Is WordPress Safe?

Is WordPress Safe?

It’s a widely sites fact that WordPress powers 25% of the internet’s webpages. Think about that, 25%! And nearly 60% of the sites that use a CMS (content management system).

That is the main reason it is also a target. Like the popular Microsoft Windows or Android OS, WordPress powers so many sites that if you can find a way to compromise even a small percentage of websites using the system, you can gain access to literally millions of sites.

Because of this, one of the first questions I get when I suggest using WordPress is about security. But as I stated before, criminals and people looking to do general mischief as looking for the low-hanging fruit, the easy to hit sites. So with some basic precautions, your website can be even more secure than custom HTML sites.

Making WordPress Safe

There are a few basic steps that  web developer or your company IT guy can take to secure your new or existing WordPress site. Below is a list of plugins, best practices and other items used by BeBizzy Consulting and many others to make your site as secure as possible.

Backups

Let’s start off with the most important part of the security system. If you don’t have a good backup of the site, it doesn’t matter how you set the rest up. Something WILL cause your website to fail; the webhost could suffer an attack or hardware failure, you could alter some code and break the site, or a security breach could happen directly to your site. With no backup, there’s no easy way to return to “normal,” so at minimal do a complete backup of the site files, and don’t forget to back up the database. There are automated methods as well for this process which are highly recommended.

WordPress Updates

The easiest way to gain access to a WordPress is through an out-of-date WordPress system. I’ve recovered sites running on 2.x (current is 4.7), and that’s a scary endeavor. WordPress puts out major releases a couple of times per year, and security patches about once a month or so to stay ahead of the pinholes that are found in WordPress. The best part is there are thousands of people who are looking at WordPress, for good and for bad, that identify issues and get them repaired. Keep you site updated and make sure PHP version can handle the update. If not, time to move!

I also suggest turning on automatic core updates. You should be able to toggle a switch that will update WordPress automatically for “X.x.x” updates, keeping your site secure without you even trying. Just make sure you test the site when notified of an update to make sure everything is running as it should.

Plugin Updates

The next best way to gain access to WordPress is through outdated, or poorly programmed plugins. Last summer I worked on recovering a WP site that had a plugin that had not been touched by the developer in over five years. When I updated the site to a new WP version, the plugin crashed and I had to find an alternative, more updated plugin that worked close to the same. But it’s not just keep the plugins updated, it’s keeping an eye open for poorly secured plugins as well. Do some research on a plugin before installing. Has anyone ever suffered a breach or WordPress crash after installing? What is the support like? How often do they update?

One thing that is often overlooked is deleting themes that are not being used, or are even active on the site. This is extra code that has been abandoned for one reason or another, and leaving it on your website can open a hole you don’t even know is there.

A final note on plugins, themes and other items is to NOT use pirated versions of software. Most plugins are fairly inexpensive and the alternative to paying $10 for a plugin is often spending hours, or even paying hundreds of dollars to have malicious code removed from a site. Pay the $10.

Themes

Next on the list of vulnerabilities is your theme. Every WordPress site is working on a theme, whether it’s the 2016 theme that came installed or one you paid for or got for free. Again, do a little research to make sure the theme you are planning to use isn’t a know security issue, does not get updated or supported, or is poorly written before you install it on your site. Then, update it as soon as you get a notification it has been revised.

More Security Steps

Below are a few other steps that are taken by BeBizzy Consulting, and should be considered by your team, host, or developer to make your site as secure as possible.

Change Username

Like on a computer or virtually every other system, do not use “Admin” as your administrator username. Pick something a bit more robust and always use a secure password. Changing the password often also makes it more difficult to keep access once it is achieved.

Move The WP-Login.php Page

There are several plugins that allow you to choose a different admin login page for your site. Install one of them and rename your login to something less known can eliminate some from even trying to access your admin simply because it doesn’t exist at the usual spot.

Install a Security Plugin

Many sites have Sucuri or Wordfence installed to protect the admin and other parts of the site. Even the free versions will notify you when the admin is accessed, limit login attempts at wp-login.php and the premium versions can lock down the admin to specific locations or IP address, security scans for malicious code, and much more.

Keep Your Site Safe

There are definitely more ways to secure your WordPress site. Editing the .htaccess file, hiding WordPress from source viewers, hiding site author names, picking a good (reputable) host, automating security audits, removing plugin and theme editors and others will help keep your site safe, but do require some knowledge and planning by someone that knows their way around WordPress.

