E-commerce businesses are expected to continue on their uptrend over the next few years. The global pandemic triggered a massive shift in consumer behavior that resulted in a 27% increase in e-commerce sales from 2019 to 2020. According to a study by Statista, global e-commerce sales will hit US$6.4 trillion in 2024.

Of course, lucrative industries will attract opportunists who have malicious intent. Cybersecurity Ventures has run a study on cyber-criminal activity and estimates that losses due to cyber attacks will hit US$10.5 trillion in 2025. 

One type of attack that will become prevalent over the next few years is carding. 

What Is Carding?

Carding is a type of cyber-attack whereby the criminal launches multiple attempts to approve several stolen credit cards. The criminal does this by identifying a number of e-commerce sites and making small purchases to test the validity of the stolen credit card numbers.

How Can Carding Damage My E-Commerce Business?

A credit card holder who sees questionable purchases on his credit card statement will not waste time. He will immediately address the matter by contacting the credit card company and challenge the authenticity of the purchase. 

The questionable purchase is called a chargeback and can be damaging to the merchant. If the dispute is successful, the merchant will be forced to reverse the charges and issue refunds to the customer.

Chargebacks are not only financially damaging to your e-commerce business. They can tarnish the reputation of your website with customers, and credit card processing companies.

How Do You Know You’ve Been A Victim Of A Carding Attack?

A cyber-criminal sets out a carding attack by unleashing a bot that has been programmed to perform several small purchases on various e-commerce websites. 

The stolen credit card numbers that yield positive results will be summarized in a list that will be used either to make more purchases or to be sold to a larger cyber-criminal organization.

How do you know that your e-commerce site has been targeted for carding attacks?

Here are signs to watch out for:

  • A larger than usual number of cart abandonment incidents.
  • An abnormally high number of failed credit card transactions.
  • A significantly high number of attempts at the checkout counter.
  • A high volume of failed attempts originating from the same IP address.
  • An alarmingly high number of chargebacks.
  • Shopping cart sizes are unusually small.

When you see any one of these signs on your website, don’t ignore them. Act right away.


How To Protect Your WooCommerce Platform Against Carding Attacks

WooCommerce is one of the most popular open-source e-commerce plugins for websites. In 2020, it was estimated that more than 3.9 million websites use WooCommerce.

If you’re using WooCommerce, you could be one of the many e-commerce websites that’s being targeted for carding attacks. 

We created a shortlist of techniques and processes that you can implement to protect your WooCommerce platform against carding attacks by cyber-criminals.

1. Multi-factor Authentication

Since cyber-criminals need multiple attempts to validate the stolen credit card numbers, multi-factor authentication will make the bots or the user exert more effort and potentially reduce the number of verified credit cards on the list.

With Multi-factor authentication, the user goes through multiple tests to prove his credentials in order to access the website. The credentials used by MFA are usually a combination of what he knows such as a password, a security test, and/or a biometric verification test. 

2. Fingerprinting

Fingerprinting is a process that seeks to identify who or what is trying to log in to the website by tracking down the browser of the user and linking it to the device that’s being used to make the connection.

When launching a carding attack, a bot will go through several attempts. By doing so, he will not be able to switch devices every time. The cyber-criminal will have to go through the process of clearing the cache of the device, switching to incognito mode, and changing browsers. 

3. User Challenges

If you use PayPal, you’ve probably had to deal with a user challenge designed to check if you’re human or a bot.

This user challenge is a type of Captcha program that seeks to verify you’re human by asking you to check on a box. 

Simple enough, but then the program shifts to another type of Captcha. One that asks you to identify a specific object – such as a bike or stairs – from a series of images. 

In some cases, the images are misleading. You will be forced to stop, analyze, and rely on intuition to choose the right answers. 

Certainly, this process can throw off a carding attack bot. 

4. API Security Technology

Popular e-commerce sites and payment platforms include credit card facilities in their API to improve user experience by making payments faster and more convenient. 

But these credit card facilities are frequent targets of carding attack bots. For this reason, these websites have integrated API security technology that’s specially designed to protect against carding attacks. 

Stripe is a good example of an API security program that can protect your e-commerce website from being infiltrated by carding bots. 

Stripe is a payment gateway that’s used to process credit card payments. To thwart carding attacks, Stripe uses a combination of automatic and manual processes that will diffuse the effectiveness of these bots. 

Examples of these anti-carding processes are:

  • Machine Learning
  • Rate Limiters
  • Alerts 
  • System Reviews

Likewise, Stripe wants to make it easy for their customers to access customer service by providing 24/7 support via email, inbound phone calling systems, and chat.

The best thing about Stripe is that you can integrate it with WooCommerce without incurring expenses. 

5. Bot Pattern Analysis

We mentioned Machine Learning in the previous section as one of the safeguards used by Stripe to detect carding activity.

Machine Learning analyzes carding bot behavior and attack patterns so it can determine the type of bot program and arrive at the most effective course of action to extinguish all verification attempts on the website.

Machine Learning programs review a large number of data to pinpoint the originating URL, the patterns of mouse, keypad, and swiping behavior of the carding attack bot as well as analyze site metrics in real-time. 


Setting up an e-commerce site for your business is a great way to capitalize on the shift in the purchasing behavior of consumers. More people are going online to find products and services that meet their needs.

And unfortunately, you’re not the only one who recognized this. Cyber-criminals are going to find ways to exploit opportunities and launching carding attacks are just one of the many schemes they will bank on to tear down what you’re building up. 

Installing SSL Certificates is a step in the right direction but it might not discourage criminals from undertaking carding attacks. 

We recommend adding other layers of security such as those discussed in this article to protect your e-commerce website from the threat of carding attack bots and stop them in their tracks.

We hope you found our article helpful and that it gave you valuable insights on the importance of fortifying site security. If you have any questions, please feel free to contact us or drop us an email. 

Let’s schedule a meeting so we can discuss how we can transform your website into an impenetrable fortress against cyber attacks.

And if you enjoyed this article, please feel free to share it with your friends who are planning to set up an e-commerce site for their businesses.


One reason why WordPress has become the most popular website development and content management platform is the sheer number of plug-ins available for you to choose from. 

More than 55,000 plug-ins! 

With so much to choose from, how would you know which plug-ins will work best for your website and help you achieve your business goals?

What Is A Plug-In?

A plug-in is a software program that is designed and developed to carry out specific functions, improve the performance of your website, or add features to your website’s current program. 

Plug-ins are written using the PHP language and are easily integrated into WordPress. 

You don’t need an IT professional to install a plug-in. The good people at WordPress saw to it that those without knowledge of coding can add plug-ins on their own. 

The reason for this is that most WordPress plug-ins are for free and are not covered by Tech Support. As long as you are the administrator of your website, you can install a plug-in.

Plug-ins are important because they allow you to improve the functionality and performance of your website. As we like to tell our clients at Mountaintop, “Whatever your business needs, there is a WordPress plug-in for it.”

Do you want to add contact forms? Are you looking to speed up your website? Is an e-commerce portal something you’re considering for your business? 

There is a WordPress plug-in for that!

What Are The Best WordPress Plug-Ins For Your Business?

1. Yoast SEO

You can have the most beautiful website on the Internet with content written by award-winning writers but unless your website is optimized for search, no one will find it. 

Yoast SEO is perhaps the most popular plug-in for optimizing your website. What can Yoast SEO do to help give your search ranking a boost? 

  • Enhance your brand building strategies by providing you with the best templates for title and meta descriptions.
  • Take advantage of Yoast SEO’s innovative Schema implementation which helps search engines understand your website and improve your chances to contend for the high volume search results.
  • Access to tools that improve the searchability of your content such as SEO analysis and Readability analysis.
  • Use Yoast SEO’s Snippet Preview to get a peek into how your page will appear in the search results.

And much more!

Yoast SEO is like a do-it-all plug-in for your website. In addition to optimization, Yoast SEO has features that allow you to manage your website and ensure it can perform at its best all the time.

2. Ninja Forms

The great thing about having a website is that it can do everything for your business. 

If a prospective customer wants to find out more about your products and services, he can simply fill out an inquiry form.

If someone wants to attend a seminar you are hosting, he can sign up via your website’s event registration form.

These are the advantages of having forms on your website. And one of the best plug-ins to use is Ninja Forms. 

