Browsing posts tagged "security"

Keeping Your Domains and Websites Private and Secure

April 12th, 2012 @ 9:12 am

While webmasters are proud of their online creations, it’s often not in their best interest to reveal their identity as a site’s owner or other details about the technical aspects of the site. A lack of proper privacy measures for your sites can mean opening vulnerabilities for your competitors to exploit, so on a whole for most projects it’s best to minimize footprints and stay as anonymous as possible. Fortunately this isn’t as difficult as it may seem and as long as you use some common sense and avoid getting lazy, everything should be secure and safe.

WHOIS Records

All domains have an entry in the WHOIS database which anyone can access that contains the identifying information that you provided to your domain registrar. This is obviously not exactly a boon for us as webmasters and it’s preferable that we keep this information private. Luckily there is an easy way to do this- most registrars offer an option to hide your real WHOIS information for a small fee. Royalty Networks actually offers domain security for free when you register a domain. You can couple this with a CDN to further obfuscate your WHOIS entries.

Themes and Designs

Using the same or very similar themes across multiple sites is a no-no, it’s a very big clue that can tie together several different web properties and make it easier to track down their owner. This should not be an issue as there is an abundance of themes available from a variety of different designers for next to nothing. If you really want to be efficient and have fine-control over your designs but don’t want to learn the subtleties of a coding language then you can try using a WYSIWYG program like Artisteer- it lets you design site-wide themes with a user-friendly editor that lets you drag and drop everything into place, which makes it very easy to make a myriad of different-looking themes with just a few clicks.

IP Addresses

We made an entire post about the importance of diversifying IP addresses between your sites, and it’s really as easy as scaling up as you need more of them- you can buy additional IPs no matter what hosting plan you use. Anyone can see the IP address of the server where you sites are hosted, so if you have multiple sites on the same IP it is relatively easy for someone to notice this and take advantage of it. Spread your sites across as many IPs as possible and don’t be afraid to scale up as you build more websites.

Technical Security

There’s always the constant threat of a hacker taking advantage of a vulnerability in your site’s code and wreaking havoc, so you should take some precautions to make this harder for them. The golden rule of defending your sites is to keep everything up to date all the time, check your back-ends often and install updates whenever they are available. Only install plugins and themes from trusted sources, and if you can accomplish something sufficiently without using a plugin then don’t be lazy and add yet another plugin to your installation when you have the option not to. If you’re on WordPress install something like Secure WordPress to automatically manage common vulnerabilities.

Tags: , , | Posted in: General Stuff | Leave a comment

The 3 Types of SSL Certificate Validation

March 5th, 2012 @ 11:23 am

We covered the basics of SSL (Secure Socket Layer) encryption and certificates in a previous post, but if you’ve done some shopping around for an SSL certificate for your site you have probably noticed that SSL comes in a few different types. If you want to make an educated decision and buy the right plan for your site, you’ll need to acquaint yourself with the differences between them.

Keep in mind that enabling an SSL certificate of any type will encrypt data transmissions between users and the server using public and private keys, and they will also load the https:// prefix. It is widely used by businesses, especially for ecommerce and payment due to the added layer of security, it’s highly recommended for anyone who considers their visitors customers. The different types or levels of validation are in place to classify websites based on their status as a legitimate business and the security of the site. Here’s an overview of each type of SSL validation and what types of sites they are used for.

Domain Validated (DV) SSL Certificates

This is the most basic level of SSL validation, the issuer verifies that you are the owner of the domain by checking your information against the WHOIS database. While this will enable encryption on your site and provide a decent amount of added security, it does not verify you as the operator of a legitimate business. This a great quick solution if you want your users to feel safer seeing the familiar padlock and https:// and not running into any warning screens, but an organizationally validated certificate is recommended for transmitting sensitive information.

Organizationally Validated (OV) SSL Certificates

An organizationally validated SSL certificate is designed for businesses and is especially beneficial to ecommerce, sales, and service providers who need to transmit sensitive data on their server such as credit card numbers and contact information. The process for validation is lengthier and more in-depth, the issuer will not only check to see if you are the owner of the domain, they will also need to verify that you are the owner of a real business. To do this you’ll need to provide the credentials and paperwork verifying the legitimacy of your business and your status as its owner (specifically your Articles of Incorporation), as well as proof of your physical address. One of the main advantages to getting an organization validation is that your site will be displayed in the browser as a trusted site and users will feel far more confident doing business with you.

Extended Validation (EV) SSL Certificates

Extended validation was released in 2007 and it is the most complete SSL encryption solution to date, the most reputable and trustworthy organizations make use of EV. The validation process is more thorough, only businesses that have been proven to be consistently reliable with quality services or products are given extended validation. The most obvious perk is the green URL bar that signifies to users that they are visiting a website associated with a verified reputable business and that the website has been proven to be safe and secure. This is a far more prominent indicator than other validations and users absolutely take notice.

So how do I get one?

