Introduction
It’s Halloween, and if there’s one thing we can definitely be scared of, it’s a security breach. Your visitors won’t trust you if they think their data is being stolen or their accounts are being hacked. That might lead them to leave for another site, costing you both money and reputation. To prevent this from happening, you need to protect your site properly, which means making sure everything is up-to-date and secure—even the little things! Let’s take a look at five common issues that could cause problems on your site:
Weak passwords
You know the feeling. You’re writing a password, and you’re so close to getting it right—but then you stumble over that one character, and it’s all gone. You’ve got to start again from scratch.
Strong passwords are the first line of defense against hackers and other nefarious actors who want access to your site’s servers, data and resources. The longer your passwords are, the harder they are for hackers to guess correctly (and thus more difficult for them to break in), but this isn’t an unbreakable rule: if it were that simple, there’d be no need for strong passwords at all! To keep things simple enough for humans while still making them hard enough for computers, I recommend using 8-12 characters long combinations of letters, numbers and symbols with no repeated characters or patterns (e.g., “5kfJ7ymu”).
Not protecting against CSRF attacks
Let’s face it: security is hard. It is much easier to go back to a site you love and continue using it than it is to spend time exploring new tools or researching how your favorite sites protect themselves against attacks. However, by not taking the time out of your day to ensure that you are protected against various forms of malicious attack, you’re putting yourself at risk of losing all your information.
So what exactly is CSRF? Well, CSRF stands for cross-site request forgery and is a type of malicious attack where one site tricks another into sending information without their consent (or awareness). The aim of this type of attack is usually to steal data from the victim’s account on another website so they can log in as them. For example: imagine that Bob logs into his bank account through his browser every day after work and checks his balance before making payments online; Alice wants access to Bob’s bank account but doesn’t have his username or password because she doesn’t know them offhand yet…what does she do? She’ll probably try logging in through some other way (like via email) until something works! This might sound like an unlikely scenario but even if Alice were successful in stealing Bob’s credentials this way then she could make transactions without him noticing any problem at all! In fact there are many ways that these attacks can occur – which we’ll get into shortly below.
Not securing the admin area
One of the most common mistakes we see is not securing the admin area. In fact, this is one of our most common security issues to fix!
The main reason why people don’t secure their admin areas is because they don’t realize it’s an issue and/or their site isn’t making enough money for them to care about fixing it. But just like with any other website on the internet, you’re leaving yourself vulnerable if you don’t take basic security precautions with your CMS-based (e.g. WordPress) site.
There are two ways that hackers can get into your site: either through brute force attacks (guessing passwords) or phishing scams (tricking people into giving out their login information). To prevent both of these from happening, make sure that you’re using HTTPS and a password for all URLs. This includes not only the login page for admins but also any pages within your admin dashboard that require authentication (i.e. changing settings). If possible, set up multi-factor authentication so no one can get access even if they have your password alone—and stick with longer passphrases instead of short ones!
SQL injections
SQL injection attacks are a type of attack that exploits poor coding practices to gain access to the database server. The attackers use input fields on the website such as search boxes, user login forms, or comment sections to inject SQL commands into database queries. This can be used to steal data or execute commands on the database server.
The best way to protect your site from SQL injection attacks is by making sure that your web application has proper input validation in place and uses prepared statements when accessing any databases. If you think your site has been attacked, check for errors in syslog files or other log files about failed database queries (i.e., “select * from users”). Also, look for suspicious file names like *.php*.sqlite3 or *.sqlite3 in hidden folders such as .git/.svn/.cvs/.hg/etc.
Playing fast and loose with permissions
While security settings can seem intimidating at first, it’s important to be aware that not all permissions need to be set to the highest level possible. If you’re wondering what kind of access you should give a user and your only answer is “the most,” it’s time for some soul-searching.
Make sure you have the right permissions for each user, and those permissions are set to the minimum level required. That means no more than one or two sites per person, depending on their specific needs within those sites (for example, if they’re just looking at site analytics).
Don’t give users more access than they need; don’t give them access to other sites outside of theirs; don’t let them see anything they shouldn’t see. And while we’re talking about this topic: Don’t set up an account with more than one username/password combo — just use one login per person!