Adding an SSL to your site and hosting is also a good idea not only for encrypting data being shared back and forth with users, but also to the search engines which are starting to use it in their algorithms.

I still feel that having a good backup is THE step you have to take. If you have a restore point on which you can rely, you can move, restore or save your website pretty easily. But if you are starting from a dirty site and have to clean it, be prepared to spend either a lot of time, or a fair amount of money, to have it back up. And frankly, some times it’s even more cost effective to build over than to attempt the save.

Have questions about securing your WordPress site, or considering a new website? Contact BeBizzy Consulting today, and leave the technical stuff to us!

Automate & Secure Your Home with Nest Devices

Automate & Secure Your Home with Nest Devices

nest_default_share_iconI’m a sucker for shiny new tech objects. There, I said it.

But I’ve resisted the need and the lure of most “internet of things” things like thermostats,cameras, doorbells  and more. Until now, that is.

A few weeks ago I received a bundle of Nest devices including the Nest Learning Thermostat, the Nest Cam, and the Nest Smoke + CO Alarm from Verizon Wireless as I’m a part of the #VZWBUZZ team. I was immediately impressed with the devices and in just a few minutes I had all three of them configured and installed in their place in my home.

I will take a few moments to discuss all three devices and my experiences with them and how they might be right for your lifestyle.

Nest Thermostat

2016-05-08 08.30.38I’ve had a programmable thermostat in my home for several years now. Living in North Dakota the heater is running all winner as the temperatures plunge to below 0°, and the AC runs all summer as we climb to 90°+. So being able to control when each of these items should run and for how long can be a huge money saver. In fact, I saw a $30 decrease in both heating and cooling seasons by installing the programmable thermostat.

So when I opened the Nest Learning Thermostat box and read the documentation on how it can be either told when to run at certain temperatures, or LEARN when you’re home and adjust the internal climate as necessary, I was intrigued.

Installing the device into the wall was easy with included instructions, so don’t be turned off by that. It came with a large cover plate that covered any blemishes left on the wall by previous thermostats and the device itself simply snaps in place.

Connecting to the thermostat from the downloadable Android/iOS app is as simple as snapping a photo of a QR code with your camera and entering a few numbers. From here you connect to your wireless network, configure a few other items, and snap the thermostat in place to control your heater or AC unit.

It’s really that easy. And now the device starts learning when you go to sleep, when you wake up, when you leave and come home from work, and many other features that help keep your home, and you, as comfortable as possible.

For more information on the Nest Learning Thermostat, check out this page at Verizon.com.

Nest Cam

2016-05-08 13.27.57Since I work at home, the Nest Cam is probably the product I was least excited about. However, now that I installed it and have it sitting on my wi-fi network, I can honestly say it’s nice to have.

As with the Thermostat, programming and configuring was done on the app using the QR code and camera. It resides on a coffee table pointed at the main window, entrance door from outside, and other entrance area from the kitchen.

I was able to set up zones on the app that can either notify, or not notify me of sound or motion inside of those zones. This was a big deal since my dogs are constantly moving about the house.

The best part of the camera is that I can tell it to turn off when someone with the app installed is home. This keeps me from getting tons of notifications of motion when my wife is home, and her from getting them when I’m at home working.

When you’re away from home you are notified by either email or on the app, your choice, as to any sound or motion that triggers the camera. You are then able to watch on the app or browser to see AND hear what’s happening inside your home. And check this out, there’s even a speaker in the camera so if you see something correctable by your voice like a pet misbehaving you can say something that’s heard in your home and hear the response.

All in all, the setup and configuration of the Nest Cam took about ten minutes. Allow more time if you’re going to mount on the wall and have to get power to it.

Visit Verizon.com for more information on the Nest Cam.

Nest Fire + CO Alarm

Check out the Verizon.com page for more information on the Nest Cam
2016-05-08 15.26.27My smoke detectors in the house are hardwired with battery backup. However, they are close to 15 years old and were in desperate need of replacement.

So when I was able to test this device I was excited. Configuration and setup was again, five minutes with the app, the QR code and a bit of info like wi-fi password. Installing the base and hanging it took maybe ten minutes, so easily within 30 minutes if you read and follow instructions (I’ve never been good at that…). The alarm tested during setup and it is LOUD, so make sure you let everyone know you’re testing. The app displays your alarm(s) and provides a status.

