Category: Website Security

Top 3 Reasons to Add HTTPS to Your Business Website

Top 3 Reasons to Add HTTPS to Your Business Website

Today I am going to list the top 3 reasons you should be using HTTPS on your business or personal websites, I won’t go very deep in the technical details of HTTPS or the way encryption works and keeps communication between your browser and server secure and private. This article focuses very brief about HTTPS and the top reasons you should use SSL protocol or HTTPS over the old http for your website.

Why chose HTTPS over HTTP

What are the benefits of using HTTPS vs. HTTP?

1. It helps with the security of Your website: The https protocol scrambles the data say any input you make in browser or request any page from server while browsing website/ web apps so that it can’t be seen or read by any one between your Browser and Server. For example every request you make from your browser goes to server via your internet service provider or ISP which can tap in to the content been transmitted. Thus it’s secure to use https and not http which transmits information in plain text to server.

Google’s experts says even if you don’t ask for sensitive information on your business website even than you should be using HTTPS to protect users privacy and any exchange of information between your website’s users and you. So HTTPS will help you with the security of your users and server.

2. HTTPS is good for SEO and helps you rank higher: Experts from SEO industry has confirmed that having a Secured site (Using HTTPS) helps your website rank higher in Search results by search engines. Google loves and gives priority to websites using SSL/ HTTPS over the http protocol. So if you are a business website owner and is focusing to get your website rank good in search engines setup HTTPS on your website. Recently google search started demoting non https websites in search results and also displays warning in browser address bar.

HTTP Vs HTTPS in chrome browser.

3. Many Advanced Web Technology requires HTTPS: If you are in serious about search result, website visibility and security of your website using HTTPS is must as even many browser features like PWA (Progressive web apps ) & even google’s AMP (Faster and lightweight website framework by google) requires you to have ssl/ https enabled on your website to leverage many features.

To use users location api or send push notification in browser you must use HTTPS as service workers which is required component for PWA to work.

As conclusion if you are still using the http on your website and have not setup https on your website ask your developer/ agency to implement it. My web development agency in patna bihar has started offering free HTTPS support with our website packages to our all customers.

You can use a purchased ssl or free ssl certificate from Let’s encrypt to secure your website. If you are having your website already and want help related to web security server management etc you can always reach me or ask question on my twitter handle (https://twitter.com/xvivek ).

Security of many Bihar Govt. website is vulnerable too much

Security of many Bihar Govt. website is vulnerable too much

bihar-website-securityAs I am a IT geek & Cyber Security consultant I was testing few website’s related to bihar government to measure the security standards and loop holes left with their website. Shockingly I found many of websites related to bihar government and private companies were vulnerable against different types of very common network attacks.

Many of website’s that were developed using .net or asp technology are not even protected for very common SQL injection. SQL Injection is a method to by pass SQL statements and get access to login pages without any user name or passwords. So any person can just type SQL Injection go to Wikipedia website and find the method to get in to the admin area of these website’s database.

With the growing potential of hacking attempts these days and at the moment as companies and government agencies of bihar are not much aware or shows interest about the security of their websites and network it could cause disastrous & fatal issues in coming time.

Some of the website’s are so badly un-secured that the admin areas could be accessed guessing with most common passwords like admin , bihar, mybihar, ilovepatna, mypatna like ID and Passwords. Many of them are using so bad passwords that using Brute force attack one can get in to the emails, admin section of the websites.

However it’s known that IT companies are not using security measures in developing websites & applications also  that Bihar has a lack of local Cyber Security Experts many of the websites related to bihar is on the mercy of a average skilled hacker.  With the growing potential of hacking attempts these days and at the moment as companies and government agencies of bihar are not much aware or shows interest about the security of their websites and network it could cause disastrous & fatal issues in coming time.

In the same time my company Webx99 is continuously trying to provide creative, reliable, productive website solution to our clients  of  Patna, Bihar with the added security layers & penetration tests.  We do all this with the latest technologies & the updated knowledge.

In the coming post I will publish an article about a very common attack and it’s result that shut down the website of a major project’s website of bihar government. Leaving you with the hope that Government & Companies of bihar will took further steps to secure their websites after revealing the issues. Is your website Secured? ask me by dropping your email address for security audit of your website free for my blog readers.

Tips to Protect your WordPress website against global Attack

Tips to Protect your WordPress website against global Attack

Hi as you might have come to know that in last couple of days there is a major hacking attempt going on globally targeting WordPress sites. All the web hosting companies has issued ways tips and guidelines to protect wordpress installation from these  attacks. Webx99.com reputed web hosting company in Bihar have described the incident in his blog post about the nature of hacking attempts.

wordpress-security

In the blog post at Webx99.com they have also provided the prevention attempt against these attempts.

To ensure that all your  websites are secure and safeguarded from this attack, I  recommend the following steps:

  1. Update and upgrade your wordpress installation and all installed plugins
  2. Install the security plugin listed here
  3. Ensure that your admin password is secure and preferably randomly generated
  4. Other ways of Hardening a WordPress installation are shared athttp://codex.wordpress.org/Hardening_WordPress

These additional steps can be taken to further secure wordpress websites:

  • Disable DROP command for the DB_USER .This is never commonly needed for any purpose in a wordpress setup
  • Remove README and license files (important) since this exposes version information
  • Move wp-config.php to one directory level up, and change its permission to 400
  • Prevent world reading of the htaccess file
  • Restrict access to wp-admin only to specific IPs
  • A few more plugins – wp-security-scan, wordpress-firewall, ms-user-management, wp-maintenance-mode, ultimate-security-scanner, wordfence,http://wordpress.org/extend/plugins/better-wp-security/. These may help in several occasions

Also, Webx99.com  recommend using Cloudflare, which is available free with all our cPanel accounts, to prevent the attack from affecting the functionality of your site. For any other assistance implementing the above security tweaks contact our support team. All customers website who have opted Webx99’s  website package are been implemented the above security  by our support team by default. For all customers without maintenance service or website package are recommended to do the above tasks by themselves to safe guard their website. If you have any questions regarding this you can personally ask me drop a comment here. Let’s safeguard the WORDPRESS powered websites.