Istio 1.0: Making It Easier To Develop and Deploy Microservices

Istio 1.0: Making It Easier To Develop and Deploy Microservices

With the recent availability of Istio 1.0 it is not surprising that it continues to capture much attention from the technical press and developer community. As an open platform to connect, manage, and secure microservices, Istio promises to make it much easier to build and
Not Digital Transformation; It’s “Intelligence Transformation” We Seek

Not Digital Transformation; It’s “Intelligence Transformation” We Seek

Forrester published a report titled “The Sorry State of Digital Transformation in 2018” (love the brashness of the title) that found that 21% of 1,559 business and IT decision makers consider their digital transformations complete.  Complete? Say what?! The concept of “Digital Transformation” is confusing because many
Endpoint Security

WordPress Security 101 – Endpoint Security And Disaster Preparedness

Endpoint Security And Disaster Preparedness

Continued from part 4

Setting up a secure password for your admin dashboard is a tactic that sets you on the right track to a robust WordPress security. But one smart tactic, or a combination of tweaks and plugins, won’t get you far.

You need to have a security strategy that not only oversees most attack vectors but also allows you to mitigate damage and restore your site quickly in the event of an accidental data loss, breach or a hijack.

Endpoint Security

Securing your WordPress blog requires more than just watertight backend protection, timely updates of the WordPress core and plugins, or an internal monitoring system. One of the frequently overlooked breach points in your blog’s security perimeter is your endpoint device.

WordPress makes it possible to access your admin dashboard from many devices such as computers, laptops, smartphones, and tablets. Losing any of the devices you use to access your blog, or having them hacked, means exposing your blog to great risks.

So you need to exercise appropriate precautions and account for endpoint security.

Endpoint Security Tips:

  • Secure your devices by using a strong PIN or password, and enabling two-factor authentication to unlock your device such as biometric ID, if possible.
  • Set your devices to auto-lock after a set time on idle.
  • Don’t access your WordPress backend from public computers, as these often are riddled with spyware and keyloggers. Likewise, their browsers can be configured to automatically store your login credentials, in which case you’d be giving away your login details to an awful lot of strangers using the computer after you.
  • Don’t check your email from public computers, either, for the same reasons. Your email is vital to your WordPress security – anyone gaining access to it could reset your WordPress password.
  • Do not access your WordPress admin dashboard nor your email from public Wi-Fi hotspots, unless you are using a trusted Virtual Private Network (VPN) with robust encryption and OpenVPN protocol.
  • Only install apps and games on your smartphone from the official app store.

Disaster Preparedness

Hope for the best but prepare for the worst. Assume that, even with the latest updates and the best of manual tweaks, there is a vulnerability that escaped your scrutiny.

When the worst happens, do you have the backups to fall back to, or do you know where they are? Are they even current? How long will your blog be down while you mitigate the damage? What if your hosting provider goes out of business suddenly? Or you just lose data by accident?

When you know the answers to all these questions, you have a security strategy.

Disaster Preparedness Tips:

  • Have a plan. Break down a huge task of restoring your blog from a hack/accident/act of God into smaller, digestible chunks.
  • Consider having a failover service that would redirect your traffic while your blog is down.
  • Have a temporary notification page you can display to your readers telling them that you won’t be down for long.
  • Be ready to start and restart your blog’s services, such as your database and web service, if needed.

WordPress Backups

Without a current backup on hand, you’ll have to clean your blog manually or pay someone to do it for you. On the other hand, if your web hosting gets compromised, there’s little you can do but move to another hosting service. In this case, a current backup is also crucial. An ideal backup tactic would be to combine several backup storage locations so that if one location gets compromised, you can always use the alternative source.

Likewise, backups should be incremental and automatic. When your backups are current and readily available, you will restore your data and re-deploy your blog almost immediately, with minimum downtime. On the contrary, a slow recovery from a hack could have a negative SEO impact on your blog’s rankings, organic search traffic, and revenue.

Backup Tips:

  • Have a plan and a step-by-step “note to self” on where your backups are, and how to restore them quickly.
  • Automate your backups. Manual backups aren’t reliable as you will inevitably forget to backup at some point.
  • Schedule backups to run during hours with the lowest traffic since backups can consume a lot of system resources.
  • Check up on your scheduled backups. If you run out of storage space, backups could fail. A gazillion of other things could cause a backup failure, so be vigilant.
  • Have incremental backups – daily, weekly, and monthly you can fall back on in case disaster happens. There are too many unknowns in a disaster equation, and having ample backups to restore from is a key to minimizing downtime.
  • Have multiple backups stored in various places such as with your web host and a secondary service, or even locally on your hard drive or external drive.

Backup Options:

  • Most web hosting providers offer native backup solutions. Use that as a secondary backup storage. Note that, with some providers, you may need to set up your backups manually, especially with the Virtual Private Server systems (VPS).
  • Cloud-based backups are efficient since they can be automated and convenient to restore from, especially with the native WordPress cloud backups available as a part of the WordPress Security plugin.
  • Internal monitoring systems like Sucuri and Wordfence also let you set up and manage your backups.

Wrapping Up

The WordPress threat landscape is continuously changing, so you need to be on top of the security best practices, expert findings, patch releases, and community discussions. In other words, be proactive, not reactionary.

By securing your blog properly, you will be able to develop a solid reputation, build traffic faster and avoid costs associated with site cleaning and recovery after a hack.

That’s it. Hope this helps.

By Alex Grant

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading brand and thought leadership exposure programs.

RESOURCES

12 WordPress Managed Hosting Services

12 WordPress Managed Hosting Services

WordPress Hosting Services WordPress hosting services has exploded in popularity as a blogging tool and content management system in recent years, and is now used by more than 23.3 percent (2018 Edit: 53%) of the top 10 million websites worldwide. Due ...
Business Analytics Vs Data Science

Business Analytics Vs Data Science

Big Data Continues To Grow Big Data continues to be a much discussed topic of interest and for good reason.  According to a recent report from International Data Corporation (IDC), "worldwide revenues for big data and business analytics will grow ...

SPONSORS

What Is Net Neutrality And Why Is It So Important?

What Is Net Neutrality And Why Is It So Important?

What Is Net Neutrality? Net neutrality is a concept that has been the centre of a lot of debates recently, ...

Cloud Community Supporters

(ISC)²
AWS
HPE
CA Technologies
Cisco

Cloud community support comes from sponsorship, service opportunities and collaborative network partnership initiatives.

"Top 100 Brand Influencer, Cloud”
-ONALYTICA

"Best Cloud Computing Blog"
-SYSADMIN MAGAZINE

"Top 10 Sites For Cloud Computing"
-DIGITALISTMAG SAP

"Top 10 Cloud Computing Blogs”
-MARKETING ENVY

"Top 25 Must Read Cloud Blogs"
-CLOUDENDURE