Websites 503 Logo

Websites 503 Blog

Web Hosting Podcast Talks Website Security Tips

If you are a website owner or developer, website security is probably of the upmost importance to you. Despite all of your research on the topic you may still be wondering if you’ve done enough to keep your content secure. The constant need to stay on top of this topic is especially important if your website was built using a Content Management System (CMS) like WordPress, Joomla, or Drupal because hackers are always on the lookout for new vulnerabilities in these very commonly used CMS’s.

A conversation about website security between a long-time server administrator and a website developer

I recently sat down with Web Hosting Podcast host Tim Yardley for a lightning round QA on the topic of website security. Take a listen as we each answer 10 questions about the security of our own websites before taking a deeper dive into each of these 10 topics:

Web Hosting Podcast Episode 4:
10 WEBSITE SECURITY TIPS WITH MEGAN FERRELL AND SHOW FEEDBACK.

Compare our answers with your own and judge how well your website’s security stacks up?

  1. Is your CMS software up to date?
    Tim: Yes
    Megan: Yes
  2. Are you using trusted third-party plugins and themes?
    Tim: Yes
    Megan: Yes
  3. Have you changed default settings on your CMS?
    Tim: Yes
    Megan: Can I have a half point because sort of and sometimes?
    Tim: No, no half points
  4. Do you promptly remove outdated access permissions?
    Tim: Yes
    Megan: Yes
  5. Does your website URL start with HTTPS?
    Tim: Yes
    Megan: Yes
  6. Are you using a WAF (Web Application Firewall)?
    Tim: Yes
    Megan: I’ve dabbled in the dark arts of CDN but not currently, so “no”
  7. Is your server monitored for malware?
    Tim: Yes
    Megan: No (but really the answer is “yes” thanks to the CXS scans
  8. Do you use SFTP instead of FTP to upload files to your website?
    Tim: Yes
    Megan: Yes
  9. Do you have daily backups of your website?
    Tim: Yes
    Megan: Yes (but it is more like weekly)
  10. Are passwords difficult?
    Tim: Yes
    Megan: Yes

So this is all there is to website security?

Undoubtedly these 10 questions are a good litmus test and starting point for judging your website’s security. It is important to remember that each website may have it’s own unique set of needs and challenges when it comes to security. In addition, considerations like time and budget might also be factors. And, the topic of website security is an ever-evolving one so something that might be good practice today, might be useless tomorrow.

Other recommendations for having a secure website

With all of this in mind, Tim and I added a couple of security measures to the list for your consideration:

  1. Have you changed all default passwords sent to you when you signed up?
  2. Does your developer or another person know your passwords?
  3. Have you disabled and removed all unused themes or plugins?
  4. Have you moved you default login page?
  5. Have you considered enabling two-factor authentication?

Thanks to Inc.com for getting conversation started with their 10-topic online quiz.


Website Search Engine Optimization Tips: #2 Find the Right Website Keywords

Once you’ve made the commitment to have a website that will last for the longhaul, the next step is to gather good content rich material (CRM) for your website. If you are in a service industry this means writing original content about what you do and how you do it in a way that is unique from your competitors. Once you have gathered all of the relevant information and created a wireframe it is time to start thinking about keyword optimizing your content.

You were probably thinking about website keywords all along — consciously or subconsciously.

I’ve been meeting with small business owners for years now and about 25% of them are completely obsessed with Googling themselves. The pet store owner wants her website to be the top search result for the phrase “dog food”, the general contractor wants his website to to the top search result for the phrase “home builder”, and I want my website to be the top search result for the phrase “website developer.” But all three of us are in for a world of disappointment and here’s why…

Google doesn’t know just how amazing we are or how hard we have worked to put together our pet store, general contracting business, or web development firm. All Google knows is that there were hundreds of other websites built before ours with years and years of Search Engine Optimization and online reviews with Yelp and Google Places. If Google is choosing which website should be the top search result for the search phrase “web developer” is it more likely that the person conducting the search was looking for a large firm with thousands of clients and tens of web developers or me? That doesn’t mean I should give up working on Search Engine Optimization or be resigned to languishing on page 8 of the search results. It just means I need to work hard and be smart about how I present the content on my website to the world. It is time to starting thinking realistically about what I am trying to accomplish with my website’s SEO.

What keywords are realistic for your industry?

