Why you should not download illegal plugins or themes

/0 Comments/in

Everyone knows that there’s often a catch behind things that are offered for free, and the same applies to Nulled websites that provide free plugins and themes – they can be included in the list of scams.

These websites offer paid scripts that have been hacked and no longer require a license. It might seem tempting, especially if you want to test a paid script before purchasing it.

However, I strongly advise against downloading plugins and themes from illegal websites. These scripts not only contain simple pieces of extra code that can expose your website to hackers but also include sophisticated code that puts the entire server at risk.

The scripts are designed to execute a function for every visitor but remain dormant when you’re logged in, making them difficult to detect with security plugins like WordFence.

In summary, choosing cheap or free options can ultimately lead to costly consequences and invite troubles.

Download the whitepaper here for more detailed information.

Using WordPress plugins wisely

/0 Comments/in

WordPress for Businesses: Pros and Cons

When setting up a business website, you have various options. You can choose to hire a programmer-designer to develop a website with management capabilities, or you can opt for a WordPress website.
WordPress is currently the most popular Content Management System, and more and more entrepreneurs are choosing WordPress for their business websites. But what are the pros and cons of using WordPress for businesses? Read more about this in the following article.

The Advantages of WordPress for Businesses

There are several advantages to using a WordPress website for businesses. As a business owner, you can benefit from the following advantages:

  1. WordPress is user-friendly. Both beginners and experienced users can work with WordPress and develop stunning websites with this CMS.
  2. WordPress is constantly evolving. On average, there are eight updates per year for WordPress, which means the CMS is continuously refreshed and improved.
  3. WordPress offers numerous functionalities. There are over 40,000 plugins for WordPress, providing users with endless possibilities to style and customize their websites.
  4. WordPress pays great attention to search engine optimization. The technology behind WordPress for businesses offers many options for search engine optimization, enabling your website to be well-ranked in Google.
  5. WordPress is cost-effective because all the development work is already done. It is open-source. You don’t have to pay for the development of the system behind your website; you only need to pay for designing your WordPress website or even do it yourself for free.

As you can see, WordPress for businesses offers various advantages. It is no wonder that WordPress is the most popular CMS currently, and the number of users continues to grow. WordPress is a user-friendly and affordable system that is continually updated, offering many functionalities while considering search engine optimization.

The Disadvantages of WordPress for Businesses

Unfortunately, there are also some downsides to using WordPress for businesses. The most significant disadvantage is the fact that WordPress is not always secure. This is attributed to three factors:

  1. WordPress has an open-source code, meaning anyone can view the code behind WordPress. Unfortunately, some people use this information for malicious purposes, leading to inadequate security of WordPress.
  2. WordPress offers many functionalities in the form of plugins, but these plugins are not always secure. Many plugins are infected with viruses, or certain plugins make it easier for hackers to gain access to your WordPress website.
  3. While WordPress provides features to enhance website security, many users do not know how to use them properly. Since WordPress does not assist you in securing your website, you may need to rely on professionals like WPbeveiligen to secure your website properly. As a result, many WordPress websites are vulnerable to hackers and attacks.

Besides security reasons, using too many plugins can also impact the SEO and speed of your website negatively. Plugins add extra code to your website, and on average, they come with 300-400% additional code to make management easier for end-users. For a fast website with many functionalities, using the functions.php file of your theme or creating custom templates may be a better option.

This ensures that your website remains unique, less susceptible to hacking, and maintains good speed.

For individuals with expertise in setting up templates, unique layouts, and functions, OntwerpExpert can be of great help.

Conclusion

Using WordPress has various advantages. It is user-friendly, regularly updated and improved, offers thousands of functionalities through plugins, and considers search engine optimization. The only major disadvantage is that WordPress is not always secure. To avoid encountering viruses and hackers as a WordPress user, you must take certain actions or have your WordPress website properly secured. Since many users do not know what actions to take, they often face viruses and/or hackers.

Still uncertain about WordPress? Click here to compare!

WordPress for business: the advantages and disadvantages

/0 Comments/in

**WordPress for Businesses: Pros and Cons**

When setting up a business website, you have various options. You can choose to hire a programmer-designer to develop a website with management capabilities, or you can opt for a WordPress website.

WordPress is currently the most popular Content Management System, and more and more entrepreneurs are choosing WordPress for their business websites. But what are the specific pros and cons of using WordPress for business websites? Let’s explore this topic in this article.