How good is Ninja Forms? It has been downloaded more than 11,000,000 times!

3. WooCommerce

So you started out with a standard business website but have decided to sell some products. Should you pay for a new e-commerce website?

No need! All you have to do is download the WooCommerce plug-in!

WooCommerce is an e-commerce plug-in that has been designed and developed for WordPress. This amazing plug-in is fully customizable to fit the needs of your business. 

WooCommerce is fast and easy to set up. Within minutes, you can have an e-commerce feature with payment and shipping options that are 100% safe and easy to use.

If you plan to use WooCommerce on your website, you will be in good company! WooCommerce is used by Google, PayPal, MailChimp, and Facebook among other big-name companies. 

4. OptinMonster

Email marketing has been proven to be one of the most effective digital marketing strategies for converting interest into paying customers. According to a study by eMarketer, the average ROI on email marketing is 122%.

With these in mind, you should have email marketing as part of your digital marketing toolbox. One of the best plug-ins to optimize your email marketing strategy is OptinMonster. 

OptinMonster will provide your site with high-performing and easily customizable opt-in forms that allow you to target specific segments of your audience. 

Are potential customers abandoning their shopping carts at your e-commerce site? Don’t worry! OptinMonster can convert the visitors who abandoned their carts into email subscribers.

5. Updraft Plus

Part of your website’s security and protection protocols should be an automatic backup of your assets. Without backup, if your website gets hijacked by cyber-criminals, your assets will be hard to retrieve. 

Updraft Plus is one of the most popularly downloaded plug-ins for WordPress because it triggers an automatic backup of your system. You can keep your assets safe in secured sites such as DropBox, Google Drive, or Rackspace.

If your website goes down, you can easily get it back on the Internet because your assets have been held safe and secure. 

WordPress Security 

The next 2 plug-ins – WordFence and iThemes Security – are some of the best security plug-ins you can install on your website. 

We have written about WordFence in our article “Why You Need WordFence For Your WordPress Website.” 

For its part, iThemes Security has a lot of security features that can protect your website from different forms of cyber-attacks.

6. WordFence

We cannot understate the importance of security for your website. It’s estimated cyber-criminals launch 30,000 attacks every day. Because WordPress is the most popular CMS on the Internet, it’s a safe bet these attacks are centered on WordPress websites.

One of the best security plug-ins for WordPress is WordFence which functions as a malware scanner and firewall. The app is designed by Defiant.

The objective of Defiant in developing WordFence was to address cyber-attacks that were coursed through flaws in the website’s Cross-Site Scripting program or XSS. 

If a visitor landed on a compromised home page, he would be redirected to a malicious website.

According to Defiant, WordFence has been downloaded more than 150 million times. 

7. iThemes Security 

Your WordPress website can become vulnerable to cyber-attacks due to faulty plug-ins, weak passwords, and the lack of adequate security. Unless your website is covered by round-the-clock security, you could become a cyber-security statistic while you’re sleeping. 

iThemes Security is a high-level security plug-in that does not fall asleep on the job. It will give you more than 30 ways to protect your website from various threats. 

Some of the plug-in’s security features include:

  • Two-Factor Authentication
  • Scheduling of Website Malware Scanning
  • Assistance in Creating Stronger Passwords
  • Integrate Google CAPTCHA
  • Immediate Scanning of Your Website to Identify Vulnerabilities

When it comes to your website’s security, it’s a good idea to have more than one plug-in. 

Website Speed And Performance

To move up the search rankings, your website has to ensure top-level user experience all the time. For this reason, website speed should be a priority. 

According to Google, 53% of mobile users will abandon the search if the page fails to load within 3 seconds. 

Your website has to be user-friendly. This is very important if you have an e-commerce website. Similar to shopping at a high-end mall, you want to make sure the shopper is having a great time inside your store. 

8. JetPack

If you must have only one WordPress plug-in for your website – surely, JetPack should be on the shortlist. 

JetPack is an all-in-one plug-in that can provide multiple amazing features for your website:

  • 24/7 Security for your website
  • Use built-in tools that can improve your website speed, optimize images for search, and reduce bandwidth usage so you can save more money.
  • Thinking of selling merchandise? Add PayPal buttons to your website.
  • Use JetPack’s SEO tools to optimize your content in your various social media sites.

9. WP-Optimize

WP-Optimize is an important plug-in to have for your WordPress website because it will help speed up download time. 

How? WP-Optimize offers you 3 benefits that focus on improving site speed and performance:

  • Removes unnecessary data to clean up your database and retrieves space that was lost due to fragmentation.
  • Compresses large image files that slow down your website.
  • Caches data and stores it in a temporary storage space for quick retrieval.

WP-Optimize also has a unique “minification” feature that minimizes the size of your assets. This results in fewer requests to your server which improves performance and the loading time of your website. 

10. WP Rocket

WP Rocket is a plug-in that helps improve the performance of your website and speed up its loading time through a host of features:

  • Caching the web pages for faster viewing
  • Caching for logged-in subscribers and for mobile users.
  • Reduces the volume of http requests.
  • Incorporates a GZIP Compression system that reduces the amount of bandwidth usage.
  • Concatenation and minification of CSS and JS files.

And many more!

WP Rocket is compatible with WooCommerce which is a big plus because many performance-optimization plug-ins aren’t. 


The great thing about having a website for your business is that you can introduce improvements any time you wish without shutting down, unlike a brick-and-mortar location. 

There are free versions of these plug-ins that give you access to the basic features. For a small fee, you can acquire the more advanced versions with upgraded features and more tools to improve your website. 

The fees are reasonable and if you think about it, are justifiable if the additional features will significantly contribute to the protection and performance of your website and eventual success of your business. 

What about you? Do you have a favorite plug-ins? Please share your thoughts in the comments section.

And if you want to improve your website’s performance and security, please feel free to give us a call or an email. 

The number of cyber-attacks continues to increase every year. According to a study by Accenture, security breaches have increased by 67% since 2014. Meanwhile, another study from the University of Maryland revealed that hackers attack every 39 seconds.

Cybercrime has become a lucrative “profession” with the industry estimated to have earned US $1.5 Trillion in profits. 

WordPress is the most popular website design platform in the world. Presently, 62% of websites run on WordPress. Thus, it made perfect sense to have a defense system designed specifically for WordPress.

Enter Wordfence.

Wordfence is a plug-in that functions as a malware scanner and firewall. It was developed by the cyber-security firm, Defiant specifically for the more than 3 million WordPress websites operating on the Internet. 

According to Defiant, Wordfence has been downloaded over 150 million times and this proves the plug-in’s effectiveness in protecting WordPress websites from cyber attacks.

Wordfence Uncovers New Threat To WordPress Sites

Last April 28, 2020, the Threat Intelligence Team of Defiant observed a significant increase in the number of attacks that were focused on capitalizing weaknesses in Cross-Site Scripting or XSS.

Within a few days of its discovery, the team noted that the frequency of attacks had increased by 30-times above the average number of attacks recorded in the company’s database.

After conducting a thorough analysis, the team concluded that there was a single threat actor responsible for the bulk of the attacks. The objective of the threat actor was to inject a suspicious JavaScript that would implant a backdoor via the theme’s header by redirecting site visitors.

Further investigation revealed that the threat actor also targeted other weaknesses which enabled the malicious program to switch the URL of the website’s Homepage to the one used by the XSS payload.

By doing so, visitors to the compromised Homepage would be redirected to a malicious, malvertising site. 

Defiant’s team believes that the threat actor had a history of launching attacks but of a smaller scale. The team’s data indicates that the threat actor only became aggressive recently and ramped up the scale of attacks to more than 20 million. 

Defiant suspects more than half a million websites were attacked on May 3, 2020.

Websites that signed up with Wordfence’s Premium package, as well as those with the free version, were protected from the XSS attacks because of the program’s built-in protection feature. 

Wordfence has a Web Application Firewall that runs a set of rules designed to protect the website from attempts by cyber-criminals to change the URL of its home page. 

Why You Need Wordfence

Defiant theorizes that the attacks were coursed through vulnerable entry points in your website that was presumably resolved months – even years earlier.

It is standard procedure to keep your plug-ins updated to their latest versions, remove plug-ins that are hardly being used, and to completely delete plug-ins that are no longer in the WordPress plug-in repository.

