In our previous article we learned “How to Build a WordPress Website” and today we’re closely inspecting the most important aspect of a website – its security.
One of the worst things that can happen to you online is to invest your time and efforts into building your website and then, out of nowhere, the website gets hacked by some 10 years old hacker wannabe for no particular reason. Fortunately, there are many plugins that can help you increase the security of your WordPress website and we’re going to look through the most popular of them.
However, before we begin with our list of favourite WordPress security plugins, please, make sure that you follow the 4 simple rules below in order to prevent security issues with your WordPress website.
1. Always make sure your WordPress website and its themes and plugins are updated to their latest version. Believe it or not, this is the most common reason why the hackers are using vulnerabilities in your code from which they can exploit your website.
2. Remove any unused WordPress themes and/or plugins. If you do not use it then remove it from your website. This you will help you decrease the number of potential security holes in your website and make it harder to being exploited.
3. Make sure that your local computer is clean from malicious software and it is being regularly scanned with updated and, most importantly, trusted antivirus software. This is very important because in case your computer is infected, your login details may be intercepted and used to hack your website. This can happen when you are entering your admin login details from your infected computer. That’s why it’s important to keep your computer clean from viruses.
4. Perform regular backups. It is one of the easiest things to do. Just download your website files and folders to your local computer regularly, for just in case something unwanted happens to the website. As a leading hosting provider, we at TMDHosting perform regular backups for your website files and database. However, having a local backup on your computer will provide you with one additional layer of security which is always a good thing.
WordPress is one of the most popular CSM applications and it has a very extensive catalogue of plugins of which you should take advantage. For your convenience we have selected the 5 most popular and, in my opinion, the best plugins with which you can increase the security of your WordPress website. Let’s take a look:
This plugin comes by default with every single WordPress installation for a reason. Unfortunately, it is one of the most overlooked plugins of all times. What the Akismet plugin does is to protect your website comments from spam and trust me – Akismet is really good at it. You can read more on how to fight against spam in one of our previous articles “How to fight the internet trolls and spam bots in your site comment section” written by Morgan Collins.
You can download this plugin from the following url: http://wordpress.org/plugins/captcha/
Even though it has mythical superpowers, the Akismet sometimes can’t protect you enough from all of those aggressive spam bots. This is where the Captcha plugin comes in by adding an additional verification box to your website comments and member login pages. This will stop those clever spam comments that will slip through the fingers of Akismet and should spam-proof your WordPress website.
You can download this plugin from the following url: http://wordpress.org/plugins/captcha/
3. Limit Login
While the above mentioned two plugins are directly protecting your website from unwanted spam comments, this Limit Login plugin is directly protecting your WordPress administration area by preventing the number of different attacks on the login section such as the dictionary attacks, and the random password guessing. In case someone tries to access your WordPress admin area too many times, the Limit Login locks down your login section and bans the attacker temporarily. However, the sweetest feature of this Limit Login plugin is that it immediately sends you an e-mail informing you if someone made malicious attempts to hack your website.
You can download this plugin from the following url: http://wordpress.org/plugins/limit-login-attempts/
Once your comments are protected from the spambots you should take care of the security of your WordPress website and protect it from hacker wannabes. The Better WP Security plugin consists of some of the best WordPress security features and techniques which are ready to be applied to your WordPress at instance in order to increase its security.
As with every single plugin I would highly recommend you to make yourself familiar with this plugin as it can even change the admin login url (as a security measure) and you might get locked out of your own website. However, in case you are experiencing issues with your plugins you can always submit a ticket to our Genius Support team who are always available to help you out of any situation.
You can download this plugin from the following url: http://wordpress.org/plugins/better-wp-security/
More than 90% of the hacked WordPress websites are being hacked due to the fact that either they were outdated or some of their third party themes and plugins are having security holes. This humble free plugin notifies you by email whenever there is any update available for your installed plugins, themes or WordPress core files. I find this plugin very useful because I manage to handle multiple WordPress websites and some of them are quite old and not regularly administered. However, with this little plugin you can always be up to date which, as we already mentioned, is crucial for your website security.
You can download this plugin from the following url: http://wordpress.org/plugins/wp-updates-notifier/
To sum it up – the above plugins are somewhat essential for every WordPress website security. Unfortunately, there is no single plugin to provide you with 100% guarantee that it will secure your website from malicious activities. For this reason, you might want to consider installing a number of the plugins we discussed. You can also browse through the extensive WordPress plugins library and choose the plugins you want to try but remember to read user reviews and try to avoid installing low-rated plugins.
