Cybersecurity and Your WordPress Website

Table of Contents

    Transcript

    Hey, it’s Christina Hawkins from Global Spex. And today, I want talk to you about the security and cybersecurity of your website. First thing, I just attended a cybersecurity seminar, so my brain is just. My God, this isn’t insane. How much craziness is out there, and how defensive do we have to be. one thing that I noticed during this seminar is that there was a lot of discussion about personal and, maybe business-wise, security.

    Protecting your data, protecting your computers. From a business side, many discussions were about your phone, your laptops, your computers, and watching out for phishing. Watch out for clicking links that look a little suspicious, but I would like to take it a little bit further here and discuss with you website security and your own company.

    So the first thing that I wanna discuss with you is your website. There are a few areas that we always have to manage when it comes to keeping your website secure.

    The first thing is logging in. Now, when you log in, you wanna make sure that you’re not using the same password that you do with your bank, with your utility bills, or whatever it is that you’re using; try and use a tool called Last Pass that will allow you to create unique passwords for every single website you, you go to.

    And during the cyber security, they actually had a pretty good example of how this can help you if you are getting phished. So if you click a link and it opens up a website, let’s say it’s the Bank of America website, right? And by the way, I don’t bank with bank of America. So for everyone out there, don’t try and think you can find my bank of America.

    Cause I don’t have a bank America. If you click a link, it says, Hey, go to your bank of America. There’s a, there’s a security issue. So you click it, right? You go to the site, and it looks like Bank of America. It looks just like Bank of America, but your little LastPass extension might be on your Chrome or Firefox or Safari browser.

    Usually, if it’s the bank that you normally go to, a little icon will show, a one that says you’ve got one user account for this website. If you go to it and that one isn’t there, you’ll know you’re not on the right website, cuz it’s not gonna say, yeah, we don’t, we don’t know who these people are, this isn’t right.

    So don’t that’s that I like that. So use LastPass for everything. So for us, we recommend it when you’re using it for accessing your website.

    Keep the number of users on your website to a minimum. We don’t want have 20 people to have admin access. So what we like to do is to give people the right kind of access.

    So an editor, maybe a marketing person, a developer, they might have different access. We don’t want a marketing person to have plugin access because we don’t know what they’re adding. If it’s, if you know, if it’s something that, you know, we can have a discussion, we say, let us install it for you. So that’s security.

    Number one, number two is if we’re we typically build using WordPress, and WordPress has this bad reputation of being insecure, but WordPress is no more insecure than your computer software like Microsoft or Macintosh. And you’ll notice that all of these computer operating systems will consistently send out security.

    And that’s similar to what WordPress does. So WordPress 6.0 just dropped a month ago, back in May. And that is an upgrade as well as a feature upgrade. But there are also security features that are included. Then you’ll find there’ll be like 6.1 6.2 6.3. Those typically fixing bugs are fixing security holes that have been discovered.

    The same thing goes for plugins. Plugins should always be updated. Fixing any kind of security holes. The third level is the core hosting core programming language that most, any website might sit upon that. Right now, we use Unix-based servers, which is kind of like windows for servers. It’s the operating system.

    Then on top of that is another layer. Called PHP. So PHP works with Unix. Windows servers would have like.net on top of it, and that’s a.net would be a web application websites can be built with.net. On our end. We use Unix-based servers with PHP on top. And that’s the programming language that we’ll use to build websites.

    Typically, WordPress. PHP, just like any other operating system, needs to be updated. So if you’re updating PHP, that’s a good thing, but you don’t know that unless you’re in the host. So we’ve, sometimes we find out when we go to if people are hosted on other servers they might have a very old PHP like PHP four.

    And the reason why is that. And when you use when you upgrade PHP to the next level, it might break the website, right? Because the code that was written could be JavaScript, HTML, whatever J query, whatever programming was used on top of that PHP, it’s required. Elements within that PHP to deliver the website.

    So if you upgrade from 5.0 to 6.0, it might break the site because the code relied on certain elements in 5.0, and that’s what we’re running into ourselves. We have very, very, very old. I’ve had clients for 15, or 20 years, and they’ve got about two or three of them. They’re slowly starting to go away, but we still have about maybe about five websites right now.

    They’re so old that we cannot upgrade. We can’t upgrade them. They’ll break the site. So we’ve actually had to go back to them and kind of a little bit of an ultimatum that you either have to update. Move the site physically off of our servers because you are now putting at risk not only your site but other sites that might share that same space.

    It’s important that we keep everybody updated. If you don’t wanna spend the money to recode the site so that it. The most recent security for PHP or a version of PHP, we need you to get off of our servers. You’re putting again, you’re putting yourself a risk as well as everybody else. and the reason again, back to the fact that sometimes if you update it, you might break the site.

    Now there’s not just PHP, there’s JavaScript. So we have HTML websites and old HTML mail that might use JavaScript to send a form, maybe a script. So it’s a script, and you might put your name, right? Those forms and you hit send, well, there’s JavaScript behind there. Sometimes that using actually physically to send an email.

    Now there are other things in between it’s calling bits and pieces from the server, the mail server to send an email, and that JavaScript. Probably I know has not been updated in years. Never was a problem before, but now we’re noticing it’s a problem. So even an old, basic, plain HTML site that never was an issue before has become an issue.

    So we actually have to go back to a couple of clients that have super old websites with just regular old HTML. We have to tell them the same thing. You either remove the site from our servers or go to your own. It still doesn’t solve the problem for you. Or you upgrade the website so that it meets the security standards that we have to put in place.

    So I just wanted to give everybody a heads up on that and how that works. And if you are one of those folks that might have a super, super old website, you probably will be hearing from us in the next couple of days cuz we need to let everybody know. one or the other. So thank you so much, and be careful beyond the defensive.

    Always. Don’t assume that every email you get is legitimate. Take a moment before you, you click that link. Take a moment before you go to that website and fill out your logins and passwords. Make sure you got two factors set up, and for sure, set up LastPass.

    Have a good day, everyone.

    Website WordPress Security Video

    Blog Categories

    Missinglettr
    Posted in

    Christina Hawkins

    Since 1999, Christina has been designing and building exceptional websites partnering with small businesses to help them grow and increase revenue. With many years of experience in creating thousands of websites, she understands the need for continuing education in her field and, therefore, is constantly learning and teaching others about internet marketing and digital processes. In addition to her ability as a digital marketer, Christina serves as a coach and mentor with Agency Mavericks to other digital marketing freelancers, helping them grow their businesses. She is a sponsor and co-leader of Houston's WordPress Meetup. Recently, she spearheaded the next Houston WordCamp 2020 as its coordinator after a 10 year hiatus. She is currently President of the Houston Interactive Marketing Association.

    Leave a Comment