Website Security Bulletin 26th April 2013

Over the last few weeks there have been some mainstream media reports of website security issues – some surrounding WordPress and some around website security in general.

A number of our clients have asked us for more information on these reports.

As a website hosting company we take security issues very seriously and continue to do everything we can to minimise the risk of websites being compromised. As part of our hosting service, this includes:

  • Keeping abreast of new threats on a daily basis.
  • Ensuring core website software is kept up to date.
  • Maximising the security of our servers to reduce the risk of hacking.
  • Updating website plugins as & when risks are identified.
  • Working with our providers when network issues are identified (such as ‘denial of service’ attacks).

One example in the news recently is the report of a network of 100,000 hacked computers being used to target WordPress sites in an attempt to guess passwords to gain access to websites.

We blogged about this issue when it happened and quickly implemented the recommendation of changing admin usernames and passwords.

More recently two website performance plugins were found to be vulnerable to a particular type of attack. We immediately updated all affected clients.

Whilst we can’t blog about every issue that we identify, we continue to work in the background supporting our clients websites.

Questions about website security or our hosting service? Leave a comment below or get in touch.

What we’re doing to protect our clients against the global WordPress attack

You may have read in the news that WordPress websites are being targeted by a huge network of hackers (think 100,000 computers all aimed at hacking your site). The news of this has been spreading over the weekend as more & more sites fall victim to this unprecedented attack.

“One of the concerns of an attack like this is that the attacker is using a relatively weak botnet of home PCs in order to build a much larger botnet of beefy servers in preparation for a future attack,” security and website performance firm CloudFlare said in a post Friday.

The primary method of attack is trying to use brute force to guess the password of the default ‘admin’ user that is set up on the majority of WordPress sites. To mitigate this issue we’re checked all our clients’ sites and removed the default admin user. Our firewall will also be providing a high level of security against these attacks through IP filtering.

Not hosted with us? Here’s what you can do

If you’re not hosted with us then please check your own WordPress users screen and remove the ‘admin’ user if it exists:

wordpress-users

If you want added protection for your site you can also install a login limiting plugin that will block brute-force attempts at guessing passwords.

This global attack is aimed at creating a larger network of compromised servers which could be used at a future date to target government or financial institutions. An attack similar in size was reported by many network providers last month.

We’ll be closely monitoring all our hosting clients to ensure their sites do not get compromised.

We’re Hiring! Junior Developer Required

This position has now been filled and is no longer available.

We’re recruiting for a junior developer to join our team in Wokingham to help support our rapidly growing web development business.

We’re looking for someone with a passion for web development and a keen interest in helping develop a small business. At the same time we’ll help develop the right candidate’s skills as a full time developer.

Location: Molly Millar’s Lane, Wokingham, RG41 2PQ

Start Date: Immediate

The role is a temp position for 6 months. For the right candidate there will be the opportunity for a permanent role at the end of 6 months.

Job Description

The primary purpose of the role will be to code HTML/CSS markup from Photoshop PSD designs. You will be trained to create W3C compliant code, use jQuery to develop interactive front-end functionality and will preferably have experience with using WordPress.

Some coding experience is essential (PHP/Ruby/Perl/etc) as you’ll be working with WordPress and other CMS systems to develop templates & functionality.

Key Responsibilities

  • PSD to HTML/CSS/jQuery code
  • WordPress PHP template development
  • Daily support to existing clients – good communication skills are a must
  • Desktop & mobile browser testing
  • Basic web server administration

Your Skills

The successful candidate will be able to demonstrate the following:

  • HTML5/CSS/jQuery
  • PHP & MySQL (or other scripting language/database combo)
  • Basic use of Photoshop & Illustrator

We will be looking for candidates that have:

  • Experience with using or developing for WordPress.
  • The ability to solve challenges using a number of different web technologies.
  • Familiarity with Apple OS X.
  • Experience in Linux server administration.
  • A strong desire to learn and help shape the future of 10°.

About 10°

We are a small family business looking to expand our development team in Wokingham. We primarily work with creative agencies as technical partners to create websites from their designs. We also offer technical consulting services during the spec & design phase of projects. 10° also takes on direct clients for which we design as well as build sites.

