This year is no different, and GreenGeeks is excited to announce many new changes.

Half-Price Website Cleanups for Cyber Security Month

In an attempt to ensure all customers have a secured web hosting experience, GreenGeeks is discounting all paid malware cleanups by 50%, allowing any customer with a compromised WordPress website to take advantage of our in-house malware cleanup services for only $24.95.

Customers can also utilize this service to ensure all WordPress websites under their account are secured and updated to the latest version. Note that this discount is only available for the month of October, so don’t miss out on this great opportunity to secure your account.

Say Goodbye, Say Hello!

As Ferris Bueller once said, “Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.”

In today’s fast-paced world, this rings truer than ever, and sometimes change is not only inevitable but necessary. Change can be challenging, but it also presents an opportunity for growth.

With that in mind, we are saying goodbye to the GreenGeeks Abuse Team.

For years, they’ve been our steadfast guardians, vigilantly battling unseen threats in the shadows. However, as GreenGeeks continues to evolve into a leader in the industry, we believe it’s time for a new chapter.

That’s why we’re excited to introduce our newly restructured GreenGeeks Compliance Team!

Armed with cutting-edge techniques, enhanced training, and faster-than-ever support, the Compliance Team will usher in a new era of stability, security, and privacy for our valued customers.

The Importance of Password Updates

In the spirit of Cyber Security Awareness Month, the GreenGeeks Compliance Team will be encouraging and assisting with password resets throughout the month of October.

The majority of account compromises are the result of a weak or compromised password. This risk is greater if you share the same password amongst your online accounts and services. It puts your other services at risk for compromise.

Do you routinely update your passwords every three months as recommended by cybersecurity professionals? Resetting your passwords via your GreenGeeks Account is very easy to do within just a few simple steps.

It can help prevent a future compromise of your account. More information on password resets can be found here.

Also, we have a strong password generator should you want to use it for any accounts aside from your hosting.

Be Alert: Identity Theft is on the Rise

Today more than ever, our lives are lived more and more online alongside many of the risks we face. Modern criminals are getting smarter and more sophisticated, making identity theft one of the fastest-growing crimes.

What used to be just about a stolen credit card has evolved into a complex web of personal data theft—your social security number, email accounts, or even your entire online identity could be at risk.

Since 2019, identity theft cases have skyrocketed, increasing by 50% with little sign of going away. Many experts have estimated losses could exceed $20 billion annually by 2025 if we don’t take action to better safeguard ourselves.

Be mindful of your online activity—use strong, unique passwords, set up two-factor authentication, and keep an eye on your accounts for anything suspicious. As online threats become more sophisticated, so should your defenses.

Take a few extra steps today to protect your future such as using strong, unique passwords, enabling two-factor authentication, and regularly monitoring your accounts for unusual activity.

Are You Secured this Cyber Security Awareness Month?

Make sure your account is secure as it is critical. In just a few steps, you’ll ensure the safety and protection of your account. If you’re unsure of what to do to secure your websites, fear not.

The GreenGeeks Support team can answer any questions you may have. In addition, our Compliance Team can gladly assist with auditing your account and websites. They can provide you with a full report of our findings as well as specific steps to take to secure your data.

You can also search through our knowledge base for further assistance regarding a wide range of topics.

The post GreenGeeks Cyber Security Awareness Month 2024 appeared first on GreenGeeks Blog.

The active LiteSpeed Cache exploit affects over five million websites worldwide, including many hosted at GreenGeeks. GreenGeeks utilizes LiteSpeed Cache across our EcoSite and Reseller network, which includes the use of the WordPress LiteSpeed Cache plugin.

Even if you’re not an expert web developer, it’s important to understand the implications of this compromise and the steps we’ve taken to safeguard your websites.

Understanding the Compromise

The LiteSpeed Cache Plugin is a very popular plugin designed for caching and optimizing a WordPress website. Unfortunately, every software has vulnerabilities, and the LiteSpeed Cache Plugin is no exception.

When something is this popular, the criminal element will do what they can to exploit it. There is no such thing as a completely “fool-proof” system.

