Security Articles - GreenGeeks Blog https://www.greengeeks.com/blog/category/security/ Mon, 06 May 2024 17:15:26 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.3 Security Update: Protecting Against the Essential Addons for Elementor Plugin Compromise https://www.greengeeks.com/blog/protecting-essential-addons-elementor-compromise/ Fri, 19 May 2023 23:06:06 +0000 https://www.greengeeks.com/blog/?p=39891 This post discusses the recent compromise of the popular Essential Addons for Elementor plugin, assigned the CVE identifier CVE-2023-32243. The active Essential Addons for Elementor […]

The post Security Update: Protecting Against the Essential Addons for Elementor Plugin Compromise appeared first on GreenGeeks Blog.

]]>
This post discusses the recent compromise of the popular Essential Addons for Elementor plugin, assigned the CVE identifier CVE-2023-32243.

The active Essential Addons for Elementor exploit affects over one million websites worldwide, including those hosted at GreenGeeks.

Even if you’re not an expert web developer, it’s important to understand the implications of this compromise and the steps we’ve taken to safeguard your websites.

Understanding the Compromise

The Essential Addons for Elementor Plugin is a widely-used tool that allows website owners to create stunning designs and layouts without coding expertise.

Unfortunately, every software has vulnerabilities, and the Elementor Plugin is no exception.

Recently, a security flaw, identified as CVE-2023-32243, was discovered within the plugin’s codebase.

This vulnerability allows any unauthenticated user to reset user passwords, including user accounts with administrative-level access.

It is important to note that this vulnerability affects older versions of the affected plugin, and updating to the latest version is crucial for protection.

Our Proactive Approach and Ensuring Your Website’s Safety

Simply put, GreenGeeks takes your website security seriously!

Even though we’re not a fully managed provider, GreenGeeks takes proactive action in these cases of severe vulnerabilities to protect our clients.

In this case, we’ve already taken corrective action for our impacted customers, updating the Essential Addons for the Elementor plugin to the newly patched version as needed.

While we have updated the Essential Addons for Elementor on our network, you must remain proactive in securing your website.

In most cases, the best defense is keeping your software up to date since simply updating to the latest version available from the official WordPress repository will patch the vulnerabilities and enhance the security of your website.

The best way to keep your site up to date is by using the WordPress automatic update system within wp-admin, bypassing the need for any 3rd party software.

Conclusion

At GreenGeeks, we prioritize the security of our clients, and we strive to help you stay informed of potential security threats to ensure your peace of mind.

Although we’ve taken the critical steps to update impacted sites using the Essential Addons for Elementor plugin and remove the vulnerability, we encourage you to update all other software installed within your GreebGeeks account to maintain the overall security of your hosting account.

Remember, staying vigilant about vulnerabilities and keeping your software up to date is crucial for a safe online presence.

If you have any questions or concerns about this vulnerability or its impact on your GreenGeeks Account, please don’t hesitate to contact the GreenGeeks Technical Support Team for assistance.

The post Security Update: Protecting Against the Essential Addons for Elementor Plugin Compromise appeared first on GreenGeeks Blog.

]]>
Passphrase vs Passwords: Which is Better for Security? https://www.greengeeks.com/blog/passphrase-vs-passwords/ Thu, 04 Aug 2022 16:15:11 +0000 https://www.greengeeks.com/blog/?p=28571 As identity theft cases continue to rise, cyber security has never been more important. One of the main ways to protect your information is to […]

The post Passphrase vs Passwords: Which is Better for Security? appeared first on GreenGeeks Blog.

]]>
As identity theft cases continue to rise, cyber security has never been more important. One of the main ways to protect your information is to create a strong password, but would a passphrase do a better job?

While they might both sound similar, there are a lot of differences that can either improve or reduce the security of your account.

Today, I will highlight the advantages and disadvantages of using a passphrase.

PassPhrase vs Password: Overview

Before we go into more detail, let’s do a brief overview of what each one is and how they are different on a fundamental level.

What Is a Password?

A password is a secret set of data that can essentially consist of anything. Upper and lowercase letters, numbers, or symbols are fair game. A password generator creates a random string of characters making it ultra-difficult to crack. This can lead to passwords like this: “ayndeE$$js&*os.”

Unfortunately, passwords have many problems associated with them, which make them a pain to manage.

The main obstacle is the user. It’s no secret that remembering 50 different passwords becomes a hassle. This leads many to use the same password for multiple sites.

However, this has a domino effect.

If one site gets compromised, your password is now compromised on every other site.

What Is a Passphrase?

A passphrase is very similar to a password, but instead of being a single word or string of random characters, symbols, or numbers, a passphrase is a series of words that may or may not include spaces.

Not all security systems support spaces as a character. So, this will be determined by the website or software you’re using.

Here are some passphrase examples that showcase three variations of the same passphrase:

  • “This Is A Bad Example Of A Passphrase”
  • “ThisIsABadExampleOfAPassphrase”
  • “This_Is_A_Bad_Example_Of_A_Passphrase”

Of course, it doesn’t actually have to be a complete sentence or phrase. It can consist of just a random assortment of words like so:

“Giraffe Potato Ninja Guacamole.”

As you can see those words don’t form a sentence, which can be more secure, but more on that later.

So, What’s the Difference Between a Password and a Passphrase?

All passphrases are passwords, but not all passwords are passphrases.

When following proper security recommendations, passphrases are easier to remember than passwords. This means a user is less likely to write them down, which creates a vulnerability by itself.

In terms of security, both can be very secure, but on average a passphrase is stronger. That said, it can also be weaker.

Let’s take a look at which how they stack up to each other.

Passphrases vs Passwords: Best Practices

While both of these are similar in nature, the best practices surrounding them are quite different. Since their usability is directly impacted by what they consist of, it’s important to understand how to make a strong password/passphrase.

How to Make a Strong Password

Even in 2022, people still use horribly weak passwords like “Password” or “123456.” In fact, this isn’t even a small number of people. These are legitimately some of the most popular passwords.

