Site Security

Lawyers Need an SSL Certificate by July per Google

GOOGLE SEO MARKETING FOR LAWYERS: SSL is Needed Upgrade your WEB HOSTING to a webhost that automatically gives you the SSL Security certificate and so that you have the https instead of the standard http.    When people on Google chrome visit a site without SSL, they will warn them that its NOT SECURE.  That will turn a LOT of people off bottom line.  Also its possible that you will get a boost in your organic SEO rankings by having SSL, so its really a no brainer and you should upgrade ASAP. —> Contact us about setting up SSL for your law firm.  Google Chrome to Flag Sites with SSL Certificates as Insecure GOOGLE HAS MADE JULY AS THE DEADLINE FOR SSL On February 8th, Google made clear its intentions to formally mark websites lacking SSL Certificates (the certificate which once installed on the website results in an HTTPS secure URL string) as insecure. Google has confirmed a date of “early July 2018” as the start date. They have also disclosed how they will alert web surfers of the non-HTTPS status, or not secure. Sites that remain on the HTTP non-secure protocol will be flagged with a warning in the URL bar of the surfer’s browser. The non-secure flag will be built into the release of Chrome 68, which will be ready for download in early July. HTTPS encryption growth shows that most site owners are taking Google’s warnings seriously. However, it remains that a large group of site owners has been less than motivated to make the change. This adaptive lag is likely a result of confusion over what HTTPS encryption is, the annual cost associated with HTTPS encryption maintenance, and general laziness. WHAT IS AN SSL CERTIFICATE? An SSL certificate is a security certificate that once installed on a web server activates a secure connection between the browser the surfer is viewing the content on and the web server that the content is derived from initially. The website’s URL protocol will change from HTTP to HTTPS. Currently, a security padlock will also be present in the URL as a way to further signal the status of the website’s Google SSL certificate. SSL certificates help the web cut down on instances of cybercrime that are often performed through security loopholes in web browsers. If the connection between the surfer’s web browser and web server are not secure through an SSL connection, a moderately skilled hacker could seize information, such as credit card numbers, as it is being typed into a form on an unsecured website. SSL SECURITY FOR LAWYERS Why are Google SSL Requirements Important? —> Establishes Trust and Builds Brand Power —> Provides Encryption of Sensitive Information —> Provides Authentication —> Contact us about setting up SSL for your law firm. 

Lawyers Need an SSL Certificate by July per Google Read More »

Lawyer Security Tips for WordPress

WORDPRESS SECURITY TIPS – January 2016 –> – Change Default ADMIN Username Security is more important then ever if you are a lawyer and have a WordPress site.  No doubt it seems like there is a constant threat of hackers trying to get into your site. Dont believe me?  Setup the Wordfence Security Plugin and enable the Live Activity Feed and you will see an amazing amount of users or robots usually from other countries trying to access your site.   So in order to keep them out you will need to follow a number of tips starting with these basic two. #1- Remove ADMIN User ASAP and replace with other user… The ‘admin’ username is the first guess the brute-force robot uses to try and gain access to your website because it is the default username when you install WordPress. Most site owners will change the default username during installation, but if you still have this username – remove it immediately. Create a new username, delete the ‘admin’ user, and WordPress will move all existing content to the newly created user. From a security perspective, changing the default “admin” user name is one of the first and smartest things you should do on your site. #2- Set ‘Display name publicly as’ so it does not match username – Change this option in Users > Your Profile or from the Users > All Users dashboards to hide this data from future site crawls. The same brute-force robots will often crawl your site and copy author information. If you’ve set the ‘Display name publicly as’ option to match your username, the robot now has that information and will use it to try and break into your site. When you submit a post or answer a comment, WordPress will usually display your “nickname”. By default the nickname is set to the login (or user) name of your account. From a security perspective, leaving your nickname the same as your user name is bad practice because it gives a hacker at least half of your account’s login credentials. Therefore to further tighten your site’s security you are advised to change your nickname and Display name to be different from your Username. WordPress Security for Lawyers If you have a wordpress site, you must really make sure you protect it from hackers.  Otherwise you risk getting hacked and having malware planted on the site, this is not a good thing. Worst case scenario, Ive seen sites totally ruined because of hackers.  Thats why its key to make sure you have full backups that you can restore, this way if your site is hacked, you can always restore over the damage that was done usually.  Contact us today for more information at 630-393-0460. Why You Need WordPress Security Services #1- To protect your legal website from hackers and malware #2- To make sure your WordPress software and Plugins are updated #3- To make sure your site is backed up on a regular basis #4- To be able to RECOVER From Hackers and any Google Site Warnings about your site  

Lawyer Security Tips for WordPress Read More »

Getting Dreaded “Your Site Has Malware” Message from Google

Ive had a number of lawyer clients contact me regarding the Malware message from Google.  Usually its only noticed when someone does a search for the firms name and the site will come up in the search listings BUT have a warning that tells the user that the site MIGHT have Malware and to not proceed.  Thats not good! You could be losing traffic and potential new clients right now and not even know it. Thats why you need to make sure that your site is well protected from hackers who will plant malware on your site if they figure our your login information.  It happens every single day and sometimes you would never even know anything is wrong, until you see that dreaded message. SO HOW DO YOU FIX THIS PROBLEM? The first thing is that you have to fix the malware problem and get it off your server.  Usually if you go into your Google webmaster tools account, they will notify you of this malware and list the URLs of the offending malware.  SO the first thing is to get these files deleted, but you also want to contact your web host right away and inform them of this issue.  Then you want to run a malware scan and see if you can find anything else, then remove it.   Then they will always suggest that you change ALL of your logins associated with this account. Then once you do all of this, you can ask Google to review the issue after you let them know you have fixed it.  Usually it will only take a day or two to get the message removed.    Yet at this point its time to lock down your site and make sure your have top security setup. We can fix this for you If your law firm needs assistance with setting up security on your website, contact us today at 630-393-0460 or fill out free consultation form.    

