Security

Security is, without doubt, one of the most important aspects of website design and coding. Barely a day passes without a new report that someone’s site has been hacked. It might be for extortion, financial gain, access to trade secrets, or just for amusement. Whatever the reason, the result is both reputational damage and financial expenditure.

WordPress takes security very seriously and spends considerable time and expertise to ensure the core code that runs websites is as impregnable as possible. Themes and plugins accepted within WordPress are also required to meet exacting standards, but with thousands of themes and plugins available to the community, sometimes a flaw will slip through the net. Keeping Themes, Plugins, and WordPress Core right up to date is one of the most important, but frequently overlooked, site maintenance practices. It is a service we offer at a very competitive rate and is well worth the investment.

At Pixel Perfect Web Solutions, we take security extremely seriously and will always protect our clients’ websites with a security plugin unless the client declines to have one installed. Security plugins are designed to stop most, if not all, of the known methods used by hackers to inject code or find a weakness that would allow them to take control of the website and cause damage.

One further risk to website security is something we see happening all too often. And that is allowing unverified access to either the WordPress Dashboard or the Hosting Account or both. So how does this arise? Often, as follows, although this is not the only scenario:

The website owner gets a “critical error” notice and cannot access the dashboard, and panics.

Not knowing what to do, he posts a job on one of the freelance websites like Freelancer.com or Upwork.

From the vast number of replies, the offer to do a quick and cheap solution is selected, and access to the back-end of the site is provided.

The site owner may think that security is provided by setting new access usernames and passwords that will be removed after the work is done.
Unfortunately, the freelancer was not who appeared to take the task, or maybe that person passed the details on to a third party, who could be a hacker from anywhere. Even North Korea.

Whilst inside the back end of the site, the hacker installs a backdoor enabling access even after the password and user details are deleted.

How do we know this happens? Well, there has been a recent case in the U.S where an Arizona woman has been imprisoned for 9 years for running a scheme linked to North Korean IT workers. She had over 90 laptops set up in her home to enable local IP addresses to appear.

So if you want to stay safe, we recommend you avoid freelance platforms and contact us if you need help, or better still, register with us and take a maintenance contract. We can resolve your issues if they arise, but preventing them is a much better option, and the cost is negligible compared to a loss of business or a hack.