Looking at the news recently you wouldn’t have to look hard to see that cyber security isn’t in good shape and that isn’t a new problem. A big part of the problem is the security companies, the organizations that are supposed to be improving things are in a lot of cases making things worse instead. For example, on the one hand we have a situation where many people are not doing the basics, while security companies are pushing more advanced security products and services, which they don’t provide evidence that would provide any value over doing the basics (or even evidence they would provide the protection to same degree as doing the basics). What make this issue stand out so much is that even the companies themselves are often failing to the basics, we recently looked at one cybersecurity company that claims to have “clients in the intelligence community, DoD and nearly every cabinet agency” and isn’t bothering to keep the software running the various parts of their website up to date while telling the public they need to take advanced measure to protect their websites.
October is National Cyber Security Awareness month, which unfortunately isn’t a time when these companies consider that they are not having a positive impact, but instead yet another chance to hock their wares. Case in point is SiteLock, over at their at their WordPress focused blog, The District, they have a post, National Cyber Security Awareness Month – What it Really Means for WordPress Users. In that post they include a list of simple security steps. Since the post is WordPress focused you would expect that making sure WordPress and it plugins are up to date would be one of them, but it isn’t. Here is what they listed below:
Simple Security Steps to Implement Today
Some of these may sound simple, but if not implemented can put you at risk.
- Never write down your username and passwords. Use a password manager tool like LastPass, 1password or others.
- Use anti-virus software on your computer.
- Always use a Virtual Private Network when connecting to public wifi. Learn more about VPNs here.
- Install a Web Application Firewall on your website.
Instead of updating the software they suggested using a web application firewall and they linked to their service that includes that. If you go to the page with the details of their WAF you will find that they don’t provide any evidence, much less independent third-party evidence, that this provides any protection at all (not even from rigged testing, like they recently did for another part of their service).
Actually updating your WordPress plugins would actual make you more secure, as vulnerabilities are frequently fixed in new versions, but telling you that wouldn’t make them money.
A Better Alternative to SiteLock For Cleaning Up a Hacked Website
If your web host is pushing you to hire SiteLock to clean up a hacked website, we provide a better alternative, where we actually properly clean up the website.