Do you have your favourite WordPress security plugins? Share them in the comments below and stay tuned for our next article and most importantly – stay safe!Read more
Hello everybody! It is Simon Davis from the TMDHosting Genius Support Team and it is #TechWednesday :) In today’s article I will want to talk about one of the roads we have recently taken to secure our clients’ web-sites and respectively their intellectual property which is the most important thing over the web these days. If you have been keeping an eye on us recently, you should have heard about our so-called web firewall. So, here is some info behind the curtains regarding it!
Here in TMDHosting we don’t want our Customers to be part of that statistic and each day our security specialists are fighting the malicious activity on our servers causing the same to be progressively reduced to its minimum.
For the past year we have been developing several options (features, improvements) to protect our clients websites no matter if the websites (usually opensource applications) are already using built-in protection or not. We are aiming at not only to improve that already developed protection from the authors of the used scripts but to add completely new and separate layer of security which is individually unique and most importantly reliable.
In a pretty cloudy day over the past year we have saw the sun at the horizon and we took the long and dusty road to the sunset of malicious activity, hacked websites and stolen intellectual property. No one though that the road was gonna be clear and carefree, instead we were prepared for every obstacle that we can face up to our goal – to build universal security tool using already released opensource security features without actually affecting the existing websites in a manner which will affect their access rate and functionality.
With all this being said I am proud to present you with the cutting edge in our latest security advancement – apache® ModSecurity .
Behind the short and self explanatory name there is a powerful, opensource, web requests analyzing Firewall (or in short WAF – Web Application Firewall) which is essentially checking each and every request performed to the web service on our servers. By default ModSecurity is released in two major distributions:
As mentioned earlier in this post ModSecurity is an Web Application Firewall capable of providing great level of security for the websites of our clients . The way ModSecurity works is quite straight and it depends entirely on the rules set created in this case by our security specialists. That is right I said “Rules”.
As every Firewall type of feature ModSecurity needs a way to filter the incoming data (in our case web request) . Here the rule engine used by ModSecurity comes pretty handy as it allows for every element of the incoming requests to be filtered and checked for malicious contents.
The way we have configured ModSecurity is in close relation with the data submitted via the URL (GET requests) and the data submitted to the server via the Forms(POST requests) of our clients websites.There are few most common principles used when a hacking attempt is performed and bellow I will cover some of them along with the way how ModSecurity is preventing these.
Here is an example of the SQL Injection performed via the URL of your website:
Original URL: http://domain.com/blogposts.php?id=1
SQL Injection included in the URL: http://domain.com/blogposts.php??id=-130 union select all 1,username(username,0x3a,password),3,4,5,6 from username
Since the id parameter is used for an SQL request to the database it is directly included in the query via GET request. When the URL with the SQL injection is submitted the script which is handling the request will not only accept the SQL code in the URL but it will perform a legit request to the database displaying the Username and the Password as the above SQL injection statement is requesting these.
Of course the above example has only demonstration purpose and it cannot be used for anything else.
ModSecurity will fetch the id parameter and check it for any “Union” statements for example. Since none of the known opensource applications and custom scripts are actually performing SQL queries via their URL(GET request) it is quite suspicious that this one does. So instead of passing the request to the server ModSecurity will automatically terminate the request returning a 406 Not Acceptable error page.
spamming your websites with comments
creating fake registrations with spamming purpose
flooding the server with connections (DDoSrelated)
and many more. What ModSecurity do is to check every User-Agent accessing your website and if it matches one of the malicious User-agents in our list (which is quite big actually) it will automatically terminate the request and return a 406 Not Acceptable Error page to the source of the request.
As you can understand from the above type of attacks we are trying to cover almost every aspect of how your web-site can be hacked/defaced and to respectively reduce the possibility of that to happen to 0. This is not an easy task and each day we find newer type of attacks which we are inspecting in details and respectively we are updating our rules accordingly.
My last words but only in today’s article will be related to the logging strength ModSecurity has. As every Firewall type of software ModSecurity provides the option for logging. To be able to have some idea what malicious requests are performed on our servers and respectively denied by ModSecurity, we are provided with a local log in which all the matches of our rules are logged. This allows us not only to monitor the malicious activity on the servers but also to block the source of that activity.
