Why does my mail show up in the spam folder?

/0 Comments/in

Om understand why your emails end up in the spam folder, a basic understanding is required: Email goes through various filters before reaching the mailbox. These filters are set up by your hosting provider, on the server, or by Hotmail, Gmail, and other email providers.

Filters block email and determine if it’s spam

  1. The filters block a large portion of spam based on the information contained in an email. This includes things like explicit words or advertisements for products like “enhancement drugs” and “adult material.”
  2. The filters also block files known to contain viruses. (Based on file names and extensions, such as .exe files)
  3. Messages with large attachments are often blocked to prevent your mailbox from getting full.

In summary, if you send an email with large or suspicious attachments, it may get blocked. Similarly, if there are suspicions that the email is unwanted advertisement (spam), it may also get blocked.

The sending address

Another factor that can cause emails to end up in the spam folder is the sending address. Your email is sent through a server, which is a computer that processes much more information than just your email. If that computer is misused by others to send spam, the entire computer can end up on a blacklist.

Conclusion

If your email meets one of the above-mentioned factors, it may not land in the inbox, but instead be blocked or automatically placed in the spam folder.

 

Why am I receiving so much spam?

/0 Comments/in

So much spam! If you don’t have good filters, you can receive 20 to 200 unwanted emails daily. SPAM!

To figure out why you’re receiving so much spam, it’s essential to understand how spammers obtain your email address, why you’re getting so much in your inbox, and ultimately, most importantly, how to solve the problem.

How do they obtain your email address?

Individuals who want to send spam/advertisements can acquire your email address in three ways:

  • They purchase an email database with 20,000 email addresses.
  • They write a script that scans the internet for email addresses on web pages (then they spam these addresses and sell them again).
  • They personally approach large companies (this is rare).

Why do you receive so much spam?

If your email provider doesn’t have filters, you could receive thousands of spam messages per day. Fortunately, every hosting provider and mail service has spam filters, as otherwise, they would have to handle 95% of all mail from spambots.

Spambots?

These are scripts running on computers that do one thing: emailing, emailing, and emailing. A simple script that takes an email address, then grabs a piece of advertising and sends it. But it does this 4 times a day to the same address and with a total of millions 24/7.

Despite the spam filters, you still get 10 to 20 messages per day… 7 days a week. These are emails sent from unknown servers, where the sender can bypass all filters.

How can you solve spam?

In email programs and on the server, there are options to block email addresses or certain words.

Sometimes, in addition to the 500 words that are already blocked, it’s necessary to block specific advertisements as well.

Use the filters available in your email program or on the server to delete spam immediately. Otherwise, you’ll be constantly deleting spam emails every day, and it’s a losing battle against a computer, something we as humans will never win.

Why do people send spam?

Money.

1 out of 10,000 emails gets read, and someone makes a purchase. So there’s a reason to send millions of emails with a certain “great offer.”

 

Setting up a business website: page-by-page

/0 Comments/in

Assuming you have a hosting provider and have installed WordPress. You have even chosen a beautiful theme.

But what’s next?

What information should you place on your website?

Now it’s crucial to put yourself in the shoes of your target audience. The potential customers you want to inform about what you offer.

We’ll help you get started with the basics:

The pages that are typically needed to inform your visitors/customers and, of course, persuade them to choose your product or service.

  1. The homepage: Showcase what you have to offer, your services. But not only what services you provide but also why the visitor should choose you. What makes your service better than others?
  2. About Us: Customers like to know who is behind the product or service. Convince them that you are an expert in what you do, show your passion for what you offer. (Become an expert if you are not already, my motto: do it well or don’t do it at all).
  3. Services and Products: If you offer multiple products or services, you can present them in an organized way on one page. Visitors often want to see what you offer, the cost, and the results they can expect.
  4. Contact: Customers want to be able to get in touch with you. It gives them a sense of security and allows them to call you if they have questions before purchasing your product or service.

Finally:

Ensure that these four pages are understandable both for “novices” and for customers who are already familiar with your services. Also, make sure to only state information and claims that you can fulfill.

