Click to enlarge
One of our plugin vendors, WordFence, wrote a detailed post answering the question “Is WordPress Secure.” “The short answer is yes, but it does require a modest amount of work and education on the part of the site owner.” Fortunately for our hosting clients, we already do much of that work (AND MORE!) for you!
Our hosting environment runs the Plesk hosting control panel on top of Ubuntu Linux. Ubuntu, Plesk, and WordPress core and repository plugin updates are automatically installed on schedule as they become available.
Your website on our hosting benefits from several different layers of protection, at the network level, the server level, and at the application level. Traffic is continuously monitored by Apache ModSecurity for dynamically updated (Atomic Subscription) patterns of abuse such as brute force login attempts, form POST abuse, excessive 404 request, 404 requests for commonly abused filenames, etc. These automated systems then temporarily ban offending IP addresses using Fail2Ban. Repeat offenders get blocked for longer periods of time. At the application level, the WordFence security plugin is used to monitor WordPress core files and plugins for changes from the official versions, as well as to overlap some of the ModSecurity functionality blocking abusive requests if they make it through the previous layers of defense. We also have systems, Cacti, Graylog, Watchdog, Health Monitor in place to monitor overall server and network load levels that alert us to suspicious conditions outside the norm for manual inspection so that we can respond to and mitigate threats as necessary.
We take your website security seriously. If you have questions about security please ask!
Website Accessibility
Accessibility is an important issue that can produce damaging repercussions when overlooked. It is a challenge that Web Developers must strive to meet, so that each page built is accessible to every visitor. Website accessibility is a legally complicated issue because it varies from one country to another. Following these best practices will most likely help a developer come out with good results.
Evolving Security Threats
Security can be a concerning topic for the modern developer as hackers are constantly finding new and more sophisticated exploits. Keeping up with these security issues can be pretty exhausting. Its important to make sure that data sensitive sites are monitored on a pretty consistent basis. It’s also good to make sure that the site and its plugins stay updated as well as its core files.
Performance
Performance, as with usability, is also something Web Developers have to constantly keep in mind. Every action we take during development has the potential to impact the performance of the finished site. Images are a particular area that should never be overlooked. Large image files impact website performance immensely. Using large image files in the early development stage; even just for testing purposes can come back to haunt later. Its a good idea to make sure that all the images used for a site are compressed and optimized for web use. Also, using CDN’s (Content delivery network’s) can help limit the number of resources used on the server, when not using CDN’s its a good idea to keep all external JavaScript and CSS files minified. Another performance tool to consider when developing a website is the utilization of browser caching. All in all, it can be a time consuming task to make sure all of these things are considered and tested, however it is important to have well performing websites for usability, as well as SEO (search engine optimization).
Certainly, web developers aren’t just creating a pretty looking website. The modern developer must think of things like security, accessibility, and performance measures just to name a few. Luckily, most developers strive to be up to date with the ever-changing field of technology.
Click to enlarge
SPE Federal Credit Union launched a new website today. The new website uses modern design which makes it viewable on phones, laptops and desktops. The color scheme stays consistent with the previous site with two shades of green and contrasting white. The home page features rotating banners for featured promotions. It also includes a section for featured rates, featured services and a news section at the bottom of the page. Take a look at their new website: https://www.spefcu.org/
Click to enlarge
Awakon Federal Credit Union launched a new website today. The website features a clean, modern design with a blue and white color scheme. The home page features rotating banners for current promotions. It also features large buttons for quick access to frequently used links on the site. A resource list provides information that visitors might need. The site uses modern construction making it viewable on mobile, tablet and desktop computers. Take a look at their new website: https://awakonfcu.net/
Click to enlarge
According to W3Techs, a company that reports web based statistics, a recent survey on the usage of content management systems indicates that WordPress is now being used on 30.0% of the top 10 million active websites, which translates into a 60.2% CMS market share. While just over half of existing websites do not utilize a content management system, WordPress has been dominating the playing field, with Joomla sitting in second place at just over 6% of the market share. This statistic is inclusive of both WordPress.com and WordPress.org sites.
Click to enlarge
Our hosted WordPress sites using the WordFence plugin have now been updated with a new feature that detects when an email address logs in with credentials that have been previously discovered to be compromised in known password leaks from various sources. This feature increases protection since it stops a malicious third-party from using the leaked credentials to log in as you. If you see the INSECURE PASSWORD error when logging in, click the link to “reset your password” via email. After that, if you need additional help, please contact web services.
