Adventures Of A Soon To Be Business Owner

This blog is a documentation of my journey into the world of small business ownership.

Total indexed: 11 posts
Average post: Every 59 Days

Blogarama.com  >  Business Blogs  >  Entrepreneurs Blogs  >  Adventures of a Soon to be Business Owner

Correcting mobility issues in WordPress

In the last few months Google has started penalizing for website mobility issues which will affect your search engine rankings. If you have Webmaster Tools, you can view the errors by logging into your account. Depending on the type of website you have, the problems can range from being very easy to fix to being numerous and difficult. In this blog post, I will cover how to correct mobility issues with WordPress which fortunately is fairly easy.

Google Mobility Issues

The first thing you will want to do is make sure your WordPress version is updated along with your theme and plugins. As a side note you should be doing this anyway for security reasons . Many WordPress themes will be mobile friendly, but not all of them, so once you’ve updated your version, you’ll want to login to Webmaster Tools and check some specific pages.

Under Search Traffic click on Mobile Usability. Next click on one of the error(s) from the list, and then click on a specific url. On the popup click number 1 (Check live version). Hopefully you’ll receive the following message that your page is now mobile friendly. 

Mobile Friendly Test

If your page(s) is still having mobile issues, then the next step would be to add a mobile theme plugin like WP Touch or Jetpack. You’ll probably end up adding a mobile plugin anyway, but it’s good practice to go ahead and update everything anyway. Once you’ve added a mobile plugin theme, check in Webmaster Tools, and you’ll most likely find the page is now mobile friendly.

And that’s it. Follow these easy steps to fix any WordPress mobility issues so you don’t have to worry about search engine ranking penalties. 

 

Related posts:

  1. WordPress Plugins – Backup and Security 
  2. WordPress websites under a worldwide “brute force” attack 
  3. Disqus follow-up – import comments from a WordPress blog 
Read full post >>

What to do if your small business website is hacked

I offer a ton of tips and advice on how to protect your small business from a data security issue. But let’s face it, no matter how well we protect our data, the hackers are always going to be ahead of us. So there is always the potential of having a data security issue, and one of the most common problems small businesses face is website hacking. 

If you are running a content management system like WordPress or if you have an e-commerce shopping cart, it is crucial that you keep it updated with the latest security updates, back it up regularly, and take steps to protect it such as utilizing a firewall, malware/virus detector, etc. Most hosting companies will offer these products for a small monthly fee, you can buy them yourself, and/or WordPress has many security plugin offerings for free.

Of course we all get busy, especially in a small business, and sometimes we just let things slip. So what do you do in the event your website is hacked? 

I recently ran a test with WordPress, and based on my experience, it should take you 24 – 48 hours to get your website clean and up and running again – if you have a cooperative hosting company. Here are the steps you should take.

Step 1 – How do you know you’ve been hacked?
You need a way to be notified your website has been hacked. Many hosting companies will notify you, but you are on their timeline. So to ensure you are covered, you should also make sure your website is setup with a Webmaster Tools program like Google. Google will notify you when your website is hacked, and they do it fairly quickly. In fact they will even mark in the search engine results that your website may have been hacked so you want to fix the issue asap. 

Step 2 – Contact your hosting company
Don’t panic! If your hosting company didn’t notify you, then you need to notify them as quickly as possible. If you are setup with a Webmaster Tools program, you should have some information on the type of hack, a list of the website pages affected, and when it occurred. Most hacks are going to be one or a combination of all the following types: install of virus/malware on your website, redirect links to spam websites, and/or an attempt to access/steal information. 

Step 3 – Remove it
In most cases if you didn’t already have some type of protective service installed on your website, your hosting company can either install one and clean it for you or they can provide you with a list of the affected files for you to manually delete via FTP. Once you think everything has been removed, either run the scan or have your hosting company run another scan to verify. 

