Articles

10 Reasons Your WordPress Site Will Get Hacked (and How to Stop It)

,

A hacked WordPress site is as damaging as having your home burgled. It can completely shatter your peace of mind and adversely impact your online business. 

Why do hackers target WordPress sites? The answer is relatively simple: WordPress is the single biggest platform for website creation these days, so there’s a larger base to attack; this attracts the attention of online criminals. 

So, how can a hack impact your website? 

Depending on the type of attack, your website could suffer any of the following:

  • It could be defaced completely;
  • It could load or operate very slowly on any device;
  • It could completely crash and malfunction;
  • It could display the dreadful “White Screen of Death”;
  • Its incoming visitors could be redirected to other suspicious websites;
  • It could lose all your valuable customer data.

This list is not exhaustive but you get the idea.

Now that we know how a successful hack can impact your website and online business, let us look at the top 10 reasons behind WP hacks and prevent them.

1. An Insecure Web Host 

Like any website, WordPress is hosted on a web host or server. Unfortunately, most site owners do not pay much attention to the web host they select and choose the cheapest they can find. For example, it is more affordable to host a website on a shared hosting plan — one that shares its server resources with many other websites like yours.

This can make your site vulnerable to hackers as a successful hack into any website on the shared server. A single hacked site can consume the overall server bandwidth and impact all the other sites’ performance.

The only way to fix this problem is to opt for a reliable host and a virtual or dedicated server.

Pro tip: If you’re already using a shared hosting plan, check with your hosts if they offer VPS hosting and make the switch.

2. Use of Weak Passwords

Weak passwords are the main reason behind successful brute force attacks that target your account. Even to this day, users continue to use weak and common passwords like “password” or “123456”; if you’re one of them, your website could land in trouble!

Guessing weak passwords allows hackers to enter the admin accounts where they can inflict the maximum damage.

How do you fix this problem? Simple, ensure all your account users (including admin users) configure strong passwords for their login credentials. With at least 8 characters, passwords must be a mix of upper- and lower-case alphabets, numbers, and symbols. 

For added safety, install a password management tool that can automatically generate and store strong passwords.

Pro tip: You can use a plugin to reset passwords for all your users.

3. An Outdated WP Version

Outdated software is among the most common reasons why websites get hacked. Despite being free to download, most site users defer updating their site to the latest version, for fears of updates causing their site to crash.

Hackers take advantage of any vulnerability or bug in an older version and cause issues like SQL Injections, WP-VCD Malware, SEO Spam & other major issues like website redirecting to another site.

How do you solve this problem? When you see a notification about an update on your dashboard, update your site as soon as possible.

Pro tip: If you are worried about updates crashing your live website, you can first test the updates on a staging site.

4. Outdated WP Plugins and Themes

Similar to the previous point, hackers also take advantage of outdated, unused, or abandoned plugins and themes installed on websites. With over 55,000 plugins and themes that are available, it is easy to install a plugin or theme, even from unsafe or untrusted websites. 

Plus, many users do not update their installed plugins/themes to the latest version or do not find the updated version. This makes it easier for hackers to do their job & infect sites.

How do you avoid this problem? As with the core WP version, update each of your installed plugins/themes on your site regularly. Take stock of all the unused ones and remove them or replace them with better alternatives.

You can update your plugins/themes from your hosting account.

Pro tip: We suggest setting aside time every week to run updates. Test them on a staging site and then update your site.

5. Common Admin Usernames 

In addition to weak passwords, users also create common usernames that are easy to guess. 

This includes common usernames for admin users like – “admin”, “admin1”, or “admin123”. Common admin usernames make it easier for hackers to get into admin accounts and control backend files in your WP installation.

How do you avoid this problem? If you are using any such usernames that are easy to guess, change them immediately to a unique username. The easiest way of doing it is through your hosting account’s user management tool, by deleting the previous admin user and creating a new admin user with a unique username.

As the first step, change the default username of your admin user and limit users who have administrator privileges.

Pro tip: WordPress has 6 different user roles with limited permissions. Only grant admin access to users who really need it.

