Category Archives: Internet Security

GDPR: What’s All the Fuss, it Doesn’t Affect Me, Right?

Posted on by
Reply

The short answer is–WRONG, you are more likely to be affected than not!

Be forewarned, this is a lengthy post…but since the GDPR has weighty consequences, it deserves it–and there is no hiding from it!

no hiding from GDPR

My Business is US Based so GDPR is Irrelevant

You live in the US, and your business is based in the US. You don’t market to people in other countries. So you may be thinking, understandably so, that you don’t have to worry about GDPR.

Sadly, you would be wrong. red buzzer equals GDPR wrong answer

My personal disclaimer: Let me start off by saying, I am not a lawyer.  I never even played one on television. So, after reading this you have legal-type questions, please contact your attorney.

 

OK, not that that is over with, let’s start off with what GDPR is, because since you probably thought it didn’t affect you, you might have glossed over it.

What is GDPR?

GDPR stands for the General Data Protection Regulation.

It is law that was passed by the European Union (EU), but don’t let that stop you—because, believe it or not, it just might impact your business.

(If after reading this post, you want more info, you can go to the European Commission’s Principles of the GDPR.)

Just Whose Data is Being Protected?

OK, so the law is about Data Protection, but what data and whose? European Economic Area

The regulation is intended to protect individuals who live in the European Economic Area (EEA)*.

It gives people some protection and control over what personal information is collected by businesses online, and how it is stored and used.

Notice that we said ‘individuals who live in’ not citizens.

What Data is Protected

“Personal Data” is the term they use, but what does that really mean?

Some things that are protected are fairly obviously, like a person’s name, address, email address, credit card information and the like.

But this regulation also covers things that can identify an individual “indirectly.”

That would be things like a person’s IP address, because that IP address actually identifies every computer. IP stands for Internet Protocol. And an IP address is a unique string of numbers. That number is linked to everything you do online. You don’t have control over your IP address, so there’s no need to memorize it.

A person’s IP address, unlike their home address, changes. The address is assigned by your Internet service provider. If you are using a different network (like when you’re surfing the web while waiting for your car to be washed, or checking your email from your remote office, AKA the local coffee shop), you will be assigned a different IP address. Even at home your IP address can, and frequently does change.

(Click to read more about IP addresses)

What Businesses does GDPR Apply to:

The GDPR applies to ‘Data Controllers’ and ‘Data Processors

Data Controller: someone/entity that determines if you will collect data and what data you will collect.

Data Processor: the entity or application that processes or stores the data on behalf of a controller.

Most internet marketers are therefore Data Controllers. Some may also be processors, but most will probably engage other entities or applications as data processors.

red buzzer equals GDPR wrong answerMy Business is Small, Surely I’m Exempt

Wrong Answer. Size doesn’t matter if you collect or process personal data,

But I Don’t Target Europeans

Unfortunately, your intentions don’t actually seem to matter. This is about the end-user’s location, not you or your business.

Non-EU based businesses are required to comply with the GDPR if that business “collects or processes” any EU residents’ personal data.

I Don’t Charge Anything on My Site, So I’m Good  GDPR is in effect whether you charge money or not

Wrong, again. There is no requirement under the GDPR that money must change hands.

When Does it Go into Effect?

May 25, 2018

Why is this Happening?

Let’s face it, people are pretty pissed off that some of the big businesses have collected our personal data and abused it.

woman angry at how personal data was used

Those big guys have the staffing, the lawyers, and the bucks to cover their bases. Good for the consumer, but it still leaves smaller businesses with a huge burden to protect people—even though they never abused anyone’s info in the first place.

Penalties and Enforcement

The fines for not complying a pretty hefty: up to 4% of a company’s global turnover. The exact amount would be determined based on how bad the violation was.

How this regulation will be, well, regulated, and enforced is not clear.

What Do I Need to Do to be Compliant?

GDPR compliance checklist

This regulation may require you make some significant changes on how you obtain consent, who you collect and store personal data, and your disclosures.

