Tag Archive | "Secure"

How a Zero Trust Network Can Keep Your Business Data Secure

The numerous data breaches that occurred over the years clearly indicate that cybersecurity is still prone to failure. Every new security measure system defenders come up with is eventually thwarted by hackers.

The number of affected users is staggering. A minimum of 500 million Yahoo users were affected by the 2014 security breach that hit the company. The last US presidential election was rife with reports of hackers stealing sensitive emails. Meanwhile, the US Navy, the Internal Revenue Service, and the Justice Department were also targeted by hackers.

While there have been large-scale attacks on government agencies and the technology sector, hackers have also targeted businesses. As a matter of fact, 15% of international businesses have estimated that their sensitive data was potentially breached or compromised over a one-year period.

The Operation Aurora attack in 2009, saw companies increasing perimeter security using firewalls and VPNs. By that time, Google had already developed a new security architecture—Zero Trust. As the name implies, trust is removed from the system so everyone, whether outside or inside the firewall, is considered a suspect. Everything attempting to connect to a company’s systems must be verified before being given access.

Understanding Zero Trust

The Zero Trust Architecture model was developed by John Kindervag in 2010. The security system’s concept revolved around the idea that institutions should not blindly trust anything or anyone outside or inside its perimeters.

Previous security paradigms worked on the idea of “trust but verify.” Organizations concentrated on protecting the perimeter under the assumption that everything inside has already been cleared for access and therefore didn’t pose a threat. This method is clearly dangerous now as more corporate data centers are being housed in the cloud, with users (ex. customers, employees) accessing it using applications from devices in multiple locations.

With Zero Trust, the idea is basically “trust no one.” According to Charlie Gero, Akamai Technologies’ CTO of Enterprise and Advanced Projects Group, Zero Trust doesn’t allow access to machines, IP addresses, etc. until it knows who the user is and whether or not they’re authorized.

Benefits of a Zero Trust Security Network

The zero-trust model meets the security demands that companies need today. The rise of cloud technology, ubiquitousness of mobile devices, and the use of third-party sources have opened a lot of loopholes in security systems.

One major benefit of the zero trust architecture is how it enabled the system to take into account the changing nature of users and their devices. It does so by redefining the user’s corporate identity, along with their device at a given point in time. This provides the system with the context required to make trust decisions at the actual time.

It also diminishes the importance of static credentials, which is an element often used in an attack. Since each access request is individually authenticated and accredited, every credential required to start a secure session is given a limited scope depending on the user and device linked to a particular resource.

Challenges of Zero Trust

As with any security system, organizations that use zero-trust will face challenges. One major challenge is the fact that this is not an install-and-forget setup. Organizations that implement a zero-trust system have to comprehend access rights starting from the lowest level of the technology right up to the topmost level.

It’s often impractical for any corporation to have a complete, exact and detailed picture of all the resources used at each level through the whole enterprise architecture on an ongoing basis. Companies that do take on this daunting task will see their efforts rewarded.

Cost and employee productivity can also be an issue with a zero-trust network since there’s some tradeoff between productivity and security. For instance, an employee might be unable to start working while the system is verifying their credentials.

Fully employing a zero-trust system also demands the acquisition of expensive tools and a large amount of administrative manpower to get everything working smoothly. Luckily, sectors like IT support and employee productivity will see reduced spending once the system is running.

There are still a lot of questions and doubts about the zero-trust security system. Some sectors believe doing away with trust is virtually impossible. There’s also the issue of cost and implementation. But there’s also no denying that the principle of the system is a good and achievable goal.

[Featured image via Pixabay]

The post How a Zero Trust Network Can Keep Your Business Data Secure appeared first on WebProNews.


Posted in IM NewsComments Off

Secure your SMX West pass now & save big. Rates increase next week!

Don’t miss out: Your chance to lock in the lowest rate on a seat at SMX West expires next week! The West Coast’s largest search marketing conference is coming to San Jose, California, March 13-15, and we want you to join us for three days of actionable, cutting-edge search marketing tactics…

Please visit Search Engine Land for the full article.

Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Posted in IM NewsComments Off

How to Make Your Website More Secure (So Google Doesn’t Punish You)

Posted by lkolowich

Thanks to the buzz around website hacking and personal data theft in recent years, most Internet users are aware that their sensitive information is at risk every time they surf the web.

And yet, although the personal data of their visitors and customers is at risk, many businesses still aren’t making website security a priority.

Enter Google.

The folks over at Google are known for paving the way for Internet behavior. Last month, they took a monumental step forward in helping protect people from getting their personal data hacked. The update they released to their popular Chrome browser now warns users if a website is not secure – right inside that user’s browser.

While this change is meant to help protect users’ personal data, it’s also a big kick in the pants for businesses to get moving on making their websites more secure.

Google’s Chrome update: What you need to know

On October 17, 2017, Google’s latest Chrome update (version 62) began flagging websites and webpages that contain a form but don’t have a basic security feature called SSL. SSL, which stands for “Secure Sockets Layer,” is the standard technology that ensures all the data that passes between a web server and a browser – passwords, credit card information, and other personal data – stays private and ensures protection against hackers.

In Chrome, sites lacking SSL are now marked with the warning “Not Secure” in eye-catching red, right inside the URL bar:


Google started doing this back in January 2017 for pages that asked for sensitive information, like credit cards. The update released in October expands the warning to all websites that have a form, even if it’s just one field that asks for something like an email address.

What’s the impact on businesses?

Because Chrome has 47% of market share, this change is likely noticed by millions of people using Chrome. And get this: 82% of respondents to a recent consumer survey said they would leave a site that is not secure, according to HubSpot Research.

In other words, if your business’ website isn’t secured with SSL, then more than 8 out of 10 Chrome users said they would leave your website.


What’s more, Google has publically stated that SSL is now a ranking signal in Google’s search algorithm. This means that a website with SSL enabled may outrank another site without SSL.

That’s exactly why anyone who owns or operates a website should start taking the steps to secure their website with an SSL certificate, in addition to a few other security measures. Businesses that don’t take care to protect visitors’ information might see significant issues, garner unwanted attention, and dilute customer trust.

“In my opinion, I think security is undervalued by a lot of marketers,” says Jeffrey Vocell, my colleague at HubSpot and go-to website guru. “Almost daily, we hear news about a new hacking incident or about personal data that has been compromised. The saying ‘there’s no such thing as bad press’ clearly isn’t true here; or, at the very least, the marketer that believes it has never had to live with the fallout of a data breach.”

With Google’s Chrome update, those visitors will see a warning right inside their browsers – even before they’ve entered any information. This means businesses face the potential of losing website visitors’ trust, regardless of whether a cybersecurity incident has actually occurred.

If you’re ready to join the movement toward a more secure web, the first step is to see whether your website currently has an SSL certificate.

Do you know whether your site has SSL?

There are a few ways to tell whether your website (or any website) has SSL.

If you don’t use Google Chrome:

All you have to do is look at a website’s URL once you’ve entered it into the URL bar. Does it contain “https://” with that added “s,” or does it contain “http://” without an “s”? Websites that have SSL contain that extra “s.” You can also enter any URL into this SSL Checker from HubSpot and it’ll tell you whether it’s secure without having to actually visit that site.

If you do have Chrome:

It’s easy to see whether a website is secured with an SSL certificate, thanks to the recent update. After entering a URL into the URL bar, you’ll see the red “Not Secure” warning next to websites that aren’t certified with SSL:


For websites that are certified with SSL, you’ll see “Secure” in green, alongside a padlock icon:


You can click on the padlock to read more about the website and the company that provided the SSL certificate.

Using one of the methods above, go ahead and check to see if your business’ website is secure.

Yes, it does have SSL! Woohoo!

Your site visitors already feel better about browsing and entering sensitive information into your website. You’re not quite done, though – there’s still more you can do to make your website even more secure. We’ll get to that in a second.

Shoot, it doesn’t have SSL yet.

You’re not alone – even a few well-known sites, like IMDB and StarWars.com, weren’t ready for Google’s update. But it’s time to knock on your webmasters’ doors and have them follow the steps outlined below.

How to make your website more secure

Ready to protect your visitors from data theft and get rid of that big, red warning signal staring every Chrome user in the face in the process? Below, you’ll find instructions and resources to help you secure your website and reduce the chances of getting hacked.