Most customers don’t believe in “golden promises,” but they do recognize knowledge and passion, and that’s how you can convince them. That’s the goal of your website. When writing the pages, focus on them and not on points that you find interesting as a provider!

Secure your website

Make sure your WordPress site is well-secured. Viruses on servers and the internet have the nasty habit of injecting code into your database, especially in the “post table” where your texts are stored!

You may lose your content, and it can be replaced with advertisements for shady online shops.

For website security and information, you can always turn to us. You can find our phone number and send us a message on our contact page. We would be delighted to inform you about the options to secure your website. Websites and security are our passion!

 

Social media and WordPress

/0 Comments/in

WordPress offers plenty of plugins to integrate social media with your website:

SSBA – Simple Social Button Adder

The SSBA plugin allows you to add beautiful buttons above and below your articles and pages. It’s a free plugin that offers various styles, sizes, and customization options.

Monarch – By Elegant Themes

Monarch is a fantastic plugin that provides options to display social media icons on the side of your website, as a popup after a certain number of seconds, or when the visitor reaches the bottom of the page. You can also set the popup to be shown only once.

The plugin is easy to configure and includes a statistics page where you can see how many times the website has been shared and through which medium, displayed per day, week, and month.

One small drawback: At Elegant Themes, you can’t buy a single plugin directly; they offer a whole subscription plan. However, it is reasonably priced!

Social Media = Free Advertising and Visibility

Here, we talk about giving your visitors the option to share your website on social media platforms like Facebook, Twitter, LinkedIn, and Google+ easily. If visitors can share your website and specific pages with just one click, your website is more likely to be shared with others and gain more visibility.

Free advertising!

Furthermore, when your website is shared within their social circle, it carries a certain persuasive power in terms of advertising.

The Difference Between Followers and Sharers

There’s a significant difference between the buttons displayed by these plugins: Share buttons and Follow buttons.

In a nutshell, when visitors can share your website on social media, you don’t need your own social accounts. They share your website on their accounts!

However, if you place buttons with links to your social media accounts to gain followers, you need an active Facebook, LinkedIn, or Twitter account for them to follow.

In summary, the effectiveness and return on investment of social media depend entirely on your own efforts.

Prevent your e-mail from getting into the spam folder with SPF

/0 Comments/in

SPF stands for Sender Policy Framework and is a protocol that determines whether the sender of an email is authorized to send messages from a specific mail server. The main purpose of SPF records is to prevent spam, but more importantly for you:

The SPF record informs other internet services that your email truly originates from your website, preventing your emails from being filtered into the spam folder!

Where can you add the SPF record?

dns example

You need to add the SPF record at your web host. When registering your domain name, you should have received login credentials from your web host that allow you to modify the DNS settings of your domain name.

The structure of an SPF record

First, you need to indicate that the record is an SPF record by adding the following:

v=spf1
This tells the DNS which version of SPF you are using, which is important for reading the SPF record.

Next, you specify when an SPF is valid:

all for all outgoing mail servers.
a If the sender’s IP address matches the IP address (A record) of the domain.
mx When the mx record matches the SPF address.
ip4 & ip6 When the mail is sent, it is transmitted via IP addresses (of your domain).

Okay, there are many possibilities, what is common?

v=spf1 a mx ptr ip4:123.456.789.000 mx:yourdomain.com include:_spf.google.com include:_spf.hotmail.com ~all

Note: Choose TXT as the record type and replace the crossed-out information with the IP address of your own server/website and your own domain name.

example dns spf

Converting WordPress to Https

/0 Comments/in

An SSL certificate is usually provided by your web host. After that, they leave it up to you or a professional to make the necessary changes to your WordPress website.

If you’re certain that your HTTPS certificate is enabled by your web host, you can proceed with setting up WordPress.

Does your website have a certificate?