Because of the location status, I am going to be purchasing two more alarms for the other floors of my home and replacing them as well. Knowing via the app where smoke or CO gas has been detected is great information for putting that fire out or determining an exit of the building.

And some of you may be interested in a feature that allows a user to stop a fire alarm for up to 15 minutes in the event that the home fills with smoke from a burned cooking experience, electronic project, or other reason.

Visit Verizon.com for more information on the Nest Smoke + CO Alarm.

2016-05-06 15.33.39These Nest devices are a wonderful way to start the home security and automation process. They leverage the power of Google and tap into our reliance on mobile technology, which makes the process easier to manage and more powerful.

If you would like to cut your home’s heating and cooling costs, see your home when you’re gone, or know if your home is experiencing an emergency regardless of where you are, the Nest products are an easy way to get started. And I can’t wait to see what they think of next!

And, if you want to see how these devices work together, check out this wonderful post on the Nest website!

AND, if you’re really creative and want to get more out of your Nest Bundle devices, connect them to other “internet of things” devices and other mobile apps using hundreds of IFTTT (If Then Then That) recipes. Find out more about these by clicking on the links below.

Disclosure: As member of a pretty cool team of influencers, I received mobile devices with line of service from Verizon (#ad). No additional compensation was provided nor did I promise a positive review. All opinions are my own. By the way, we meet every Friday @ 2pm CT on Twitter to discuss mobile phones and how you can use them in your daily lives. Join us! 

#VZWBuzz #ad

 

 

 

 

What is WordPress

What is WordPress

wordpress-logoYou need a website, right?

So to get one, you’ll need to do a little research online, find a company or agency that “does” them, pay a designer to create some page templates, pay a programmer to create the pages from the ground up, and wait months and months for all of this to get done… then make changes.

Or… you could use WordPress.

WordPress had its beginnings as an easy way to host a blog and if you knew a few technical things you could create a few pages to flesh out the rest of the site. But now, WordPress is the single largest tool used to create websites on the internet. In fact, around 26% of ALL OF THE SITES ON THE INTERNET are done on WordPress. Narrow that to sites that have content management systems, and that number jumps to nearly 60%.

So what does all of this mean? First the bad. It means that if you can hack WordPress sites you MAY have the ability to hack nearly 26% of the websites in the world. But that’s not entirely true. The vulnerable sites contain outdated code, pirated or compromised plugins, or free themes. They can also have pages that were designed custom and have not been updated or put through any security audits. And finally, they can be hosted on virtually any server that runs PHP and a few other things.

But don’t let lazy security issues keep you away from WordPress. First of all, ANY server or website that doesn’t have security enabled or updates performed at a regular basis is at risk. At BeBizzy Consulting we develop all of our websites using WordPress and use the following options to reduce the risk or compromise:

  • We have a tool called ManageWP installed on our computers, tablets and smartphones that allow us to update ALL of our sites several times per day.
  • The same tool informs us when SPAM comments are made on these sites AND allows us to clear them out with one keystroke as well as keep the sites databases clear of overhead data.
  • Another tool is loaded with all sites to check for malicious code on a regular schedule. If any is found an email is generated to BeBizzy so the files can be removed and/or repaired.
  • Yet another tool runs on every site and performs periodic scans on files AND notifies BeBizzy via email with every successful and unsuccessful login to the dashboard.
  • Themes are purchased through reliable, trusted sources and all photos are purchased through an iStockPhoto account.
  • The hosting account includes daily backups of the sites which are downloaded to local storage twice a month. This ensures that if something does emerge on one of the sites, strategic updates can replace the malicious files.

So as you can see, hosting a site where it can be monitored and updated on a regular basis is a huge benefit when using a powerful tool like WordPress. And speaking of power, check out these other features of the world’s largest CMS:

  • Themes make changing the look of your site as easy as copying some files and activating the new theme.
  • Blog posts and other pages can be created visually in an interface that’s as easy to use as Word or your email program.
  • Integrate your social media accounts into your site without hours and hours of coding.
  • Easily control who has access to what within your site and even within your admin dashboard.
  • Drag and drop your photos or other media onto the Media Library and it gets uploaded and easily shared.
  • Thousands of plugins have been developed to make shopping carts, booking calendars and  sharing available with very little coding.
  • Self-manage your SEO by either installing plugins or controlling your page descriptions, tags and other information right on the page or post.
  • Want visitors to comment on your page or post? It’s built in by default!
  • Easy integration of Google Analytics, Adsense and other tools to make reporting and analysis easier.

