12 Easy Steps to Improve WordPress Site Security – Simple and Clear

12 Easy Steps to Improve WordPress Site Security – Simple and Clear

12 Steps to follow in order to Mitigate, Restore and Monitor a WordPress Site Under Phishing or Hacking

Deceptive Site AheadWhat is phishing?

Phishing is the attempt to obtain sensitive information such as usernames, passwords, and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

What is Hacking?

Simply hacking is a general terms explaining the website that is accessed by a none legitimate person and take control of it either physically or by remote means. Phishing can be the type of hacking. A hacker can do anything when he/she have control of your website.

How is phishing implemented?

Phishing is implemented in numerous ways or methods one of them is website content injections. Foreign contents with decisive WebPages that trick web visitors to leave their valuable information in exchange of bonuses or other reasons like pay fee for expiring online services etc. When a victim visit the URL and fill the information, the attacker will use those details to do the actual crime like entering to PayPal account and draw money from the victim account etc

What to do in Order to Mitigate, Restore and Monitor a WordPress Site Under Phishing or Hacked?

Mitigating the Site

Step #1: Make sure you always use a clean and protected computer to login to the server (malicious cookies, keylodgers, spayware and viruses can snick to the server and feed vital information to the attacker )

Step #2: Backup the database

Step #3: Regular cleaning and optimizing wordpress database, use cpanel or install WP-Optimize By David Anderson, Ruhani Rabin, Team Updraft

Step #4: Change the password to stronger passwords both for database, cpanel and CMS

Step #5: Update all plugins and theme and deleted unwanted ones or the scripts with no updated over six months

Step #6: Secure and prevent editing of php script, web directories and important files like htaccess and wp-config.php files

Step #7: Change login URLs, administrator usernames, database names and usernames to access database plus changing the table prefix to the harder ones

Restoring the site

Step #8: Deleted manually all foreign folders, files suspected for phishing, any useless scripts plus old site backups as those may create loophole to attack the website

Step #9: Remove wp-admin and wp-includes core folders and related wordpress core files in root folder except wp-config.php and htaccess

Step #10: Upload fresh and current copy of the deleted wordpress folder and files wp-admin and wp-includes core folders and wp-config.php and htaccess

Monitoring the Site

Step #11: Install security monitoring and notification systems for file change within your server – recommended plugin for this is Wordfence Security – Firewall & Malware Scan by wordfence, there are other very effective script for wordpress to use. Google Search console (formerly known as Webmaster Tools) is another wonderful tool for security and Google blacklist removal

Step #12: Make sure your website is visited and scanned regularly for malware (at least once per week) using https://sitecheck.sucuri.net and other effective systems like wordfence, sucuri

Conclusion and Recommendations

CMS are the most affected by cyber attack because of the backend and database where  attacker can deploy the security hole found in poorly coded scripts and those which are outdated but still in use by issuing malicious command to the server.

On the other hand, CMS offer robust and professional features, look and feel of the website that match the current market and user demands. The only way to benefit from these advantages is to secure and monitor closely your website.

The website owners are strongly advised to use the experience professional in terms of cyber security and the related phenomena in order to ensure that the issue is correctly mitigated and monitored. Leaving the website to the hands of the inexperienced and novice webmasters may lead to more problems and costs instead of alleviating them.

We at InfoCom Center Limited posses enough experience of more than 10 years dealing with cyber security on CMS websites specifically securing and optimizing WordPress sites.  The tips in the article above is the result of such experience and expertise.

We highly urge you to entrust us your website for maintenance and security day to day duties. When the website is on our hand, you will stay victoriously at peace channeling your valuable time and skills to other profitable strategies and activities instead worrying about website of and on everyday. Leave all the hassle work of maintaining and restoring hacked websites to us.

Visit SEO and Website Maintenance Page to learn more about our website maintenance packages

How to Prevent 403 Forbidden Error

INTRODUCTION

The 403 Forbidden error is an HTTP status code which means that access to the page or resource is absolutely not allowed for some reason.

This article contains basic troubleshooting instructions for 403 Forbidden error.

ERROR MESSAGE

You get the following error when you try to visit a web page:

403 Forbidden
Figure 1.

403 Forbidden Error

Causes and Solutions

403 Forbidden errors is caused by three common causes. Here they are listed from most likely to least likely.

Make sure that your website content has been uploaded to the correct directory on your server. Remember to replace example.com with your own domain name.

If this folder does not exist, feel free to create it.

No index page

The home page for your website must be called index.php or index.html.

To resolve this error, upload an index page to your directory.

If you already have a home page called something else – home.html for example – you have a couple of options:

  1. Rename your home page to index.html or index.php.
  2. Set up a redirect on the index page to your real home page.
  3. Set a different default home page in your file.

If you don’t want a single page to display, but instead want to show a list of files in that directory, see .

The errors

A 403 Forbidden error can also be caused by incorrect ownership or permissions on your web content files and folders.

Permissions

Rule of thumb for correct permissions:

Follopw the folders or files new rules

  • Folders: 755
  • Static Content: 644
  • Dynamic Content: 700
Causes of Website Crashes

Causes of Website Crashes

A website uses many technologies with varied setbacks, some of the technologies are from third parties and they are offered as they are (With or without setbacks because they are open source software) like the applications for the webmails ect.
Some of the setbacks are caused by the type of services.  Shared hosting for example have many problems because other clients problems can affect other innocent websites. For this case website functioning failure is expected anytime because of the third parties and shared services.
Also website problem rooted on website external attack.  When a website is attacked from outside like hacking, fake traffic flooding, may slow or make a website inactive or slow or malfunctioning etc.
Below a some of the common website crashes reasons:

Website scripts

The website scripts include

  1. core script – eg wordpress, joomla, drupal scripts etc
  2. Theme or template scripts
  3. Plugins or extensions

The above scripts can have bugs or deprecated libraries that in one way or other causes the other innocent scripts to malfunction or breakout.

Server Error

Your web host provider may be experiencing server failure either from the hardware, services like power or software that manage the server. Misconfiguration may also affect the performance of the server.  The server might be running a scheduled maintenance.  They might be experiencing severe attack etc

Massive Traffic Spike

The website traffic can abruptly go higher due to:

  1. Fake traffic
  2. Some of your posts, article are suddenly receiving a very high genuine traffic because it either went viral or

A website fake traffic is caused mainly by some software that can generate fake traffic to targeted websites. This traffic is sent as if visitors have visited your website and therefore the server traffic meter record the visits. Some fake traffic signal may even go further and initiate operations that will increase processes within the server resources and hence the website can crash at any time. It is difficult to block them since they keep changing the hostnames and methods.

If the website traffic went higher due to genuine visitors then you will ahve no other option but to upgrade the service to the desired traffic limit that suite the current needs

Hacking

Hacking occurs when some one from the remote computer access your admin area without your consent and take control of general website functionalities. Hacker can access your website using bots or manually and in both cases, the hacker can install software, change configuration and sometime delete your contents and put other content to the website. The hacker can use the website to steall visitors important data like those of credit cards and bank plus contacts like email and passwords.

Upgrade Hosting

For a growing and busy businesses are advised to upgrade the services to more personal and private like

  1. VPS hosting
  2. Semi dedicated hosting OR
  3. Dedicated hosting.
These services will dramatically reduce the setbacks found in shared hosting environments
On our part we make sure that these failure will not interfere with the normal business processes. Bit as I pointed earlier, some of the problems need to be resolved at the endpoint of the customers, especially those related directly to the CMS scripts and webmail applications (third party services) and for this case the company need to have someone to do this either permanently or temporary on tasks bases.

Pin It on Pinterest