OmniSOS – Elite WordPress Security

20 Commonly used passwords you should avoid

Charlie Tobler — Wed, 20 Dec 2017 19:17:56 +0000

We all know 2017 has been a jackpot for hackers, and one of the many ways they can infiltrate is by exploiting weak passwords. While some passwords are undeniably weak: like “password” and “123456,” there are others that are just as likely to be cracked, but aren’t as conspicuous. Here are 20 passwords that are in the top 100 list of weak passwords that may surprise you (notice the rank in parentheses):

letmein (7)
monkey (13)
starwars (16)
dragon (18)
freedom (22)
trustno1 (25)
harley (28)
buster (39)
ferrari (43)
cheese (44)
sunshine (55)
tigger (56)
merlin (58)
banana (61)
cookie (68)
jessica (74)
dallas (79)
passwor (80)
ginger (97)
thunder (100)

For more info, check out this article: http://www.foxnews.com/tech/2017/12/20/20-passwords-other-than-123456-should-avoid.html

The post 20 Commonly used passwords you should avoid appeared first on OmniSOS - Elite WordPress Security.

Cyber attacks top US threat list

Jeff Tobler — Fri, 27 Feb 2015 13:52:49 +0000

“A US intelligence assessment of security threats faced by the country highlights cyber attacks from foreign governments and criminals.” Read more: http://www.bbc.co.uk/news/world-us-canada-31654050

In recent weeks and months, not only has Twitter’s CFO account been hacked — but even CENTCOM’s (US Central Command’s) Twitter and YouTube accounts were infiltrated by ISIS. But as it might seem as though only high-profile sites are being targeted, we are regularly seeing “mom and pop” small and mid-sized business websites aggressively attacked by cyber terrorists with increasing frequency.

As we monitor the ongoing security threats facing our OmniSOS clients, we are seeing an exponential increase in attempts to compromise and infiltrate our client’s websites, often on an hourly basis, or within minutes of an attempted attack. Brute-force attacks are becoming commonplace. Attempts to exploit small business websites are no longer the exception but to be expected. If you own or operate a website, security should be your top priority. But doing nothing is not an option these days.

Our primarily drive is to keep site safe and secure. Cyber-terrorists must be aggressively confronted and decidely stopped from gaining access to your site.

If we can be of help, let us know.

The post Cyber attacks top US threat list appeared first on OmniSOS - Elite WordPress Security.

Does SSL Boost SEO Rankings?

Jeff Tobler — Thu, 30 Oct 2014 15:50:45 +0000

Back in March 2014, Matt Cutts, Google’s head of Webspam, said he wanted SSL to be a ranking factor. And Google is now factoring in SSL in SEO rankings. However, currently the affect of installing an SSL Certificate is negligible, therefore we are not advising rushing to install a secure certificate to your site just yet.

The point is that Google understands the importance of security as a ranking indicator for websites. SSL is an important component of web security, but SSL really doesn’t affect how easily a hacker can gain unauthorized access into your website. SSL doesn’t hinder Brute-Force Attacks, nor Code-Injections.

Therefore, we highly recommended first deploying a robust security plan for your site, then add SSL, especially if you have an e-commerce site.

The post Does SSL Boost SEO Rankings? appeared first on OmniSOS - Elite WordPress Security.

Did the White House’s Secret Service Fail?

Jeff Tobler — Thu, 30 Oct 2014 14:49:30 +0000

The White House’s legendary Secret Service security detail has been making headlines lately; unfortunately, not in a favorable light. I’m sure they do far more and far better than we ever know about, and it’s always easy to focus on failures.

But recently the White House fence jumper, Dominic Adesanya, made it past the fence, past the perimeter guards, past the canine unit, past the guard outside the main door and past a Secret Service agent just inside the main door, allegedly overpowering him. Adesanya then sprinted into the East Room where he was finally disabled.

What went wrong?

It is clear given the latest and recent lapses that security was not as secure and heightened as it should’ve been. But the White House did have security in place, and their security did work — albeit with limited exposure. If this were the state of most websites, you’d be in pretty good shape. Even weak security is better than no security at all. Sadly, most WordPress, Joomla, and other CMS websites have no Secret Service agency working 24/7 to stop lethal attacks. Most of us think that somehow the worst won’t happen to us. And that if it does, somehow we are protected.