Although Defiant’s study did not indicate that the latest versions of WordPress plug-ins are vulnerable to these types of attacks, having Wordfence and its Web Application Firewall installed will give you reinforced protection in case there are lingering vulnerabilities in your XSS that have not been resolved.


As you have read, a cyber-criminal can increase the frequency of attacks rapidly within a matter of days. You don’t know if your website is being targeted so it is always safe to err on the side of caution. 

Downloading Wordfence will provide your WordPress website with a line of defense that will keep cyber-criminals from infiltrating your XSS through vulnerable channels. 

Extreme WordPress care - what types of plans we offer

There are many website platforms that you can use to build your website. At Mountaintop, we have studied and built websites with most of these popular platforms. Our knowledge and experience have led us to one conclusion.

When it comes to designing, building, and managing websites, WordPress is the best platform to use. We are not alone in this assessment. 30% of the top 10 million websites use WordPress.

Here is a shortlist of statistical evidence that shows why WordPress websites rule the Internet:

  • 48% of Top 100 Blogs under the Technorati advertising platform run using WordPress.
  • 22% of all newly-registered business website domains in the United States use WordPress.
  • More than 74 Million websites use WordPress.

For these reasons and more, we strongly recommend WordPress as the website platform for our clients.

9 Benefits Of Using WordPress For Your Website

Over the years, clients have come to us complaining about their current website platform. Among the common complaints were as follows:

  • The website was hacked; in some cases, the website was infiltrated by cyber-criminals multiple times.
  • The website frequently broke down or did not function properly.
  • The website was difficult to update and manage.

Our first recommendation is to transfer the website to the WordPress platform. As expected, despite the long list of problems with his website, the response from the client is always:

“Why should we transfer to WordPress?”

1. WordPress Is Free

Let us start with an easy one – WordPress is for free! You can download WordPress, install it, and customize it according to your needs without spending a dime.

However, you still have to pay for your domain name and web hosting which are needed to install WordPress.

The domain name is what Internet searchers will type on their browser’s address bar in order to visit your website.

An example of a domain name is www.mountaintopwebdesign.com.

The web host is the platform which houses the servers where all of the assets and files of your website are located.

2. Easily Customizable

Are you thinking of starting a blog site? How about a business website or an e-commerce website? WordPress has thousands of website themes or templates to choose from.

These templates are highly customizable. A standard WordPress template comes with its own panel which showcases different options that allow us to change the look of your website.

We can play around with the various color selections and match them with the ideal background. Likewise, we can design eye-catching website sliders for your homepage. A slider is also known as a slide show.

This is a great tool for highlighting the key selling points of your business. We can display your signature products or perhaps a few powerful testimonies from your regular customers.  

We can also adjust the “feel” of your website. WordPress comes will plugins which function like apps. Each plugin has a specific function that can introduce a new feature to your website.

3. Google LOVES WordPress

When he was still a software engineer for Google, Matt Cutts referred to WordPress as one of the best software for the search engine giant. WordPress will help your website move up the search rankings because it is designed to accommodate SEO principles.

Search Engine Optimization (SEO) is the process of using various techniques and strategies in order to rank high in the organic or natural search results of the search engine.

By using WordPress for your website, you are already several steps ahead of the competition. This is because WordPress websites are constantly upgraded with plugins that help optimize content, functionality, and overall user experience.

What are the key ranking factors in Google’s search algorithm?

  • Website Speed
  • Navigability
  • Image Optimization
  • Text Optimization
  • Mobile- Responsiveness

These are all made possible with WordPress.

4. Easy to Manage

WordPress knows that not all of its users are tech-savvy. That is why they built-in a management system that functions to update the platform whenever a new version, plugin or program is available.

Of course, as small business owners, the majority of your waking hours should be dedicated to running the day-to-day activities of your business.

Even if WordPress can send you automatic notifications of software updates, because of your busy schedule, you might overlook it.

This is the reason we recommend that our clients avail of our Extreme WordPress Care Plans.

These are programs which we developed to help clients focus on the demands of their business by leaving their WordPress website to the care of our highly-experienced and capable, professional website designers.

Put simply, we will manage your WordPress website for you. From updating plugins to improve functionality, mobile-responsiveness, site speed, and security, you can sleep soundly every night knowing your business is in good hands.

Extreme WordPress care - what types of plans we offer

5. WordPress Is One of the Safest and Most Secure Website Platforms

A lot of responsibility comes with being the most popular website platform on the Internet. With more than 23% of websites running on WordPress, that means hackers are working overtime to break through your defenses.

Hackers will constantly try to find vulnerable areas on your website which they can use as entry points to steal your valuable data.

WordPress is not oblivious to this and regularly issues updates on security plugins and website system upgrades. Unused and outdated plugins can easily be overridden by hackers and before you know it, your data is all gone.

Even though WordPress makes it easy to update plugins, fortifying your website is a more sensitive and technical matter. This is another reason why you should seriously consider our Extreme WordPress Care Plans.

Sign up for one of our Extreme WordPress Care Plans and we will protect your website’s assets from the consistent, almost daily attacks from these malicious hackers.

6. WordPress Can Accommodate Various Types of Media

Gone are the days when a website was primarily used as an online marketing brochure. Today’s websites are more dynamic and interactive. It is no longer enough to pack your web pages with optimized text content. The Internet community is more demanding. They want high-quality images and videos.

WordPress has an answer for all of your multimedia concerns. It has a built-in media up-loader which can accommodate different types of media.

Do you want an interactive and compelling homepage that will help you generate leads and increase conversion rates?

We can embed your explainer YouTube video on the home page so you can get more views and opportunities for sales. We can do the same for your Instagram photos and SoundCloud audio files.

7. WordPress Is Mobile-Responsive

As we mentioned earlier, mobile-responsiveness is a ranking factor in Google’s search algorithm.

What does it mean to be mobile-responsive?

It means that when someone clicks on your URL from a mobile device, your website should set up nicely on his screen. If a mobile user has to zoom-in to read your content, chances are he will leave and go to your competitor.

If your website is not responsive to mobile devices, not only will you lose potential business opportunities but Google will penalize you down the search rankings.

WordPress has designed templates that are fully mobile-responsive. These templates are not only beautiful to look at but also highly-functional. We can set and improve these designs so that they can set up faster and more efficiently on mobile devices.

8. Do You Want to Blog? WordPress Has a CMS

CMS stands for Content Management System. This means you can publish blogs on your WordPress website.

Why should you blog anyway?

People who go on the Internet are always searching for content. And the cornerstone of any content marketing strategy is blogging. Studies have reported the following benefits of regular blogging for businesses:

  • 23% of Internet time is spent reading blogs.
  • Companies that blog have 97% more indexed pages.
  • Websites that have a blog page have 434% more indexed pages.
  • 61% of consumers have made their buying decision after reading a blog.
  • 81% of consumers from the US trust advice from a blog.

For your blogging strategy to be effective, you should be publishing content at least 16 times a month.

If this schedule is too much for your busy schedule, outsource it to us. Many of our blogs have been cited by renowned websites such as UpCity as among the best in the U.S!  

9. Integrate Your Social Media Accounts with WordPress

Before social media, a restaurant that was opening for business had to spend thousands of dollars to prepare and publish marketing collaterals such as press releases, full-page ads, advertorials, product shots, radio air-time, and hire an expensive publicist to put everything together.

With social media, traditional marketing channels have become obsolete. That restaurant would only have to open a Facebook page to build followers, a Twitter account to mass market special promotions, and an Instagram page to highlight the main products.

At very little cost!

Add to that the ability of your WordPress website to integrate your social media accounts. It would be easier to distribute content from your website to your various social media accounts so you can have more visits.

Your website has become a central online hub for your business. Your digital marketing strategies can create inbound traffic that is necessary to drive more traffic to your website. It is an effective way to open up your sales funnel and potentially convert followers to paying customers.


The Internet is home to billions of consumers searching for content every single day. In order to capitalize on its available opportunities, your business should have a website.

And you should only settle for the best website platform on the Internet – and that is WordPress.

If you are thinking of setting up a WordPress website, give us a call and avail of our free 30-minute consultation. We will let you know how we plan to design and manage your website so it can deliver the best results for your business.