Test your certificate by entering your website address with https://
If you see the following, your website doesn’t have a certificate:
no certificate

If you see a green lock icon or a green bar in your browser, then you have a certificate.
valid certificate

Preparing WordPress for HTTPS

The easy way

Go to Settings » General in your admin panel.
Change http to https.
(Don’t forget to save.)

wordpress https
If you can no longer access this address because your .htaccess file or your web host has already redirected your website to HTTPS, you can make this adjustment via PhpMyAdmin. This is a program that runs on your server and is provided by most web hosts.

Changing to HTTPS via the Database

This requires some additional login information.
You can find the username and password for your database in your WP-config.php file (via FTP on the server).

You also need an address for the PhpMyAdmin program (usually accessible through your hosting panel or in Plesk/Directadmin).

Once you’re in the database, go to: wp-options and update the URLs for siteurl & home (See the image below, but of course with your own addresses!)

mysql wordpress database

If you’ve done this correctly, you can log back into WordPress, and your website will be accessible via HTTPS!

Are your images and some pages not visible?

In that case, not all links have been updated, and you can use the Better Search & Replace plugin to do so.

Find it too complicated to switch WordPress to HTTPS?

The above steps can be complicated if you don’t have experience with FTP or PhpMyAdmin.
You can send us an email with your Directadmin or hosting details, and we will set up HTTPS for your WordPress website!

When I set up a website . for myself, it goes like this!

/0 Comments/in

I have been programming, maintaining, and securing WordPress business websites since 2007, 5 days a week.
Even 7 days a week at times. But with great pleasure, busyness, and sometimes the overwork that you can expect from an entrepreneur.
As a result, my knowledge and experience with themes & plugins, as well as WordPress itself, are quite extensive and growing every day.

Because I am frequently asked what I would do with various aspects of a website, I will tell you:

How I create a new WordPress website
For myself!

Please note that I already have all the resources such as Notepad++, SmartFTP, hosting, Photoshop, various licenses, themes, and (premium) plugins. Approximately 50% of what I use is open-source, but other essential programs I use come at a cost.

  1. I always start with a fresh WordPress release.
    Directly the version with the Dutch translation.
  2. Then, I delete the Readme.html & License.txt files since they only reveal which WordPress release it is.
    That’s only useful for hackers.
  3. I register a domain name with Reviced.
    I also have 40+ domain names lying around, and sometimes I pick one up spontaneously.
  4. I create a new domain/data space on the server.
    I do this on a CentOS server with Nginx and PHP7 + Directadmin.
  5. Then, I choose a theme, which varies depending on the purpose it needs to serve.
    Sometimes I work with a blank theme. These are a few WordPress files with the raw basics without any other clutter. I style them from scratch using CSS, Photoshop, and custom code.
    There are times when I work with a “premium” theme. They can cost upwards of 50 euros, but sometimes they are just so beautiful 🙂 Until I want to make a customization… then I get tangled up in the spaghetti code they put in those themes 🙁
    And every now and then, I use a theme from ElegantThemes. I’ve had a Developer subscription with them for about 8 years, which allows me to use their themes unlimitedly.
  6. Next, I download and install plugins like Contact Form 7 (Contact forms), Count per Day (Visitor counter), and sometimes Visual Composer (Advanced editor).
    I also use the Advanced Custom Fields (for posts with extra info fields) and WPML (for multilingual sites) on 5 websites of mine.
  7. Then, I start creating the pages. These are usually the Home, News, Contact pages.
  8. I set the Permalink structure correctly and make the “Home” page as the front page (admin » settings » reading).
  9. After that, I activate the WPbeveiligen Antivirus plugin and configure it.
    This is not advertising, but rather a standard practice for the past 3 years. I don’t want hackers or unexpected issues on my site.
  10. I forgot to mention the automatic backup plugin Updraftplus, which I have been using since 2016. I activate it (I have UpdraftPlus make a backup) once I have set up most things properly. There is a free version that already offers many features, but I personally use the premium version.
  11. Then, I start putting my ideas onto the pages. The texts with a few images.
    I purchase images from 123rf.com, and sometimes I download them from free stock sites like Freeimages.com (formerly SXC.hu) and Pexels.
  12. For many sites, I also install a version of Yoast for Google. This is because I like to control which description Google displays. And to remove the /category/ slug from topics.