And that makes a hacker’s job very easy. Thus, naturally, the first step to a strong password is not picking something obvious or common.

So, what qualifies as a common password? Any term that is easily guessable. Now, that probably didn’t help, so, let me clarify that with some examples of common passwords:

  • Yankees
  • Monkey
  • Soccer
  • Toaster
  • Your Date of Birth
  • Your Address

The first four examples are quite common words. There is nothing special about them; they are just normal words that anyone could guess. In fact, most bots start with these terms.

The other two might seem like a good choice. Obviously, your address and date of birth are not common, but are they secure? Is your birthday on your Facebook account? Does someone know where you live?

As you can probably imagine, after thinking about it for two seconds, no, these are terrible choices for a password.

So how do I pick a strong password? Easy, you make sure it includes the following:

  • Includes both upper and lowercase letters
  • Includes both numbers and symbols
  • Does not contain a common word
  • Does not match your email
  • Does not include personal information
  • Is a length of at least 12 characters
  • It is not currently being used on another site

If you are following the above rules, you will get a strong password. For example, here is a list of some strong password ideas:

  • aIdfs#_dTn9@
  • qOdr%hj9dEp$
  • Lu6bw*QRgb7&

Obviously, don’t use these. But they are a completely random string of characters that no one could just randomly guess.

Nowadays, some browsers, such as Google Chrome, will provide a randomly generated password anytime it detects that you are creating an account.

How to Make A Strong Passphrase

Remember how I said that all passphrases are passwords? Well, everything I just went over applies here.

Let’s take a moment to touch on common words again. You may think since you are picking multiple words for a passphrase that common words are now okay. After all, it’s four randomly chosen words.

Wrong.

Common words are still something you should avoid. The words should be random and not normally used in a sentence.

Something unique to passphrases is avoiding the use of famous quotes or sayings. For instance, “We Have A Hulk” would be a terrible choice for multiple reasons.

  1. It is a well-known movie quote from the Avengers
  2. All of the words are four characters or less
  3. All of the words are common

So, now that we know what to avoid, what should we incorporate into our passphrases? Again the rules that apply to passwords apply here, which include:

  • Use upper and lowercase characters
  • Use numbers and symbols
  • Use at least four words (the total should be 12 or more characters)

Now, hold on, how would numbers and symbols be used in a passphrase? Isn’t the point to use words? Yes, but you can get creative.

For instance, “Glasses Series Mower Pole” could be “G!@sSeS SeRieS M0wEr P0!e” and it’s quite the difference. Take note of how I replaced the letter “o” with the number “0.” Or the letter “a” with the symbol “@.”

It’s a very easy thing to remember but makes your passphrase more secure. Everybody is different, so coming up with a set of rules that is easy to remember for replacing letters with numbers or symbols can vary depending on personal preference.

Passphrases vs Passwords: Usability

In no uncertain terms, it is clear that for the vast majority of users, remembering your account information across 50 different sites is a nightmare. Usability is an important factor.

Note: When using a web browser’s autofill option or a password manager, there is no difference between a password and a passphrase. The tools will handle everything. This comparison is for the cases where you cannot use them.

Passwords: Usability

Most people are well aware of the problems that come with remembering a lot of different passwords. In fact, that is why password managers have become so successful, people just don’t want to deal with them.

One of the biggest problems with passwords is that websites do not share a set of universal rules. For instance, have you ever tried to create an account to see that the password you entered is not acceptable?

It probably happens a lot if you don’t follow the best practices. Some sites require upper and lower-case letters, numbers, and symbols to be included. Others don’t but may require 12 characters instead of 8.

While there are security advantages to having different standards, one thing is clear, people hate it.

Passphrases: Usability

On a surface level, a passphrase should be quite similar to a password in terms of usability, at least when following the best practices. However, it is typically easier to remember a set of words than a random assortment of characters.

And that’s really where passphrases shine. They are much easier to remember and with a few simple modifications, they can be accepted without issue on all sites and platforms.

Just to be clear, modifications are things like replacing the letter “o” with the number “0” and such. Again, simple things that make the login info more secure but are still easy to remember.

In general, passphrases are more user-friendly than passwords and usually fit the requirements of all sites.

Are Passphrases Less Secure Than Passwords?

After learning about the best practices, it may seem like passwords might be a more secure approach. After all, when using the best practices, they should be completely random characters, numbers, and symbols arranged in a string.

However, most people do not follow these rules. That’s why “Password” is still one of the most popular passwords.

In comparison, a passphrase is typically easier to remember and longer than a traditional password that does not follow the best practices. Even four common words strung together are stronger than a common password.

Thus, in general, a passphrase is more secure, but both of them are equally effective when following best practices, with passphrases being the easiest to remember.

FAQ

One thing this guide does not cover is storing your password or passphrase. Let’s answer a few simple questions most people may have:

Is It Safe to Store Passwords/Passphrases in a Web Browser?

No, it is not safe to store password information in a web browser. And just to be clear, this includes any web browser.

Unfortunately, anyone that can log into your computer can open up the web browser and export all of the password data stored. In fact, there is malware specifically designed to do this.

And even worse, just regular software should do the trick. It’s also worth noting that this does not just store your passwords, it stored your user name and the site they are being used on.

While you can mitigate the risk by using security programs, the risk is quite large.

Are Password Managers Safe to Use?

Password managers are very safe because they encrypt your password information, which prevents hackers from accessing it.

However, they are not flawless.

In fact, very little is when it comes to security. The main risk associated with a password manager is if a hacker is able to obtain the master password to access the software.

If they obtain the password, they now have full access to all of your accounts. That said, it is quite rare for a password manager to be compromised.

They are quite safe for the most part, so don’t be afraid to use one.

Are Usernames Useful for Protecting Your Account?

In the majority of cases, usernames offer very little or no form of protection.

If you stop and think about the average username you enter, you will probably identify the pattern in less than a minute. Most of them simply consist of your email address, the first letter of your first name, and your last name, or are fully viewable on a forum.

None of the above information is secure, especially not your email address. Many people have that listed on their LinkedIn page in hopes of making business contacts.

