Wat is Country Blocking?

/0 Comments/in

Country Blocking allows you to block visitors from certain countries. Those countries can then not visit your website.

[Press server]99% of all visits from abroad are from bots, these are not real visitors… it costs the server a lot of capacity to process the requests from bots. That’s why I recommend blocking large countries, provided you are sure you don’t have customers or visitors sitting there of course.[close-press-server].

When do you use Country blocking?

If your target audience, i.e. your potential customers are all from the Netherlands, it is advisable to block other countries.

Example: Someone from India or Russia will not become a customer just like that. But the number of hackers and bots harassing your website or testing for WordPress leaks is huge in those big countries.

Technical: How does the Country blocker work?

The Country blocker works with a database of IP descendants equivalent to a country. When the visitor meets a certain IP address, he will receive a notification that the website is not accessible, or if you have set up a redirect, the visitor will be redirected.
Because the database of IP addresses must be updated regularly (dynamically) this will not be done via the Htacces but will be processed by the relevant security plugin (wordfence) when your website is requested.

What is the disadvantage of Country blocking?

  • If your target audience or one of your customers is located in one of the blocked countries, they will not be able to reach your website.
  • Country Blocking works based on the IP address of a visitor/attacker, many individuals use a VPN – Proxy allowing them to trick security by pretending to be from another country.
  • Some services (Crawlers, Cloud services, Backup & monitoring tools) run on servers in other countries. Therefore, those cannot access your website for good purposes.

Which security plugin offers Country Blocking?

  • WordFence
  • iThemes Security

My experience with Country Blocking

I have only used Country blocking 3 times in the past 10 years. That was because a certain hacker group had set its sights on a customer’s webshop. It was necessary to block that country and several surrounding countries. This was necessary not only to stop them but especially to stop the auto-bots that were flooding the server with requests.

Customize styling through WordPress’ CSS Customizer

/0 Comments/in , ,

What is WordPress’ CSS customizer?

The CSS customizer allows you to add CSS to your website.

What on earth is CSS!

CSS, Cascading Style Sheet … that name doesn’t really make it clear.
STYLING!

With HTML elements you display data in your website, and with CSS you style those elements.

So you want to make changes to the style of your website? Then you write a piece of CSS.

Why would I do that with the CSS Customizer?

The Customizer has color-coding that makes it easier to see if your code is written correctly. The Customizer also provides a LIVE preview view where you can see the changes immediately, so you can pre-view it before you Publish it.
You can instantly see if your CSS styling code is working!

The screenshot below shows a piece of CSS written in the Customizer.
You can see here the ID, Class and an H2 title element that I made red with the CSS for example.

customizer

Wanneer gebruik je de CSS Customizer van WordPress?

  1. Als je de vormgeving van je website snel wilt aanpassen
  2. Als je huidige thema geen beheerpaneel heeft waar je styling kunt aanpassen
  3. Als je geen Child thema wilt aanmaken
  4. Als je geen toegang hebt tot de styling & Serverbestanden

Let op!

When do you use WordPress’ CSS Customizer?

  1. If you want to quickly change the styling of your website
  2. If your current theme does not have an admin panel where you can customize styling
  3. If you do not want to create a Child theme
  4. If you do not have access to the styling & Server files

Notice!

To use WordPress’ CSS Customizer, it is important that you have experience with CSS.
CSS is the code language used to define the design, color and dimensions of a website.

The CSS you write in the Customizer will be loaded inline at the top of your website’s code. As a result, this CSS overrides the styling used by your theme.

You can also kill your website graphically with it, in which case it’s just a matter of deleting the written CSS, but keep in mind.

The benefits of the CSS Customizer

  • You immediately see what changes on the frontend of your website
  • The styling remains, even with theme updates
  • You don’t need to have server access or a code editor
  • The CSS code has clear code formatting in color
  • You can switch views: desktop, tablet and smartphone format
  • HTML styling with CSS in practice

I can see you thinking: HOW do I know WHAT to style!

In order to customize the HTML elements of your website with CSS, you obviously need to know what the elements are called. After all, you grab them by ID or CLASS name.