Getting Dreaded “Your Site Has Malware” Message from Google Read More »

WordPress Security Tip – Change Your Default Admin Name

WORDPRESS SECURITY FOR LAWYERS Security is a big deal and you must make sure you protect your site.  You can do some basic things to help yourself like making sure to create a long complicated password, instead of the basic your last name and a number!  It should be something more like rE^&(3wwww8UTTrrT instead of smith123.  Another thing to do ASAP is delete the admin account that is setup by default when setting up WordPress. You need to create another user that has administrator rights.   The FIRST user name hackers will try to use is ADMIN, then all they need to do is figure out your password (which can be much easier than you think, seriously).  To beef up your security, I recommend you change the administrator’s username from “admin” to something else today. Then also change your password to something more secure while your at it. HOW TO REMOVE THE ADMIN USER There are many articles and blog posts with instructions on how to change your WordPress admin username by installing a WordPress plugin or by editing your database tables. However, there is a much easier way to go about doing this. If you are still using the “admin” user account in your WordPress blog, follow these easy instructions to change it. #1- Login to your WordPress Admin Area #2.  Click on “Add new” in the “Users” menu #3.  Type in the information for the new user account. NOTES: 1- You need to use a different email address than what you have setup for your “admin” username. 2- Make sure you select “Administrator” as the role. 3-  Choose a new user name that is not similar to the name you display publicly on your blog. 4-  Choose a hard-to-guess password. I recommend using a combination of uppercase and lowercase letters, numbers, and symbols. 5- Click on the ”Add User” button. 6-  Logout of WordPress. 7-  Login to your WordPress again, using your new username. 8-  Click on “Users” in the “Users” menu. 9-  Move your mouse cursor over the “admin” row. You will see links for “Edit” and “Delete”. Click on “Delete”. 10- Select “Attribute all posts and links to” and then select your new username from the drop-down list. Make sure you select this option — so all your posts don’t get deleted! 11. Click on the ”Confirm Deletion” button. Now you have changed your administrator username — and all your blog posts that were created using the “admin” username are reassigned to your new username.   Now you have made it harder for the hackers to break into your site because you no longer have the generic Admin name setup.  Now make sure you also have a tough password to crack. If your law firm needs assistance with WordPress or security for your law firm site, contact us today. [si-contact-form form=’1′]

WordPress Security Tip – Change Your Default Admin Name Read More »

WordPress Security Issues for Lawyers

Is your website secure? Odds are No! WordPress is great in many ways BUT it also can leave you open to a lot of security issues. Its really important to keep your version of wordpress updated to the latest version because usually the reason they update the version of wordpress is because they find a a security hole they must fix. You also must update your wordpress plugins. This is because a lot of times plugins can have security issues and that’s why they create a new version of the plugin. Yet if you don’t update it, you might be leaving yourself open to a hacker.   So the bottom line is that your site can get hacked and be infected with malware. Then Google can pick up on this and possibly blacklist your site. Another bad thing can be when your site has a warning message next to it in the Google search results.  This is a really bad thing and most people would not even click on your site and might not want to visit it if they think they might get a virus. Then if your site is infected with malware and it has been hacked, then you have to get it fixed. SO a better idea is take the needed steps to make sure your wont get hacked.  There are a lot of different things you can do and I will go over these in more detail in upcoming posts. Think People Aren’t trying to Hack your site RIGHT NOW? It seems like they very well might be. Below are some really disturbing stats from a security scan I ran on a site, it shows all attempted logins in real time and it showed about 30 different attempts, in 1 day of people trying to login and guess the password…. These are from different people in different countries and what happens is that if you have a site that has older software and outdated plugins, you are more likely to get hacked and there are a lot of people out there trying to hack you right now! Here are just a few listing of failed login attempts.  Anaheim, United States attempted a failed login as “admin”. IP: 74.50.8.235  [block] Hostname: taras.lunarservers.com 1 hour 32 mins ago  Europe attempted a failed login as “Admin”. IP: 185.6.93.31  [block] Hostname: 185.6.93-31.rev.sewan.fr 2 hours 22 mins ago  Europe attempted a failed login as “Admin”. IP: 185.6.93.31  [block] Hostname: 185.6.93-31.rev.sewan.fr 2 hours 22 mins ago  Europe attempted a failed login as “Admin”. IP: 185.6.93.31  [block] Hostname: 185.6.93-31.rev.sewan.fr 2 hours 22 mins ago  Huntsville, United States attempted a failed login as “admin”. IP: 199.124.61.3  [block] Hostname: gnax-ds32.simplehelix.com 3 hours 24 mins ago  Scottsdale, United States attempted a failed login as “admin”. IP: 184.168.109.23  [block] Hostname: ip-184-168-109-23.ip.secureserver.net 3 hours 35 mins ago Its important to make sure your site is updated with the latest versions of wordpress. Yet it also makes sense to monitor your site on a regular basis to make sure that the hackers cant take over your site or infect it with malware.  Its important to keep on top of this because its very possible for your site to get hacked and you wont know about it for weeks until its to late and you now are banned from Google because your site is infected with malware. Contact us today if you would like assistance with protecting your law firm site. [si-contact-form form=’1′]

WordPress Security Issues for Lawyers Read More »