12 Easy Steps to Improve WordPress Site Security – Simple and Clear

12 Easy Steps to Improve WordPress Site Security – Simple and Clear

12 Steps to follow in order to Mitigate, Restore and Monitor a WordPress Site Under Phishing or Hacking

Deceptive Site AheadWhat is phishing?

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

What is Hacking?

Simply hacking is a general terms explaining the website that is accessed by a none legitimate person and take control of it either physically or by remote means. Phishing can be the type of hacking. A hacker can do anything when he/she have control of your website.

How is phishing implemented?

Phishing is implemented in numerous ways or methods one of them is website content injections. Foreign contents with decisive WebPages that trick web visitors to leave their valuable information in exchange of bonuses or other reasons like pay fee for expiring online services etc. When a victim visit the URL and fill the information, the attacker will use those details to do the actual crime like entering to PayPal account and draw money from the victim account etc

What to do in Order to Mitigate, Restore and Monitor a WordPress Site Under Phishing or Hacked?

Mitigating the Site

Step #1: Make sure you always use a clean and protected computer to login to the server (malicious cookies, keylodgers, spayware and viruses can snick to the server and feed vital information to the attacker )

Step #2: Backup the database

Step #3: Regular cleaning and optimizing wordpress database, use cpanel or install WP-Optimize By David Anderson, Ruhani Rabin, Team Updraft

Step #4: Change the password to stronger passwords both for database, cpanel and CMS

Step #5: Update all plugins and theme and deleted unwanted ones or the scripts with no updated over six months

Step #6: Secure and prevent editing of php script, web directories and important files like htaccess and wp-config.php files

Step #7: Change login URLs, administrator usernames, database names and usernames to access database plus changing the table prefix to the harder ones

Restoring the site

Step #8: Deleted manually all foreign folders, files suspected for phishing, any useless scripts plus old site backups as those may create loophole to attack the website

Step #9: Remove wp-admin and wp-includes core folders and related wordpress core files in root folder except wp-config.php and htaccess

Step #10: Upload fresh and current copy of the deleted wordpress folder and files wp-admin and wp-includes core folders and wp-config.php and htaccess

Monitoring the Site

Step #11: Install security monitoring and notification systems for file change within your server – recommended plugin for this is Wordfence Security – Firewall & Malware Scan by wordfence, there are other very effective script for wordpress to use. Google Search console (formerly known as Webmaster Tools) is another wonderful tool for security and Google blacklist removal

Step #12: Make sure your website is visited and scanned regularly for malware (at least once per week) using https://sitecheck.sucuri.net and other effective systems like wordfence, sucuri

Conclusion and Recommendations

CMS are the most affected by cyber attack because of the backend and database where  attacker can deploy the security hole found in poorly coded scripts and those which are outdated but still in use by issuing malicious command to the server.

On the other hand, CMS offer robust and professional features, look and feel of the website that match the current market and user demands. The only way to benefit from these advantages is to secure and monitor closely your website.

The website owners are strongly advised to use the experience professional in terms of cyber security and the related phenomena in order to ensure that the issue is correctly mitigated and monitored. Leaving the website to the hands of the inexperienced and novice webmasters may lead to more problems and costs instead of alleviating them.

We at InfoCom Center Limited posses enough experience of more than 10 years dealing with cyber security on CMS websites specifically securing and optimizing WordPress sites.  The tips in the article above is the result of such experience and expertise.

We highly urge you to entrust us your website for maintenance and security day to day duties. When the website is on our hand, you will stay victoriously at peace channeling your valuable time and skills to other profitable strategies and activities instead worrying about website of and on everyday. Leave all the hassle work of maintaining and restoring hacked websites to us.

Visit SEO and Website Maintenance Page to learn more about our website maintenance packages

Email Spamming/Flooding Security

How do you know you are spamming emails?

  1. Returned (bounced) emails flooding to your inbox
  2. Your Hosting provider will be shutting down your site

Common Causes: allowing a Spammer to use your outgoing mail server:

  1. Compromised Passwords (using weak passwords)
  2. Compromised Programs on your server space (normally through email sending programs)

Scripts that are commonly compromised:

  1. Tell a Friend
  2. Newsletter Mailouts
  3. Bulk Email Programs

Why your Hosting Provider will shut you down:

To offer competitive pricing on hosting, a shared server is used. The Hosting Server runs off one IP address. Spam emanating from an account on this server is identified by its IP address.