That said, it is possible to make an email that is exclusively used for one site, but almost no one does that.

Since most usernames are forced upon you by the site or institution they are used for, you really don’t have choice in the matter. Thus, there’s no point in trying to make them hard to remember.

Final Verdict: Passphrase vs Password

From a security standpoint, both passphrases and passwords are equal when following the best practices. They are not something that someone could use guesswork to crack and would take bots years to force.

However, passphrases have a distinct advantage of being more user-friendly. It is much easier to remember a passphrase than a password, but for the majority of users, this is a moot point.

Let’s face it, regardless of how insecure a web browser’s auto-fill feature is, most people still use it or they purchase a password manager.

Thus, it really does not matter which one you use, what does matter is if you follow the best practices.

Do you prefer creating a password or a passphrase to keep your account safe? Do you follow the best practices?

The post Passphrase vs Passwords: Which is Better for Security? appeared first on GreenGeeks Blog.

]]>
Horde Email Vulnerability: What You Need To Know https://www.greengeeks.com/blog/horde-email-vulnerability-what-you-need-to-know/ https://www.greengeeks.com/blog/horde-email-vulnerability-what-you-need-to-know/#respond Mon, 13 Jun 2022 22:30:08 +0000 https://www.greengeeks.com/blog/?p=28357 What happened to Horde webmail within my GreenGeeks cPanel account? GreenGeeks has temporarily disabled access to the Horde Webmail client across our network. Unfortunately, this […]

The post Horde Email Vulnerability: What You Need To Know appeared first on GreenGeeks Blog.

]]>
What happened to Horde webmail within my GreenGeeks cPanel account?

GreenGeeks has temporarily disabled access to the Horde Webmail client across our network. Unfortunately, this action was necessary as the GreenGeeks Server team became aware of a potential exploit within the third-party Horde Webmail client.

This exploit allows for a potential compromise of a device by simply opening up an infected email via the Horde interface.

Where can I find more information about this exploit?

For more information about the Horde exploit, please refer to the following links:

Exploit Info: https://blog.sonarsource.com/horde-webmail-rce-via-email/

CVE Link: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30287

How does this affect my GreenGeeks service?

The Horde Webmail client will be temporarily unavailable in your GreenGeeks webmail.

What is GreenGeeks doing to protect me from this Horde exploit?

Simply put, the best way to protect yourself from this exploit is to stop using Horde completely. Until a software patch is available, using Horde opens a vulnerability to exploits should a malicious email be opened.

Since there’s no way to identify these messages specifically, leaving Horde accessible posed a clear threat to the integrity of the GreenGeeks network.

To that end, GreenGeeks has temporarily disabled all access to the Horde Webmail client on the EcoSite & Reseller network segments to protect our users and their data.

While we understand that this may cause some inconvenience, this action was necessary to protect the integrity of our network from malicious activity.

When will access to Horde be restored?

GreenGeeks intends to re-enable access to the Horde Webmail Client as soon as possible once a patch has been rolled out and applied to our servers. If you have questions about this exploit we have not covered, please open a new Support Ticket from within your GreenGeeks Dashboard

The post Horde Email Vulnerability: What You Need To Know appeared first on GreenGeeks Blog.

]]>
https://www.greengeeks.com/blog/horde-email-vulnerability-what-you-need-to-know/feed/ 0
Elementor Plugin Vulnerability Issue Detected, But Updated https://www.greengeeks.com/blog/elementor-plugin-vulnerability/ https://www.greengeeks.com/blog/elementor-plugin-vulnerability/#respond Thu, 14 Apr 2022 15:00:00 +0000 https://www.greengeeks.com/blog/?p=28135 Towards the end of March, a critical vulnerability was detected in the Elementor Plugin, versions 3.6.0 through 3.6.2. The issue began when Elementor introduced new […]

The post Elementor Plugin Vulnerability Issue Detected, But Updated appeared first on GreenGeeks Blog.

]]>
Towards the end of March, a critical vulnerability was detected in the Elementor Plugin, versions 3.6.0 through 3.6.2. The issue began when Elementor introduced new functions for plugin setup. However, it opened the door to a serious security threat.

Those who use the aforementioned versions of the Elementor plugin could inadvertently give hackers full access to their websites.

How Does the Elementor Plugin Exploit Work?

In a nutshell, Elementor’s new function allows for quick onboarding of any plugin across accounts.

Anyone who has access to the backend of WordPress can upload a fake, Elementor Pro .zip file and activate it as a plugin. This includes accounts set for any authenticated user, such as subscribers.

This can be used to then run any function within that file.

As any executable file can be run in this manner, you can see just how easy it would be for anyone to gain full access. Not to mention causing some severe damage to your files or even accessing other resources on the server.

What Have We Done to Prevent the Exploit of the Elementor Plugin?

Because of the seriousness of this threat, GreenGeeks has updated all instances of the Elementor plugin automatically. However, you should still verify that you’re running the newest version of Elementor.

If your website is at another web host, we suggest you update Elementor as soon as possible. Then, consider migrating your site to a host who has your best interest in mind.

Always Protect Your Site and Files

It’s always a good idea to keep your site and files protected from such exploits. Never underestimate the value of good security, even if your website only gets a handful of monthly users.

This is because hackers and bots are not picky about their targets.

Ways to improve the security of WordPress sites for free include:

  • Installing security plugins such as Wordfence
  • Using backup plugins to make recovery easier
  • Make a unique database table prefix
  • Always keep plugins, themes, and WordPress itself updated

It Only Takes a Moment to Lose Your Site

Website security is of utmost importance. Even if you don’t collect data from visitors, hackers can still use your site to create fake pages to steal credentials.

For instance, they could create a page nearly identical to PayPal to steal the login information of visitors directly from your domain.

Keep your thumb on the pulse of cybersecurity. Although exploits such as that from the Elementor plugin will still happen, having measures in place can greatly reduce the risks of losing your website.

The post Elementor Plugin Vulnerability Issue Detected, But Updated appeared first on GreenGeeks Blog.

