SafetyDetectives spoke with Jamie Blomerus, Senior WordPress Developer and Co-Founder of Webbstart, about his company’s services, how to secure your WordPress site, and tips to recover a hacked site and stay one step ahead of the hackers.
Can you talk about your background and how you started at Webbstart?
I’ve been working with WordPress for about 5 years now. I started out my career as a freelance developer, working on small projects for businesses and individuals. In early 2021, I founded Webbstart, together with my wonderful coworkers, and have now been working as Senior WordPress Developer. In my role here, I work on a variety of projects, from small website development projects to larger-scale custom plugins and theme development.
I’m also a big advocate for cybersecurity. I believe that it’s important for all entities, whether they’re companies, celebrities, enterprises or consumers, to be aware of the potential security risks that are online. I am currently training to complete the CompTIA Security+ certification, and I’m always happy to help people secure their WordPress sites.
What are some of the main services that Webbstart offers?
Webbstart offers web development services, mostly towards WordPress and related services such as security assessments, content translation, and SEO optimization.
From a cybersecurity perspective, what are some of the advantages of using WordPress to build a site?
When using such a famous CMS as WordPress, there is a lot of information online about good practices to ensure high security and a whole community to help. It does also help that the code is well maintained by the WordPress community, as the code is open source.
I see that Webbstart does security analysis of websites – what are some of the biggest vulnerabilities that you’ve seen, and how can you patch them?
One of the biggest and most common entry points for WordPress is outdated plugins, themes, or software. As common vulnerabilities can easily get detected by attackers using tools such as WPScan. This can easily be fixed by continuously checking, so all plugins are updated to the latest version and/or enable automatic updates.
Another common entry point is leaving the XML-RPC functionality enabled in combination with bad user credentials. This enables attackers to brute-force their way into a WordPress installation. The XML-RPC functionality is often not used in the first place, which leaves it an unnecessary vulnerability. There are several plugins available in the WordPress Plugin Directory that disable or further secure the XML-RPC.
What are some steps that a small business owner should take to improve their web security against hackers and data leaks?
There are a few key steps that small business owners should take to improve their web security against hackers and data leaks:
- Use a strong password for your website admin panel, and make sure you don’t reuse it on other websites.
- Use a reliable security plugin such as Wordfence or Sucuri to help protect your website from known threats.
- Keep your WordPress installation and all plugins and themes up to date to help close any potential security holes.
- Regularly back up your website so that you can quickly restore it if it is hacked or compromised.
What can a business owner do if their site is hacked, how can they regain control and secure their data?
If a business owner’s site is hacked, the first thing they should do is assess the damage. Once they know what has been compromised, they can start to take steps to regain control and secure their data. They should change all passwords, both on the site and on any related accounts. They should also review their security settings and make sure that all software and plugins are up to date. If possible, they should restore their site from a backup. Finally, they should reach out to a professional for help if they are unsure of how to proceed.
As technology improves, so do the hackers and scammers; how do you stay one step ahead to create a safe environment for your clients?
There are a few ways to stay ahead of hackers and scammers. The first is to keep up with the latest security news and trends. I would recommend The Hacker News or Telegram channel @hackerpartynews on a daily basis.
This way, you’ll know what threats are out there and how to protect against them. Another way to stay ahead is to create a strong security policy for your clients. This policy should include things like password requirements, two-factor authentication, and data encryption. By implementing these security measures, you can make it much harder for hackers to access your client’s data. Finally, you should always test your security measures to make sure they’re working properly. Hackers are constantly finding new ways to exploit vulnerabilities, so it’s important to regularly test all systems and employees to make sure they can withstand attacks.