This past week, a security flaw, identified as CVE-2024-28000, was discovered within the plugin’s codebase. This plugin is vulnerable to a privilege escalation exploit in all versions up to, and including, 6.3.0.1.

This makes it possible for unauthenticated attackers to spoof their user ID to that of an administrator, and then create a new user account with the administrator role utilizing the REST API endpoint.

It is critical to note that this vulnerability affects older versions of the affected plugin, and updating to the latest version is crucial for protection. It’s always a good idea to make sure all of your plugins, themes, and WordPress core files are updated.

Our Proactive Approach and Ensuring Your Website’s Safety

Simply put, GreenGeeks takes your website security seriously!

Even though we’re not a fully managed WordPress hosting provider, GreenGeeks takes proactive action in these cases of severe vulnerabilities to protect our clients and the security of our network.

In this case, we’ve already taken corrective action for all of our impacted customers across our EcoSite and Reseller platforms. This involves updating the LiteSpeed Cache plugin to the newly patched version as needed.

While we have updated the LiteSpeed Cache plugin on our network as a courtesy, you must remain proactive in securing your website.

In most cases, the best defense is keeping your software up to date. Simply updating to the latest version available from the official WordPress repository will patch the vulnerabilities and enhance the security of your website.

The best way to keep your site up to date is by using the WordPress automatic update system within wp-admin, bypassing the need for any 3rd party software. You can also easily manage your WordPress installations and automatic updates using Softaculous. This can be done from within your GreenGeeks cPanel account.

Conclusion

At GreenGeeks, we prioritize the security of our clients, and we strive to help you stay informed and secure of potential security threats to ensure your peace of mind.

Although we’ve taken the critical steps to update impacted sites using the LiteSpeed Cache plugin and remove the vulnerability, we encourage you to update all other software installed within your GreenGeeks account. This includes ensuring all passwords have been updated to maintain the overall security of your hosting account.

Remember, staying vigilant about vulnerabilities and keeping your software up to date is crucial for a safe online presence.

If you have any questions or concerns about this vulnerability or its impact on your GreenGeeks Account, please don’t hesitate to contact the GreenGeeks Technical Support Team for assistance.

The post Security Update: Protecting Against the LiteSpeed Cache WordPress Plugin Compromise appeared first on GreenGeeks Blog.

This flaw allowed attackers to access backup files containing sensitive data like database credentials and user information.

Additionally, BackupBuddy has since changed ownership to a new parent company and changed its name to Solid Backups, making previous versions of BackupBuddy deprecated.

While this compromise was initially found in 2022, GreenGeeks and other web hosting providers have experienced an increase in attacks that are targeting this plugin, requiring a permanent solution to this threat to prevent additional exploits of data.

Identification and Response

The Wordfence Threat Intelligence team discovered the vulnerability, which permitted unauthenticated users to download arbitrary files from affected servers. After responsibly disclosing the issue to iThemes, the plugin’s developers, a patch was quickly released.

Wordfence published an advisory urging immediate updates to mitigate risks.

Impact on Web Hosting Providers

Web hosting providers, especially those offering shared hosting, faced significant challenges. Shared hosting environments are particularly susceptible to cross-site contamination.

Providers had to disable and remove the BackupBuddy plugin since it is a premium plugin that they couldn’t update on behalf of users. They informed clients about the issue and recommended downloading the patched version directly from iThemes.

Backup Storage on Shared Hosting

BackupBuddy’s method of storing backup files posed additional problems for shared hosting environments, which typically do not allow extensive storage. The plugin’s storage-intensive operations could degrade performance and increase data exposure risks.

Hosting providers often prohibit storing large backup files on shared servers and recommend alternative solutions that use secure, offsite storage.

GreenGeeks does not allow the storage of large backup files on EcoSite or Reseller servers. We recommend alternative backup solutions that either store backups offsite or use more secure and resource-efficient methods.

For instance, UpdraftPlus will allow you to store backups on cloud servers such as Drop Box and Google Drive for free.

