Hack Prevention: Maintenance & Security Vulnerability news you need to know

A New WordPress Version!

WordPress has remained at 4.7.2. And you MUST be updating your site, or having someone like Wordflirt do it. Because a vulnerability that was fixed in this release has been actively exploited. As of a few February 6, 2017, over 300,000 sites have been screwed up. Yikes!!!

(Note: as of mid-March, WordPress is up to 4.7.3 – more on this next month).

Password Managers

Click on the link for a great review on password managers, if you’ve interested. The great thing about them are

  • They remember the passwords for you – you don’t. Typically you might have to remember ONE password.
  • You can easily have different passwords for different sites.
  • You can have much stronger passwords.
  • It can automatically fill in password credentials for you.
  • They sync across all of your devices

The above is SO critical because even the best of the best gets hacked, including a service we have used in the past: Cloudflare. Apparently millions of passwords and chat data could have been exposed.

Most of the web is now Encrypted!

It’s happened! More than 50% of the web traffic is now encrypted: https://wptavern.com/more-than-50-of-web-traffic-is-now-encrypted. This is important to have on your site for better SEO ranking as Google announced a few years ago they are using HTTPS as a ranking signal in their search results. Plus, they give a slightly warning in the browser bar if it’s not HTTPS:

Wordflirt February 2017 Security and Maintenance SSL1 - Hack Prevention: Maintenance & Security Vulnerability news you need to know

versus showing this:

Wordflirt February 2017 Security and Maintenance SSL2 - Hack Prevention: Maintenance & Security Vulnerability news you need to know

 

Then if you click on the “i” with the circle in it, you’ll see this:

Wordflirt February 2017 Security and Maintenance SSL3 - Hack Prevention: Maintenance & Security Vulnerability news you need to know
So it really makes sense these days to install a SSL certificate. We can quote you on this if you wish.

An Incredibly Clever Phishing Email

Claudia received a very clever spam email:

From: “Cadwalader, Wickersham and Taft LLP” <cwtinfo@cadwalader.com>

Subject: Fraudulent card charge

Date: February 8, 2017 at 10:31:04 AM PST

To: <claudia@thewordflirt.com>

Who the f___ are you and why is there a charge from thewordflirt.com on my card?
Here you can view my statement , get back to me asap.
Bofa_card_statement_claudia.doc (this was a link)

Thank you
Nadine Barrera

The “document” that she could click on was actually a link to a site that would have likely infected her computer with malware if she had clicked on it. So be EXTREMELY careful when you click on links in your emails – you’re better off cutting and pasting it in to a browser so that it looks safe before even trying it.

Phew – it can be nasty out there! It’s so important to protect yourself, and we take extra steps to protect your website that most don’t.

Any questions or needs you might have, just send us an email or give us a call!