Your industry, the size of your business, and your commitment to your website all come in to play when picking website keywords. If you are operating a bakery and you are just getting started it is probably pretty unrealistic to think that you will build a nice 5 page website for your small business and the phones will start to ring from all of the website traffic you will get when someone searches “bakery”. This is because Google “thinks” that most people searching for a “bakery” are looking for a world renowned bakery, not your newly opened establishment. But fear not, there is something you can do with your website’s content/keywords that will help your website be found: rather than focus on generic keywords, you can focus on long tail keywords!

Understanding and identifying good long-tail keywords.

So what are long tail keywords? If you’ve ever searched for content on the internet, then you’ve probably used long-tailed keywords to help you find what you were looking for. Long tail keywords are the set of words (usually about 3-5 words) that you use to get more specific search results than can be achieved with a broad-based more generic search.

Let’s look at a real-life example: You’ve adopted a new cat and are on the lookout for information about different brands of cat food. So you go to Google and search for “cat food” but you quickly realize that your search isn’t specific enough and you are going to have to wade through pages and pages of results to find what you are really looking for which is a local pet shop that carries Science Diet brand of cat food. So you get more specific with your search results by searching “Science Diet cat food Portland pet store.” Now you are making use of a more specific search to fine what you are looking for which is something to keep in mind not only as you search the web but as you build a website.

So what some long tail keywords phrases that might be good for your business. If you are a cafe in Tigard, Oregon that specializes in bagels and Stumptown coffee then you might build a webpage that focuses on long tail keywords like “Stumptown coffee Tigard, Oregon” or “everything bagels Tigard, Oregon.” The odds of getting your cafe found will imprive if you can write content that focuses on specific products and/or a specific location. Emphasize what you specialize in and tailor your keyword focus accordingly and you will find yourself starting to appear in organic search results for those longer and more targeted phrases.


Keeping your WordPress Website Updated | Enrolling in an Automatic Updater

The reality of the world wide web (internet) is that there have always been hackers and there will always be hackers. If you own a website, the responsibility for its security is shared between the website owner and the website hosting company. Web hosts implement many lines of defense against hacking to keep the servers secure. But that is only half the battle. If website code is poorly written or not kept up to date by the hosting client/ website owner, a website is still vulnerable to hacking. That is why hosting companies ask the hosting client to do their part to keep their website secure. To this end, I want you to be educated about the need for and ways to keep your WordPress website up to date. ***This blog post is based on web hosting at Portland, Oregon’s Canvas Host which has both cPanel and Installatron for WordPress hosting clients.

Who – > You (or you have us do it for you)
What -> Get your WordPress update
When -> NOW
Where -> Installatron/ cPanel
Why -> To prevent your website from getting hacked and to prevent the rest of the websites on the server with you from getting hacked

You need to get your WordPress website updated NOW with Installatron/cPanel for two main reasons: first, to prevent your website from getting hacked and second, to prevent the rest of the websites on the server with you from getting hacked.

Let’s begin by stating that if none of this interests you, but you do acknowledge the necessity of having your website be secure, Canvas Host can look at your hosting package and provide a quote as to the feasibility and cost to enroll your website(s) with Installatron. Please be aware that your website may not easily import with Installatron (because of modifications to WordPress or permissions from a previous web host) so any quote for the work is based on the assumption that the import and configuration is standard and you will be notified if that is not the case.

FOR THE DO IT YOURSELFER

For those of you who have been keeping your WordPress website updated on your own, you are probably aware that there are three components of your website that require regular/ semi-regular updating: the plugins, the theme(s), and WordPress itself. It is my preference that, if running updates manually, they are done in a specific order: Plugins, Themes, and WordPress. There is a whole discussion to be had about the reasons for this, but we will leave that for another time.

The first question to be asked is this: Is your website already in Installatron?

If you don’t know the answer to this question, you need to log in to your hosting account cPanel and go to the cPanel Section called Software. The Installatron Applications Installer link will be in this section.

Installatron cPanel screenhot

If you see your website homepage next to a panel with your website details, then your website is in Installatron. If not, then your website needs to be imported into Installatron and please continue with this tutorial if your website is not in Installatron or skip down further if your website is already in Installatron.

My website is not in Installatron

If you have gone to cPanel and discovered your website is not Installatron you can set up automatic updates after importing the website into Installatron. At this point you should be in your hosting cPanel and you should have selected the Installatron Applications Installer. Since your website is not in Installatron you will be directed to the Installatron page where you can search for application. Here you will scroll down a select the WordPress icon/ option.

Step 1 od Installatron import of website

On the next screen you will select the option underneath the Install this application drop down (import existing install).

Step 2 Importing a website into Installatron

On the next page you will select the continue option in the “From this account” section.

