For years, Google has been gently encouraging webmasters to implement HTTPS on every page of every website. Initially, the strategy was to reward you with a boost in the search results, but this boost was often offset by the negative effect of slower PageSpeed and the fact that every URL would have to change, potentially losing any “link juice” previously acquired. Recently, the strategy changed from a reward-based system to an increasingly punitive one. Google began actively blacklisting non-HTTPS websites that allowed credit card forms and even password fields to be entered.
Throughout May and June, the team from security firm WordFence observed a flurry of activity originating from some of the darkest-known corners of the internet, which they named “WPSetup Attack.” The activity involved searching for the presence of a file used when setting up WordPress for the first time. The presence of this file would allow someone to complete the installation and effectively take control of the WordPress installation. Worse though, once they have control of WordPress, they could then upload malicious code that would allow them to take control of the server itself.
Last night (Australian time), WordPress rolled out 4.7.5 without notice or fanfare. It purports to fix six vulnerabilities which are described on the wordpress.org blog. Being a security update, everyone is strongly encouraged to update their sites immediately.
Google just published their State of Website Security report for 2016 and it shows that last year was a particularly difficult one for webmasters with the number of websites hacked increasing by 32% since 2015. The news isn’t any better for 2017 with this trend unlikely to slow down in the foreseeable future as hackers become more aggressive and as more websites become outdated.
Administrative staff in any business hold a position of trust, but much more so in I.T. where a single staff member could potentially make or break that business. In the past few months, there have been a number of reports of someone being fired or leaving a business, which then causes that business some major headaches.
Password managers are secure apps used to store and protect our ever-increasing list of passwords. Passwords have permeated nearly every aspect of modern life. They may be an ancient technology, but they are still the front line in the protection of our private and personal data. And we are terrible at using them.
Unbelievably, 91% of all user passwords sampled appear on the list of the top 1,000 passwords. Put another way, hackers can access 91% of password-protected accounts with a list of just 1,000 commonly used passwords! Check out our tips for surviving the password apocalypse.
While I was researching another blog post, I needed to dig up the list of websites I’ve +1’ed using Google+ over the years. After 45 minutes of searching, I’m now writing a blog post to help anyone else struggling to answer the question: “Where can I find the list of sites I’ve +1’ed in Google+?”