Have no SSL certificate and think you’re secure? Think again.

The online world is a dangerous place. Being aware of the risks and taking steps to mitigate them has never been more important, and we at UpdraftPlus are committed to helping all our customers to keep their WordPress websites safe and secure. That’s why we recommend that you have SSL.

What is SSL? SSL is at the heart of website security. It ensures that sensitive information such as credit card details, usernames and passwords are safe as they transverse global computer networks. Having an SSL certificate on your web server provides privacy, critical security and data integrity for both your website and for your users.

How does SSL work? SSL Certificates basically work by making sure that all traffic between the web server and the web browser is secure and can’t be intercepted. SSL uses something called public key cryptography, which involves two ‘keys’ (long strings of randomly-generated numbers)- one private, and the other public. A public key (known to your server) is available in the public domain and encrypts all sensitive information. With SSL, data sent by your website will be ‘locked’ with the server’s public key so that it’s encrypted and can’t be read if intercepted by a hacker or identity thief. It can only be ‘unlocked’ and decrypted by the server’s private key, i.e. its intended recipient.

Extra benefits? Aside from the obvious security benefits, SSL is invaluable for giving your customers peace of mind. Customers can tell when a web serves has an SSL certificate because the application protocol (HTTP) will change to HTTPs (where the ‘s’ denotes ‘secure’), and the address bar is either green or shows a little padlock (depending on the web browser). Seeing this provides assurance that you’re taking their security seriously- which is more important than ever these days.

What’s more, since SSL certificates are only given out to verified companies who’ve undergone robust identity checks, they reassure users and visitors that any website using it is genuine and legitimate. Demonstrating the trustworthiness of your brand improves conversion rates, motivates customers to return and increases the likelihood you’ll get recommended to someone else. SSL also has an SEO benefit: since it’s now a part of Google’s search ranking algorithm, being certified will boost your Google Ranking.

Next Steps: It’s important to purchase an SSL certificate from a trusted Certificate Authority (like GlobalSign, VeriSign and GeoTrust). Once you’ve bought one, we recommend getting a plugin like Really Simple SSL to make its installation… really simple! It “automatically detects your settings and configures your website to run over https” so that all you have to do is sit back and relax. One last thing: before you install, it’s always a good idea to back up your website, just in case.


The post Have no SSL certificate and think you’re secure? Think again. appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

WP-Optimize passes 600k installs, announces new features

Our team confirmed today that WP-Optimize has passed the 600k install milestone.  This is the first major milestone since UpdraftPlus acquired the plugin from Ruhani Rabin at the end of 2016.

We’ve already released a lot of internal improvements and bug fixes in the last few months.  We’ve also been busy preparing a number of new Premium features, such as multisite support, the ability to optimise individual tables as well as InnoDB – these should be released in the coming weeks.

In the long term, we’re looking at optimising images and all aspects of a website – not just the database.

We’re thoroughly enjoying the challenge and a big thank you to all our users!

If you’re an UpdraftPlus customer who’s not yet using WP-Optimize – please do download and check it out today.  It’s a great piece of software: https://wordpress.org/plugins/wp-optimize/ 


The post WP-Optimize passes 600k installs, announces new features appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

Wannacry ransomware

You’ve probably heard all about the Wannacry ransomware that’s been spreading like wildfire across computer networks since last Friday- the one that encrypts computer files, demands a ransom (that doubles within 3 days) and threatens to delete the files in 7 days if the ransom isn’t paid.

So far, it’s affected over 200,000 computers in 150 different countries. By this morning, people had paid just under £30,000- but the true cost in terms of lost time, lost data and lost business is much greater. Germany’s rail network Deutsche Bahn has been affected, as has the Spanish telecommunications operator, Telegonica, French car producer Renault, US Logistics Company FedEx and even Russia’s Interior Ministry. The attack on 61 of the UK’s NHS trusts has resulted in huge disruption to services and delayed or cancelled operations, putting people’s entire lives at risk.

This attack wasn’t specifically targeted at any particular groups or individuals, but just a faceless virus let lose by cybercriminals with no thought of anything but their own profit. The reality is that because we all depend on technology, personally and corporately, our vulnerability runs deep.

Reports of attacks have slowed down, although experts are warning that we shouldn’t expect it to have gone away just yet. A 22-year-old security researcher became an “accidental hero” when his registering of a domain name to track the virus’ spread ended up putting a stop to it. But even he expects that it’s not over: “The attackers will realise how we stopped it, they’ll change the code and then they’ll start again. Enable windows update, update and then reboot.”

This attack is unprecedented in scale. It exploits a flaw in Microsoft Windows that was identified by the US intelligence- but not sufficiently guarded. Microsoft’s Chief Legal Officer, Brad Smith said: “The governments of the world should treat this attack as a wake-up call.”

Keeping up with schemes that endlessly increase in scale and sophistication is a huge challenge. Of course, major security flaws represent potent ammunition for online terrorists and should be more carefully guarded.

But the truth is that every single person who uses a computer has a responsibility to have a basic understanding of the risks. Everyone should practice basic cyber security.

Here are the basic security measures we recommend that everyone should implement:

• Back up your files.
If your files are stored in the cloud and not just on your computer, you’re not going to be held to ransom. Store data on external servers like Dropbox and Google Drive this makes it easy to restore the latest version of your files.

• Use antivirus software
This will scan files before they’re downloaded. It should also block secret installations and seek out malware that may already be on a computer. If you don’t already have it, enabling Windows Defender is free and effective.

• Install updates!
This is vitally important, since new versions of things like Microsoft Windows fix exploitable vulnerabilities. You can set up alerts to inform you when there’s a new release. If you use Windows, make sure you install the patch that’s been released to block the specific exploit that the Wannacry software is using.

• Be suspicious!
If you receive an unsolicited email, be suspicious! Don’t open it, and certainly don’t click on any links. The same applies to adverts and unfamiliar websites. Don’t download apps that haven’t been verified by an official store, and always look at reviews.

Wannacry doesn’t seem to affect website files, but there are plenty of other viruses that do. Viruses are getting cleverer and firewalls and security software can’t protect against everything. The best way to have peace of mind is to back everything up as that protects against every kind of threat. So if you have a WordPress site, make sure that you install UpdraftPlus today.

The post Wannacry ransomware appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.