DNS Blacklist servers have lists of IP addresses of known spammers. If your Hosting Server gets its IP blacklisted because of spamming, it effects all of the accounts on that server. The result is legitimate emails will be bounced because of the poor reputation of that IP. A server Administrator has no option but to shut the offending account down until the spamming problem is rectified.


BULK EMAIL : is allowed  is 100 per hour or 1,000 per day

DEFAULT EMAIL ADDRESSES – cPanel – Default email account is normally used for spamming

Catch All default email addresses are wonderful collectors of spam. This is because they let any email through with the address (anything)@yourdomain.com.

An easy and effective way to cut down spam is to specify forwarders or mailboxes.
This means that an email that is correctly addressed, specifically for you, is either forwarded to you ISP email address or held in your Mail Box on your server space.

All other emails that are incorrectly addressed to your domain can be then discarded.

The directions below apply to those servers that operate cPanel.
www.(yourdomain).com.au/cpanel
Login :
UserName: yourusername
PassWord: youruserpassword

Click on Mail
In Mail Manager Main Menu,
Ensure that you have a mail forwarder for each of your exact email addresses.
or
set up a POP3 Mailbox for each of your exact email addresses.

Click on Set default address
Enter ‘:Fail: no such address here’ to discard all mail that is not correctly addressed

This means that all incorrectly addresses emails (they constitute the bulk of spam) will be deleted whilst the correctly addressed emails will get through to you.

PREVENTATIVE

Change to email addresses that are not on the internet.
Do not use a common prefix like admin, support, info etc.

New websites should not have plain text email addresses displayed either on the page or in the coding of the page.  There are various java scripts and php scripts available to encode your email address.

If you have a spambot filling in your forms, you may need an image verification to prove that a human is trying to send information to you.

 

Free SSL Certificate for Website Secure Connection

Free SSL Certificate for Website Secure Connection

Dear all website owner webmasters and web designer

The recent Google algorithm required that websites should run in a secured mode in order to rank higher in Google search results. A secure mode is the website running using https:// protocol

SSL certificate limit in a greater percentages the possibility for website hacking and illegal access to the sensitive administrative areas. These areas include website control panel and in cms backend areas.

The latest cyber security survey shows that at least 90 websites out of 100 suffer some sort of cyber attack including hacking and phishing.

To address the cyber insecurity, the latest cPanel update (58) support and provide the option for you to use a free SSL certificates in your website.

The SSL certificate is issued by:

Common name: cPanel, Inc. Certification Authority
Organization: cPanel, Inc.

And the CA is being signed by Comodo one of the leading brands when it comes to SSL certificates and overal Cyber security:

Common name: COMODO RSA Certification Authority
Organization: COMODO CA Limited

The SSL certificates are being issued with a 90 days lifespan and will be renewed and reinstalled automatically one week before expiration. No actions are required by you.

While the SSL certificates are being installed absolutely automatically without any need of your interaction, website owner webmasters and or web designer will need to force an HTTPS:// connection over HTTP://

The easiest way to implement this is by editing or creating a .htaccess file into the root domain folder normally “public_html”. Please see the htaccess.txt file for the contents of the .htaccess file you will need to input.

RewriteCond %{SERVER_PORT} ^80$

RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

A website url running in a secure mode appear when an https:// protocol preceded the domain with or without www. A website running in an insecure mode will always exclude an https:// protocol

Free SSL Certificate for Secure Connection

A website url running in a secure mode appear when an https:// protocol preceded the domain with or without www.

Do you feel you cannot implement this requirement, please use your inhouse webmaster or web designer/developer or you can contact us and we will be glad to save you.

Save

Save

Reasons to why website is suspended by web host

Unsettled Bills

A website can be suspended due to unsettled bills related to that domain or website. It can be web hosting annual fee, domain registration fee, the website design charges not paid or other critical reasons

Violation of server terms and conditions

The website can also be suspended if it violates server terms and conditions. These terms vary according to the host but common ones are:

  1. Email spamming
  2. Server resource over usage eg. Over CPU usage, physical memory over use, Virtual memory over use, too many processes normally over ten (10) processes etc
  3. It can also can be suspended if it is under attack or hacked. The hacking can originate from admin or backend access, database injection or cross platform scripting.

