This October marks the 18th annual Cybersecurity Awareness Month in the United States, Canada, and many other countries around the world. As such, it’s time to remind ourselves of just how dangerous it is to not focus on website security.
At GreenGeeks, security is one of our top priorities, and with the increase in demand for web hosting, as more and more businesses move online, new security threats and vulnerabilities are constantly emerging.
According to ThreatPost.com, although such attacks have been growing worldwide over the last few years, in the United States alone, ransomware attacks were up a whopping 109% in 2020 which makes taking some simple security precautions all the more important.
Addressing Cybersecurity for Your Websites
While the Abuse team at GreenGeeks has seen its fair share of new challenges arise during the pandemic, we’ve also used this as an opportunity to expand our real-time protection and malware removal tools.
As a result of GreenGeeks’ proactive approach to malware, which includes real-time malware file scanning, targeted software updates, and active HTTP-level protection, we have been able to stay on top of this problem and assist our customers more efficiently.
In the last month alone, the GreenGeeks Abuse Department reached out to almost 500 infected users, and we routinely update vulnerable WordPress plugins on our Shared and Reseller network to the most recent version release in order to patch newly disclosed vulnerabilities.
Making sure all software hosted under your account is current, whether you use WordPress or not, is critical to the website’s security & stability. The number one cause for compromised websites is the use of outdated software, particularly extensions(themes/plugins).
Our Support team can also assist with configuring automatic updates for all WordPress core, themes, and plugins going forward to ensure the site is always running the most up-to-date versions of software.
In addition to keeping your site up to date, there are plenty of other steps you can take to secure your website and account even further.
Website Security
Securing your website is easier than you think, especially if you use WordPress to manage your website. WordPress offers automatic updates for most themes and plugins and allows for easy customization of update options.
WordPress also offers optional two-factor authentication, security plugins, and other extensions to protect your site. In addition, GreenGeeks automatically imports any WordPress websites into the Softaculous App Installer system in cPanel, for easier management and update assistance.
Website Backups
Along with adding additional security to the site, taking regular backups is one of the most important things you can do to protect your site. Backups can be taken at the cPanel account, Softaculous, or application level using a plugin such as the WordPress plugin – Updraft Plus.
While GreenGeeks takes our own backups for disaster recovery purposes, and we provide our customers the ability to restore from these backups regularly as a courtesy, we always suggest creating your own set of backups as an insurance policy.
Securing Your Domain Registration Details
Securing your domain is actually easier than you think with ID Protect. With ID Protect enabled on your domain, all of your administrative contact details are hidden from public WHOIS searches, which ultimately prevents your personal information from being scraped.
If your domain does not have ID Protect enabled, this can ultimately lead to spam being sent to the email address listed for your domain contact. Once spammers get a hold of your email address, there is nothing that can be done to stop them from trying to send spam.
What’s better, ID Protect is available for the low price of $9.95 per year, per eligible domain and can be purchased directly via your GreenGeeks Account.
Password Audits
The second most common reason for compromise is password reuse.
For this reason, we strongly suggest regularly updating all passwords for the users under your control to new, secure passwords generated at random.
This should be done for your GreenGeeks Account, your WordPress dashboard, email accounts, and any other services for which you use a password.
Passwords should be 12 to 16 characters in length and include upper and lower case letters, numbers, and special characters.
A Note About Password Strength:
Passphrases are typically much stronger than passwords and easier for humans to remember. This is because a string of long random characters is easy for a computer, hard for a human, while a phrase such as “thequickbrownfox” is hard for a computer but easy for a human.
While regularly rotating passwords is best practice, you should also use a password manager to manage your passwords, such as KeePass.
KeePass works by creating an encrypted database, secured by a ‘master’ password, which stores your login credentials. This allows you to create new strong, highly secure, passwords for each service and not worry about password reuse.
Even better is KeePass is 100% free! KeePass can share the encrypted database between multiple devices, and even has support for mobile clients or USB sticks, so you can take your secure passwords with you.
GreenGeeks Account Security
For account security reasons, you should never use an email address for your GreenGeeks profile that is associated with a domain hosted within your GreenGeeks account, i.e. [email protected].
Such a configuration puts your account at risk should your email address be compromised and could cause you to lose access to your GreenGeeks account, should your domain name expire, or there’s an issue with your account.
GreenGeeks recommends using a third-party email provider, such as @gmail.com, @outlook.com or @yahoo.com in order to avoid such a situation.
Two-Factor Authentication (2FA)
In addition to the required device-based browser verification, GreenGeeks also offers two-factor authentication (2FA) for your GreenGeeks profile. Having 2FA enabled helps secure your account against unauthorized access by requiring a one-time code from your local device each time you log in to the GreenGeeks profile.
This means that even if your email account, username, and password were all compromised, they still wouldn’t be able to access your GreenGeeks dashboard without the one-time code.
More information on configuring 2FA can be found in the Security tab in your GreenGeeks Profile, or our Support Article on 2FA configuration.
But wait, that’s not all!
To help further our commitment to Cybersecurity Awareness Month, we’ve started up a special sale on AlphaSSL certificates.
While GreenGeeks offers Let’s Encrypt SSL certificates for free, these must be renewed every 90 days. With an AlphaSSL, your website is secured for an entire year, and this type of certificate offers a $10,000 warranty in case of any miss-issuance of a certificate.
What’s better, is we’re offering AlphaSSL’s for 50% off the initial price of $99.95 as a special price for Cybersecurity Awareness Month. That makes an Alpha SSL only $49.95!
This deal is only available for a limited time, so act now to take advantage of these special savings.
Keep Your Site Protected
There are plenty of ways you can increase the security of your website. Most methods don’t take but a few moments to set up. Don’t leave your site and data to chance by thinking you have plenty of time.
All it takes is a brief moment to lose everything.