The Blog

Refined Running Website Launch

Welcome to Refined Running, an inclusive blog dedicated to improving running technique for individuals of all ages, skill levels, and aspirations. Whether you're an adult seeking to enhance your performance, a young enthusiast taking their first steps in this...

A Summer of Website Rescue – SOS

Summer 2021 seems to be where I discover websites (of course, built by others), where they are so crippled with numerous dangerous set up issues, or poor or no maintenance. One other these companies trades over £300k/month through their website, yet it is so dangerous...

Something to do while we are stuck indoors – Build your own church!

So, this idea has been three months in the making. I thought I'd make a model of our village church. From then it grew into something we were planning to print, and issue to the village for people to make their own church to support the roof repair fund. Well, now,...

If you don’t ask, you don’t get! New website for world class comic Tiff Stevenson

Watching Mock the Week, I really think Tiff is funny - So I googled to see what else she's in. Stumbled across her website, which didnt really work, so I emailed her to offer to fix it.  Well, 4 months later, and her new website is up and running. Enjoy!

Cotswold Childcare – One page website

Lesley from Puddleducks is branching out. With years of daycare expertise, there is now a big demand for ad hoc childcare services which she is satisfying. Take a look at http://cotswoldchildcare.co.uk to see if there is anything that can be done for...

PJG Garden Designs – A Labour of love

We've been running for a few months now. Peter came to me referred by Lyn at Martha's Attic. He had a very clunky old html website to sell his beautiful handmade wrought iron garden ornaments and furniture. Starting as a simple e-commerce site, it quickly became...

Wild Grace launches in Woodstock

Sinead took over Wild Grace in the early new year, and has hit the ground running. Her beautiful flowers, gifts, and cards are stunning. A stunning website was needed to complement these.  https://wildgraceflowers.co.uk

Video bringing property rentals to life

I was very lucky to be able to pitch to undertake video tours for a local home rental company. With some very clever tech, and just the right camera set up, these properties really do stand out from those with only images. Here's a sample.......

Hello to the Lofty Ladies of Bloxham

The lofty ladies had got stuck in a bit of a rut with trying to make their own website using one of the free builders. Then they found that they couldn't expand the website. So, in a couple of weeks, we moved the site to Wordpress, and created an online shop,...

Forty years ago, we barely had computers. Twenty years ago we were worried about the millenium bug. Now with the breaking of the Twenties, the age of cyber attacks is well and truly upon us. With daily attacks breaching major websites, revealing customer details in the news. And with an exponential increase in the attempts to crack into web based data. It’s time that the ‘It’s never happened to me yet’ attitude was replaced with a more proactive approach to managing threats.

So, lets take a look at the key threats, both to our security, and to that of our readers and clients thats out there right now, see what needs to be done 

Where a breach has resulted in a loss of data or assets, the average cost of a cyber attack on a business has gone up by more than £1,000 since 2018 to £4,180. Business leaders are now being urged to do more to protect themselves against cybercrime.

Government > Cyber security

What updates do I need to manage with my website?

Developers provide updates to protect against the latest attacks. Some updates are ‘critical’ – these are often security updates. Some are less important.

Where updates are advised, first a check of the compatibility of any other plugin updates should be carried out. After any update, a full check of the website’s functionality, and look should be completed immediately, and any defects noted. If any failure of a part of the website is noticed, then a backup may need to be restored, and further investigation carried out before attempting the update again.

Why do I need an SSL certificate?

SSL certificated guarantee that information passed between the public and your website is sent in an encrypted way. This means that interception is prevented, so sensitive and personal data cannot be read by anyone except you, and the other party.

Browsers are increasingly warning readers of websites are not protected by SSL certification. Some security products will block pages and issue warnings to make you stop, and be sure you want to proceed. This, of course, will put off many visitors.

An SSL cert is often about £75/year, but dependent on the hosting, and the website’s set up. Converting a site takes some time, and associated fees. However, as Google, and others are down-ranking sites without SSL certs these days, its something worth considering to keep your search position.

What types of 'attack' can I protect against?

So, attacks on your website come in a number of forms. There are also the attempts which come through email, and via your phone. Here are the ‘most popular’ attacks on a website!