How is the website attacked?

Backend or Administrator access

The access through the backend are normally caused by using either weak password, common words, and easy to guess usernames.  

SQL Injection

SQL injection is a code insertion method, used to attack database-driven web applications, in which evil SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

Cross-site scripting -XSS

Crosssite scripting (XSS) is a kind of computer security hole typically found in web applications. XSS allows assailant to insert client-side scripts into web pages viewed by other users.  This is normally used for phishing, stealing users important information like passwords and credit card numbers

Bugs

scrip bug is an error, flaw, failure or fault in a web application that causes it to allow attacker insert harmful codes/commands to that applications  

Poor coded scripts

Poorly coded scripts in many cases originate from students who are still learning or from developers with insufficient coding skills and experiences. The poor coded scripts can also originate from pre release software or beta

Cross-Site Request Forgery (CSRF)

Cross-site request forgery is abbreviated as CSRF is a type of harmful exploit of a website where unlawful commands are sent from a user that the web application trusts.

DDoS Attack

A distributed denial-of-service(DDoSattack takes place when multiple systems flood the bandwidth or resources of a targeted server, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.

Server security misconfiguration

Security Misconfiguration arises when Security settings are defined, implemented, and maintained as defaults. Good security requires a secure configuration defined and deployed for the application, web server, database server, and platform.

Email spamming

There are two types of email spamming

  1. Bulk emails are sent to your email server from unanimous senders
  2. Bulk email are sent to third parties in bulk via your email server by spoofing means

How to protect your website from Attacks

Backend or administrator access

Always use difficult to guess usernames and strong passwords. Password from 8 and above characters that contains at least 4 character types from Capital, small letters, numbers and special characters can reduce the risk.

Parallel to this deploy to your website login attempt limiters and firewalls. This can reject all dictionary or related bots that guess your username and passwords.

Implement also webmaster reporting mechanism if something changes from your website. You may go far by limit logins from know IP addresses or countries. If you don’t have any deal to specific country, then block your website from appearing from those vulnerable countries. If at all you don’t need public presence then block search engine bots and any other bots from visiting your website

SQL Injection

You may need to use difficult to guess usernames and password for your database.  Password from 8 and above characters that contains at least 4 character types from Capital, small letters, numbers and special characters can reduce the risk. Implement webmaster reporting mechanism if something changes from your database. You may go far by limit logins from know IP addresses or countries. If you don’t have any deal to specific country, then block your website from appearing from those vulnerable countries. If at all you don’t need public presence then block search engine bots and any other bots from visiting your website

Cross-site scripting -XSS, Bugs,

Buy scripts from reputable and known providers. Avoid cheap scripts. Also deploy backend security mechanism as described above. For script with bugs that are from known genuine vendors or developers, pl;ease make sure you immediately update all outdated scripts or uninstall if the vendor did not release the update patch on time    

Poor coded scripts

Buy scripts from reputable and known providers. Avoid cheap scripts. Also deploy backend security mechanism as described above

Cross-Site Request Forgery (CSRF)

Always deploy security monitors, scanners and blockers for unauthorized outbound and inbound communications

Server security misconfiguration

Check your server configuration regularly and if any misconfiguration detected correct it and or communicate to the server admin/ tech personnel for correct configuration. In many cases let the web server have the optimal security setting

DDoS Attack

  1. The best way to stop DDoS Attack is tto use the web application Firewall
  2. Monitor the DDoS Attack continuously in order to device the better option of preventing the attack

Email spamming

There are two types of email spamming

  1. Bulk emails are sent to your email server from unanimous senders
  2. Bulk email are sent to third parties in bulk via your email server by spoofing means

Protect bulk emails spamming from unanimous senders

For the first case you can use mails assassin

To enable SpamAssassin in cPanel, follow these steps:
  1. In the Mail section of the cPanel home screen, click Spam Assassin™.
  2. Click Enable Spam Assassin.
  3. To enable auto-deletion of spam messages, select a score level under Filters, and then click Auto-Delete Spam.

Protect bulk emails spamming via you email server

For the second case you can use SPF or disabling PHP Mail function in cpanel

Using SPF to control email spoofing and phishing

Adding an SPF record to your DNS zone file is the best way to stop spammers from spoofing your domain. In addition, an SPF Record will reduce the number of legitimate e-mail messages that are flagged as spam or bounced back by your recipients’ mail servers.