Securing your site with SSL

The first step is to determine which type of certificate you need – and how many. You might need different SSL certificates if you host content on multiple platforms, such as separate domains or subdomains.

As for cost, an SSL certificate will cost you anywhere from nothing (Let’s Encrypt offers free SSL certificates) to a few hundred dollars per month. It usually averages around $ 50 per month per domain. Some CMS providers (like HubSpot) have SSL included, so check with them before making any moves.

(Read this post for more detailed instructions and considerations for SSL.)

Securing your site with additional measures

Even if you already have SSL, there are four other things you can do to make your website significantly more secure, according to Vocell.

1) Update any plugins or extensions/apps you use on your site.

Hackers look for security vulnerabilities in old versions of plugins, so it’s better to take on the challenges of keeping your plugins updated than make yourself an easy target.

2) Use a CDN (Content Delivery Network).

One trick hackers use to take down websites is through a DDoS attack. A DDoS attack is when a hacker floods your server with traffic until it stops responding altogether, at which point the hacker can gain access to sensitive data stored in your CMS. A CDN will detect traffic increases and scale up to handle it, preventing a DDoS attack from debilitating your site.

3) Make sure your CDN has data centers in multiple locations.

That way, if something goes awry with one server, your website won’t stop working all of a sudden, leaving it vulnerable to attack.

4) Use a password manager.

One simple way of protecting against cyberattacks is by using a password manager – or, at the very least, using a secure password. A secure password contains upper and lowercase letters, special characters, and numbers.

Suffering a hack is a frustrating experience for users and businesses alike. I hope this article inspires you to double down on your website security. With SSL and the other security measures outlined in this post, you’ll help protect your visitors and your business, and make visitors feel safe browsing and entering information on your site.

Does your website have SSL enabled? What tips do you have for making your website more secure? Tell us about your experiences and ideas in the comments.

Sign up for The Moz Top 10, a semimonthly mailer updating you on the top ten hottest pieces of SEO news, tips, and rad links uncovered by the Moz team. Think of it as your exclusive digest of stuff you don’t have time to hunt down but want to read!

Moz Blog

Posted in IM NewsComments Off

Google Says Its “Mission Impossible” Cloud Platform is the Most Secure

Neal Mueller, Security and Networking lead for Google Cloud, recently was interviewed about security and other important aspects of using the Google Cloud Platform to host websites, online retailers and other data intensive applications.

Should I move our online applications to the cloud and is it secure?

We get that question less and less these days. There are big advantages to moving to the cloud. You get to have all of the scale that you want immediately when you want it. You don’t pay for it when you don’t use it. And you don’t have to worry about the maintenance of the underlying machines. The advantages are so big, in fact, that we seldom get the question of, should I move to the cloud? More often, the question that we get is, how can I move to the cloud safely?

Where does Google’s responsibility for security begin?

It’s simple. Google’s responsibility is to control the underlying infrastructure. Your responsibility is to secure the data on top.

Why use Google as a cloud provider?

One of the reasons that we talk about a lot is that Google is the right cloud provider for you because we’ve got over 500 security engineers. These are 500 people that are foremost in their fields. They’ve been in peer-reviewed journals, they’re experts at security.

Let me give you an example of just one team within the 500. It’s called Project Zero. These are forward-facing engineers whose job it is to discover 0-Days, that is, new vulnerabilities, never before seen or disclosed. They discovered Heartbleed, which affects anybody with a browser. It’s a TLS vulnerability. They discovered rowhammer, which affects anybody that has a computer with RAM and they discovered 15 of the last 21 KVM vulnerabilities, which is really important to Google because we use KVM as our chosen hypervisor technology. All of these vulnerabilities, as soon as we discover them, we immediately disclose them so that the world is a safer place thanks to the work of Project Zero.

Can you tell us more about this?

Let’s talk about the word provenance. It’s a word in English that means come from. It’s a fundamental tenet of how we think of secure systems. We don’t just buy hardware that’s off the shelf. We return to first principles, figure out what functionality we need from the hardware and which ones we don’t, because functionality that’s included in the hardware off the shelf might introduce vulnerabilities that we don’t want. This leads us in many cases to custom-build secure systems. So we have custom-built ASICs, custom-built servers, custom-built racks, custom-built storage arrays inside custom-built data centers. All of this leads to a much more secure data center.