The reality is that robust, fail-safe security doesn’t just “happen”. It must be well-planned, implemented, and reviewed often. OmniSOS provides such a service to our clients. Our iKnights (automated 24/7 “Secret Service” agents) and our Elite Security Team (real humans putting brains and eyes to your site) stand guard with a multi-tiered security approach deploying many overlapping security measures to mitigate your risk exposure and to eradicate any threat at any level.

Threats are real. And the cyber-terrorists are targeting average web sites daily. Without a security protocol, it’s not a matter of if, but when you will be targeted and most likely hacked.

There are free options available for those of you who want DIY Security. But if you’re looking for total peace of mind for pennies a day, look at implementing one of our security packages today. We’ll take care of everything from security analysis, automated backups, installing an advanced firewall, monitoring, and site repair and/or restoration if the worst should happen.

Put on effective armor to stand against the enemy! (Eph 6)

The post Did the White House’s Secret Service Fail? appeared first on OmniSOS - Elite WordPress Security.

White House Hacked (Russia involved?)

Jeff Tobler — Wed, 29 Oct 2014 15:44:38 +0000

The White House today reported a limited breach of their unclassified network, tracing the origin to Russia with heavy suspicion of the Russian government’s involvement. Apparently the attack did not infiltrate the government’s classified networks and is under control. Remember: terrorism and warfare are no longer fought solely in the physical, but also in digital or cyber realms. And the resulting blow is often more damaging than a physical attack. With all the prepper chatter about terrorist threat awareness and survival readiness, let’s not forget to secure our own digital businesses and e-commerce storefronts.

This is another wake-up call to bloggers, web developers, and small business owners to take web security very seriously. Do you have a WordPress security plan in place for your website? What about a rapid-deployment restoration plan with active full-site backups? If not, we highly recommend you put one of our plans in place. Peace of mind for pennies a day.

And if you don’t think you are a target, think again. Yes, you’ve heard of Bank of America, Target, even Apple and Google targeted and hacked, but hackers are not limiting their attacks on the Fortune 500. Every site — especially smaller sites — are increasingly targets of Brute-Force attacks or Code-Injection and Malware infections in an attempt to leverage your site and bandwidth for nefarious activity. Why? Most smaller sites and small to mid-size companies have no or low security in place.

Don’t allow yourself to be victimized. Cyber-warfare, or cyber-terrorism, is nothing new, but definitely on the increase and no longer as cloaked as in years past. Make sure you are not a sitting duck for a cyber-sniper. Compare our plans and, at a minimum, sign-up for our Basic Security Plan (pennies a day) to gain advanced security, a locked-down site, 24/7 iKnight defenders and a rock-solid restoration plan should disaster strike.

If you’d like to talk to one of our Elite Security Team specialists, contact us today. We’ll help you figure out which plan best suites your needs.

Shielding Attacks. Thwarting Intruders. Saving Your Site!

The post White House Hacked (Russia involved?) appeared first on OmniSOS - Elite WordPress Security.

What exactly is Malware?

Staff — Tue, 28 Oct 2014 22:22:18 +0000

Malware (Virus) is a very broad term, and there are many different ways that malware can be injected into a website. One common way that malware is inserted is by a File Inclusion vulnerability. With this vulnerability, the hacker will insert a malicious script into the site by editing the PHP. This is normally performed by using methods similar to Code Injections. As a result, creating secure user input validation will also mitigate this vulnerability, along with coding the PHP to eliminate the possibility of Remote File Inclusion (RFI). Malware can also be inserted by gaining login access, so many other security measures must be taken to mitigate this risk. Oftentimes, the hacker’s goal is to insert malware, no matter what vulnerability he/she is using to gain access.

The post What exactly is Malware? appeared first on OmniSOS - Elite WordPress Security.

What are Code Injections?

