BLOG

Valley IT is an affiliate of WPForms

Accepting payments from your website should be an easy process in this day and age. Well with WP Forms Addon Authorize.net it is.

If you have a WordPress website you might already know about WP Forms plugin. There is a free version and a premium version. You can do a lot even with the free version. This plugin has been downloaded more than +4 million times.

The first thing you will need to do is to download and purchase the WPForms Elite license,  and the Authorize.net Addon you can collect payments, donations, and online orders. To complete the Authorize.net integration you need two things. You will need the API login ID and the transaction key both of these you can get from your Authorize.net account.

You can find out more information by visiting the WPForms site.

Need a consult

Your Websites Security

Here are the most common security issues related to having a WordPress Site

1 Out of Date Software – Core : Is the core program up to date.

Large websites employ entire teams of system administrators to make sure the software is patched and up to date. Most smaller website companies can’t afford even one full time system administrator to do this on a full time basis, this is what hackers are looking for, vulnerable out of date websites not running the latest patches or updates. Luckily for you with hosting services @ Valley IT and in partnership with Siteground, they employ a large amount of System Administrators. These System Administrators are constantly monitoring security reports as apart of their day to day duties.  When a patch comes out or is available they get to work by running things like a test system, run additional testing to make sure it doesn’t break anything else once this is done and has been successfully passed they roll it out across the entire infrastructure. Each and every day there are patches released to keep your website safe and running.

  1. Out of Date Themes and Plugins

The biggest thing you can do for your website is to make sure that WordPress , the themes, and the plugins are up to date. If you are not already aware every single piece of software has bugs this includes WordPress, your theme, and the plugins you are using however we don’t know what these bugs are yet, and they can change.  There are software development teams working through different issues that they either find or are reported to them, this is then released in the form of a patch or an update by running the update you will continue to keep your website up to date and secure but YOU have to play your part in this. Sometimes there is a time delay of when the update is released and when it becomes available for you to run. If you login to your sites dashboard and notice that your site has plugins, themes or even WordPress itself is requiring an update please go ahead and do this (Note: it is always worth doing an backup before and after you do any updates).

3. Brute Force Attacks

This is exactly as it sounds, there are people out there lets call them “hackers” trying to get into your website they run scripts and use the most likely usernames and passwords if they get a hit they are in. Users that use the same username and password are #1 target. Here are some of the usernames not to use

  1. Administrator
  2. User1
  3. Admin
  4. Demo
  5. Dbadmin
  6. The name or acronym of your site (i.e. valleyit for my site as the domain name is www.valleyit.com.au)

As soon as a website is compromised these usernames and passwords are sold to others so they can try them on other sites and so on and so on.

The best way to stop a brute force attack is to use a good security plugin such as Sitegrounds Security Plugin, generally they are trying multiple times with the same username to start with so the easiest way to stop it is to set the attempts to 3 (after 3 attempts of using my password I can’t remember I can generally go into the hosting and reset it or follow the prompts to reset it, this is completely safe).

The other way is through Brute Force Mitigation, generally there are systems out there that can track where they are coming from once they see where it is coming from and it tries to attack your site it will be stopped. Wordfence is another good plugin to use to limit the amount of attempts plus you can see where the attacks are coming from ( you may wish to lock down your site to a specific region like Australia). Some of this is actually done through your hosting company as well.

  1. Malware

So malware is any piece of malicious software that can be injected into your site and then they can run it whenever they want.  It can be very easy to inject malware into your site , this can be done through comments or with a little bit more difficulty they can upload an executable file and run it.  This is a much worse case and often ends in having to restore from a clean backup, then finding out how they got in there and then fixing that issue so that it doesn’t happen again, and even after all that you could only hope that you got it all.  This is why Malware scanners and cleaning services are a very important addition to your WordPress site. Again Wordfence is able to scan for known Malware, when it is found they will either take action immediately or recommend what to do next but most importantly they alert you that something sinister has happened.

Your hosting company normally will have malware scanners that will operate at a much higher level that things like plugins just can’t match with. Because your hosting company has access to all of the infrastructure below your site it can tell you when there is a problem and it can also tell what damage has been done, this can give you the piece of mind of having extra security. Make sure you have some form of Malware scanning program on your site, also making sure you are doing regular backups of your site. This will allow you to at least restore to a previous time that you are confident is a clean version of your site.

  1. DoS (Denial of Service) and DDoS (Distributed Denial of Service) Attacks

These are both very similar in what they do, the basis of the attack is someone will run a script that requests pages from your site quicker than your server can actually serve them.  In a DDoS attack it is generally more than one person and they are spread out around the world. Caching services can help lessen DDoS attacks if you are worried about these attacks make sure your website has a solid caching system sitting in front of it. Again this is generally built into your hosting they will tell you that they have it however they wont tell you exactly how it works as this would be a security breach.

  1. Phishing
    These can come in many different styles but for the most part a phishing attack is when someone sends an email that looks like it came from your server (or you) asking a user to click a link and do something, now this link may look like its going to your website but in actual fact its going to a website that is owned by the “hacker”. A common type is when you click the link and it takes you to a login page now this may look like your website so it might be fair to say you might enter your username and password into the form, so since you are not actually on your own website your credentials won’t work, clever sites will ask the user to try again, so the user will try again and again maybe this time using a different set of credentials until they catch on that something is not right or they might just give up. The problem now is the “hacker“ now has multiple usernames and passwords that they can use when they are trying to brute force an attack on a website and on top of that they are quite likely to have the proper credentials to login to your site.  With the way the email system was created it is very easy to fake where an email came from however these days there are things working in the background of your web hosting to stop this from happening. Protocols like SPF (Sender Policy Framework) , DKIM (Domain Keys Identified Mail), and DMARC (Domain-based Message Authentication Reporting and Conformance). Check with your web hosting company to see if these protocols are in place.

  2. Hosting Environment

Your web hosting is an essential part of your website, domain name, and email systems. Yes you can get free hosting , yes there is cheap hosting sometimes as little as $5 per year I can say with great confidence you are getting exactly what you paid for. By using hosting services @ Vallet IT who are partnered with such a large company as Siteground, this will give you all the tools you need to keep your website safe and secure.

Finally if you don’t want to read this loooong blog, then simply take the information in this paragraph.  Make sure you have some sort of Malware Scanner on your website, do regular backups of your website, make sure your software (WordPress, Themes, and Plugins ) are up to date.

If you would rather someone else take this task on please get in contact with Valley IT today and get a quote on monthly updates with backups.