Consent: you must obtain “explicit consent” before you collect personal data from an EU resident. Consent must be voluntary, specific, informed and unambiguous.

That means a several things to marketers

  • You can’t pre-tick boxes for people, or presume that by using your site someone agrees. You must require they take an action in order to agree.
  • The language has got to be clear and understandable. And it can’t be buried in a bunch of legalize—it needs to actually be separate from other terms and conditions.
  • You must specify what data you are collecting or processing and what will be done with that data.
  • You must identify any third-party controllers or processors that will be using that data
  • You must explain how a person can later withdraw their consent
  • You should avoid making consent a precondition of service
  • You must keep records of the consent (even if this wasn’t required, you would want to do this, because it would be how you would defend yourself should the need ever arise.)
  • If you will use data for more than one purpose, you must inform the user of each use and allow them to accept or reject each use individually.
  • Parental approval is needed before collecting data on children under the age of 16

What Data Do You Collect?

businesses collect and store personal data

Start by figuring out what data you actually collect.

Ex: Names, email address, IP address, mailing address, payment info

Where did that data come from?

Ex: an opt-in form, Google Analytics, a comment area, a contact us page

Do you share that data with anyone?

Ex: email client, credit card processing company, website hosting company, a cloud storage server, a company that you are an affiliate for, a company that serves of personalized information (such as retargeting ads) on your website

Do you currently have any data on an EEA resident?

If you do, did you get ‘explicit consent’ or do you need to do that now?

Change Your Privacy Policy GDPR requires security of personal data

Make sure your privacy policy is up to date and addresses the GDPR. You have probably been getting a lot of emails from businesses about their updated privacy policies. You might take a look at those to see how they are handling it.

In the privacy policy you should disclose the data you collect and how it is used, and if you share it with anyone. Also include how a person can rescind their permission.

Keep in mind, the privacy policy is important, but it is NOT in place of getting informed consent.

Change How You Get Consent

Once you know what data you collect and how it is used, you can now create forms, opt-in boxes, etc that lay it all out there.

Allow the user to check one, several, all, or none of the boxes giving consent accordingly.

Be Sure to Check These Easily Overlooked Areas of Your Site/Business often overlooked areas affected by GDPR

Analytics: Most marketers use some sort of analytics in order to determine where their traffic is coming from, and how well their efforts are working. The GDPR doesn’t mean that you cannot do this, but you may have to make a few tweaks

GDPR cookie consent example

to your collection.

You can make the data anonymous (including not tracking IP addresses) before it is stored or processed.

OR you can add an overlay to the site that 1) gives notice that your site uses cookies, 2) what the cookies are used for and 3) requires the user to take an action to give consent prior to entering your site.

Here is an example of an overlay that gives informed consent about the use of cookies. This example is from the UK’s Information Commissioner’s Office, page on GDPR FAQs for small organisations (sic)

Tracking Pixels, Retargeting Ads: If you use retargeting ads, you must inform users when they enter your site and obtain informed consent before they enter your site. This includes using Facebook’s tracking pixel.

Sponsored or Guest Content: anyone who publishes content (editorial or advertising) on your site must also be GDPR compliant. So check it out before you publish.

Email Lists: Have a checkbox (unticked) that the visitor must check to indicate consent. Your opt-in form may have several checkboxes.

If you use tracking pixels in your email campaigns (commonly used to see if/when someone opens an email) you must list that expressly before they subscribe to your list.

Your email service provider should give you the tools you need in order for your emails to be GDPR compliant—but it will be up to you to use the tools.

Affiliate Links: Get consent for cookies—it can be on a post, a page, or an overlay, but it must be before a website visitor clicks the actual affiliate link.

Display Ads: If your site displays ads from a third-party, you must get consent from site visitors immediately—before they actually enter your site. The consent might be that this third-party is colleting data for advertising and marketing purposes, but if they gather data for more personalized targeting that should be specified.