6. Use of Nulled Plugins/Themes 

Coming back to the importance of plugins/themes, users have access to many websites that sell nulled or pirated copies of popular and paid plugins and themes. While these are free to use, they are often riddled with malware. They can compromise your website’s overall security and make it easier for hackers to exploit. 

Being a pirated copy, nulled plugins/themes do not have any available updates from its development team, hence will not have any security fixes.

How do you fix this problem? Simple, for a start, only download original plugins and themes from trusted websites and marketplaces.

Pro tip: If you don’t wish to pay for paid or premium plugins and themes, opt for a free version of the same tools that will have limited features but are still safer to use than the nulled version. 

7. Unprotected Access to wp-admin Folder

To take control of your site, hackers often try to break into and control your wp-admin folder in your installation. As the website owner, you must take measures to protect your wp-admin directory.

How can you protect your wp-admin folder? First, restrict the number of users having access to this critical folder. Additionally, apply for password protection as an added layer of security for access to the wp-admin folder. You can do this using the “Password Protection Directories” feature of the cPanel in your web host account.

Pro tip: Besides these fixes, you can also implement Two Factor Authentication (or 2FA) protection for all your admin accounts.

8. Non-SSL Website

You can easily migrate your HTTP website to HTTPS by installing an SSL certificate on your site. SSL (or Secure Socket Layer) is a secure mode of encrypting any data transmission between your web server and the client browser.

Without this encryption, hackers can intercept the data and steal it. Plus, a non-secure website can have many negative implications for your business – lower SEO ranking, loss of customer trust, or a drop in incoming traffic.

How do you fix this problem? You can quickly obtain an SSL certificate from your hosting company or SSL providers. It encrypts all data that is sent from and received by your website. 

Pro tip: You can get a free SSL certificate from places like Let’s Encrypt, but these provide limit protection that will only be sufficient for a starter site or small site.

9. No Firewall Protection

Lack of firewall protection is another common reason why hackers can bypass website security measures and infiltrate the backend resources. Firewalls are the last line of defence against hackers and work like the security alarm installed on your house. Firewalls monitor web requests coming from various IP addresses, including the suspicious (or bad) ones. 

They can identify and block requests that are known to be malicious in the past, thus preventing easy access for hackers to your website domain. Web application firewalls can thwart various attacks, including brute force attacks, XSS, and SQL injections.

Pro tip: A firewall provides much-needed security and is  your first line of defence. But it’s important to also have a malware scanner installed.

10. Lack of WordPress Hardening Measures

Typically, hackers target the most vulnerable areas or weaknesses within a WP installation, to illegally access or damage the website. The WordPress team has identified these vulnerable areas and has devised a list of 12 hardening measures recommended for every website.

A few of these include:

  • Disabling the File Editor;
  • Preventing PHP execution in untrusted folders;
  • Changing the security keys;
  • Disallowing plugin installations;
  • Automatic logout of inactive users;

How do you implement these hardening measures? While some steps are easy to understand, others require the technical expertise of how WordPress works. 

Pro tip: You can implement hardening measures on your own. However, some measures require technical expertise so in these cases, it’s much easier and safer to use a plugin.

 

Featured image via Pexels.

Source


Source de l’article sur Webdesignerdepot

/par

Préparer, prévenir, détecter : comment les employeurs peuvent assurer un retour au travail sûr et sain

, , ,

Alors que les collaborateurs commencent à abandonner progressivement cette longue période de travail à distance et à retourner sur leur lieu de travail, les entreprises se demandent à quel moment et de quelle manière il convient de le faire en toute sécurité. Il s’agit d’une tâche essentielle et d’un nouveau défi pour tous, tant pour les employés que pour les responsables des ressources humaines (RH).

Tout d’abord, la santé ainsi que le bien-être des collaborateurs et de leurs familles sont en jeu. Deuxièmement, il existe des risques commerciaux que les employeurs peuvent ne pas prendre en compte, allant du respect de la vie privée au non-respect du règlement général sur la protection des données (RGPD).

Aux États-Unis, par exemple, les Centres pour le contrôle et la prévention des maladies (CDC) ont récemment formulé des recommandations détaillées pour améliorer la sécurité dans les immeubles de bureaux, notamment en contrôlant les températures et les symptômes. Par ailleurs, l’Equal Employment Opportunity Commission (EEOC) des États-Unis continue de réviser ses lignes directrices aux employeurs afin d’équilibrer le respect du Americans with Disabilities Act (ADA) et des CDC.

Cette situation peut être éprouvante pour n’importe quelle organisation. Nombreuses sont celles qui choisissent d’adopter une longue période de travail à distance avec des horaires flexibles. Les entreprises qui sont implantées dans plusieurs régions se trouvent dans des phases et des environnements très différents. De l’Asie à l’Europe, certaines régions se montrent plus agressives en matière de déconfinement.

La première recommandation que j’adresse aux clients qui envisagent de faire revenir leurs employés au travail en toute sécurité est de commencer par un plan qui intégrera les processus RH. Pour aider les clients de tous les secteurs et de tous les pays à gérer cette transition, SAP a publié les principales mises à jour de la solution SAP SuccessFactors Visa and Permits Management ainsi que l’application partenaire Guardian by AlertEnterprise.

Une technologie SAP tournée vers l’avenir pour un lieu de travail sûr et sain

Au lancement, la solution SAP SuccessFactors Visa and Permits avait un cas d’utilisation particulier, comme en témoigne son nom. Cependant, en travaillant avec ses clients pour étendre ses capacités, SAP a découvert de nombreux cas d’utilisation autour du suivi des certificats, des licences, des justificatifs et de bien d’autres choses encore qui sont particulièrement pertinentes aujourd’hui. Grâce à cette solution, les utilisateurs peuvent désormais contrôler le processus visant à faire revenir les employés au bureau tout en automatisant l’application de politiques complexes et évolutives en matière de santé et de sécurité liées au COVID-19 pour mieux protéger les personnes.

En quoi ces outils sont-ils utiles ?

Pour assurer un retour au travail sûr et sain, voici une approche en trois étapes qui vous permettra de démarrer.

Préparation

Grâce à la solution SAP SuccessFactors Visa and Permits, soutenez le déconfinement tout en minimisant les risques, et gérez les procédures de santé et de sécurité qui encadrent le retour au travail des collaborateurs.

  • Prévoyez pour vos collaborateurs un moyen sûr d’envoyer les documents, comme une preuve de certificat numérique de santé ou des justificatifs, avant leur retour au travail.
  • Suivez les coûts du dépistage. Les fonctionnalités de libre-service permettent aux utilisateurs de remplir et de soumettre des documents afin de réduire le travail manuel.
  • Gérez les renseignements médicaux sensibles des collaborateurs. Par exemple, les lignes directrices de l’EEOC précisent que l’ADA demande que les renseignements médicaux concernant un employé soient stockés séparément du dossier personnel de l’individu afin de limiter l’accès aux informations confidentielles. Autrement dit, au lieu de stocker les nouveaux renseignements médicaux dans SAP SuccessFactors Employee Central, ces informations peuvent être gérées dans SAP SuccessFactors Visa and Permits, ce qui contribue à la fois à sécuriser les données et à protéger les collaborateurs.
  • Réduisez le risque d’encourir de lourdes sanctions financières, comme le non-respect du RGPD en matière de « traitement de catégories particulières de données à caractère personnel ». Respectez les réglementations légales supplémentaires et les règles en matière de confidentialité des données, comme la Health Insurance Portability And Accountability Act ou HIPAA.
  • Configurez les processus de notification, d’approbation, de renouvellement et plus. Les tableaux de bord fournissent un aperçu de la conformité, et les actions en temps réel permettent aux entreprises de gérer en toute confiance leur personnel dans un environnement en constante évolution.
  • En ce qui concerne l’intégration, les entreprises ont la possibilité de simplifier le processus d’embauche afin de traiter les formalités administratives le plus tôt possible pour que les nouveaux collaborateurs puissent commencer à travailler.

