When it comes to our own services, we always advise on keeping things as secure as possible – but it’s high time you considered how secure you are actually making things.

What Makes a Password Secure?

It’s tempting to create a password that’s easy to remember.  A pet’s name, your mother’s maiden name, throw in the last two digits of the year you were born – you’re not likely to forget those details. However, password security has moved on massively, and we’re largely being advised to create long strings of characters and symbols to build truly unique phrases.

Strong passwords, on the whole, are phrases and words which are going to be difficult to predict outright. We recommend that anyone using our services considers using a mix of the following:

• Upper and lower case characters (and not necessarily at the start of words)
• Numbers
• Symbols (valid keyboard entries such a £, %, & etc)
• A phrase of at least eight characters long

Strong, secure passwords should also have no link to your personal life, tastes or history. ‘fluffy77’ is going to be far easier for unwanted hackers to guess than ‘YG^&9&dxxC$34’! You don’t even have to make your password that complex – think of a phrase, and shorten it with numbers – or write words backwards!

Why Strong Passwords?

The advice to create passwords you’re likely to remember is getting very old indeed. There are several reputable password locker programs available online, many of which are offered by antivirus services. Safari, Apple’s landmark browser, outright creates complex passwords for you whenever you sign up for something new. If you can’t remember the strong phrases you create, use a secure program or app to help store them.

All in all, strong passwords are here to help you. With hacking and intrusion growing ever more sophisticated, is it really worth still clinging onto that maiden name, or your favourite football team? Prevention is far greater than the cure – lock up safe with a secure set of passwords with little to no chance of intrusion.

Every month we monitor our network uptime to ensure we’re meeting our uptime guarantee and in November we achieved a whopping 99.98%.

As great a piece of software as WordPress is, if it’s not kept up-to-date with the latest releases and security patches then it becomes a magnet for even the most amateur hacker. Scripts such as xmlrpc.php can be easily manipulated to send out large amounts of spam. You may not think this is an issue for you personally but if just one of those spam messages hits a spam trap, then the server’s IP address is blacklisted and other users will find they’re unable to send mail.

We’re not having a go at WordPress here. It’s a great piece of software and there’s a reason it’s the world’s most popular blogging platform, however you cannot simply install it and forget about it. It MUST be kept up-to-date. This issue is not restricted to WordPress of course – it affects any PHP software running on your server – WordPress is just more of a target due to the volume of installations out there.

There are many tools freely available that can ‘lock-down’ your WordPress installation – one we’ve played with ourselves is:

https://wordpress.org/plugins/better-wp-security/

It’s a WordPress plugin that’s available free, very easy to install and provides a run-down of the things you should do once you’ve installed WordPress (such as disabling the dreaded xmlrpc.php!)

There are server wide settings we can employ that will help stop some of these attacks however they also restrict genuine functionality which then causes more issues.

Although load is currently being sustained, the intelligent management of this unit is impaired and it is likely that in the near future this may become service affecting.

Due to this, we are scheduling maintenance to replace this unit. During this maintenance it will be necessary to power down the network switch for duration of the replacement process.

MAINTENANCE WINDOW
Start:
2015-03-31 23:00 (BST / GMT+1)
End:
2014-03-31 00:00 (BST / GMT+1)

EXPECTED IMPACT
Complete connectivity outage for affected server of up to 10 minutes during the above window.

Our apologies for the inconvenience caused by this work, however please be assured it is necessary to complete.

We’re finding more and more attacks on our servers are caused by exploits in the WordPress software – not through any fault of WordPress itself but the fault of end users who are not applying the numerous patches and security releases that WordPress distribute each year.

It’s essential that if you have WordPress installed on your hosting account that you keep it up-to-date constantly; the software can even do it itself if you configure it that way! Let me say that again. You must always keep up to date with the latest version of WordPress.

There are also a variety of security plugins available to help ‘harden’ your WordPress installation and we’d recommend these too.

Whilst we’re never happy when this doesn’t reach 100% we’re pretty confident we’ll be able to do that in December.

Due to this, we are scheduling maintenance to replace this unit. During this maintenance it will be necessary to power down the server for the duration of the replacement process.

MAINTENANCE WINDOW

Start:

2014-10-21 22:00 (BST / GMT+1)

End:

2014-10-21 23:00 (BST / GMT+1)

EXPECTED IMPACT

Total service outage for affected servers of up to 20 minutes during the above window.

Our apologies for the inconvenience caused by this work, however please be assured it is necessary to complete.

Due to this working involving the powering down of hardware, please take time to ensure you have complete backups of your data stored in an off-server location.

Please use this time to ensure your software is up-to-date (which it, of course, always should be!)

Of course, we won’t be happy until 100% would recommend us – that’s the next challenge.