Antivirus for WordPress

/0 Comments/in

Whether antivirus for WordPress is necessary depends on your specific setup. If you are using WordPress without many plugins and have a unique theme that is not widely used, then antivirus for WordPress may not be essential. WordPress itself is a stable and reasonably secure system to build your website on.

However, it is important to note that plugins can be the source of security issues. Free plugins available on WordPress.org can be downloaded by hackers, who then test them for vulnerabilities that they can exploit to take control of WordPress websites. Once they have access, they may use the website to promote their own products or engage in other malicious activities.

Hackers are not selective about the websites they target. Any website that can link to their products or improve their website’s status is of interest to them. They often use automated scripts to carry out their attacks.

Hackers may exploit hacked websites for various purposes, including sending spam emails through your server and IP address, placing links on your pages to gain more visitors, and adding links to the hackers’ products to improve their website’s ranking in Google search results (a crude form of backlink SEO).

To protect your WordPress website from hackers, antivirus for WordPress can be beneficial. It can do the following:

1. Stop Brute-Force attacks: Antivirus for WordPress can prevent scripts from launching thousands of password attempts per minute on your admin login to eventually gain unauthorized access.

2. Create database backups: In case of any issues or a successful hack, you can restore your website from the backup.

3. Hide wp-admin: Antivirus for WordPress can hide the standard URL for wp-admin and other links to access the admin area, making it less accessible to potential attackers.

4. Manage user behavior: Antivirus for WordPress can enforce strong password usage for you and your writers. Additionally, some security plugins may prevent the default use of email addresses for logging into the admin panel, which can improve security.

5. Block DDOS attacks: Antivirus for WordPress can prevent DDOS attacks carried out through XML-RPC, stopping pingbacks from being abused to bring down other sites.

A popular and effective antivirus for WordPress is iThemes Security Pro. It provides comprehensive security features to protect your website from various threats.

The ease of habits

/0 Comments/in

I make use of people’s habits when hacking a site. For example, I exploit their tendency to use easy-to-remember usernames and passwords. People often use their first or last names, maybe followed by a birthdate, and sometimes add a few numbers.

We dislike complicated passwords because there are already so many we have to remember. I like to take advantage of these habits.

Another example of habits

When you think of a hacker, you may envision a stereotypical bad person. After all, who would want to learn how to break into someone else’s system?

And rightfully so, there are very few who would go to the trouble of hacking just to earn a living through hard work.

But they exist, white hat hackers

white hat

 

White hat hackers hack for the thrill, for amusement, without causing harm to a website with hacks. They approach companies and inform them about the hacks they found.

Or they simply help someone regain access to their site if they forgot their password.

Hacking sites can be a fun activity if you know what you’re doing. I do it for the entertainment, which is why I’ve become a guest blogger on wpbeveiligen.

For your convenience, you can call me Hacker Anno. Hopefully, you will learn from the tricks I will describe in the coming weeks, and understand that there are also good hackers out there.

Best regards,
Anno

Dé WordPress Hack Check

/8 Comments/in

Wil je weten of je WordPress website gehackt is? Of je WordPress website op dit moment hack-vrij is of malware bevat? Of hackers nu toegang hebben tot je website, tot je admin?

Dan ben je bij ons aan het juiste adres!

Wij zijn al jarenlang full-time actief als beveiliger en onderzoeker van WordPress websites.

De officiële Hack Check

Wij hebben de officiële Hack Check ontwikkeld voor WordPress websites, webshops en hele grote WordPress websites.

Aan de hand van een uitgebreide checklist lopen we door de gehele website op zoek naar hacks, backdoors, malware.

Wij controleren grondig en effectief. Binnen 48 uur weet jij of je website door een hacker geïnfecteerd is en krijg je een uitgebreid PDF rapport.

Vraag de Hack Check nu aan

Updates, implemented immediately?

/0 Comments/in

Updates are important. We won’t deny that!

But…

You want to avoid problems in general. What are the chances of getting hacked due to an outdated plugin, and how likely is it that a new plugin conflicts with other plugins or with WordPress itself, causing errors that make your website non-functional?

The chances are higher that your plugin encounters an error and your WordPress stops working due to conflicts with other plugins or WordPress than the chances of your website getting destroyed by a hack.

Examples

We often come across WordPress websites that stop working, for example, because themes with WooCommerce templates use code that suddenly doesn’t work anymore in the latest WooCommerce update. Suddenly, your online shop stops functioning!

Or plugins that were coded 2 years ago may not work with the latest version of WordPress.

Plugin compatibility can also be an issue. For instance, translation plugins may be coded to work together with certain themes, WordPress, and other plugins used at that time, but after a year, the code may no longer be compatible.

Plugins still need to be updated

We will never say that you shouldn’t update your plugins. But as a tip, we suggest updating them regularly after making a backup, and update them all at once, not for every single release but on a regular basis.

Unless you want to run a backup of your data and database with each release so that you can roll back in case of any issues.

