Tag: TrueShield WAF

SiteLock Website Security

SiteLock TrueShield Updates on May 1st, 2017

SiteLock is expanding the network behind our web application firewall, TrueShield, and our content delivery network, TrueSpeed. To accommodate our growing customer base, we’re adding over 130,000 new unique IP addresses on May 1st, 2017. This will require some customers to make changes to their firewall or web server configuration to ensure our new servers are compatible with your website’s hosting server. If these changes are not made by May 1st, 2017, your site visitors may be restricted from accessing your website.

Read More

SiteLock Website Security

SiteLock TrueShield Web Application Firewall Updates

SiteLock is expanding the network behind our web application firewall, TrueShield, and our content delivery network, TrueSpeed. To accommodate our growing customer base, we’re adding over 1,500 new unique IP addresses on January 8th, 2017. This will require some customers to make changes to their firewall or web server configuration to ensure our new servers are compatible with your website’s hosting server. If these changes are not made by January 8th, 2017, your site visitors may be restricted from accessing your website.

Read More

XSS vulnerability - cross-site scripting

XSS Vulnerability Found In WP Super Cache Plugin

A cross-site scripting (XSS) vulnerability was recently revealed in the WordPress caching plugin, WP Super Cache.

What Does The WP Super Cache Plugin Do?

WP Super Cache converts dynamic WordPress pages into static HTML.  This creates pages that are quicker to serve to visitors than a database-generated page. Great for high traffic sites, WP Super Cache’s popularity has garnered over a million downloads.

Read More

content delivery network

Three Ways to Boost Website Security and SEO at the Same Time

Seo Key On Computer KeyboardSEO (Search Engine Optimization) is the process of improving your website’s ranking among search engines like Google and Bing. Over the past few years, SEO has greatly evolved. Keywords and backlinks (other websites linking back to yours) used to have a huge impact on SEO rankings, but have since been taken over by new and improved algorithms such as Google’s Penguin and Hummingbird, which aim to decrease black-hat (negative) SEO techniques such as link spam.

With cyber attacks on the rise, search engines have been increasingly factoring spam injections, malware infections, and website speed into their SEO algorithms. Properly securing your website can provide a large boost to your SEO rankings. Below are 3 ways you can improve the SEO ranking of your website by securing your website.

1. Moderate comment spam

Malicious links hosted on your website can negatively impact your SEO and, worst case, can flag your website as malware or spam, preventing users access to it.

One of the easiest ways for hackers to place malicious or irrelevant links on your site is through comments on your blog. These links damage your site’s authority and credibility so managing them is critical. Fortunately, there are several things you can do to automate the moderation process of comments:

  • If you’re using a Content Management System (CMS) like WordPress, look into one of their comment system plugins
  • Enable CAPTCHAs when possible, as an extra layer of security
  • Disable anonymous posting, and only allow registered users to post comments
  • If you have an active moderator, require that comments be approved before they are posted on your website
  • Enable a web application firewall (similar to our TrueShield WAF) which will block malicious bots from accessing your site to begin with
  • If you’re still having trouble with comment spam, you should disallow hyperlinks in comments altogether

2. Regularly scan your website for malware

Often times, malware and malicious links can be injected into the code of your website without notice, negatively affecting your SEO, and potentially harming your visitors. Reversing the whole process is both difficult and time consuming, since injected malware is usually hidden and made to look like regular code, and your hard-won SEO rankings may be lost in the meantime.

A website malware scanning tool can scan your code each day for malware (and suspected malware) and in some cases automatically remove the threats or point you directly to the suspected malware. This means  you don’t have to search line-by-line  through code in the event that your website is compromised. The SiteLock Website Scanning and Malware Removal product provides automated alerts to help you avoid search engine blacklisting, saving your business’s reputation and SEO positions.

3. Cache website data with a CDN

Malware can dramatically increase the time it takes a website to load, if it allows it to load at all. But even a  malware-free website can improve its SEO, performance, and security at the same time. A CDN (Content Delivery Network) is a website optimization infrastructure that works by caching website’s content across data centers around the globe. This results in quicker  website load times since content is served locally to visitors. It also improves website security since, as is the case of the SiteLock CDN, data is fully encrypted both in transit, and at rest.

Major search engines like Google factor load times into their SEO algorithms (time to first byte – TTFB), so by using a CDN, your website can experience a boost in SEO while improving security at the same time.

Want to see how your SEO stacks up? Many online tools can scan your website and provide suggestions to improve your SEO. Contact a SiteLock Security Consultant today to learn what solutions are the right fit for your site.

