The Web For Business.com Blog

Internet marketing observations, perspectives, tips and tricks for your education and enlightenment.


What Hackers Want From Your Website

Mark Kawabe - Monday, January 30, 2017

What hackers want from your websiteSmall business owners often downplay the risks of their websites being hacked. Yet, thousands of sites are hacked every day. Here are a few thoughts about what hackers might find valuable beyond your website itself.

Server Resources

There's a lot going on behind the scenes to put your website online. The computer that hosts your site (web server) has internet connectivity and resources beyond most personal computers. If hackers can place their software into your site, they can use the server's resources to launch more vulnerability scans, hacks and attacks against other sites. You've probably heard about Distributed Denial of Service attacks (DDoS) that take down large sites. They do that by using thousands of computers (botnets) to flood another site with traffic, ultimately overwhelming it. Your website's server resources has value to a hacker, thus giving them a reason to want to hack your site to access the server.

Compromising Your Visitors' Computers

If a hacker can put some software into your website's code, they can surreptitiously infect computers that visit your site. If your site receives 100 unique visitors a day and 10 of their computers get infected, that's 10 opportunities for hackers to retrieve sensitive data from your customers. You may think that because your site doesn't store sensitive data that it's not a target. Hackers think of your site as a means to an end. 

Web Traffic

Some common hacks involve redirecting visitors to one site to another. One customer came to me to let me know their site (created by another developer) had been hacked and that it was intermittently redirecting visitors to a porn site. It's also possible for hackers to redirect visitors to a webpage that tries to install malware on the visitor's computer. Gaining access to your website gives hackers easy access to visitors they wouldn't otherwise get.

You're Not Paying Attention

Small businesses generally don't pay as much attention to their sites as do larger companies. As a result, small business websites are often easier targets for hackers. Especially when it comes to self-managed WordPress websites which may not have core components, themes or plugins updated regularly. I did some checking on WordPress-based websites to see what version they were running. Out of 13 sites checked, 6 were running current versions of WordPress (4.7+). 3 were running version 4.6.3. The others were versions 4.5 and earlier, including one running version 3.5.1. If you think nothing's changed from a security perspective since WordPress 3.5.1, you're mistaken and your site is a sitting duck unless you've taken other steps to secure your site.

Your website by itself probably isn't that valuable. Hackers aren't going to deface your website and make it obvious they've been there. Instead, they'll rely on stealth and subterfuge to get access to the information and resources they're after.

How Do I Secure My Website?

If you have a static website, assuming your host has done a good job of security the web server and all of its software components, you will have somewhat fewer vulnerabilities than a dynamic, CMS-based website. Access passwords for FTP and any scripts you run may provide opportunities for hackers to get into your site. With a CMS-based site, your usernames and passwords to access the CMS are common ways to access sites. Make sure your passwords are strong. Additional approaches for all sites is to use a service like Sucuri to filter visits to your site so those trying to access it improperly are taken out of the mix. With WordPress specifically, ensure the WordPress core, themes and plugins are all updated regularly. You can add additional security plugins like iThemes Security Pro or WordFence to help bolster your site's defenses.

Websites get hacked every day. You can help secure your site and protect your visitors by being aware of the risks and taking the appropriate steps before you get the call saying your site's been hacked. It's the best thing you can do for your business, and it could even protect you from being sued by a site visitor because you didn't take appropriate steps to secure your website. I'm not sure if that's possible, but it's a question I've posed to my LegalShield team. I'll have an answer in an upcoming post.

And So It Begins

Mark Kawabe - Monday, January 09, 2017

The Most Valuable Real EstateToday's the day most of us find ourselves back in the office after a well-deserved holiday break. Welcome back! For your new year's pleasure, I present a few thoughts on what will be important to think about when it comes to your business' online presence.

Security

I spent a lot of time over the break helping a former client deal with their hacked WordPress website. Resolving the hack required professional help beyond my level of expertise, and in the end, the site is now clean. While we weren't able to discover the root cause of the hack, I discovered many things that were troubling.

  • There was no license for the theme used for the site, so there had been no theme updates since 2015.
  • The theme came with a number of bundled plugins. These had also not been updated since 2015.
  • Many non-theme-related plugins hadn't been updated.
  • Backups had not been done on a regular basis.
  • Yada yada . . .

My Suggested Resolution For WordPress Site Owners: Make security a priority. Here's an action plan.

  1. Check to make sure everything's been updated. Themes. Plugins. Verify you have licenses. Many are good for a year. If they're only good for a year, make sure they get renewed.
  2. Backup your site regularly. I use BackupBuddy, but it doesn't really matter what you use, as long as you back up. By regularly, I mean a full weekly backup of your database and files at a minimum. If you have a site that changes daily, then do a full daily backup. Store your backups on a different server than your website is on if possible.
  3. Install security software. I use iThemes Security Pro. Wordfence is another one that seems to be good.
  4. Change your passwords. If you don't know what a strong password is, then you probably don't have one. Get one. WordPress will make one for you. I suggest you use it. Call me if you have questions.
  5. Stay on top of things. WordPress, themes and plugins are updated regularly. Hacks evolve regularly as well. Vigilance is important.

If you have a WordPress website and you're not sure if it's secure, contact me and I'll be happy to help.

Here's wishing you a happy, healthy, prosperous and hack-free 2017!

Does Your CMS Affect Your Site's SEO?

Mark Kawabe - Thursday, July 09, 2015

There are many people who swear that WordPress is the best content management system (CMS) when it comes to search engine optimization (SEO).