Still not sold that WordPress can house your website? Check out this list of world-class sites hosted on the WordPress platform.

So what are you waiting for? Contact BeBizzy Consulting today to talk about how we can bring your website, SEO and other technical visions to life. You know your business, leave the technical stuff to us.

 

Five Ways to Protect Yourself Online

Five Ways to Protect Yourself Online

11407095883_c29ebc0949_zThis week’s #VZWBUZZ Twitter chat will be focusing on how to keep your online profile safe, as well as protecting yourself from scams and other harmful activity. With all the various security breaches at large companies and government organizations it’s important to do all you can to maintain the security of your identity. Below are five easy tips to protect yourself out on the web.

(Note : for more info on joining the chat and how to register for prizes, see the bottom of this post)

  1. Change Passwords Frequently – If there’s one thing you should do to keep yourself relatively safe, it’s changing passwords frequently. This ensures that even if you’re information is compromised, you can limit the frequency of the invasion when the password is changed. When you are changing the passwords, make sure you are using a unique, secure password that contains a variety of characters, does NOT contain common (to you) words like kids, pets, birth dates, etc. There are tools that will do this for you, such as LastPass and 1Password by generating and storing secure passwords automatically.The single most important password to maintain is your primary email address. Why? Most of your important applications like your bank, financial institutions and other accounts will notify you at this address when other changes are made or reports are issued. If someone gets access to your email, they can intercept any transmissions or even change the email password, locking you out for good. Change this password often, and to something secure immediately!
  2. Claim Your Name on Social Media Platforms – This one seems odd, but it makes sense to claim your name on as many social media platforms as possible. This will keep impostors from posing, and posting, as you and social engineering their way through friends and family into your identity. You don’t have to be active on these platforms, but securing your name’s domain, Facebook, Twitter and LinkedIn pages will make sure YOU, not someone else, owns them. Most of these sites rise to the top of search results, keeping unwanted information down on deeper search pages (see #3 below).
  3. Search Yourself Often – Got a few seconds while screwing around on your break? Google your name and see what shows up. With luck, it’s your Facebook page, some news articles about your achievements and your wedding announcement. If you’re unlucky, it could be any sort of negative info like bad reviews of your business, slanderous posts on websites, or even incorrect or private photos leaked online. Google provides a great tool to do this automatically called Google Alerts if you just want an email sent to your inbox.
  4. Assume “PRIVATE” Doesn’t Mean Private – 2014 proved that nothing is private posted online even if trusted to large companies like Apple. When you do post something to a site, phone app or other platform be prepared when, not if, that information becomes public. Some sites, like Carbonite and others do a decent job of encrypting this data, but still, use some caution when posting anything, anywhere.
  5. Assume Everything’s a Scam – Last week I received a call from a nice young man (initially) claiming to work for Microsoft and that my PC was crashing the Microsoft “server” because I had a virus. The only way to fix it, was to have his Senior Technicians log into my machine and clean the virus out. This was an obvious scam to me, and experienced computer user/technician, but to a general user this could have been catastrophic when this “senior technician” put some software on the machine that tracked every keystroke, took every document from “My Documents,” and even took down the machine. Microsoft will never call you asking for money to fix a problem. Your bank will never email you asking for to verify your account number, social security number, or anything else. And Bill Gates will not send you $5000 for clicking this link and forwarding the email. Assume everything too good, or bad, to be true is a scam. Ask questions, get contact information if possible, then check online or with experts and law enforcement to see if this is valid.

No one is going to help you stay safe online. Unscrupulous marketers, thieves and pranksters are always looking for a way to harvest your information to be used in a negative way. Take some steps to keep your data safe.

Then, join the #VZWBUZZ discussion on Friday, January 23 at 2pm Central to learn some other ways to keep yourself, your data and maybe even your family safe online and off.

If you want to be in the running for prizes, RSVP with The Online Mom. Stay safe, and I’ll see you on Twitter on Friday! And don’t forget to follow @Bebizzy on Twitter for more great tips!

Disclosure: As member of a pretty cool team of influencers, I receive devices with line of service from Verizon. No additional compensation was provided nor did I promise a positive review. All opinions are my own.