]]>
https://www.greengeeks.com/blog/elementor-plugin-vulnerability/feed/ 0
Do You Have Saved Passwords in Your Browser? Maybe You Shouldn’t https://www.greengeeks.com/blog/saved-passwords-browser/ https://www.greengeeks.com/blog/saved-passwords-browser/#respond Tue, 11 Jan 2022 15:00:00 +0000 https://www.greengeeks.com/blog/?p=27073 Ever wonder how secure your saved passwords are in your favorite web browser? The internet has given us a lot of amazing things, like funny […]

The post Do You Have Saved Passwords in Your Browser? Maybe You Shouldn’t appeared first on GreenGeeks Blog.

]]>
Ever wonder how secure your saved passwords are in your favorite web browser?

The internet has given us a lot of amazing things, like funny videos, online shopping, access to any answer we want, and much more. Yet, it has also introduced us to a new problem that many people struggle with: password management.

Seeing this as a problem, almost every web browser now offers users the ability to save passwords for quick access. While it is convenient, it also raises another question, is it safe to store saved password data in your browser?

The short answer, no. The long answer, keep reading.

How Do Saved Passwords Work in A Web Browser?

In case you are new to the internet, whenever you enter a password into a site, modern web browsers will ask you if you want the browser to remember the password and the sign-in ID. You can either select to do so or not.

If you choose to save the sign-in information, it is stored in two ways. First, it is stored locally on the device itself. And if you enable password sync, it will also be stored on that account. This enables you to access the information on multiple devices.

As a result, you can freely switch devices and quickly log in to your accounts, and it works great.

As a result, it has never been easier to manage passwords on web browsers like Chrome, Firefox, Safari, and more. Yet, just because you can do it and it makes the experience better, doesn’t mean it is safe to do so.

Is It Really That Easy to View Stored Passwords?

Absolutely! It takes less than a minute if you know where to go.

For example, if you are using Google Chrome, all you need to do is:

  1. Save a password in Chrome
  2. Click on the three dots
  3. Select the Settings option
  4. Click on Autofills
  5. And click on Passwords

If you are using Windows 10 or above, it is required to also enter your password or pin to log into your device. After this, you will see all of the passwords the browser has saved, and you just need to click on the Show Passwords option (represented by an eye).

The process is similar for other web browsers like Firefox, Safari, and Microsoft Edge.

Why Are Saved Passwords Not Safe In Your Web Browser?

Le’s say you went to the park with your laptop. And on that laptop, you have all of your passwords saved to the web browser.

Everything’s going fine and you take a trip to the restroom, you get back, and your laptop has been stolen. That thief didn’t just steal a piece of hardware, they stole a full list of your passwords and sign-in IDs, which is far more devastating.

Especially if you have banking information stored.

Now you might be thinking that the password or fingerprint scanner required to log into the laptop is enough to protect that information. Well, it’s not.

It’s actually really easy to force login on any modern computer, which I am not covering here.

And yes, I know some of you are thinking, “well, this won’t happen to me.” However, nearly 100% of people think that before it happens to them.

Also, this is not a problem exclusive to laptops. Your desktop, tablet, and smartphone are all just as vulnerable. And it doesn’t even require a thief. Anyone who lives in your household can easily grab one of these devices and steal the passwords saved in your browser.

You Can Export Saved Passwords From Your Web Browser

Most web browsers allow you to export your saved passwords using Excel.

On one hand, it makes it easier to import your passwords on a new device if you don’t want to use the sync options. It is also a great way to get a physical list of accounts in the event your hardware malfunctions or is stolen.

On the other hand, someone could export your passwords and save that information to a USB or the cloud to use later.

It’s a double-edged sword.

What If I Only Store Unimportant Login Information?

Clearly, there is a difference between someone getting the password to your bank account and getting the password to something like Reddit.

However, even though you have probably heard this several times, “don’t use the same password for multiple accounts,” 68% of Americans still do so. Even worse, passwords like “12345 ” and “password” still remain some of the most popular options.

If you happen to fall into this statistic, even stored passwords for simple sites are problematic.

It’s also worth noting that users often use personal information as their passwords. For example, people might use their social security number, or part of it, as a password.

It is a REALLY BAD idea to do that.

Another example would be using your phone number. This is information you do not want to use as a password.

Thus, even passwords on an unimportant website can be dangerous.

Why Is There No Focus On Sign-In IDs?

You might have noticed that I mentioned web browsers also save your sign-in IDs. Yet, they seem to get no focus.

The main reason is that sign-in IDs don’t offer accounts much protection. For example, colleges typically make your school account the first letter of your name followed by your last name. It’s not very secretive.

This means anyone who goes to the same school and knows your name, has your Sign-In ID. Only the password prevents them from logging in.

And it’s not just colleges. Many banks use a similar system because it is easy for the client to remember. Many other sites will just require you to sign in with your email address.

Again, anyone who knows your email address knows your sign-in ID.

If you’ve ever created a forum account on a website, your username that is displayed when you create a post is probably your sign-in ID. Are you noticing a pattern?

The sign-in ID offers very little, or in many cases, no account protection at all.

Doesn’t Two-Factor Authentication Still Prevent Them From Logging In?

Getting people to set up two-factor authentication (2FA) is not easy, but it really does make your account safer most of the time.

First, let’s discuss what it is. 2FA is a system that requires a confirmation code after you enter the password. This can be in three main forms: email, text, or a security token.

The confirmation codes are sent out immediately after entering the password and expire after a given time.

Now, you might have figured this out, but if you store your email password in your web browser and someone steals it, that 2FA system is breached. That said, a text message or security token (Google Authenticator App) is pretty safe.

Although if the passwords were stored on your phone’s web browser and it was stolen…yeah, the system still falls apart.

That said, 2FA significantly increases the security of your accounts. I strongly recommend setting it up, and you can even earn bonuses for doing so.

For example, adding 2FA to a Fortnite account will get you in-game rewards.

Is There A Safer Way to Store Passwords?

This is what Password Managers were made for.

These are third-party apps that store your passwords using encrypted data, which is just a fancy way of saying it makes them unreadable to anyone but the person they’re intended for.