Therefore, open your website using an Element Inspector.
Most browsers (chrome, Firefox and more) have that option, you right-click on a particular part of your website and then choose Inspect Element – Sometimes you have to repeat this 2x to get a particular element.

Tip: You can of course open the Element Inspector in a different tab, or preferably on a different monitor because then you simply see more. After all, you only want to know the name of an element.

The screenshot below shows the CSS Customizer and the Element Inspector open on the far right.

element-inspector

Okay, you now know that there is a CSS Customizer in WordPress. You know that you can put CSS in there that you can use to customize the design of your website.

Now to write the CSS!
By now, of course, every programmer has long clicked away from this article and is happily adding CSS.

But I can’t write CSS!

Are you an enthusiastic website owner who has no idea how to write CSS?
Then you can commission us to modify a certain element with CSS. In fact, we write CSS as easily as the ABC.

Click here to put us to work*.
* please note, sometimes we are busy so we cannot provide the service. Security and recovery of hacked WordPress websites is our priority.

I want to learn how to write CSS

You can do that at w3schools.com
Currently there are free classes to learn CSS. (In english)
Click here to learn how to write CSS.

Saving changes in the CSS Customizer

Only when you click “Publish” – is the CSS saved in your website and displayed for new visitors! So don’t forget to press that button after writing CSS.

opslaan

What is a WordPress theme?

/0 Comments/in

A WordPress theme contains all the elements that are important for displaying texts, pages, posts and more.
Both the display of the elements and the design (color, size) are all controlled by the theme.

Is every WordPress theme the same?

Basically, every WordPress theme has a standard number of templates, basic design and various functions.
The colors, dimensions may differ, of course.

Free themes versus paid “premium” themes

There are free themes and the so-called paid “Premium” themes that offer more features or formatting for such things as portfolio pages, contact forms and more.

How do you get a WordPress theme?

WordPress offers a good number of approved themes that you can use for free. In addition, there are several themes for sale on the Internet, these often have additional elements that add value and thus can be sold for a certain amount of money.

Is a free theme worse than a paid theme?

No, the themes available for free on WordPress.org are very good. They are well structured and created by several good programmers.

What about the SEO?

The structure of themes is clear, 95% of all themes are suitable for Google.

How do I choose another theme?

If you are logged into your website, you can go to the “Appearance > themes” tab to choose new themes. (English: appearance > themes)

Pro Tip:

Once you’ve found a theme, delete the ones you’ve tried but aren’t going to use again. This is important so that the themes (especially the outdated ones) are not approachable by hackers.

Hiding the login page – iThemes Security

/0 Comments/in ,

By default, the WordPress login page is found on the “admin” page. That’s with every standard WordPress website worldwide. Every hacker and hackbot knows that … they can easily make attempts to log in through your login page that way.

It’s important to hide the default login page

Why you should hide the login page:

  1. Even if you have a great password that makes logging in “impossible” you will suffer if attempts are made to log in through that well-known login page. This is because mainly scripts use that page to fire thousands of attempts at it. They call it brute force attacks.
    Brute force attacks make your website slower! These are requests that are processed by your website, and behind it by the server, at the expense of loading speed for real visitors.
  2. Not everyone needs to know that your website is made with WordPress right?
    (I know, in the source code you can see it too but not everyone looks there)
  3. It says something about your website, for example I quickly know if a website is well secured or not when I visit the default login page. And hackers know that too.
    And if I find admin as a username there too… sigh! – But that’s something for another article ;)So the key is to make the login page inaccessible to the world!

[press-server]There are websites where the login page gets 5,000 “visitors” every day, spread over 24 hours… the IP addresses change constantly so the server will not block all the attacks. Even if it comes at the cost of server capacity. Hiding the login page is an important step against unwanted “visitors” (bots & scripts)[close-press-server].

iThemes Security has the ability to hide your login page

Ironically, that feature is also kind of hidden! In fact, you won’t encounter it during the default installation.
You can find this setting at Advanced > Hide backend.

There you can move the login page to a page with a unique name.

admin verbergen ithemes security

Remember that new page name well! That way you can always login to your website.

Also keep in mind that the regular login page is inaccessible from now on (until you are logged in), if you keep looking for it anyway the security plug-in may temporarily block your account.
Therefore, please also give the new admin address to administrators who regularly login to your website.