Infrastructure security, doesn’t that go beyond hardware?

Sure. It extends to the people inside that data center, too. These are full-time, badged Googlers that have submitted to a background check and have an array of physical security to make their job easier. We’re talking about stuff that you’ve seen in “Mission Impossible”– biometrics, lasers, vehicle barriers, bollards. All of this is custom-built, also, to make the data center more secure.

So is this unique to just Google?

Yeah, it’s unique to Google, but not for long. Part of being Google is giving back to your community. So as part of the Open Compute Project, just last week with Facebook, we released our design for a 48-volt rack. This is a very high-density, highly efficient, highly green rack. And although Google is the only one that can build it, now that everybody has the designs, everybody can build data centers as efficient.

What other cool stuff is Google Cloud doing?

What’s next? So with 500 security engineers on staff, there’s a lot that’s up next. But let me tell you about just two things that spring to mind. The first one is BeyondCorp. Here, we have separated ourself from the traditional enterprise security model. Traditional enterprise security has a hard firewall to guard the perimeter. However, we’ve seen what happens with recent breaches– what happens when an adversary gets inside that perimeter. He has relatively unfettered access to the resources inside the internet. What Google does is device authentication which allows our applications to be accessible by the internet, but be just as secure as if they were only accessible by the intranet. We believe that this makes our public cloud more secure.

What’s the second initiative?

On Google Cloud Platform, data at rest is encrypted by default. This is a real differentiator for us. We believe it’s good practice and good business. We’ve seen what happens when adversaries get a hold of breached PII and we think that encryption by default is a good preventative measure against that.

The post Google Says Its “Mission Impossible” Cloud Platform is the Most Secure appeared first on WebProNews.


Posted in IM NewsComments Off

SMX Advanced agenda is up! Secure your place today and save $500.

Get ready for Search Engine Land’s SMX Advanced, which returns to Seattle June 22–23. Two exceptional days of professional-level tactics, keynotes and networking await you! The agenda is now up, and SMX Advanced provides the latest, professional-level tactics and best practices in PPC, SEO, local…

Please visit Search Engine Land for the full article.

Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Posted in IM NewsComments Off

SMX Advanced agenda is up! Secure your place today and save $500.

Get ready for Search Engine Land’s SMX Advanced, which returns to Seattle June 22–23. Two exceptional days of professional-level tactics, keynotes and networking await you! The agenda is now up, and SMX Advanced provides the latest, professional-level tactics and best practices in PPC, SEO, local…

Please visit Search Engine Land for the full article.

Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Posted in IM NewsComments Off

The Other Secure Search Issue: When to Use HTTPS

Google strongly encourages HTTPS for its potential to make the Internet safer. You should consider the nature of your site before making the costly transition from HTTP.

Home – SearchEngineWatch

Posted in IM NewsComments Off

Secure Your Spot at Search Marketing’s Big Dance – SMX Advanced Rates Increase Friday

Super early bird rates for SMX Advanced expire end-of-day Friday, March 29. Register now for your ticket to the only conference designed exclusively for experienced search marketers. Cutting-edge tactics and networking with internet marketing thought leaders make SMX Advanced the must-attend…

Please visit Search Engine Land for the full article.

Search Engine Land: News & Info About SEO, PPC, SEM, Search Engines & Search Marketing

Posted in IM NewsComments Off

10 Steps to a Secure WordPress Website

image of wordpress logo

Every day, some scary report about a major site being hacked or a sensitive database being compromised hits the web … and freaks everyone out.

Last week, in preparation for an interview about my work at Copyblogger’s managed WordPress hosting division, I chicken-scratched a top 10 list of tips for keeping your WordPress website(s) secure.

We’ve been discussing WordPress security a lot over at the Synthesis blog, here, here, and most especially here), but these days, you can’t be secure enough, right?

It’s worth your time to look over this list of security tips, and to take the few simple actions to implement them. How secure is your website?

Let’s go over the basics right now …

Why take WordPress security so seriously?