If you are not happy with your current website platform, transfer to WordPress! We will help you get started! We a ranked as a top WordPress Developer and top WordPress Web Design company.

the journey to success is similar to climbing a mountain

ICANN is the acronym for the Internet Corporation for Assigned Names and Numbers. ICANN is a non-profit organization that is responsible for ensuring the stability, integrity, and secure operation of the Internet.

The first step to buying a domain name is to look for a registrar that is accredited by ICANN. Once you buy the domain name, the registrar will be required by the laws and provisions governing ICANN to enter your personal information into its WHOIS database.

The WHOIS database is a directory that is highly searchable. It can be accessed free-of-charge by any person who wants to verify the authenticity and availability of a domain name.

What personal information will be uploaded?

  • Your complete name
  • Email address
  • Business address
  • Contact numbers

If you are the type of person who does not want to give out these types of personal information to public listings, you should register your domain as private.

By choosing private domain registration for your domain name, your personal information in the WHOIS database will be replaced by those of the registrar’s own information.

In fact, some domain name registrars can even come up with a unique email address that will be listed as your contact email address on the WHOIS database. This way, your company or personal email address will remain secure from individuals who have malicious intent.

3 Reasons Why You Should Register Your Domain As Private

Despite the potential risks to personal information, there are businesses that opt for business registration.  

To clarify, business registration means having your personal information listed openly in the ICANN WHOIS database. They want to have their business data publicly accessible for the following reasons:

  • Promote their business
  • Create impressions of trust and transparency
  • Enhance the online presence of the business

We understand the importance of promotion and the value of establishing trust and transparency with the market. However, there are other ways – much safer and lower risk ways – of promoting the business.

That is why at Mountaintop, we always recommend that our clients register their domain name as private.

Is private domain registration an add-on service? Yes, which means opting for it will entail a fee that is separate from the usual cost of registering a domain name. Think of the fee as your insurance premium for keeping your personal information safe from hackers, online criminals, and other unsavory groups on the Internet.  

Here are other reasons why you should register your domain as private:

1. Personal Information Should Be Kept “FYEO”

If your personal information is made public, it is not just the hackers you should worry about. Your information can be used by marketers, suppliers, and competitors to serve their own purposes.

You might find yourself inundated with phone calls from telemarketers. Your inbox could be flooded with product or service offerings from vendors and suppliers. With your key information out, you may leave your business vulnerable to cutthroat strategies from your competitors.

For example, an aggressive but unscrupulous competitor may contract the services of a cyber-criminal to run phishing expeditions on your email. A competitor may try to get spies to procure sensitive information from you via phone.

We will discuss the importance of keeping your email secure toward the end of the article. You may be surprised at the extent of damage you can incur by having your email compromised.

In business, it is always a good practice to keep your sensitive or confidential data as FYEO or For Your Eyes Only. Information such as email addresses, phone numbers, and business address should be given judiciously.

You want to give these types of information only to entities that can directly contribute to the growth of your business such as:

  • Stakeholders – or those who are part of your value chain. This shortlist includes qualified suppliers/ vendors, current and prospective clients, management and select personnel, and business partners.
  • Strategic Partners – Strategic Partners are entities – companies or individuals – where formal arrangements are entered into for the benefit of your business. An example would be an outsourcing agreement between you and an outsourcing service provider.

As we mentioned, you can promote your business without having to disclose personal information. A good example would be to run a Digital Marketing campaign.

A Digital Marketing strategy that incorporates processes such as SEO, content marketing, social media marketing, and PPC or Pay-Per-Click Advertising can successfully increase awareness and enhance the Internet profile of your business without revealing your personal information.

learn more about web design with coffee cup on desk in blue

2. Number of Cyber-Attacks Will Continue to Increase

In our article, “Why Is It More Important To Secure Your Data In 2019”, we shared our opinion that acts of cyber-criminality will continue to increase over the next few years.

Cyber-crime has become a lucrative industry. Highly sensitive data such as Social Security and bank account numbers, credit card numbers, birth dates, email addresses, and phone numbers can fetch a good price on the dark web.

All a cyber-criminal needs is a small opening. Once he gets access, your confidential data becomes at risk. Unlike a brick-and-mortar business where access points are doors and windows, the Internet provides multiple points of entry:

  • Outdated plugins
  • Outdated or unused software
  • Obsolete antivirus programs and firewalls
  • Weak passwords
  • Lax administrative processes
  • Opening suspicious emails
  • Accessing suspicious websites

Driven by profit, these cyber-criminals are motivated to stay ahead of the cyber-security experts. In fact, agencies such as the CIA and the FBI are fighting fire-with-fire by hiring hackers to come up with more powerful anti-malware tools and programs.

It is a good idea to err on the side of caution and invest in programs that will protect your personal data.

Last year, we launched our Extreme WordPress Care Plans. These programs are designed to help our clients manage their websites, make sure they are running in perfect condition, and protected from malicious attacks.

As an entrepreneur, your time is best dedicated to the core functions of your business. Leave domain security to us! You can sleep well knowing that your website is under close guard and watch 24/7.

3. Secure Your Email

If there is a singular way or process that best represents our online activity, it would be the email.

Think about it.

We check our emails more than we check our social media accounts. We use our email to sign up for newsletters or gain access to some websites. Whenever you run online banking transactions, chances are your email address is needed to verify your identity.

Online shopping, social media… the list goes on. Your email is the key that allows you to gain entry into these platforms. If someone grabs ahold of your email address, these platforms can be compromised.

Can you imagine what would happen if someone gained access to your webmail? He could easily search and find every website you frequent including your online banking platform. All the hacker needs to do is to request the website for a password reset.

The hacker can also view your Inbox and sent messages. With that information, the hacker can establish your weekly calendar of activities and determine your whereabouts.

The hacker can find out your schedule of online conference calls with clients and eavesdrop on the discussion. If you save work on Google Drive, Google Docs, and Google Sheets, your documents can be stolen by the hacker.

We bring these scenarios up with clients whenever we discuss the importance of registering their domain as private.


As we mentioned earlier in this article, be judicious when it comes to giving out personal information such as email. On the Internet, you do not know who is searching and watching. Whenever you are venturing into the Internet, always think “safety first”.

As popular and as accessible as the Internet is, it remains The Great Unknown. Keep your assets secure and protected by adding layers of security at every opportunity. Start by registering your domain as private.

Have you experienced any breach in security? Please feel free to share in the comments section. Let our readers know how you dealt with the situation and what you learned from the experience.

If you want to know more about our web design services and our Extreme WordPress Care Plans, please feel free to give us a call or an email.

Extreme WordPress care - what types of plans we offer

2018 was supposed to be a breakthrough year in cyber-security with the General Data Protection Regulation (GDPR). The GDPR is a regulation under the European Union’s (EU) Data Protection Law.

The objective of the GDPR is to provide safety, protection, and to maintain the privacy of data of individuals residing in the EU and the European Economic Area or EEA. The GDPR also takes into account the export of data outside the confines of the EU and EEA.

Yet, despite the implementation of the GDPR, many businesses and private individuals continue to become victims of cyber-criminals. During the first half of 2018, it was estimated that more than 4.5 Billion confidential information was lost to data breaches.

Among the biggest names among the list of cyber-crime victims included Marriott Starwood Hotels, MyFitnessPal, Quora, Cathay Pacific, British Airways, and Google. In addition, we found out that not even our online communities – our favorite social media platforms – were safe.

Social media giant Facebook had over 29 million of its private user information stolen.

To make matters worse, it was revealed that in 2015, 87 million Facebook users had their personal information compromised after a personality predictive app passed on their data to Cambridge Analytica, an analytics firm that figured prominently in then-Presidential hopeful Donald Trump’s campaign.

Why Is It More Important To Secure Your Data In 2019?

It is more important to secure your data in 2019 because cyber-criminals will be more aggressive and daring. They know businesses are too focused on improving sales and streamlining costs that data security has become an afterthought.

Ask yourself the following questions:

  • Does your website have a regular webmaster or developer who can run frequent audits?
  • Have you updated plug-ins and remove programs that you hardly use?
  • Have you changed your password?
  • Is your website covered by SSL or Secure Sockets Layer certificates?
  • Have you updated your website’s content and features?

