Security Essentials Unpacked: A Guide to SSL and SSH
The world revolves around data — each and every click a piece of information. Security of that information is paramount. SSL and SSH are two of the most important weapons in the arsenal when it comes to keeping data secure on the web. While both work for our protection, they do so in very different ways. The tech industry loves its acronyms and initials. So, let’s get this out the way to begin with: SSL stands for “Secure Socket Layer”, while the second set of letters — being the favourite of systems administrators and turtles alike — stand for “Secure Shell”. Each one plays a huge role in keeping our data secure and making sure that people are who they say they are, online. But what exactly is the difference between the two? Well, at a glance: ➤ SSL is used to: establish a secure connection between your web browsers and the websites you’re visiting. Specifically, we need to talk something called an SSL Certificate. These credentials are rather like digital passports, serving to confirm the identity of a website owner. Once checked, SSL Certificates go to work to hide data that’s being exchanged. This is important whenever we share sensitive info, such as credit card numbers. SSL Certificates are absolutely essential for all sorts of websites owners. ➤ SSH is used to: access and manage computers remotely. It offers a secure way to interact with servers so that a user can log in and executive commands from anywhere. This might also involve sensitive data, if not sensitive commands. Put simply, Secure Shell is a way for turtles — sorry, systems administrators — to securely access and manage systems from afar. And if you had to ask, you probably needn’t worry about it. Key Similarities: Encryption SSL and SSH both use encryption to keep information safe. That is, they both use algorithms to scramble up data so that it can’t be read by outsiders. SSL makes use of encryption to protect the data you share with websites. SSH uses encryption to be sure that when someone is accessing a computer or server from far away, no one else can take a look or interfere with what’s going on. SSL and SSH both make use of “public” and “private” keys. That’s the key point (if you’ll excuse the pun): data is scrambled in such a way that’s impossible to decode given that nobody has access to both sets. Needless to say, data without encryption is compromised more often. Only 56% of businesses fully encrypted their internet traffic in 2020. According to The World in Data Breaches Report by Varonis, as many as 7 million unencrypted data records are compromised every day. SSL What do SSL Certificates do? You’ve surely seen it before — that little padlock symbol hanging out beside the address bar. If so, you probably have some vague sense of what SSL Certificates are about. Imagine you’re doing some online shopping. With a basketful of items, you move on to the checkout page. There’s that padlock symbol. You may also notice that the “HTTP” part of a web address has changed to “HTTPS”. That extra ‘S’ stands for “Secure”. Users encounter SSL Certificates on a daily basis when browsing the web. SSL Certificates establish a secure and encrypted connection between a client (like your web browser) and a server. Though digital, you can think of an SSL certificate much like you would a real paper credential, like a passport or an ID card, but for website owners. It all ensures the website you’re visiting is what it claims to be and not some fake site trying to trick you. You can shop in confidence because a safe connection has been established. These certificates are controlled by a limited number of third parties. Known as Certificate Authorities, they work to make sure website owners’ details are legit. In fact, 96.3% of all SSL certificates online are issued by only 9 Certificate Authorities. SSL Certificates were introduced in the mid-1990s and marked a real turning point in the history of the internet — especially online shopping. But they’re important for just about any sort of website that deal with sensitive info. Over time, SSL developed into TLS or “Transport Layer Security”. We still use the original expression to discuss the basic idea. Today, there are over 2.5 million SSL/TSL Certificates on the web. Click here to learn more about securing your website with an SSL Certificate from 123 Reg. SSH What does Secure Shell do? Secure Shell is a type of protocol that allows users to access and manage computers remotely and securely over the net. It’s mainly used by IT pros for remote server access, allowing them to login and manage servers from any location. Not everyone’s idea of fun. In fact, most of us will remain blissfully unaware. Imagine, for instance, you’re a systems admin — sitting on a beach in Bali — and you want to access your website through an FTP Client (that’s the software that lets you manage it all from afar). You can use an SSH “tunnel” to established a connection between your local computer and the remote machine. By using SFTP (the secure version of an FTP) you can guarantee your connection is encrypted. You are free to upload new files, carry out maintenance tasks, or perform any other task you please. SSH makes use of certificates of sorts, too, but there are some additional steps involved. The encryption is like an onion with three layers. First, the Transport Layer creates a secure connection between the user and the server, keeping the shared data safe. Next, the Authentication Layer checks the user’s identity to ensure they have permission to access the server. Finally, the Connection Layer manages various types of communications over the secure channel. To be sure, SSH is more than remote access, and it’s more than the VPN you might use to watch Australian reality television. Rather, it’s an uber-secure channel for
Bulletproof WordPress: Surefire Tips to Secure Your Site