GreenGeeks also offers nightly backups of all EcoSite and Reseller accounts. Storing additional backups within your account(s) can delay our backup process, causing a lapse in the data we retain.

Preventive Measures and Best Practices

The BackupBuddy exploit underscores the importance of regular security audits and updates for WordPress plugins. Site administrators should:

• Perform Regular Updates: Keep all plugins, themes, and core WordPress installations up-to-date.
• Use Security Plugins: Use plugins that provide firewalls, malware scanning, and intrusion detection.
• Use Offsite Backups: Store backups securely offsite to minimize data loss risks.
• Safeguard Access Controls: Restrict access to sensitive files and use strong, unique passwords for administrative accounts.

Conclusion

The CVE-2022-31474 vulnerability in BackupBuddy highlights the ongoing need for vigilance in website security. Regular updates, proper storage practices, and robust security measures are essential for protecting websites.

The collaborative efforts of security researchers, plugin developers, and hosting providers were crucial in addressing this vulnerability, emphasizing the importance of proactive cybersecurity practices.

For detailed information, refer to the official Wordfence advisory and the CVE database entry for CVE-2022-31474. These resources offer comprehensive insights into the BackupBuddy exploit and the steps taken to address it.

The post Understanding the BackupBuddy WordPress Plugin Exploit appeared first on GreenGeeks Blog.

With a surge in cyberattacks, data breaches, and vulnerabilities, organizations and individuals alike have been grappling with unprecedented numbers of threats, GreenGeeks included.

Crucial Cyber Security Threats

Ransomware

The cybersecurity landscape is evolving constantly. Attackers continuously adapt their tactics for newly discovered vulnerabilities, but one of the most significant cybersecurity challenges in 2023 is the relentless pace of ransomware attacks.

These attacks, where malicious actors encrypt a victim’s data and demand a ransom for its release, have become increasingly sophisticated. Targets now include vast arrays of organizations, from small businesses to large enterprises and even critical infrastructure like oil & gas pipelines.

Aside from the usual cyber security countermeasures, having a complete set of offsite backups can allow you to recover from a ransomware attack.

Supply Chain Software Vulnerabilities

In 2023, numerous vulnerabilities have been exposed within supply chains, making it easier for cybercriminals to infiltrate systems and compromise sensitive data.

Cyberattacks targeting software providers and suppliers can have far-reaching consequences, affecting countless downstream organizations.

As the SolarWinds and Kaseya incidents have shown, cyberattacks targeting software providers and suppliers can have far-reaching consequences, affecting countless downstream organizations.

These attacks are almost impossible to mitigate proactively. However, one approach is to delay updates unrelated to security until thoroughly tested.

Insiders (On-Site Attacks)

While external threats often grab the headlines, insider threats have become more prevalent in 2023.

Disgruntled employees or individuals with privileged access can pose significant risks to organizations. Preventing insider threats requires a delicate balance between trust and vigilance. This includes emphasizing the importance of regular accountability audits.

To help mitigate some of these obstacles, the GreenGeeks Security Team has implemented a variety of enhancements across our platform, including adding new and exciting features.

New Features and Functions from GreenGeeks

Enhanced 2FA Support

GreenGeeks is pleased to announce that Two Factor Authentication (2FA) is optionally available across our entire hosting network. This is to provide further security for direct logins.

This new advanced 2FA support is in addition to the existing options provided within the GreenGeeks Dashboard. And it is configurable within your GreenGeeks cPanel.

More information on configuring 2FA is available on cPanel’s website: https://docs.cpanel.net/cpanel/security/two-factor-authentication-for-cpanel/

Bad Bot Blocking

GreenGeeks blocks “bad bots” by default, such as those that scrape website content or probe for software vulnerabilities.

With the exponential increase in the popularity of generative AI over the last year, GreenGeeks has implemented additional security rules at the server level to block AI scraping bots like ChatGPT.

Unlike normal indexing, content scraping bots exist only to siphon content from your website for their use. This is typically without royalty or credit.