If your answer to all or even just one of these questions is “No”, then your website is vulnerable to hacking and other forms of malicious cyber-attacks.

Always keep in mind that the Internet is made up of over a billion lines of code. These billion lines of code make data accessible to any cyber-criminal because they connect all systems on the Internet.

Cyber-criminals can and will use these lines of code to connect to your website and steal all of your data. All the criminals have to do is find openings that they can exploit.

Old and unused plug-ins, outdated antivirus programs and data protection systems, and the lack of any high-level data encryption program are just the openings the cyber-criminals are looking for.

It’s like a homeowner who leaves his house keys under the welcome mat or under the flower pot that is nearest the door. These are the first places thieves will look into before they break into your house and steal your possessions.

Taking a lackadaisical approach to cyber-security is that last thing you should do for your business. It is when you let your guard down that you become just another statistic – another victim of cyber-criminals.

6 Basic Steps To Take In Order To Safeguard Your Data

Keeping your website and other online accounts protected can be done by following a checklist of basic safety measures. Here are the 6 steps you can take to feel more secure about the integrity of your personal information:

1. Change Your Passwords Frequently

The password is the key to your website and other online platforms. If someone gets ahold of your password, that person can get inside your account and steal whatever data he/she can find.

However, unlike the key to your home or your office which can remain the same until its natural end, the same cannot be said about your Internet-based accounts. That said, people don’t like to change their passwords. In the first place, it is very hard to keep track of passwords.

According to a survey conducted by Keeper Security, 87% of respondents aged 18 to 30 reuse their passwords. The number is only slightly lower for those aged 31 and up at 81%.

This means for nearly nine out of 10 people, they use the same password for all of their online accounts. Thus, the cyber-criminal only needs to figure out one password to open all of the person’s assets.

Another eye-popping and head- scratching statistic is that 76% of respondents make a written record of their password!

It is absolutely important to change your passwords frequently. 60% of the respondents in the survey, claim to change their passwords every 60 days. If you can change them every month, so much the better.

The best way to keep track of your password is to use a Password Manager software program. You can read up on the benefits of a Password Manager in our article, “Why You Need A Password Manager Now”.

Lastly, give your password some thought before confirming it. Once you have a password in mind, run it through a program like How Secure Is My Password to have an idea of how fast a hacker can decipher it.

2. Get SSL Certificates For Your Website

SSL stands for Secure Sockets Layer. This is an encryption program that protects your data as it moves from browser to server.

It used to be the case that SSL certificates were only essential for e-commerce or online retailer websites because this type of website collects financial information such as credit card and bank account numbers.

Not anymore. Since last year, Google has included the SSL certificate as part of its search engine ranking factor. You can tell if a website is covered by an SSL certificate by looking at the URL. It is preceded by “https” instead of “http”.

Under Google’s new directive, all websites must be covered by an SSL certificate. Failure to do so will receive a warning from Google in the form of 2 words in your URL:

Not Secure.

Would you want to enter a website that is marked “Not Secure” by Google? At the very least, it would discourage the visitor from exploring the website further.

We have written extensively about the importance of having an SSL certificate for your website. A good resource is our article, “SSL Basics: Why You Need It To Protect Your Website From Hackers”.

If you want to secure your website with an SSL certificate, give us a call. We can do this for you. In fact, it is one of the services Mountaintop Web Design provides.

learn more about web design with coffee cup on desk

3. Schedule a Website Audit

As we mentioned earlier in this article, cyber-criminals can enter your website by exploiting its weak points. The most popular points of entry to your website are the outdated plugins and the programs that are hardly being used.

If you are using WordPress, you should be getting frequent reminders on which plugins can be updated. From our experience working with clients, these reminders can easily be overlooked because of their busy schedules.

This is the reason we wrote the article, “Extreme WordPress Care Plans: Why You Need Them And What We Can Do For You”.

We understand how hectic your daily schedule must be. It is possible that managing your website is not one of your core competencies. Even if it is, as a business owner, your time is best spent managing the core functions of your enterprise.

By signing up with one of our Extreme WordPress care plans, you will leave the responsibility of managing and auditing your website to us.

We will run frequent audits on your website to make sure the plug-ins are current and updated. We will give you professional, numbers-supported advice on which programs should be removed from your website.

If for some reason your website gets hacked, we will take care of it. For sure, you can sleep better knowing that your data has been backed up.

4. Patronize Only Trusted Sources

If curiosity can kill the cat, it can most certainly get your website compromised. The rule is simple. If you find yourself on a suspicious-looking website, don’t take any chances. Get out.

Sometimes, you will get a preliminary warning. The screen will turn red and a warning that the website is not secure and someone may be trying to steal your data will appear. When this happens, get out.

If you are doing research, patronize only websites that are generally considered trusted sources.

Your email can also be targeted by another brand of cyber-criminals. These are the cyber-criminals who like to go on phishing expeditions.

If you come across an email from an unknown source, delete it right away. The email may contain a link that when clicked, exposes your information to immediate theft. Definitely, do not click suspicious emails that have landed in your Spam folder.

5. Remove/Delete All Cookies

Cookies are programs that websites use so that you can have a better browsing experience. While most of these cookies are harmless, they can be used to get personal data such as browsing activity, lifestyle, and spending habits which the website owner will use to create its user profile.

As such, it is possible for cookies to secure highly-sensitive information about you and your clients.

Thus, to keep your PC or mobile device secure, make it a point to delete all stored cookies. You can do this directly from Chrome or use a software program that is designed to remove all cookies.

It is good practice to remove all cookies from your computer before calling it a night.

6. Keep Your Devices Separate and Distinct

If you use your PC for work, use your mobile device when transacting with banks and other online platforms that require confidential information.

Is it tedious? For some, yes. You may prefer to use just one computer for work and for storing financial information.

However, every little layer of security that you can add to your current data protection system will go a long way in ensuring the integrity of your accounts or website.


Data protection should be the priority of every business that uses the Internet in 2019 and beyond. The cyber-criminal is relentless. He/she will stop at nothing to get your assets.

The cyber-criminal feels no remorse and is not concerned with your present status in life. He/she is focused only on feeding his/her greed and will destroy your life’s work whenever the opportunity arises.

If you are concerned about the safety and integrity of your website, take our offer of a free 30-minute consultation. We will take you through the process of how Mountaintop Web Design can secure your website and other online platforms.

mountaintops - curious about websites- click here to learn more

When it comes to website security, a little bit of paranoia can be a good thing. With the number of cyber attacks growing every year, we strongly advise our clients to prioritize website security best practices. The usual behavior is to act after an attack has occurred. By then, it might be too late. The damage to your business may be beyond repair. Your website is always vulnerable to cyber threats. It’s not a question of “if”, rather, it’s a question of “when”.

Every day, cybercriminals are launching attacks on websites all over the Internet. Cybercrime has become a profitable industry. According to a study conducted by Hewlett-Packard, a cyber-attack can cost a company $7.7 Million in a year. The cost is double for an American company at 15.4 Million.

In 2017, a study by Norton revealed that 978 million consumers from 20 countries lost a total of $172 Billion to cybercriminals. The number is expected to hit $6 Trillion per year starting 2021.

Statistics on cybercrime from the University of Maryland showed that a website is being hacked every 39 seconds.

That website could be yours.

If you do not take a proactive position on website security, your website could be the next victim. Therefore, you must be aware of the areas where your website is most vulnerable to attacks.

Top 8 Website Vulnerabilities

A website can have several areas of vulnerability. In this article, we will discuss the 8 most common vulnerabilities that can be taken advantage of by hackers.

1. Injection Flaws

To put it simply, an injection flaw occurs when there is unfiltered data from the SQL server to the browser and to the LDAP server. In the process, hackers can steal your information by injecting their programs into these areas.

It is absolutely important to filter all data that your applications receive from all sources, especially those which cannot be trusted. And that is the challenge there – knowing with 100% certainty that the input or the source can be trusted.

For example, if your website received 100 inputs and you were able to filter 99 of them, does that mean your website is 100% safe? No, because the 1 input which was not filtered could be the Trojan horse that destroys your website.

It is a good idea to make sure your website’s filtering frameworks are routinely scrutinized and fortified as often as possible.

2. Broken Authentication

When you visit a website, be informed that it may contain session cookies. These cookies may have data that can retrieve sensitive information such as username, passwords, and account numbers.

