Written: March 12, 2019

PHP Version

Keeping Your Web Hosting Plan Updated

My website runs on the popular WordPress platform and is hosted at www.ionos.com, formerly called www.1and1.com. All is well, at least until it’s time to upgrade your web server language settings. For WordPress users that web language is called PHP, and WordPress will alert you if the version of PHP used on your web server is too old, leaving you open to security issues and support issues.

When I logged into a client site today in WordPress that alert appeared about my PHP version being too old, so here’s what I did in their GoDaddy account:

  1. My Products – the starting place.
  2. Web Hosting – click on the button: Manage
  3. Click on the button: cPanel Admin
  4. Scroll to Software, click: Select PHP Version
  5. Choose a PHP Version: 7.1

Hopefully that didn’t get too Geeky for you, but if this sounds too complex, then just give me a phone call or email, and I’ll click through all of these steps and verify that PHP is updated and that your WordPress site is running securely, so that you can concentrate on running and growing your business.

PHP Version

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Is that Web Password Safe or Hacked?

I read almost every week about a data breach at some large company, so then the bad guys may now have another one of my passwords, but what can I do about it? Well, Google has a list of all known data breaches and when you add their new extension to the Chrome browser and visit a web site that has been breached, it will alert you to change your password.

I’ve been using this Chrome extension for a couple of weeks now and just yesterday it alerted me to change my account password on a particular web page that I use about once per year:

Kudos to Google for making this password checking feature free to Chrome users. At least I know that my old password has been hacked, and that it is time to update it before some bad guy steals my identity for that particular web site.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Nest

Reusing The Same Password on All Sites

Online life is complex, so we may take a shortcut and use the same username and password for all of our online accounts, however if there is a data breach and the hackers find out that unique combination, then they may take over some or many of your online accounts. I have an account with Nest and they sent out a very information email alert this week that I wanted to share with you about this security issue:

Hello,

In recent weeks, we’ve heard from people experiencing issues with their Nest devices. We’re reaching out to assure you that Nest security has not been breached or compromised. We also want to remind you of a few easy things you can do to get the most out of Nest’s security features. 

For context, even though Nest was not breached, customers may be vulnerable because their email addresses and passwords are freely available on the internet. If a website is compromised, it’s possible for someone to gain access to user email addresses and passwords, and from there, gain access to any accounts that use the same login credentials. For example, if you use your Nest password for a shopping site account and the site is breached, your login information could end up in the wrong hands. From there, people with access to your credentials can cause the kind of issues we’ve seen recently. 

We take protecting our users’ security very seriously. For added password security, the team looks across the internet to identify breaches and when compromised accounts are found, we alert you and temporarily disable access. We also prevent the use of passwords that appear on known compromised lists. While we can’t stop password breaches across the internet, we’re committed to limiting the impact of compromised credentials on Nest Accounts. 

While we continue to introduce additional security and safety features, we need your help in keeping your Nest Account secure. There are several ways for you to protect your home and family. Here’s what you can do:

Enable 2-step verification: The most important thing you can do is enable 2-step verification. Security experts agree that 2-step verification offers an additional layer of security. You’ll receive a special code every time you sign in to your account. It’s easy to do – find the steps here.
Choose strong passwords: Create a strong password and only use it for your Nest Account.
Set up Family Accounts: Don’t let other people use your email and password to sign in to the Nest app. Invite them to share access to your home with Family Accounts.
Be alert: Be on the lookout for phishing emails designed to trick you into sharing your email address and password.
Protect your home network: Keep your home network router software up to date and only share those credentials with people you trust. Set up and use a guest network if your Wi-Fi router supports it.

It’s a great responsibility to be welcomed into your home, and we’re committed to keeping you and your Nest devices safe. 

If you have questions or need additional help, please reach out to Nest Support

— rishi
VP/GM of Nest

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Netgear Email

WiFi Security, Keep Updated

Like most small business owners I use WiFi at both my home office and client office, so today when I received an email from Netgear about my home office WiFi, I read it from start to finish because I want to be secure in running my business, not allowing some malicious hacker to peer into my business files.

