Currently browsing security Category

Unwanted Ads and Malware on Your Website

This week’s tip is about removing unwanted ads from your website. In the past few weeks, I’ve had questions from clients about advertisements popping up on their websites. Their concern was whether I had put ads on their websites or whether their websites had been hacked. This is a good question and I thought I’d write up a post about it because it happens fairly often. The short answer is that, unless we’ve discussed putting advertisements on your website, you should not have pop-up ads appearing on your site. Most times, the issue is not that there are ads specifically on your website. Instead, your local computer has probably been infected by a virus or malware and you’re seeing pop-ups on many sites — not just on your business website. Here are a couple of examples of what these ads may look like:

Spam adSpam ad

While most times these ads are being generated by malware on your computer, there is a chance your website may have been hacked, so it’s always important to check with your webmaster to verify your site is secure. If the pop-up ads are from malware or a virus, I recommend using Malwarebytes to scan and remove any unwanted programs from your computer. They offer a free and premium version and I’ve always had success with the free version. Depending on the type of infection you have, you may need to take further action to remove the malware/virus.

Image by Bes Z (CC BY 2.0) via flickr

Security and Limiting Login Attempts

This week’s tip is about increasing the security of your website. No one likes to think about their website being hacked. In addition to losing control of your site, it can feel like a personal violation and it also can take a lot of time and money to have a website fixed. All admins should have a secure password and you should backup your website regularly (or make sure your host and/or webmaster is backing it up for you). One more way to add security to prevent your site from being hacked is to limit the number of times someone can attempt to log into your website.

If you’ve logged into your own WordPress site, you know the login is at yourdomain.com/wp-admin or yourdomain.com/wp-login.php. This is the case for almost every WordPress site. So, it’s pretty easy for a hacker to know where they can log into your site. At that point, they can just try over and over again to get into your site, guessing username and password combination after username and password combination. This is where the Limit Login Attempts plugin can help. This simple plugin limits the number of times a wrong username/password combination can be guessed by any IP address. With the default settings, after four incorrect logins, the plugin locks the IP address out for 20 minutes. After additional incorrect logins, the IP address is recorded and locked out for 24 hours. This plugin helps prevent against brute force attacks – an attack that just tries usernames and passwords, over and over again. By limiting any user only 16 tries to guess a username/password combo, you’re making it very difficult to guess any strong password.

The only downside to this plugin is that if you forget your username/password combo, you could be locked out of your own website. If you don’t remember your password, simply click the “Lost your password?” link on your website’s WordPress login screen and you’ll receive an email with instructions for resetting your password.

I highly recommend this plugin to all of my clients. If you’re not sure if you have this plugin installed and you’d like to try it, just send me an email!

creektimeP.S. My weekly tips have been a little spotty, now that summer has arrived. That’s because we’re having way too much fun around here, enjoying the beautiful weather. It’s hard to sit in front of my computer when a warm, sunny day is calling my name…

 

 

 

Image by Bes Z (CC BY 2.0) via flickr

Ready to get started?

Or just want to learn more about how I can help you bring your business to life on the web?

Send me a message!