Before you log out, make sure the cookies are invalidated. Otherwise, the data from the cookies will remain in your system.

A good example would be a person who uses a PC in a public network such as an Internet café may visit a website that contains such cookies. If the person fails to invalidate the cookies before logging out, the cookies will remain in the system.

A cybercriminal can visit the website, search for the user’s session and steal his/her private data.

You should likewise check the strength of your current system for authentication and session management.

3. XSS or Cross Site Scripting

Cross Site Scripting is related to Injection Flaws. XSS injects code into the application’s output for the purpose of manipulating a user’s browser. XSS grants hackers access to the user’s browser and steal valuable data such as passwords, usernames, and account numbers.

Website designers can fix the problem by not returning HTML tags to the user. This has the additional benefit of protecting the website from HTML injections whereby the cybercriminal injects annoying plain HTML content.

learn more about website design

4. Insecure Direct Object References

A direct object reference occurs when a file or database key is exposed to a website user. The problem starts when the reference originates from a hacker or an agent with malicious intent. If your authentication process gets bypassed or overcome, the hacker can gain access and manipulate your website.

The website’s password reset function can also be an access point for this type of vulnerability. For example, a hacker can simply modify or alter the “username” field in the URL and input a popular keyword like “admin”.

5. Misconfiguration of Security Network

It is not uncommon for applications and web servers to have security networks that have been misconfigured simply because there are several ways this can happen.

A debug function can be enabled while the application is running.
A directory listing contains key information; often sensitive data. It can be leaked out if the directory listing is enabled on the server.
Your website still uses or runs software that has not been updated.
Your PC contains applications and other services that are hardly used or not necessary.
Passwords and default keys are not changed.
Error handling information is visible to attackers.

6. Exposure of Sensitive Data

Every time someone goes on the Internet, they are vulnerable to cyber-attacks. If you are running an e-commerce website or one that requires sensitive information to be disclosed, no ifs and buts, sensitive data must always be encrypted.

This is especially true if you are handling user passwords and credit card data. These types of information should never be transmitted without encryption. Google has already started penalizing websites that do not have SSL certificates.

You can read our article about this topic on “Is Google Punishing Sites Without SSL Certificates?”

7. Cross Site Request Forgery

As the term implies, Cross Site Request Forgery involves misrepresenting your identity to a website that can grant access to data with monetary value. It should of no surprise that banks are usually targets of CSRF.

In the event of CSRF vulnerability, a third party will issue a request to the target website, for example, your bank. The third party can do this through your browser by using your session cookies.

If your bank is vulnerable to this type of attack and you are logged on to their website, another tab can lead to your browser misusing its credentials for the benefit of the hacker. The end result referred to as a “confused deputy problem” with your browser being the deputy.

A CSRF attack can have a hacker manipulate a transaction that can result in an unauthorized transfer of money from your bank account to the hacker’s account.

8. Maintaining Flawed Website Components

We briefly touched on this issue in #5. It is worth mentioning again the importance of making sure the apps and programs you use for your website are updated.

WordPress is the most popular Content Management System (CMS) on the Internet. One reason WordPress is commonly used is the massive number of plugins that are available. It is easy to update the features of your website.

However, some website owners are negligent on this responsibility. If you don’t update your plugins, these can become potential entry points for hackers. The same goes for apps and services that are hardly used.


Cybercriminals are always trying to stay ahead of cybersecurity measures. Like a common criminal, they will look for ways to overcome your defenses. They will study flaws in your website design and structure.

For sure, a cybercriminal will capitalize on your weaknesses and make you pay for your carelessness.

This is why several of our clients signed up for our Extreme WordPress Care Programs. Our clients can rest easy and focus on their core business tasks while we make sure their website is in perfect health.

We schedule frequent website audits and see to it that all security networks are in fine working order and all plugins have been updated.

If you want to learn more about how we can help secure your website, please do not hesitate to give us a call or to drop us an email. Let’s discuss the importance of website security over our free 30-minute consultation!

desktop with coffee cup - learn more about website design

Yes. Google is punishing websites without SSL certificates. Not only will not having SSL certificates mark you down in the search rankings. Google’s approach will negatively impact your trust rating with Internet users. Therefore, if your website does not have SSL certificates, take the necessary steps to get them as soon as you can.

The question is “Why?”

What Are SSL Certificates?

SSL is the acronym for Secure Sockets Layer. This is a program that encrypts data that is transmitted between a browser and a web server. When you submit information on a website, it will pass through different networks and servers before arriving at its destination point.

While your data is being transferred through the Internet, it can be intercepted by unscrupulous third parties. Having SSL certificates will let the recipient of the data know that the sender is a verified party.

Websites that have SSL Certificates will have the acronym HTTPS before their URL. HTTPS stands for HyperText Transfer Protocol Security. For Internet users, the “S” in “HTTPS” will tell them the website is secure.

In contrast, the standard URL that does not have SSL Certificates will be accommodated by the acronym HTTP.

We have written extensively about SSL in our articles “SSL: What It Is And Why Your Business Needs It” and “SSL Basics: Why You Need It To Protect Your Business From Hackers”. If you want to learn more about SSL, please take some time to read those highly-informative articles.

It used to be that SSL Certificates were recommended only for e-commerce sites and other websites which collected sensitive information from its users.

These types of sensitive information included numbers of credit cards, social security, driver’s license, bank accounts, and personal information such as birth dates, residential and email addresses.

With data theft and other cyber-criminal acts rising, Google wanted proprietors of e-commerce to prioritize getting SSL certificates for their websites.

In 2014, Google even tried to incentivize Web Masters to get SSL Certificates by including it as a ranking factor in its search algorithm. However, that did not seem to encourage enough websites to secure their data. Now, they have forced Google’s mighty hand.

Effective last July 2018, all websites that do not have SSL Certificates will be marked “Not Secure” by Google.

All websites. This means even websites that are not engaged in e-commerce or collect sensitive data are required to get SSL Certificates.

Why Google Demands SSL Certificates For Websites In Its Search Rankings

It is no secret that Google has always been big on User Experience (UX). From 2015’s “Mobilegeddon”, where Google required websites to become mobile-responsive to its guidelines on producing high-quality content, it is clear the search engine giant wants its users to have an amazing search experience.

Therefore, Google’s demand that all websites obtain SSL Certificates is an obvious next step to further improving UX.

Google has always clamored that the Internet should be a safe place for people to use. Especially in view of 2017 becoming a banner year for cyber-crime, Google wants all data traveling on the Internet to be secured. One of the best ways to secure data is through encryption.

Prior to the directive, websites that only had HTTP were identified with an icon of a white page. Web pages which obtained SSL Certificates had an icon of a padlock with a green lock to inform visitors that the site is secure. If there is something wrong with the HTTPS page, the visitor will see an icon of a padlock with a red letter “X” over it.

In its security blog dated 8 September 2016, Google shared its opinion that the current classification system did not reflect the actual risks of visiting HTTP websites. For this reason, Google decided to take its security campaign to the next level by having websites without SSL Certificates marked “Not Secure”.

According to Google, labeling websites without SSL Certificates as “Not Secure” is just the first step in its campaign to raise awareness of the importance of data security.

Newer versions of Chrome will mark websites as “Not Secure” even when you are browsing in “Incognito Mode”. Eventually, Google will identify all HTTP-only websites with an icon of a red triangle, the universally-recognized sign for “warning”.

web design - learn more here

Should You Get SSL Certificates For Your Website?

As the famous saying goes, “When Google sneezes, everyone catches a cold.” If Google requires all websites to get SSL Certificates, then yes, you should get them for your website.

The big question you might be asking is “Will not having SSL Certificates lower my website’s search rankings?”

The best way to answer this question is to simply state that as far back as 2014, Google mentioned that having SSL Certificates will be a ranking factor.

Given the fact that Google’s present directive is all-encompassing in that all websites should have SSL Certificates, it only signifies that transitioning from HTTP to HTTPS has become a priority factor in its search ranking algorithm.

Another reason why you should consider obtaining SSL Certificates is that it helps foster trust with your customers/ users.

Even if your website does not collect sensitive data, the idea of dealing with a site that is “Not Secure” will be unsettling with the visitor. For sure, he/she will have second thoughts. The probability of visitors abandoning your website will be much greater if it is labeled “Not Secure”.

