Plugins? Don’t!

/0 Comments/in

That plugins are vulnerabilities for hackers, we have known for a long time. Right? And that plugins are constantly being hacked is well-known among WordPress users.

No?

Then, this is a wake-up call…

5 Popular Plugins Often Hacked

  1. WP Super Cache
    Hacked 10 times in 2 years!
    Screenshot_29 Jun. 09 14.20
  2. All in one SEO pack
    Hacked 5 times in 2 years.
    Screenshot_29 Jun. 09 14.19
  3. BB-press
    Hacked every year: 2014, 2015, 2016.
    Screenshot_29 Jun. 09 14.21
  4. WooCommerce
    The list is too long to put down, hacked 21 times in a few years.
    Screenshot_30 Jun. 09 14.24
  5. Nextgen Gallery
    Who hasn’t used it for photo albums?
    Screenshot_30 Jun. 09 14.25
  6. Bonus: Jetpack
    Used by millions of websites but often found vulnerable!
    Screenshot_32 Jun. 09 14.30

And the list of hacked plugins goes on…

There are many plugins that have been hacked, see WPvulndb.com.

Both unknown and the most popular plugins fall victim. Hackers target popular plugins because they know that way they can affect many websites.

Note: Hackers write a script that automatically scans websites on the internet for vulnerable plugins. This happens with hundreds of websites per hour; the hacker is, of course, not manually hacking each website.

What Does This Mean for My WordPress Website?

Use as few plugins as possible and don’t leave them deactivated on the server!

Keep the plugins up-to-date or ensure good security.

Have a backup! This way, you can restore the website to a point before the hackers got in and then update or remove the plugins.

Have You Been Hacked?

If your WordPress website has been hacked, you will need to thoroughly examine WordPress and all files on the server to remove the backdoors and scripts. Then, you’ll need to work hard to secure the website.

Alternatively, you can leave it to us:
Let us restore your hacked WordPress website.

Update plugins or not update plugins?

/0 Comments/in

Updating plugins… you can do it with one click, but if your website encounters a conflict with other plugins, the theme, or WordPress, you can’t undo it with one click!

What to Do If a Plugin Update Causes an Error

  1. You can find the old release of that plugin and replace the latest plugin with the old release using an FTP program.
  2. You can restore a backup, and if you don’t have one, contact your web host. They might have a backup from a week or longer ago.
  3. You can check if there is already a topic opened about it on the official WordPress NL forum.
  4. Or follow the paths and instructions shown in the error and dive into the code to fix it. (For advanced users)

Can You Know in Advance If a Plugin Will Cause an Error?

You can only know this if you do research on Google or the WordPress forum. Type the name of the plugin and add “update error” or “update bug” after it. But that’s searching for problems. Checking if a plugin causes issues is actually a lot of work that few people want to do.

How to Identify Which Plugin Is Causing the Error?

If the plugin(s) have been updated, and you see an error on your website, you can deactivate the plugins one by one until the error disappears. Once the error is gone, you will know which plugin is causing it.

If your website shows a “white screen” without an error message, you can enable error display in the wp-config.php file by setting DEBUG MODE to TRUE

The Convenience of Having a Backup

If only you had a backup! Then you could easily restore your old plugins with a few mouse clicks. A backup is essential when you regularly update plugins. Backups can be done in various ways, manually through FTP, via Cpanel-Directadmin, or using a backup plugin.

Psst: Don’t Tell Anyone

We recommend not updating plugins every week/month when a new release is out, but rather every 4-6 weeks. Often, these releases include new features that might bring along bugs (code conflicts). Only update immediately when it’s necessary, such as with a security update.

Use your judgment and insight when updating; don’t click on the “update” link immediately when a new update appears!

Recognizing a WordPress virus

/0 Comments/in

A WordPress virus is not a familiar term to most people. However, this term is used to refer to unwanted files on the server.

Definition of the word Virus: an infection, a self-replicating bacterium in the computer world, referring to unwanted files within a system.

In other words, you have an “infection,” and there are files on your server that do not belong there. You are dealing with a virus as these files will spread once they find their way onto the server.

To determine if your server/website is infected with a WordPress virus, it is important to distinguish between the three types of files.

Explanation of Different Files on the Server

  1. Regular WordPress files that belong there.
  2. Regular files that are infected/injected with malicious code.
  3. New files created by the virus or at the beginning of the virus.

How to Recognize Virus Files on the Server

Note: You will need FTP access to the server using an external FTP program.

  1. Virus files are often created later and have modified or created dates different from all other files.
    afwijkende wijzigingsdatum
  2. These files are often encoded with Base64 and Eval to avoid detection by the server.
    gecodeerde code wordpress virus
  3. The names of the files differ from the original WordPress files (e.g., Core.php – deleteme.php – test.php – inc.php).
    afwijkende namen wordpress bestanden
  4. The codes supporting the virus are all concatenated together without proper formatting.
    code zonder opmaak
  5. With a good server antivirus, they are labeled as suspected.php.
    verdachte bestanden

Preventing a WordPress Virus from Infecting Your Server

As the old saying goes, prevention is better than cure, and this is certainly applicable in this case.

There are two factors to consider:

  • The hosting provider responsible for updates (Note: with a VPS, you need to do this yourself).
  • The antivirus you use for WordPress.

The hosting provider will always hold you responsible for what happens to your WordPress website and how it affects the server. Therefore, ensure your WordPress is up-to-date and secure.

