It can be like changing the locks, engine immobilizer, key lock code and alarm system every week (if not more often with the increased number of threats)!

The plan was to write a piece about this, explaining why it is important, providing insight and justifying the fees charged.

However, it would appear that we were beaten to the punch and a study has already been performed. Answering the question:

“Why would a hacker attack my website? I don’t have anything valuable. I don’t have credit card details or anything worth stealing.”

Have a look at this article that explains “What Hackers Do With Compromised WordPress Sites.”

Here’s a little insight into what was found. Out of 873 respondents the top reason for a hacked site was to deface your website or to take it offline! (slightly over 25% of cases)

When hackers deface websites they replace your content with their own.

“The most common was political content from terrorist groups and the like. The next most common was hackers simply bragging that they hacked your site.”

If you have a business website and you’ve asked the above question you need to read this article because your perspective will massively change after reading this article.

Simply put,

“No-one is immune or off the menu when it comes to hacking.”

Hopefully you will also understand just how much your website developer/online consultant does and the value of having a good one.

Please share this with anyone you think would benefit from reading this (Steve the builder, Robert the accountant, Jean the coffee shop owner and other self-employed/business owners).

Don’t be a Dummy Keep Website and Email Separate

Posted on April 14, 2016 by WebSideView

email and website

Why should you do this?

For 4 very good reasons:

1.) If your website hosting goes down so does your email

Even if you are not an internet expert you have definitely come across a website that has been down. Website attacks that overwhelm and block a website from being seen are all too often!

However, can you remember the last time your email provider such as Gmail, Outlook, Zoho etc were down?

Its common knowledge that a website is a lot more likely to go down than your email.

If you have associated your emails with your website hosting company just so you can have that all important name@businessname.co.uk guess what?

If your website goes down, your emails will also stop working!

That’s not great for business because I suspect email is essential for your business operations (it definitely is for me and my clients).

Customers, suppliers and everyone else wont be able to visit your website but worse still they wont be able to get in touch with you.

Can you imagine the effect this will have on your suppliers, clients, business partners and the rest.

You can have a business email, just keep website and email providers separate

However, if you had separated your email from your website hosting you would be able to carry on with business, keeping in contact with your suppliers, clients and business partners. Heck you can even take the proactive step of letting them know that you are currently experiencing problems with your website (which I’m sure they will appreciate).

You should also make sure that you have at least one other social media channel such as Facebook or Twitter just so you can let everyone know you are experiencing problems with your website and that you are working to resolve the issue as soon as possible (good customer service).

2.) Moving your website means moving your email.
Bad news, it’s not that easy!

Although moving a website has some technicalities it is still relatively straight forward.

  • You buy new hosting from another hosting company,
  • instruct your web developer to push and pull the technical levers to finish this off
  • move your files to that new hosting company,
  • cancel or let your old hosting run out,
  • and your website continues to run.

Unfortunately, if your email is also linked to your website hosting it can and is a pain to move your email address and all of your past emails across with it.

You could find yourself up the creek without a paddle and losing all of your previous emails. Plus, just to let you know, web developers do not really like doing this either.

By hosting your emails with another email provider all you have to do at initial setup is point incoming emails at the domain registrar to the email provider that stores them. If you decide to move your website hosting from the registrar or from another hosting company you do not have to do anything with your emails. They will continue as normal.

Plus if you decide to change your domain registrar as well (sometimes because your domain renewal is more expensive) all you would have to do is change where the incoming emails point to at your new domain registrar. Your past emails remain where they are at the email provider (this is much less work, therefore costing you less or you can do it yourself if you have the technical ability).

3.) Hosting your email with your website uses up valuable space

Having your email through your website hosting company uses up valuable website storage space. Space that you should be using for your website to add photos, extra pages and new blog posts or announcements.

4.) The user experience with Hosted email is generally not as good

On a lesser but annoying note, using hosted email is a poorer user experience (although it has improved) compared to that of a dedicated email provider such as Gmail, Outlook and Zoho to name but a few.

Most people have difficulty learning new ways of doing things or just plain don’t like learning new things when they have a good system already. Changing website hosting providers is a common practice much more frequent than changing email providers.

Moving or losing your emails simply because you changed your website hosting to another company sucks, is a headache and costs more money. When I’m asked to move a website for a client, I want emails to carry on as normal and make the transition as easy and seamless as possible for both me and my clients.

Therefore, to avoid associated security risks, headache and cost keep your email providers separate from your hosting company.

Website Threats are Real and Massively on the Increase

Posted on February 2, 2016 by WebSideView

WordPress Attack Platform Identified

WordPress lost security

A group of contributors to the WordPress community have also identified that hackers (not the nice kind) have increased their ferocity and have become armed with a series of sophisticated attack tools.

The new year of 2016 is becoming a year when potential hacks are ever present and we cannot stress enough how it’s ever more important to keep your websites up-to-date with the latest approaches and techniques to mitigate against successful attacks.

Not convinced?

Don’t just take our word for it. Here’s where this same group performed a virtual test on what they are calling an “attack platform.”

In summary, (and it is pretty scary!)

The attack platform once fully installed (on your website) provides an attacker with 43 attack tools they can then download and use.