GDPR and contact forms

Contact Forms: Hey, we think it should be self-evident that if a person is requesting you contact them that they are giving permission for you to collect their data. But, apparently it isn’t. Are you storing the data? How will it be used? What data are you collecting and why? Bottom line, include the disclaimer and get explicit consent.

Website Plugins: If your website uses plugins, it is your responsibility to ensure that the plugin developers are also GDPR compliant. The good news is that WordPress.org’s guidelines prohibit approved plugins (on the WordPress.org directory) from tracking users without their clear consent. Keep in mind however, that just because a plugin WAS on the directory when you installed it, it doesn’t mean that it STILL is.

Webinars: If you are a guest on a webinar or other web-based event, be sure that your host is using GDPR compliant tools. If you are the host, and you share your data with a guest, you must ensure that the guest is GDPR compliant.

Live Events: GDPR is not strictly for web events. If you attend a live event and collect data, you still must follow the GDPR.

Other Marketing Efforts: do you have or buy a list for mailing, phoning, or email marketing? Those all fall under the jurisdiction of the GDPR as well.

Security: Keep in mind that everything you have done to protect data in the past is also affected by the GDPR. This includes, but is not limited to off-line storage (do you back up to a different hard drive, or to a thumbdrive or CD?), malware protection software, cyber security software…

Help Managing GDPR GDPR compliance help

There are some checklists that can help you make sure you are in compliance, and if not, the steps you need to take in order to get there. Check out these at ICO.org.uk and you might want to check out their 12 steps to take now info here.

Plugins: There are WordPress plugins that are touted as being able to help businesses manage data and be GDPR compliant. We are not, at this time, vouching for any specifically.

Email: contact your email service provider to be sure they offer the tools you need

Hosting company: check with your webhost to be sure they are GDPR compliant

Forms: if you use any kind of forms, check with that provider to be sure they are GDPR compliant

Storage: where do you store data? Is it GDPR compliant?

Final Thoughts on GDPR

GDPR and future for business

Quick recap: any business, even those based in the USA, must obtain explicit consent from any resident of the EEA prior to collecting any data that could identify them, either directly or indirectly.

Although the GDPR is an EU regulation, it wouldn’t surprise us if something similar comes down from other countries. So, if you decide you are not going to protect data now, you may be required to do so in the future.

We pulled information from a variety of sources for this post in order to better understand the ramifications of the GDPR for us, our clients, and readers. This is not necessarily the ‘final word’ on the topic, and there are many other sources of information that may provide similar info and advice—or advice that contradicts our conclusions. We cannot tell every business owner what is right for their business; this is general information that should help you make an informed decision about what your next step(s) should be.

*Residents of the following Countries Covered by the GDPR: The EEA includes all countries in the EU (Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK—at least for now), and also includes Norway, Iceland, and Liechtenstein. Switzerland’s residents may, or may not be covered, that is unclear.

Map of the European Economic Area from Wikipedia

Windows Ransomware Attack Underway

Posted on by
Reply

Patch Available for Ransomware Attack

microsoft icon

You are going to want to cry–unless you make sure you are protected

WannaCry Ransomware

Wordfence security software has announced they have confirmed a serious virus called  WannaCrypt0r/WannaCry has affected Windows computers. Reputed to affect computers on shared networks, the virus has been reported in at least 74 countries worldwide.

According to Kaspersky Lab there have been more than 57,000 individual instances reported to date. And that number is growing rapidly.

Once one computer on a network is affected, the malware infection easily spreads to other Windows computers on the same network, shutting down entire government agencies and national infrastructure companies. Hospitals across the UK were being forced to divert patients and ambulance routes as of Friday afternoon, and several utility companies across Europe reported infection across their computer networks according to BBC News.

This virus is of the type known as ransomware.

Why ransomware? Because it will take over your computer, completely locking it down. You can’t access anything. Then a pop-up screen appears, announcing that you can liberate your device by paying them for a special tool or decryption device.

Is Your Windows Computer Safe from this Ransomware Attack or Infected?

Clearly, if you see the ransom notice on your computer, then you have been compromised.