If you’re still on the fence about getting SSL Certificates for your website, you should know that shifting from HTTP to HTTPS will improve your page loading speed.  

According to the page loading speed test, HTTPS pages load 334% faster than HTTP pages. Keep in mind that page loading speed is a ranking factor in Google’s search algorithm.

For the reasons that obtaining SSL Certificates for your website will present the following benefits:

  • Adds another layer of protection through encryption of data
  • Higher search rankings
  • Higher trust ratings from users
  • Builds your business brand
  • Improves website speed

Then you should take the necessary steps to shift from HTTP to HTTPS as soon as you can.


Google estimates that 50% of websites that load via desktop have SSL Certificates which is an all-time high. Many of the top ranking sites on Google such as Facebook, Amazon, Wikipedia, and Twitter are using HTTPS.

When Google first announced its decision to penalize websites without SSL Certificates in 2017, high-ranking, high-traffic websites like eBay, Microsoft, and CNN maintained their HTTP status.

As of the latest Google Transparency Report, these websites along with many others have complied and have shifted to HTTPS.

If you are thinking of getting SSL Certificates for your website, let us know. We can get this done for you. To be sure, drop us an email or better yet, give us a call. We’ll take you through the entire process of acquiring SSL Certificates.

mountaintops - curious about websites- click here to learn more

WordPress is the most popular content management system in the world. More than 500 websites are built daily using WordPress and it has been the most dominant CMS the last eight years. Overall, WordPress runs nearly 30% of all websites operating on the Internet.

There’s a reason for this; and that is because WordPress is easy to use. Business owners can manage content on their own. They have their choice of plugins which they can use to improve design and functionality. Google loves WordPress websites because its code makes site content easy to read and index.

However, technical issues can arise which could affect the performance of your website. For example, you may want to improve certain features such as its download speed, accessibility, and level of security.

It is no different than a physical office or retail outlet that wants to improve efficiency and security. It may improve the office or store layout and introduce stricter and more elaborate security measures.  

Improving site performance while enhancing security are good enough reasons for you to seriously consider getting an Extreme WordPress Care Plan.

What Are Extreme WordPress Care Plans?

Extreme WordPress Care Plans are customized sets of maintenance and repair options that have been put together by our web development professionals to help you manage and protect your website according to individual need and budget.

Continuing our analogy with a brick- and- mortar business, a physical office would hire professionals to cover its needs for security, accounting, legal expertise, cleaning and maintenance services.  

With your website, care and maintenance are best left in the hands of web development professionals who have the experience and expertise managing WordPress platforms.

What could happen if your WordPress website does not undergo regular care and maintenance procedures?

  • Your website will not function properly, which will make it difficult to access, also site speed speed and security could be compromised.
  • Your message queue has grown considerably and you have a backlog of comments to attend to.

None of these incidents can be good for business. Instead of becoming a platform for development, the website has made it difficult for you to build business.

Our Extreme WordPress Care and Maintenance Plans have been proven effective and highly successful in ensuring the performance of our clients’ WordPress websites.

Let’s find out what our clients have to say about our Extreme WordPress Care and Maintenance Plans:

Testimony No. 1

Client – Randy Bowman

Website – www.sqrdup.com

“I was very concerned about SSL security. As an online retailer, I wanted to make sure customers would feel very confident and assured when using our site. We were paying another company a lot of money for untold hours of work that did not meet expectations.

I was about to give up until Josiah and the team at Mountaintop advised us to sign up for their Extreme WordPress Care Plan. Josiah suggested we give the plan a try. We did and it was the best decision we ever made for website security.

It is great! I don’t have to think about this part while going about my busy days! Life and work are so much easier! Mountaintop’s Extreme WordPress Care Plan is fantastic. It takes all the worry off my shoulders.”

Testimony No. 2

Client: Christy Smith

Website: halloweeneventsco.com

“As a first-time owner of a business website, I needed to know my site was well-maintained and secure. Purchasing the Extreme WordPress Care Plan was a no-brainer. Everything is done in a timely manner and what is promised is exactly what you get!

The work Mountaintop does is amazing! I am very satisfied with their excellent customer service and how they have taken care of my website. If you want to secure and protect your website, sign up with Mountaintop’s Extreme WordPress Care Plan.

The prices are very reasonable and Mountaintop goes the extra mile to make sure you get your money’s worth. Mountaintop has the experience and expertise to make sure your website is running and functioning properly.

Most of all, you will have peace of mind knowing your website is safe and sound under experienced and expert hands. I highly recommend their services to anyone who needs a website designed and managed.”

Testimony No. 3

Client – Lynn Ann Huizingh

Website – www.swshelternetwork.com

“Our previous web provider was very frustrating to work with. It was a difficult website to update and frequently I could not figure out how to do what I wanted to do. Customer service took more than 48 hours to hear from and they very rarely answered my question.

I spent hours trying to get done what I wanted to do and it didn’t always work like I thought it should.

After building a website with Mountaintop, we decided to sign up for Mountaintop’s Extreme WordPress Care Plan. It has been a totally different experience! The design process was fun and easy for me because Josiah is so easy to work with.

I never heard, ‘I can’t’. I have often heard, ‘Let me check into how we can make that happen’, although he already knew the answer. Josiah has the ability to point out the rare problem before I noticed it. He would fix it and tell me after what happened and how they approached the problem.

Updating content is so much easier! If I wanted some pages and the format updated, Josiah is just one email away and he would give updates within a 24-hour period.

The plans are also very affordable. We set up an auto-pay system so we don’t have to worry about paying the monthly fees on time. The coverage of our plan included support for web updates and coaching.

So grateful! I highly recommend signing up with Mountaintop’s Extreme WordPress Care Plan.”

Extreme WordPress care - what types of plans we offer

FAQs: Extreme WordPress Care And Maintenance Plans

Q: We’ve come across other companies that offer WordPress care plans. Why should we go with your company?

Testimonies are the most powerful forms of validation. As you have read from 3 of our clients, they are very happy with their decision to sign up for our Extreme WordPress Care Plan. We can assure you of our expertise in website management and excellent customer service as proven by our large number of loyal customers. With Mountaintop, we provide high-value service for only a small monthly cost.

Q: Once I sign up for your WordPress care plan, what are the next steps?

When you are ready to take the next steps, let us know and we can setup a website evaluation. We typically charge $150 for one of these website evaluations as we like to dig into the website to see what is going on.

As part of the evaluation, we will give you a report containing information like a list of pages & posts, users by security level, plugins, themes, speed of your website, possible security issues like malware, broken links, Google’s mobile friendly test, Domain authority, and we make backups of the site.

We will also include our recommendations on how to make the website faster and better overall. We want to make sure we have your website needs covered from start to finish. Once your website goes live, we will work to keep it secure, up to date and functioning properly.

This way, we can keep track of your site’s performance and become more accountable for the work we’ve done for you.

Q: What kinds of security measures do you provide?

We work hard to stay on top of current WordPress website best practices. We use a combination of plugins/code/server changes that make your website stronger against potential attacks.

We also run regular backups of your site as well as malware scans as another line of defense. We want to make sure we can identify potential vulnerabilities and have them addressed as soon as possible. You can be assured that if something goes wrong, we are ready to take care of the situation before it becomes a full-blown problem.

Q: Can you manage e-commerce websites?

Yes, on the top two care plans we work with “WooCommerce”. If your website uses another ecommerce platform, get in touch with us and we can discuss requirements.

Q: I have multiple websites. How would you manage them?

Managing multiple websites will not be a problem. We have the experience, expertise, and professional know-how of using the correct tools and processes to manage and monitor multiple websites for many of our clients.

Q: Are you particular about the web host services provider or can you work with anyone?

We prefer a host that allows us to have the most access to the hosting platform. We work quite a bit with GoDaddy and that is our preference, however we do work with lots of platforms. These Extreme WP Care Plans are not limited to a single platform.

Q: Can you fix a hacked website?

This one is tricky. Yes, we definitely can. However, depending on how bad a website has been hacked there might be extra work to get the website safely operational before the Care Plans can maintain it.

Please note that we will fix hacked websites if they are on our care plan (prior to being hacked) at no additional cost.

