Perhaps you recently redesigned and rewrote your website. Will your site suddenly shoot to the top of a web search? While the redesign may certainly benefit your company, that doesn’t guarantee you will be boosting your web presence. Rather, there are many ways to improve your standing in search engine ranking.
Even if you are just setting up your first company website, you know being in the top spot(s) is important. However, you must remember that ranking better is relative. After all, moving from page 6 to page 3 is still an improvement.
If you have looked at your first quarter numbers, and want to do more, then there’s no time like the present. We have a long list of action items from which to choose. But before you begin, take a few minutes to decide what you wish to accomplish, how much time or money you have to invest, and how much knowledge you have of search engine optimization (SEO). Once you narrow down these answers, you are ready to get started.
Last month we talked about using a password tool, so you only have to keep up with one password. And while remembering a single password is great, it is important that password is a strong one that no human or AI technology can guess. And, while you may be using a password tool to store your info, it’s key that you use a different password for each service to limit your security exposure.
So, what consideration do you need to have before choosing a password? After all, they are the first line of protection against your private information and no one- be it a large corporation or a single individual- is safe from being hacked or dealing with a data breach. Everyone is at risk of being a cyber victim, so choosing a good password is a must!
Open Sesame! As a child, perhaps you had a fort, tree house, or maybe just your bedroom where you required others to use a password to enter. It was a fun way to control who entered your space. However, in today’s society, passwords are such a common thing that they have, perhaps, become a necessary nuisance. And, for many people, the statement(s) they dislike seeing/hearing are “What is your password” or “create a password”.
After all, creating a password means coming up with a series of letters, numbers and characters that are unique to you and a particular account. But beyond the creation of the password, becomes the need to remember said passwords. Considering the experts now say a password should be a minimum of 16 digits, keeping up with several passwords can seem like a job in itself- never mind the tasks associated with many logins! Thankfully, there is a way to make keeping up with passwords easier.
However, despite the ease of use a password manager offers, surprisingly few people actually use one. In fact, a Consumer Reports survey found that only 39% of people use a password manager! Despite the low percentage of people using them, this in no way means they are not needed.
As long as there have been websites, there have been hackers and malware whose sole purpose is to gain access to a website and wreak havoc. As such, it is crucial that as a business owner, you do your part to protect your company website from those entities with malicious intent. However, even in taking steps to protect your website, there is still malware that can cause a significant amount of trouble. For instance, the recent GoTrim botnet malware has been causing problems since this Fall.
GoTrim, is attacking self-hosted WordPress websites and then uses brute force practices to obtain the administrator’s password to take over the website. The bot is designed to work in 2 modes – “client” and “server”. It works by using a bot network to scan a site and attempt to brute-force the admin accounts by using stored credentials. If it gains access, GoTrim then spreads to the command and control server (C2). The bot then uses PHP scripts from a hardcoded URL to delete the script and the brute-forcing component from the infiltrated system. When successful, the bot reports credentials to the C2 server. GoTrim is designed to steal credit card information, making it a threat to you and your clientele.
It should be noted that the GoTrim requests for access are sent to C2 every few minutes. If, after 100 tries and not getting a response, the bot will then automatically self-terminate. This is because the goal of the bot is to evade detection- which is why the primary targets are self-hosted websites as many WordPress users do not employ proper security practices. However, if the bot is successful in getting through then the following information can be accessed by GoTrim:
Target URL
Username
Password
Command ID (1 for WordPress, 3 for OpenCart, as well as several others)
Brute force status (“0Good”)
In studying how the GoTrim bot affects sites, it has been found that while WordPress CMS sites are the most affected since they make up 40% of the market share, other targets include self-hosted Joomla!, OpenCart, and DataLife Engine. In addition, GoTrim is also capable of bypassing some anti-bot techniques used by host providers. It is designed to copy legitimate requests from Mozilla and even supporting content encoding algorithms like gzip and Brotli, while also detecting what CAPTCHA plugins are being used. Of special import is that so far, GoTrim cannot override Google, WP Limit Login Attempts and Shield Security’s CAPTCHAs.
What to Do About Malware
So, now that you are aware of GoTrim, and perhaps others, you may be wondering what you can do to protect your website. Fortunately, there are several proactive measures you can implement.