One thing to consider – Ideally you would have had a backup, and you might just be tempted to delete everything from the beginning and start all over. This can be a lot of work so I wouldn’t necessarily just jump to taking this step. Let’s say you had 100 files affected on your website. In reality with an FTP program, it will only take you about an hour to delete those files, and hopefully the damage will be minimal. In my test with WordPress, I had 78 infected files. Once I deleted those files, I only needed to reload my WordPress theme, and I was back the way I started. Either way though make sure you have a backup in the first place, and back it up on a regular basis. 

Step 4 – Fix it
Once you remove all of the hack instances, you’ll then need to go about fixing the issues that allowed the hack in the first place. The first thing you want to do is upgrade since this was the most likely issue allowing the hacker to access your website. Using WordPress again as example, you’ll need to update the WordPress version, all plugins, and the theme. Once you’ve upgraded everything, if you didn’t have any type of website firewall/virus/malware scanner, then get one. It’ll go a long way towards preventing you from ever having to endure this headache again.

And that’s it. Remember don’t panic. It may look daunting at first, but in reality if you have a good hosting company and you are backed up, you can actually fix a website hacking issue fairly quickly.

 

Related posts:

  1. Backup your website, blog, etc 
  2. Blog platforms available for your small business website 
  3. Data security – virus and malware protection 
Read full post >>

WordPress SEO by Yoast has a security vulnerability

If you are using WordPress SEO by Yoast there is an existing vulnerability to Blind SQL Injection, and you should update the plugin immediately.  More details can be found here https://wpvulndb.com/vulnerabilities/7841 .

 

Related posts:

  1. Vulnerability in the UpdraftPlus plugin for WordPress 
  2. Data security – vulnerability scans 
  3. WordPress Plugins – Backup and Security 
Read full post >>

Vulnerability in the UpdraftPlus plugin for WordPress

If you are using the UpdraftPlus plugin to backup your WordPress website, you should upgrade it immediately.  A vulnerability was discovered that could allow an attacker access to your site’s files among other things.

You can find more details about the vulnerability here .

 

Related posts:

  1. Additional WordPress Security & Backup Plugins 
  2. Some additional WordPress Security Plugins for you to consider 
  3. Data security – vulnerability scans 
Read full post >>

Some additional WordPress Security Plugins for you to consider

Because WordPress is such a popular blogging tool, it is also susceptible to a large amount of security issues via attacks, hacking, etc.  So from time-to-time, I like to publish a list of WordPress Security Plugins for your consideration, and here are the latest.  You can search for any of these plugins via the WordPress Plugin section of your WP Dashboard, and all the descriptions are from the WP plugin database.

Simple Security

Simple Security Plugin for WordPress is an Access Log to track Logins and Failed Login Attempts for the admin area of your WordPress Website

You can add a widget to the admin dashboard for logins and failed login attempts.

Note:  There is also a paid upgrade for additional features.

WP Security Audit Log

Identify WordPress security issues before they become a security problem by keeping a security audit log of what is happening under the hood of your WordPress blog or website or your WordPress Multisite installation. WP Security Audit Log plugin is developed by WordPress Security Consultants and Professionals WP White Security and is the only WordPress monitoring and auditing plugin that works on both WordPress single site installations and WordPress Multisite.

Look-See Security Scanner

Look-see Security Scanner is a relatively quick and painless way to locate the sorts of file irregularities that turn up when a site is hacked.  This is broken down into multiple searches:

  • Verify the integrity of all core WordPress files;
  • Search wp-admin/ for unexpected files;
  • Search wp-includes/ for unexpected files;
  • Search wp-content/uploads/ for hidden PHP scripts;
  • Identify file changes since previous scan;
  • Locate files left over from older versions of WordPress;
  • Analyze configurations for oversights and vulnerabilities

Login Security

Login Security is a plugin that tries to protect you against such attacks. Every successful or failed login attempts are recorded. You will probably discover that a lot of brute force attacks are performed on your website. This plugin can tell you how many times an IP address tried to access to the Back-Office of your WordPress website. Then you can easily block the access of this IP address in just “one click”.