I disagree. When it comes to SEO, the difference doesn't come from the CMS platform you choose. The difference comes from how you use the tools available.

There are many elements that factor into how a site shows up in the search engine result pages (SERPs). Some of those factors are within your control because they're things you can modify within your website. Things like having good page titles, solid content, good internal linking strategies etc. Those are under your control, so in theory, your CMS could make a difference.

Does WordPress do those things better than any other CMS? No. In fact, WordPress in its default setup (as of today's writing) doesn't even allow you to specifically define a page title and meta description for SEO purposes.

What WordPress offers is the potential to simplify your SEO efforts. Add a plugin like WordPress SEO by Yoast or the All In One SEO Pack and you'll suddenly have more options available to you. These aren't native to WordPress. They have to be added in. If you assumed that WordPress was simply better for SEO right out of the box, you'd be disappointed in your results.

A SEO specialist can do SEO on any website. It doesn't matter if it's a static HTML website, a WordPress site, or a site done on any other CMS. I have a static HTML website that's been in the top 10 for a popular search term for over a decade. I have clients with sites built on Adobe's Business Catalyst CMS who have good results in the SERPs.

No CMS offers an inherent advantage over another when it comes to SEO. The difference comes from the human being who manages the site. Anyone who tells you otherwise isn't telling you the whole truth.

New Website Launch for Joan Worthington, RSW

Mark Kawabe - Tuesday, April 21, 2015

Having been through counseling, I can attest to how valuable it can be. That's why when Joan Worthington, RSW, a gifted counsellor with decades of experience contacted us to update her website, we were happy to jump in.

Joan's original website was on an older hosted Content Management System (CMS). We developed her new website on the WordPress platform so she could retain her ability to update the website as needed on her own. WordPress is a very common platform for website development. Millions of websites have been developed using WordPress. An no, we're not exaggerating.

Another reason we chose to go with WordPress is because of the availability of responsive templates. With the upcoming change to Google's algorithm to focus more on mobile, having a responsive website is becoming a competitive advantage. Not all WordPress templates are responsive, so watch for that if you're thinking WordPress is the answer to your responsive website prayers.

With the new website, Joan took the opportunity to expand the content she has provided about the areas she counsels people in. There are many people suffering from anxiety, depression, PTSD, stress, or dealing with loss or grief, relationship and parenting issues. Of course, there are many other areas that Joan can provide counselling in, so it's good that the WordPress system can accommodate future expansions of content.

When it comes to managing her own updates, we created a custom video tutorial to help Joan work with some of the more advanced features available to her in WordPress. This is something we do for many of our WordPress clients. We have also created tutorial videos for other features like how to use our webmail system.

Joan provides counselling services in Niagara Falls and St. Catharines. If you know people who could use counselling, please refer them to Joan's website at http://www.consultworth.com.

 

The Failure Right Under Your Nose

Mark Kawabe - Friday, September 26, 2014

A broken chocolate bar is disappointing, but not as much as a broken websiteHave you looked at your website lately?

I'm serious. If you have one, when's the last time you actually looked at it?

From time to time I come across websites that are broken in some way.

Here are a few things I've seen this week.

  • Videos that don't play.
  • Missing pages - linked to from recent blog posts
  • Entire websites that don't show up on iPhones (Flash-based sites)
  • Contact forms with impossible to read CAPTCHA characters

Sometimes things are broken because of a technical glitch. Other times, things are broken because of poor design. Either way, your website won't work as well for you.

My advice: every now and then, pretend you're a visitor to your own website. Poke around. Test it out. Submit a request to yourself. Sign up for your newsletter. Make sure things are functional and understandable from a visitor's perspective. Sometimes failure's right under your nose, just a click away from being discovered and fixed. You just need to look.

Think of it as house maintenance. Your homebuilder doesn't come by regularly to check on the condition of the house. A website developer doesn't check in to see if the sites they've built are working properly three months later.

You might think that everything online should just work. For the most part, things do. Then again, with all the interconnectedness we now have, sometimes technology doesn't play well together. A core WordPress update can break a plugin leaving your website in shambles. Popular tech devices may not support your website's technology.

Your website could be failing in its most important task: to get you more leads. Checking in to make sure everything works properly is one of the easiest things you can do to make sure your online presence is working properly for you. Grab a cup of your favourite beverage (or a bar of chocolate) and take a few moments to visit yourself online.

Here's to your website's health!

Now Available - Wordpress Blogs

Mark Kawabe - Tuesday, September 07, 2010

We are now offering Wordpress blogs as part of our standard hosting package. In other words, they're available at no extra charge - unless you want some customization of them in which case the usual hourly rate applies.

Of course, just because we offer a blog doesn't mean you NEED to start blogging - but in case you wanted to - and have a business case for doing so, we can now make this happen within your website.

Blogging can benefit your site in several ways.

  • A Better Experience for Visitors - they're visiting because they're interested in the services your company provides. The more you can tell them about yourself, the better.
  • More Content For Search Engines - search engines need content to determine how to index your site. Blogging about a variety of topics increases the chances your site will be found. It's just one more strategy to employ. Remember - nothing on its own is the key to better placement.
  • You Look Better - having a blog that's moderately up to date is a comfort to visitors. If your last blog post is May 2009, well, visitors will think you haven't been up to much since then. Are you really still in business? Posting regularly (once a week or once a month is fine - just be regular) will showcase your knowledge, personality and expertise.

Just a few thoughts for you to ponder.

Have a great day!