At this point that log is available only for our VPS and Dedicated Servers users requested the installation of ModSecurity on their services with us. It can be found in their WHM control panels under the link ”Mod Security” .
In a conclusion I would like to say that ModSecurity offers individuality and flexibility which makes it unpredictable for hackers and users with malicious purposes the same as trusted with the millions of options for filtration it offers.
We are proud that we have chosen to protect your blogs, forums, e-commerce application (online store) or social network with the help provided by ModSecurity.Read more
Still in the Halloween mood, thinking of scary stories and movies, we thought about things, which scare us to death. Apart from fear of failure, ghost stories, sleeping in the dark, and falling off a large cliff, some of us pointed out their online fears.
So, here is a list of the scariest things, which might happen online, and what’s even worse – on our sites.
1. Your site being down:
This could be considered the worst nightmare for people who make their living from their website. Whether, it is a blog, an online shop, or even bigger – online media, we know no site is immune to a major crash. Losses might also turn out quite significant, especially for sites with higher traffic. Examples of such popular sites, which have had a similar scary experience, are the downtime of the New York Times in August this year, and Google being offline for less than 5 minutes.
Reasons: There are so many reasons for your site to be down. The Most common reasons for my site to be down might be connectivity issues, missing content in core files etc. Many times, the issue is more obvious than it seems – external issues with your hosting provider.
What-to-do-now plan: If you have a 24/7 support, try contacting your hosting company. They should be the people to turn to in such cases and the ones to identify the exact causes of the outage. Figure out a way to communicate the issue to your potential visitors – social media has proven quite useful in such instances. Make sure you pause your online ads, so that you do not throw money down the sink by sending potential customers to nowhere.
2. Incredibly slow load time:
If you have an e-commerce site, slow load time might notably affect your online orders. If your site runs 5 seconds slower than the competition, that could mean considerable financial loss, which is directly proportional to the size of your online business. For example, Amazon.com found that with every 100 Ms of load time, there was a 1% decrease in sales.
Reasons: Many reasons for your site to load more slowly are related to the content in it and the execution of the script(s) it uses. The most common reason, put mildly, is that your hosting provider isn’t the best. For a more comprehensive explanation of website slow time, you might want to check: Why my website loads slowly?
What-to-do-now plan: Talk to your hosting provider, who should best know whether the reason is internal (in them) or external (for example, one or more of their internet providers failed delivering proper service). They should be able to give you the best advice on what to do next, and whether there is any need of content optimization. If, in the end of the day, your site continues to be slow, you might try transferring your site some place faster. Some hosting companies do offer transferring your site and database completely free of charge.
3. Being spotted by hackers:
Attacks performed by hackers are random, painful, emotional and quite costly in most occasions. There might have been a security hole on the server your site resides, on the software your site is built on or any other vulnerability in the configuration that the hackers might use to get in. In 99% of the cases, the issue is caused by outdated software (WordPress, Joomla, etc), specifics of which are used by bad-minded ones to break in.
Reasons: Protecting your site from hack attacks may require considerable amount of development work. There are many causes increasing your site’s vulnerability and making it attractive to hack attacks. Some of them include, having an old version of a script (e.g. WordPress, Joomla), not having updated other components of your web site, not having updated templates.
What-to-do-now plan: The best thing to do in this case is protect yourself before you get ‘burned’. Having your site well secured is one of the main factors to consider when choosing your next web hosting provider. Choosing a good provider who knows how to secure their servers professionally is key to having a good night’s sleep for the next few years. Taking the prevention of hack attacks aside, and considering your site did get hacked after all, the best thing to do is get help from your hosting provider and your in-house developer, if you have one. Most important, in fighting random hack atacks is to keep your software always up to date. People developing software are usually one step ahead of the hackers – if they have released a new update for your software, there is no good reason for waiting – go ahead and install it. You should keep an eye regularly on that. Change all your passwords, go offline, so that your customers are not negatively affected by the attack, find a way to communicate the issue to your customers, and pray!
4. Huge bounce rate:
Your site is great, or at least you think so, but at some point of time, you notice a high percentage of your visitors leaving it, as if there is some type of plague inside.
Reasons: There are many reasons for an increase in bounce rate, and most of them have to do with the internal organization of your site –in terms of content and design. If your web design is cluttered, the site is not user-friendly, and the user at a first glance does not perceive your content valuable – they leave. Looking at it in a more abstract way, those reasons are just the same as a person leaving a shop – if the visitor does not feel comfortable skimming through it, and does not find interesting stock – they leave. There might also be some marketing and external reasons, such as irrelevant ads bringing people to your site, wrong keyword selection etc.