This is an easy way to control phishing and email spoofing.

Disabling PHP Mail function in cpanel

  1. While in Cpanel go to Software section
  2. Select PHP Version
  3. Switch to PHP Options
  4. in send mail path select /bin/true
  5. Then click apply and save the PHP setting

How to avoid website suspension?

Pay bills ontime

Always pay your bills ontime. In order not to miss when you are required to pay your bills do the following:

  1. Give your web host the emails that you commonly use and are active. If the emails is not in use immediate report to the web host for emails replacement and it is recommended to always provide extra email and phone
  2. You may need premium notification services like those that uses sms notification if you do not frequently use you email
  3. Request the web host to notify the next bill at least 60 or 30 days before
  4. Set your phone, tablet or computers to notify you before the deadline. You can even use email functions like calendar from your emails or third party websites
  5. If your website is an important asset to you or your business, plan always to pay longer payment plans

Monitor your website security

After you have secured your website, it is not the end, monitor the security of your website within your website or from third party services. The third party services common one is www.CloudFlare.com, www.websitedefender.com, www.wix.com, www.verisign.co.uk, www.uptimerobot.com etc For more websecurity info go to http://seo.co.tz/website-security-management-for-seo/

Infected Sites Blocked by Google

Google can detect if your webpage/site is infected. If this happen, Google block all infected sites and sometime remove from the bot indexing schedule

A website can be hacked and injected with JavaScript redirect malware to another malicious site. Some pages of the website may be hacked and that a JavaScript is injected into your site by a third party and may be used to redirect users to malicious sites,” the common inserted code look like this one  “eval(function(p,a,c,k,e,r)”. The code can be inserted in HTML, JavaScript or PHP files.

Websites were also warned that server configuration files can compromised. Your site can be cloaking and showing the malicious content in certain situations. It is important to remove the malware and fix the vulnerability to protect site visitors. Webmasters were also urged to keep their software up-to-date and to contact their Web hosts for technical support.

How website are Hacked?

  1. Weak password
  2. Database injection
  3. Outdated scripts
  4. Pirated scripts

The password may be weak if it has the following attributes

  1. Short eg less than 6 characters
  2. Mono characters, eg small letters, capital letters, or numbers only
  3. Contain mainly English or popular terms eg names of big cities, streets, popular names, and any English and other remain international languages preferably English

We urge webmasters and users to use passwords from their native languages and must be unpopular words or use random characters not less than 8 in the following manner

Example of good password:

1D5f9&MoxI

The above password contain:

  • small letters = 3
  • Capital letters = 3
  • Special characters = 1
  • Numbers = 3
  • Total characters= 10

Example of bad password

1989 (It contain numbers only, short only 4 characters)

Grace (it contain letter only, the name is so popular, English word, short only 5 characters)

What to do if site infected!

  1. Quarantine your site
  2. Assess the damage
  3. Clean up your site
  4. Ask Google to review your site

Download your website including its database and emails any thing associated with.

Delete the hosted account and recreate again

Scan the website using antivirus like Kaspersky, Bitdefender, Norton, Avira to asses the degree of infection. Clean up the detected malicious code/scripts/Trojans.

Upload your website and  scan using website security tools to detect the remained infection and webpages affectedall. Use the website listed below for infection check up

Ask Google to review your website by

 

Reasons Why Your IP Address Have Poor Reputation

There are a number of reasons to why your IP address may have been listed by Barracuda and other listing directories as having a poor reputation.

The reasons includes:

  • The email server at your IP address contains a virus and has been sending out spam
  • The email server at your IP address may be configured incorrectly
  • The PC at your IP address may be infected with a virus or botnet software program
  • Someone in the organization at your IP address may have a PC infected with a virus or botnet program
  • Your IP address may be a dynamic IP address which was previously utilized by a known spammer
  • The marketing department of a company at your IP address may be sending out bulk emails that do not comply with the CAN-SPAM Act.
  • Your IP address may have a insecure wireless network attached to it which could allow unknown users to use it’s network connection to send out bulk emails.
  • In some rare cases, your recipients’ Barracuda and other directories Spam Firewall may be misconfigured

Pin It on Pinterest