In addition, the high volume of requests from content scraping bots can consume large amounts of resources. This can potentially impact legitimate visitors and lead to a degraded experience.

GreenGeeks MailHero

Spam is a never-ending problem for anyone with a website or an email address. If spammers can find a way to send an advertisement or scam, they won’t hesitate to exploit that method.

GreenGeeks is taking more proactive steps against spam with our newest release of MailHero. It’s a comprehensive, all-in-one proactive email monitoring tool that is now implemented across our EcoSite and Reseller network.

MailHero proactively monitors our servers’ email logs for common errors, spam outbreaks, and rejections and alerts our team if action is needed. This allows the GreenGeeks Security Team to mitigate potential spam issues before they worsen, which can damage your email reputation.

MailHero also helps with identifying and controlling forwarded spam, which can inadvertently cause problems for your business.

What’s better is that MailHero is currently active across all of our servers. No additional action is needed to take advantage of these benefits.

Password Generator Tool

GreenGeeks is pleased to announce our new Password Generator Tool. This tool allows customers to create secure passwords to use with their website or any other service requiring a password.

Aside from outdated website software, compromised passwords are one of the most common forms of exploits within the web hosting industry. Once there is a compromise of your password, it remains at risk indefinitely.

The GreenGeeks Security Team strongly recommends that customers take the time to audit and update all passwords within their GreenGeeks service. This includes their cPanel, FTP, email, and website-level passwords (i.e. WordPress admin password).

You should update your passwords regularly, at least once every three months. There are several ways to create a secure password, and you shouldn’t hesitate to make routine changes.

Conclusion

As October is Cyber Security Awareness Month, GreenGeeks wants to make sure all customers are protected and secure.

With the implementation of 2FA for cPanel, MailHero, Bot Blocking and our other exciting features, your websites, data, and email reputation have never been safer.

Protecting your data is of utmost importance today. Take steps to keep yourself, your clients, and your business safe at all times. Never underestimate the criminal element. Even the smallest of websites are targets.

The post Cyber Security Month 2023 appeared first on GreenGeeks Blog.

The active Essential Addons for Elementor exploit affects over one million websites worldwide, including those hosted at GreenGeeks.

Even if you’re not an expert web developer, it’s important to understand the implications of this compromise and the steps we’ve taken to safeguard your websites.

Understanding the Compromise

The Essential Addons for Elementor Plugin is a widely-used tool that allows website owners to create stunning designs and layouts without coding expertise.

Unfortunately, every software has vulnerabilities, and the Elementor Plugin is no exception.

Recently, a security flaw, identified as CVE-2023-32243, was discovered within the plugin’s codebase.

This vulnerability allows any unauthenticated user to reset user passwords, including user accounts with administrative-level access.

It is important to note that this vulnerability affects older versions of the affected plugin, and updating to the latest version is crucial for protection.

Our Proactive Approach and Ensuring Your Website’s Safety

Simply put, GreenGeeks takes your website security seriously!

Even though we’re not a fully managed provider, GreenGeeks takes proactive action in these cases of severe vulnerabilities to protect our clients.

In this case, we’ve already taken corrective action for our impacted customers, updating the Essential Addons for the Elementor plugin to the newly patched version as needed.

While we have updated the Essential Addons for Elementor on our network, you must remain proactive in securing your website.

In most cases, the best defense is keeping your software up to date since simply updating to the latest version available from the official WordPress repository will patch the vulnerabilities and enhance the security of your website.

The best way to keep your site up to date is by using the WordPress automatic update system within wp-admin, bypassing the need for any 3rd party software.

Conclusion

At GreenGeeks, we prioritize the security of our clients, and we strive to help you stay informed of potential security threats to ensure your peace of mind.

Although we’ve taken the critical steps to update impacted sites using the Essential Addons for Elementor plugin and remove the vulnerability, we encourage you to update all other software installed within your GreebGeeks account to maintain the overall security of your hosting account.

Remember, staying vigilant about vulnerabilities and keeping your software up to date is crucial for a safe online presence.