What-to-do-now plan: Re-think, re-design, and re-imagine your whole website concept. If the trend is ongoing, that means you should pay considerable attention to how you present yourself in the online world.
5. Software issues:
You have been playing around with the back-end of your site lately, installing plug-ins and themes, there was an update to the script that you wanted to install, and suddenly – bang! You get this internal error and your site refuses to load.
Reasons: Often, if we are not so tech savvy, but still have faith in ourselves, we try dealing with the back-end of our sites, all by ourselves. Sometimes it works, but sometimes, well – it doesn’t. There are a few occasions though, that it might really be a script issue or a combination of poor hosting and script error.
What-to-do-now plan: Communicate the issue with your host. Be as precise as possible, send screenshots of the errors you get, if necessary. Your hosting provider should be professional enough to investigate the issue and help you solve it quickly. To go safer in the future, ask your hosting provider to create a sandbox copy of your website, so you can experiment changes there. Also – do not ever forget to take backup copies of your website. Your provider surely does, you just have to make sure they are as timely as possible. Having a backup each day is a good practice for your databases, having a backup each week is a good practice for your files. Of course, it all depends on how frequently you change them.
6. Google ban of your site:
Only the thought of Google banning their sites, makes some people recollect the back-in-school days, when the teacher punished them in front of everyone by the black board. Being banned by Google is not such a frequent event, but when it happens, it basically means that your site is out of Google’s index.
Reasons: There are many reasons why Google might decide they don’t like you. This can happen if Google decides that your site does not meet Google’s quality guidelines, or worse, that your site distracts users’ ability to locate relevant information. Speaking more technically, if you have been cloaking, or, in other words, designing your site, so that search engines see one thing and the visitors another, you are risking getting on Google’s nerves. Other reasons for being punished by Google are using keywords irrelevant to your content, duplicating content, or having a robot write your site.
What-to-do-now plan: You might want to create a Google Webmaster account, where there will usually be information about the reasons why your site got banned. Once you register a Google Webmaster account, you may request to be whitelist-ed. Resurrecting your site and bringing it back to Google’s attention is a slow and tedious process. So, good luck with it!
If you have experienced at least two of those issues, it might mean you desperately need a new hosting provider. The tech support in TMDHosting, would make sure you do not have a scary experience. You might want to give us a try and make use of our special SPOOKY code by the 6th of November for a 10% discount of your next hosting plan with TMDHosting.Read more
Did you know that the word affiliate origins from the Latin word affiliatus and it means adopt as a son? Sounds strange? Well, let’s think about it – how can you sell anything without knowing it and loving it? Those of you, working in sales teams, know how hard it is to be convincing, if you are not convinced for yourself that what you offer is really good.
Yet, we understand that the sole power of conviction is not quite enough to become a successful affiliate with a lot of sales. Another key-prerequisite to turn your website into a money making machine is that it serves your visitors ‘needs. Here is a great piece of news you are probably already aware of: there is a high-demand for both – secure and managed web hosting!
Why do we believe that TMDHosting is a value added product of a great demand mutually beneficial for you and your referrals? In fact, we not only believe it, we know it for sure.
A team of professionals
At TMDHosting you can find all kind of people – always avid for more – readers, true gamers (yes, we share your love for Grand Theft Auto V), impressionable photographers, pro snowboarders …but what brings us all together, is the years of experience in web hosting. If you are one of our happy customers, you already know this.
The in-house survey that we made for this post, show that the minimum average amount of time each of us has spent in the sphere of web hosting is 4.5 years. For 7 years now we are online 24/7 to help you at any moment, sharing bits of information we have carefully stored in our brains and our knowledge base. We do also have a very good amount of people that are in the industry since its very dawn.
We offer you and your referrals a great value product
What we stand out for is simple but worthy:
- Speed – sites we host do load fast – less than 1.80 seconds is our average loading time.
- Safety – we create full account backups each day.
- Security – we have system administrators that monitor our servers 24/7. This, in addition to all the hardware firewalls we have. This, in addition to the most innovative web firewall (based on mod_security) with daily updated rules.