However, if a website that is being moved over to us for care has been hacked, we would probably have to charge you to have the site cleaned first. For the purpose of transparency, we will provide an estimate before we cleaning the website.

Q: What are your standard response time and turnaround time?

The standard response and turnaround time is 24 to 72 hours. However, we do our best to respond within 24 hours. This would be contingent on the amount and level of clarity of the information that is given to us.

Q: Are your services available 24/7?

We have hosting support that is available 24/7 for technical issues. With our WordPress Extreme Care Plans, we will not rest until your website is working properly!

We work hard to keep those going. If you have questions, you are free to email us at any time. Mountaintop has a global team working round-the-clock to make sure all of your concerns are addressed right away. However, as we are a smaller organization, we might not be able to get back to you for inquiries or concerns sent at 2:00am.


As a business owner, having a website is a step in the right direction. By going online, you can reach out to a wider market of potential end users of your products and services.

Your marketing and promotional strategies will have a larger ocean to cast its net; an ocean of more than 3.5 billion daily Internet users. A website will help you grow your business by capitalizing on opportunities available on the Internet.

But just like how a brick- and- mortar business goes through maintenance and repair issues, your WordPress website likewise needs regular care. Even if you had the time to monitor your website, time is a valuable asset that is best spent managing the core business of your enterprise.

Sign up for our Extreme WordPress Care Plans and leave your site’s management to us. We will monitor your website so you can successfully go about your obligations to work and family. If there is a problem, we will take care of it and send you a report detailing the issue and how we fixed it.

If you have any questions about our Extreme WordPress Care Plans, please do not hesitate to give us a call or an email. We will get back to you right away!

Contact us today by filling out our form to learn more about our Extreme WordPress Care Plans!

Extreme WordPress care - what types of plans we offer

Cybercriminals are becoming increasingly aggressive. In the first 6 months of 2017, we’ve seen mounting evidence of state-sponsored ransomware, leaks of spy tools from U.S. intelligence agencies, campaign hacking and more daring attempts at stealing confidential information from private corporations and small businesses.

Google has mandated that websites (especially those engaged in ecommerce) should get SSL Certificates not only for security purposes but also to improve their SEO rankings. The search engine giant has included SSL as a factor in its search algorithm since 2014 but it has become more important with the updated version of Google Chrome.

But these cybercriminals will never stop because hacking has become a lucrative profession. They work round-the-clock to stay ahead of the latest security protocols including SSL Certificates.

Yes, cybercriminals have found ways to circumvent the filters provided by SSL Certificates. Still, SSL remains a vital component in your data protection and security checklist.

If your website procures confidential information or stores valuable data such as a subscriber or user base, you should get SSL certificates. But it is not enough to simply have the certificates. You must manage them responsibly.

SSL Encrypted Malicious Attacks are Rising in Frequency

Cybersecurity firm Zscaler reports that from January to August of 2017, it encountered 8.4 Million malicious attacks through SSL encrypted traffic. 7% of the malicious software or 600,000 were categorized by the company as “advanced threats”.

Zscaler also identified an average of 12,000 phishing attempts per day that bypassed the encrypted protocol. This number represents an alarming 400% increase from 2016.

According to Zscaler’s Senior Director of Security Research and Operations, Deepen Desai, hackers are using SSL as a way to conceal device infections, data exfiltration and to control communications.

SSL works to ensure the security of network traffic within an enterprise. It sits between the users and the Internet; inspecting every byte that traverses online traffic including those that have encryption. This way potential threats are intercepted before they can do damage to your network.

If you want to learn more about SSL Certificates, you can refer to our article “SSL: What It Is And Why Your Business Needs It”.

What has caused the increase in SSL- encrypted cyber crime? It is basically the natural process of adaptation.

SSL Certificates had become highly effective in stopping website infiltrations and malicious attacks. This means that the cybercriminals simply had to develop new technologies that would enable them to sidestep the security filters.

Another cyber security firm, Venafi reported that over the past year alone, 90% of IT firms in the United Kingdom saw a higher than 25% increase in the use of encryption solutions.

Venafi surveyed more than 500 companies that had employed at least 1,000 personnel. The survey covered companies located in the United Kingdom, Germany, France and the United States so Venafi could better understand the different ways encryption certificates are being used.

The interesting statistic uncovered by the study was that 90% of the CIO’s of the companies surveyed revealed that they were already attacked or at the very least under threat by malware concealed within the certificates.

Venafi concluded that the rise in malicious attacks through encryption had a direct relationship with the increase in the use of certificates. The reason?

Companies that acquired the SSL did not manage the keys and certificates responsibly.

Basically these companies lost track of how many certificates and keys they owned leaving many sites vulnerable. They unwittingly opened doors for hackers to sneak in and manipulate the certificates to suit their own selfish needs.

 The SSL Process

Let’s take a look at how the SSL process works in order to have a better understanding on why it is important to manage your SSL Certificates responsibly and make sure they are updated.

The SSL process involves authentication and data encryption. Given the volume of activity on the Internet, encryption is very important to ensure all data packets are protected during transmission.

The problem in the SSL process usually lies in authentication which covers the digital certificates.

What is a digital certificate?

It is essentially a data file which contains key information about the website’s certificate holder. The digital certificate is used to verify the authenticity of the website. Among the information indicated in the certificate are:

  • Web server’s host name
  • Issue and expire time
  • Public key for the web server

This is what a digital certificate looks like:

Image from https://www.techrepublic.com/blog/data-center/ssl-tls-certificates-what-you-need-to-know/

There are 2 types of certificates: trusted and untrusted.

Trusted certificates reside on the web browser and are signed by a recognized Certificate Authority (CA) which is an entity that is authorized to sell certificates. Untrusted certificates are self-signed and require manual installation on the web browser.

For purposes of this article, we will only focus on the process covering trusted certificates.

These are the steps involved during a web server/ web browser certificate exchange:

  1. Open your browser and type in a URL.
  2. The web server of the URL will receive the request for the website or web  page.
  3. The web server will respond by returning the certificates to your web browser.
  4. Your web browser will conduct a number of inspections such as expiration of the certificate and hostname on the certificate.
  5. Your web browser will notice the certificate from the website was signed with the CA’s private key.
  6. Your web browser will immediately check its certificate database if it has the CA’s certificate information.
  7. Once the certification information is found, your web browser will use the public key to validate the signature on the certificate sent by the website.
  8. If the certificate signature has been validated, your web browser will know the CA can be trusted. It will now also trust the web server of the website.

From this process summary, you can see why it is important to have your certificates updated. In step number 4, the expiration date on the certification will be checked and validated.

If your SSL Certificates are expired, your site is vulnerable to infiltration and other forms of malicious attacks.

As we mentioned in our previous article “SSL Basics: Why You Need It to Protect Your Website from Hackers”, the most common mode of attack is for hackers to upload a listening program on the web server. Once you type in your confidential information, the program will capture it and send it back to the hacker.

Getting SSL Certificates for your website is a definite step in the right direction. But acquiring protection is one thing; making sure it is implemented and running 24/7 is another.

If your website provides your bread and butter, you should do everything within your power to protect it from anyone with bad intentions. The Internet is rife with opportunities and opportunists. One act of carelessness or irresponsibility may be all it takes to destroy everything that you have worked hard for.

Would you spend a fortune on a home then disregard the value of a comprehensive insurance plan? Acquiring SSL Certificates is your insurance plan for your website. But it will have no value once it is expired.

What You Can Do

At this point; and after 3 articles, we hope we have made our position very clear:

If your website requires users to disclose confidential or personal information, you should secure it with SSL Certificates.

Then take the time to make sure these certificates are managed effectively.

Is there a way to ensure the integrity and effectiveness of the certificates? Yes by acquiring them from a reputable CA and have it managed by a third party service provider you can trust.

Mountaintop Web Design can offer you both! We are authorized to sell SSL Certificates and we can manage these for you so that you can dedicate all your time and energies squarely on your business.

We’ve installed and kept the certificates updated for our clients. Never lose sleep at night thinking cybercriminals are hatching diabolical plans to steal your data.

If you want to know more about the SSL Certificates we offer, please give us a call or drop an email. We will get back to you as soon as possible because we understand that every second your website remains exposed, the risk of long term and large scale damage becomes greater.