News Categories
RSS Feed
Latest Updates
Jun
27
Let's talk about WordPress and how to improve your site's security
Posted by Matt Kinne on 27 June 2018 09:25 AM

WordPress is one of the most used content management systems in the world by a large margin. According to the most recent report from W3Techs (via VentureBeat), WordPress powers over 30% of the world's websites as of April 2018. To compare, the next closest content management systems which are Joomla and Drupal, which have 3% and 2% of the market share respectively. Since WordPress is so popular and well-known, that means it's the perfect target for hackers. So now you're probably thinking, how can I add additional security to my WordPress site to keep the chances of hacking low? Don't worry, we're here to help.

There is no such thing as too much security

The internet is always changing, that means security needs to change along with it. That means that keeping your plugins up-to-date is very important. Updates aren't always just to add new features, most of the time they are to fix security vulnerabilities. There are a few plugins that we always install on our sites to provide the maximum amount of security.

Wordfence Security

Wordfence Security is an excellent avenue to take when it comes to bolstering the security of your website. Not only does it provide real-time scanning, but it also acts as a firewall. If you jump into the premium version, which we highly recommend, it includes the ability to block traffic from certain countries, check if your site's IP is generating spam, real-time threat defense feed and more.

Brute Force Login Protection

This plugin can be very helpful to stopping hackers from getting into your WordPress site. One way hackers find there way in is running a program on your login fields, randomly guessing usernames and passwords. So with Brute Force Login Protection, you can limit the amount of login attempts a user can make. Once they have used all of their login attempts, that IP address will be blacklisted.

Make a longer, more complex password

This one is by far the easiest and one of the most secure things you can do. We see a ton of WordPress sites that have basic passwords such as ChangeMe!, password123, admin123, and so on. Those definitely aren't secure and can almost be guessed without the help of a program. We use a website called Password Generator and use 16 character passwords. 

To give you an example, a password that is 8 characters long, only using lowercase alphabetical characters, has 208,827,064,576 options. That's over 200 billion different passwords! Now, if you were to add capitalization to the letters, that’s 53,459,728,531,456 options. If you were to add numbers and even special characters, you have yourself a very strong password. Increasing the length will only increase the amount of different passwords. Just don't make it abcdEF!#, that's still relatively simple. 

Not using comments? Disable them site-wide!

An easy way for hackers to use your site as a spam center is to comment and provide their links. This not only is not good for your site in the customer's eyes, but Google is not a fan of this as well. We use a lightweight plugin called Disable Comments. It is very easy to disable comments site-wide in one click.

Math Captcha

To go along with having a stronger password and brute force protection, to make it really difficult on perspective hackers, we add a math captcha. Whenever someone goes to log into your site, they will have to complete the math captcha before they are able to sign in, even if they have the right username and password. 

Now, all of these plugins and methods do not guarantee that your site will not be hacked, but they will definitely help out and lower the chances. If you have any questions about WordPress security, or security in general, feel free to contact us!


Read more »



Jan
8
What is Your Website’s New Year’s Resolution?
Posted by Matt Kinne on 08 January 2018 10:57 AM

With the new year comes new beginnings. Here at Evolve Systems, we want to help make your internet dreams come true! We’re an agency creating business solutions for the digital world. Here is a list of 10 resolutions that your website might be secretly asking you for.

  1. Updated Meta Descriptions
    Did you know that Google changed its maximum meta description length from 160 to 320 characters? This change means that your descriptions can provide better details to affect your SEO.
  2. Google’s Mobile Friendliness
    When customers are searching, Google will automatically rank websites that have mobile-friendly functions higher than those that can only be interacted with through a computer. We can help make your website reachable by phones and tablets, contact us to find out how.
  3. Site Speed
    Google likes sites that can load quickly and interact with people faster, and we bet you do too. Take 2018 to make your website quick, simple, and usable.
  4. Duplicate Content
    In past years, did you copy and paste information on several pages? With the new way SEO works, this practice hurts your rankings. You now need to have fresh language on every page if you want to go up in rank! Bright side, we have copywriters ready to help your website achieve this!
  5. Local Backups
    Did you know you could lose information even if you think it is saved to your computer? Local backups are a must for 2018, ask us how to sign-up for EvolveCare and not have to worry about this problem happening to you.
  6. SEO
    Google analytics scans what your website says and ranks it based on keywords and several other factors. Make 2018 the year your website organically ranks above your competition.
  7. Target Language to Your Ideal Audience
    Does your website take the “shotgun” approach, hoping to put information out there and have it scatter enough to capture customers? Instead, use directed language for an ideal target audience. They will appreciate the information and you will be able to capture a larger share of a slice in your industry.
  8. Broken Link
    Ever wonder what that random button on your homepage is supposed to do? If you answered “yes” to that question it’s time to fix your broken links. Ask us how!
  9. ADA Accessibility
    Did you know that screen readers evaluate your metadata descriptions and rank your ADA accessibility? Take 2018 to make your website available to a broader range of potential clients.
  10. Celebrate Your Website’s Birthday
    Now that it’s 2018, copy write years at the bottom of the page and years you’ve been in business need to be updated. Also, did you bring on an amazing new team member last year? Don’t forget to update your “Contact Us” and “Our Team” pages to represent who will be working for you this year!
  11. Here’s a bonus tip, just for fun.
    Your logo might want a refresh too! Contact our team to learn more about our design services.