- FREE technical support – That’s right, we don’t charge you when you need help. Our techs are friendly, professional and available 24/7 on your disposal. No matter what day it is, if it is Christmas, Thanksgiving or so. We strive to guarantee 15 minutes ticket responses.
- We improve constantly – only in the past year we have:
Our customers speak out:
“I came to TMD hosting on a whim, as i was looking for a compatible hosting company to house my social network. I am not as experienced as some … I constantly make errors on the FTP and there you have it, TMD cleans up my mess. They are more than my hosting company, they really are our tech support team and I’m glad to have found them
“In the past 14 years I have used hosting services from several big companies…But with Tmd server hosting I have a complete managed server package that rocks everything. I am using this service now for more than 2 years and I hope to use their service for many many years from now on.”
“I don’t usually write reviews but felt compelled to after a spell of fantastic support from Tmd. I had an issue over the weekend. Actually, it was a Sunday and they solved it within an hour. And then, I had another (self inflicted) issue today, which was solved superbly in less than 15 minutes. It seems that there’s always somebody around to help me, whenever I need it. Well done guys…”
These are just random excerpts from our happy customers and none of them is written by us, we promise (we have more important things to deal with in our day-to-day work).
Is this already the moment to share some love with your friends and visitors? If you say ‘YES’, we are happy to let you know that this is going to be one of the rare moments in your life when love and money go together.Read more
Do you remember the story of Alex Tew, the student from Wiltshire, England, who in 2005 started an online project of his own, which turned out to be an absolute Internet phenomenon? His goal was as simple as it sounds – to raise $ 1,000,000 for his studies – by selling 1 million pixels each worth $1 to companies well known for their great partnership with affiliates, but also to whoever else wants to buy couple hundreds of pixels.
Internet ads revenue reached 15 % increase in 2012, thus reaching $36.6 billion and is by now the fastest growing ad spending segment for the past 10 years. Compared to 2005 the number was still $12.5 billion dollars, a 30.3% growth compared to 2004 according to IAB.
Online affiliate marketing as a core component of display digital advertising evolves with the same great pace.
Its means has evolved which lead to affiliates organizing and running their sites in a competitive way – through different SaaS and PaaS. Live stats, SEO, instant customers/visitors feedback and many more factors led to the betterment of affiliate marketing, thus presenting a better organized and better looking sites (with all due respect to Tew’s idea and with the understanding that it is not the best example of an affiliate page), the million-dollar-home-page looks like something went very wrong unexpectedly) to a better targeted audience. Sites now present the services and products of the partners they are affiliated with in a lot more professional and trustworthy way.
Our NEW affiliate program is professional in all its aspects. Here is how we put additional value to our products:
We understood from our affiliates that they were not quite happy with the old software we provided them with, so we did the most logical thing and substituted the old ‘’non-comprehensive’’ and ‘’somewhat unfriendly” software with a top-notch platform.
Empowering your performance to better analyze your work and easily track your referrals and sales was our first goal.
Further we have asked our partner affiliates to share their thoughts on our bank of creative banners and text links. The investigation resulted in a fully stocked bank of banner ads of all sizes, compatible with latest HTML5 and CSS3 requirements and your sites’ responsive layouts.
Improved commission structure:
We believe in that old Latin saying – “Pacta clara, boni amici” – or in other words – to maintain healthy relationships with our affiliates, we trust that we need to keep the terms neat and payments clear and prompt.
Avoiding all unnecessary bars and percentage-based commission types, we keep it simple:
Bring more than 1 friend – receive $50 for each
Bring more than 10 friends – get $75 for each
Bring more than 20 friends – get $150 for each
Find more on commission structure here.
Bonuses, promotions and other incentives:
Since you took the time to read this post, why not take the time to make some cash in less than 2 minutes? Once you register to our new affiliate program, you can instantly get $10 JumpStart bonus before you have even referred your first sale.
Surely, this is not one-time incentive in order to make the program look more attractive to you. No! We really appreciate the time and efforts you took to be a successful affiliate and what a better way to express our gratitude than extra cash?
Receive your $20 SpeedUp bonus the first time you reach next level of commissions (you need only 10 friends who became customers in the past month to win it).
Your friends/ referrals also deserve a bonus for trusting your recommendation, don’t they? We will gladly provide them with different bonus codes for discounted hosting services. Follow our monthly promotions on our affiliate home page (CODE: GREEN).
To summarize the steps you can take in order to become a TMDHosting affiliate: