Thursday, December 1, 2016

Time to secure your website: Before this happens to you!

So a terrible thing happened while I was away on vacation recently. It was in my final week of travel when a client received an email that his website had some malicious code on it.

The Hack and Warning
The email included examples of what the code looked like and where we could find it.  What made us suspicious was that the email was full of typos and mis-used words.  So it could have been a hoax.  But it wasn't.

The email was from a security company I'd never heard of or worked with. I'm not sure how they knew there was this code on the website, and it might not be polite for me to guess, but as soon as I got back to Canada I checked it out. And sure enough the code was there just like they said and more.


So this happened to our website...
In the meantime, something has been sent to Google and the site had the dreaded red warning over it in so no online visitors would feel safe clicking through to the website. 

The website was essentially down.  Traffic was at a halt and I was on the phone reaching out for help.  With some good advice, we took care of all the malicious code in a couple of days and submitted the site to Google for their approval.  

How We Fixed the Problem
We also added an SSL Certificate and Site Lock scanning to help keep the site safe from other attacks and let the public know it was a secure site.

SSL encrypts the link between a browser and the website's server and tells the browser it's a safe connection. You can usually tell because secure sites show the https:// prefix.  SSL used to be difficult and costly to implement, but now you can do it yourself online affordably.  Click here to get your SSL certificate for your own website.  

Going Live Again
Overall, getting the website to this safe state took about 15 hours and a small investment in the security services.  That was nothing compared to the week it took for the site to be free of the red warning box.  It was quite the process.  If you want to learn more, contact us.

Why You Need SSL in 2017!

In 2017, many website hosts including WordPress will begin requiring that websites can use the https:// prefix, meaning they are secure and certified.
If your website doesn't show https:// (with the s) you should seriously consider adding SSL now. In addition to the encryption, Google also weights SSL as a search engine ranking factor, and we can surmise that that requirement will only increase in the coming months as well.

If you've had a similar experience and want to share, please post it in the comments.   Thanks for helping me to help you:  I get commissions for purchases made through links in this post.

Banner (468 x 60)