You’ll be a core part of the team and expected to communicate professionally with clients on a daily basis.

How to Apply

For more information about the role or to apply, please email us your CV and any examples of your work.

Strictly no agencies.

How Determine Your Keywords

Good SEO means having the right words in the right places in the right structure so that you can be found for search terms you want to be found for.

We do not advocate the use of third party companies by small businesses to ‘manage and implement’ your SEO for you. This is because we feel it is a business management activity not a technical one, so to be able to manage your business effectively you need to understand it. That’s the purpose of these blog posts, to empower you to be able to manage this for your business.

Continue reading

Why You Should Have a Blog

Why should you have a blog?

There are many reasons why you should have a blog on your website.

  • Search engines like them as they add regularly updated content to your site.
  • And they are generally very keyword heavy because you are covering a specific topic. (See our previous post on determining keywords).
  • They are concise and easily digestible, so easy for people to read.
  • Easily sharable via social media buttons helping to increase your audience reach.
  • They encourage interaction with the readers (your clients or potential clients) through comments functionality.
  • They demonstrate that you have industry expertise and knowledge.

So what you should you blog about?

  • Case studies of recent clients or projects that you have undertaken.
  • Talk about new trends, techniques or products.
  • Tips and advice on how your customers can solve a specific problem, or how to save time doing an activity.
  • Discuss your views on current industry or news topics.
  • Talk about other businesses or products that are complimentary to yours, it doesn’t all have to be direct sales related.
  • Show a bit of your personality too, write about anything that you have stumbled across that you found interesting or a hobby that you do.

How not to blog:

  • It’s not a sales pitch, don’t use them to overtly promote products or services.
  • Don’t rehash other people’s material without adding your own views or comments.
  • Don’t be political or religious – unless this is directly related to the subject of your blog. I.e your business is as a Political Advisor, or your are blogging on behalf of a church.
  • Don’t write 3 blog posts then forget all about it for 6 months. But…
  • Don’t blog just for the sake of it, you’ve got to have something to say.

But like all content on your website, don’t forget to have a blog strategy and plan what you are going to post and when.

How To Use Images Throughout Your Website

A picture paints a thousand words.

Use images throughout your website to:

  • Demonstrate your work and your approach to work
  • Show off your products
  • Show photos of yourself and your team
  • Show anything which helps the viewer getting a better understanding of you, your business, your products and services, and what they can expect from dealing with you.
  • And to break up large chunks of text to make it easier to digest.

They therefore should be relevant images, not just stock photos. Whilst stock photos do have a purpose they are not unique to you (and therefore could be used by a competitor) and they will not help the viewer learn anything about you or your business.

Continue reading

Writing Effective Web Copy

The most important content on your website will be the written words. It’s important for search engine optimisation (SEO) purposes and the most important for getting information across to visitors.

To write good website copy follow these guidelines:

  • Relevance: Ensure that the copy is relevant to your reader, think about why they have landed on that page and what information they need to get from it. Ensure the copy contains the most relevant keywords for that page.
  • Language: Ensure the copy is engaging and interesting with the right choice of language. Keep it simple, not too technical (don’t put off a potential customer by making them feel stupid), but not too flowery or fluffy either. Keep it matter of fact, but personable too. Continue reading

UK Cookie Law – What Small Business Owners Need To Know

On May 26th 2011, Directive 2009/136/EC became law in the UK – the government gave us a one year grace period to implement the required changes to all business websites – this period expired at the weekend.

The new law aims to protect internet user’s privacy by determining how and when web browser cookies can be used and as business owners we must give visitors the option to accept or decline cookies.

Throughout the year the exact requirements have been changing, including some very last minute changes to the legislation that were communicated last week. Therefore the full impact of the legislation was not known until then.

If you have a business website then this law affects you so please continue reading.

Continue reading

Getting A Website Online – The Basics & Where To Start

Just starting out in business and looking to get a website online? Not quite sure where to start?

Here’s our three step plan to getting online which covers registering a domain name, choosing a website and finally getting the website live (aka hosting). We also cover the differences between website developers, website designers and design agencies.

Continue reading