Netgear Email

Netgear Email

This was an official email sent from a netgear.com address, so my next step was to login to my WiFi router:

Router Login

Router Login

Once logged into the router, I had to find which firmware version was running, so that info is in the upper-right hand corner of the browser page:

Firmware Version

Firmware Version

Since my firmware for the WiFi router was already at version v1.0.0.124 I was all set, no action required, because I was at the latest release. Sigh of relief.

Running your business has enough challenges on its own, but many small business owners act as their own IT department and should keep their WiFi gear updated to the latest version in order to have the highest level of IT security against unwanted breaches on your business computers. The update process is pretty simple, usually it takes a few minutes of my time, but then in return it provides me with a sense of protection and security.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

email contact

Security Friday

I’m a big believer in keeping my office network secure by following all update instructions from Netgear, so today my WiFi router was updated to the latest firmware release 1.0.0.122:

Netgear firmware 1.0.0.122

Netgear firmware 1.0.0.122

This update process took maybe 5 minutes of my time and provided a sense of relief that my vendor Netgear continues to take security seriously by providing these free updates.

Apple also prompted me to update my Operating System to High Sierra 10.13.4, so that process took about 45 minutes, half of which was in the background just downloading the file then the other half I had to wait for my MacBook Pro to finish. While waiting I simply swapped to using my iPad and Samsung Note 4 smart phones to make calls, look at the calendar and run my business. I typically wait until outside of business hours to upgrade my laptop Operating System.

High Sierra 10.13.4

High Sierra 10.13.4

WordPress is still the number one Content Management System (CMS) in the world, so that means that it is a target for hackers. My favorite security Plugin for WordPress is called Wordfence, and here’s what the install process looks like after you add the plugin and activate it.

email contact

Click Activate

Click the link to setup Wordfence and then fill in your email address to receive alerts of suspicious activity:

Wordfence email

Wordfence email

I then clicked the link to receive auto-updates:

Wordfence updates

Wordfence updates

Next is Firewall setup, a technique to only allow trusted content to be run on your website:

Wordfence firewall

Wordfence firewall

Using Wordfence will alter something called the .htaccess file, so click the link to download your existing file, just in case you ever want to go back and un-install Wordfence.

Save old .htaccess file

Save old .htaccess file

OK, that’s about it for setup of Wordfence, so just wait for an email message from Wordfence if your site is being targeted by hackers. One of my clients received an email from Wordfence this morning and it listed every malicious file that had been added since 2014, so I was able to quickly remove the added files and then examine a few infected files before removing the added PHP code.

Wordfence all setup

Wordfence all setup

As always, if you have questions about your WordPress website and security, then give me a call, I’d be happy to explain it to you and help keep your site running smoothly.

 

Tags: , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Netgear email

Remember to Update your WiFi Router Firmware to Stay Secure

Today I received an email from Netgear, my vendor for WiFi router used in the home office, so I read through it and decided to follow their security advice and follow the simple steps.

Netgear email

email from Netgear

It’s also best practice to double-check any email message like this by viewing the From address, and then hovering the cursor over any link just to make sure that you know where the link is pointing to before actually clicking it. This email passed my scrutiny, so the next step was to browse the link and find out what version of firmware I already had:

Firmware Version 1.0.0.16

So yes, there was a newer version of firmware at 1.0.0.18, so I started the update process and watched the progress bar:

firmware updating

Firmware updating

The update process only took a few minutes, so not a big deal in lost productivity for me. When the firmware update was complete I checked to see the latest version number of 1.0.0.118:

Version 1.0.0.118

You should always update to the latest firmware when your WiFi Router vendor sends you an email. When you purchase a new WiFi router make sure and register your product so that you can receive these useful update email notifications.