Cyber-attacks on your website, where do they come from? What is the target?

/0 Comments/in

Did you know that many WordPress websites are visited 3000x a day by bots? Where do these bots come from? And what is their purpose?

The guys at WordFence (source in English) see millions of attacks on websites come by, that’s because their security plug-in collects those from thousands of websites to keep the Firewall and protection of WordPress websites optimal.

This month they shared the top 5 countries where the most attacks on WordPress have come from in the past month.

  1. Australia
  2. Germany
  3. United States
  4. Ukraine
  5. Finland

These are currently not the standard countries where most cyber attacks used to come from, which was often China or Russia.

What does this say about the countries themselves? Not necessarily that more cyber criminals live here.

The number of cyber-attacks from a particular country depends on several factors

Consider:

  • Availability of servers.
    Attacks are done via servers, where the most powerful servers are located more can be achieved
  • The IP statuses of a country
    Good status is more reach
  • Unemployment
    More time and need for new (unfortunately illegal) income
  • The state of security
    A leak in certain software can provide access to many criminals
  • And sometimes a political situation
    Like a country where there is war, that is not only fought with weapons these days

What is THE PURPOSE of cyber-attacks?

Currently, WordFence reports that:

the (hackers, criminals) of the top five countries are all trying to access websites

Once you have access to the websites, a criminal can:

  • Share information with the world
  • Steal information
  • Make money from advertising, spam & black hat SEO
  • Make money selling access data
  • Make money using complex scamming methods based on the stolen information

Then, of course, the question: do cybercriminals just manage to not only attack a website but actually gain access to it?

Yes, there is always a percentage of the millions of websites that have a leak at the time an attack is made.

The attacks go on day-and-night, 24/7.
The moment your website contains a leak, a specific payload (script/set of code) will be unleashed on your website that will allow a cybercriminal to access your website.

For that reason, to the incessant flow of attacks it is necessary to use and otherwise install a good security plugin in your WordPress website.

This can be the free security plugin from WordFence, or the paid premium version offered by WordFence.

You can also use iThemes, which has a security plugin specifically for WordPress. Also a free version and a paid pro/premium version.

Want to make sure your website is up-to-date? Secure? Then let us secure your WordPress website. We have packages for small WordPress websites, WooCommerce webshops and for large WordPress websites!

Are attacks on WordPress websites a thing of the past?

/0 Comments/in

Every WordPress website is hosted by a web hosting company, a company with several server security specialists. Large web hosts employ IT professionals with 30-50 years of cybersecurity experience.

Many people with a WordPress website therefore assume that it is within the capabilities – and even responsibilities – of the web hoster to keep the website hack & malware free.

After all, the attacks are done on the website towards the server right? And malware + hacks eventually end up on the hoster’s server. Right?

In the video below (english), Mark Maunder, the Founder & CEO of WordFence – 1 of the largest WordPress antivirus services – explains that because of connection encryption (TLS), it is hardly possible for hosting companies to identify and/or directly stop attacks. Only the elaboration can be identified. But in many cases that is already too late.

ance attacks are constantly changing & the elaboration (payload, hack, malware) are constantly changing & there is still a piece of customer privacy and self-determination over the website & the server is made for performing tasks and not blocking… it is not feasible for web hosts to recognize, block, and remove all malware.

For that reason, as a WordPress security specialist, I still have work to do 😉

But WordFence has now launched an interesting service.

WordFence Intelligence

WordFence’s security experts see millions of attacks, and their effects, through the WordFence plugin.

Based on that information, they can fairly quickly determine which hacks & IP addresses come from hacked or rogue servers. They are going to make that information of those addresses and hacks available to web hosts via a WordFence Intelligence API.

Will that be a solution that will prevent all attacks and malware on web hosts’ servers in the future?

There will always be a 30-60 minute “wait time” between attacks, their processing and blacklisting/information.

So 100% protection cannot be provided by this tool for web hosting companies either, but it can address the biggest dangers. It can stop thousands of Web sites from being attacked!

And better yet, that thousands of requests on the server via changing ip’s are blocked faster which benefits server capacity and reduces power costs.

So a good development!