That’s roughly how I set up a site for myself!

In my opinion, anyone with this basic knowledge can create a good WordPress website. Don’t you think so?
Share your opinion on social media or here in the comments.
I would love to hear if you succeeded!

 

Managing CronJobs in WordPress

/0 Comments/in

What a Cronjob is according to Wikipedia: A Cronjob or crontab is a Unix command that executes a program or script at a scheduled time. Cronjobs are used in Unix-like systems such as Linux, BSD, and Apple Macintosh. The word ‘cron’ comes from the English word chronograph, which is a type of stopwatch.

What Cronjobs Do in WordPress

Cronjobs are used to periodically check for updates. Many plugins also use Cronjobs to perform tasks such as updating and removing information. You cannot simply disable the Cronjob function in WordPress.

Some plugins that work with Cronjobs:

  1. WooCommerce – for storing and removing user data. Viewed products are stored or removed after a certain period of time.
  2. UpdraftPlus – for creating periodic backups
  3. Yoast SEO – for fetching link suggestions for posts and pages

In short, every website has some Cronjobs running in the background.

Want to know which Cronjobs are active?

Viewing and Managing Cronjobs in WordPress

The WP Crontrol plugin allows you to see the active Cronjobs in your WordPress website.

You can view active Cronjobs and update or delete them.
After installing the plugin, you can find it in your Admin » Tools » Cron Events.

cron events

Cronjobs and Hackers

Hackers can use Cronjobs to perform certain tasks periodically.
That’s why it’s important to see which Cronjobs are active!

Consider the following malicious Cronjobs, for example:

  1. A Cronjob that registers an administrator account.
    If such a Cronjob runs every hour, you can delete whatever you want, but hackers will still find their way in.
  2. A Cronjob that deletes your logs.
    This allows a hacker to operate without leaving any traces.
  3. A Cronjob that deletes accounts.
    If your account is deleted, you won’t be able to manage the website, and the hacker will have control over it.
  4. A Cronjob that regenerates your password.
    It’s incredibly frustrating to receive a new password every time. You can do a reset, but having to do it every hour is not ideal.
  5. Cronjobs for forwarding data.
    If a task is set up to forward your and your users’ information every 5 minutes, a hacker will know about an order or website change faster than you do!

 

The big caching test – The preparation

/0 Comments/in

In this article we will do everything we can to make a new WordPress website as slow as possible. Going against all our principles we turn on as many plugins as possible to get a load time of 5 seconds with as much executing Javascript, PHP & CSS processes.

This experiment serves to ultimate test the cache plugins and see which one works best under great pressure!

The start

1 smooth server, 8 gig ram Intel(R) Xeon(R) CPU E5-2683 v3 @ 2.00GHz (Several sites are currently running)

1 new WordPress installation with the default WordPress 2017 theme

Test method used:
– Google Developer Tools (Network view)
– Reload without browser cache!

These tests did not use Pingdom or GTmetrix since they have various factors that cause incorrect information to be displayed.

Speed after fresh installation:
800 ms (milliseconds, also known as 0.8 seconds)

Now we all know that no WordPress website runs without plugins.
From previous tests we learned that each plugin adds 0.3 to 1 seconds to the loading time.

Below the report of the plugins we have used, and the loading times that have been added.

WooCommerce +0.3 seconds (still without displaying products etc)
WordFence+0.2 seconds
Count per day +0.1 seconds

We put the shopping cart and hit counter on the test page, but the site is not slow to get.
Knowing that most websites take between 3 and 9 seconds to load, we still have a long destructive way to test the caching plugin properly.

We’re going to use some more plugins and data!

