Is it possible to put some type of security on your website, or is it normally protected through the hosting site? I just went to a site of a VA and it's apparently infected with something as my resident AV program is blocking the site with a warning. I also checked it out at Exploit Prevention Labs, as suggested on the forums connected with my resident AV protection (avast)...and it also says it's infected. So all of this started me thinking about how to protect my website.

Thanks!

__________________
Pam Deyerle - Transcriptionist in the Richmond, Virginia area
The Perfect Word Transcription Services

Hi Pam, I didn't know the answer to your question so I asked my own personal resident expert [my husband and business partner who is a programmer] and he said there are some open source options he's come across but couldn't remember anything in particular. He suggested a search online, so I had a look and found surprisingly little.

I think unless you are running an ecommerce site and need to protect your customers' info (in which case you'd want an SSL, etc.) I'm not sure there is much of a market for this.

Maybe someone knows otherwise? I'm certainly curious now as well.

The one site I did find that might be of interest to you is this one: GamaSec but I think their market is largely ecommerce and larger web-based applications.

They offer the following free sample and test:
See an example security test report

Test your website with a free website scan

__________________

I have a Wordpress site and with WP you can plug in some additional security. 'The VA Chick' has some good ideas on that. What is your site built on?

Cheers

Fiona

That's a good question and I have two sites, one using Joomla or another one using Wordpress and I used to wonder how safe they were.
I think that any site is hackable depending on the hacker's skill level.
I don't have any confidential data on my websites and I create backups regularly. So if it ever gets hacked, I can reinstall my files and put the website back up and change my password again.
It costs money to secure a website. Go to www.ssl.com and you will find some good options.
If you are storing any confidential information on your website, like customer database, credit cards etc., then you should secure it, otherwise just create regular backups.
JM2C

The situation with the other VA's website was resolved, but I was still wondering if there was a way to prevent someone else from putting code into your site. I've been so busy lately that I haven't had time to follow up on that with my website host.

My site is all HTML built using a free FTP program, Paint Shop Pro, and hosted through where I have my domain name. I believe my son used Linux format (if that's the correct terminology). I've taken it over now and know almost more about HTML than he does (thanks mostly to this site's HTML lessons and the wonderful Tess and Codehead!).

I don't have any confidential information on my site and it is backed up. It's just such a hassle to have to redo everything I was trying to figure out if there was a way to help keep it from being hacked to begin with!

__________________
Pam Deyerle - Transcriptionist in the Richmond, Virginia area
The Perfect Word Transcription Services

Pam, so great to hear the HTML classes have been useful - we're still hoping to resume but life and business have gotten in the way!

I think I misunderstood your question initially, so here's my follow-up answer

I'd say the best thing you can do is to keep your FTP password *complicated* and secure and change it on a regular basis. Also check your computer for malware regularly and don't access your FTP from any computer you are not sure is secure. If you're on a wireless network, make sure that's secure as well.

__________________

Tess gave great information, as always. For Wordpress, the first thing I usually recommend to clients is that they come up with a password that includes at least one capital letter, at least one number and that it's at least 8 characters log. If they can add a symbol (&$*!, etc) even better.
When I create sites, I use a password generator that is included with the Keepass password vault software that I use to keep track of client id's and passwords.

My second tip is not to use 'admin' or 'administrator' as the user name.

__________________
~Tina Marie Hilton of Clerical Advantage
& founder of VA Survival School

I just wanted to add that with hacking an 'everyday' issue now it's always a good idea to keep a recent backup copy of your *entire* website on your hard drive and/or disc. That way if something does happen, once you get control of your cPanel again you can upload the site as it was without having to do all the work over again.

Also, I second Tina Marie's password generator - never use a word found in the dictionary for your pass...

__________________