Website design & hosting | 07769 900262

Is your website secure and are your plugins updated?

When managed effectively, WordPress is a fantastic tool and is well protected, but there are certain measures that any website owner must take to ensure their website and plugins remain secure.

In addition to the vital WordPress updates, you also need to be vigilant with the plugins which your website uses, and ensure they are also monitored and updated, as the recent incident we discuss below highlights.

Plugins need to be updatedNot confident in managing the security of your WordPress website and plugins yourself?
IJL Web Solutions offer a monthly plugins/security service as part of which we ensure that the WordPress, theme and all plugins are kept up to date. During this we first back-up the site to a remote location, perform the required updates and then test. If anything fails we restore the back up and discuss with you, to decide how to proceed. Often this will include replacing the plugin with an alternative (when one is delisted or no longer kept up to date). This provides peace-of-mind, ensures that you have the reassurance that all updates are checked and updated regularly. For more details please contact us.

A recent article from Wordfence, highlights a great example of where our plugins/security service would have been invaluable. Issues like this are picked up with our service, but can be missed by yourself.

 

“If you have a plugin called “Display Widgets” on your WordPress website, remove it immediately. The last three releases of the plugin have contained code that allows the author to publish any content on your site. It is a backdoor. The authors of this plugin have been using the backdoor to publish spam content to sites running their plugin.”

“This company and the individuals behind it appear to be responsible for injecting malicious code into a plugin used by over 200,000 websites.”

 

The WordFence blog covers article gives the full detail:
www.wordfence.com/blog/2017/09/display-widgets-malware/

XSS Vulnerability found in Product Vendors Plugin for WooCommerce

Do you use the ‘Product Vendors’ Plugin for WooCommerce on your website?

Important information of an  XSS Vulnerability found today

A reflected cross site scripting vulnerability has been reported in a premium WordPress plugin for WooCommerce called the ‘Product Vendors‘ plugin, which is used by nearly 30% of all online WooCommerce onl;ine shopping sites.

This affects Product Vendors version 2.0.35.

Website security

If you are using this plugin, you need to upgrade immediately to at least version 2.0.36, which includes the fix. The current version of Product Vendors is 2.0.40.

For more information and to keep informed of current web security issues, we highly recommend following the Wordfence website and blog

Support available whenever you need it – 24/7

Do you have access to 24/7 support, 365 days a year?

Easy access to a knowledgable help service, who talk in plain English?

IJL Web Solutions provide personal support, whenever it’s needed

You need the reassurance that you can access technical support whenever you may need it, at IJL Web Solutions provide just that for all our hosting customers.

Help and support

As well as our front end support which our clients can contact directly and which runs seven days a week, we also have direct access to a backend has a team of around 15 server admins with senior server admins specialising in cPanel, Linux, MySQL and security. The server team is online 24/7/365 and we also use a range of comprehensive server monitoring software to ensure the smooth running of all servers at all times.

So for detailed technical support, or just some advice around running your website, you can be rest assured that we are here to help you, whenever you may need us.

How can we support you today?

 

Free SSL/HTTPS encryption for every website we host

Have you heard talk about SSL certificates and how Google are penalising websites which aren’t secure?

Secure green SSL padlock icon shown by Chrome
The ‘secure’ green padlock icon, as shown when using the Chrome browser

Have you noticed the green padlock icon on some websites and not on others?

We offer free SSL encyrption with our shared hosting packages

Back in 2016 Google Chrome announced that it will be marking on-HTTPS websites as ‘insecure’. Anyone using the Chrome browser visiting a website which does not have an SSL certificate will see a red X over the padlock symbol, indicating that the site is not secure.

Green SSL 'secure' padlock in the Firefox browser
The green ‘secure connection’ padlock, as shown when using the Firefox browser

Firefox has also floowed suite and now willshow a green ‘secure’ padlock simbol only if the website has encryption in place and is delivering content via https

With search engines and browsers now pushing for SSL/HTTPS on all websites, all website ownersshould be updating existing sites and ensuring all new sites are built with SSL/HTTPS in place.

A major stumbling block so far has been the cost of buying SSLs and the limitations of installing SSLs on shared IPs. However, we are offering a free solution to all our shred hosting ciustomers , with a free SSL certificate issued via “Let’s Encrypt”.

Enable https for your website or to find out more

Getting started with Let’s Encrypt

Using free Let’s Encrypt SSLs could not be easier:

  1. Sign up to our Web Hosting
  2. Configure your site to use SSL/HTTPS (we can help)
  3. DONE! You are now running over SSL/HTTPS

read the full article …

WordPress Backups are critical – so who does yours?

Cloud WordPress backupsIf your WordPress site is compromised or your server fails, having access to a recent WordPress backups can make your life considerably easier. The fastest way to recover from a hacked website is to restore the latest version of the site that existed prior to the hack. You will still need to close the security hole the attacker used to compromise your site after your site is back up and running, but at least you’ll have your site back to working order in hours or even minutes.

 

How often should you back up your site?

The frequency with which you should back up your WordPress site should be determined primarily by how often your content changes. Sites that change infrequently may be able to get by with weekly WordPress backups. Sites with constant updates, like new users, blog posts and comments may need to be backed up hourly. Many websites will be somewhere in between.

 

How should I manage my WordPress backups?

The easiest way to manage your WordPress backups is via a plugin that meets your needs. There are a wide variety of options available, and depending on the cost and settings, some can perform regular automated backups. Backup location is also vital to consider – most solutions allow you to store your back-up in various locations, but it is crucial that this is carefully considered. Backing up up to a folder where your website is can be futile if your server crashes, and backing up to your laptop is pointless if your hard-drive fails. Its critical that backups are stored in a location separate physically and geographically from your website.

