Security is like an onion. The more layers that you have, the better the protection.

If you aren't worried about security, then you should. Although security can never be 100%, you still need to take the proper precautions in the event that something goes wrong. Security is like an onion, the more layers you have, the better the protection. For security, I use several different techniques and features to ensure the protection, security and durability of your website. SiteLock and 2FA (2 Factor Authentication), and Domain Privacy are just a few of the many steps that I take to secure your site.

Sitelock

  • Demonstrate to your customers that you are a trustworthy business by verifying your credentials such as email, phone and address.
  • SiteLock automatically scans your website for malware to ensure they are not being blocked or spammed.
  • Displaying the SiteLock certificate increases conversion rates on your site. It will give your business instant credibility and trust in the eyes of customers.

With SiteLock Find You Receive

  • Basic Spam Monitoring: Checks your site daily to make sure it is free of spam lists.
  • Basic Business Verification: Validates that your business exists and can be trusted.
  • Site Verification Certificate: Increase conversions and develop customer trust.
  • Blacklist Monitoring: Avoid your site being quarantined by search engines.
  • Basic Malware Monitoring: Scans your site daily for malware that would block potential visitors.
  • XSS Scripting: Checks for cross-site attacks that allow hackers to use your website to solicit your customers
  • SQL Injection: Checks for database attacks where sensitive customer information is stored.
  • App Scanning: Checks all applications that have been installed (WordPress, Flash, etc.) for vulnerabilities.

2 Factor Authentication:

If anybody gains your admin or site member's login credentials and try to attempt login, then another module of Two factor Authentication will pop up instantly and it will ask for a unique Time-based One-Time Password (TOTP) which will be generated only on your Cellphone via Google's Authenticator App. So, this new layer will add up to the strength of the security at your end.

The major drawback of authentication performed using something that the user possesses and one other factor is that the plastic token used (the USB stick, the bank card, the key or similar) must be carried around by the user at all times. And if this is stolen or lost, or if the user simply does not have it with him or her, access is impossible

Two Factor Authentication secures the signing in process using 2 constants:

  • Something you know i.e. your site’s backend password.
  • Something you have i.e. your mobile phone (to generate the one time code).

Advantages of mobile phone two-factor authentication:

  • No additional tokens are necessary because it uses mobile devices that are (usually) carried all the time.
  • As they are constantly changed, dynamically generated passcodes are safer to use than fixed (static) log-in information.
  • Depending on the solution, passcodes that have been used are automatically replaced in order to ensure that a valid code is always available; acute transmission/reception problems do not therefore prevent logins.
  • The option to specify a maximum permitted number of incorrect entries reduces the risk of attacks by unauthorized persons.

Disadvantages of mobile phone two-factor authentication:

  • The mobile phone must be carried by the user, charged, and kept in range of a cellular network whenever authentication might be necessary. If the phone is unable to display messages, access is often impossible without backup plans.
  • The user must share their personal mobile number with the provider, reducing personal privacy and potentially allowing spam.
  • Text messages to mobile phones using SMS are insecure and can be intercepted. The token can thus be stolen and used by third parties.
  • Text messages may not be delivered instantly, adding additional delays to the authentication process.
  • Modern smart phones are used both for browsing email and for receiving SMS. Email is usually always logged in. So if the phone is lost or stolen, all accounts for which the email is the key can be hacked as the phone can receive the second factor. So smart phones combine the two factors into one factor.