Site security is important, so don’t forget to spend time on it.
As you’ve seen, this can be a pretty scary issue. So what can we do to avoid becoming the next victim? Here are four things that will help:
- Make sure you have a security plan in place.
- Make sure your team is trained on security procedures.
- Make sure you have a good security budget.
- Make sure you are regularly updating your security software and protocols. You should also be checking for vulnerabilities regularly to make sure there’s no weak spot in the system (you’ll want someone who knows what they’re doing for this).
Conclusion
So, there you have it—our five most common site security issues. We hope that this article has been informative and helpful!
Daily Minute Master Series – November 8, 2022
/by Corey PadveenThe Marketing Rundown
Subscribe to t2’s Newsletter, ‘The Marketing Rundown’ and Stay Up-to-Date
Everything you need to know about media, marketing, and digital news from the week all together in one place.
News & Updates
Elon Musk’s Early Twitter Missteps Could Spark a Larger Trend Away from the App
For the full article click here
Twitter Culls Around 50% of its Staff as Part of Elon Musk’s Reformation Plan
For the full article click here
Meta Will Reportedly Announce Thousands of Job Cuts Later This Week
For the full article click here
12 Ultimate Tools & Tactics For Effective Content Strategies In 2023
For the full article click here
Google Predicts Strength Of Backlinks Ranking Factor Will Drop
Google Search Advocate John Mueller predicts the strength of backlinks as a ranking factor will drop over time.
For the full article click here
SEO Testing: 8 Experiments To Improve Organic Traffic
Is your search engine optimization strategy stuck in a rut? Here are some things you can experiment with to improve your ranks and drive traffic.
For the full article click here
Do You Control Your Own Website?
/by Stephen PadveenIf you’re not in complete control of your website, it’s time to look at the services you’re using or the partners you’re working with.
To start, you should be able to answer “yes” to all of these basic questions:
If you answered no to any of these questions, you may not have full control over your website.
The Importance of Being the Admin of Your Site
Far too often, businesses leave control of their website in the hands of their outside developers or agencies. This opens you up to a host of risks with the potential to lose control of your site resulting in hours, days or weeks of work to reclaim ownership.
To start, you should be listed as the site administrator and have access to all of your plugins and tools, so you can make changes at any time. You should also be able to update your site as often as you want without an outside party having to manage it for you.
While you may require the technical expertise of your outside dev team when it comes to certain maintenance, update and security issues, you should still retain complete control over the primary ownership of the site so that you can decide who has access to the back end.
Your domain name should also be under your ownership, and you should manage the hosting service that hosts your site.
You should also have complete control over who manages comments left on your site and how those comments are managed.
If there are people outside of your organization who are listed as admins of your site, do you have the ability to manage those admins and do they really need full admin roles or perhaps only limited access roles for certain features?
The Risk in Not Owning Your Site
If you don’t have full control over your site, it can be a liability for your business. If there are people outside of your organization who are admins of your site, those people could make unauthorized changes that damage your brand or cause issues with SEO. Of course, it is also possible that your external partner simply closes their doors and leaves you in limbo over site ownership.
Additionally, if someone else has access to all of the plugins on your site and can make changes without consulting you first, they could also cause problems by removing or enabling features without warning.
You also need to make sure that you have complete ownership of your domain name and hosting service. If someone else has control over either of these things, this could lead to issues like having to pay extra fees for hosting or losing access entirely if the domain name is taken away from you due to nonpayment or other reasons.
Your agency or development partner should be more than willing to provide you with full access to your website and all plugins. They should also have no issue with the actual site owner, your company, being listed as the primary admin or superuser with full access.
Takeaway
Your website is the public-facing image for your brand. Regardless of who builds or manages your site, maintaining control and ownership of your site ensures that the messaging and content presented on your site reflects the vision and image you want to convey.
Make sure that you can answer ‘yes’ to all the ownership questions above and you’ll rest comfortably knowing that you alone have proprietary control over your website.
