Popular
Some of Our Work
Site Search
E-News Signup
Latest News
Blog
How Secure is Your Website?
I got a call from a panicked agency today... One of their client's sites had been hacked and was sending out phishing emails. They began receiving emails from sites in Seattle, and their domain registrar threatened (and rightly so) to shut down the domain.
Honestly, its a web development firm's worst nightmare. You'll spend potentially hours tracking down a hacked file and not be able to bill for it (unless of course - the client installed a bad code / form / extension and didn't tell you - happens all the time).
So what steps should you be taking to make sure your website stays secure?
- If you're using a CMS like WordPress, Joomla or Drupal - keep it up-to-date! It is amazing that so many websites are still on Drupal 4 or Joomla 1.5.10 or WordPress 1.6.2. This particular site was hacked using an exploit that was documented over a year ago! Most modern CMS systems have extensions or plugins that alert you of updates to the core files. If nothing else - subscribe to the security feed for your CMS.
- Joomla - http://www.joomla.org/download.html
- WordPress - http://wordpress.org/news/
- Drupal - http://drupal.org/forum/8
- Make sure your extensions / plugins are up-to-date. Joomla has over 5,500 extensions. WordPress has thousands - as does Drupal. But this is one area where a hacker can get to you.
- Once your site goes live - delete all the extensions you're NOT using.
- Keep a checklist and periodically go to the developer's website to see if there are any updates
- Consider setting up a google alert for your extensions.
- Joomla has a list of updated extensions - you should check there periodically for yours - http://extensions.joomla.org/extensions/updated
- Make sure any forms on your site use proper authentication. Any form that people fill in to provide information to you - whether it be a contact us form, or a poll... MUST have proper authentication to make sure an email address is really an email address - not an SQL injection...
- Require good passwords. As a rule, people shouldn't use dictionary words, names, or other personal data for their passwords — they're too easy for an intruder to guess. A "strong" password is one that uses upper and lower case letters, a number and a special character. ie: Fe3eX0_!_3
- Limit server access. Only people who really need it should have access to the server. Even then, carefully control each user's level of access. And make sure you delete inactive users as quickly as possible. Again - if you're using a CMS - there should only be one or two "Super Administrators" - and require their passwords to be very strong.
- Keep a complete backup of your Web site. And keep it on a separate, secure computer. If a vandal does manage to destroy or deface your Web site, you'll be able to get a backup version up and running more quickly. Do this regularly - if you update your site consistently - make sure your backup strategy reflects that. At least make sure you're getting the database on a very regular basis.
We do provide hosting for our clients at NavigateTomorrow.com - and we follow these guidelines stringently. If you're worried about getting hacked - or your site doesn't follow these rules... talk to us! We'd love to help.
Joomla Training Pays Off
When someone invests in a day or two of training - on anything... they hope for a return that at least pays for itself. We've done a lot of training for people who are learning Joomla - in Cincinnati, Toronto, Denver, Atlanta, New York, and Louisville - and online training at OSTraining.com - almost a thousand people. Its a lot of fun - and people have been very kind in their responses.
One of the groups that we've trained is Towne Properties - based in Cincinnati, OH. They recently wrote an article for Technology First - a regional newsletter - about their experience with Joomla. Here's an excerpt:
When I first arrived at Towne almost 3 years ago, we had a collection of apartment websites, corporate pages and a few pages for our Condo Associations. We also had “rogue” web projects happening since there was no cohesive strategy. Towne was spending in excess of $100,000 on websites and web support. We were trying to use Yardi’s new web solution as a platform for our websites, but for a variety of reasons this was not a good solution for us. Several other Towne businesses had signed contracts with outside firms to deliver websites. There was no cohesive strategy for creating websites, maintaining content or even registering websites. I found myself being drawn into arguments defending my database vendor even though their offering was limited. There had to be a better answer to this web soup that mired us....
Open Source for an enterprise-wide web solution. Really? The most important difference between Open Source software and commercial software sold by vendors is that Open Source software is published under licenses that ensure that the source code is available to everyone to inspect, change, download, and explore as they wish. This is the essential meaning of open source: the source code--the language in which the software is written and the key to understanding how the software works--can be obtained and improved by anyone with the right skills. In this case, we were able to obtain a fully functioning version of Joomla! FREE.
When Bill sent this article over - he attached this to his email... "Frankly, I should have given you credit as well as the training went a long way to getting us up and running. We are looking to save in excess of $80,000/year using this solution."
We were very pleased to help Towne Properties get off the ground. They came to us after their "proof of concept" - and we've trained every one of their staff in Joomla - both at the beginner and advanced levels.
You can read the full article here.
Our partnership with OSTraining.com (Steve Burge) is a solid one. I don't know of another training program like it. Either live or online - participants get fantastic forum support and a lot of timely help - We highly recommend OSTraining.com for training in Joomla, Drupal and WordPress.
If you're looking for an advanced, customizable, robust solution for your website - Joomla is a great choice. Not only can we set that up - but we'll make sure you know how to use it. Talk to us!
The Web and the iPad
Stephen Vescio over at Six Revisions posted a great article on designing for the Apple's iPad (read the article here). I admit it... I LOVE my iPad. It is a fantastically rich experience in a small form factor.
Creating a web application for the iPad isn't rocket science - and depending on your needs - it could have you saying "I have an app for that!"
How Mobile Are You?
The better question is... "How mobile is your website?" Mobile devices now fare out-number desktop computers. With the advent of the iPad and devices like it, along with better mobile phones, more and more people will be trying to look at your site on something other than that Dell or Apple computer...
Screenflow Template Tutorial
As you may know, we create all the online video tutorials for OSTraining.com's Joomla training. A huge part of our workflow for these videos is Screenflow (by Telestream).
A question on Screenflow's blog prompted a quick tutorial video from us. Read the blog here. The author mentioned a Screenflow template file - which is a fantastic way of doing Screenflow... but there's no documentation on it. Now there is...
More Articles...
- Mobile Joomla!
- Mac vs. PC
- Do You Use Internet Explorer?
- NavigateTomorrow Launches the new SMUMC Foundation Website
- 50 Session Joomla Beginner Video Course Now Online
- Quick Joomla Tip - An iPhone/iPod icon for your site.
- Merry Christmas and Thank You
- IFCPP chooses NavigateTomorrow
- Trying to pick your next CMS?
- Joomla - the CMS of choice for the DougandJonShow.com
Page 1 of 2
