My sites are hosted through iPage, and with my $3.49 a month hosting I get "free" Sitelock with one of my domains. They've been sending me an E mail reports every week saying they've scanned my site and everything's fine.

Today I got an E mail from Sitelock saying !!! MALWARE VULNERABILITY DETECTED!!! So I logged in to my dashboard. What they were referring to is a page on one site that is used only for comments and questions, I don't allow comments on most content pages. What must have triggered it is that I approved the first comment for that page, just a blogger who's site I commented on last week stopping by to say hi.

I know that noone can rate the security of my site through a forum thread, but what's your opinion of Sitelock and similar services, are they necessary?

In case you haven't guessed yet, Sitelock wants me to upgrade and also pay for an "evaluation" It sounds to me like a very clever upselling strategy. If I don't upgrade within 72 hours, they're going to revoke my sitelock "security badge" How very arrogant, I don't display their badge anyway.

So is a service like this necessary? any other security tips.

BTW, my sites are all wordpress sites.

Thanks in advance.

I would recommend that you do a full up-to-date virus scan on your computer. Then, when you are sure you have no viruses, download your entire website and run a virus scan of the website. Then, delete the entire website from the internet and re-upload it. This will ensure that the site is clean. There is no need to pay your hosting provider to "evaluate" this for you.

You are probably better off asking what we think of Wordpress as a "secure" system!!!

Thanks for the response guys. I've done a little reading and I think sitelock is trying to scam me. What better upselling strategy than a large Warning !!! Warning!!!! showing up in your E mail.

If this is something i should be worried about, could someone suggest where I could find some best practices for website security.

Quote:

Originally Posted by mpw45233

Thanks for the response guys. I've done a little reading and I think sitelock is trying to scam me. What better upselling strategy than a large Warning !!! Warning!!!! showing up in your E mail.

If this is something i should be worried about, could someone suggest where I could find some best practices for website security.

If you are not satisfied with the integrity of your web host, perhaps you should consider switching providers

Quote:

Originally Posted by XeHSean

If you are not satisfied with the integrity of your web host, perhaps you should consider switching providers

Can agree with this because there are many web hosts that are reliable and honest... hosting market is becoming more and more competitive, so you will have opportunity to choose a perfect fit for your needs along with many free bonuses.

My opinion will be biased, but, on our hosting provider SiteLock is offered. As a security specialist, I tried them out on a non-active domain of ours. I paid their fee and then setup our account with the non-active domain. I then uploaded numerous backdoor shell scripts that hackers use all the time.

I kept getting a safe rating from SiteLock. This tells me they are only scanning from the outside. We believe that all the files need to be monitored which is why we require FTP access to a website. I am not promoting our business, just letting you know what we found.

I do see their promotions every time I login to our cPanel and I get emails from them all the time as well.

That's my two cents.

Use the latest versions of your web application. That will help you to avoid that. Also It is recommended to change passwords time by time.

Quote:

Originally Posted by SiberForum

Use the latest versions of your web application. That will help you to avoid that. Also It is recommended to change passwords time by time.

So if I keep upgrading to the latest version of wordpress I should be ok? I'm also very vigilant about my passwords.

And just to clarify, I'm very happy with iPage overall, I had one bad experience with tech support, and almost cancelled, but to be fair, I call them ALOT!

They have alot of independant services integrated into their control panel (wordpress, Google Webmaster tools, Simple Scripts) and even though they're accessable from my control panel, they're independent services.

Super easy control panel, fast page load, and for $3.49 per month iPage itself does very little upselling, nowhere near Go Daddy.

I just want to know if website security in general is something I should worry about. There's nothing important on the sites (except my affiliate and adsense code) Also noticed that there's no security sub-forum at webmaster talk-or anywhere else...

I don't think you need to do anything with your online server but rather do a full sweep of your computer. The only reason your server would have a malware issue is because you uploaded something from your PC that has that malware.

If you want secure service, then dedicated server will be a good option for you cos only you will have access to the server.

Quote:

good Fire-Wall support is needed

Can agree with you entirely.. Besides, it will be great to have DDos protection.

I use ipage and I have just had exactly the same warning. After a day I have gone into Sitelock and the warning has gone and my site is verified. Sitelock wanted $60 to get rid of it. Was I just about to be scammed?

I would take these security upgrades and messages with a grain of salt. It is very ambiguous and are too gimmicky to be even useful.

I am having a website built by a freelancer from this site. The website will be done in about 20 days..... The website is a city classified ad website. They will need to make a username and password to use the site and post. I will be using paypal for all of our money transactions. So the question is what do i need to do to keep my website safe....or what do i need to ask of the web developer while he's building the site. I'm looking into trust guard and getting a ssl. I will be using a vps either from knownhost, jaguar or vpslatch to start out with, due to the site being potentially large with so many images and ads etc. I have very little computer programer knowledge....NEED HELP!!

if you are using a PayPal gateway your pages don't need to be "secure", PayPal do.

Also a SSL certificate does NOT secure a web site

So a ssl is not worth the money you are saying without saying? What about trust guard? Does anybody have any opinions/thoughts on trust guard?

No, if you are collecting any personal information (other than name and address details) from customers you need to secure the communications with SSL and if you are collecting or storing personal and financial information on your systems you need to be PCI Compliant (Expensive)

By using a payment gateway (Worldpay, Authorise.net, PayPal or similar) the financial details are collected away from your website and your pages simply pass the amount to be collected from the customer to the processor.

I got it! Thank you for the reply. The only thing i will be collecting from users will be a username and password,Full Name, state, city,zip code and "completely optional" phone number. Everything money wise will be processed via Paypal.

This is interesting, makes me now realize why so many companies are using 3rd party checkouts--like Paypal. I really think this is the best bet. Also did not know you had to get that $$$ expensive upgrade compliance thing if you were going to collect payments, etc etc. Etsy just implemented their own inhouse shopping cart you could use to avoid paying with paypal, but instead of a massive savings it's almost the same price if not more. Bet they have to recoup their "investment" of getting "secure" aka PCI COMPLIANT