Styling your page with CSS

/0 Comments/in

Quickly design some elements with CSS in your page or post, you can do it with this plugin!

You download the postpage specific custom css plugin and install it. Then on every page and post you will see a box where you can throw in CSS. How easy is that!

The advantages of this method/plugin:

  • The code only appears on 1 page, and will not modify the elements on other pages
  • The code is not loaded on other pages which is better for your SEO and loading speed
  • You no longer have to look for the page ID to modify this element only on a specific page
  • You no longer have to look up the page in the regular Customizer which would load the code directly on every page

Remove unnecessary images from your media library

/0 Comments/in

How do you get rid of all those unused and unnecessary images in your media library? Do you have to delete them 1-by-1? And what if the image was used anyway?

With the WPS cleaner plugin for WordPress you can find and remove unused images from your media library for free. The deletion can be done in bulk, meaning you can delete 30 at a time with 1 click!

Have no fear, the plugin first checks that your images are no longer used anywhere.

At the time of writing, WPS Cleaner checks that your images are not used in:
Content of a post, Featured thumbnail, Website icon, Image Widget and Gallery, Woocommerce, DIVI Builder, Logo DIVI, Beaver Builder, Elementor, Visual Composer.

Note that if you have a lot of images, the plugin is going to analyze them first. That can take a while!

Installing WPS Cleaner

You can install WPS Cleaner through your admin > plugins > New plugin > WPS Cleaner
But also download it from WordPress.org and upload it to your plugin menu!

Download WPS Cleaner

Disclosures from the WordFence security whitepaper

/0 Comments/in

WordFence is 1 of the biggest in malware protection, they have an excellent firewall that they use to stop attacks from millions of unwanted IP addresses.

Now they have written a white paper (which you can read here) with new revelations in the field of security and also where most problems arise.

  1. Websites that are not maintained
  2. Plugins that are no longer updated by programmers
  3. Nulled plugins are still being used.
    These are plugins that actually have to be bought but are provided for free by criminals. Free is not the right word, since you pay by means of the malware that the criminals put on your website via the Nulled plugin.
  4. Most successful hacks still come from brute-force guessing of usernames and passwords.

Are you already aware of the above 4 points? There are many more in the whitepaper!

123456 not the most popular password after nine years, which one is?

/0 Comments/in

According to NordPass, a ‘password manager,’ ‘password’ is currently the most used password in the world. However, ‘123456’ remains very popular – Notwithstanding that it has been number one for years, it is still very commonly used, we currently encounter ‘123456’ in second place.

NordPass recently released the results of its annual survey of the most commonly used passwords. The survey was conducted in 30 countries.

Is your password among these?

Act fast is the message, change your password today before it’s too late.

No idea how best to create a “secure” password? Here are some tips :

Tips for securing your passwords

1. Create long, unique passwords and never reuse them.

2. Strongest passwords consist of Complicated combinations of numbers, uppercase letters, lowercase letters and symbols.

3. Use a password manager. such as Dashlane, among others This technological solution encrypts stored passwords and enables secure sharing. Too often passwords are still stored in an excel sheet, which makes it very easy to retrieve passwords.

Still no idea how to compose a secure password, you can also use a password generator, of which many free versions can be found. e.g. lastpass.com can be used to generate a password.

Do you also need to upgrade from PHP 7.4?

/0 Comments/in

Did you get an email from your hosting company telling you to raise the current PHP version? Or that they are raising the PHP version for you soon?

What does this mean for you? Is raising the PHP version really necessary? What now if your website crashes on php 8 and higher?

We are going to answer this for you!

Is raising PHP version really necessary?

Yes, the reason is that PHP 7.4 is no longer supported as of November 28, 2022. Thus, there will be no more security updates for PHP 7.4 from this date.

How big an impact does PHP have on your website?

PHP is a programming language in which most of WordPress is written.
Every element in WordPress, every piece of information in your website is processed by PHP. And additionally a bit by html, css and some ajax/jQuery.

What should you do with PHP version 7.4 or lower?

If your web host expects you to increase the php version on the server, it is a matter of logging into your hosting panel, or directadmin/cpanel or plesk and going to the php settings there.
You will often see a dropdown that shows 7, 7.4 or in the worst case even 5.6.
Set it to 8.0 or preferably the latest one like 8.4 or higher.