On the tested websites there was an average of over 800 login attempts per day.

Current features

  • Records every login attempts (failed or successful). Can be used to tell you when a user login
  • Display all the failed login or successful login with the associated IP, User-Agent and HTTP referer
  • Stats over the number of failed login during last 7 days and last 12 months
  • Discover which IP address tries the most to access your website
  • Banned an IP address
  • Multi languages : English, French (from : France, Canada, Belgium, Switzerland and Luxembourg)

As always if you have any questions or comments, please feel free to list them below.

About the author

 

Related posts:

  1. WordPress websites under a worldwide “brute force” attack 
  2. Additional WordPress Security & Backup Plugins 
  3. Additional WordPress Security Plugins 
Read full post >>

Updates on recent security issues – Heartbleed and IE Security Issue

Heartbleed

In addition to affecting websites , many mobile apps were also affected by the Heartbleed bug.  You can view an updated list of affected mobile apps here  or download a Heartbleed Android mobile app scanner here .  As always make sure your mobile apps are updated regularly and change the password on a routine schedule.

IE Security Issues

There are vulnerabilities in certain versions of Internet Explorer that could allow remote code execution.   Visit the Microsoft website to get the update , and please note this update will also work for Windows XP users .

About the author

 

Related posts:

  1. What does the Heartbleed Bug mean to your business? 
  2. Java software and the data security issues 
  3. Update on the Java software issue 
Read full post >>

What does the Heartbleed Bug mean to your business?

The Heartbleed Bug can exploit some websites running SSL encryption (Apache and Nginx), and it can expose private information such as passwords.  This means the bug could affect your website if you are running SSL, social media websites, financial institutions, email, and many more websites.  So here are some immediate steps you should take to protect your business.

  1. If your business has a website, intranet, and/or extranet running SSL, it could be vulnerable.  Check with your hosting company to see if they have patched their servers.  If you host your website, visit OpenSSL to find out how to install the patch .
  2. Your social media website passwords could be compromised.  Change your passwords and see here for a list of specific sites that should be addressed immediately  and here for a larger list of websites .
  3. Limit your employees from accessing social media, e-commerce, financial institutions, and other websites with SSL in the short term.  It will take some time for every business to address the bug and install the patch.
  4. And when in doubt, change your password, and make sure it meets strong password requirements.

As always if you have any questions or comments, please feel free to list them below.

About the author 

 

Related posts:

  1. Data security – passwords 
  2. WordPress websites under a worldwide “brute force” attack 
  3. VoIP Phone Security 
Read full post >>

Data security – network port controls

One of the most common ways hackers will exploit and attack a business network is through open and unsecure network ports.  By using a default or “easy to guess” user/password combination, hackers can gain access through network services and software such as mail servers, email servers, DNS servers, VOIP servers, and other network servers.  Here are a few tips to help you close and monitor your network ports to prevent these type of attacks.

  1. Install a firewall(s) and a network port filtering tool and set rules to only allow business verified network traffic and to monitor  all network traffic.
  2. Routinely check and install security patch updates.
  3. Maintain and audit these applications on a regular basis to ensure all rule, patches, and services are up to date.
  4. Routinely audit all ports and protocols, perform automated port scans, and compare results and settings to your asset management system.
  5. Ensure systems are in place to routinely and quickly alert when unauthorized ports are installed and opened.
  6. It may be necessary to maintain critical servers in isolated environments with no internet access.

Follow these simple steps to manage your network ports and prevent potential hacking exploits of your network.

About the author 

 

Related posts:

  1. Data security – reviewing your logging records 
  2. Data security – securing your data and preventing data loss 
  3. Data security – Network perimeter defense 
Read full post >>

What does the Target hacking mean for small businesses?