If you have any questions or concerns about this vulnerability or its impact on your GreenGeeks Account, please don’t hesitate to contact the GreenGeeks Technical Support Team for assistance.

The post Security Update: Protecting Against the Essential Addons for Elementor Plugin Compromise appeared first on GreenGeeks Blog.

The Problem

Like most other shared hosting providers, GreenGeeks has offered email forwarders within cPanel. This lets customers automatically forward email from one address to another.

Oftentimes, forwarders are created to forward email to external providers, such as Gmail. This would allow users to collect all of their messages in one location. But that’s not where the problem lies.

This labels GreenGeeks as the server sending spam and inadvertently causes our IP addresses to get blacklisted. In turn, this causes normal mail to be rejected by other providers and damages our overall network reputation.

If you’ve ever had an email or IP address blacklisted, it can cause all kinds of trouble. Especially from a professional or business standpoint.

It can result in your email interactions coming to a screeching halt.

The Solution

GreenGeeks is always trying to improve the service we provide to our customers. As the world’s #1 Green hosting provider, our goal is to not only be the best but provide the best service we possibly can.

Sometimes, this requires us to “go against the grain” in our approach to reach this goal.

To help stop forwarded spam from causing more problems with mail delivery, GreenGeeks will soon begin blocking the ability to add new forwarders to known free providers.

This includes, but is not limited to, Gmail, Yahoo, and Outlook.

How You Can Help Improve Your GreenGeeks Email Experience (And still get your emails)

Thankfully, there is an easy solution to this, and that’s to set your Gmail, Yahoo, or Outlook account to connect directly to your GreenGeeks email account and transfer the emails via a POP3 or IMAP connection.

This stops any spam you may receive from being forwarded and damaging your IP reputation, while still allowing your emails to be sent to another account.

Gmail, Yahoo, and Outlook all provide easy methods to connect your account(s). Customers who wish to keep a copy of the original message on the server when forwarding can still continue to do so if configured properly.

Essentially, this provides the same functionality as a standard email forwarder. Only in this case, it’s done from your Gmail, Yahoo, or Outlook accounts.

Conclusion

cPanel email forwarders are not a suitable solution for forwarding mail to an external email account on another server. While this appears to be a quick and simple solution up front, this can lead to severe consequences for your mail reputation and overall email deliverability. 

Customers who require assistance with configuring their GreenGeeks email with another provider are encouraged to open a Support ticket via their GreenGeeks dashboard.

Our friendly staff is available 24/7 to assist you with making the necessary changes.

The post External Email Forwarders: The End of an Era appeared first on GreenGeeks Blog.

For the past 20 years, the goal of CyberSecurity Awareness Month has been to educate individuals, businesses, and other organizations to implement the best practices for securing their data and information across the internet.

Today, we’ll share what we do to help keep your data safe and secure.

What is GreenGeeks doing to help secure my sites and account?

GreenGeeks is always striving to improve the quality of our support and the service we provide. Cyber security is no exception.

As part of this effort, GreenGeeks has been working over the past year to improve our tools & procedures, This helps us ensure we’re following relevant best practices.  

We’ve also created exciting new tools to help keep our customer’s sites secure and identify weak points before they cause a problem.

Our proactive approach stresses preventative action and following best security practices to keep your site safe. It’s far more effective to stop a compromise from occurring in the first place vs attempting to clean up after the site is infected.

Some of the new methods GreenGeeks has been working on to improve your experience include:

A New, Proactive Approach to email Error Monitoring

While GreenGeeks has always taken a proactive approach to SPAM monitoring, constantly scanning RBLs for our IP addresses, these new tools will allow us to spot additional issues such as DNS and other common configuration problems.

Full Email Reporting is Available in cPanel via Track Delivery

You’ll now be able to use the Track Delivery tool in cPanel to see all email activity under your whole cPanel or for a specific email address. Track Delivery allows tracking specific emails to confirm if they were delivered successfully.

New Tools for Investigating Compromised Accounts

This tool allows our team to identify the precise entry point and the date the website was compromised. This can help prevent another similar future compromise.