WordPress dominates as the world’s go-to content management system — and there are many great reasons for that. Yet, the platform’s popularity alone can make it an obvious target for online attacks. Fear not: there are just a few easy steps you can take to keep that beautiful WordPress site of yours safe. You’ll want to protect all the hard work that’s gone in, after all. Your visitors also need and expect security. So with that, let’s dig into our surefire tips for keeping WordPress under lock and key. Use strong, unique passwords It’s sad but true: 48% of small businsesses are targeted by cyberattacks each year. So, to start with the obvious: you really ought to use strong and unique passwords across all your WordPress accounts. Change your passwords often. This is true for your admin account, FTP and database access, and all other associated accounts. Reused passwords can be compromised. Try your best to make your password over 10 characters long and to include uppercase and lowercase letters, numbers, and special characters. One great tip is to take the first letters of a memorable sentence and put that into a clever password (or a “mnemonic”). For example: “this little piggy went to market” might become “tlpWENT2m”. Password manager tools are also available — both for generating and storing passwords for each account. Change your login URL By default, WordPress login URLs are easy to guess because they’re usually www.example.com/wp-admin or something similar. Hackers know this and will target your login page to attempt brute-force attacks. However, you can protect your website by using a plugin to change your login URL to something unique, making it harder for hackers to find. One of the most popular plugins for changing your login URL is WPS Hide Login, which allows you to change your login URL to anything you want. It’s also easy to use and comes with a simple user interface. Just make sure you keep a record of your new login URL so you don’t lose it and only share it with people who need access to your website. Use an SSL Certificate SSL Certificates are sort of like digital passports and they’re especially important when exchanging sensitive info. Have you ever noticed the padlock icon when shopping? SSL’s work to encrypt the data that transfers between a browser and a web server, making it practically impossible for hackers to intercept. This includes things like credit card details, login credentials, and other personal data. Fortunately, SSL certificates are easy to set up, and you can read more about them here. 123 Reg Managed WordPress actually comes with a free SSL certificate to help keep your website and your user’s data secure. There are all sorts of very good reasons to get an SSL Certificate. In fact, they’re a must-have for any sort of website that deals with transactions or sensitive information. If you’re not using 123 Reg Managed WordPress, you may need to purchase an SSL certificate separately and install it on your server. Once you’ve installed the SSL certificate, you need to configure your WordPress website to use HTTPS instead of HTTP. This is easy to do using a plugin like Really Simple SSL, which automatically redirects all HTTP traffic to HTTPS. Don’t use the default “Admin” username WordPress sets the default username as “Admin,” which is easy for hackers to guess. When creating your WordPress account, always use a unique username. If you’re already using the default “Admin” username, you can easily change it by creating a new user with administrator privileges and then deleting the “Admin” user. To do this, go to Users > Add New in your WordPress dashboard, create a new user with administrator privileges, and then log out. Log back in with the new user account and delete the “Admin” user. Keep WordPress core up to date WordPress regularly releases updates to improve performance, add new features, and patch security vulnerabilities. It’s essential to keep your WordPress core up to date by regularly checking for updates and installing them promptly. 123 Reg Managed WordPress automatically updates your WordPress core to help keep your website secure. If you’re using a WordPress hosting package that doesn’t offer automatic updates, you need to regularly check for updates and install them manually. To check for updates, go to Dashboard > Updates in your WordPress dashboard. If there are any updates available, click on the “Update Now” button to install them. Make sure you backup your website before installing any updates. Keep WordPress plugins and themes up to date, too The average WordPress website has over 23 plugins and themes installed — and over 99% of security vulnerabilites are related to plugins and themes. Just like WordPress core, plugins and themes can also have security vulnerabilities that need patching. In fact, plugins and themes are the sources of the majority of WordPress vulnerabilities. It’s essential to keep your plugins and themes up to date by regularly checking for updates and installing them promptly. Outdated plugins and themes can be a significant security risk, as they can be used to gain unauthorised access to your website. It’s a good idea to test the effect of updating plugins and themes in a staging environment. You can do this from your WordPress Dashboard and looking for the section named (you guessed it) “Updates”. If there are updates available, click on the “Update Now” button to install. It’s also good practice to remove any unused plugins and themes as they can pose a security risk. Back up your website — and do it often Backups are essential to recover your website if it gets hacked, corrupted, or accidentally deleted. It’s essential to have a recent backup of your website stored securely, so you can restore it quickly if something goes wrong. 123 Reg Managed WordPress automatically creates daily backups of your website, so you can easily restore your website to a previous version if necessary. If you’re using a self-hosted WordPress