**Advantages of WordPress for Businesses**

There are several advantages of using WordPress for business websites. As an entrepreneur, you can benefit from the following advantages of WordPress:

1. **User-Friendly**: WordPress is easy to use, making it accessible to both beginners and experienced users. It allows users to develop beautiful websites using the CMS.

2. **Continuous Development**: WordPress is continuously evolving, with an average of eight updates per year. These updates ensure that the CMS remains up-to-date and improved.

3. **Wide Range of Functionalities**: WordPress offers over 40,000 plugins, providing users with endless possibilities to style and customize their websites as they wish.

4. **Search Engine Optimization (SEO)**: The technology behind WordPress is designed to offer many possibilities for search engine optimization, allowing your website to rank well on Google.

5. **Cost-Effective**: WordPress is open-source, and its development work is already done. You only need to pay for website design or even nothing if you decide to do it yourself.

As you can see, WordPress for businesses has several advantages. It’s not surprising that WordPress is currently the most popular CMS, with its user-friendly and cost-effective system continuously evolving and offering a wide range of functionalities while being SEO-friendly.

**Disadvantages of WordPress for Businesses**

Unfortunately, there are some disadvantages associated with using WordPress for businesses, with the primary concern being security. This is due to three factors:

1. **Open-Source Code**: WordPress has open-source code, meaning anyone can access it. Unfortunately, some people use this information for malicious purposes, making WordPress security less reliable.

2. **Vulnerable Plugins**: While plugins add functionality, they can also be a security risk. Many plugins are infected with viruses or provide easy access to hackers.

3. **Lack of Knowledge**: WordPress provides features to improve website security, but many users are unaware of how to implement them effectively. This lack of knowledge leaves many WordPress websites vulnerable to attacks by hackers.

To reduce vulnerability to viruses and hacking, users need to take active steps to enhance their WordPress website’s security. Unfortunately, many users are unaware of the necessary actions, leading to frequent encounters with viruses and hackers. This is the most significant disadvantage of using WordPress for businesses.

**Conclusion**

Using WordPress offers several benefits, including its user-friendliness, continuous development, vast functionalities through plugins, SEO features, and cost-effectiveness. The only major drawback of WordPress is its vulnerability to security breaches. To avoid encountering viruses and hackers, users need to take certain actions or ensure their WordPress websites are adequately secured. As many users lack the knowledge to implement security measures, they often face issues with viruses and hackers.

If you are still uncertain about WordPress, you can click here to compare your options!

WordPress plugins

/0 Comments/in

**WordPress Plugins and Security: How to Improve Your WordPress Security**

Many people see the thousands of plugins available for WordPress as a significant advantage of this popular CMS. However, when it comes to the security of the CMS, these WordPress plugins can also pose a problem. In this article, you will learn more about the security of WordPress concerning plugins. You will discover how WordPress plugins can cause issues, how to prevent problems with them, and how to enhance the security of your website using specific security plugins for WordPress.

**Why are some plugins bad for WordPress security?**

WordPress offers approximately 35,000+ different plugins. Unlike the technology and system behind WordPress, these thousands of plugins are not thoroughly audited and checked by WordPress for security. As a result, you might install a WordPress plugin that doesn’t improve or enhance your website but instead causes security problems. A plugin could contain a virus (hack file/backdoor), or it might expose your website to attacks by hackers due to specific vulnerabilities in the plugin. In the following sections, you will learn how to prevent these issues and how to improve your WordPress security using certain plugins.

**How do I prevent problems with WordPress plugins?**

As WordPress does not thoroughly check the security and reliability of the thousands of CMS plugins, it becomes your responsibility as a WordPress user to do so yourself or have it done by WPbeveiligen. Before installing a plugin for your WordPress website, there are several factors to consider to ensure you do not jeopardize your website’s security. These include:
1. **Plugin Rating**: If a plugin has been highly rated with four or five stars, it indicates that other users are satisfied with the plugin and that it is likely not harmful.
2. **Plugin Version**: Plugins with a detailed version number, such as 3.8.7.6.2, are more likely to have been updated and improved multiple times.
3. **Last Updated Date**: If a plugin has been updated recently, it means that the developers have made improvements compared to several months ago.
4. **Plugin Description**: A well-described and clear plugin is more reliable than one with no description or a brief description.
5. **Installation Description**: A clear and well-crafted installation description shows that the plugin developers have paid attention to details, making it more trustworthy.

