12 Easy Steps to Improve WordPress Site Security – Simple and Clear

12 Easy Steps to Improve WordPress Site Security – Simple and Clear

12 Steps to follow in order to Mitigate, Restore and Monitor a WordPress Site Under Phishing or Hacking

Deceptive Site AheadWhat is phishing?

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

What is Hacking?

Simply hacking is a general terms explaining the website that is accessed by a none legitimate person and take control of it either physically or by remote means. Phishing can be the type of hacking. A hacker can do anything when he/she have control of your website.

How is phishing implemented?

Phishing is implemented in numerous ways or methods one of them is website content injections. Foreign contents with decisive WebPages that trick web visitors to leave their valuable information in exchange of bonuses or other reasons like pay fee for expiring online services etc. When a victim visit the URL and fill the information, the attacker will use those details to do the actual crime like entering to PayPal account and draw money from the victim account etc

What to do in Order to Mitigate, Restore and Monitor a WordPress Site Under Phishing or Hacked?

Mitigating the Site

Step #1: Make sure you always use a clean and protected computer to login to the server (malicious cookies, keylodgers, spayware and viruses can snick to the server and feed vital information to the attacker )

Step #2: Backup the database

Step #3: Regular cleaning and optimizing wordpress database, use cpanel or install WP-Optimize By David Anderson, Ruhani Rabin, Team Updraft

Step #4: Change the password to stronger passwords both for database, cpanel and CMS

Step #5: Update all plugins and theme and deleted unwanted ones or the scripts with no updated over six months

Step #6: Secure and prevent editing of php script, web directories and important files like htaccess and wp-config.php files

Step #7: Change login URLs, administrator usernames, database names and usernames to access database plus changing the table prefix to the harder ones

Restoring the site

Step #8: Deleted manually all foreign folders, files suspected for phishing, any useless scripts plus old site backups as those may create loophole to attack the website

Step #9: Remove wp-admin and wp-includes core folders and related wordpress core files in root folder except wp-config.php and htaccess

Step #10: Upload fresh and current copy of the deleted wordpress folder and files wp-admin and wp-includes core folders and wp-config.php and htaccess

Monitoring the Site

Step #11: Install security monitoring and notification systems for file change within your server – recommended plugin for this is Wordfence Security – Firewall & Malware Scan by wordfence, there are other very effective script for wordpress to use. Google Search console (formerly known as Webmaster Tools) is another wonderful tool for security and Google blacklist removal

Step #12: Make sure your website is visited and scanned regularly for malware (at least once per week) using https://sitecheck.sucuri.net and other effective systems like wordfence, sucuri

Conclusion and Recommendations

CMS are the most affected by cyber attack because of the backend and database where  attacker can deploy the security hole found in poorly coded scripts and those which are outdated but still in use by issuing malicious command to the server.

On the other hand, CMS offer robust and professional features, look and feel of the website that match the current market and user demands. The only way to benefit from these advantages is to secure and monitor closely your website.

The website owners are strongly advised to use the experience professional in terms of cyber security and the related phenomena in order to ensure that the issue is correctly mitigated and monitored. Leaving the website to the hands of the inexperienced and novice webmasters may lead to more problems and costs instead of alleviating them.

We at InfoCom Center Limited posses enough experience of more than 10 years dealing with cyber security on CMS websites specifically securing and optimizing WordPress sites.  The tips in the article above is the result of such experience and expertise.

We highly urge you to entrust us your website for maintenance and security day to day duties. When the website is on our hand, you will stay victoriously at peace channeling your valuable time and skills to other profitable strategies and activities instead worrying about website of and on everyday. Leave all the hassle work of maintaining and restoring hacked websites to us.

Visit SEO and Website Maintenance Page to learn more about our website maintenance packages

WordPress Expert in Tanzania

We are experts in WordPress system in Tanzania and we happily deal with these areas:

  1. WordPress installation, configuration and troubleshooting
  2. Theme design, installation and configuration
  3. Web content creation, design to achieve customer branding and easy user experience
  4. Web content optimization for high speed and good SEO
  5. SEO configuration using SEO by Yoast and All in one SEO plugins
  6. WordPress automated task like auto blogging, auto sharing, auto posting, etc
  7. WordPress site speed optimization using WP Total Cache and CloudFlare integration
  8. Security configuration and hardening to avoid website failure, phishing and any any other attack
  9. WordPress site audit (analysis) and consultation plus free advice
Web Hosting Plans Tanzania

Web Hosting Plans Tanzania

We offers 3 main web hosting plans at budget price which are: basic plan, premium plan, unlimited plan.  All the plans come with free domain for life.

The web hosting plans also include unlimited ftp accounts, databases, email accounts, addon domains, sub domains, packed domains etc. We also offer free PHP scripts installation for  blogs, forum, photo album, e-shop), CMS and much more.

Dynamic vs Static Websites

Will the customer frequently manage the website?

Will the customer abandon the website after hosting?

Dynamic website are good if frequent managed and updated websites whilst static websites are good for website that are abandoned immediately after design and hosting.

Dynamic website are dangerous if abandoned  since PHP scripts become obsolete over long period if not updated. When PHP scripts stay too long without updates, hackers, crackers and bad guys will hijack your website since most bugs in the scripts will have be known by those bad guys and uses the bugs to temper with your website.

Dynamic website are normally created from wordpress, joomla, drupal, expression engine and ezpublish and much more.

Specifically we master very well wordpress system for web design and authoring. Other mastered system are joomla, drupal and ezpublish. We also design websites of purely html nature. Customers are advised when and why to choose from the  one of the systems mentioned above.