However, experts don’t yet know how long the virus may be resident on your computer BEFORE it actually takes over and locks up your system.

Have you accessed a public network with your computer? If you took your laptop to a cafe, used it at another place of business, for example, they you may have received the infection.

microsoft building ransomware attack response

The Good News

Microsoft has been aware of this vulnerability and released a fix back on March 14th for Windows. If you have automatic updates enabled, you should be fine.

If you don’t have updates automatically, be sure to check to see that you have the latest release.

Click to read more about Microsoft’s take on ransomware attacks.

There are older versions of Windows, (XP, for example) that are no longer supported by Microsoft. These did not receive the security update–although there are reports that Microsoft is changing that policy and may issue, or may have already issued a patch for these users as well.

This report is courtesy of our friends at Wordfence.com, to read more about this specific attack, please read their May 12, 2017 blog post.

Kaspersky Lab is a  multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia and operated by a holding company in the United Kingdom.

Learn more about internet security and keeping your online business safe.

Don’t Read Terms, Just Agree

Posted on by
Reply

Terms of Service Resulting in Spam is Quick Way to Get Your Site in Trouble

stack of dictionaries

Yes, we know they are long. Yes, it can be as exciting to read as reading the dictionary.

Yes, most of the time they are pretty standard. But what about when they aren’t?

We’re talking about Terms and Conditions or Terms of Service. You know, those things you have to click “I agree” to before proceeding–on just about everything on the internet these days.

It is easy to get lazy. Especially when you have read a bunch of them and they all seem to be the same. Pretty much verbatim the same, in fact.

But there are people who, whether intentionally or not, will provide you with a ‘service’ that can actually harm your website. Sometimes you won’t even know it. But Google and other search engine bots might. They might actually interpret it as spam or something else that is against their policies–and that is a big problem.

And that’s where the problem begins.

Case in point is the 404 to 301 Plugin, but it isn’t the only one. And to their credit, the authors of this plugin have theoretically already fixed the issue that was causing the main problem with Google.

So, read the terms of service or terms & conditions. If you don’t understand what it means or the implications, then wait before you install. Talk to someone you trust who can advise you.

Mistakes can happen, even when you are careful. So monitor your website’s health. Keep backups in case you need to “roll back” your site to an earlier date. Consider a security software.

This isn’t meant to scare you, just alert and educate. You can’t be expected to know everything about your business and the internet, too. That doesn’t mean you shouldn’t have a website. It just means sometimes we have to get help from someone else.

After all, just because I can watch a YouTube video on how to fix my car, paint my house, or trim the trees in my backyard, it doesn’t mean that it is necessarily a good idea. I might save myself some money–or I might make more money by focusing on my business and paying someone else to take care of these things.

Neither way is inherently right or wrong. Just be smart about it. Do you enjoy learning new things–go for it. But if you are frustrated or overwhelmed, or not having the success in your business that you want, and deserve, then focus on that.

Read the blog post by WordFence security for more info.

Dump QuickTime Now

Posted on by
Reply

Apple No Longer Supporting QuickTime on Windows, vulnerabilities found

Dump QuickTimeWhile Apple insists the QuickTime plugin will still work, however it has not been properly updated to work well with Windows 8 or Windows 10.

Now is the time to dump QuickTime, at least according to the United States Computer Emergency Readiness Team, an organization within the Department of Homeland Security. US-CERT, as they are otherwise known is tasked with keeping the internet safe.

US-CERT strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.

Industry experts and the government are urging us to remove QuickTime from our Windows computers. This reaction is not solely because of Apple’s decision to not support the plugin for Windows. Two critical vulnerabilities have been discovered, that if QuickTime is left on your computer could leave your system open for attack. Since Apple is no longer supporting the plugin, these openings are not going to be patched.

Dump QuickTime vulnerabilities

According to Trend Micro:

…ultimately the right answer is to follow Apple’s guidance and uninstall QuickTime for Windows. That is the only sure way to be protected against all current and future vulnerabilities in the product now that Apple is no longer providing security updates for it.