A new release

A new release or update is tested in advance, but it can never be tested on all platforms with every PHP version that exists. So, if it is found to have issues, the feedback will be posted on forums, and the developer will release a new update. Therefore, it’s advisable to wait at least 3-5 days before updating a plugin or WordPress, so you avoid being in the test phase.

It’s just a tip, do with it what you want 😉

An error 500 in WordPress … now what?

/0 Comments/in

WordPress is essentially “foolproof.” You can set up a WordPress website as a beginner and play around with it freely. You can create posts, install themes, customize settings in WordPress, and more.

WordPress is designed to keep working no matter what you do with it.

The admin panel is separate from the website and the theme. It has a separate code in a separate folder.

And when you are in your admin panel, you can do various tasks without affecting the WordPress core.

But occasionally, Error 500!

Error 500?? What is that now.. and just when you uploaded some new plugins and your website was becoming amazing.

What now?

Error 500 is a server error, and as a result, your entire website, including the admin panel, is no longer visible.

Time to panic!

No, calm down. Think about the last plugin you installed. That plugin or sometimes even the theme is likely causing the server error, and you can solve this by deactivating that plugin.

How?

You need to rename the plugin. That is often enough for WordPress to stop using the plugin, which will make your website and admin visible again.

How do I rename a plugin when I can’t access it via the admin?

You have access to the server through your hosting package, either via a hosting panel or FTP details.

If you have a hosting panel

Do you have DirectAdmin or cPanel? There is likely a file editor in it that allows you to navigate to the plugins and rename the file.

The plugins are located in > httpdocs or www > wp-content > plugins

directadmin file aanpassen

If you have FTP access

Enter your server details in a free program like Filezilla, and you will be able to see the server folders in Windows/Mac style, making it easier to navigate and rename the specific plugin or theme.

Simply add a hyphen before the name of the plugin.

Filezilla naam aanpassen

That’s enough for WordPress to deactivate the plugin or theme, making your website visible again, and allowing you to manage the website!

And then you can continue playing around in WordPress to create the website just the way you want it 🙂

Goofballs and Malware

/0 Comments/in

The internet is anonymous, and as a customer told me last week: ”The internet is full of weirdos and malware.”

Types of individuals we deal with:

Regarding hacks and malware, we encounter a wide range of individuals, but of course, we never get to know the person behind it since every “weirdo” has the intelligence to hide behind a proxy.

Professional Programmers

An example of brilliant programming work:

Today, we came across JPEG images in the uploads folder.
Not strange, right?

Until you open the file with a PHP editor and find code that opens up your WordPress website to hackers.
The hackers go beyond this trick and provide a good piece of programming work to make these files executable.

voorbeeld

The Script Kiddies

An internet term used to refer to individuals who simply execute a script to “hack your website.”

This is a large group, mainly consisting of young people. They watch some YouTube videos and follow the steps taken by seasoned hackers to hack a website.

Unfortunately, with the average WordPress website lacking additional security, they still have a chance of success.

The Weirdos

There’s a group of hackers seeking “fame”. It doesn’t matter which website they breach, as long as their name or advertisement appears on the site.

In some cases, you might end up with an entirely new homepage with a fictional alias and an image displaying their logo clearly. Most of the time, however, your website unknowingly promotes expensive products that you have nothing to do with. Sometimes legally, sometimes illegally.

Conclusion

Individuals from all over the world target WordPress users, ranging from brilliant people doing it for “big money” to those who only have a computer and deep debts and want/need to earn something because they don’t receive benefits in most countries, and their entire family is suffering.

Each person has their motive for engaging in these illegal activities, and it is our responsibility to ensure they can’t access your WordPress!

Our website is full of articles and tips on how to prevent weirdos and malware. Feel free to read more!

Quick course: Killing your WordPress in 10 steps

/0 Comments/in

Destroying your WordPress is not that difficult; we’ll teach you how to do it in 10 steps:

  1. Install as many plugins as possible; the more, the better. And never update them!
  2. Use your first name as the username for logging in.
  3. Choose your domain name as your password with some numbers.
  4. Try out various themes and keep them all.
  5. If you find comments with strange links on your site, log in and click on them!
  6. Share your FTP credentials with everyone on a forum! (Yes, it really happens…)
  7. Never update WordPress.
  8. Don’t use any antivirus on your computer and click YES on every internet popup.
  9. Let a teenager install your website because they know a lot about Windows!
  10. Choose the cheapest web host; the one for 1 euro per month must have an up-to-date server, right?

It may seem exaggerated, but we encounter these above 10 points on a daily basis.

Learn from it and avoid these mistakes!

My WordPress has been hacked. I download 5 antivirus plugins!

/0 Comments/in

“My WordPress site has been hacked. I download an antivirus plugin, and maybe another one, and one more…”

And fixed?

No, there are several good plugins available. Think of iThemes Security and WordFence, or Sucuri, Acunetix, All in one security… there are many!

But what these 5 plugins don’t do,

They cannot break down hackers’ code, they don’t evaluate code. At most, a security plugin can show you code that may not belong on your site.

The free plugins

A free plugin lacks many features like scheduled scans, backups, and more.

