Tip:
Highlight text to annotate it
X
[music]
Announcer: Brought to you by businessblueprint.com.au
[music]
Greg Cassar: So the first thing is malware. So what this is talking
about is just basically hackers; *** who are out on the web
basically put malicious code, put malicious things on your
website. What's happening, and especially in the last two
months, is a lot of hackers instead of aiming for individual PCs
are now aiming at web servers and web sites and the reason why
is because they can affect thousands of people in one go, or
it's a hundreds of thousands of people, so it's a very big
trend. Running a marketing agency we see several, I get several
calls a week now, of "save me" type of thing because people's
websites are being hacked. So what I'm going to do is show you
what to do about it so you can prevent it. There's no guarantee
that you can prevent it for good but there are some proactive
things that you can do. Can I see a show of hands, who here runs
Wordpress? Okay, cool. Can I see who here's updated their
Wordpress in the last 30 days? That's quite good, actually, all
right. But if you're running Wordpress there's definitely, and I
do for most of my sites as well, there's definitely a few things
you need to do because there's a lot of exploits being written
forward at the moment. It's a bit like Internet Explorer in the
old days, where every hacker or any dog's trying to write stuff
for it.
So we spoke about hackers, that they're going after websites and
you'll end up getting, if you get hacked Google will give you a
thing like this, it'll say that you reported attack page. And if
you're doing Google AdWords and you get someone to put malware
on your website, the email that you get from Google is
particularly nasty. So it will be something to the extent of
your website is promoting malware and you need to remove it
straight away or you'll be banned from advertising on Google for
life and you'll never get another account, along those lines. So
it's a bit of a shoot first, ask questions later approach from
Google; which isn't nice. So, we want to avoid that, so how to
prevent it?
The first thing is to back up your site and have regular back-
ups. We use this thing called Backup Buddy and it'll back up off
the Amazon history, that sort of thing. It'll do it according to
whatever schedule you want. The reason why this is important is
because if you ever get malware, sometimes the quickest way to
get it back is to go back to an old back up. The second thing is
to update your Wordpress version or, if you're not using
Wordpress, if you're using something else, like Joomla or
whatever, just make sure that you're up to date with a recent
version, as of now. This isn't a thing that you just got to do
once off. You've got to keep it up to date.
Now, unfortunately, a lot of people just manage their site
themselves, and that's been fine in the past but the game has
changed a little bit on the internet. So you really do need to
keep it up to date. Sometimes you're better off doing it about a
month behind the latest version and the reason why is because
sometimes, if you go straight away for the new version all the
time, it can break your plug-ins etc. Little bit geeky, I know,
but there's people out that are interested in that. Also, update
your plug ins because you can get your website hacked just from
plug ins that are on your site. Plug ins are tools that extend
the functionality of your Wordpress, so you want to upgrade them
as well. Generally within Wordpress it'll prompt you which ones
to take. I'll take questions at the end, I think I'm going to be
running short for time. Then update your hosting and Wordpress
passwords and I'll give there an example. Make them really
complex, not something like Fluffy the Cat, or whatever, and the
reason why is because those things can easily be detected with
password sniffer tools, that sort of stuff. So, tighten it all
up, if you haven't done that. All righty, the next thing really
is malware scanning. This used to be nice to have it. Now we
really consider it an essential. You need this within your
business. It's similar to, you wouldn't run your PC without
antivirus on it. Now, you really need to think about this for
your website. It's a bit of hassle to set up and I'll show you
three main options. So the first one's McAfee Secure; this is
the one I used to use. We still use this on big e-commerce
stores but's a little bit of an overkill. It's got a really good
trust seal and people trust it. So if you're doing big dollars
online, it's a great one to go with because it'll help your
conversion as well. But it's expensive.
This is the one we use at the moment. It's Trust Guard and it's
about $47 a month or $67 a month, depending on which option you
choose and it'll put that seal that's down at the bottom there,
it'll put that on your website. Going through this getting your
malware scanning put on a website is a little bit, not a little
bit, it's a lot painful. It's a bit of a pain to be 100% honest
and the reason why is because you apply for it, they give you
the code, you put on your website and then you got to verify
your phone number, your postal address, all that sort of stuff.
And then good quality services like these top two, they'll even
scan your website. They'll tell you what's wrong with it.
They'll tell you what needs to be patched up and all those
things that need to be fixed before you can get the seal. And a
lot of them actually aren't anything to do with your website, it
has to be with your website hosting and many hosting providers
just don't pass these tests. So we've had examples before. We've
had to change hosting providers to pass these scans. The hosting
that we use is Rackspace which are based out of the US and I
know Dale [SP] uses Anchor and they're Australian based host and
they pass these tests as well, so either of those can work. Like
I say, it's a bit difficult to get it, but it's worth doing...
Woman: [Inaudible 05:53] Rackspace hosting. So if you just go to
Rackspace.com, yeah, R-A-C-K space dot com. That's cloud based
computing so it's good if your web server falls over, another
one picks up and does its job and all that sort of stuff. I
don't really want to slam any brands but some of the $4 a month
type hosting, definitely won't pass your McAfee's Secure or
Trust Guard. The only way to tell is really to put it on there
and that will tell you whether or not it does. And these
companies upgrade their stuff all the time. SiteLock, that's an
easy one. If you're going to do the bare minimum, do that one.
It's $29 a month, but the thing with it is, they won't
necessarily scan like your web server and tell you your web
server needs to be, move your security from here to there, that
sort of thing but they will tell you if you have problems. It's
better not to, but I think the Trust Guard is the best way to
go.
[music]
Announcer: Brought to you by businessblueprint.com.au