If you are looking to get an SSL certificate for your website, we offer plans for each of the above validation types with tons of great features, check out our SSL Certificate packages to see which one is best for you.

Tags: , , | Posted in: General Stuff | Leave a comment

WordPress Security – Protecting your WordPress Installation

February 3rd, 2012 @ 11:46 am

WordPress is one of the most popular and easy to use blogging platforms around, it allows users to create any kind of site imaginable without the need to learn a coding language or get bogged down with technical details. It’s open source software that’s constantly being audited and analyzed by the community, but security holes are always bound to open up with web-based platforms which present a threat to your site and its data. The absolute best way to protect your site from malicious activity is to be prepared before it happens, but luckily it’s as easy to secure your WordPress site as it was to install it.

Always stay updated

One of the easiest and most effective ways of keeping WordPress safe from attackers is to keep it updated as new versions are released. Every piece of software, especially those exposed to the internet, are always vulnerable to bugs and exploits if they are not routinely updated to patch up holes in their security. Web technologies are constantly evolving and hackers are always finding new ways to trick your software into trusting them when it shouldn’t, but WordPress is a very closely monitored system and any time a major security exploit is found the developers are very quick to release an update to fix it. The moral of the story is that being lazy and holding off on a WordPress update can cost you dearly, it’s a matter of clicking on button on your WP backend and it’s a real lifesaver.

However, your WordPress installation isn’t the only thing that needs to be kept up to date. You’re probably using a variety of different plugins and a theme as well, and outdated components can also present security risks. Always keep every part of your site up to date and beware of plugins and themes that seem unprofessional or were poorly made, they often make your site less secure by implementing faulty code.

Use secret keys in your WP-config file

The WP-config file contains all the information someone would need to access the database associated with your WordPress site, so you’ll want to do everything in your power to secure that file and make sure no one can access that sensitive information.

One of the best ways to do this is to use secret keys in the config file. Doing this is very easy, just head over to api.wordpress.org/secret-key/1.1/ and paste that information into WP-config, read through the file and find the area that says Authentication Unique Keys and replace the four lines you see there.

Use a security plugin

There are a lot of little things to worry about in terms of WP security like file permissions, htaccess settings, and a variety of other little factors that hackers can take advantage of. Instead of staying on top of it all yourself, you can try using a trusted plugin solution that gives you a simple GUI where you can keep everything secure without the headache of traversing an FTP.

One of the best complete solutions is Bulletproof Security which keeps track of almost every possible security hold that your installation might have and offers one-click solutions to all of them, it’s very user friendly and a great way to sleep well at night knowing your site is more secure than most.

Another great plugin to use is WP Plugin Security Check. Some of the most insecure parts of any WordPress site are the third party plugins installed for a variety of different purposes, and this plugin checks through all of them to make sure there aren’t any obvious holes or inadequate coding.

Tags: , , | Posted in: General Stuff | Leave a comment

What Are SSL Certificates and How Do I Use One?

January 30th, 2012 @ 10:22 am

While surfing the web you’re bound to have come across an SSL enabled page at some point and wondered what that meant. SSL encryption is usually encountered in areas where it’s important for the site to be secure and safe from unauthorized access like payment processing, inputting sensitive information, and anything else that you do on the Internet through a browser or application that is best kept from wandering eyes. SSL has become an essential feature for many web activities that require a secure connection and you may need to enable it on your own site depending on how your users interact with your server.

How does SSL work?

SSL stands for Secure Sockets Layer and it serves primarily as a mechanism to verify a web page’s identity using encrypted certificates and keys. It’s a basic transaction of information between your browser and a web server before sharing data that ensures that all information is encrypted until it reaches the server to be decrypted.

First, your browser or application will request that a web server identify itself before any information is transferred. The server will then send the browser a copy of its SSL certificate, which must be checked by the browser using a combination of private and public keys to verify that the owner of the page is who they say they are using the site’s domain and IP address. If the browser accepts all of this information and trusts the certificate, it will tell this to the server which will send back an acknowledgement and finally begin to transfer information under the protection of SSL encryption so that no third parties can interfere.

The process of verification works both ways – the server checks to see that the user on the other side of the secured channel is who they appear to be and vice-versa. When the SSL certificate is first sent to the browser, the public key is included. The browser will use this public key to encrypt information before sending it to the server, and the server will use it’s own private key to decrypt it. If the information is accessed by any third parties between the browser and server, they will receive encrypted information that is impossible to read without the server’s private key.

How do I get SSL for my site?

If you want to use SSL encryption on your own site to enable secure connections with your users, it’s not very complicated. Royalty Networks offers multiple types of SSL certificates. Just choose the appropriate package and follow the instructions. A basic SSL setup will cost less than $20.00 per year. You will need to provide information about you and your site, once things are setup a private key will be generated (be sure to make a copy of this and keep it safe).

Tags: , , , | Posted in: General Stuff | 2 Comments

Royalty Networks Blog


Let's Socialize

  • Facebook Facebook
  • Twitter Twitter

Search the Blog