Can’t figure it out? Consult the hoster’s documentation, contact their support department or hire a professional to do it for you.

But what if your site doesn’t work on PHP 8.0 or higher?

Some themes and plugins are not updated by the developers. Those themes and plugins then still work on PHP 7 but crash when you switch to PHP 8 and above….

How do you know if your website is not ready for php 8.0 and higher?

If there are plugins or themes on your site that have not been fully updated, chances are that this will cause the following error message on one of your pages:

What to do with this critical error?

This error message that WordPress shows you by default will not help you any further.

To understand where the error is occurring, you can look in the logs:

  1. The error log at your host
    Consult the error log at your host. What is the error log? The error log is the log file that contains the PHP errors. This contains not only the information about the specific error and where it specifically goes wrong, but also the path in that error code then tells you where it goes wrong.
  2. The WP Debug mode
    Another option is to set WP_DEBUG to “true” in the wp-config.php file. This file is located in the folder where your WordPress is installed on the server. You can access the files via (S)FTP or if your host’s control panel has a file management option, you can also make changes that way.

The error usually comes from a theme or plugin… that hasn’t been updated yet.

Make sure all plugins and your theme are updated. And when possible, only perform the PHP update after that. If everything in your website is up to date, but still errors occur due to 1 of the plugins or theme…. Contact the developer of the plugin or theme.

If they do not respond, do not offer a solution, or indicate that the problem is not caused by them, you can contact a professional who may be able to solve the error for you.

This is how to recognize a virus file!

/0 Comments/in ,

For me as a WordPress specialist, it’s easy to see which files don’t belong on the server. But there are also several ways you can recognize a virus file or a spam file!

This is how you recognize a virus file

  • The file has a different modification date on the server.
    All files have the modification date from when you installed WordPress, but the virus file has a more recent date.
  • The file has a code that is unreadable, all numbers and letters mixed together.
    The file is often encrypted, All you can read then is eval65. This is the encoding after which the numbers and letters come. The server executes this strange code like regular php but it is not readable to humans like regular php is.
  • The file has a strange name.
    Since files should not be recognizable by virus scanners from the server, the name is generated so you get random letters and numbers as the file name.
  • Often the file is located in the httpdocs/root of the website.
    Since directories change quite often, the hacking scripts often target the root directory of your website. But there is also a fairly good chance that there are multiple files. Consider the wp-includes folder and the uploads folder.
  • The file is 9-of-the-10x a .php file.
    Php files can execute scripts, which is why they are usually php files and very occasionally html.

These are some ways to recognize files put on your server by a script. However, if your WordPress is leaky, they can also inject lines of code into your existing files. These are therefore more difficult to detect.

They often put the lines of code in the index.php, the header.php or in the WordPress core files.

Beware! Once you have removed the files, the problem is not solved. After that, it is important that you secure WordPress and make sure there is no more code in your website. This is because if there is a so-called backdoor in your website, they can still place files on your server through that route. And yes, this unfortunately happens often.

Remove malware from server – here’s where to look!

/0 Comments/in

Hackers – actually automated hackbots/scripts, do everything they can to hide their malware well in the server between your WordPress core files, the uploads folders, or between the plugins. There is some strategy behind placing malware and there are specific folders where hackers usually hide their malware.

In which folders can you often find Malware in a hack?

Look in the folder above the public_html
The folder where your website resides is usually called public_html, www, or httpdocs.
Above (or in front of) those folders you have other server folders, and with a bit of bad luck, a hacker or script got access to those folders above and hid the malware there….
Ps: Keep in mind that sometimes you can’t even access those upper folders with a standard ftp program and a standard ftp account.
boven de public html

Look in the uploads folders
Many plugins have write permissions and access to uploads folders that are freely writable.
Therefore, all it takes is a small modification to a leaky plugin to store unwanted files.
With an extensive directory structure spanning years and months, there are plenty of places to hide malware!