If You Already Have a WordPress Virus

If you are reading this article because there is already a virus on your WordPress (and hence on the server), you can use the five points described above to make the server virus-free. However, this is not easy and requires a lot of knowledge of code, WordPress, server files, and file permissions.

WPbeveiligen works full-time to secure WordPress websites and, when it’s already too late, restore them.

Displaying your WordPress website in multiple languages

/0 Comments/in

Showing your website in multiple languages is important if you have an international business. While the Netherlands has much to offer in the business world, you may want to expand your company’s reach to broader markets like the English or American market. At the time of writing, the Netherlands has 16.8 million inhabitants, whereas the United States has 318 million people!

That’s a huge market!

Displaying Your Website in Multiple Languages with a Plugin

There are several plugins available, such as WPML, PolyLang, and Stella free.

WPML comes at a cost but is the most renowned plugin with extensive support. Many plugins are WPML certified, meaning they work well with WPML. WPML stands for WordPress MultiLangual and has been available online for some time.

You can purchase WPML here.

Below is a screenshot of the simple translation feature within pages and posts.

wpml

WPML is highly regarded but comes with a price tag.
(However, as a business, you can write off this expense.)

With WPML installed, you have various features at your disposal. The option you will use most often is the translation capability.

Click the “plus” or “pencil” icon to create or edit a page in another language.

As mentioned, the WPML plugin is flexible, allowing you to customize various aspects. It also works well with many plugins, enabling you to use “string translation” to make certain plugins multilingual.

We have installed WPML for 9 out of 10 clients, and 6 out of 10 of them either already used it or preferred it because they had experience with it elsewhere.

It’s highly recommended, but WPML is not free, and at the time of writing, it costs $39 per year for 1 website or $199 for unlimited websites a year.

A Cost-Effective Solution, Stella!

The Stella plugin, available in both Free and Premium versions, is a more affordable option at $14.99.

We tried the Free version, and if you simply need a plugin to translate your posts or pages, Stella is a good choice.

We purchased the premium version for the modest amount of $14.99 and were able to make some clients happy with it.

You can download Stella here.

Simple Yet Effective

The plugin displays translations on one page, making it easy to switch between languages.

wordpress vertaling

Next, let’s talk about PolyLang.

PolyLang

As you read earlier, we have WPML in use for 9 out of 10 websites, so PolyLang was something we had used a while ago. We installed the latest version to see how it works!

polylang wordpress meerdere talen

It took a little bit of figuring out, but in the settings, you can choose one or more languages after installation, and they will appear in the pages and posts overview, just like WPML.

You can download Polylang here.

Enjoy!

The above-mentioned plugins are the best ones we know and have found for making WordPress multilingual.

If you know of other plugins or have experience with WPML, PolyLang, or the Stella plugin, feel free to share your thoughts!

What is a Brute Force attack (WordPress basics)?

/0 Comments/in

A Brute Force attack can be translated to “een aanval met brute kracht” in Dutch.

In this type of attack, the attacker uses sheer force rather than clever tactics.

A Brute Force attack on WordPress is often executed on the login page.

inlogpagina
If you don’t have proper security measures in place, an attack can continue until the attacker successfully breaches your website.
As this attack involves computers, it can be very fast, with thousands of login attempts fired at your login page every minute.

Preventing a Brute Force attack

You can prevent such an attack by securing your WordPress site with a specialized plugin or by hiring our services.

Securing WordPress properly

/0 Comments/in

To properly secure WordPress, you need to address multiple points.

  1. Choose a unique username and a long password
    Explanation: The username should be unique, not something common like your first name or website name. The password should be at least 8 characters long and can include a combination of uppercase letters, lowercase letters, and numbers. Learn more about the importance of a strong password here.
  2. Ensure your server permissions are set correctly
    Explanation: Only the uploads folder and its subfolders should be set to 777/writable, all other folders should be set to 755, and the wp-config.php and .htaccess files should be set to 444. You can check and adjust these permissions using a free FTP program.
  3. Regularly update plugins and WordPress
    Explanation: WordPress releases updates regularly, some of which may cause issues with plugins. It’s important to focus on updates that address security issues and enhance security. You can check the “release notes” to see if security issues are being resolved.
  4. Use one good security plugin
    Explanation: There are several security plugins available for WordPress. These security plugins are essential to block brute-force attacks, hide the admin area, and protect files and data.

Why does my mail show up in the spam folder?

/0 Comments/in

Om understand why your emails end up in the spam folder, a basic understanding is required: Email goes through various filters before reaching the mailbox. These filters are set up by your hosting provider, on the server, or by Hotmail, Gmail, and other email providers.

Filters block email and determine if it’s spam

  1. The filters block a large portion of spam based on the information contained in an email. This includes things like explicit words or advertisements for products like “enhancement drugs” and “adult material.”
  2. The filters also block files known to contain viruses. (Based on file names and extensions, such as .exe files)
  3. Messages with large attachments are often blocked to prevent your mailbox from getting full.

In summary, if you send an email with large or suspicious attachments, it may get blocked. Similarly, if there are suspicions that the email is unwanted advertisement (spam), it may also get blocked.

The sending address

Another factor that can cause emails to end up in the spam folder is the sending address. Your email is sent through a server, which is a computer that processes much more information than just your email. If that computer is misused by others to send spam, the entire computer can end up on a blacklist.

Conclusion

If your email meets one of the above-mentioned factors, it may not land in the inbox, but instead be blocked or automatically placed in the spam folder.