Why all the security talk? Because staying vigilant about security is an ongoing responsibility for any WordPress site owner.

In fact, it’s an ongoing responsibility for everyone online, whether you’re using WordPress or not.

So we’ll continue to discuss it here as much, if not more so, than performance. Hey, sub-second load times are great, but not if you’re hosting hidden links to Viagra sites or Google is flagging your site as malware-infected.

I know that security can sometimes be a nebulous, obtuse topic. If you don’t have a technical background, the risks and the necessary safeguards can be difficult to comprehend.

You’re not alone.

When I first launched Midwest Sports Fans some four years ago, I couldn’t have told you the difference between DDOS and Mike Doss. I was among the ranks of those who used the same password for my MSF admin login as for my Gmail account … and my bank account … and, you get the idea.

Over time, I learned the importance of taking security seriously. Some of the lessons weren’t pleasant. But they provided me with the knowledge to be able to educate you on simple steps you can take right now to make your site safer.

As you read this list, consider it less a “top 10 list” and more of a checklist. If you come across one, two, or ten of these that you cannot mentally check off as being part of your current security arsenal, stop reading and go implement it.

Let this motivate you: we see between 50,000-180,000 unauthorized login attempts every single day at the sites we host. The vast majority of these are hackers using brute force techniques to get into websites and wreak havoc. It is possible, perhaps even probable, that a hacker halfway across the globe is trying to hack into your site at this very moment

keep wordpress secure

… I hope your password isn’t password123.

And now, on to the most important top 10 list you’ll read all week:

1. Maintain strong passwords

Let’s kick off the list with the easiest step you can implement immediately. Hopefully you already have.

If not, do not procrastinate on this one.

I’ve linked to this post before, and I’ll link to it again: “Password Protection: How to Create Strong Passwords” from PCMag. I used a number of the tips listed in that post to completely overhaul my personal password strategy.

Take this seriously.

Excuses like, “But I want one password for all of my sites so that I won’t forget!” or “My (generic) password is good enough, and what are the odds that someone is really going to try to hack me?” are not acceptable.

If you aren’t using a password that’s at least ten characters, with numbers and letters, capitals and lowercase … you’re doing it wrong. Do it right. Especially this one.

2. Always keep up with updates

WordPress updates are not just released for the Google News search results. They are released to fix bugs, introduce new features, or, most importantly, to patch security holes.

Will WordPress (or any software program, for that matter) always be one step ahead of the hackers? Of course not. Quite the contrary. For the most part, as with performance-enhancing drug testing in sports, software is always going to be one step behind the hackers. That’s just how it goes, it’s the world we live in.

But when major security holes are known — and patches are available — there is no excuse not to implement them. Thus, there is no excuse not to keep up with WordPress updates. The same goes for plugins and themes.

I know that many of you feel trepidation when it comes to updating WordPress, afraid that it might break your theme or disrupt a plugin’s functionality. My response to this is simple: if you’re afraid of it, then you need to re-evaluate your theme and plugin strategy. Your theme will certainly get disrupted when a hacker injects half a page of a nasty encrypted code into it.

One of the benefits of investing in a WordPress theme framework like Genesis is that our StudioPress division will have the Genesis Framework updated damn near instantaneously when a WordPress update is released. In fact, there’s a good chance they had input in the WordPress update itself! So, you never have to worry about your theme breaking.

As for plugins, this is why vetting plugins is so important. If a plugin isn’t updated regularly, or you’re not paying for support, then you should be afraid of it possibly breaking with a WordPress updates. Thus, you might want to rethink using it at all.

3. Protect your WordPress admin access

Should you change the name of the default “admin” user that every WordPress installation starts out with? Sure, you can. It certainly isn’t going to hurt.

Just know that it isn’t the pinnacle of security measures. Hackers can find usernames fairly easily from blog posts or elsewhere.

More important than disguising the specific admin username is to make sure that every username of your site with administrator access is protected by a strong password. (Yes, I’m referring you back to #1 in this list.)

And, if you really want to protect your site, go the extra step of requiring a Yubikey to login. That way, even if someone does have the password to a username with administrator access, he or she cannot login without physically possessing the Yubikey (which is easily used via simple USB insertion when it’s login time).