Complimentary Auditing of WordPress Sites

GreenGeeks is pleased to announce that as part of our initiative to help keep you secure, we are now offering a complimentary audit of all of the WordPress websites hosted within your GreenGeeks cPanel account.

Our audit tool performs an in-depth analysis of your WordPress websites. Then, it reports critical information necessary to secure your sites.

If you’d like GreenGeeks to perform a complimentary audit of your WordPress sites, open a new Support Ticket within your GreenGeeks Dashboard.   

Our team will perform the audit of your site(s) and provide a full report on our findings. This includes containing a full list of vulnerabilities and suggested fixes.

GreenGeeks can assist you with applying these recommendations for a nominal fee.

What Can Your Do to Secure Your Account Right Now?

With hacking attempts being more prevalent than ever before, now is the perfect time to take action to secure your website.

Two-Factor Authentication

To get started, you can do a few simple tweaks that will increase the security of your account. For example, things like enabling Two-Factor Authentication(2FA) on the Privacy tab of your GreenGeeks Dashboard profile.

By enabling Two-Factor Authentication(2FA), you’ll prevent anyone from being able to access your GreenGeeks Dashboard, even if the username and password are compromised.

For more information on setting 2FA on your GreenGeeks Dashboard, refer to the following articles: Setting up Two-Factor Authentication and Resetting Your GreenGeeks Account Password.

Update Software and Apps

At the Website level, the best thing you can do for security is to keep your software up to date. This is because new security vulnerabilities are regularly discovered and patched.

It’s always best to use the newest version of any software.

Add Security Plugins and Tools

If you’re using WordPress or another CMS, there may be 3rd party security plugins or extensions that you can add to the site.

In WordPress, you have access to plugins like WP Cerber, Wordfence, or iThemes Security. Among other features, these tools will lock down parts of the site that are likely to be exploited and allow you to restrict access to the admin panel.

Some may even offer file scanning, which detects new files you didn’t create or modify.

Practice Proper Password Usage

Proper password management is also critically important to your site’s security. It’s vital to use site-unique passwords and cycle them regularly.

It’s also important to use secure passwords. Too many people will use something simple because it’s convenient. However, these simple passwords are usually the easiest to crack.

Reusing a password across multiple websites makes a compromise more likely.

Use Domain Privacy

Enabling privacy on your domain shields your contact information during a Whois search. That way, scammers and solicitors don’t know who to contact or have your personal information when looking up your website.

It’s a great way to prevent spam emails, calls, and other unsolicited contacts.

Using AlphaSSL Certificates

Secure Sockets Layer, or SSL, is an encryption method that prevents hackers and bots from intercepting user data when visitors access your website. In fact, it’s such an effective method, Google prioritizes websites that have an SSL installed.

Currently, you can add the AlphaSSL to your site for greater protection for only $49.95 for the first year. While the free Let’s Encrypt SSL offers basic protection, upgrading to the premium AlphaSSL covers far more of your bases.

If you need an SSL certificate, you can find the ability to add one from your GreenGeeks dashboard.

Never Underestimate the Need for Cyber Security

These are just a handful of ways that we, and you, can help keep your data secure and safe. Even if you don’t collect user information, hackers can still use your website as a decoy. This is why it’s crucial to make sure you’re keeping them out of your files.

All it takes is the smallest of exploits before someone can gain control of your site and all of its data.

The post GreenGeeks CyberSecurity Month 2022: How We Help Keep You Secure appeared first on GreenGeeks Blog.

GreenGeeks has temporarily disabled access to the Horde Webmail client across our network. Unfortunately, this action was necessary as the GreenGeeks Server team became aware of a potential exploit within the third-party Horde Webmail client.

This exploit allows for a potential compromise of a device by simply opening up an infected email via the Horde interface.

Where can I find more information about this exploit?

For more information about the Horde exploit, please refer to the following links:

Exploit Info: https://blog.sonarsource.com/horde-webmail-rce-via-email/

CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30287

How does this affect my GreenGeeks service?