As you can imagine, most come with a cost, but some free password managers do exist.

They are easy to understand. You enter your sign-in information into the app and when you visit the website you can select which sign-in to use from a list. Some will change your passwords to stronger versions to increase security.

The good news is you don’t actually need to remember some random string of letters, numbers, and symbols. The apps store it in a secure environment. The only password you will need to memorize is the password for the manager itself.

Some are designed to not store this information to make it impossible to steal if someone gets ahold of the device.

I said at the start, people struggle to manage their passwords, which means there’s a big market for them. Unfortunately, not all password managers are created equal.

How Do Cookies Fit Into the Equation?

If you’ve been using the internet, you have probably been asked to accept cookies when you visit. You can thank the GDPR for that.

Cookies do store your password and other information. But without them, every time you change a page, you would need to log in again. As you can imagine, the internet is not a great place without cookies.

Yet, the good news is they are safe.

Unlike passwords saved in your web browser, cookies are saved as code. So, it takes some coding knowledge to identify them.

Cookies actually expire after enough time passes, which helps minimize the data they store. And it is even possible to set your web browser to delete all cookies every time you close the browser, which is the safest option.

Does This Mean Storing My Credit Card Info Is Also Bad?

Viewing stored credit card information is almost identical to viewing stored passwords in a web browser. Thus, it’s not a good choice.

However, it is somewhat safer because web browsers do not save the CVV number on the back of your card. This means you need to manually enter this into many sites.

Though, there are times this code is not required, so the safety varies.

A much better option is to use PayPal to pay for items online. It is very secure, can detect fraudulent activity, and is almost universally accepted in the United States. Just remember that PayPal requires a password before checkout.

If you are not a fan of this, then you could manually enter billing information every time.

The good news is that modern credit cards can identify fraudulent activity and may even contact you by phone to approve the unusual charges.

Switch to A Password Manager Today

Hopefully, this has convinced you that saved passwords in your web browser are not safe. They can be accessed easily by anyone who lives in your home, works at your office, or by anyone who steals your device.

In some cases, they even undermine systems like 2FA that are designed to increase account security. Yet, I cannot deny that remembering fifty different passwords is a big hassle. That’s why I recommend investing in a quality password manager.

As a user, it works almost identically to your browser storing the passwords, but it’s much safer.

Are you shocked to find out your passwords are not that safe? Do you already use a password manager?

The post Do You Have Saved Passwords in Your Browser? Maybe You Shouldn’t appeared first on GreenGeeks Blog.

]]>
https://www.greengeeks.com/blog/saved-passwords-browser/feed/ 0
WooCommerce Exploit Found – Update Required https://www.greengeeks.com/blog/woocommerce-exploit-found-update-required/ https://www.greengeeks.com/blog/woocommerce-exploit-found-update-required/#respond Fri, 16 Jul 2021 20:50:28 +0000 https://www.greengeeks.com/blog/?p=26326 Earlier this week, the GreenGeeks Abuse team was notified of an exploit with the very popular WordPress plugin WooCommerce. The WooCommerce development team identified this […]

The post WooCommerce Exploit Found – Update Required appeared first on GreenGeeks Blog.

]]>
Earlier this week, the GreenGeeks Abuse team was notified of an exploit with the very popular WordPress plugin WooCommerce. The WooCommerce development team identified this exploit and immediately released an updated version of the plugin. The exploit was found to allow a potential attacker to retrieve WooCommerce data from the website.

In such situations, GreenGeeks typically forces an update to the affected plugin, across our entire network, to ensure our users are not vulnerable. However, we, unfortunately, are not able unable to force WooCommerce updates without potential issues this may introduce for out-of-date sites.   As GreenGeeks has not applied this update automatically,  it is imperative that all GreenGeeks WooCommerce users update their own websites as soon as possible.

While GreenGeeks has implemented measures to block this malware from being immediately exploited at the server level, updating this plugin will resolve the root cause of the exploit and protect your site from having sensitive client data exposed.  WordPress even allows you to implement automatic updates for all themes and plugins in the WordPress.org repository. We strongly recommend that all customers implement automatic updates on their themes and plugins as doing this will ensure future releases for exploits are applied immediately upon release, protecting your site automatically.

To update WooCommerce, you’ll need to login to your WP-Admin, or use the WP CLI tool.  GreenGeeks customers can easily access your WordPress easily via Softaculous or via your GreenGeeks dashboard. 

If you are an existing GreenGeeks customer and require our assistance in updating your WooCommerce plugin, please open a Support Ticket via your GreenGeeks dashboard and our team will be happy to assist you.

The post WooCommerce Exploit Found – Update Required appeared first on GreenGeeks Blog.

]]>
https://www.greengeeks.com/blog/woocommerce-exploit-found-update-required/feed/ 0
Outdated Applications & How You Can Protect Yourself https://www.greengeeks.com/blog/outdated-applications-how-you-can-protect-yourself/ https://www.greengeeks.com/blog/outdated-applications-how-you-can-protect-yourself/#comments Fri, 05 Feb 2021 21:41:21 +0000 https://www.greengeeks.com/blog/?p=24287 The Problem Last month, the internet learned of the most recent Drupal exploit, which put end-users at risk for a severe compromise. The exploit was […]

The post Outdated Applications & How You Can Protect Yourself appeared first on GreenGeeks Blog.

]]>
The Problem

Last month, the internet learned of the most recent Drupal exploit, which put end-users at risk for a severe compromise. The exploit was announced by Drupal could potentially lead to a malware infection or potential loss of data.   

Sadly this type of situation is an unfortunate, yet all too common, and completely preventable issue that we see our customers facing.  If you have an outdated website hosted in your GreenGeeks account, this puts your hosting account and data at risk, including the other software or websites in your account that are up-to-date.

Try to think about it like this; your website, whether it’s built using WordPress, Drupal, Joomla or another content management system (CMS), is similar to your car.  When you first buy it new,  it runs great and has all the latest features, but over time a car requires regular maintenance to continue to perform as expected.  If for example,  you fail to change your oil regularly, this may lead to issues with your engine. The same concept can be applied to your website with regards to updated software versions, as these often contain important security patches for known exploits. 