Set up a two-factor authorization (also known as a 2FA) – This is the most common step to take and the one recommended by Page Progressive and many other website pros. Two-factor authorization is required on bank, government sites, military sites, and many others where the proper level of security is common. However, due to so many hackers, identity thieves, etc. out there lurking around for sit e access 2FA has become common for many other types of sites. A tool we recommend is Wordfence.
Be sure your site is set up as an HTTPS – If you have not updated your site to be an HTTPS, then you are more susceptible to being attacked by malware. If your site is HTTPS compliant then not only will the URL begin with HTTPS but there will be a green lock symbol with the word “secured” in the URL. This lets your customers know that you have taken proactive measure to protect their financial information. Making this change will also help your Google search ranking- so it’s a win for everyone!
Use a CDN (Content Delivery System) – A Content Delivery System uses a separate system to keep malware and viruses away from the backend of your website.
Have firewalls in place – A firewall restricts traffic to and from your website, and only allows trusted guests to enter. A firewall also protects against dangerous SQL (structured query language) statements and cross-site scripts that could shut down your site.
Always Backup Your Information – Don’t loose vital information because of a hardware failure (or worse, a cyber-attack) and not have anything backed up. While no one wants to think about the aftermath of being hacked or hit with a malware attack such as GoTrim, you can’t ignore the risk! Be sure to run scheduled backups- ideally daily. Talk to your web host provider to set this proactive measure in place.
Implement services such as SiteLock, Cloudflareand Sucuri – These services use good bots to automatically block the bad ones. They are designed to eliminate backdoor breakthroughs, keep your plugins and website’s core components updated and mitigate malicious use of CAPTCHA.
Keep in mind that bots can be quite powerful, and they will cause a significant damage. As such, they should not be ignored. After all, when it comes to protecting your website, it is up to you to do your part. Take advantage of the various proactive measures available to protect your website, as well as the information- yours and your guests-that is stored there.
If you are unsure if you have taken the necessary measure to protect your website, now is the time to make updates. The Page Progressive team is well-versed in implementing security measures and tactics to protect your website from GoTrim and other bots. Give us a call today to schedule a consultation and learn how we can help you protect your website.
If you are finding it difficult to believe that a new year is rapidly approaching, then you are not alone. For many people, the year has flown by, while for others it might have felt like an eternity But, regardless of your opinion on 2022, it is now time to start thinking about 2023 and what you would like to accomplish. From long-range goals to short-term action items, having plans for the year ahead is important. And, as a business owner, having goals and plans is a must. But what should those goals be?
While the goals will vary, some action items can benefit nearly any business. While not all companies are the same (though they share a common goal of turning a profit!) there are some basic goals and resolutions that will make a difference whether you are a small start-up or a large corporation.
Prior to 2020, having an office management system in place was a great tool that helped everyone stay up-to-date and on task for work projects. However, during and since the pandemic, where so many people worked – or perhaps still work- from home, it has become vital to have a tool that has group texting, tracks progress, and does traditional conference calls, but having a tool that keeps all the players connected both individually and collectively is a must.
A wide range of office planning tools is available, each with its perks and quirks. They are all designed to help your business run more efficiently and effectively. But how can you determine which tool is best for your needs?
No matter the size of your business or organization, having an email service provider (ESP) is a must. You can choose a paid service or a free one, but email is still the standard method of communicating in most business environments – whether to an individual or a large group. However, there are many different email service providers to choose from so deciding which one to work with can be daunting. Knowing what type of email service provider you should use, based on your entity’s specific needs will help make the decision easier.
Despite what many people think, website maintenance and website hosting are not the same. Sure, the terms often get used interchangeably, but they are not synonyms. Each of them is necessary, however, to having a successful website and ensuring that you get the most leads you can from visitors.
If you have never had a website, or are trying to decide what you need, then understanding the difference between each of these services is important. After all, you want to be certain that in getting your company on the Web, you do it right the first time.
Have firewalls in place – A firewall restricts traffic to and from your website, and only allows trusted guests to enter. A firewall also protects against dangerous SQL (structured query language) statements and cross-site scripts that could shut down your site.