The Horde Webmail client will be temporarily unavailable in your GreenGeeks webmail.

What is GreenGeeks doing to protect me from this Horde exploit?

Simply put, the best way to protect yourself from this exploit is to stop using Horde completely. Until a software patch is available, using Horde opens a vulnerability to exploits should a malicious email be opened.

Since there’s no way to identify these messages specifically, leaving Horde accessible posed a clear threat to the integrity of the GreenGeeks network.

To that end, GreenGeeks has temporarily disabled all access to the Horde Webmail client on the EcoSite & Reseller network segments to protect our users and their data.

While we understand that this may cause some inconvenience, this action was necessary to protect the integrity of our network from malicious activity.

When will access to Horde be restored?

GreenGeeks intends to re-enable access to the Horde Webmail Client as soon as possible once a patch has been rolled out and applied to our servers. If you have questions about this exploit we have not covered, please open a new Support Ticket from within your GreenGeeks Dashboard

The post Horde Email Vulnerability: What You Need To Know appeared first on GreenGeeks Blog.

At GreenGeeks, security is one of our top priorities, and with the increase in demand for web hosting, as more and more businesses move online, new security threats and vulnerabilities are constantly emerging.

According to ThreatPost.com, although such attacks have been growing worldwide over the last few years, in the United States alone, ransomware attacks were up a whopping 109% in 2020 which makes taking some simple security precautions all the more important.

Addressing Cybersecurity for Your Websites

While the Abuse team at GreenGeeks has seen its fair share of new challenges arise during the pandemic, we’ve also used this as an opportunity to expand our real-time protection and malware removal tools.

As a result of GreenGeeks’ proactive approach to malware, which includes real-time malware file scanning, targeted software updates, and active HTTP-level protection, we have been able to stay on top of this problem and assist our customers more efficiently.

In the last month alone, the GreenGeeks Abuse Department reached out to almost 500 infected users, and we routinely update vulnerable WordPress plugins on our Shared and Reseller network to the most recent version release in order to patch newly disclosed vulnerabilities. 

Making sure all software hosted under your account is current, whether you use WordPress or not, is critical to the website’s security & stability. The number one cause for compromised websites is the use of outdated software, particularly extensions(themes/plugins).

Our Support team can also assist with configuring automatic updates for all WordPress core, themes, and plugins going forward to ensure the site is always running the most up-to-date versions of software.

In addition to keeping your site up to date, there are plenty of other steps you can take to secure your website and account even further.

Website Security

Securing your website is easier than you think, especially if you use WordPress to manage your website. WordPress offers automatic updates for most themes and plugins and allows for easy customization of update options.

WordPress also offers optional two-factor authentication, security plugins, and other extensions to protect your site. In addition, GreenGeeks automatically imports any WordPress websites into the Softaculous App Installer system in cPanel, for easier management and update assistance.

Website Backups

Along with adding additional security to the site, taking regular backups is one of the most important things you can do to protect your site. Backups can be taken at the cPanel account, Softaculous, or application level using a plugin such as the WordPress plugin – Updraft Plus.

While GreenGeeks takes our own backups for disaster recovery purposes, and we provide our customers the ability to restore from these backups regularly as a courtesy, we always suggest creating your own set of backups as an insurance policy.

Securing Your Domain Registration Details

Securing your domain is actually easier than you think with ID Protect. With ID Protect enabled on your domain, all of your administrative contact details are hidden from public WHOIS searches, which ultimately prevents your personal information from being scraped.

If your domain does not have ID Protect enabled, this can ultimately lead to spam being sent to the email address listed for your domain contact. Once spammers get a hold of your email address, there is nothing that can be done to stop them from trying to send spam.

What’s better, ID Protect is available for the low price of $9.95 per year, per eligible domain and can be purchased directly via your GreenGeeks Account.

Password Audits

The second most common reason for compromise is password reuse.  

For this reason, we strongly suggest regularly updating all passwords for the users under your control to new, secure passwords generated at random.

This should be done for your GreenGeeks Account, your WordPress dashboard, email accounts, and any other services for which you use a password.