Keeping your site up-to-date is something every website owner should be mindful of, regardless of which CMS you choose to utilize.  

The Solution

With some CMSs, like WordPress, updating can be a breeze and can be configured to update automatically, while others like Joomla or Drupal require extensive manual adjustments for major versions.

GreenGeeks offers the Softaculous App Installer to assist with managing CMS installations, including backups and updates, but older versions must typically be updated manually.   These older versions can be readily exploited if not properly patched, and most providers of these applications will no longer provide support for deprecated versions. 

The exact upgrade steps for your CMS, i.e Joomla & Drupal will differ depending on your current version, and may require specific, in-depth detail.   Upgrading these installations is beyond the scope of what GreenGeeks can do, and advise consulting a developer for specifics. We can offer assistance with alternatives to using an outdated site, such as building a new website in a development folder, or securing the site using a password.

More information on upgrading Drupal and Joomla can be found at the links below:

https://www.drupal.org/docs/upgrading-drupal/upgrading-from-drupal-6-or-7-to-drupal-8-and-newer

https://docs.joomla.org/J3.x:Updating_from_an_existing_version

Regardless of which CMSs you use, we cannot stress how crucial it is for you to keep your software up-to-date, in order to ensure the security of your website & user data.   If you have any questions,  your friendly Support Team at GreenGeeks is always here to offer advice regarding your specific situation.

The post Outdated Applications & How You Can Protect Yourself appeared first on GreenGeeks Blog.

]]>
https://www.greengeeks.com/blog/outdated-applications-how-you-can-protect-yourself/feed/ 1
Contact Form 7 Vulnerability & How You’re Protected https://www.greengeeks.com/blog/contact-form-7-vulnerability/ https://www.greengeeks.com/blog/contact-form-7-vulnerability/#respond Sat, 19 Dec 2020 13:22:25 +0000 https://www.greengeeks.com/blog/?p=23745 A major exploit was recently found within the “Contact Form 7” WordPress plugin that allows for unrestricted file uploads. While an update was instantly applied […]

The post Contact Form 7 Vulnerability & How You’re Protected appeared first on GreenGeeks Blog.

]]>
A major exploit was recently found within the “Contact Form 7” WordPress plugin that allows for unrestricted file uploads. While an update was instantly applied by the developers, this can potentially allow an attacker to upload malware to any website using this plugin, which can then spread to other websites within a cPanel account if left unchecked. This exploit was reported by WordFence and other major security organizations.

GreenGeeks is constantly striving to improve our quality of service and increase our overall security as much as possible. With our real-time malware scanning and other methods we deploy, we can attempt to neutralize threats that may arise before they become a bigger problem.

To help prevent a possible compromise, GreenGeeks has automatically updated any Contact Form 7 plugin hosted within our EcoSite, reseller and Managed VPS network. This was done in an effort to help secure this one known vector from being exploited to harm any websites hosted on our network.

While GreenGeeks strives to do what we can to prevent such issues, website owners should always take proactive steps to secure their account. We strongly recommend taking the time to audit all websites you host on your account, and update all WordPress themes, plugins and core versions even if they are not in use. We also strongly suggest updating all passwords regularly. If you haven’t already, we suggest you check out our WordPress Security Webinar.

Doing this in conjunction with the complimentary update we’ve applied for Contact Form 7 will help secure customer websites hosted on our network and start the new year off with secured websites.

As always, feel free to reach out to GreenGeeks support or comment below.

The post Contact Form 7 Vulnerability & How You’re Protected appeared first on GreenGeeks Blog.

]]>
https://www.greengeeks.com/blog/contact-form-7-vulnerability/feed/ 0
GreenGeeks Account Security Improvements https://www.greengeeks.com/blog/greengeeks-account-security-2020/ https://www.greengeeks.com/blog/greengeeks-account-security-2020/#respond Mon, 23 Nov 2020 15:31:11 +0000 https://www.greengeeks.com/blog/?p=23826 GreenGeeks is pleased to announce security improvements to your account. We take great pride in ensuring account security along with enhancing the customer experience. We […]

The post GreenGeeks Account Security Improvements appeared first on GreenGeeks Blog.

]]>
GreenGeeks is pleased to announce security improvements to your account. We take great pride in ensuring account security along with enhancing the customer experience. We hope these changes will do just that.

Login Verification Email

As you may remember from our earlier announcement in May 2020, GreenGeeks implemented login alert emails for all successful logins to your dashboard. To further protect your account, we’ve just rolled out an additional security measure, requiring a one-time verification code for devices that we don’t recognize.

This means if you login to your GreenGeeks account from a new device, or a different browser, you’ll need to complete a one-time verification via Email, Phone or SMS to complete the login process. This additional verification is only done for devices that we do not recognize, once verified we will “know” your device and you will be able to login as normal.

If you frequently login from different devices, GreenGeeks recommends enabling Two-factor Authentication on your GreenGeeks account.

Two-factor Authentication

GreenGeeks has support for full Two-factor Authentication (2FA), the most secure way to access your GreenGeeks account. 2FA uses a one-time code generated from your local device (phone or tablet) to verify your identity.

This means that once 2FA is enabled, even if your email address on file or your GreenGeeks login credentials are compromised, the attacker would still be unable to login without having access to your local device.

Learn more about Two-factor Authentication & How to enable it.

User Administration / Account Access

We have re-launched the ability to access your account by multiple account holders. This makes it easy to allow other people in your organization or developers to have access to your GreenGeeks account, without having to share your own GreenGeeks login details.

Once authorized, the delegated user will have full access to manage the hosting service, access cPanel, create an SSL certificate, and even contact GreenGeeks support on your behalf.

Learn more about User Administration for your GreenGeeks account.

If you have any questions or concerns about these new security improvements on your GreenGeeks account, please do not hesitate to get in touch with us.

The post GreenGeeks Account Security Improvements appeared first on GreenGeeks Blog.