By checking plugins based on the above points before installing them, you gain more control over the security of your WordPress website. There have been many cases where users installed a certain plugin and ended up having to rebuild their entire website, so ensure you do not face such problems by always verifying these factors for better WordPress security.

**Which plugins can I install to enhance WordPress security?**

While plugins can pose a danger to your WordPress website, there are also plugins available that can improve its security. These plugins include iThemes Security, Wordfence Security, and BulletProof Security. These security plugins not only provide you with the means to enhance your WordPress security but also guide you on how to do it best and, in some cases, even create backups of your website. It is highly recommended to install one of these plugins to improve the security of your WordPress website. In combination with the above tips to download only the right plugins, this is the best way to enhance WordPress security by making smart use of WordPress plugins.

WPbeveiligen dedicates itself weekly to securing websites, which gives them extensive knowledge about the workings and security of numerous plugins. WPbeveiligen also knows which security plugin is currently the most effective.

For peace of mind and assurance, entrust the security of your WordPress website to Mathieu from WPbeveiligen.

10-20 plugins leak every month

/0 Comments/in

Every month, 10-20 plugins are found to have vulnerabilities. By “vulnerabilities,” we mean that hackers and hack scripts can exploit the plugins to gain access to your server or WordPress site.

Even this month, Akismet, Jetpack, and Ninja Forms have been added to the official list of vulnerabilities on WPScan.

Interestingly, Akismet was developed to combat comment spam!

However, this doesn’t mean that these plugins should be immediately removed; they are undoubtedly being updated by the developers.
Make sure you have a newer version of the plugin.

What can you do about it?

It’s not practical to check the plugin list every day to see if the plugins you use might have vulnerabilities.

Here are some steps you can take:

  1. Minimize the number of plugins you use.
  2. Keep your plugins updated.
  3. Install a security plugin.

You should take these steps before your website gets hacked.

Updating a plugin via the WordPress updater doesn’t guarantee that previously vulnerable plugins are immediately virus-free.

If your website is already sending spam due to a vulnerable plugin

You’ll need to check the entire WordPress website on the server for spam files. These files are often placed in various locations as a virus.

Get your WordPress website restored and secured if you suspect it has been hacked or is sending spam!

FTP through the admin, it can be done!

/0 Comments/in

Every now and then, you come across those exceptional plugins that make your life a little bit easier.

One such plugin is CYSTEME Finder Download the plugin (zip file).

The plugin is called “CYSTEME Finder, a file explorer,” and it’s a neat plugin that allows you to take a peek at the server without needing an FTP program like Filezilla.

View Files on the Server
file editor

Copy, Move, and Delete Files

You can not only view the files but also, just like in a regular FTP program, modify, copy, and delete them.

file-server-wordpress

Modify Files

In WordPress, you can typically only access the theme and plugins to modify them, but with this plugin, you can even edit your WordPress core files.

This is useful if you want to remove backdoors!

modify files via admin

 

Safety

Be cautious! The plugin can do a lot, but it is NOT recommended to keep it on the server by default.

Install and use the plugin when you need it, but do not give hackers and hack scripts the opportunity to use it or an outdated version to fill your server with files!

This applies to any plugin you use infrequently or once—remove it after use. Even if the plugin is not activated, it is still accessible on the server and thus vulnerable to hackers!

Using Contact Form 7

/0 Comments/in

What is Contact Form 7?

Contact Form 7 is a plugin for WordPress that allows you to create contact forms in various languages. You can create multiple contact forms per website and customize them with different fields. In addition to text fields, you can use date fields, dropdowns, acceptance checkboxes, radio buttons, and more.

How to use Contact Form 7?

First, download the Contact Form 7 plugin through your admin > plugins > new plugin.

After installing and activating Contact Form 7, you will see a new menu item called “Contact.”

Select “Add New”.

new contact form

Next, you can add a new contact form in the language of your choice. Let’s choose the default language, which is Dutch.

ScreenHunter_56 Jun. 02 21.12

After selecting the language, you will see buttons to generate new shortcodes for fields, dropdowns, radio buttons, etc.

contact form 7 new fields

This is the power of Contact Form 7. You can add new fields and create a wide variety of forms, from standard contact forms to forms allowing visitors to sign up or complete registrations based on different questions and options.