We’re increasing the size to 432KB with a nice image of the sun that’s good for 110KB.
speed

 

 

Then add a contact form (Contact form 7+0.1 seconds

Then add Yoast SEO, which adds a few requests, but still no exciting loading time with: 1.65 seconds.

wordpress caching
No visitor will drop out on this and Google pagespeed insights also thinks it’s okay.

 

 

 

 

 

 

 

 

 

Conclusion so far, 5 plugins on a WordPress website are no problem at all.

We’re going to increase the pressure!

It’s time for the big guns, a Nextgen gallery with 10 images. Nextgen makes 10 neat thumbs of that and only loads the images after clicking with a lightbox. Kudos to Nextgen 😉

snelheid wordpress website

 

 

 

You can see that the website has shot up to 887KB in terms of data, but the server still loads the website much too fast for this test, 1.82 seconds.

For this test we just add a nice text of 442 words via Lorum Ipsum.

A text of 400 words has 3 kB, which means almost no delay.

A page of 2 meters

We now have a page of 2 meters with a contact form, a large photo, a slideshow. Not to mention a 400 word story.

The website loads within 2 seconds.

Why are those caching plugins so necessary?

Many websites use 30-40 plugins without shame. Or the images are not compressed.

Anyway, you’ve come here for the big caching test… so we’ll have to keep going!

From 2 to 5 seconds loading time?

We throw in another Youtube video (iFrame embedded) and are at a 2.15 seconds

youtube screen

 

 

And.. A Pollsplugin, Cookie popup Tawk to live chat, Slider WD

We are still at a fairly fast loading time of 3 seconds!

We did reach 100 requests (Requests / objects to be loaded) that slow down the website.
In a neat way we do not slow down the website, now we are going to activate another 10 plugins that we show on the page through widgets and [shortcodes].

 

122 requests, load 4.58 seconds (Don’t mind the finish time, it is still increasing due to the slider at the time of reading)

 

As far as we’re concerned, it’s “Time” to test the cache plugins!

The caching plugins,  what do we test them for?

What are we going to pay attention to?
The speed is self-evident, but we will mainly pay attention to the number of requests.
That is what a caching plugin does: Merge and pre-calculate scripts so that you get the calculated data on your screen as quickly as possible with as little server load/server requests as possible.

And of course,

Do the plugins still work? Is the website still loading properly? And, what about all those Javascript & CSS files being merged? Doesn’t that break up the styling?

Part 2 will discuss this further.

 

The experiment: downloading a nulled security plugin

/0 Comments/in ,

If you’re new to Nulled plugins, they are “free” premium plugins that contain malware.
Nulled plugins are bought by criminals, loaded with malware and then offered for free.

The paradox

An antivirus plugin that should keep out hacks and hackers, who has been hacked?!

That’s like putting a security guard in your store from Thief & Co

A security guard who arrives on time every morning with an empty backpack, likes to work overtime and goes home with a full backpack.

False security!

The special thing is that there are enough people who illegally download premium plugins without paying properly and thus fall into the trap of the hackers.
Many do not realize that from the moment the plugin becomes active, the website sends spam or redirects visitors in the first session to a website where you can gamble or buy other strange items.

This is detrimental to your position in Google and to your turnover, since your visitors will not see your website in this way.

The experiment

We regularly deal with WordPress sites that have been hacked because the programmer did not properly buy the plugins, but simply downloaded them illegally.
We thought it would be interesting to see what we get when we download a Nulled plugin for WordPress security.

Experience
We deal with hacked websites a lot and know exactly what we are doing. We do NOT recommend downloading illegal or Nulled plugins or other software.

Measures
Of course we don’t want viruses and we don’t want any problems with the server.
For that reason, we download the Nulled plugin on a virtual computer and put the plugin on a closed server.

Finding a Nulled plugin
There is nothing easier than googling and downloading a Nulled plugin. You can’t think of it that crazy or they offer it. The latest releases and the most expensive plugins.

But.. don’t be fooled, no matter how reliable and professional the website looks: the plugins contain hacks!

It’s already hit the first download!

I scan the first Nulled plugin with VirusTotal. It hits immediately.