The tools and capabilities this infection provides lets an attacker use an infected WordPress site to further spread their infection locally and to other external sites and services.
An Attack Platform Infecting WordPress Sites by mark (WordFence)

That’s right you will also harm other people and it could come back on you for not taking the right precautions and lets be fair, it’s pretty bad to spread the infection onto others (just think how guilty you feel when you pass on a cold to a loved one).

Please keep your websites up-to-date and use the latest techniques or hire a specialist to help keep your website and others businesses websites protected.

Thank you for reading and please share this with all your business colleagues and friends so they do not get caught out as well.

Seriously! Update Your Website: WordPress 4.4.2 Security Update

Posted on by WebSideView

websideview - wordpress security update 4-4-2

If you don’t know about website/WordPress things (that’s what we’re here for) just ask your web developer to update your website NOW (and that means now!) with this New WordPress Security update.

We try to keep you updated with all the things you need to be aware of when running a business website so you don’t get burned.

Keeping your finger on the pulse on such geeky things isn’t easy and not really why you are in business, nonetheless it is important that you are up-to-date with your website security (including WordPress). See the full release here:

WordPress 4.4.2 Security and Maintenance Release

Not interested in reading the above boring ins and outs? we totally understand so just make sure you update your website yourself or get your developer to do it (if they haven’t done so already!).

If you feel confident enough to update yourself, have a read of this post about how to update your website without your developer (yep, without your developer).

BUT be mindful of the fact that you will need to “Backup All Files and Databases” then test the functionality afterwards to ensure nothing has been affected by the update.

Go directly to the relevant section by clicking below:

Websideview Security Update

Thank you for reading and please share this with all your business colleagues and friends so they do not get caught out as well.

Watch out for Fake PayPal receipt emails

Posted on December 9, 2015 by WebSideView

image

It’s the holiday spending season so please be aware of scammers trying to take your hard earned cash using PayPal. PLEASE SHARE THIS

You receive an email that looks genuinely from PayPal

According to this email, which appears to be an official payment notification from PayPal, you have sent a payment of £… to ….. The email features the PayPal logo and is set out like a genuine PayPal message.

However, the email is not from PayPal and it is not a genuine receipt for a payment. It is a phishing scam.

Don’t recognize the transaction? Don’t click anything!

The link in the message opens a fake PayPal website designed to steal your PayPal account details and other personal and financial information.

SERIOUSLY DONT CLICK ANYTHING

The scam email advises you to click a link if you did not authorize the payment and wish to get a refund. The email also mentions that, to cancel a transaction, you will need to verify your identity and update the information the company has on file. Do not be fooled it’s a trick to steal from you.

Don’t click anything! Always check directly with PayPal

https://paypal.com

Some people who get this B.S email, might mistakenly believe that their PayPal account has been compromised and be panicked into clicking the link to cancel the transaction as instructed. DON’T!

PAUSE, TAKE A MINUTE TO THINK AND NEVER CLICK (okay you get it)

Follow these Steps

Step 1. – go directly to your account (not using the link) and login.

Step 2. – Check your recent transactions (nothing suspicious or similar to claimed receipt email).

Step 3. – Contact PayPal to check that nothing suspicious has happened in your account. They will help if it has.

‪Be Safe Online.

Thanks for reading and be sure to share with your friends, family and colleagues.

Keep Your Website Updated: WordPress 4.3.1 Security Update

Posted on September 15, 2015 by WebSideView

websideview wordpress security update 4.3.1

As always we try to keep you updated with all the things you need to be aware of when running a business website.

We know you cant always keep your finger on the pulse so we at WebSideView continue to try and keep you in the know with the most timely and important things.

This one is to ensure you are up-to-date with your website security and was announced on September, 15th 2015. See the full release here:

WordPress 4.3.1 Security and Maintenance Release

It might not be interested in reading the above boring ins and outs so just make sure you update your website yourself or get your developer to do it (if they haven’t done so already!).

If you want to give it a go updating yourself, have a read of this post about how to update without your developer (yep, without your developer).

BUT be mindful of the fact that you will need to test out the functionality afterwards to ensure nothing has been affected by the update.

Go directly to the relevant section by clicking below:

Websideview Security Update

Thank you for reading and please share this with all your business colleagues and friends so they do not get caught out as well.

Don’t Get Caught Out – WordPress Security Update 4.2.4

Posted on August 5, 2015 by WebSideView

websideview wordpress security update

Here at WebSideView we try to make sure you have the most up-to-date, relevant information to help you with your business.

With this article we want to ensure your website is not left vulnerable to attack.

It is a quick post to spread the word about the release of an important WordPress security and maintenance update that you need to know about and Act on Now (apologies if you have already heard about this and updated but better to be safe than sorry).

The update was released yesterday on the 4th August 2015 and addresses a number of issues that were highlighted by the WordPress community and contributors:

You can follow the link to see the official release details on WordPress.org

I am not going into the details of exactly what has been updated but just be mindful that these updates are not to be ignored and I encourage you to take action now.

Either by logging into your own WordPress website and applying the updates yourself or asking your developer to do this on your behalf if you are not sure how to do this.

I have previously shown you how you can update your own WordPress website in this post

“Essential 4 Point Checklist – Managing Your Business Website Without a WordPress Developer”

and if you need some pointers you can go directly to the relevant section by clicking the link to

Thank you for reading and please share this with all your business colleagues and friends so they do not get caught out as well.