For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over HTTPS, which encrypts information sent between the visitor and web server. Recently, we discussed how Google is moving from a reward system to a punitive one. Websites using SSL continue to get […]
Tag Archives: Website Security
Evasion Techniques in Phishing Attacks
We all know that we shouldn’t click on links from sketchy looking emails. But what if the website you’re viewing takes you to a spoofed page at the Apple ID store and asks for your login information to proceed? This tactic is called phishing, and attacks are exponentially on the rise. Used by hackers to […]
Personal Security Guide – iOS/Android
We’ve covered a lot of personal security practices, but many people forget how important it is to secure mobile devices, which are riddled with personal information. Website owners should consider how their entire digital life can impact the security of their website and visitors. If your phone is compromised, website access can be impacted through […]
How to Restore Website Backups from the Command Line
Earlier this week we wrote about how to use command line tools to back up your website. Check our our previous article for details on how we create these backups. In case the worst happens, you might need to restore your backup. No worries. We can easily do this from the command line too! Basically, […]
How to Create Website Backups Using Command-line Tools
Creating website backups should be one of the most important recurring tasks for a website administrator, and yet backups are often forgotten when thinking about website security. Creating backups using command-line tools are available to all Linux/Mac users for free. If you’re not on Linux/Mac, we have step-by-step guide on how to create website backups […]
Setting Expectations For Your Website Security
I have a website. Sweet! What happens next? Well, it’s a natural question. I had a brilliant idea and purchased a domain name, but what do I do next? Storks don’t fly by to deliver a basket of tasks upon the purchase of your domain. For most new website owners, a core understanding of expectations […]
What is Cross-Site Contamination and How to Prevent it
If you suffer multiple reinfections and your site is one of many in an account, the odds are high that you’re suffering from cross-site contamination. Cross-site contamination is when a site is negatively affected by neighboring sites within the same account/server due to poor isolation on the server and/or account configuration. This phenomenon is one […]
Code Injection in Signed PHP Archives (Phar)
PHP contains an interesting but rarely used feature called Phar, which stands for PHp ARchive, that allows developers to package entire applications as a single executable file. It also boasts some additional security benefits by signing archives with a digital signature, disallowing the modification of the archives on production machines. According to the official PHP […]
New Non-HTTPS Websites Blacklisted for Phishy Password Practices
We submit hundreds of blacklist review requests every day after cleaning our clients’ websites. Google’s Deceptive Content warning applies when Google detects dangerous code that attempts to trick users into revealing sensitive information. For the past couple of months we have noticed that the number of websites blacklisted with Deceptive Content warnings has increased for […]
The Principle of Least Privilege
If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle which has applications and benefits to strengthen your website security posture. This principle is about: Using the minimal set of privileges on a system in order to perform an action. Granting […]