And no, it’s not a hassle. It’s peace of mind.

4. Guard against brute force attacks

Remember the stat I cited above? It’s worth citing again: we see between 50K and 180K failed login attempts a day on the sites we host. The site you’re reading right now (Copyblogger in case you’re somehow reading a scraper site) sees 275 unauthorized login attempts … every hour.

Before you pass out at the magnitude of that number, know that you’re far from powerless against these nameless, faceless hack attempts.

First, your web host should be helping to protect you from brute force attacks. We do. We regularly monitor where failed login attempts are coming from and then lock out the offending IP addresses.

Second, make sure you’ve checked off tips 1, 2, and 3 above.

Third, there are programs that can be installed (such as Limit Login Attempts) that will make it much more difficult for brute force techniques to work.

5. Monitor for malware …

It’s imperative that you have some kind of system in place to constantly monitor your site for malware.

The folks at Sucuri do this as well as anyone, which is why we’ve partnered with them for the server-side scanning that we do for all of our customers.

How you monitor is vitally important. Choose a method that can actually dive into your file structure and detect deep breaches, rather than one that just shows you where you’re vulnerable.

6. … Then do something about malware!

Monitoring for malware is not a solution in and of itself. The solution is what happens once malware is detected.

If you are not a Synthesis customer, the Sucuri team is a great one for you to partner with because they’ll not only scan for malware, they’ll help you clean it up once it’s detected.

And if you are a Synthesis customer, you already know that we’ll take on the job of cleaning and repairing your site should anything bad happen to it.

A couple of the oft-overlooked “true costs” of WordPress ownership are those associated with downtime due to security issues and cleaning up those issues. This is part of the value proposition that should be rolled into your managed hosting provider’s offering.

7. Choose the right web host

I’ve already told you about the server-side scanning and malware cleanup guarantee that we give all of our customers. And that’s far from the only reason why our WordPress hosting is a great choice for the security-conscious WordPress user. Just saying.

One major security risk is being on a shared server. Think of it this way: take the security risks inherent in your own WordPress installation, then multiply it by the number of sites on the server. And if you go with generic hosting, chances are you’re going to be lumped in with hundreds and hundreds of other websites.


Your own VPS may not the right option for you. It may be too expensive, or your traffic may not necessitate it. That’s fine. But if you’re going to be on a shared server, make sure it’s shared with just a small number of sites (our shared servers have no more than 10 sites) on a hosting stack that has proven safeguards in place to protect it.

Also, find a host that doesn’t get complacent about security.

Anyone who would claim to “have security figured out” has no clue. Online security is constantly changing. Web hosting companies need to constantly evolve with that changing landscape, and the threats the come with it. Make sure whoever you trust your website to operates with this mentality.

8. Clean your site like you clean your kitchen

Did you know that your WordPress installation could easily have ticking time bombs sitting on it that you’re not aware of?

If you have old themes and plugins that you’re not using anymore, especially if they haven’t been updated, you can basically just go ahead and start the countdown to your next security breach. A messy site also makes it much more difficult for security professionals to operate should your site be compromised.

You wouldn’t leave dirty dishes and silverwear sitting in stale water for three days in your sink would you? Of course not. It would be a breeding ground for filth and muck.

So clean up and organize your file structure like you would your kitchen. It will keep you safe in more ways than one.

If you’re asking, ‘Where do I begin?’ Start at the root. Compare your file list to that of the default WordPress core. A few extra files, like your favicon? OK. Two times as many files including Power Point presentations for work? Time to do some dishes …

9. Control sensitive information

And when you are doing that cleanup of your file structure, check to make sure you are not leaving bits of valuable information available for all the world to see.

For example, the readme.html file by default will say what version of WordPress you’re running. If you’re running an older version of WordPress with a known security hole, hackers will find you.

Similarly, look into your phpinfo.php or i.php files. They’ll tell a hacker everything about your setup and serve as a “road map to the house” before they even break in.

And leaving .sql database backups files is a big no-no. If a hacker can download your entire database they’ll have every username and encrypted password you’ve ever used at their disposal.

While your website host should be scanning for items like this, why leave anything to chance? You wouldn’t walk out your front door without pants on (at least I’d hope not!) … so don’t run your website that way.

