Disturbing words, aren’t they? Reputedly a comment made by the FBI’s Head of Homeland Security.
What can you do about that risk?
Your first line of defence has to be regular incremental backups of your website stored offsite. That way, you can roll back a site to a backup preceding the hack.
However that`s only part of your defence.
If you have a WordPress site you need to be protecting your website against attack by monitoring its visitors, stopping brute-force login attempts, operating a firewall, hiding login pages and even restricting logins to your IP address and country.
If your site uses plugins, themes and open source software you should ensure you are informed of updates and apply them immediately.
If this all sounds too much for you there are designers and developers, such as wetherbyweb, who offer security and maintenance packages to take care of these tasks for you, leaving you to concentrate on your business.
Yes, Google are at it again. They have offered the carrot but are now threatening you with the stick.
One of a number of Internet related companies, Google is part of the consortium offering free website encryption via `Let’s encrypt’. Encryption of your website means that you have obtained an SSL certificate from a recognised authority and have converted your website from http to https. This means that all data between your website and a viewer browsing your site is encrypted instead of being transmitted as [vulnerable] plain text under the http protocol. It means that a padlock icon will appear in your browser denoting that it is secure and that you can safely enter email addresses, passwords and make online payments on your website.
That`s the carrot.
The stick is that, with the issue of the latest version of their Chrome browser, Google now identify that your site is not secure with the little i icon at the beginning of the url field if your site only uses the http protocol.
Future plans are that the security status of your website will affect your ranking in Google`s SERPs, while they have written that they may explicitly comment on the security of your site in their search engine results – a bit of stick and a bit of carrot
WordPress websites will always be reviewed critically because you have to log into your website to manage it.
So, get in touch with your designer, your hosting provider or your ISP and arrange for your website to be upgraded from http to https, whether it is a WordPress site or not.
I generally select software for a particular purpose and am satisfied if it serves that purpose satisfactorily. Unfortunately I recently purchased an update of software which has always done what it said on the tin. It’s called Winzip and it zips and compresses files so that they take up less space. This means that you can store them, email them and uncompress them again reliably time after time. Indeed WordPress plugins and themes can be uploaded as zip files and WordPress will uncompress them and install them reliably.
The suppliers of Winzip seem to be suffering some kind of crisis of confidence. Compressing and uncompressing files is suddenly not enough. Every so often (too often!) a message pops up telling how many megabytes of files are located in the Trash or Temp folder or how many megabytes of files haven’t been touched in a while and offering to delete them.
Wizip! Stop it! Just stick to compressing and uncompressing stuff. Leave the rest of running my computer to me. I don’t need a file nanny.
End of rant