Like many dozens of millions of people on planet Earth, my website CMS is managed by WordPress. Well, guess what? Sitelock just found malware on my website. No alarm, they fixed it and removed the files from my Cpanel. Looks like I was the victim of what is called a cross-scripting injection. XSS is the most common security vulnerability in software today. For professional security solutions, XSS is easy to find and easy to fix. XSS vulnerabilities can have consequences such as tampering and sensitive data theft. I thought because I had the basic malware scanner, the lowest level SSL and WordPress authentication through my host, I was good.
My clients are gonna hate this, especially because I serve the tiny budget market. Today I was taught a valuable lesson. High-end professional website management has a real hard cost of at least 85-100 per month. This is going to piss people off. They think they can get away with a $1200 website but then have to pay $1200 a year just to secure that website. I’m starting to understand why the larger agencies refuse to deal with the $1500 clients. When the site goes down, they will blame you. So today, the 21st of July 2020 I will only be selling the most secure websites.
The reality is that you as a website owner need the following: A strong password, a randomized login page, an EV SSL, a complete firewall, a CDN, spyware/malware scanners, an intrusion monitor, at least an every week file backup, 2 Factor Authentication and Form Captcha. Your business website running on WordPress, Joomla or Magenta is vulnerable to spyware and malware attackers unless you have all of these in the mix. Building professional-grade websites is not a simple thing and that guy/girl/nephew/son-in-law who says they can do it for free or for $500 is officially full of shit. If you edit your website from a computer, a VPN is essential, especially if customers trust you with their login information.
And then there is the company cell phone security. Another $15 subscription add on with malware bytes.
Depending on the piece of malware or spyware, you can get your phone locked and you won’t be able to get into it unless you pay somebody bitcoin. and it’s happening a lot the software gets downloaded through clicking a link on your phone or through a simple text message. you know a download or even a phone call can trigger a sequence of events leading to it. there’s lots of ways and it’s it’s happening to to millions of people and you gotta just spend the $15 to get a scanner on your phone. immediately.
Getting locked out of your phone is the extreme version of the spyware the run of the mill version is they take control of your 5th phone’s camera and contacts and microphones and then start building a database on your whole life and this is the stuff that you can buy when you go to the dark Web and try to buy consumer profiles are in bitcoin you can actually buy recordings of people through the software. So there it is, you get this down and you are doing a good job that no one will question.