Prévention

Faites revenir le personnel non essentiel au bureau en toute sécurité grâce à la solution AlertEnterprise Health & Safety Access Governance.

  • Contrôlez le nombre de personnes dans les locaux, gérez l’accès aux sites qui sont temporairement saturés et autorisez de nouveaux modes de travail par roulement
  • Prévoyez un système d’autodéclaration et d’autoattestation avec un rétablissement contrôlé de l’accès au lieu de travail déterminé par la politique. Par exemple, les employés et les visiteurs peuvent s’autoévaluer et vérifier s’ils ont de la fièvre, si quelqu’un dans leur foyer a été déclaré positif au COVID-19, etc.
  • Gérez les contrôles d’entrée au site grâce au libre-service pour les contrôles préalables, comme les contrôles de température, avec l’application de politiques et la gestion de l’accès.
  • Mettez en place des systèmes de badges et de sécurité pour gérer l’accès à l’espace de travail et contribuer à l’application des politiques de l’entreprise, comme avec le retrait automatique de l’accès.

Détection

Minimisez les risques permanents grâce à la solution AlertEnterprise Health & Safety Intelligence Tracker et protégez votre lieu de travail.

  • Utilisez les analyses pour suivre les personnes qui ont été exposées au COVID-19 ou qui pourraient l’être. Cette technologie permet de suivre une infection suspecte ou confirmée et de détecter les personnes ainsi que les zones susceptibles d’avoir été exposées au virus.
  • Déterminez les zones exposées pour les mettre en quarantaine ou les assainir. Les zones à haut risque peuvent alors être désinfectées, et les personnes à haut risque peuvent se voir retirer leur accès de sécurité.
  • Prenez des décisions à partir de données concrètes, comme les niveaux d’exposition, les cartes thermiques de localisation, et d’autres analyses de santé et de sécurité.

En ce qui concerne le déconfinement, les clients comprennent qu’il ne s’agit pas de revenir au travail comme si de rien n’était. Ils savent que le déconfinement ne se résume pas à choisir une date pour ouvrir les portes et à distribuer du gel hydroalcoolique. En cette période d’incertitude, ils veulent apprendre à préserver la santé, la sécurité et la sûreté de leurs collaborateurs et clientèle.

Si chacun doit jouer son rôle en assumant une responsabilité personnelle, les employeurs peuvent ouvrir la voie à un retour au travail sûr et sain.

 

Imran Sajid est le directeur international de la gestion du capital humain pour SAP SuccessFactors.

Publié pour la première fois en anglais sur news.sap.com

The post Préparer, prévenir, détecter : comment les employeurs peuvent assurer un retour au travail sûr et sain appeared first on SAP France News.

Source de l’article sur sap.com

/par

20 Freshest Web Designs, September 2020

,

This month we’re going big and bold. Oversized type, strong colors, in-your-face layouts, and little touches of playfulness exude confidence and make a statement. There are some quieter moments too, with thoughtful illustration and more gentle use of color. Animation still features strongly in the details, with circles proving popular in rollover effects. Enjoy.

Fledge

Fledge is a film production company based in Belgium. Their site uses split screen with looped text scrolling in opposite directions on each side. A minimal color palette adds extra punch.

2ºC Earth

2ºC Earth is a beautiful and also scary website that explores the effects of rising global temperatures by focusing on 5 specific locations. Some stunning photography and subtle use of sound take you to these locations as they are now, then show what they could become. The experience is both immersive and unsettling.

pill&pillow

Unlike many digital studios who use the design of their own site to demonstrate their skills, pill&pillow have taken a very basic approach. It is very self-assured, and it works. Random colored strikethroughs on visited links add a nice touch of playfulness.

Ferrum Pipe

Metal fencing is not the most interesting of subjects to most of us, but this site for Ferrum Pipe is surprisingly appealing. On scroll animation and some off-grid image layout brings life to what would normally be, well, a bit dull.