My previous update was in October 2017, so it looks like Netgear takes security seriously and continues to support their WiFi routers with new releases as soon as they find any exploit.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Netgear eail

Keeping your network updated

In my home I use WiFi to connect my MacBook Pro to the Internet. Today I received an email from Netgear, the company that sold me the WiFi router, and they wanted me to update the firmware to the latest release for security reasons. Right away I took action, because I really want my WiFi network up to date and secure so that hackers cannot get into my network and disrupt my business or steal my identity.

Netgear eail

Netgear email

In my web browser I logged into the WiFi router, then went to the page where firmware updates are performed.

Netgear firmware

Netgear firmware

The whole process to update the firmware took maybe 3 minutes, and then I reset my WiFi router.

It’s a good feeling to be secure in my business, and I recommend that you take update notices from your WiFi router vendor as serious so that your business runs smoothly

Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Facebook email

Thank You Facebook Security

Each morning after breakfast I start my work day by reading email messages to see what needs my attention or is urgent. This security message from Facebook stood out right away as something that I should look into right away:

Facebook email

The return address was from security@facebook.com, they knew my first name, the English was proper, the message made sense, and the link they wanted me to click was legitimate, https://www.facebook.com/login/. I certainly didn’t try to login to Facebook at 3:24AM using the Firefox browser on Windows 8, because my default browser is Google Chrome on Mac OS X.

Once I visited the login page I was greeted with a dialog telling me that my Facebook account was temporarily locked:

Your account is locked

The next dialog asked if I had tried to login on Facebook from South Korea, so I replied No. The third dialog let me know that my account needed to be kept secure:

Keep your account secure

They asked me to provide a new password:

change your password

New password accepted, so now I’m all set:

You're all set

Summary

The security folks at Facebook automatically noticed that someone was trying to login to my account from South Korea, which they blocked, and then for added security Facebook locked my account until I could respond to their email request to login and answer questions about my login history. I feel protected by Facebook and am quite happy to reset my password and continue using Facebook today. I did quickly look at my Facebook feed to double check that nothing had been posted as me by another person, and found the feed to be all safe. What a happy ending to the story.

Tags: ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Skype Password

How to Not Change Your Password

I’ve used the free Skype app for several years now and it has allowed me to speak with other professionals in San Jose and Tokyo for free by using a computer connected to the Internet. We all setup Skype accounts, then use the app to talk on our computers instead of making expensive overseas telephone calls. Way back in 2011 Microsoft paid some $8.5 Billion to acquire Skype and they pretty much left that company alone to run their business as before, that is until just recently. I received an email update from Skype yesterday telling me that a credit in my account was becoming inactive, so I decided to login to Skype and keep my credit active.

Microsoft wanted me to login with my Skype or Microsoft account, and I selected my Skype account. Next, it showed a dialog forcing me to update my password:

Skype Password

The first time that I tried this update password procedure I was confirming my password and the dialog told me that the passwords didn’t match, however it would let me go back and update the first password, it would only let me update the confirmed password. Uh, that is a catch-22, I couldn’t proceed because I had a typo in my first password yet I wasn’t allowed to change my first password. The only work around was to revisit the site at www.skype.com and start all over.

I’m all for security and sometimes prodding web users to update their passwords to something more secure, but when you do that prodding you need to allow a web user to update any field on the form, not keep them stuck on the confirmation password field only.

I would expect a small company to make an annoying user interface mistake like this one, but not a major corporation like Microsoft which should know better about using best User Interface best practices that allow a user to change any form field at any time, for any reason.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Online Security and Getting Hacked

In the past three weeks I’ve seen three friends get their online accounts taken over, also called being hacked:

The intention of the hackers is typically one of the following:

How can you protect yourself from being hacked?
Mostly it is a matter of choosing a password that is hard to guess. Security experts suggest the following password guidelines:

 It’s a real hassle to get your identity back after an online account has been hacked.

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog Tags

Recent Posts

Blog Directory & Business Pages at OnToplist.com