Daily Minute Master Series – November 7, 2022
/by Corey PadveenThe Marketing Rundown
Subscribe to t2’s Newsletter, ‘The Marketing Rundown’ and Stay Up-to-Date
Everything you need to know about media, marketing, and digital news from the week all together in one place.
News & Updates
The Psychology of Pricing: How to Boost eCommerce Sales [Infographic]
For the full article click here
WhatsApp Launches Communities to Maximize Topic-Based Discovery and Engagement
For the full article click here
Google Shares New Insights to Help Marketers Align with Evolving Consumer Trends [Infographic]
For the full article click here
YouTube Updates: More Search Insights, New Channel Page Layout
Recent YouTube updates for creators include an updated design for channel pages and access to search insights in more languages.
For the full article click here
10 Steps To Boost Your Site’s Crawlability And Indexability
If search engines can’t find your webpages, all the optimization in the world will do no good. Boost your site’s crawlability and indexability to get found by search spiders.
For the full article click here
Are Internal Links A Ranking Factor?
How do internal links affect search rankings? Discover more as we dive deep into how important they are in search.
For the full article click here
Daily Minute Master Series – November 4, 2022
/by Corey PadveenThe Marketing Rundown
Subscribe to t2’s Newsletter, ‘The Marketing Rundown’ and Stay Up-to-Date
Everything you need to know about media, marketing, and digital news from the week all together in one place.
News & Updates
Snapchat Announces New Virtual Try-On AR Partnership with Amazon
For the full article click here
Monetizing Long-Form Video? Paid DMs? The Latest on Musk’s Twitter Reformation Plans
For the full article click here
TikTok Should Be Banned, Says US FCC Commissioner
The United States Federal Communications Commission (FCC) proposes banning TikTok, citing national security concerns.
For the full article click here
The State Of SEO: Survey Data To Plan Your Next Year In SEO
Inform your SEO strategy for 2023 with data, insights, and findings from the SEO community. More than 3,600 SEO pros responded.
For the full article click here
Instagram Launches New Ways For Creators To Earn Revenue
Meta is launching new tools that help creators make money on Instagram via audience contributions.
For the full article click here
What Not to Do When Marketing a Web3 Product
For the full article click here
Daily Minute Master Series – November 3, 2022
/by Corey PadveenThe Marketing Rundown
Subscribe to t2’s Newsletter, ‘The Marketing Rundown’ and Stay Up-to-Date
Everything you need to know about media, marketing, and digital news from the week all together in one place.
News & Updates
TikTok Shares New Insights to Assist in Marketing Campaign Planning
For the full article click here
Musk Outlines New $8 Per Month Twitter Blue Package, Including Verification Ticks For All
For the full article click here
71% Of Marketers Are Struggling To Meet Customer Expectations
Marketers struggle to meet customer expectations while grappling with budget constraints and employee turnover, a new report reveals.
For the full article click here
Are Social Signals & Shares A Google Ranking Factor?
Does high social media engagement mean higher search rankings? What does Google say about social signals and their impact to SEO? Read on to learn more.
For the full article click here
Content Strategy: How To Win With Better Content In 2023
Want to step up your content strategy in 2023? Join this webinar. Discover how to create quality content for better performance & rankings.
For the full article click here
From a Note to a Big Idea: How Content Supports and Promotes a New Product
For the full article click here
Daily Minute Master Series – November 2, 2022
/by Corey PadveenThe Marketing Rundown
Subscribe to t2’s Newsletter, ‘The Marketing Rundown’ and Stay Up-to-Date
Everything you need to know about media, marketing, and digital news from the week all together in one place.
News & Updates
Google Adds New Elements to its ‘Ads Data Hub’ Insights Platform
For the full article click here
The Key To Increasing Your Social Media Management Rates (And Brand Loyalty)
For the full article click here
Meta Opens up Facebook’s ‘Professional Mode’ to All Creators Globally
For the full article click here
Meta Announces Inaugural ‘Creators of Tomorrow’ Class in the US
For the full article click here
Musk Looks to Revamp Subscriptions, Considers Bringing Back Vine in First Twitter Moves
For the full article click here
Instagram Fixes Bug Causing Service Outages
A bug causing a day-long service outage is now fixed, Instagram says.