Act on what your website needs, adapt your strategies to grow more than 2017, and evolve to the next stage of your company. Join Evolve Systems, let’s get to work.


Read more »



Apr
27
HTTP, HTTPS, Not Secure, and what it means to you
Posted by Matt Kinne on 27 April 2017 03:57 PM

Security Warning Icons

Lately, you might have noticed that more and more websites are showing the words “Not Secure” in your web browser window. It might even be present on your site. Now, before you get worried that your data or your viewer's data is being compromised, let us explain this a little more in-depth. "Not Secure" is accurate, but may or may not be significant depending on how you are using your site.

In most cases, nothing on the site has changed to trigger this message, the browser is simply providing the user with data that already existed in a more direct manner. Recently, Chrome and Firefox have come out with a new update to their browsers which detect if websites have SSL certificates installed or not. You'll notice some websites that do not have an SSL certificate will say "Not secure" in the URL window while others won't say anything, as in the past.

There are two main reasons that the words “Not Secure” appear on a webpage since Chrome and Firefox’s latest update: password field and credit card fields. These are considered sensitive data, and if it is being sent over an unsecured website (http and not https), the data can be compromised.

This goes back to our earlier statement about how you use your website. If you are selling products, collecting user info (such as emails, content, etc.), or storing sensitive files on your web server, it is best to keep that information safe. If you are just using your website as a blog or as a landing page for your business, you probably don’t need to get an SSL certificate.

At the end of the day, if you have any questions about your website’s security, you can always ask Evolve Systems for recommendations. We are always happy to help.

Here is a good article from Google explaining the different security statuses: https://support.google.com/chrome/answer/95617?visit_id=1-636241568048158526-700204908&p=ui_security_indicator&rd=1


Read more »



Jan
12
Be aware of a highly effective Gmail phishing attack
Posted by Matt Kinne on 12 January 2017 11:34 AM

Gmail, one of the world's most popular email providers, has been the target of a highly effective phishing scam to get password information from Google accounts. Let us explain how it works and what you can do to prevent it from happening to you, friends, and co-workers.

The way the attack starts is that you will be sent an email from a compromised email address; it could be one of your known contacts if their account was hacked already. The email will include an image of what looks to be an attachment. Clicking on an attachment will typically expand it and show you a preview, but in this case the faux attachment will open a new tab, prompting you to sign into Gmail again. 

Google Sign In Page

This is where it gets tricky. The page, will look like a standard Google login page. This is where even highly technical people are getting fooled. Once you sign in to the look-alike Google login page, your data has been compromised.

How to avoid this from happening

The easily way to tell is that all of Google's websites are secured with an SSL certificate. That means all data transferred between your device and Google is encrypted. The dead giveaway on this phishing scam is to look at the URL in your browser window. We have a screenshot of what the actual phishing URL looks like courtesy of Wordfence. We have compared it side-by-side with the official Google URL for reference.

Secure vs. Unsecure Google URL

Now, when you compare that to Google's actual account page login, you will notice the green padlock and "https" text. That is how you know you are on a secure connection. Also making sure that the sign in page URL begins with https://accounts.google.com/ is a good way to check. The phishing URL above has https://accounts.google.com/ within it, but it starts with "data:text/html,". If you are unsure if the URL you are visiting is compromised, close it out and return to your Gmail or Google accounts page. 

Lastly, if you believe your data has been compromised, change your password immediately. Make sure to use a very secure password with numbers, special characters, and a length longer than 8 characters! Please spread the word to friends, family, and co-workers so we can minimize the impact of this phishing scheme. It is unknown at this moment if Google will employ any precautions to stop this from happening.


Read more »



Nov
4
Buckle-Up Internet, the next few days may be a little bumpy
Posted by Matt Kinne on 04 November 2016 11:20 AM

Internet Attack Map

You may have noticed things going on with the internet the past few weeks. Major sites such as Reddit, Twitter, Netflix, and many more experiencing connectivity issues in late October. This was caused by a distributed denial of service (DDoS) attack on Dynamic Network Services (Dyn), which routes internet traffic; it is part of the internet's address system. A DDoS attack is where many infected internet devices target a single system. These devices can be anything from a computer, phone, or even a baby video monitor. 

That leaves the question: "can't we just update the devices to prevent this?" In theory, yes we can updated computers and phones with the latest security patches, but when it comes to the Internet of Things (IoT), it's not that simple. The IoT are classified as everyday objects that have network connectivity. Some examples are thermostats, baby monitors, fridges, and the list continues to grow everyday. According to CSO, there are between 13 billion to 18 billion IoT devices in use today. Many of these devices have admin controls and have no way of being updated or patched.

Just as everything was starting to clear up, it seems like it is coming back once more. As of today (11/4) major sites such as EA, Netflix, Delta, and Craigslist have been experiencing issues intermittently. When attacks on the main internet infrastructure happen, it causes strain on the whole world wide web, not just the intended targets. Effects from large-scale DDoS attacks may or may not cause slow loading times on your company website. 

At Evolve Systems, we will continue to employ everything we can to protect your site. We are constantly monitoring servers and will continue to keep you updated with any developments. We don't know if anything will happen in the coming days, but according to a DHS Official, the attacks on October 21 could have been a trial run for a potential attack on Election Day. 

Just make sure to keep an eye out and remember to go out and vote!

 


Read more »




Help Desk Software by Kayako www.evolvehelpdesk.com/index.php?