The Premium plugin

A premium plugin has many more features, such as scheduling scans so you are quickly informed of hacks, and blocking hackers and hack scripts.

But when it comes to removing hacks…

Even if you download 5 security plugins… once your site is hacked, it’s not easy to get rid of it.

Why 5 security plugins won’t help you much if you are already hacked

  1. The database information has been extracted from the wp-config and is being used to execute new injections on the database
  2. The FTP credentials may be known, and no plugin can help against server-level privileges
  3. The plugins do not recognize new hack codes as “dangerous” or as an open door for hackers

In conclusion

Secure your WordPress site before it gets hacked. Prevention is better than cure!

 

15 claims and myths about Google

/0 Comments/in

The number of articles describing what you should or should not do to create a website that ranks well in Google is countless. Hundreds of websites claim to know what Google’s advanced search engine truly expects from a website.

The best source is Google itself, which occasionally provides information about its search engine. However, you will never know everything because that would lead to search engine fraud. Programmers who know exactly what Google does would abuse that knowledge. For example, they could target keywords that are unrelated to the website’s content.

Claims and Myths About Google

There are many myths and claims about the system that Google’s search engine uses to determine search results and rankings.

Here are 15 of these myths or truths, along with an explanation of why this information is spread:

1. Google compares colors in the CSS: Some experts claim that Google compares text and background colors, and if they are the same, Google might interpret it as an attempt to hide text and deceive the search engine.

2. Google no longer uses meta-tags: Some optimization experts who don’t achieve desired results assert that Google no longer uses meta-tags to determine website content.

3. Google bans websites with 18+ sector words: It’s believed that Google maintains a blacklist of words it doesn’t want to see on a website, especially those related to adult content or deceptive promises.

4. Google considers the age of a domain: Experts believe that Google looks at the age of a domain, the domain holder, and the website’s activity.

5. Google factors in website loading time for ranking: Websites with slow loading times might be ranked lower by Google, according to some experts.

6. Google values pages with links to other websites or internal articles: Websites that link to other relevant websites or internal articles provide better user navigation, which Google may reward.

7. Google requires a minimum of 400 words for “important” articles: Some experts claim that webpages with at least 400 and up to 600-700 words are more relevant and informative.

8. Google prefers pages with text formatting: The use of H1-H3 tags and text formatting like bold, italic, and underline can improve readability for readers.

9. Google uses a scoring system to determine website importance: According to search engine experts, Google assigns PR (PageRank) values that influence other websites’ ranking.

10. Google uses previous searches as a basis for new search results: Some believe that Google stores the search history of an IP address to tailor better search results.

11. Google counts the number of words on a page and uses the most common words as meta-tags: This myth suggests that Google generates search keywords/meta-tags based on the most frequently used words on a webpage, especially if they are hyperlinked.

12. Google dislikes inline styles: Experts argue that inline styles (CSS code placed in HTML) can hinder website performance.

13. Google values blogs with varied content: Websites that frequently update content are thought to be favored by Google.

14. Google has penalty systems and a sandbox: Experts claim that Google has penalty systems, watch-lists for monitoring stolen content, and a sandbox for indexing new websites.

15. Google reads Divs for functionality: The names of Divs such as add-space, banners, and leader-board may lead Google to view the website as focused on earning money rather than providing important information.

More PageRank and Fair Optimization for Your Website

The facts and myths beyond these 15 points are even more technical and require in-depth explanations.

We have the knowledge and experience to help websites rank well in Google. We use proven methods and do NOT use PageRank boosters.

If you want a website that performs well in Google, feel free to contact us!

WordPress under control?

/0 Comments/in

Blocking hackers to keep your WordPress website safe with iThemes Security PRO NL is crucial.

Did you know that the log files of iThemes Security PRO NL provide valuable insights about your website?

The log files give you visibility into file changes, login attempts, accessed pages, and more!

“Why is it so important to have insight into file changes?” you might wonder. Let me explain:

File Changes

The file changes feature shows you which files have been modified or added. It’s possible that your WordPress website might be affected by an injection due to a vulnerable plugin or your own actions. Sometimes, plugins or themes that were considered secure might get exploited later due to newly discovered vulnerabilities by hackers.

iThemes Security PRO NL blocks many threats, but it doesn’t always prevent plugins from writing files. Otherwise, certain plugins wouldn’t be able to function correctly.

If, at any point, a malicious file is found on your server, you won’t have to spend days searching through all the directories and files and examining the code. Instead, you can simply open the log files.

What you can see in the log files of iThemes Security PRO NL:

  1. Date of the change
  2. Which files were modified
  3. Which files were added
  4. The complete path to the file

Knowing which files were modified can save you a lot of trouble if you’re hit by a hack or injection. You can take prompt action and understand exactly what happened!

Additionally, you can also see login attempts and which files are being sought after. The files listed under the 404 tab are often accessed by hackbots searching for vulnerabilities in your WordPress.

In conclusion, the iThemes Security PRO NL provides you with useful insights to keep your WordPress website under control. In various other articles on WPbeveiligen, you can learn how to prevent file modifications and automate the blocking of hackers and bots effectively.