On January 27th this website was breached and immediately shut down. This immediate response from my web host is the first bit of good news that I hope quells any fears you may have when on my site. My host is one of the best and a watchdog for networks all over the globe (why we service them). It is only because of their breadth of experience and sharp eyes everywhere that my breach was detected so quickly and the site shut down. Though my host cannot guarantee that unauthorized individuals did not take names, addresses, passwords and emails, everyone I have spoken with agrees that it is highly unlikely. Also, all payment details are linked only to my credit card processing platforms and so cannot be accessed from my website. Phew;)
SINCE THE BREACH, THE FOLLOWING EXTRA MEASURES ARE UNDERWAY:
We immediately invested in a security audit of our website to clean up any debris, secure any vulnerabilities and remove any out-dated plug-ins, inactive themes or old data that could easily compromise the site. Some of the changes necessary are adding CAPTCHA to all forms on the site, updating PHP version and scanning any new plug-ins for readme.html and license.txt files. If found, they will be immediately deleted as they pose a safety risk to the site’s security. We will be finished with all tasks suggested by our auditor on February 6, 2021.
THE GOOD NEWS? Apart from credit card info linked to Square and Paypal and so not accessible through the site, our audit revealed there is no Blacklist or malicious tools like Malware on our site and there have also been no brute-force log ins to our site. Our FTP access is allowed only for trusted IP addresses and there are no MYSQLusers accessing us remotely – Lots of terminology not necessary to know unless you are a business with an online store. For everyone else, just know that this is really good news.
Moving forward we will invest in annual security audits to make sure we are doing everything possible to safe-guard our customers in a rapidly-changing cyberspace.
Any questions, always email me firstname.lastname@example.org