Step 3 Importing a website into Installatron

Next you will select the domain and directory (if there is one) that you would like to import and push the import option. Your WordPress website should begin to import.

Step 4 Importing a website into Installatron

Now you can continue to the next step.

My website is already in Installatron

At this point we assume you are already logged in to cPanel and have clicked inside of the Installatron Applications Installer. Next you should identify which WordPress website (you may have more than one), you want to configure automatic updates for.

A website that was created by or imported into Installatron

Check the checkbox next to the website you want to configure for automatic updates. Then select the wrench icon or push the edit option.

How to edit the settings for a WordPress website inside of Installatron

An overview of your Installatron settings for this website will load. Slide down on the page and configure the options that work for you. A good set of options is to select the following:

  • Automatic Update (Update to any new version.)
  • WordPress Plugin Automatic Update (Update WordPress plugins as new version become available.)
  • WordPress Theme Automatic Update (Update WordPress themes as new versions become available.)
  • Automatic Update Backup (Create a backup and automatically restore the backup if the update fails.)
  • Email Notification (Send all email notifications for the installed application.) *Note: This should generate an email to whatever email address you originally have had on file with our web host

Automatic update choices with Installatron

Scroll to the bottom of the page and make sure to press Save All in order to update your settings.

Last step to update Installatron settings to run WordPress automatic updates

If you have premium themes or plugins for that require an update key or purchase, Installatron will not be able to run updates. If updates break your website Installatron should restore to a back up and (if you asked for email notifications) provide you with a message that there was an issue). Canvas Host cannot guarantee the software provided by Installatron however it was tested prior to this blog posting and has worked to keep several websites updated with no issues. Any customization you or your web developer may have done to your website might render different results. We encourage you to attempt to go through this process with any WordPress websites you have hosted at Canvas Host and if you would like us to go through the steps that is something our IT and Web Development Staff can handle.


New Website Launch: Pat Dooris Media

Congratulations on a successful new website launch for Pat Dooris Media!

The Pat Dooris Media website features some blog posts where Pat shares some of his public speaking know-how and expertise as well as gorgeous photographs of Pat around town and hard at work putting together seminars to help individuals and organizations get their professional message heard. Pat Dooris is a veteran news reporter in Portland, Oregon and his years of work for KGW-TV give him the expertise and preparedness to help your organization. He coaches public speaking and provides presentations that will both inspire and educate your organization about messaging.

The Pat Dooris Media website also features videos, his KGW-TV RSS feed, testimonials about his past presentations, and a way to get in touch with Pat to schedule an event or presentation.

More details about the website build for Pat Dooris Media can be found on the Websites 503 portfolio page.


Website Search Engine Optimization Tips: #1 Good Content

You may have heard it said that your business website needs good Search Engine Opitimized content in order for it to be found through organic search. It is true, there is a strong correlation between good website content and good results in Search Engine page placement. Of course, there is no substitute for jumping to the top of the page with Ad Words paid placement but that can require an extensive budget and commitment with a Search Engine Marketing specialist. In lieu of paid placement, the only legitimate way to get to the top of organic search results is the old fashioned way — with hard work. Understanding what Search Engines mean when they ask for Content Rich Material (CRM) is more easily understood by having an understanding of what good website content is. Once you know the “what” and “why” of how the search engines work, you will find that there is little mystery behind moving up in search results. It is empowering to know that improving your website’s place in Search Engine Rankings is in your hands.

Read More


Keeping your WordPress Website Secure with Updates

One of the most overlooked parts of having a WordPress website is understanding the need to keep that website secure. Keeping a WordPress website secure is an on-going process. Central to the security is keeping WordPress updated. There are three parts to a WordPress install that need to kept updated — the theme, the plugins, and the WordPress files themselves.

Read More


Moving your WordPress Website’s Login Page

Whether an experienced hacker or a WordPress newbie you can look at any WordPress website and make an educated guess at the URL of the login page — http://yourdomain.com/wp-admin. I have had the opportunity to watch bots and hackers attack servers with WordPress installs in real time. It’s a scary scene. Once they find a WordPress login URL they slam that login page with targeted username and password login attempts.

What does this mean for your website and how can you prevent the issue?

Read More


Website Image Resources

Imagery can be a very important element in the development of a website. Your ability to use professional photographs on your website may depend on your budget and the purpose of your website. While a family blog may be an appropriate place to display untrained digital camera/ smartphone photography, a business website is no place for unprofessional imagery to be on display.

Read More