What you see on the screenshot below are the most rotten hacks: trojans & back doors.
Trojans work secretly in the background of your website without you realizing it.

The name is derived from the Trojan horse. (Those who don’t know that story, read the story here)

resultaat scan

Trojans, backdoors, malware..

When you activate the plugin, you set access to your server & WordPress fully open. The hackers or an automated script will receive a signal which website has now been hacked (available).
They can do absolutely anything they want:

  1. Modify payment details in WooCommerce to their own illegal bank account
  2. Store and forward usernames and passwords
  3. Show advertising
  4. Edit texts
  5. Forward visitors
  6. And much more..

But there’s server security, right?

You would say that the security of the server, of the web host, knows this!
But that’s not true. The server does scan files, but the trick is that the plugins fragment the code and execute it in certain orders. Only the plugin itself knows that order, so the server cannot or will not execute it to find out that it contains unwanted code.

In addition to the fragmentation, the code is also written in an unreadable language that can only be executed by the hack itself.
The result can also not be judged as being desirable or not, since PHP has many server rights.

Only the most obvious and common hacks are detected and written as “suspected”.

Hacks do have a habit of exploiting server power and running everything at full speed. When the hoster finds out, they will disable your hosting package until you solve the problem.

The hoster cannot be held responsible for hacks in your website. You rent the web space, and if you don’t manage it properly or get hacked for whatever reason, it’s up to you to fix it.

Since that is complicated, do you need help or have your website repaired by professionals.

We dig deeper into the plugin

We have wandered off for a while, but we dig deeper into the plugin to see where those trojans and backdoors are.
Can we find them?

Looking for fragmented and encrypted code
Often server commands are encoded in Base64 and then executed with Eval. That’s the first thing we look for.
We see some lines of code appear (notepad++ Find in files).
But those lines of code look innocent.

Notable files
One technique we use when recovering a hacked website is to simply look for salient files.
Strange file names or php files that don’t belong in certain folders (like the css folder) often betray the malware/hacks.

We exclude a folder with css, a folder with images and a folder with txts.
But not so fast, the images are sometimes made executable!! (We don’t see any php extensions in the images and so continue)

Exclude files
We have excluded several files, and decide to scan the remaining files again.

It is striking that 2 of the 12 antivirus services do not realize that it concerns the previously tested malware after changing the name.

In short, they determine that a plugin is fake and only remember the name without scanning the content more often.
That is also one of the reasons why hacks/viruses can go on for so long, when minor changes in code or order of execution are made, they are unrecognizable by various antivirus services.

A few folders deep
Many hacks are a few folders deep, so they are less likely to be found. Somewhere between the “images” the “uploads/2015/etc” or “includes/colors/etc”
Not in this case, the trojans put them directly in the “core” files of the security plugin.

Found!

In the end we found the hacks, the code was neatly written.
It has been well thought out, several alternative methods have been used to open your website to the rest of the world (and especially to the hackers themselves).

Of course we do not show the code.

Conclusion

Nulled plugins still contain trojans. In these types of hacks, the code is neatly concealed with formatting so that it is indistinguishable from the regular code.

We will be doing more tests soon, such as:

  1. Is the antivirus plugin aware that it itself contains a hack/virus?
  2. Can other antivirus plugins find the hack in this plugin?

Stay informed of the latest messages via Linked-in, or via our news page!

Side note 1: hackers

And it should be clear that hackers and their criminal activities are not appreciated.
A hacker’s romance as you see it in movies is not how it goes in reality.

A hacker is someone who harms others for their own profit.
It frustrates the website owners, it frustrates the web hosting, and ultimately it costs money and time.

Side note 2: Illegal downloads

Well, if you choose to download something illegally yourself… you are actually just like the hackers.
You’re trying to take advantage of a plugin or theme without giving its creator their hard earned money.
We’ve all downloaded something from the internet, right?

But at least now you know what NOT to download illegally from the Internet.

Ps: we buy software that we work with neatly. Even if it’s just to avoid problems 😉
Safety above all!