It is now looking like 70 million Target customers had their personal information, including name, address, phone number, and email address, stolen during the holiday shopping hack.  Target has already experienced a loss of sales and earnings, stock price drop, and the cost of providing one year of fee credit monitoring to all the people who shopped in their stores over the time period.  In addition they will probably face a loss of customers as well as state and federal fines.  For Target this is going to hurt their business, but they will eventually recover.  But what if this happened to your small business?  Would you be able to recover?

In many cases a small or medium sized business may not be able to recover from this type of hack.  Although hacks to larger businesses make the news, you often do not hear about security breaches at small and medium sized businesses.  A 2013 US small business survey by the Ponemon Institute showed the following results.  “ 55 percent of those responding have had a data breach, almost all involving electronic records, and 53 percent had multiple breaches.  Only 33 percent notified the people affected, even though 46 states require that individuals be contacted when their private information is exposed. ”  That is a huge number of small businesses, and on November 3, 2010, the Privacy Rights Clearinghouse released a report that among other items showed that “80 percent of small businesses that experience a data breach either go bankrupt or have severe financial difficulties within two years.”

Small businesses still face the same potential loss of customers, sales, and fines as larger companies, but unfortunately they often do not have the money to recover.  And as the Ponemon Institute survey results show, small businesses are very easy targets.

The Target hacking is continuing to raise awareness of the huge potential of business hacking and loss of personal information. So your potential clients and customers are expecting to have their data protected.  If you have not read it already, please take a moment to read my 5 Step Data Security Plan for Small Businesses article.  And as always if you have any questions, please feel free to list them below in the comments section.

About the author 

 

Related posts:

  1. This week in data security news: Week of July 2 
  2. Social Marketing Continues to Increase Among Small Local Businesses 
  3. Seven Scams that Target Small Businesses 
Read full post >>

Data security – web based and software application security

The majority of data security attacks and vulnerabilities can be found in software applications and more specifically web software applications.  Major hacker attacks of online systems are becoming more and more commonplace with hackers exploiting vulnerabilities through SQL DB injection attacks, buffer overflows, cross-site scripting, and many more areas.   So it is important for you to protect your business by testing application software for vulnerabilities, and here are some examples of how you can strengthen your business against these attacks.

  1. Install and test all new software publications on devices outside of your network such as a single desktop.
  2. Use automated remote web application scanners to test for security vulnerabilities prior to software deployment within your network.
  3. If the software requires a database, test the database to ensure it has been hardened.
  4. Once testing is complete and the software is deployed in your network environment, ensure it is properly setup and configured within your network firewall to protect against potential outside threats.
  5. Turn off all automated updates except for security updates.  And depending on your network type, you may either want to test or use a third party to whitelist software security updates before introducing them into your network environment.
  6. All system error messages should be displayed internally only.
  7. If you develop and code your own in-house software, keep the development area separate from your production network environment.  Test for common vulnerabilities such as software backdoors, malware insertion, coding errors, etc., before deployment of this software.

Follow these steps to ensure you are testing for and removing any potential software application vulnerabilities prior to deployment in your network environment.  And as always if you have any questions or comments, please feel free to list them below in the comments section.

About the author 

 

Related posts:

  1. Data Security – Hardware and Software Configuration 
  2. Data Security – Network penetration testing 
  3. Data security – virus and malware protection 
Read full post >>

Data security – vulnerability scans

I covered the need to perform routine vulnerability scans in my 5 Step Data Security Plan for Small Businesses, and in this blog post I would like to add a little more detail to how you should be performing vulnerability scans.  Not only are you using vulnerability scans to detect potential issues within your network, [...]

Data security – vulnerability scans is a post from: Adventures of a New Business Owner .

 Related posts:
  1. MBSA – Another free tool for vulnerability scanning
  2. SMB security – network vulnerability scanning
  3. Small business data security – Audits
Read full post >>