But who knows, maybe we will gradually move toward a time when massive attacks on millions of websites will become a thing of the past.

Until then, as a website owner, make sure that your website is at least protected with an antivirus plug-in with firewall, or better yet, have your website protected!

Shared webhosting

/0 Comments/in

Actually every hosting package is shared, renting a server quickly costs hundreds of euros per month and nobody wants to spend that.

So what does the web hoster do? It cuts the server capacity into parts.

Important to realize with Shared web hosting

The number of websites you share the server with can impact the loading speed of your website. With the cheapest hosting packages, you may be sharing a server with 100-250 other websites!

Het risico van een Shared server

  1. Als 1 van die websites in een “loop” beland – het oneindig herhalen van een servercommando kan de server traag worden waardoor de laadtijd van je website zomaar omhoog schiet naar 10-15 seconden. Een loop wordt niet altijd even snel ontdekt en kan weken doorgaan.
  2. Als een website op de server aangevallen wordt met een DDOS aanval kan jouw website onbereikbaar worden. Dit is meestal met 1, maximaal 2 dagen opgelost doordat de webhost de aangevallen website offline haalt of verhuisd van server.
  3. Als websites campagnes starten, advertising kan dat zorgen voor bezoekerspieken waardoor je website tijdelijk traag wordt. Dit kan meerdere keren per maand/jaar voor blijven komen.
  4. Als een website door malware geïnfecteerd raakt kan die gaan spammen, dat betekent dat er honderden e-mails vanaf de server verzonden wordt waardoor de server na enkele dagen tot een week op de blokkade-lijsten komt te staan van veel internetdiensten zoals internet-providers, e-maildiensten. Daardoor word e-mail van jouw website ook geblokkeerd!

The Risk of a Shared Server

  1. If one of those websites ends up in a “loop” – the infinite repetition of a server command, the server can become slow, causing the loading time of your website to skyrocket to 10-15 seconds. A loop is not always detected quickly and can go on for weeks.
  2. If a website on the server is attacked with a DDOS attack, your website can become unreachable. This is usually resolved with 1, maximum 2 days as the web host takes the attacked website offline or moves it from server.
  3. When websites launch campaigns, advertising can cause visitor spikes that temporarily slow down your website. This can continue to occur several times per month/year.
  4. If a website gets infected by malware, it can start spamming, which means that hundreds of e-mails are sent from the server, causing the server to end up on the blocking lists of many Internet services such as Internet service providers, e-mail services after a few days to a week. As a result, email from your website will also be blocked!

The consideration, shared hosting package or not?

keuze hostingpakket kosten

Small informative website

If you have a small informative website such a Loop or DDOS attack will not make much difference, the web hoster usually makes sure that the server is up and running again within 4-48 hours and your website will be accessible again.

The Shared hosting packages you often have already for 3-10 euros per month, which are often called “Basic, Standard or Starter”. They usually host many other websites.

Webshop

If you have a webshop with many visitors, it is best to choose a hosting package with fewer other websites.

For a webshop package you pay between 25-50 euros per month. Such a package is called a Webshop, Business or Premium package.

Large corporate website or high-traffic website

And if you really want to be sure that you are not bothered by other websites, for example if you have a high-traffic website with thousands of visitors, then take a Dedicated package. Then you have an allocated server capacity that is separate from other packages.

For a DDS, which you can best get Managed, you quickly pay 55-150 euros per month.

Summary: don’t choose the cheapest hosting package of 1-2 euros per month when your website is an important source of income for you that you can’t miss for a day and take a package higher when you have a webshop.

 

NOTE: Often you will see a package that does not cost 10-50 euros per month but only 1-5 euros per month. This is often only for the first few months!!! After that you start paying full price. So pay attention to that before you buy a 50+ euro package that you have to start paying monthly.

What is spam

/0 Comments/in

Spam is unwanted email that often has a commercial background, such as advertising products or services.

What makes an email spam is that you receive it without having signed up for the advertisement.

How does a “spammer” get your email address?

They are obtained by computers using scripts (also called BOTS) from websites that can be found on Google.

Place a contact form

It is advisable to use Contact form 7. With Contact form 7 you can place a contact form on your website.
The customer can send you a message that appears in your mailbox, without revealing your email address on the website.

