For Want of a Nail…
Several years ago, we built a website for a large prominent client. I tried to convince them that they needed our WebsiteOverwatch service but I was unsuccessful. A few days ago out of the blue he called and said, “Hey…
Reducing Your Attack Surface
The attack surface is the sum of all the different points where an attacker can try to gain entry into your system, extract data, or add/modify data. For a WordPress website, your attack surface would include things like: Login function…
Blogging Still Works
I encourage my clients to blog, once a week if possible. Yesterday I was was reviewing Google Analytics metrics with a client. He was surprised at the number of people reading his blog, and the number that subsequently started exploring…
Where is Your Website Traffic Coming From?
A few days ago, an old friend for whom I built a website a few years ago asked me to take a quick look and tell her my recommendations. One of the things I told her her was "You are…
You Should Delete Unused WordPress Themes
Scanning the log for the website of one of my clients this morning, I saw something that made me smile: http://[domainname]/wp-content/themes/twentyeleven/footer.php I had just spotted a hacker. Unused themes are favorite places for hackers to install a backdoor. They will…
The Value of Maintaining a Website Clone
As a professional company engaged in the business of website support, maintenance, and security, we have developed several best-practices. This article describes two of them. It happened again today. The vendor of a popular WordPress plugin released a new version today.…
Don’t Drag Your Feet on Website Security Updates
I understand that you’re busy. You have more to do than you can possibly accomplish, and a lot of it needs to be done RIGHT NOW. I’m going to add to your burden. Maintaining the security of your website is…
Malware Discovered in Client’s Website
A long-time friend called me and told me his website was running very slowly and asked if I would take a look at it. I quickly discovered malware. His .htaccess file contained a bit of code that under certain conditions…
Sometimes It’s Good to be Paranoid
A few weeks ago in this blog, I wrote about WordPress 4.7 and the new REST API. I wrote: As someone who has been in the security space since the early 1990’s, my first thoughts are about the potential security…
AmazonAWS, the Double-Edged Sword
You may be familiar with Amazon S3, providing low-cost online storage. You may also be familiar with Amazon EC2, providing the ability to have your own server in the cloud. These two form a small part of a collection of…