Shortcodes: Technical yet flexible

Contact Form 7 generates a form that looks a bit technical using the buttons. Despite the initial learning curve, it offers many possibilities.

shortcodes-contact-form-7

Explanation: On the left, you see the field label, such as “Your Name.” Below that is the shortcode [text * your-name]. “Text” indicates the type of field, in this case, a standard text field. You’ll also notice a * which indicates whether the field must be filled out. If left empty, the form will not be submitted, and a red line will appear around the field with an instruction to fill it out.

You can change the field layout; they are currently displayed in paragraphs, but you can place them in divs side by side, etc. The order does not affect the functionality of the form.

contact form

In the image above, you can see how such a field/shortcode is generated. (Please note, this has changed in the latest updates! You will still see the code that needs to go into the email, but it is less noticeable as it is no longer displayed prominently in the green box.)

You can set a default value, for example, @ or http://. This value will already be in the field, and users can add to or delete it. Clicking on the placeholder ensures that only a sample text is displayed, which disappears when the field is selected.

Formatting and information in the email

Every shortcode you add to the form must also appear in the “Mail” tab.

Only then will the information be included in the email sent. As shown in the image below, you can set the sending address, the email title, and use simple [text-1] shortcodes to display the information in the email in the desired order.

contact form 7 mail settings

Additional features for added convenience

There are some functions that make Contact Form 7 even more practical. One of them is the Mail “2” function, located towards the bottom in the settings. When you check this option, you can compose an email that is sent as a copy to the form submitter, for example.

additional mail

The security of Contact Form 7

One of the most important questions is, of course, how secure is Contact Form 7? When you see all the input fields, you might think of a possible XSS problem, an injection, as a programmer.

From our experience, we can say that Contact Form 7 is a good and stable plugin.

We have been using Contact Form 7 for various websites for over 5 years and have never encountered any issues with its functionality or security!

The plugin is regularly updated and has a solid foundation. We often use Contact Form 7 for clients when their current contact form sends spam, which can occur with contact forms included with a theme or poor-quality contact form plugins.

What if I want to use a plugin or theme that is leaky?

/0 Comments/in ,

You have just created a beautiful website with a nice theme and various plugins, and then your website gets hacked!

That’s incredibly frustrating! It has happened to us dozens of times too, even with all the knowledge we have.

What if it turns out that your plugin or theme has a vulnerability, and the developers are not taking any action, even after being informed about it? Even when you’ve paid for the plugin or theme, the developers might not respond to your requests for fixing the vulnerability.

Why don’t developers take action?

Theme developers are not hackers or security experts; their main focus is often on making as much money as possible. This might sound harsh, but unfortunately, it’s the reality.

What can you do now?

You have two options:

  1. Replace the vulnerable theme or plugin with a new one.
  2. Ensure that the vulnerable plugin cannot cause any harm.

Executing Step 1

You remove the vulnerable plugin or theme from the server using an FTP program to ensure that the vulnerability is completely removed. Then, you look for a new theme or plugin and hope that it does not contain any of the 4000+ known vulnerabilities.

4000+ vulnerabilities? That doesn’t sound good!

Let’s put it into perspective:

There are 42,565 free plugins and approximately 30,000 paid plugins. Since 2003, there have been around 150+ WordPress releases, many of which were for security reasons.

The security within WordPress is well maintained, unlike some third-party plugins or themes.

There are countless free WordPress themes, and the number of premium themes is also extensive. WordPress itself is still free!

This wide availability of themes and plugins attracts both users and hackers from all around the world.

Executing Step 2

Unfortunately, this cannot be easily fixed with just one security plugin, as such plugins may not restrict file permissions on the server level to function correctly. In this case, you need to ensure that a vulnerability cannot make server-level changes.

You can do this by removing write permissions from certain folders so that the vulnerability cannot modify them.

What does a vulnerability in a plugin or theme do, actually?

Often, it does nothing until the person who knows the vulnerability starts giving it commands. This can be achieved through browser injections or input fields (XSS).

Conclusion

It’s ultimately your choice whether you completely replace the vulnerable plugin or theme, hoping that these extra efforts and costs will increase security, or if you “freeze” the website temporarily so that it continues to work as it does now.

