GoDaddy Data Breach

The website hosting arm of GoDaddy recently announced a data breach of credentials affecting 1.2 million of their WordPress sites.

Coverage has been everywhere, but here are some links:

TechCrunch, WordFence, and the SEC.

Please note, this does not affect your WordPress sites hosted with CU*Answers Web Services.  This only affects certain web sites hosted at GoDaddy.

While CU*Answers Web Services does use GoDaddy for some domain name registrations, this incident did not affect the registrar functions, only their web hosting business.

GoDaddy said it’s reset customer WordPress passwords and private keys, and is in the process of issuing new SSL certificates.

Network Maintenance – November 16

maintenance

On Tuesday, November 16th, beginning at 12:00 AM ET, Network Services will begin the monthly patch process for all the servers on the CU*Answers network. Maintenance is scheduled to be completed by 8:00 AM ET.

Yesterday Was Windows XP’s 20th Birthday, Keep Your Systems Updated

Windows XP

I thought this was interesting, yesterday – October 25th 2021, was Windows XP’s 20th birthday.  And here we are on the cusp of Windows 11 rolling out to workstations across the country.

What I really found interesting about this article was that it mentions a significant amount of people continue to use Windows XP to this day.  (Significant is pretty relative.)  Mainstream support for Windows XP ended on April 14, 2009, with extended support lasting another five years.  This means that anyone still running Windows XP has not received support from Microsoft for roughly 7.5 years now, including almost all security updates and fixes for vulnerabilities that may have been discovered.

Think of all the vulnerabilities, viruses, exploits that have occurred in the last 8 years.  Think of all the technology changes on the web.  These old systems are very vulnerable to abuse and modern secure systems cannot support these legacy devices.

It’s important to keep your systems patched for the latest security updates to protect your members data and your corporate infrastructure.  Members need to remain current to keep their own systems safe.  CU*Answers Web Services updates your WordPress website core and plugins weekly (and as needed for immediate vulnerabilities) and partnering with CU*Answers Network Services, we update the host servers monthly (or as needed for immediate concerns.)  In addition, we regularly sunset older technology that we can no longer support, usually because the manufacture stopped maintaining it, like Microsoft did with Windows XP.  The Internet Explorer web browser is another example.

In short, keep your systems current.  Technology changes and systems get patched to make them more secure.  Staying up to date keeps your systems more secure too.

Five Tips to Keep Your WordPress Site Secure This Cybersecurity Awareness Month

WordPress

October is National Cybersecurity Awareness Month.  This is a time to draw awareness for everyone to be aware of cybersecurity threats and have general refreshers on best practices to keep yourself, your identity, your computer networks and your website as safe as possible.  To that end, here are 5 quick tips on how to keep your WordPress website safe and secure, and how CU*Answers Web Services helps.

1. Use Strong Passwords.

The bad guys know when your website is using WordPress (or any other content management system) and they will attempt to brute force guess your passwords.  They also have access to leaked password lists of passwords you have used on other services.  As a publisher on your WordPress site you should always use a strong password, and the longer the password the better.  You should also not reuse passwords across multiple services.   Make your password unique to each service you use and use a Password Manager so you do not even have to remember them.

2. Protect Against Repeated Attacks

Even though you have a unique, strong password on your site.  The bad guys are still going to do repeated guesses (often called a brute force attack) on your login page.  CU*Answers Web Services sees this traffic and has implemented several layers of protection to keep the bad guys out, and also make our websites less attractive to target.  The WordFence security plugin, which is a required plugin for all our hosting clients, offers brute force protection.  It will block repeated attempts to guess passwords on your site.  Likewise, at the server level we have similar systems that will block the offending IP addresses for periods of time.  This slows down attackers and makes our sites less desirable to probe.  The side effect of these systems is sometimes they accidentally lock valid users out, but all you need to do is give CU*Answers Web Services a call and we can get you unblocked.  The inconvenience of a temporary block is worth the tremendous problems caused by a compromised site.

3. Use a Web Application Firewall

A Web Application Firewall (WAF) is a piece of software that protects your site against attacks.  In this case, CU*Answers Web Services has you covered too.  We use a WordPress specific WAF on each site through the WordFence security plugin.  Again, this plugin is required on all our hosting client sites.  In addition, we use a general purpose WAF at the server level that has a wide range of rules to protect the entire server and underlying operating system.  Occasionally, these do block legitimate traffic which can be inconvenient.  The most recurring issue we see if use of the word “union.” Since most hosting clients are credit unions this word gets published quite often.  Unfortunately, “union” is also a word from SQL that can be used in SQL injection attacks, so it does cause unintended blocks from time to time.

4. Back Up Your Website

CU*Answers Web Services and Network Services has you covered here.  Our shared hosting servers are backed up nightly through our automated systems.  While not fool-proof, having a backup from last night gives us a fallback in case something drastic happens to your website.  In addition, clients with access to the CU*Answers Web Hosting Control Panel have access to create on demand backups also.

5. Keep your WordPress and Plugins Current

This is the one security principle that gets repeated over and over again.  Keeping your WordPress core and Plugins — or really any software — up to date protects you against security issues.  Sure, new ones might be introduced, but over time the security of software should continue to improve.  CU*Answers Web Services has built special shared hosting servers specifically for WordPress.  We have protocols in place that update WordPress core and all plugins every Sunday night.  This keeps all of our sites on current releases.  We track this information in a couple of dashboards and can see what updates are pending in case we suspect a conflict of some kind.  Finally, our infrastructure also allows us to deploy updates as needed in case there is a critical update that needs to go out immediately.

There is no such thing as a 100% secure website, but hopefully these tips and your understanding of how CU*Answers Web Services  is working to keep all of our sites protected gives you confidence in your choice of hosting and website management providers.  If you have any questions or concerns, certainly reach out to the CU*Answers Web Service team.

 

 

 

 

Network Maintenance – September 21

maintenance

On Tuesday, September 21, beginning at 12:00 AM ET, Network Services will begin the monthly patch process for all the servers on the CU*Answers network. Maintenance is scheduled to be completed by 8:00 AM ET.

Network Maintenance – June 22

maintenance

On Tuesday, June 22, beginning at 12:00 AM ET, Network Services will begin the monthly patch process for all the servers on the CU*Answers network. Maintenance is scheduled to be completed by 8:00 AM ET.