A message to our clients (and prospective clients) from the President of Hannush Web.

We look forward to a promising 2017 after a very challenging 2016. There are some big changes coming to the web and our web hosting this year. 

The Biggest Change to the Web Since Responsive Design

As you recall, the web changed immensely with the introduction of mobile responsive design in 2012. In 2017 there is about to be another revolution, this one in website security and we're a step ahead of it.

No doubt you've heard about Russian and Chinese hackers, the billions of Yahoo! passwords compromised, DDoS (Distributed Denial of Service) attacks that took down a large part of the Internet for the East Coast, etc. Well so have some major players in the industry and they are about to enforce some major changes for website owners.

Did You Know Google Will Soon Require SSL On All Sites?

Most of you know, Google was giving sites with SSL Encryption a boost in search rankings to promote their use. But now Google Chrome is going to flag some sites as "Not Secure" as soon as January 17th, then all sites in the near future, while adding further search engine repercussions.

google chrome not secure

Requiring SSL is a great first step in security. But it's a little like locking your front door while leaving your windows and backdoor opened. Yes, SSL encrypts communications between your site and your customer, but what if your site or their computer is already infected? You could be passing viruses and malware back and forth through encryption.

How Would a Hacker Find My Site?

Is your website in the search engines? Do you have a domain name? Then they can sniff out your site. And it's not someone just sitting at their computer. Hackers write automated scripts, hunting for out of date software and weak defenses. It's easy for them. They just tap on doors until they find an opening.

To close those openings, we pushed to get our clients to update their own security, but during a recent audit, only 7% of sites were being updated properly (this isn't just our client base, it is an epidemic across the web). Hackers got to a few of our sites. They leave little "backdoor" hacks that are hard to detect. And those hacks sit there, waiting to be activated by the hacker, sometimes months later. We had one hack that took 9 months to show itself.

So How Can We Protect Your Site?

For the last year, I've been asking myself that same question. We don't ever want you being told by your customers that they are getting anti-virus warnings when visiting your site. We don't want you losing ground in SEO and being flagged as "Not Secure" by Google Chrome. We don't want our hosting partners shutting sites down for having malware on them. And we definitely don't want surprising backdoors opening up and helping a hacker steal your customer's information or damaging your website and reputation. You need to protect your customers!

Step One: We Take Over Security Updates

I thank the few of our clients that were faithful to their updates. But it's just too much of a risk to your site and all the others on that same server to let clients forget to do updates. And I would need to do audits within 24-48 hours, so at $50 a pop, if I get to it before you do, it can become costly.

joomla security update control panel validation pre

So in 2017, we are adding $10 per month to our hosting charge and we're going to take over the updates. This gives both of us peace of mind at a very low cost. We are increasing our base hosting to 3GB from 1.5GB so some clients may actually see a decrease in hosting costs with this change.

Step Two: Anti-Virus and Malware Protection

It may surprise you to know that hosting companies do not offer anti-virus or malware protection as part of their main service. They have a firewall around their servers as a whole, but not individual site protection.

But while at the Joomla! World Conference in November, I found a highly trusted company that provides this service at a very affordable price and we can finally offer that protection to you, our clients.

How Anti-Virus Saved a Client's Reputation

Recently, a client's site that hadn't been updated was hacked. We tried to find the hack ourselves, we had the hosting company scan for it...nothing. But the client's customers insisted that the site was hacked, even though I couldn't get my own anti-virus on my computer to see it. Finally, we got permission from the client to utilize our new anti-virus and malware partner tools and we had the hack cleaned up in hours (and there were a lot of bad files found). And since we've been monitoring their firewall, on average we see 1300+ attempts to hack their site PER DAY! Yes, all for a little small town website. All of them stopped by the firewall, while the monitor scans the site daily to make sure no new hacks arrive. It really works!

bad requests blocked

It even cleaned up a lot of the spam in their Google Analytics reports.

So how many hackers are tapping on your door? That is the magical question. Here is a view of that client's visitors in a real-time report (red are denied requests):

bad actors

What We Are Offering is the Best Protection in the Industry

What I learned at the Joomla! Conference is that we are already ahead of the curve on security. WordPress has a big target on it's back and it's users are usually not experienced with protecting their sites. And because they use questionable third-party plugins, instead of custom coding like we do, they add to their vulnerability. Add to that, these site owners don't update their plugin's regularly and you see why our sites are more secure.

But even though our custom Joomla! sites are more secure, we shouldn't bury our heads in the sand. Your website is one of your biggest marketing sources. A hack can tear down all you've built up very easily. 

So first, we will take over and make sure your CMS security updates are being made within 24 hours of release.

And second, I highly recommend adding our new anti-virus and malware protection to your site. It includes a firewall, a free SSL certificate (to appease Google), immediate temporary patches for Joomla! and WordPress, a cap on any hack cleanup expenses at $200 and as the security company says, decreases the chance of your site being hacked to less than 1%.

And it only costs $25 per month.
(an SSL Certificate installed alone costs 2/3rds of this price)

How Do You Get This Protection?

We have a scheduled 6-month roll-out of this program to our current clients and will offer it to new clients in our proposals. We will give you the opportunity to opt-in or out of the anti-virus program. The security updates will be required to continue hosting with us.

If you're ready for protection now, please contact Drew at 864-918-5992. We'll reward early adopters of the anti-virus program with 10% off of the first year. But this is a limited time offer and you must request the discount.

It can be paid for monthly or yearly and we now take credit cards for your convenience! We want our managed hosting option to be your best bet going forward.

Let's All Have a Great 2017!

We're always looking for ways to make your site better, stronger, faster (sorry, been watching my Christmas present of "The Six Million Dollar Man" boxed set). Let's make this year amazing.

Wishing you a safe, secure and prosperous 2017!

- Drew Hannush
President, Hannush Web