Contact us about our WordPress plugins/security service

 

read the full article …

Is your router is vulnerable to being used to hack WordPress websites?

Its been revealed that over 6% of all attacks on WordPress sites come from hacked home routers.

In one month alone, over 57,000 unique home routers we used to attack WordPress sites.

Those home networks are now being explored by hackers who have full access to them via the hacked home router. They can access workstations, mobile devices, wifi cameras and any other devices that use the home WiFi network.

Luckily the fabulous guys at Wordfence have provided an easy-to-use online tool, which can quickly check if the router you are using is vulnerable to this vulnerability.

For full details, a link to the tool and details of what to do if you do find you are are vulnerable follow this link: Wordfence Router Check

At IJL Web Solutions we take security seriously, and Wordfence is just one of the tools we use to help secure our clients websites, data and information. If you’d like more information on this, or we can help in any way regarding website development or management, please don’t hesitate to contact us … we love to talk!

23 Ecommerce ‘Landing Page’ ideas to help increase sales

Are you reaching your potential when it comes to converting your ecommerce visitors?

According to a recent Deloitte study, on average 54% of visitors abandon their shopping carts.

According to Marketo, approximately 96% of visitors are not ready to buy when arriving at your ecommerce landing page.

With those odds stacked against you, are you doing as much as you can to seal the deal?

By 2018, Ecommerce sales are expected to grow to more than $400 billion. Wanna claim your piece of the growing pie?

Check out these 23 ecommerce landing page ideas from Klient Boost that you can try out for yourself … read the full article here

Achieving conversions is critical for all e-commerce stores – but some of the obvious solutions are easily forgotten

All online retailers know that converting browsers to buyers is critical, as there are often hundreds of other online stores out there who are competingy for those sales.

Getting customers to visit your store is a huge part of online selling, but making sure that your potential customers actually completes the ordering process and goes through to completeing the payment is vital for true e-commerce success. The success of tunring visitors into shoppers is called ‘conversion’ and your conversion rate is vital.

The guys at Ready Cloud wrote a fantastic article reminding us of some of the many tips for maximising conversion rates. Some of these are new ideas and many are obvious, but sometimes we all need reminding!

Some of the fantastic suggestions include:

  • Offering cheap (or even free) shipping
  • Fine-tuning your ‘Unique Selling Point’ (USP)
  • Offering mutliple, secure Checkout options
  • Making the checkout process take as few clicks as possible
  • Throw a lifeline to customers who have abandoned the checkout without paying
  • Feature ‘live-chat’ support
  • Using the highest quality photos, and showing multiple different viewpoints and angles
  • Providing clear and detailed delivery & returns information
  • Present lots of genuine customer reviews to help bild confidence
  • Include product videos

This fascinating article is well worth a read for anyone who sells online.

Read the full article on the Ready Cloud website

Highly effective Gmail phishing technique being exploited

What you need to know

A new highly effective phishing technique targeting Gmail and other services has been gaining popularity during the past year among attackers. Over the past few weeks there have been reports of even experienced technical users being hit by this.

This attack is currently being used to target Gmail customers and is also targeting other services.

The way the attack works is that an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.

You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again. You glance at the location bar to check it’s legitimate and you see accounts.google.com in there.

You go ahead and sign in on a fully functional sign-in page that looks completely as it should.Once you complete sign-in, your account has been compromised.

For full details, we suggest you read this post – httpss://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/

How to protect yourself

When you sign in to any service, check the browser location bar and verify the protocol, then verify the hostname. It should look like this in Chrome when signing into Gmail or Google:

Make sure there is nothing before the hostname ‘accounts.google.com’ other than ‘httpss://’ and the lock symbol. You should also take special note of the green color and lock symbol that appears on the left. If you can’t verify the protocol and verify the hostname, stop and consider what you just clicked on to get to that sign-in page.

Enable two factor authentication if it is available on every service that you use. GMail calls this “2- step verification” and you can find out how to enable it on this page.

Enabling two factor authentication makes it much more difficult for an attacker to sign into a service that you use, even if they manage to steal your password using this technique. I would like to note that there is some discussion that indicates even two factor authentication may not protect against this attack, however there is no harm in adding this.

Free SSL/HTTPS solution to be implemented!

SSL/HTTPS encryption for all your domains

IJL Web Solutions will be rolling out offering free SSL Certificates from Let’s Encrypt!

The SSLs will be available to all our clients following the planned server upgrades in January 2017.

Boost SEO & Trust with HTTPS

SSLs used to be a niche product, confined mainly to eCommerce sites with checkouts taking card details. But over the past years, SSL/HTTPS has become desirable for websites of all types due to changes in SEO rankings and web browsers.

In 2014, Google announced that using SSL/HTTPS will give you your website a ranking boost in its Google SEO ranking. The weighting of SSL/HTTPS is assumed to be fairly light weight for now, but likely to increase in significance.

And in 2016 Google Chrome announced that it will start marking HTTP sites as insecure in future browser updates. This will mean that anyone using the Chrome browser visiting sites running over HTTP will see a red X over the padlock symbol, indicating that the site is not secure.

With search engines and browsers now pushing for SSL/HTTPS on all websites, it’s time for website owners to start migrating existing sites and to ensure new sites are built with SSL/HTTPS in place.

read the full article …