For the full article click here
Daily Minute Master Series – November 1, 2022
/by Corey PadveenThe Marketing Rundown
Subscribe to t2’s Newsletter, ‘The Marketing Rundown’ and Stay Up-to-Date
Everything you need to know about media, marketing, and digital news from the week all together in one place.
News & Updates
Leveraging Psychology in Marketing: The 7 Principles of Persuasion to Use [Infographic]
For the full article click here
32 Predictions for Social Media Marketing in 2023
For the full article click here
Musk Tasks Twitter Staff with Creating a New, $19.99 Twitter Blue Offering Which Includes Verification
For the full article click here
Microsoft Launches Import Tool For Google Ads Performance Max
Now you can easily import Google Ads Performance Max campaigns into Microsoft Advertising. Here’s how it works.
For the full article click here
Research Finds Evidence Of User Dissatisfaction With Google Results
New research shows that approximately 30% of users are forced to redo their search queries in order to find what they’re looking for.
For the full article click here
TikTok: Your Guide To Quickly Growing Followers
TikTok is where it is at for digital marketers who want to reach this audience. Here are several ways to grow your followers.
For the full article click here
5 Scary Site Security Issues to Protect Against
/by Corey PadveenIntroduction
It’s Halloween, and if there’s one thing we can definitely be scared of, it’s a security breach. Your visitors won’t trust you if they think their data is being stolen or their accounts are being hacked. That might lead them to leave for another site, costing you both money and reputation. To prevent this from happening, you need to protect your site properly, which means making sure everything is up-to-date and secure—even the little things! Let’s take a look at five common issues that could cause problems on your site:
Weak passwords
You know the feeling. You’re writing a password, and you’re so close to getting it right—but then you stumble over that one character, and it’s all gone. You’ve got to start again from scratch.
Strong passwords are the first line of defense against hackers and other nefarious actors who want access to your site’s servers, data and resources. The longer your passwords are, the harder they are for hackers to guess correctly (and thus more difficult for them to break in), but this isn’t an unbreakable rule: if it were that simple, there’d be no need for strong passwords at all! To keep things simple enough for humans while still making them hard enough for computers, I recommend using 8-12 characters long combinations of letters, numbers and symbols with no repeated characters or patterns (e.g., “5kfJ7ymu”).
Not protecting against CSRF attacks
Let’s face it: security is hard. It is much easier to go back to a site you love and continue using it than it is to spend time exploring new tools or researching how your favorite sites protect themselves against attacks. However, by not taking the time out of your day to ensure that you are protected against various forms of malicious attack, you’re putting yourself at risk of losing all your information.
So what exactly is CSRF? Well, CSRF stands for cross-site request forgery and is a type of malicious attack where one site tricks another into sending information without their consent (or awareness). The aim of this type of attack is usually to steal data from the victim’s account on another website so they can log in as them. For example: imagine that Bob logs into his bank account through his browser every day after work and checks his balance before making payments online; Alice wants access to Bob’s bank account but doesn’t have his username or password because she doesn’t know them offhand yet…what does she do? She’ll probably try logging in through some other way (like via email) until something works! This might sound like an unlikely scenario but even if Alice were successful in stealing Bob’s credentials this way then she could make transactions without him noticing any problem at all! In fact there are many ways that these attacks can occur – which we’ll get into shortly below.
Not securing the admin area
One of the most common mistakes we see is not securing the admin area. In fact, this is one of our most common security issues to fix!
The main reason why people don’t secure their admin areas is because they don’t realize it’s an issue and/or their site isn’t making enough money for them to care about fixing it. But just like with any other website on the internet, you’re leaving yourself vulnerable if you don’t take basic security precautions with your CMS-based (e.g. WordPress) site.
There are two ways that hackers can get into your site: either through brute force attacks (guessing passwords) or phishing scams (tricking people into giving out their login information). To prevent both of these from happening, make sure that you’re using HTTPS and a password for all URLs. This includes not only the login page for admins but also any pages within your admin dashboard that require authentication (i.e. changing settings). If possible, set up multi-factor authentication so no one can get access even if they have your password alone—and stick with longer passphrases instead of short ones!
