More often than not, when people think of a hacker, they think of someone technologically infiltrating a network and stealing mass amounts of sensitive information sitting behind it. In actuality, hackers tend to employ methods that take advantage of individual users, often in tandem with some form of social engineering.
Tag: web application firewall (WAF) Page 2 of 4
A special thank you to Yvonne Conway-Williams for her time and participation in the interview for this article.
At a recent WordCamp, I met Yvonne Conway-Williams, a social media marketing expert and front-end web developer. She approached our sponsor booth inquiring about website security. That’s when she said; “I wish I had found SiteLock two years earlier.” Struck by the comment, I asked her what had happened. Conway-Williams shared that on January 30, 2015, she and her husband returned home from a long day to find her client’s website, a local car club, defaced. Instead of her client’s homepage, the website featured a front page promoting and recruiting for ISIS, the terrorist organization.
We celebrate Independence Day to honor the adoption of the Declaration of Independence on July 4, 1776. As Americans, we have the right to freedom of religion, speech, press, and the Internet.
You know that awkward moment when you’re screen sharing with your boss and a Viagra ad appears on your screen? It’s difficult to rebound from an embarrassing moment like that, even when you did nothing to prompt it. These “pharma” hacks happen all the time, and it is just one example of what can happen when a site falls victim to cyberattacks. Luckily, the team at SiteLock is here to help you avoid these rather uncomfortable situations.
SiteLock offers comprehensive, cloud-based website security solutions to businesses of all sizes. We protect websites from a multitude of attacks and threats, pharma hacks being just one example. Check out our video to learn more about who we are, what we do and how some of our products work.
Over one billion websites exist today. With an excess of websites to choose from, we hear many people ask, why did my site get hacked? How did it get hacked? What damage has been done? While there are various reasons and ways a cybercriminal could have hacked your site, there is a very good chance (80% to be exact) they were after your web applications. Web applications account for 80% of website vulnerabilities, making them a very attractive target to cybercriminals.
According to a recent report from Google, nearly all website owners rely solely on Google’s Safe Browsing program to alert them when their site has been hacked. The report concludes that only 6% of webmasters discovered an infection via proactive monitoring for suspicious activity. That’s alarming.
A recent article reported that WordPress.com is moving to enable HTTPS by default on all of its 600,000 hosted sites. This is a huge security win for WordPress.com users and the Internet at large. It sets a high security bar for other entities to strive for, and of course helps protect users and visitors from prying eyes.
If you’re a WordPress.com user, one way to take advantage of WordPress.com’s exemplary efforts is to go further and enhance the security of your WP.com site with protection services.
As a business owner, you’re constantly thinking about how best to protect and propel your company. But there’s one component that you may have overlooked: website security. Security breaches are inevitable, yet cybersecurity is often neglected. We’ve rounded three simple steps to make sure you’re covered:
Identifying and cleaning malware is part of our everyday life here at SiteLock, and we know for many website owners cybersecurity can be an intimidating topic. That’s why we thought we’d share a simple case of what a common infection looks like, and demonstrate how SiteLock finds, fixes, and prevents malware.
During a malware clean of a new customer’s site, we found some simple, well-known malware — a perfect example for an introductory post on malware. The site was compromised through an arbitrary file upload and malicious code was ultimately injected into the index of the site. Likely an automated process, the code was injected before the closing <body> tag.
SEO (Search Engine Optimization) is the process of improving your website’s ranking among search engines like Google and Bing. Over the past few years, SEO has greatly evolved. Keywords and backlinks (other websites linking back to yours) used to have a huge impact on SEO rankings, but have since been taken over by new and improved algorithms such as Google’s Penguin and Hummingbird, which aim to decrease black-hat (negative) SEO techniques such as link spam.
With cyber attacks on the rise, search engines have been increasingly factoring spam injections, malware infections, and website speed into their SEO algorithms. Properly securing your website can provide a large boost to your SEO rankings. Below are 3 ways you can improve the SEO ranking of your website by securing your website.
1. Moderate comment spam
Malicious links hosted on your website can negatively impact your SEO and, worst case, can flag your website as malware or spam, preventing users access to it.
One of the easiest ways for hackers to place malicious or irrelevant links on your site is through comments on your blog. These links damage your site’s authority and credibility so managing them is critical. Fortunately, there are several things you can do to automate the moderation process of comments:
- If you’re using a Content Management System (CMS) like WordPress, look into one of their comment system plugins
- Enable CAPTCHAs when possible, as an extra layer of security
- Disable anonymous posting, and only allow registered users to post comments
- If you have an active moderator, require that comments be approved before they are posted on your website
- Enable a web application firewall (similar to our TrueShield WAF) which will block malicious bots from accessing your site to begin with
- If you’re still having trouble with comment spam, you should disallow hyperlinks in comments altogether
2. Regularly scan your website for malware
Often times, malware and malicious links can be injected into the code of your website without notice, negatively affecting your SEO, and potentially harming your visitors. Reversing the whole process is both difficult and time consuming, since injected malware is usually hidden and made to look like regular code, and your hard-won SEO rankings may be lost in the meantime.
A website malware scanning tool can scan your code each day for malware (and suspected malware) and in some cases automatically remove the threats or point you directly to the suspected malware. This means you don’t have to search line-by-line through code in the event that your website is compromised. The SiteLock Website Scanning and Malware Removal product provides automated alerts to help you avoid search engine blacklisting, saving your business’s reputation and SEO positions.
3. Cache website data with a CDN
Malware can dramatically increase the time it takes a website to load, if it allows it to load at all. But even a malware-free website can improve its SEO, performance, and security at the same time. A CDN (Content Delivery Network) is a website optimization infrastructure that works by caching website’s content across data centers around the globe. This results in quicker website load times since content is served locally to visitors. It also improves website security since, as is the case of the SiteLock CDN, data is fully encrypted both in transit, and at rest.
Major search engines like Google factor load times into their SEO algorithms (time to first byte – TTFB), so by using a CDN, your website can experience a boost in SEO while improving security at the same time.
Want to see how your SEO stacks up? Many online tools can scan your website and provide suggestions to improve your SEO. Contact a SiteLock Security Consultant today to learn what solutions are the right fit for your site.