A WordPress webshop with WooCommerce

/0 Comments/in ,

WooCommerce is indeed one of the most popular and widely used webshop plugins for WordPress, and it has gained its reputation for being a powerful and versatile solution for creating online stores. Here are some key points about WooCommerce:

What is WooCommerce?

WooCommerce is a webshop plugin for WordPress that is available for free. It allows users to turn their WordPress websites into fully functional online stores. Due to its popularity, there are numerous plugins available that further extend the functionalities of WooCommerce.

How to Install WooCommerce

You can find WooCommerce in the plugin database of WordPress, or you can download it from the official WooCommerce website. Installing WooCommerce is a straightforward process, but it requires proper configuration after installation.

Keeping WooCommerce Secure

While WooCommerce itself is a stable plugin for building webshops, it is essential to keep your WordPress website secure to prevent potential hacks. If your WordPress website gets hacked, a hacker can manipulate your WooCommerce webshop in various ways, such as stealing user information or adding their own products to your shop.

The downside of using free webshop software like WooCommerce is that anyone can download it and explore potential vulnerabilities to exploit or inject malicious code. Therefore, it is crucial to have robust security measures in place on your website.

A reliable security plugin, such as iThemes Security PRO, can help protect your website by blocking suspicious injections, blocking users or bots after a certain number of login attempts, preventing hacking attempts, hiding your WordPress admin panel, and keeping track of server activities.

WooCommerce and SSL

WooCommerce supports various Payment Gateways, which are payment methods that allow buyers to pay easily through your website using options like PayPal or iDeal. However, these payment gateways involve the transmission of critical customer data through your website to the bank.

To ensure that this sensitive information does not fall into the wrong hands, it is crucial to set up an SSL certificate. With an SSL certificate, your website will have an HTTPS link that securely encrypts the data before sending it over the internet. Even if intercepted by cybercriminals, the information remains encrypted and unreadable.

A Solid Start with WooCommerce

Before adding products and launching your webshop online, it is essential to set up WooCommerce securely. Just like you wouldn’t open a physical store without securing the backdoor, ensuring proper security measures for your online store is equally crucial.

By taking the necessary security precautions and using WooCommerce responsibly, you can have a solid foundation for building a successful and secure webshop on your WordPress website.

Delete comment spam in WordPress

/0 Comments/in

What is comment spam?

Comment spam is the term used for unwanted comments on your blog. These comments are usually unrelated to the topic and often contain links to products on other websites.

Delete all comment spam at once

All comments are stored in a database, and this plugin clears your entire comment table in the database with just one click.

Note: You will lose ALL comments at once.

Selectively remove spam comments without plugins

You can adjust the display of the number of comments in your admin panel. Click on “Screen Options” when you are in the comments section of your WordPress admin and set the number displayed to 50 or 100.

manage comments

Then you can select all messages (at once) and deselect the comments you want to keep. This depends on the ratio of spam to the number of messages you want to keep.

select all comments

Prevent comment spam via WordPress settings

WordPress has a settings page for comments where you can set a higher threshold for posting comments. For example, you can set to mark any comment with more than 1 link as spam or require users to register before commenting.

WordPress comment settings

Plugins to stop comment spam

There are several plugins that can help prevent comment spam, such as Akismet, which is already included with every WordPress installation.

iThemes Security PRO NL also has a good feature to effectively stop comment spam. The PRO version has a reCAPTCHA option, allowing you to add a captcha requirement to the comment form.

Additionally, you can use reCAPTCHA for new registrations and the login panel.

Important!

Never click on a link in a comment when you are logged in!

As an administrator, you have certain rights to make changes in WordPress, and hackers know that. There are JavaScript codes/links that execute certain actions in the background when clicked!

Solving comment spam, contact spam via phpMyAdmin

There is another way to remove spam using phpMyAdmin, which is very effective, and you can be selective for comments with different statuses.

First, make a backup of your database!!

Delete all approved comments:
 DELETE from wp_comments WHERE comment_approved = '1'
Delete all pending comments:
 DELETE from wp_comments WHERE comment_approved = '0'
Delete all marked as spam comments:
 DELETE from wp_comments WHERE comment_approved = 'spam'
Delete all comments in the trash:
 DELETE from wp_comments WHERE comment_approved = 'trash'

 

If you need assistance in solving spam problems, whether preventive or if your own website is sending spam, contact us.