Website security services
Websites that are built on open source content managers such as Wordpress, Modx and others might be insecure, especially when using outdated backend software and its plugins.
Wordpress security and updates
Most modern website administrators such as Wordpress, Modx and others as well as their third party plugins are open source meaning that their programming code is available to everyone. This creates a security risk as every time new software version is available their developers announce which vulnerabilities were fixed and all previous versions become vulnerable to those well documented bugs until they are updated.
This demands that all sites would be updated as soon as new software version is available which sometimes leads to plugin incompatibilities and other issues. With our hosting we offer website management services where we perform updates regularly and none of the sites we manage have ever been compromised.
Cleaning up compromized sites
We had quite a few requests from site owners built by other web design agencies here in Marbella to clean up their corrupt sites. The signs are usually seen as unwanted adds and links on their website pages.
Cleanup process usually consists in scanning all website files with various tools, reviewing suspicious files manually, removing malicious code from them and what is most important detecting the vulnerability which allowed those files to be changed in the first place.
In most cases outdated Wordpress or one of its plugins was found to be responsible, a few times it was due to vulnerability in outdated TimThumb photo resize library. In all cases the cleanup process was 100% successful and site owners had no further issues with their sites to this day.
Spam, password and sensitive data protection
Apart of having insecure backend software websites are vulnerable to contact form spam, also sensitive data leakage due to insecure connection
Contact and registration form spam protection
Website contact, registration, comment and other forms are vulnerable to spam unless they are properly protected. We usually install 4 letter security code where letters are rendered into a image and then website visitor has to enter them manually. This prevents all automated submissions and spam is greatly reduced.
As a second line of defense we also offer Spam shield protection where before delivery all form information is scanned if they do not contain IP addresses and links which are blacklisted.
Spam protection is installed on all sites we have built, including our contact page.
NSA SHA-2 Password encryption
Website administrator password might become vulnerable when it is sent unencrypted across internet especially when connecting from public Wi-Fi connections.
To remedy this we offer plugins that automatically encrypts the password using so called Salted SHA256 encryption designed by NSA where server sends unique random Salt sequence and then the password is encrypted by client browser before it is sent using SHA256 with the salt which creates a unique encrypted login sequence which cannot be decrypted back to the original password.
SSL website encryption
SSL encryption is widely used by banks, online transactions and other services that handle sensitive information; it encrypts all the information between web server and the client preventing any information leakage.
Based on 3rd party certificate authority the service is relatively expensive as the certificate has to be renewed on yearly basis.
We offer SSL encryption service on our hosting as well as other servers that support it, this includes installing your chosen certificate and forcing all website traffic though SSL.
SSL service is installed and can be tested on our own site, on Google Crome you shoud see word "Secure" next to our site address, other browsers display a green lock there indicating that communication between our server and your device is encrypted.