US-CERT also recommends uninstalling the plugin from your Windows based computers

…using unsupported software may increase the risks from viruses and other security threats. Potential negative consequences include loss of confidentiality, integrity, or availability of data, as well as damage to system resources or business assets. The only mitigation available is to uninstall QuickTime for Windows. Users can find instructions for uninstalling QuickTime for Windows on the Apple Uninstall QuickTime

Many Windows users wonder about how they should play videos if they no longer use QuickTime. Fortunately there are many options available to us. You can still use an Apple product, iTunes, to play video and audio files. Your Microsoft computer should also have a built-in media player that will also work. Of course there are other companies who provide players as well if you are interested in a third-party solution.

The lack of support is not new. Companies often phase out support for older products. Microsoft itself no longer supports Windows XP, and is scheduled to stop supporting Vista this year and Windows 7 in 2020. Apple actually began this phase-out in 2013. In January of this year the QuickTime browser plugin for Windows was axed.

QuickTime 7, which is the latest version of the product, was introduced in 2005. It has been replaced on Mac machines since 2009. Those machines use the newer QuickTime X, which according to Trend Micro, doesn’t have the same vulnerabilities. There is no “X” version of QuickTime for Windows.

We find it interesting to note that Apple still has a link on their site allowing users to download the QuickTime plugin for Windows. Apple does not state on their site that the plugin will no longer be supported, nor do they, at the time of this writing, urge users to uninstall the plugin.

Sources: Wall Street Journal, 9 to 5 Mac, The United States Computer Emergency Readiness Team, Trend Micro

Did Plugin Result in Resignation of Iceland’s PM?

Posted on by
Reply

Could the Panama Papers Breach Been Avoided with Basic WordPress Security?

Read how a simple WordPress plugin may have enabled Panama Papers leak

Panama_Papers_Leak_photo_CNN

By now just about everyone has heard about the “Panama Papers Breach.” The fallout is still coming from this leak of over 11.5 million documents, but at the very least the Prime Minister of Iceland has been forced to resign as a result. Russian President Putin and British Prime Minister David Cameron are also caught up in the controversy.

The Panamanian law firm Mossack Fonseca is at the center of the swirl. Our friends at WordFence security have done some testing and they have made a shocking discovery:

The Panama Papers Breach may have been a result of an outdated WordPress Plugin!

Forbes has reported that Mossack Fonseca (abbreviated as MF…how appropriate!) provided a portal for their customers to access their data. This portal reportedly was using an old, vulnerable version of Drupal. WordFence did their own digging and found this:

The MF website runs WordPress and is currently running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server.

Viewing this link on the current MF website to a Revolution Slider file reveals the version of revslider they are running is 2.1.7. Versions of Revslider all the way up to 3.0.95 are vulnerable to attack.

MF has since put their website behind a firewall, but only within the last month did this happen.

On top of having an out of date plugin, and providing access to their website via an unprotected portal, it seems that MF also used the same server for their website as their email server.

While these hackers may have done the world a service by exposing corruption, learn a lesson from the failings of MF. Protect your business and your clients by securing your website.

Read more, or watch the video on CNN here

Read more about the possible plugin connection on WordFence’s blog here

Is Your Website Back Door Unlocked?

Posted on by
Reply

Over 300,000 Users May Have: Read Latest Website Security Update and Make Sure You are Locked Down

Website Security Updates from Internet Advertising that Works

The plugin User Role Editor has been reported to provide a backdoor way for your users to gain controls that you may not want them to have.

This popular plugin, which has more than 300,000 active installations has a serious vulnerability.

The vulnerability allows any registered user to gain administrator access. For sites that have open registration, this is a serious security hole.

As we mentioned in our post about Internet Security last month, it is important to keep your plugins current. Be sure to update your plugins immediately, and if you do have User Role Editor on your site be sure to upgrade to the latest version (currently that is 4.25.)