]]>
https://www.greengeeks.com/blog/greengeeks-account-security-2020/feed/ 0
10 Best Security Suites You Should Consider in 2024 https://www.greengeeks.com/blog/best-security-suites/ Thu, 17 Sep 2020 15:00:53 +0000 https://www.greengeeks.com/blog/?p=22532 Cyber security remains one of the most important aspects of the internet. For this reason, it is highly recommended to use one of the best […]

The post 10 Best Security Suites You Should Consider in 2024 appeared first on GreenGeeks Blog.

]]>
Cyber security remains one of the most important aspects of the internet. For this reason, it is highly recommended to use one of the best security suites to protect yourself from online threats.

Security suites exist for all devices including computers, smartphones, and tablets. Each device is susceptible. It’s also no secret that security tools are often resource-intensive. As such, they can have a significant impact on your device.

Today, I am going to share the 10 best security suites you should consider to keep your devices safe and secure.

What Is a Security Suite?

Security suites are multiple security programs bundled together in a single package, or “suite” of programs. Where an antivirus is a single program with a specific function, security suites offer a wider range of device protection.

Every security suite contains an antivirus program, but it also includes other crucial security-related additions. Some of the features security suites offer include:

  • Ransomware protection
  • Secure browsers
  • Virtual Private Networks (VPNs)
  • Webcam protection
  • Password managers
  • Online backup
  • Parental controls
  • Dark web monitoring

And the best security suites don’t protect only desktop or laptop computers. They can also keep your Android devices or iPhones secure and safe from attack or compromise.

So, let’s get to the list, shall we?

A note on the pricing information in this article. Security software pricing is not exactly straightforward, with multiple options for terms and the number of users or devices covered. We’ve provided pricing basics, but you should check the long-term pricing for any security suite you’re interested in. Many of the yearly prices advertised are for the first year only and increase when they’re renewed.

The Best Security Suites You Can Use Today

1. Bitdefender Total Security

Bitdefender is the best security suite

No matter what device you are planning to use for surfing the web, Bitdefender can protect it and can do so extremely well. It guards against the big three – viruses, malware, and ransomware without impacting your device’s performance.

You can also protect all of your devices with just a single subscription.

Of course, those are just the basics. It even gives you access to VPN services you can use to guard your data when in public Wi-Fi areas. Just keep in mind that you are limited to 200MB of data per day.

Another great security feature would be the Password Manager. Passwords remain one of the easiest ways for hackers to gain access to your systems. This tool can generate and encrypt your passwords to ensure their safety.

Key Benefits of Using Bitdefender Total Security

  • Firewall protection
  • Spam filtering
  • Phishing protection
  • Spam protection
  • Parental controls

Bitdefender Total Security Pricing

  • Protect 5 devices for $69.99 for the first year

2. Kaspersky Premium

Kaspersky Premium

Kaspersky is one of the most well-known names when it comes to cyber security, and the Kaspersky Premium suite is one of the best in the industry. It guards against most threats, ensures your online privacy, and does so without impacting your performance.

It supports Windows, macOS, Android, and iOS devices.

One of the best features is the parental controls called Safe Kids. This allows you to track that device’s history and block certain sites from being accessed by your children. It’s definitely one of the best parental controls in the industry.

In terms of actual protection, this suite can guard against all of the threats you would expect including viruses, malware, ransomware, phishing scams, and much more. It even offers identity protection features to make sure no one is impersonating you.

Key Benefits of Using Kaspersky Premium

  • VPN Services
  • Gain access to 24/7 IT support
  • Protects online payment data
  • YouTube Safe Search for kids
  • GPS tracking for devices

Kaspersky Premium Pricing

  • Protect 10 devices for $67.49 for the first year

3. Norton 360 Deluxe

Norton 360

Norton is another respected name in the antivirus world, and Norton 360 Deluxe is their flagship security suite. They are so sure you will love this service that they offer a 60-day money-back guarantee and one of the lowest prices on this list.

It supports all of the regular devices including PCs, Macs, tablets, and smartphones (Android and iOS).

Norton takes identity theft seriously. For those unaware, thieves who steal your data sell it on the dark web. Norton includes Dark Web Monitoring which can scan the dark web and determine if your data is being offered anywhere while sending you alerts.

You’ll also gain access to fifty gigabytes worth of cloud backup. However, this is only available on Windows devices. You can rest easy knowing that you are protected against viruses, malware, ransomware, and much more when using Norton 360.

Key Benefits of Using Norton 360 Deluxe

  • Personal data protection
  • Parental controls
  • Password generator and manager
  • Secure VPN
  • Light resource usage

Norton 360 Deluxe Pricing

  • Protect 5 devices: $49.99 for the first year

4. Trend Micro Maximum Security

Maximum Security

Can something be both “micro” and “maximum”? In the case of Trend Micro Maximum Security, the answer is yes. This is one of the best security suites available that protects against all major threats you will face when surfing the web.

It works on all of the major operating systems including Windows, Mac, Android, iOS, and even Chromebook.

This security suite is powered by cloud-based AI that is constantly evolving to keep up to date on the latest threats you’ll face. This allows it to quickly defend against threats that have never been seen before the moment they appear.

There are a variety of other features that can help, like robust parental controls that give you control over what children see and how long they can surf the web. It even includes a password manager, so be sure to give it a try today.

Key Benefits of Using Trend Micro Maximum Security

  • Pay Guard to protect banking transactions
  • Personal data protection
  • Ransomware protection
  • Dark web monitoring
  • VPN

Trend Micro Maximum Security Pricing

  • Protect 5 devices for $49.95 for the first year

5. Avast Ultimate

Avast Ultimate

I’ve used Avast antivirus software for years. It’s far and away the best internet security you can get for free. But, if you’re looking for more protection, Avast Ultimate delivers it in spades.

It also delivers some unique features, like a sandbox to open suspicious files, and a data “shredder.”

While it is available for all devices, it is worth pointing out that to use it with Android or iOS devices, you need to purchase the more expensive plan for 10 devices. Otherwise, it will only work on a single PC or Mac.