SQL injections
SQL injection attacks are a type of attack that exploits poor coding practices to gain access to the database server. The attackers use input fields on the website such as search boxes, user login forms, or comment sections to inject SQL commands into database queries. This can be used to steal data or execute commands on the database server.
The best way to protect your site from SQL injection attacks is by making sure that your web application has proper input validation in place and uses prepared statements when accessing any databases. If you think your site has been attacked, check for errors in syslog files or other log files about failed database queries (i.e., “select * from users”). Also, look for suspicious file names like *.php*.sqlite3 or *.sqlite3 in hidden folders such as .git/.svn/.cvs/.hg/etc.
Playing fast and loose with permissions
While security settings can seem intimidating at first, it’s important to be aware that not all permissions need to be set to the highest level possible. If you’re wondering what kind of access you should give a user and your only answer is “the most,” it’s time for some soul-searching.
Make sure you have the right permissions for each user, and those permissions are set to the minimum level required. That means no more than one or two sites per person, depending on their specific needs within those sites (for example, if they’re just looking at site analytics).
Don’t give users more access than they need; don’t give them access to other sites outside of theirs; don’t let them see anything they shouldn’t see. And while we’re talking about this topic: Don’t set up an account with more than one username/password combo — just use one login per person!
Site security is important, so don’t forget to spend time on it.
As you’ve seen, this can be a pretty scary issue. So what can we do to avoid becoming the next victim? Here are four things that will help:
Conclusion
So, there you have it—our five most common site security issues. We hope that this article has been informative and helpful!
Daily Minute Master Series – October 31, 2022
/by Corey PadveenThe Marketing Rundown
Subscribe to t2’s Newsletter, ‘The Marketing Rundown’ and Stay Up-to-Date
Everything you need to know about media, marketing, and digital news from the week all together in one place.
News & Updates
Elon Musk Takes Control of Twitter, Cuts Several Execs
For the full article click here
Musk Looks to Reassure Advertisers Ahead of Twitter Takeover, Outlines Elements of His Plan
For the full article click here
Pinterest Reports Increasing Usage and Revenue in Latest Performance Update
For the full article click here
The State Of SEO: Survey Data To Plan Your Next Year In SEO
Inform your SEO strategy for 2023 with data, insights, and findings from the SEO community. More than 3,600 SEO pros responded.
For the full article click here
Google Ads Performance Max New Features & Best Practices
Google is upgrading Performance Max campaigns with a series of new features and offering best practices specific to promoting holiday sales.
For the full article click here
Google Pushes Universal Analytics 360 Sunset To 2024
Google is giving enterprise marketers more time to switch to GA4 by moving the sunset date of Universal Analytics 360 to 2024.
For the full article click here
Daily Minute Master Series – October 28, 2022
/by Corey PadveenThe Marketing Rundown
Subscribe to t2’s Newsletter, ‘The Marketing Rundown’ and Stay Up-to-Date
Everything you need to know about media, marketing, and digital news from the week all together in one place.
News & Updates
Meta’s Metaverse Division Loses $3.7 Billion In Q3
Meta continues to lose billions of dollars on its metaverse projects, posting a loss of $3.7 billion in Q3.
For the full article click here
Meta Outlines Key Areas of Focus, and Business Opportunity, Following Downbeat Earnings Report
For the full article click here
Google Reports Slowest Revenue Growth In Nearly 10 Years
Google-parent Alphabet earnings in Q3 2022 mark the slowest revenue growth for the company in nearly 10 years.
For the full article click here
TikTok Launches ‘TikTok Academy’ Marketing Education Platform
For the full article click here
AI Allows You To Talk With Virtual Versions Of Deceased Loved Ones
Advances in artificial intelligence allow people to speak with dead loved ones via phone, video chat or voice assistant.
For the full article click here
Google’s Bumper Ad Creation Tool Is Broadly Available
After several years of testing, Google is releasing its bumper ad creation tool to all advertisers.
For the full article click here