Tag: Security

  • WordPress Security

    After reading what Fusion Alliance wrote about Information Security and writing what I did about WordPress Security, I thought I’d write a bit more about how we keep our client’s WordPress web sites secure here at Erich Stauffer.

    WordPress Updates

    WordPress is updated regularly to address new security issues that may arise so we’re always updating our client’s to the latest version to keep them secure. Since version 2.7, WordPress has featured automatic updates and the WordPress Dashboard lets us know when the updates are available.

    WordPress Plugins

    One of the most common attacks against a WordPress web site is HTTP exploit payloads for specific vulnerabilities in outdated plugins. Plugins are add-on software that runs on top of WordPress. Think of WordPress as the operating system and plugins as the programs. If you’re not using a plugin, delete it from the system.

    WordPress Themes

    If your WordPress theme uses custom scripts to render thumbnails or other images they might be susceptible to being exploited. This happened to one of our web hosting clients who purchased a theme they were using on their WordPress web site. A hacker exploited the vulnerability and used our server to begin sending out spam before it was stopped.

    Secure FTP (SFTP)

    We use secure FTP (SFTP) to transmit files, which means we protect our server passwords while transmitting your files on the Internet. If you’re still using regular FTP, you’re sending your password via plain-text over the Internet, which is like using a post card to send your credit card information to someone.

    WordPress Backups

    In the event that all of these security steps still lead to a problem with our client’s site, we make local backups of all of our client’s sites and because we use two web hosts for our web hosting, we can restore those backups on another web host in order to keep your web site up in the event of a problem.

    If you’re looking for an experienced WordPress web designer and WordPress web host in the Indianapolis area, contact Erich Stauffer at 317-572-7521.

  • Security

    One of the big trends in 2012 is going to be security. We’ve gone through the initial stages of getting people used to password rules and best practices. We’ve taught people not to put sensitive information in their mail boxes and to shred things they don’t want fished out of their garbage. People are even getting better about keeping things private on Facebook. But as more and more of our personal data is stored in the cloud, security will be top of mind for time to come.

    I was recently at Sam’s Club and noticed the security cameras they had on display (no, not the ones mounted to the walls and ceiling) and took a picture of myself. This is part of my initiative to not use stock photography anymore. In order to do this, I take pictures of things I think I might use in a blog post later. I post these pictures on the web using WordPress, which has it’s own security issues.

    WordPress Security

    WordPress has a nice page on hardening WordPress, but here are some basic things you should be doing:

    • Keep WordPress updated – these are free and easy to do
    • Keep WordPress plugins updated – one bad apple can spoil the bunch
    • Keep Theme files updated – some themes have scripts that can be exploited
    • Keep Passwords to yourself – use secure FTP (SFTP) to transmit files so you’re not sending your password via plain-text over the Internet
    • Use secure passwords and choose a username other than “admin” or “administrator”

    Remember to backup your WordPress installation before updating or making changes. This can be as simple as doing an XML export and backing up the WP-Content folder.

    Wireless Security

    I’m an early adopter of technology. I was the first one on my block to get a wireless router and a tankless water heater, but today there’s over 10 and this is not uncommon. When I do in-home computer repair and while using my iPhone, I often see multiple wireless access points all around me. What boggles my mind is the number of wireless connections that still don’t have passwords.

    If you don’t have a wireless password and you haven’t changed the default password on your wireless router, your entire network is exposed and can be compromised in seconds. If you’re sharing any folders or printers on your network, those are completely exposed to any novice user, but any experienced user can find more. Even though it’s illegal to browse someone else’s network, it doesn’t mean it can’t happen.

    If you need help with WordPress security to keep your web site secure or wireless security to keep your network secure, contact Erich Stauffer at Watershawl – 317-572-7521.

  • Apps and Services to Find Your Phone or Mobile Device

    Have you ever lost your phone or laptop? It’s a horrifying feeling. Thankfully there are some things you can do about it before it happens to you.

    The following apps or services will help you find your smartphone or notebook if they are lost or stolen. They can also be used to find the person using them if you’ve lost them – whether or not they want to be found.

    Some of these are free and some are not. Whichever one you choose, it must be enabled before your phone or laptop is lost – and you must understand the security risks you’re taking to make your mobile devices more secure.

    Platform Device App or Service Description Price
    iOS iPhone Find My iPhone Displays your phones location on a map. Must use from another Apple device Free
    Android Smartphones Where’s My Droid Text the phone to get its GPS or Google Maps location via text. Free
    Android Smartphones LookOut Security and Antivirus Antivirus, Phone Locator, and Data Backup app. Free
    Android, Blackberry, iOS, OSX, and Windows Smartphones, Laptops, and Tablets GadgetTrack Find your mobile device and see who’s using it. Takes and sends pictures of it’s location. $19.95 per year
    OSX and Windows Laptops LoJack for Laptops Remotely locate, lock, and delete the data on your laptop. Service is guaranteed. $39.99 per year
    Windows Laptops Laptop Cop Remotely locate, lock, and delete the data on your laptop. Requires police report to enable. $49.95 per year
    OSX Laptops Hidden Find your mobile device and see who’s using it. Takes and sends pictures of it’s location. $15.00 per year

    The Hidden app, whose name itself makes it hard to find, got notoriety when a blogger posted pictures online of the man who allegedly stole his Macbook laptop (below), but for Android, Blackberry, and Windows users, GadgetTrack does something similar. Hidden is only for Mac operating systems, OSX.