Passwords should be 12 to 16 characters in length and include upper and lower case letters, numbers, and special characters.

A Note About Password Strength:

Passphrases are typically much stronger than passwords and easier for humans to remember. This is because a string of long random characters is easy for a computer, hard for a human, while a phrase such as “thequickbrownfox” is hard for a computer but easy for a human.

While regularly rotating passwords is best practice, you should also use a password manager to manage your passwords, such as KeePass.

KeePass works by creating an encrypted database, secured by a ‘master’ password, which stores your login credentials.  This allows you to create new strong, highly secure, passwords for each service and not worry about password reuse.

Even better is KeePass is 100% free! KeePass can share the encrypted database between multiple devices, and even has support for mobile clients or USB sticks, so you can take your secure passwords with you.

GreenGeeks Account Security

For account security reasons, you should never use an email address for your GreenGeeks profile that is associated with a domain hosted within your GreenGeeks account, i.e. admin@yourwebsite.com.

Such a configuration puts your account at risk should your email address be compromised and could cause you to lose access to your GreenGeeks account, should your domain name expire, or there’s an issue with your account.

GreenGeeks recommends using a third-party email provider, such as @gmail.com, @outlook.com or @yahoo.com in order to avoid such a situation.

Two-Factor Authentication (2FA)

In addition to the required device-based browser verification, GreenGeeks also offers two-factor authentication (2FA) for your GreenGeeks profile. Having 2FA enabled helps secure your account against unauthorized access by requiring a one-time code from your local device each time you log in to the GreenGeeks profile.     

This means that even if your email account, username, and password were all compromised, they still wouldn’t be able to access your GreenGeeks dashboard without the one-time code.

More information on configuring 2FA can be found in the Security tab in your GreenGeeks Profile, or our Support Article on 2FA configuration.

But wait, that’s not all!

To help further our commitment to Cybersecurity Awareness Month, we’ve started up a special sale on AlphaSSL certificates. 

While GreenGeeks offers Let’s Encrypt SSL certificates for free, these must be renewed every 90 days. With an AlphaSSL, your website is secured for an entire year, and this type of certificate offers a $10,000 warranty in case of any miss-issuance of a certificate.

What’s better, is we’re offering AlphaSSL’s for 50% off the initial price of $99.95 as a special price for Cybersecurity Awareness Month. That makes an Alpha SSL only $49.95!

This deal is only available for a limited time, so act now to take advantage of these special savings.

Keep Your Site Protected

There are plenty of ways you can increase the security of your website. Most methods don’t take but a few moments to set up. Don’t leave your site and data to chance by thinking you have plenty of time.

All it takes is a brief moment to lose everything.

The post October is Cybersecurity Awareness Month: Is Your Site Protected? appeared first on GreenGeeks Blog.

In such situations, GreenGeeks typically forces an update to the affected plugin, across our entire network, to ensure our users are not vulnerable. However, we, unfortunately, are not able unable to force WooCommerce updates without potential issues this may introduce for out-of-date sites.   As GreenGeeks has not applied this update automatically,  it is imperative that all GreenGeeks WooCommerce users update their own websites as soon as possible.

While GreenGeeks has implemented measures to block this malware from being immediately exploited at the server level, updating this plugin will resolve the root cause of the exploit and protect your site from having sensitive client data exposed.  WordPress even allows you to implement automatic updates for all themes and plugins in the WordPress.org repository. We strongly recommend that all customers implement automatic updates on their themes and plugins as doing this will ensure future releases for exploits are applied immediately upon release, protecting your site automatically.

To update WooCommerce, you’ll need to login to your WP-Admin, or use the WP CLI tool.  GreenGeeks customers can easily access your WordPress easily via Softaculous or via your GreenGeeks dashboard. 

If you are an existing GreenGeeks customer and require our assistance in updating your WooCommerce plugin, please open a Support Ticket via your GreenGeeks dashboard and our team will be happy to assist you.

The post WooCommerce Exploit Found – Update Required appeared first on GreenGeeks Blog.