An introduction to the Squiggle Graphics security package:
Let me introduce myself, my name is Paul. I have worked in the Datacenter industry for 20 years now, specialising in backup systems. I have helped design, install and test a wide range of solutions in most major UK Data centres and a few in Europe so this is a little departure from the norm for me. With the ever increasing needs for security package’s across the web, George@Squiggle has brought me in to help, with other specialist associates, to develop a complete solution to offer clients, so lets get right in….
You may ask yourself why do I need security on my website if its only a small or medium site. You have heard about the high profile hacking cases, which effected the NHS and various organisation worldwide. Well this happens everyday across the internet on smaller sites, they just don’t hit the headlines. Keeping your website secure and safe with all your data and your customer’s, whilst they are online should be top priority. When considering a website project, its often something that gets forgotten until its too late or not even thought about at all.
What is security?
The security package’s we offer protects you in many ways. We use security suites that bolt on to the WordPress management system, provided by leading security specialists in our recommended packages (SG4 and above). The first thing we do is not to advertise who we use for these services, its not the hardest information in the world to find out but it forms part of our security by obscurity method. No one can exploit known weaknesses if they don’t know what the system is in the first place. Unlike less reputable companies who provide free or trial software, we guarantee you receive a professional, premium suite of security tools that we buy for our clients usually offering more than is supplied to single customers.
Just some of the features we provide:
You will immediately see some other security by obscurity techniques, for example your login will no longer be the WordPress system, you will find our own login screen on a custom address. The first thing an attacker may do is visit the wp-admin login screen only to find there isn’t even a door there!
Once you are at your new Squiggle Graphics login we will run a few additional checks. Firstly we remove any warnings if a correct user is entered but a wrong password, we also enforce strong passwords by all high level users.
The google reCAPTCHA system stops any Bots in their tracks, stopping automated attacks from getting in. Invisibly, behind this, we also enforce brute force attack lockouts to stop repeated offenders and blacklisted hacker bases from ever trying again.
Once you have logged in and passed the robot test you will now see a two-step authentication process, now this is a real pain but we firmly believe it is worth having. This step almost singlehandedly stops the sites being compromised by logging in on a computer or device, infected with a malicious keystroke-monitoring program. This method of hacking into sites has been extremely effective and very hard to stop until the recent implementation of this system. It also protects you from passwords and logins that have been stolen even by physical means within your building.
Two-step can be implemented in several ways. Because it is an annoying step we try to provide you with a convenient solution. You will be emailed the code for every login direct to your registered Email. We can also provide you with the code direct to your smartphone, just like some banks do. We can do this with mobile apps such as Google Authenticator and Authy.
So what else is going on?
Well plenty actually, we make subtle changes behind the scenes to enhance security. Squiggle hide information that many sites unknowingly share and tighten up on the geeky stuff like SQL injection, file access permissions, PHP disabling and 404 detection. All the tweaks would run to pages if listed and explained but once setup most are happy protecting you from behind the scenes quietly. Again not fully listing measures prevents giving persons with malicious intentions a helping hand.
Yes, absolutely. I haven’t covered much here as it is a post all of its own. We provide a SSL certificate to encrypt data between host and user. A must for any payment sites and now with Google’s recent policy change, highlighting any site without a certificate and a ranking penalty, it is recommended everywhere. Most sites don’t need this but would you really want your customers getting a ‘unsecured’ warning every time they visit.
Just like our security package, we don’t just stick a free version on; we supply a certificate from a premium supplier. SSL is now rocketing in popularity, to the point that most modern sites will now implement it. The result is that cyber criminals now have this firmly in their sights as a target, we are already seeing LetsEncrypt certificates being targeted and used for malicious purposes,
Once your certificate is supplied we can migrate you to the HTTPS address. We check everything is updated, such as image addresses and then re-submit the site for Google tracking.
Am I hack proof?
No! No system is 100% secure, just ask Yahoo or Apple and these are billion $ companies with budgets for security that would make small countries weep! The bigger your budget the better your security can be. As with most things in life its finding a balance. A 24/7 team watching your site would be nice but in reality for most small businesses its simply not affordable. Keeping software updated regularly, strong password procedures and secure workstations will all hugely reduce your exposure to internet threats.
We will, as discreetly as possible, improve your security by a measure of magnitude. You may see some small inconveniences, like the two-step, but that along with general best practices will see your site protected better than ever before.
We give you incredible value for money because we can use our expertise in getting everything setup quickly and efficiently. We remove any risk of damaging the site in the process and use premium developer software for our customers.
In worst case scenarios’ Squiggle will always be here. Ready with the site backups we store as part of your maintenance package.
Some frequently asked questions;
1. Why is the security and maintenance a separate cost to the website build?
As you can appreciate this is a additional service to the design of the website. We have separated the cost so you can decide what level you require for your site. The SSL licence, security and backup software are an annual subscription. We combine these with our management to offer you a package contained in a single yearly payment. We can also provide monthly subscription if you prefer.
2. Do I need this?
It is totally your decision what level of security package you require from Squiggle. We have shared our knowledge and information with you so you are able to make an informed decision. Chose what level of protection you wish to have in place.
Other companies do offer management services. The balance we offer between features and cost make us, in our humble opinion, very competitive. We have a vested interest in keeping your site secure. As a valued customer and the reputation of a site created by us always reflects on us. We also know your site inside out, giving us a unique advantage,
we do not offer maintenance or security for sites not hosted by us for this very reason.
3. Can I self manage my site on the SG1 security package?
This is absolutely fine on the day we receive sign off of the website we will take a full back-ups. We are always here to assist should you encounter problems at a competitive, ad-hoc rate. Please see the blog – best practices for a self managed maintenance and security package.
For any further information head on over to the contact page and get in touch….