Read more of the technical bits on the WordFence blog post here

Top WordPress Website Security Tips

Posted on by
Reply

How to Prevent Hackers from Entering Via Biggest Risk: Your Plugins

hacked_website_how_compromised

Although most website owners and managers who have had the unfortunate experience of being hacked don’t actually know HOW their site was compromised–of those who do, over 50% know it was from a plugin.

Does that mean that you should not use plugins on your website? Of course not, they are part of the beauty of WordPress websites. Plugins add specific functions to our websites without the website owner having to know a whole bunch of code.

Plugins play a big part in making WordPress as popular as it is today. As of this writing there are 43,719 plugins available for download in the official WordPress plugin directory. That is an incredible selection of plug and play software. But you obviously need to be careful with them, as plugin vulnerabilities represented 55.9% of the known entry points reported by respondents.

How do you take advantage of plugins while simultaneously being smart about your WordPress website security?

Keep Plugins Current

We know it can seem like a hassle when you have to update your plugins all the time. But that hassle is so minor compared to the hassle of getting hacked–cleaning up your website, lost time, lost revenue, lost clients, lost business potential. It is definitely worth it.

So when you get a notice that your plugin has an update available, it is a good idea to update. (We do recommend making regular backups of your website as well. Your plugin update may not work with your existing theme, for example. So you want to have a recent backup before you update plugins.)

Get Rid of Abandoned Plugins

If you have a plugin that has not been updated in at least 6 months you should seriously consider a different plugin. This is generally a sign that the developer is no longer supporting the plugin, otherwise known as having abandoned it. That means no one is looking our for your WordPress website security at all. A perfect way for a hacker to get in.

Less is More

Use as few plugins as you can to get the job done. If you have deactivated the plugin, take it off your site. If you don’t need it, don’t upload it–or get rid of it.

Use Reliable Plugins

Many plugins are available from the official WordPress site, but not all are. Don’t let a hacker trick you into loading an open doorway for them to get into your store.

How do you know if a site is reputable or not? Here are the suggestions from Wordfence, the WordPress website security software that we use and recommend.

  • Eye Test – Is the site itself professionally designed and uses clear language to describe the product? Or does it look like it was thrown together quickly by a single individual?

  • Company Information – Does the site belong to a company with the company name in the footer?

  • TOS and Privacy Policy – Do they have terms of service and a privacy policy?

  • Contact Info – Do they provide a physical contact address on the contact page or in their terms of service?

  • Domain Search – Google the domain name in quotes e.g. “example.com”. Do you find any reports of malicious activity. Add the word ‘theme’ or ‘plugin’ next to the quoted domain name in your search and see what that reveals.

  • Name Search – Do a Google search for the name of the plugin and see if any malicious activity is reported. Add the phrase “malware” or “spyware” to the search which may reveal forums discussing a malicious version of the theme being distributed.

  • Vulnerability Search – Do a search for the theme or plugin name or the vendor name and include the word “vulnerability”. This will help you find out if any vulnerabilities have been reported for the product you’re interested in or for the vendor. If they have fixed the vulnerability in a timely manner, that usually indicates they are a responsible vendor who is actively maintaining their product when problems arise.

Plugins are certainly not the only source of hacking. In order to protect your website and maintain a level of internet security here are some additional pointers:

Select your usernames and passwords with care. Make them unique and different: don’t use the same one for all your sites, make them hard for someone to guess.

Use some sort of website security. We use Wordfence, we appreciate the training and education they provide, along with common breaches to look out for. It is available in a free version and a paid version. The paid version doesn’t cost much and we find that it saves us enough time that it is worth it–but start with the free account if you want to try it out.

There are other options out there as well, so whether you use Wordfence or another product–protect your internet asset one way or another. We don’t get paid for recommending them, it is just who we use.

Thanks to our friends at WordFence for the original article, which can be read on their blog here. The graphic is from the same article.

WordPress Users Vulnerable Unless Updated Immediately

Posted on by
Reply

Read Why it is Imperative to Update Now

This is a major WordPress security as well as maintenance release.

Certain bugs were fixed, as well as an open redirection vulnerability.