Staff — Tue, 28 Oct 2014 22:16:48 +0000

Code Injections (such as SQL Injections and command injections) are attacks that inject code into a server or database to unexpectedly execute commands or to insert malware. The most common form of Code Injection a hacker will use is to use special command line characters in a normal user input box to trick the server into executing the following command. This vulnerability is used for a wide range of malicious activity, which makes it particularly dangerous. These commands can be injected through any average text input box. The most effective way to prevent Code Injection is to create secure user input validation (such as a whitelist that allows only “innocent” characters, like letters and numbers), and to implement a secure firewall.

The post What are Code Injections? appeared first on OmniSOS - Elite WordPress Security.

What is a Brute-Force Attack?

Staff — Tue, 28 Oct 2014 22:08:48 +0000

Brute-Force attacks (also called an Exhaustive Key Search) are used with the intention of gaining access to the server or website by guessing the login authentication. Hackers who use this method typically have several computers with very fast hardware which use an algorithm to guess the password. These machines can guess thousands to millions of passwords per minute, and they will typically guess every possible password. This can be a very dangerous attack if security measures are not set up properly. The best way to prevent a successful Brute-Force attack is to prevent access to the login page after a certain amount of failed login attempts (implemented into most firewalls), to have a strong, secure password, and to set up two factor authentication. Two factor authentication uses a password, and also sends a verification code to the user’s cell phone. This makes it virtually impossible for Brute-Force attacks to be successful.

The post What is a Brute-Force Attack? appeared first on OmniSOS - Elite WordPress Security.

DDoS – What does it stand for?

Staff — Tue, 28 Oct 2014 21:56:09 +0000

Distributed Denial of Service (DDoS) attacks stress the server in several ways, with the intention of slowing it down or crashing the server itself. Hackers who use DDoS attacks are not necessarily trying to gain access to the website. Their main goal is to make the website inaccessible to its users. It is often unknown why hackers would use an attack like this. In the past, many DDoS attacks have been targeted at large companies. However, it is now much more common for these attacks to be directed at smaller websites, posing a threat to many normal websites on the internet. Having a secure and advanced firewall is one of the best methods for preventing DDoS attacks.

The post DDoS – What does it stand for? appeared first on OmniSOS - Elite WordPress Security.

Can Weak Security Ruin Your SEO Efforts?

Charlie Tobler — Wed, 22 Oct 2014 23:36:10 +0000

Search Engine Optimization (SEO) is an ever-increasing aspect of the web industry, and for good reason. Search engines have become an important part of our lives. We search for information, businesses, reviews… Everything. And without SEO, your potential customers, readers, etc, most likely won’t be able to find your website. That means lost traffic, which means lost business. That is why SEO is of such importance to the web industry, and to business in general.

Unfortunately, it is so easy to forget one of the most integral aspects of SEO: Security. How does security affect search engine rankings?

The search engines rank websites based on relevant, quality content, because this is of most value to the one searching. The search engine has the ability to crawl your site, so it can find your content and determine if it is relevant to the search. Whichever sites the search engine thinks will be of most value are displayed at the top of results.

Makes sense, right? This is where site security comes in.

Let’s say your site has been hacked, and the hackers use your site to send and host spam, or to redirect to an explicit website. When the search engine crawls your site, it will find malicious activity. Red flags to the search engine! The search engine is responsible for showing relevant, SAFE, results to its users. When a site is compromised by malware, it doesn’t look safe to the search engine anymore. And this will show itself in lower rankings, or an even worse scenario: the search engine blacklisting your site. In this case, the search engine has deemed your site dangerous enough to blacklist it. This is bad for both brand reputation, and lost revenue and/or readership. This is something you want to mitigate.

Is this repairable? Yes! Our premium plans feature an added blacklist repair tool which works with our robust Anti-virus service to clean the malware from your site and even remove your site from the blacklist directories.

Hopefully, I have successfully communicated just how essential the security of your website is to its search engine optimization. You can’t afford to be without an Elite Security protocol, such as OmniSOS.

Check out our plans to determine which package is right for you!

The post Can Weak Security Ruin Your SEO Efforts? appeared first on OmniSOS - Elite WordPress Security.