Look in the WordPress base folders
WordPress itself is also where hackers often put files, think of the wp-includes and the wp-admin folder.
in de themamap

Look in plugins & theme folders
Many websites have between 7 and 30+ plugins, enough space to place a few unsavory files!

in wordpress

Waarom de mappen boven de public_html & de uploads mappen de grootste voorkeur genieten bij hackers en hackbots? Dat is omdat de map boven de public_html + de uploads mappen niet ge-update worden waardoor de malware er langer kan blijven staan.

Sluw hè?

Naast de beste verstopplekken om malware neer te zetten worden er ook diverse verstop-strategieën gebruikt. Hackers en bots hebben strategieën om de malware zo lang mogelijk in je website te houden.

De strategie bij het plaatsen van malware plaatsen

Strategie 1: het script zet de malware in elke map!
Als een hack eenmaal in je server is binnengedrongen gaat zo’n hack in 20% van de gevallen over tot het verstoppen van malware in ELKE MAP. In de hoop dat je er 1 vergeet wanneer je de hack probeert te verwijderen. De kans dát je de malware vind, of dat de malware door de server ontdekt wordt is groter, maar ja.. zie maar eens GEEN enkele map over het hoofd te zien bij het verwijderen!

Strategie 2: het script zet de malware alleen 3 mappen diep

Voor een script is het gemakkelijk om alleen malware te plaatsen in mappen met 3 lagen bovenliggende mappen. De malware wordt op deze manier zo ver mogelijk UIT HET ZICHT geplaatst.

Strategie 3: het script zet de malware IN een bestaand bestand

Dit zijn de ergste! Dan is de malware IN een bestaand bestand geplaatst. Je zult dan heel specifiek naar een lijn code op zoek moeten.. een speld in een hooiberg als je niet weet hoe je moet zoeken!

Oké, je hebt nu een idee WAAR je malware kunt gaan zoeken. Nu vraag je jezelf natuurlijk af: hoe herken ik een virusbestand, malware bestand of hack tussen tientallen legitieme noodzakelijke bestanden?

Dat kun je in het volgende artikel lezen: ,,Zo herken je een virus bestand“.

Why the folders above the public_html & the uploads folders are most preferred by hackers and hackbots? It’s because the folder above the public_html + uploads folders don’t get updated which allows the malware to stay there longer.

Smart huh?

In addition to the best hiding places to put malware, various hiding strategies are also used. Hackers and bots have strategies to keep malware in your website for as long as possible.

The strategy when placing malware places

Strategy 1: The script puts the malware in every folder!
Once a hack has penetrated your server, in 20% of cases such a hack proceeds to hide malware in EVERY MAP. Hoping you will forget one when you try to remove the hack. The chance that you find the malware or that the malware is discovered by the server is higher, but hey… try NOT to overlook a single folder when deleting it!

Strategy 2: the script only puts the malware 3 folders deep

It is easy for a script to place malware only in folders with 3 layers of parent folders. This way, the malware is placed as far as possible OUT OF THE SIGHT.

Strategy 3: the script puts the malware IN an existing file

These are the worst! This is when the malware is placed IN an existing file. You will then have to look very specifically for a line of code…a needle in a haystack if you don’t know how to search!

Okay, you now have an idea WHERE to look for malware. Now of course you are asking yourself: how do I recognize a virus file, malware file or hack among dozens of legitimate necessary files?

You can read about that in the following article: ”How to recognize a virus file”.

 

What is an SQL injection in WordPress?

/0 Comments/in ,

An SQL injection targets the WordPress database. In the process, data is added, modified or just retrieved – by hackers! What is the danger of an SQL injection? How does a hacker earn from an SQL Database injection? What is the danger in an SQL injection? And what can you do against an SQL injection? You can read about it in this article!

What is the danger of an SQL injection?

  1. An SQL injection allows a hacker to add data to the database
    The hacker injects a new WordPress user, an administrator.
    This allows him to log into your website’s backend and do anything he wants.
  2. Through an SQL injection a hacker can modify information in your database
    The hacker can thus modify the existing administrator accounts, the password is changed and thus the hacker can simply log into the back-end of WordPress.
  3. A hacker can delete information from your database
    This may not be the biggest problem of the 3. In fact, it is rare because there is nothing to gain for the hacker. But if you lose your posts and pages … and you don’t have a backup … you still have a huge problem!

How does a hacker earn from an SQL Database injection?