 

UpdraftPlus Presents Website Security Concerns

UpdraftPlusUpdraftPlus is a premium WordPress plugin that automates WordPress file and database backup as well as restoration to the cloud. The free version prior to 1.9.51, and versions without the “automatic backups” or “no adverts” add-ons, are vulnerable to security token, or nonce, disclosure which allows malicious actors outside your company to perform administrative-level actions like downloading sensitive configuration files and uploading remote control shells.

What should you do as a WordPress and UpdraftPlus user?

If you’re a SiteLock customer with TrueShield, breathe easy. Thanks to the TrueShield Virtual Patching, patching UpdraftPlus is automatic.

SiteLock protects WordPress site owners from the UpdraftPlus vulnerability with the SiteLock TrueShield web application firewall with Virtual Patching, regardless of UpdraftPlus version. TrueShield analyzes site traffic and stops attempted unauthorized security token use, again, even before the patch is applied.

If you don’t have SiteLock, you’ll need to update UpdraftPlus to version 1.9.51 as soon as possible. With disclosure, automated attacks follow, and without a firewall like TrueShield, or SiteLock’s SMART scanner which finds malicious code as soon as it hits your site, updates are your best defense.

For more information on SiteLock security solutions call 877.563.2791.

5 Ways to Protect Your Website From Malware

protect website from malwareThere are over 1 million new strains of malware created every day. One identified infection can get your website blacklisted by Google, who currently blacklists over 10,000 websites each day. Mind you, the malware need not even be on your site.

SMEs (Small to medium-sized enterprises) are unfortunately one of the largest targets of cyber attacks. On average, over 30,000 SME websites are targeted each day, and to make matters worse, nearly 60% of their IT professionals think they aren’t at any real risk of being attacked.

Don’t allow your business to suffer expensive cyber attack damages (which average around $50K per attack) — instead, be proactive in your web security efforts to prevent security threats, protecting you and your customer’s private data. Here are 5 tips to help you protect your website from malware and other cyber threats:

1. Updates and Patches

Is your website running off of a Content Management System (CMS) such as WordPress? A CMS can be an easy and cost-effective way to manage your business’ website, but they’re also large targets for cyber attacks.

Why? Many CMS platforms and plugins are often easy targets for hackers and allow backdoor access to your server and data (a recent example of this vulnerability was the SoakSoak attack that occurred last month). Make sure your system, plugins and themes are always up to date, strengthening your web security. Many CMS solutions will even automatically update files for you, if you choose.

2. Website Scanning

Many web viruses and other malware go unnoticed until it’s too late, due to their elusive nature. They can often be implemented with a simple one-line script, injected into the code of your website – made to look like normal code.

Website security scanning software can scan your website for existing malware and other harmful code that doesn’t belong, and notify you immediately of any threats. Our SMART (Secure Malware Alert & Removal Tool) software takes it a step further by automatically removing anything harmful – similar to what a virus removal software does for your PC.

3. Web Application Firewalls

Removing existing website threats is one issue, but keeping them from coming back is another. With over 1 million new malware strains created each week, your business’s website can potentially to be infected by a new virus every day.

Web Application Firewalls (WAF) can help prevent attackers from even visiting your site. How do they work? Let’s take our TrueShield WAF, for instance – it evaluates traffic based on where it’s coming from, how it’s behaving, and what information it’s requesting. Based on these and other criteria, the firewall will allow “legitimate” traffic (e.g. customers and search engines) access while blocking “malicious” traffic (e.g. spam bots and hackers).

Used in conjunction with a website scanning solution, a WAF can help provide around-the-clock, hands-free security for your business’s website.

4. PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS), or PCI for short, is a security standard that businesses must adhere to if they accept major credit cards. This compliance helps ensure that your business and customers are protected from cyber attacks and fraud by providing a documented, baseline security posture for your site. Failure to comply with PCI standards can result in direct financial damages, lawsuits, government fines and ultimately ruin brand reputation in the event of a data breach.

Fortunately, it’s not difficult to become PCI compliant. There are many solutions that walk you through the steps to help create your own customized PCI policy. Our SiteLock® PCI Compliance program takes it even a step further by scanning your site and network, and you can also add on our PCI-certified TrueShield firewall.

5. Strengthen Passwords

Even in 2015 the world is still using weak passwords. A strong password is one that contains over 8 characters, no dictionary words, has a mixture of uppercase and lowercase letters, and includes digits and/or special characters. Unfortunately, many of those boxes aren’t checked – allowing brute-force hacking techniques (repeated attempts to login to your website) to become effective.

It’s extremely important that you create a strong password for your website’s back end, since it can often times be an easy way into your private data. You should also advise your customers who have online accounts to do the same, to help protect them from future attacks. After all, it only takes seconds for a computer to crack a poorly created password.

For more information on the types of malware and how you can protect your site, visit the SiteLock blog.

Powered by WordPress & Theme by Anders Norén