We have always concentrated our time and energy into our business profits and traffic but what about the dark side of website ownership? What if your site was hacked? Would it be a case of too little too late? Or are you going to act on your site now?
Over the past few weeks Dominic has been working on the security and performance of our website and I would like to hand you over to Dominic where he shows you what changes we have made to our websites and what you need to do to stop the hackers yourself.
Of course you can never stop hacking – just look at Facebook and Paypal and others that have been victims but at the same time we should make simple measures to improve our own fate shouldn’t we and this is why I have decided to write this post for you today….
I have always left the security of my websites to my hosting provider which is at the moment is Hostgator. Hand on heart I can honestly say that we have not had too many issues in the time we have been with them which is well over 5 years now.
We have had the odd virus get into our files which can be a pain but if you use webmaster tools these should pick up if your website has a virus and alert you if it is set up. It is a very scary thought that your business could be under attack everyday!
Here is my four step plan about how to go about securing your websites through your VPS cpanel and wordpress installation.
Step # 1: Failed Log In Attempts
When you log in to your whm vps you have a number boxes come up click on the security tab.
When you have clicked on it you will see another variety of boxes click on brute force protection.
You will be faced with a user area that you can configure to your liking. We have it configured this way because it is the best way for us to be able to track the failed log in attempts.
Then on the next tab you can see white/blacklist management. This is for ip addresses from failed logins or actual logins. On the settings tab you will see we have set up an email notification of every log in attempt and failed log in attempts.
This means when you know someone is logging who you actually are letting log in you can white list the ip so they can log in without any problems. On the other side you can blacklist ips that are trying to login to attack your server.
What I have been doing is getting an email for every failed log in and then I have been blacklisting the ip address. Yes it is a boring job but when you realise from this is how many times people or bots try to access your server a day it soon perks you up.
When I first started doing this I was getting 10 to 15 every morning when I woke up, but now after 2 weeks I am getting about 1 every day now after mass blocking ips. I have also white listed some ips because I use Cloudflare and they need access.
Step # 2: Limit Log In Attempts
Another area for hackers is your wp-admin area when you want to do changes to your WordPress site. I did not know until I installed the plug in that they would want to gain access to my wordpress admin.
The plug-in is called limit login attempts.
We have set this one up to limit logins as you and only the people you want to access the admin area will have a password and will need just 1 attempt to log in successfully. Here is a screenshot of the options you have with this plug-in.
As you can see we get fake login attempts all the time something which took me by surprise as we are not in the top 20,000 Alexa rank but who knows why they want access just to damage your business probably or use it to spam.
Anyway it has a whole host of options to choose from and we have set it up this way to block the ip for a week and also we have set it up to log the ip and then I can add them to my black list on my cpanel.
Step # 3: The Back Up
This step is about backing up your business. Something you can do with your hosting company as we do every week and also we have all our products and download pages backed up on an external hard drive.
I was thinking about our WordPress install and how we can back them up separately. As we had duplicates of our products away from our hosting we needed a duplicate for our wordpress installs as they seem to be getting attacked just on there own.
After doing some research we came across Blog Vault. This site will back up all your installs at a click of a button. And they will try and help in anyway if you have multiple WordPress installs to keep costs down.
I signed up for the free trial and gave it a go. The control panel is easy to use and to view your backed up blog is also very easy, that is why we chose Blog Vault to be our second back up.
As you can see you just install a plug-in on your site and it starts backing up for you. You can auto restore, test restore all by a click of a button brilliantly easy that is why we love it. Click here to start your free trial.
Step # 4: Introducing Cloud Flare
This step is about using a CDN, which will route your traffic through its own servers and this makes your site faster but also tracks what threats your websites are receiving.
I went into a lot of detail about Cloudflare in another post which you can view Here and was published yesterday. In the image you can see how many threats have being saved by using Cloudflare, it is an enormous amount for a relatively small website.
The one thing that has come out of this is just how many threats, bots and people are on the internet just trying to destroy your business and hard work. We are not willing to let this happen and will continue from now to protect ourselves as well as our hosting company.
I was quite happy to just let the hosting company deal with it but when you see how persistent these bots or people are it can get worrying when it is your livelihood that is at stake. So keep safe and keep yourself protected because if the worse does happen can you say you did everything you could to stop people from destroying your business.
Just think with your business how secure it should be and if you are not securing your online business right now it needs to be top of your agenda.