If we discover that a customer need a website to just give static information to the website visitors and they are not ready to frequently manage the website, we then advise to go for static websites like those designed from manual html, dream weaver, websitex5, coffee cup, webpage maker, and other html editors.

Facts and Why Unlimited Web Hosting?

Introduction

There have been lies spreading around talking negatively about Unlimited Web Hosting Services. This article is written to make clarification, define, give conceptual examples and reasons for Unlimited Web Hosting.

It is true that some fraudulent web hosting companies  are using this plan to attract more sales while offering poor server-side services. I my self in the past tried some companies offering this services and end up getting less than 95% up-time server against 99% recommended.

But this does not imply to all companies. If you do your own research you will discover many companies offering these services at the same time maintaining their 99.9% of uptime server plus many other quality services available in other standard shared server packages/plans

The best way to know if the company is reliable is to look for customer review either online or the current or ex customers for that company. Most of them will give you the information.

If you rely on allegations posted by competing companies about the service, expect always to get the biased opinions and feedback and in many cases the NEGATIVE ones

What is Unlimited Web Hosting Plan?

This is a shared hosting plan with the following attributes

  1. Unlimited Disk space
  2. Unlimited Bandwidth
  3. Unlimited Email Accounts
  4. Unlimited Databases
  5. Unlimited Database space
  6. Unlimited Addon, parked or sub domains
  7. Unlimited ftp accounts
  8. etc

Other Unlimited Services Packages

Unlimited web hosting is concept exists which is similar to other applied concepts as follows:

Scenario #1: Unlimited Food Serving (Buffet Service)

All are aware that you can enter to luxuriant hotel and pay for unlimited meals service known as buffet service.

When a customer pays the meal, he/she will serve himself or herself unlimited food he/she can eat alone and at one session.

This concept is used basing on the fact that the stomach that take the food is limited and it cannot consume all the food expect to the standard know quantity. The main purpose hear is to remove limits and unnecessary restrictions to the client while eating.

Scenario #2: Unlimited Cruise and Travel

This is a concept where a customer can pay a set amount of fee to travel anywhere in the world at any time with he/her family until death.

Again here the time a client has for travel is limited, likewise the number of family members is limited

Again the concept here is to remove unwanted/unnecessary limitations and restrictions to the customer and his family while traveling for holiday or rest.

Back to Unlimited Web Hosting

Contrary to the negativity of the other parties about this concept, unlimited hosting has been invented for the same reason of removing unnecessary restrictions and limitations to the clients.

This plan keep in mind that the customer demand in terms of web content quantity in the server hard disk is limited and usage of bandwidth by website visitors is also limited.

Basing on the same customer convenience this plan remove unnecessary limitations and restrictions to the customer related to resource usage etc.

No one will meter your usage like:

  1. Disk space
  2. Bandwidth
  3. Emails
  4. Databases
  5. Database space
  6. Addon, parked or sub domains
  7. ftp accounts
  8. etc

Fair Usage Policy

This policy is in use not only for Unlimited Web Hosting but for all shared hosting. The policy intent to harmonies the usage of the content in the server so that your problem cannot affect others.

We put some restrictions via Fair Usage Policy in the following parameters in order to maintain quality services and avoid website attack and service abuse. This type of policy if not implemented the service will have no meaning since it is vulnerable for web security and abuse.

  1. CPU usage
  2. Physical Memory usage
  3. Virtual Memory usage
  4. I/O usage
  5. Entry processes allowed
  6. Number of processes allowed
  7. Email send per hour
  8. Disk Usage Increase Rate (just monitoring)
  9. Bandwidth Usage Increase Rate (just monitoring)

The parameters above if monitored well can diagnose the fare usage of the service or abuse and sometime attack.

However, the experience of implementing this plan has shown that in every 100 users only one or 2 users are affected by this policy in a month. This means that the service is useful to many website owners than what other are spreading lies about the plan

Server Abuse

For abuse we mean some time the account owner can convert the account usage to be an online storage where a lot of DVD and software are stored contrary to the purpose of the account. You can host DVD or software if and only if the contents are part of the website design and host.

Another abuse comes from poor coded script that is overusing unnecessarily the server resources. It is an obligation of the webmaster (website owner or its employee) to make sure that all scripts are ethically coded and operate as intended to be.

If the script is over using these resources, other users in the same server will be experiencing the same problems. To protect them we have no option but to suspend temporarily the account causing the problem until the problem is solved by the webmaster.

Server attack

If the account is under attack, the parameters above will read abnormal, in many cases will shoot up.

Example if you website traffic was 10,000 visits per day and from nowhere the next day it reads 100,000, this must be an attack from fake bots traffic generators

Likewise if the emails sent exceed let say 150 per hour, then this is probably spamming from within or from hackers. For web owners with mailing list services, you can set your engine to send email not more than 150 per hour

Conclusion

The unlimited plan intended to remove limits for ordinary website owners who are experiencing website growth in terms of content hosted and website traffics. The service is not intended for online storage, email services like those offered by gmail, yahoo, AOL and others.

Unlimited plan is hosted under shared hosting and therefore all shared hosting restrictions and terms must be adhered for the fair use of the service.

SEO friendly web contents

The SEO friendly web contents must be unique (not copied from other websites), grammatically correct and free from spelling errors, no repetitive words etc

NB: Search engines like Google penalize pages with copied contents from other websites

We will ask also from the customer multimedia contents like photos, logo, images, audio, video and flash if available. We can create logo, images/graphics and flash if requested by the customers. We currently use our business partners to develop a video clip for office documentary or specific marketing strategy.

For product related contents we advices customers to bring the following for website optimization success

  1. Product or service title
  2. Product or service description or summary that tells about the title above
  3. Product long description or details that tells about the title above
  4. Photos that tells about the product or service

Pin It on Pinterest