Lucciano’s

With its focus on mouth-watering photography and videography, the site for gelato makers Luccianos, will have you checking your freezer for any leftover salted caramel or stracciatella. The zoom on rollover is a nice effect, and the use of circles with ice cream color backgrounds for rollover text reinforces the gelato theme.

Björn Wieland

UI designer and artist Björn Wieland has created a portfolio site with a simple, relaxed feel and pleasing transitions. It feels simple, but behind the scenes there is quite a lot going on.

Coloursmith

Coloursmith is a tool from Taubmans paint company which allows you to create a custom paint color by uploading a photo. You name your color and can add a story, then you order a test pot. colors are presented well, in different light and with suggestions for complementary colors.

Finn 

Finn make diet supplements for dogs. Their site is fun, modern and clean. Bright colors and an illustration that manages to be cute but not too cutesy make a bold impression.

Highcourt

Highcourt is a new private membership leisure club set to open in New York in spring 2021. Dark blue text on cream gives a softer edge than black on white. The background color changes on scroll are pleasing, and simple line illustrations with occasional gentle animation add to the overall sense of calm.

Elevence

Elevence is the company of product designer Kazuo Kobayashi. The site uses only black, white, and grays allowing the color photos of his work to really stand out. Circular thumbnails are used to good effect, appearing on rollover.

Playtype

Playtype is a Danish type foundry whose site seems to fit their name. It has a playful, almost chaotic feel, with bright blocks of color and occasional animation. Some pretty nice typefaces too.

Neri Oxman 

Neri Oxman is many things: architect, scientist, engineer, inventor, and designer. This site feels like a really beautiful coffee table art book that you want to pick up and look through every so often. There are some nice details too, like the lens ‘reveal’ effect on rollover in a few places.

Modern Recovery

Modern Recovery is a project by sobriety program Tempest. The interactive illustration encourages exploration, to discover different stages of recovery from alcohol abuse and insights from others who have followed the program. The aim is to change our social attitudes towards alcohol and not drinking.

Bliss

Have you clicked on the link to visit Bliss Search? Yes, the link is correct, no you haven’t been redirected to a Google search results page. This Australian digital marketing company have copied the appearance of different well-known sites for their pages — Google, Instagram, LinkedIn, Tinder all make an appearance. The humor in this approach shows confidence, and makes it memorable.

Miilkiina

Miilkiina describe themselves as a digital media space and creative agency. Punchy typography, with great use of blackletter, well chosen images, and a strong header video give this home page an in-your-face edge.

Ukrainian Railroad Ladies

Ukrainian Railroad Ladies is a book by photographer Sasha Maslov. Its subjects are the, mostly, women who work as traffic controllers and safety officers at railroad crossings in Ukraine. It’s a simple site — outsized type, black and white, basic image grid, only very brief text — but it is effective in its simplicity.

Una Europa

Una Europa is an alliance of 8 European universities with the aim of offering joint research and study programs. There is some playful scrolling behavior with geometric shapes moving and changing color that enlivens what could otherwise be quite a dry site.

Bureau Cool

There’s a bit of an old school feel about the site of digital design studio Bureau Cool, with its recent traffic animation. The changing backgrounds on scroll are a nice touch.

Gridspace

Gridspace is a multimedia entertainment studio based in Montreal, and their website is a visual feast. Lots of movement, lots of video, some good use of sideways scrolling.

Nolii

Nolii make cases and accessories for iPhone that work together. The sorbet color palette complements the product colors and the block layout provides a visual reflection of the interlocking of the different products.

Source


Source de l’article sur Webdesignerdepot

/par

When Poor UX Design and Glitchy Software Puts Lives at Risk

,

Photo credit by US Air Force/Steve Pivnick

As software becomes increasingly ubiquitous in all of our lives, the consequences of their inevitable failures grow as well. To the point: When the United States rushed to digitize medical patient records back in 2009, blinded by the glow of a $36 billion government carrot, it inadvertently set off a chain of events that has now, and in some cases forever, impaired countless lives.

Source de l’article sur DZONE

/0 Commentaires/par