Legislation on spam

It is legally required to provide recipients of advertising with the option to unsubscribe.
Therefore, you often find a link at the bottom of the email, in very small letters: unsubscribe here.

Be careful when unsubscribing, as they may use tricks.
Read carefully what it says, otherwise you may click on a sentence like:
Do you not want to receive email from third parties but do want to receive email from us? Click here…

Then you’re still stuck with it!

What WPbeveiligen does against spam

Of course, we are actively involved in making websites hack-free. Websites are often hacked to send spam!

We also offer hosting with the necessary spam filters so that you receive less spam.
We also have various manual options to prevent spam, such as setting filters based on domain name, email address, specific words, and more!

 

25 reasons to use WordPress for your corporate website

/0 Comments/in

 

  1. WordPress is open source, free to use
    As they themselves have stated on their website for over 10 years, ”WordPress is free and always will be”.
  2. 95% of all web hosts support WordPress
    WordPress runs on PHP and MySql
  3. The installation is easy
    At many web hosts, it takes just a few clicks without you having to worry about files and the database
  4. WordPress allows themes as well as templates
    With thousands of free themes and temaplate options, your website can take any form you can think of
  5. WordPress is search engine friendly by default
    The structure of pages is well picked up by Google
  6. There are numerous formatting options for texts
    Whether you want to use titles, bold, quotes or video from YouTube, it is all possible without difficult html codes or embed codes.
  7. You can switch between the visual editor and html editor
    Although the visual text editor gives you many possibilities, you can still quickly switch to html view to insert html codes
  8. You can divide news items into topics and post types
    So you can add a pre-set layout
  9. WordPress is available in more than 100 languages
    Since 2022 you can choose which language you want to manage your website in at the login screen so you can start working in your own language right away
  10. With plugins you can easily add features to your website
    There is a plugin database with more than 55,000 free plugins available
  11. WordPress has a support forum
    This forum is maintained by members and various administrators, here you can personally get answers to your questions about WordPress codes, using WordPress, Plugins and themes
  12. WordPress is currently the most widely used website system
    WordPress is used by millions of large companies, news blogs, for web shops (WooCommerce) and startups
  13. WordPress is used by millions of programmers and website builders
    Right now in every city you have website agencies working with WordPress so you always have someone to manage, modify or improve your website
  14. WordPress will be 20 years old next year (2023)
    WordPress is one of the longest running systems with the most support over the years, Matt Mullenweg and his team have been managing WordPress for years with great success
  15. Security updates come out annually and sometimes even monthly that address the latest security threatsMatt Mullenweg and his team use their experience as well as the community (thousands of dedicated specialists) to release security updates to keep WordPress secure
  16. There are hundreds of Filters and Actions pre-programmed
    Those Filters and Actions allow you to create new features (plugins) without having to write hundreds of lines of code each time
  17. WordPress has a built-in comment system
    There is a standard form under each blog post or news item for visitors to leave a comment (you can also disable this)
  18. WordPress is a light and fast system
    WordPress is a well-optimized system that displays pages to visitors and Google within 1-3 seconds
    (The use of plugins or a web hoster with problems sometimes make WordPress slow, avoid this by being careful with the plugins that are installed)
  19. WordPress makes images web-friendly
    If you upload images from a high quality camera or phone they are much too large for internet use, that’s why WordPress instantly creates a few sizes you can choose from after uploading
  20. WordPress also has a webshop module
    With WooCommerce you can easily create a webshop that integrates with the style, navigation and shape of your website
  21. WordPress is user friendly
    There is also sufficient documentation for starters, so WordPress can be used not only by specialists but also by beginners
  22. WordPress has links with many large companies
    Many large companies – Bol, Amazon, accounting systems, planning software – have created plugins for WordPress that allow you to easily link your website to their services
  23. WordPress can be used on phones and tablets
    There are apps available that make it easier to manage WordPress on smartphones and tablets
  24. WordPress has export possibilities
    Data from your website can be exported in various ways, useful if you want to load the data into another program
  25. Logging in and managing your website is easy
    With the latest module from iThemes Security you can even login with face-id, or with an email link. This way you no longer have to remember passwords and you can easily manage the website from anywhere