  1. Friendly Comments
    • You see that someone has commented on a post or page on your site, and they have said though-provoking things. Oh, and they’ve included a web address in their comment.
    • This is usually a trick to get you to accept the comment – Many a client I have rescued has talked of the Trojan horse comment, which sounds really genuine.
    • My advice – turn comments off – less than 1% are true comments from actual readers.
  2. Brute Force
    • So, lets say, I set up a ‘BOT’ (a programme) to test your website’s login security, and your passwords. I could ask this bot to try continuously forever, using different combinations, until it’s succeeds. Once in, virus code can be installed, and other info harvested – such as your customer data!
    • What if you install a programme to allow only 3 attempts from an IP address before it blocks them for an hour. And what if after 3 lots of this attempt, it requires a two factor login (eg a text to your phone)?
  3. Security vunerabilities – As mentioned in the first section, updating your software is one of the key protections here. While you’re doing this, just review your plugins and themes, and disable, then delete any which are on longer used. A great example was a client’s site which stopped working because they hadn’t renewed the subscription to a plugin on the site, and it was vulnerable to attacks which were recently discovered, but unprotected against by old software.
Tell me about risks and measures I should take with usernames and passwords?

So, do you keep all your passwords saved on your computer? Do you use the same password for many sites?

Need I say more? – well, a little. One of the biggest risks may not be your website. It may be that some other site you subscribe to has your common user / password combo. It gets attacked, and reveals your usual logins, which hackers then use to try all sorts of other sites. 

One of the best ways to protect against all these is to follow these steps…

  1. Dont repeat logins for multiple sites
  2. Have a ‘captcha’ or other login tool to prevent 100’s of attempts to login to your site
  3. Dont use the user ‘admin’ – make it harder to guess. 
  4. Make passwords a combo of random letters, numbers, and characters. 
  5. Change passwords every 6 months

 

What features, and measures should I look for in a hosting provider?

You get what you pay for.

Siteground and Heart Internet provide the following essential features.

  • Daily backup of the site (for at least 2 weeks)
  • Loginizer or other brute force attack prevention

In addition, Siteground offer the following on the best packages.

  • Weekly scan for malware
  • Auto update for selected software (with choices how soon it happens, and whether just core software, or all)
  • Secondary areas for development – you can copy your site to a ‘staging’ area, and develop elements of it before moving it to the main live site.

Are there additional plugins or extensions to protect my site?

So, Loginizer is a good 1st step. It stops repeat attempts to gain access to your site, and takes a record of any IP address used in efforts to break in.

The free version is good.

Then there are more advanced plugins – Wordfence is a good one, with many features to protect your site from unauthorised logins.

How can I tell if I've been hacked?

Often you can’t!

Sometimes things will stop working. The best step here is to consult an expert, and undertake a review of your site with them. It may be a plugin which is no longer supported, allowing an entry to the dashboard. It may just look like things arent working, but again they are being interrupted by outdated software. 

But the obvious one is that the site looks very odd, and you start getting call from people saying they can’t view your site, or that they are getting odd emails from the website. 

Get it properly checked over! In most cases, the website is your key marketing tool – to have it posing risks to people isn’t good for business!

How can I protect any data submitted via the website?

Well, SSL means any data is encrypted as it come across. 

 

But in many cases, data sent via forms on website, or shopping carts, is stored on the database. Most form plugins will have the option to delete entries, or delete certain elements of it to make it anonymous. 

 

Make sure your privacy policy outlines how long data is stored, and stick to it!

 

For a full GDPR compliance review – just ask!

 

 

 

What else should I be thinking about apart from my website?

Hackers can also try to steal data in a number of other ways. We can help you review, manage and upgrade all of the following:

Emails: are your emails also protected with an SSL Certificate? Are they on secure servers with strong password requirements? Do they have the capacity and bandwidth to meet your needs? Are your servers blacklisted by other email providers so your emails keep getting rejected? Are you using the most effective email protocols for your current needs? How do you manage bulk marketing emails?

General Security, Anti-Virus and Backups: Are you using the most effective anti-virus, anti-malware and firewall solutions? Do you back up your most precious data off-site on a regular basis? Are you using the same, easy-to-guess, password for all your logins and do you change it regularly?