When you know why a hacker does this, you understand that the risk of an SQL injection is something you absolutely must avoid.

Here we discuss some types of websites, and the common injections:

Suppose you have a web shop
Then an SQL injection can cause your payment details to be changed TO THOSE OF THE HACKER!
The consequences
> Malware enters the website that you have to remove.
> The customer has paid so you have to deliver your product or service.
> You don’t get paid a dime.
> The scumbag (the hacker) gets the money deposited into his account.

Suppose you have a small business website
Small business owners are so not easily aware of the danger, but also underestimate what it costs if visitors refer the website to another unsavory website.
The consequences.
> Malware gets into the website that you have to remove (or have removed)
> The hacker redirects visitors with a redirect script.
> You lose your visitors, who can no longer purchase services from you. Visitors have absolutely no idea why your website is off their screen.
> Visitors no longer return to your website.
> The hacker has a website., web shop or an SEO client where all the visitors go.

In the case of a large corporate website
It took a lot of time to set up a business with a good reputation, there are a lot of visitors. An advertising (SQL database) injection unfortunately changes.
The consequences.
> Malware enters the website that you have to remove (or have removed).
> Visitors get to see advertisements or are redirected.
> You have lost your new potential customer.
> The established customer experiences that you don’t have your “online business” in order.
> Your reputation (ranking) in Google goes down, resulting in fewer visitors.

The risk calculator!

I haven’t added this before in the previous 300+ articles, but to add nuance and put the risks in perspective, herewith THE RISK CALCULATOR.

You have:

  • 5 plugins – Don’t worry, but keep them up to date and WordPress of course too!
    10 plugins – Pay close attention to which ones you use (wpscan.com)
    15 plugins – No problem yet, watch wpscan.com, update them, delete plugins that are no longer updated by plugin builders.
    20 plugins – I hope you have a web shop? For an informative website, limit the number as much as possible. Keep plugins up-to-date, check monthly wpscan.com to see if they are still safe.
    25 plugins – Then get someone to maintain your website. You run a lot of risk at 25 plugins and more. Reduce the number, or hire a security person who will check everything for you, update, check your website status in Google, scan your website regularly.
    30 plugins and more – Can be done, but get someone to maintain your website intensively!!!

What can you do against an SQL database injection?

  • BACKUP – Make sure you have daily, weekly or MINIMUM monthly backups.
  • SCAN – It is always recommended to scan your website monthly with the Sucuri malware scanner & Isithacked.
  • EXPERT – You’re going to forget to scan, hire someone to do that 7 days a week. (WPProtect, or another).
  • INSTALL A SECURITY SPLUGIN – Not 2, no. Just 1. Think WordFence, iThemes, Sucuri. And configure those properly according to your website.

What is ChatGPT?

/0 Comments/in

ChatGPT is a database of information that you can access simply by chatting with it.
You ask a question and ChatGPT answers it.

Why should you use ChatGPT?

  1. ChatGPT answers your questions chat-style with Artificial Intelligence
  2. You can simply “communicate” in Dutch
  3. The chatbot gives you clear answers back in Dutch
  4. You have privacy – the conversations are not stored (according to OpenAI at the moment)
  5. You can continue to ask questions – you can supplement the questions and answers

Yeah but, I already have Google, right?

Google is of course the most well-known and best search engine for websites, but ChatGPT offers advantages that Google does not currently offer. See some points below.

ChatGPT Google
plusRemembers multiple questions & answers Remembers 1 question at a time
plusDoes not show advertising responses yet Displays advertising as first results
plusKeeps conversations anonymous Uses your search results commercially
plusUnderstands your questions through AI Does not yet use AI to help you
plusCannot yet be influenced like Google Can be influenced with SEO
plusCan correct data from you plusHas many more services such as maps
plusCan help you code Can’t correct code
Is not live, or up to date plusIs live, up-to-date with latest news etc.

Is ChatGPT that much better than Google?

Well, right now it offers many advantages that Google does not yet have. With that, ChatGPT can be a nice addition, a custom help want – custom answers.

[blok-vol-notif-red]Note: ChatGPT currently still answers based on information that is several months old, ChatGPT is NOT as up-to-date as Google[sluit-notif]