10. Stay vigilant

This is one is pretty easy to explain. Just stay on top of what’s going on out there.

You don’t need to understand the intricacies of a DDOS attack or churn out a blog post about GoDaddy getting taken down. But when an issue like the TimThumb fiasco rears its ugly head, are you aware of it? Early detection is the best prevention.

You should be with a managed WordPress host who has your back, but it never hurts to have your own too.

Follow Twitter accounts like Sucuri’s or ours, where we’ll update you when we hear of relevant security issues affecting the web. And just keep your eyes peeled. Don’t think that security issues are only affecting those other sites. They could just as easily be affecting yours.

Respect thine enemy, as they say.

Over to you …

Most importantly, we need to respect the critical nature of taking website security seriously.

The ten steps above are not the only security safeguards you should be considering, but they are a well-rounded start, especially for those who may have trouble implementing the basics.

Take action on these tips and you’ll have the essential WordPress security measures in place.

Any other WordPress security tips out there? Drop them in the comments below …

About the Author: Jerod Morris is a founding member of the Synthesis Managed WordPress Hosting team. He is a copywriter and professional blogger responsible for creating Midwest Sports Fans and Primility.

Related Stories


This is my first Music Video, I am soooo excited!! Please let me know in the comments below what you think!!! :) Add me on facebook www.facebook.com My favorite drink: youtube.com Now Enjoy the video!! Happiness, 222 Google Marina Orlova here www.hotforwords.com Google Neuro here drinkneuro.com Google Damon Elliott Marina
Video Rating: 3 / 5

Posted in IM NewsComments Off

Google Secure Search and SEO – What is going on?

Author (displayed on the page): 

Google have a secure search service hosted on their https search page. This uses SSL encryption to stop electronic snooping on users search habits via unsecured wifi. This encrypted search now does not pass the search term in the referrer URL from anyone searching on Google when signed in.

This is important because your web analytics software (such as Google Analytics) uses the referrer URL to know what the search term was that someone used in Google to find your page. In SEO this metric is widely used and represents the start of the journey for the user on your site. With this information, you can see which search terms drive the most traffic and conversions. It is key to your SEO planning: you’ll want to target keywords that bring conversions.

So what’s the fuss about?

A growing amount of the organic search data in your analytics will be placed into a category called “(not provided)”. This is the secure data which has no keyword data in the referral string.

The move to secure search has not affected paid search data. Google is still passing referring keywords for PPC ads, so you can see which search terms drove your paid traffic.

Some search marketers feel that Google is being disingenuous about its reasons for making this change. They cite the exclusion of paid terms as evidence. If secure search were to be an effective privacy measure it would need to include paid search results as well as organic searches.

The number of site visits that are included in the ‘not provided’ category has been increasing quickly since secure search was launched. And this trend is likely to continue. Google is expanding its services and requires users to sign in. This means that it’s increasingly likely that the user will be signed in when they perform a search. For example, Google+ is part of this network and Google is trying to get as many of us using it as possible. This is going to mean more people signed in and less data in your analytics.

This is what the traffic to the Wordtracker site looks like in that “(not provided)” column:

wordtracker analytics data

In the past week more than 3% of visits were in the ‘not provided’ category (I’ve removed the exact numbers), but the trend is increasing – and alarming.

So what can you do?

Unfortunately Google holds the cards on this one. It’s not just Google Analytics that suffers from this problem. In time, other providers may produce custom solutions, but these are likely to be expensive and may require you to change your analytics software.

That said, there are some steps you can take.

You can still get your top 1,000 search terms from Webmaster Tools, but it misses out much of the data below that top 1,000 cut off. (I would guess from this that Google has the ability to assign the keyword to a secure search but they are choosing not to.)

There is a petition in protest over at Keyword Transparency which aims to collect signatures and lobby Google to change its process.

If your company has a Google rep, you can voice your concerns directly. Find out what the alternatives are and what actions the rep recommends. Please let us know below.

We’d also love to hear about your experience with secure search, if you’re seeing that ‘not provided’ data figure grow in your analytics, and we’d love to know which sites have been worst affected.

Wordtracker Blog

Posted in IM NewsComments Off