It protects against all major threats from viruses to ransomware. Its standout feature would be the SecureLine VPN included in the Ultimate package. It hides your identity online and keeps your data from getting stolen no matter what site you are viewing.

Key Benefits of Using Avast Ultimate

  • Personal data protection
  • Wi-Fi Inspector
  • Parental controls
  • Sandbox to open suspicious files
  • Allows you to bypass geo-blocks on streaming services

Avast Ultimate Pricing

  • Protect 1 Windows/Mac device for $49.99 for the first year
  • Protect 10 devices for $69.99 for the first year

6. McAfee Total Protection

McAfee Total Protection

When it comes to cyber security, McAfee may be the most well-known on this list. Naturally, McAfee Total Protection is one best security suites you can purchase, and will cover an unlimited number of devices.

This makes it the perfect choice for large families that need to cover computers, phones, tablets, and more.

It protects against all major threats and even offers up to one million dollars in identity fraud expenses that occur if anything does happen. If that’s not a sign of confidence, I’m not sure what is.

There is a full password manager that can help keep your accounts secure no matter what device you are using. It stores and encrypts passwords and can even help you generate strong passwords.

Key Benefits of Using McAfee Total Protection Multi-Device

  • Personal data protection
  • Receive support from security experts
  • Wi-Fi protection
  • Parental controls
  • Secure VPN

McAfee Total Protection Multi-Device Pricing

  • McAfee Basic begins at $29.99 for the first year
  • McAfee Essential begins at $39.99 for the first year
  • McAfee Advanced begins at $89.99 for the first year

7. Avira Prime

Avira Prime

Avira Prime is another excellent option when you are looking to protect your devices from a variety of threats and keep your private information safe from prying eyes.

You’ll also gain access to one of the best phone support options in the industry with exceptional agents ready to help.

A big focus of this suite is to protect your data from falling into the wrong hands. It has several tools to this effect like the Secure Price Comparison Tool.

It is normal when shopping online to find a product and then begin searching for which site has the product for the best deal.

This tool helps do that for you in a secure manner as many scam sites are disguised as coupon sites that not only waste your time but steal your data. Of course, it protects against viruses, ransomware, malware, and all of the normal threats one would expect.

Key Benefits of Using Avira Prime

  • Supports all major operating systems
  • Blocks infected websites before you enter them
  • Unlimited VPN services
  • Includes a comprehensive firewall to block threats
  • PC cleaner removes junk files

Avira Prime Pricing

  • Protect 5 devices for $59.99 for the first year

8. Panda Security

Panda Security Antivirus is one of the best security suites available

Panda Security boasts having the best threat detection in the industry going as far as to say 100%. That would make it better than every other option on this list, and that’s just one part of this security suite.

Naturally, this is across all devices from computers to smartphones.

Your plan will include a free VPN service that is limited to 150MB per day. It is enough for casual browsing, but any heavy use, and you will run out of data fast. There is also a password generator to help create strong passwords that are difficult to guess.

This suite also features dark web monitoring to keep an eye out if your data is for sale online. If it is, you’ll get a security alert that can help you act before it gets into the wrong hands.

Key Benefits of Using Panda Security

  • Personal data protection
  • Ransomware protection
  • File encryption tool
  • Wi-Fi protection
  • Parental controls

Panda Security Pricing

  • Basic Protection begins at $28.79 for the first year
  • Advanced Protection begins at $45.59 for the first year
  • Complete Protection begins at $57.59 for the first year

9. F-Secure Total

F-Secure Total is one of the best security suits available

F-Secure is another security suite that focuses on not only securing your online experience but also improving it with a variety of features. It does this regardless of what type of device you use or the operating system.

Naturally, it guards against viruses, malware, ransomware, and the normal threats you would expect.

It has tools dedicated to protecting your baking account and any online shopping accounts you create to keep your credit card information safe. If any data is stolen, or a security breach is reported at a site you use, you’ll receive a notification immediately.

Something unique to this tool is that it has a gaming mode. This allows you to enter an uninterrupted gaming session without impacting your performance. This will disable any scheduled scans, updates, and whatnot until you are done.

Key Benefits of Using F-Secure Total

  • Unlimited VPN service
  • Parental controls
  • Identity protection
  • Wi-Fi protection
  • Password manager

Key Benefits of Using F-Secure Total

  • Protect 1 device for $69.99
  • Protect 3 devices for $89.99
  • Protect 5 devices for $99.99

10. ESET

ESET is one of the best security suites available

Closing out this list of the best security suites is ESET. It is another all-in-one solution for staying safe online with tools for handling all of the common threats like viruses, malware, and ransomware.

This tool supports Windows, Mac, Android, and iOS devices.

It helps keep your browsing data secure with a variety of features. One such would be the encryption of your sensitive data and photos. It even has measures in place that prevent your webcam from being accessed to spy on you.

It also includes a full VPN service that you can use to secure yourself whenever you tap into a public wi-fi hotspot. And with the password manager, you will never have to worry about forgetting a password again.

Key Benefits of Using ESET

  • Manage security on all of your devices from a single location
  • Includes safe banking tools
  • Comprehensive firewall
  • Dark web monitoring
  • Gamer mode

Key Benefits of Using ESET

  • Essential begins at $59.99
  • Premium begins at $69.99
  • Ultimate begins at $179.99

Never Surf the Web Unprotected

The internet is one of the most important aspects of modern-day life with many of our favorite things existing almost exclusively online, however, there is no denying that the internet is not a safe place, and it is becoming more dangerous every day.

Identity theft has become one of the biggest threats to online shoppers and in just an instant someone can steal your identity and turn your life upside down. Making sure your devices are protected is the minimum requirement for online security.

Luckily, there are a lot of great options to choose from. If you are looking to save some money, switch up your service every year to take advantage of the first-year discount that has become universal in this industry.

Which security suites do you think are the best? What is the most important feature of your security plugin?

The post 10 Best Security Suites You Should Consider in 2024 appeared first on GreenGeeks Blog.

]]>