CLUE #1: No one refers to me as DEBORAH ANN, so that is clue number one, albeit not necessarily a red flag.

CLUE #2: Now look at the link. It starts with http://… Most reputable sites, especially domain companies will be using httpS://… The S is for secure and many of us in the know have changed ours two years ago. And again, we see the signature area missing the S on http://.

CLUE #3: Look inside the link. A real url will be simpler. For instance it would read something like …bluehost.com/account/reactivation.html. Instead, we see “bluehost.com/cyberlegosite.com/account/reactivation .html. This is a fake site. Now here is your red flag!

CLUE #4: So if you have been unlucky enough to actually experience malware on your Bluehost site you might have taken the bait and clicked the link. Like me, you’d hopefully get the warning below. If you missed the first few clues, do pay attention to any warning…and call your web site manager to check it out!

P.S. I had a chat with Bluehost and they confirmed it was malware and they have been getting a lot of reports on this today.

In the meantime, those of us who can work from home are doing so, and this includes me updating your websites at once or twice every week to keep it safe. Rest assured, I am keeping a lookout for any potential viruses that might be lurking. If you want weekly security updates please contact me and we can add it to your service. My program has the potential to add services that may be useful to you. But because they cost more, I don’t include them in the normal subscription.

Today, I made Divi Theme updates to over 30 websites, two Woo Commerce database updates that had to be done manually, over 20 plugin updates to various client websites. There were no scammy comments to delete. One website’s dashboard recommended I check on a potential virus. I had the Manage WP program review it and it was declared safe. All sites are backing up fine so no corrections were needed.

These are the things I check on every week…

Until next month stay safe and take advantage of your down time with family and loved ones.

On the first day… you are notified that your domain will expire in 6o days. The domain was purchased years ago and the registrar is a place you never heard of before. Worst case scenario: You ignore the message and your site goes down. The domain goes public and someone buys it. He asks for $6,000…. Best case scenario: We transfer the domain to our host and update it for you without you having to worry about it again.

On the second day… your WordPress website gets hacked because you followed a scam email. Worst case scenario: you never made a back up and you have to hire a security company to clean your website. It takes a month and you have to take your site offline. Best case: Luckily, you signed up for a maintenance plan with us so there is a backup of your website that we restore for you. But no worries, our maintenance plan should prevent it in the first place.

On the third day… you are having problems with your website made by an acquaintance who is now too busy to help you update it. We find out your custom hand-built theme has never had security updates and it has malware. We recreate your site using our module based theme that gets regular security updates.

On the fourth day… the free plugin on your site is abandoned by the developer and is no longer working correctly. We replace the plugin with one that is similar but supported. When using free plugins we like to contribute to the developer so they can continue working, but they are still a good value.

On the fifth day… the Paypal Donation button stopped working on your website. It could be a number of reasons including someone changed your pp password. We reset the code and fix the problem.

On the sixth day… your company is moving and you need the addresses and Google maps to be changed. We also help you by creating an announcement on the website prior to the move.

On the seventh day… you have been adding images to your blog posts but forgot to reduce their size. Your site slows down because each image is over one megabyte. We reduce the sizes of your images and recheck the performance of your site.

On the eighth day… you want to highlight a new service or product but don’t know the best way to do it. We make recommendations and make the changes for you.

On the ninth day… You want to send your clients a holiday email card but don’t have an image to use. We find a great inexpensive image from a stock agency and send the samples for you to choose. We set it up for you.

On the tenth day… You forgot how to add a photo to a newsletter, so you call us and we help you by walking you though it over the phone.

On the eleventh day… One of the plugins on your WordPress website won’t update in the dashboard. You call us and we download a new version from the developers website and replace it.

On the twelfth day… You have text and pdfs to add on a new web  page and you want help organizing the material to fit your design and brand. We are happy to assist.

Merry Christmas and Happy New Year to all!

Perhaps you made a major marketing effort the previous month and want to see how that affected your website’s SEO. You can see here that visits were doubled in the period from October 11 to October 22. I made some home page edits and wrote a few blog posts. I was surprised to see the change. The chart on the right side lists my top competitors in the area.

This tool also allows you to track specific key words

Let me give you an example. The keywords I wanted to track are “web design” and the also towns where I do the most business, such as Framingham, Natick and Boston. One of the ten keywords I chose is “Framingham Web Design” and another “Boston Web Design”.

How did I do?

I am on the first page of Google for the keywords “boston divi theme”, “framingham website design”, “natick web maintenance” and wellesley web maintenance.” Perugi Design is number 12 for “natick website design” and number 14 for “boston wordpress websites”. I think that’s quite good considering the number 12 spot is located on  the second page of the orgainic area on Google.

Part of the work is figuring out the best keywords for the audience you are trying to attract. There are other tools we use for that too.

The softeare creates a pdf booklet that itemizes everything that is updated on a weekly basis. such as number and dates of backups saved, plugins that have been updated, security checks, spam comments that have been removed and if and when and how long your website was offline.

Only clients on the monthly web maintenance plan gets these reports, either monthly or quarterly. (It cannot be accessed via the dashboard.) The pdf report is great for presentation purposes, too. If you are an existing or new client thinking about taking advantage of this service, message me. I’d be happy to talk to you about it!

As a web developer I am aware that security is getting difficult in manage and we need to be proactive to prevent our websites from being compromised.

Security Week writes “Attackers have been abusing an XML-RPC method to amplify their brute force attacks against WordPress websites, experts have warned.

According to security firm Sucuri, malicious actors are leveraging the fact that the XML-RPC protocol, which is supported by WordPress and several other popular content management systems, allows users to execute multiple methods within a single request by using the “system.multicall” method.

It’s not uncommon for attackers to launch brute force attacks against WordPress websites in hopes that their administrators have set a weak password that can be easily guessed. However, making a large number of requests to the “wp-login.php” login page raises red flags and the attack is not difficult to block by security systems.

By abusing the “system.multicall” method, attackers can make hundreds and even thousands of attempts with just a handful of HTTP requests. In attacks spotted by Sucuri, the malicious actors have been using the “wp.getCategories” method within “system.multicall.”

“wp.getCategories” is the method of choice in these attacks because it requires a username and a password, which allows attackers to try out widely used credential combinations, such as the “admin” username with the password “demo123.” However, experts have pointed out that they could use numerous other XML-RPC methods that require a username and a password.”

I recommend that you check your user name and password by going to the User info on your dashboard. Do not use “admin” for a user name. Use either your email address or your name instead. Make sure your password is Strong. It should contain Upper and lower case letters, numbers, and symbols. It is possible to use a combination of these characters that you can remember.

If you would like me to set this up for you, do not hesitate to ask. Let’s be safe!