Questions about Website Security

Accessibility

CU*Answers Web Services recently received some questions about website security. This client was concerned about the recent defacement of a Credit Union website in Montana and asked about how this would be handled at CU*Answers. We thought they were some good questions, so we wanted to share our answers with everyone. Here they are:

Who do we contact by phone to completely shut down our website? And does that include weekends and afterhours?
During M-F 8-5 business hours, call the Web Services Team 616-285-5711 x275
After hours, call Customer Support 800.327.3478 where someone is on call 24/7 to engage the appropriate team for response.
If something odd occurs does CU*Answers provide a diagnostic or forensic analysis of what happened?
We analyze our logs regularly to determine the source and method of attacks in order to mitigate attempts proactively. In the case of a successful “hack” we would do our due diligence to learn and prevent further abuses. We don’t have a formal plan to provide you with a report of those findings, but we’d be happy to share any findings deemed beneficial.
Does WordPress receive the same attention to updates and monitoring for security as our site?
I’m not sure I understand this question, your site does use WordPress, which we monitor and update continuously and update both the WordPress core software and plugins, this is one of the benefits of hosting with us. We also use several WordPress plugins to monitor security and log admin logins and changes on your site. Furthermore, Network Services has several protections in place at the network level including firewalls and intrusion detection systems – to name a couple – to assist in mitigating attacks.
Lastly, would CU*Answers automatically post a temporary site or link to take members to a “safe” site – bypassing the unwanted component – to access their information?
Yes, we would absolutely respond with necessary action to protect your members from any security incident. This response would depend on the severity of a compromise, ranging from removing the threat by redeploying your site from a version we keep in our code version control system, to potentially redirecting requests to your site directly to your online banking URL until the risk was mitigated.

How to take a screenshot

If you are getting an error on your website (or really any application) or you are seeing a funny browser rendering issue on your website, it helps us to see a screenshot.  This lets us see exactly what you are seeing.  Taking a screenshot is really easy and helps us out, especially when we can’t duplicate what you are seeing.

Lifehacker has a nice series called Emailable Tech Support.  They are simple and concise instructions on how to do certain computer tasks.  Last week they covered taking screenshots.  Take a read through to see how easy it is.

The Post Excerpt

Often, in the course of designing web sites, we encourage clients to take advantage of the built in post features of SiteControl (WordPress) to create a “fresh” home page with recent news, stories, promos, etc. However, many times we find ourselves with more information in a post than we’d like to display in the “teaser” on the homepage. Behold, the “excerpt” feature. This guide will tell you everything you’d ever want to know about the “excerpt” feature; what it is, how to use it, why its useful, etc.

SiteControl Help: Email Link

To link to an email address instead of a web site, in the “Link URL” field of the Insert/edit Link tool, put in the email address with the prefix “mailto:” (without the quotes).  Be aware that often times using a link to your contact form is better than an email link since it allows you to make a note about email privacy, makes updating contact information a one page update, and reduces the chances for spammers to harvest your email addresses in plan text from your site.

SiteControl Help FAQ

Need help figuring out what some of the options mean in your SiteControl site? The answers to your questions may be found in the official WordPress FAQ. Learn who can see a private post, how you can password protect a post, or how to upload an image.