Tag Archives: https

fix website security risk

How Your Website is a Security Risk + What You Can Do To Fix It

In this day in age, cyber security is of the utmost importance. Don’t let your beautiful website design and reputation go to waste because of a security risk.

Did you know an average of 30,000 websites are hacked every day? If you think you’re not vulnerable, think again.

In this article, we’re covering common ways new websites are at risk for hackers and viruses.

Don’t worry. This is meant to help you, not just scare you. We’re also covering how you can fix it to protect your site and data. Read on for more.

4 Ways Your Website Is a Security Risk and How You Can Fix Them All:

Excellent website design is just the beginning. You also need to protect your site against cyber attacks, hackers, and more. Here’s how.

1. Malware

Malware is short for “malicious software,” and it is just as sinister as it sounds.

Malware programs are designed to gain access to your computer or website specifically without your knowledge.

Malware can be responsible for data theft and search engine blocking, among other consequences.

Protect your website with malware scanners to monitor security 24/7. Always update platforms, apps, and plugins as soon as the new version comes out.

Always be cautious when it comes to free software programs and research them thoroughly before installation.

2. Get an “SSL” (HTTPS)

Google is leading the way on encouraging every website to be secure. Specifically, every website should be protected by an “SSL” certificate which encrypts all user data submitted in forms or payments.

If the URL for your website doesn’t start with, “HTTPS,” your site isn’t secure. Pretty soon this is going to hurt your site in Google searches, which is incentive enough to secure your website!

There are sites out there like “Let’s Encript” that offer free SSL’s, but not all web hosting companies accommodate them. (They would rather have you pay for theirs) 

If you have to pay for an SSL, it will cost you about $60/year, which is a good incentive to host your site with a company that offers a free SSL.

3. Passwords

It’s obvious that you need a hard to guess password to protect your site from invasion.

For maximum security, require a two-factor authentication for the admin page, so that only authorized admins are able to access the heart of your site and your valuable data.

Require specific password regulations for your users as well, such as the use of numbers and capital letters.

Further protect your customers from hackers by using a one-way function such as SHA (secure hashing algorithm). This will secure the data by using an algorithm that scrambles the data in a way that only the sever will know how to keep track of.

This helps to prevent password guessing software from easily accessing your user accounts.

4. Backups

Backing up your site is an important way to protect your hard work, but it’s also a way in for hackers and cyber thieves.

Keep backups stored locally and offsite to minimize the security risk. In the case of a malware invasion, you’ll be able to more easily restore a secure version of your site.

*Related coupon: 50% off Carbonite backup

5. Manage User Access

We’re not saying trust no one, we’re just saying don’t trust anyone else’s cyber security.

Every time you allow user access, even to another admin (an employee or a guest poster, for example), you’re opening up a pathway for invasion.

Limit who has admin access to as few computers and accounts as possible. Create a layered system of access to limit the functions of the site to only what is absolutely necessary.

Now You Know!

Implementing these cyber security practices will help ensure the functionality, trustworthiness, and reputation of your site.

It’s much easier to take extra precautions to dodge a security risk than to repair it after an attack.

Want more? Check out this post about the worst high profile data leaks of 2017 or this post about how to avoid dating site scams.

shared ip address seo harm

Yahoo & Bing Dropped Your Website? The Dirty Truth About Shared Hosting

One day I noticed that my site wasn’t showing up on Yahoo when I searched for “Chairman Meow.” I knew that was a red flag, so I tried a few more search terms. Still nothing. Then, I checked my other sites under the same account. All of them missing. It didn’t take me long to realize that my site(s) had been dropped by Yahoo and their partner Bing.com, and something weird was happening.

I’m not part of any paid-linking or “black hat” SEO schemes, and I don’t really do anything “shady” online, so why was my site dropped by Yahoo?

Has Your Site Been Dropped By Yahoo / Bing?

Try doing a search for your domain name on Yahoo.com. If you don’t see your site come up, you may have been dropped. If it has, you’ll likely see your Facebook page, or an obscure page or two from your site might turn up in search results instead. So, was your site unfairly dropped?

If you’ve been paying a guy in the Ukraine to do your SEO work, or send out spam emails by the thousand, you probably aren’t an innocent victim. Your site was probably dropped for the same reason they throw certain characters out of bars and NASCAR events. However, if you play by all the rules, consider taking action immediately to get back in search results.