According to WordFence a security plugin for WordPress sites:

Because we expect an exploit to appear in the wild so soon, we recommend an immediate upgrade to WordPress 4.4.2.

Sadly, unscrupulous people seek out ways to attack any website or platform. Twitter has been shown to be vulnerable as well as your website.

Many, if not all sites will update automatically. But be safe and double check that this important WordPress security release has been updated on your site(s).

If you are not sure how to know what release you have, take a look at this image as a guide. Simply click on the Dashboard icon in the left column. Then, once you are on your website’s WordPress dashboard, look in the “At a Glance” section. It will tell you the version of WordPress you are running and what theme (greyed out in this picture.)

WordPress 4.4.2 security release

Be sure to take security precautions seriously. If for no other reason than trying to fix a hacked site is a royal pain in the…neck and nether regions.

Keep blogging and marketing your business. Just take precautions, as you would with your brick and mortar business

Thanks to our friends at WordFence for keeping our sites safe. Read their article on this update here.

Read WordPress.org’s info on the release here.

Is Your Website Safe from Hackers?

Posted on by
Reply

WordPress Users Take Note of Security Updates

If you have a website then you may very well be using WordPress. We love it, it is easy and flexible, and one of the most popular website platforms around.

That being said, as with any website, it is important to be sure that your site is secure. The last thing you want to do is find that someone has hacked into it…

Read this article from Wordfence, one of the specialists in WordPress security.

WordPress Security January Roundup: Core XSS and 4 Plugin vulnerabilities

Not All Website Traffic is Good

Posted on by
Reply

In the world of internet advertising, marketers often look at website traffic as an indication that their work is successful.

black-cars

It may seem like the more traffic that is coming to your website the better, right?

Not necessarily.

Think about it like you would your brick and mortar store. You certainly want more “boots in the door” as one client puts it. But you want more than that as a business owner. You want people who will actually buy your products or pay for your services.

That doesn’t mean that every person who comes in the door has to buy something on the spot or you will kick them to the curb! Depending on your business you may actually have plenty of activity that does not, in that moment at least, seem to generate income.

Potential customers may browse through your shop and not buy now. For some, they look around and learn that your store does not fit their needs or style. Others like it, but don’t see anything right at this moment–but they probably will come back.

You may be a service business and provide free consultations. Perhaps you have a business where you offer free samples. These are types of advertising where you spend your time and/or money/goods in the hopes that you will get some customers. You know that your will not convert all of these trials into clients or customers, but if you are doing it right you will get more than enough to make this a great way of getting new business.

Now apply this logic to your website traffic. You may offer products for sale directly on your website, you may provide information that potential customers “consume” online as a way to get to know you (“a sample”), or your website may allow them to book an appointment, reach you by phone, etc.

These are all great forms of traffic. Some may convert to paying customers. Some will not. Just like the storefront example, there will be potential customers who decide that you are not a good fit for their current needs. That is OK. You don’t want or need every single human being on the face of the planet to be your customer. You want the RIGHT customers.

So when is website traffic NOT good traffic?

Let’s look at the storefront example again. Do you want to have a bunch of people who have absolutely no intention of buying your products or services loitering about, making it hard for your ideal customer to get through the door? Nope, you don’t. Do you want people coming in who are going to steal from you? Of course not.

You may not have a problem with too many people loitering around your site in cyber-space, but we can have problems with people trying to “break in” to our sites. These hackers may try to get in through the front door or they may use sophisticated code to try to come into your site through the backdoor.

Just as you might have security cameras to monitor and safeguard your physical doors, you will want to safeguard your cyber-doors as well.

Hackers will try to break into sites for many reasons. Sometimes it will be to try to get sensitive data. But just because you don’t collect information or accept payment on your website don’t think that you are uninteresting to cyber-thieves.

Be sure that your webmaster is keeping your website protected. The last thing you want to have happen is to look at your website and discover that it has been hacked. Best case scenario it is merely inconvenient–an inconvenience that takes time and money to fix. Something you just don’t need when you are trying to run a business.