Site Dropped for No Reason? Your Shared Hosting Plan May Be to Blame

If you’re paying under $50 a month for hosting, (like most of the masses) you’re on what is called, “shared” hosting. With hosting companies like GoDaddy, your site is on a server with hundreds of other sites, all with the same IP address. (the unique 11-digit number /address of each server) When one of the sites on your server starts behaving badly, Yahoo / Bing will likely block the whole server, even with WordPress hosting.

That means that your blog about “knitting patterns” and “photos of kittens” will be penalized because it’s on the same server as “DonkeyPorn.xyz,” because to Yahoo, you look the same!

Oh, no! What Other Sites Are on My Server / IP Address?

shared ip address blockedEver sit on a wet, sticky public toilet seat? That’s how I felt when I took a look at who else I was sharing a server with. There were hundreds of sites, and a few stood out as being shady. Clearly one of these dirty sites was the culprit, and to blame for my site being dropped.

You can do a reverse IP lookup online to find out who you are “in bed” with here. Just type in your site domain:

In my case, I got a message saying:

“It appears that the web server located at 123.456.78.910 may be hosting one or more web sites with explicit content. The web sites in question are highlighted in red below. There is a possibility that all of the web sites on this web server may be blocked by web filtering software. Search engine rankings for these web sites may be affected as well.”

Still in shock, I called GoDaddy to inform them of this news. “Do you realize you are hosting my website with a bunch of porn sites?” To which they replied that they have no control over what people put on their websites, and don’t have a screening process. What?!

Contacting Yahoo / Bing for Re-inclusion?

You might have better luck finding a personal email address for Taylor Swift than a helpful contact email on Yahoo.com. Before trying to contact them, I suggest you try to fix the root problem first. Paying for hosting on your own “dedicated” server is expensive and can cost $200+ month. So, to separate yourself from these bad actors, try getting a dedicated IP address.

Buy a Dedicated / Static IP Address

If you use one of the big hosting companies like GoDaddy or HostGator, adding a dedicated or “static” IP address to your hosting plan should be easy, and cost about $6/month. You should be able to log-in and do it yourself, and the transition should be simple. Contact your hosting company with any specific questions if it’s not obvious.

Contact Yahoo through Bing Webmaster Tools

Once you have a new IP address, you can either wait and watch search results, or contact Yahoo / Bing to tell them what happened. Yahoo’s customer support is notoriously bad, but since their merger with Bing, they offer webmasters a nice set of tools and help through Bing Webmaster Tools. It’s an easy sign-up, and let’s you look under the hood at how Yahoo / Bing view and index your site.

If you need to contact them, signup for Webmaster Tools, verify your site, and go to “Bing Webmaster help and How-to,” and click under “getting help & support” on “webmaster support.

bing yahoo contact site dropped

 

In my case, (not knowing why my site was dropped) I went through this process backwards and contacted Bing first, before getting a new IP address. They actually responded 2 days later. Within a week they confirmed that my IP address was being blocked due to spam originating from another site on my shared server.

Here’s the response from Bing Microsoft Customer Support
We highly appreciate your patience as we review this matter together with our Product Group. My name is Jenny and I will be providing you with the status of this Service Request.

We would like to inform you that the webserver that your site exists on is blocked by our bots due to Spam and the whole IP was crushed…

My Site Started to Reappear On Yahoo Search Within a Week

Bing webmaster support quoted that it would take “a week or two” to be back in search results, and as I type this, my .net site is slowly trickling back onto Yahoo search results a week after getting a dedicated / static IP address. This whole fiasco has lasted about a month so far!

Don’t Risk Bing Dropped By Yahoo / Bing; Get a Dedicated IP Address for SEO

Google doesn’t see to block entire IP addresses the way that Yahoo / Bing does, but getting dropped by Yahoo /Bing is serious. Together they account for a significant 29% off search traffic.

In my opinion, anyone maintaining a website or blog should have a dedicated IP address. It’s cheap insurance against being dropped because of the actions of someone else online. It’s also included with an SSL certificate, (which gives your site an “https:” url) and a layer of security if you collect information or take payments. If your site or blog is run on WordPress, consider managed wordpress hosting from a specialist like WP Engine Hosting.