Making a good website yourself

/0 Comments/in

Creating a Good WordPress Website on Your Own

If you want to create a good WordPress website on your own, it’s essential to keep the following points in mind:

1. Know Your Target Audience: Determine your target audience and tailor your website accordingly. For the business market, opt for a sleek and professional design with concise information. If targeting the average consumer, use an informative layout with eye-catching colors and images. For younger audiences, focus on visuals as they have shorter attention spans.

2. Brand Yourself: Consider how you want your target audience to perceive your brand. A professional image is crucial for businesses, while sympathy and approachability are essential for consumer-focused websites. Building a positive connection with your audience can increase the “gun” factor, encouraging consumers to choose your products or services.

3. Promote Your Website: Creating a website and waiting for visitors is like opening a shop in an obscure alley. You need to ensure people can find your website. Some methods include offering a unique product that generates word-of-mouth, using Google Ads for visibility, optimizing your content for search engines, distributing flyers and business cards, or sponsoring other companies for advertisement exchange.

4. Design and Style: Choose a style based on your target audience. Colors evoke specific emotions and moods. Warm colors create a different atmosphere than cool colors. For instance, commercials on TV often use cool colors when presenting problems and warm colors when showcasing their solutions. Consider the effects of different colors on your audience’s perception and emotions when designing your website and promotional material.

5. Showcase Your Product or Service: Clearly present your product or service on the website and provide sufficient information. Make sure visitors don’t have to search or guess what you offer.

Finally, after successfully creating your WordPress website, take measures to protect it from hackers and scripts that might use your website for their own advertising purposes. Secure your hard work and make sure your website stays safe and functional for your visitors.

Why did a hacker hack my website?

/0 Comments/in

Dat klopt, de meeste hackers richten zich niet specifiek op één bepaalde website. In plaats daarvan schrijven ze scripts of geautomatiseerde programma’s om tientallen, zo niet honderden, websites tegelijk te hacken. Deze scripts zijn niet selectief en proberen elke kwetsbare website die ze tegenkomen te gebruiken voor hun doeleinden.

De reden achter het schrijven van deze scripts is vaak om zoveel mogelijk reclame te verspreiden en zo geld te verdienen. Ze plaatsen bijvoorbeeld advertenties op gehackte websites of sturen e-mails via het domein van de gehackte website om producten of diensten te promoten die de hacker aanbiedt. Dit kan voor hen lucratief zijn, vooral als ze toegang krijgen tot een groot aantal gehackte websites en zo een breed publiek kunnen bereiken.

Voor veel hobbywebsites kan het verwarrend zijn waarom ze het doelwit zijn geworden van hackers, maar in werkelijkheid hebben de hackers waarschijnlijk geen specifieke reden om juist die specifieke website aan te vallen. Ze richten zich gewoon op kwetsbare websites in het algemeen om hun eigen winst te maximaliseren. Daarom is het belangrijk voor alle website-eigenaren, of het nu hobbywebsites zijn of bedrijfswebsites, om hun websites goed te beveiligen en regelmatig te controleren op mogelijke kwetsbaarheden. Zo kunnen ze de kans verkleinen om slachtoffer te worden van dergelijke geautomatiseerde hackpogingen.

Is WordPress security a job for the hosting provider?

/0 Comments/in

A WordPress website that is not properly secured and therefore gets hacked can cause problems on the server.

  1. The site starts sending spam.
  2. The site consumes all resources of the server.
  3. The server’s IP gets blacklisted.

These are issues that cannot be prevented by the hosting provider. They can, however, limit the consequences by taking your website offline until it is made hack-free.

You would expect the hosting provider to be able to solve these problems by securing certain aspects “better,” right?

However, this is not possible. Your WordPress website requires certain permissions on the server to function properly. For example, it needs the right to upload files to the media library.
The server will not prevent this, and even though the server scans files, it cannot detect whether a file is harmful or not due to the thousands of variations of virus scripts.

If your website gets blacklisted, more websites are affected

The server has only one IP address per server/VPS (computer). When a website starts sending spam, that server with that IP address can end up on the blacklist. As a result, outgoing mails are no longer allowed by other hosting companies, internet providers, and email providers who want to protect their server and customers from an abundance of spam.

Conclusion

It is up to you to make your WordPress website secure so that hack scripts cannot place harmful files on the server through vulnerabilities in your WordPress website or plugins.

You can learn how to achieve this here.

Afbeelding direct van klembord naar de tekst editor plakken

/1 Comment/in

Met deze plugin genaamd The Paste kun je screenshots direct in je bericht of pagina zetten, zonder deze eerst op te moeten slaan en dan weer te moeten uploaden!

Hoe handig is dat!

Een afbeelding direct van je klembord (geheugen) in de tekst-editor

Afbeeldingen direct van je klembord in de pagina of een bericht smijten. Hoe werkt dat?

Je download de plugin The Paste, activeert de plugin en vanaf dat moment kun je met CTRL + V gewoon afbeeldingen en screenshots in het bericht plaatsen zonder die eerst te moeten opslaan naar de computer en uploaden.

Waarom zou je deze functie willen?

  • Als je heel veel blogt, als je vaak je schermafbeelding wilt delen
  • Als je grote tutorials of artikelen schrijft met veel losse screenshots / afbeeldingen
  • Als je geen zin hebt om afbeeldingen continu te uploaden
  • Als je niet wilt zoeken en invoegen via de mediabibliotheek

Hoe komt een screenshot of afbeelding in mijn klembord?

Windows schermafbeelding maken
Het klembord van Windows zit standaard onder de Windows-logotoets + PrtScn-knop

Mac schermafbeelding maken
Bij mac zit een ClipBoard die je kunt benaderen via de onderstaande toetsencombinaties.
Volledig scherm: Command (⌘) + Shift + 3
Selectie: Command (⌘) + Shift + 4, sleep daarna om een gebied te selecteren.
Venster: Command (⌘) + Shift + 4, druk daarna op de spatiebalk en klik op het venster.

Notities en aanwijzingen toevoegen in de screenshots

Een pijltje, wat informatie toevoegen, ik raad LightShot aan. Die is kosteloos op moment van schrijven en werkt erg fijn!

Ja maar, SEO dan?

Je zou alts kunnen toevoegen, klik in je editor op de afbeelding en selecteer dan het potlood icoontje. En de bestandsnaam? Als je Google echt 101% te vriend wilt houden moet je de afbeeldingen toch los opslaan, een goede naam geven en dan uploaden.

The Paste gaat vooral om gemak en snelheid 😉

WordPress help – What if your WordPress website has been hacked?

/0 Comments/in

What are possible indications that your WordPress website is hacked?

  1. If the website loads very slowly for days/months, your WordPress website may be hacked. (Test the speed: Speedtest)
  2. If your WordPress website unexpectedly redirects you to an unknown website.
  3. When your hosting provider takes your WordPress website offline due to spamming.
  4. If the visitor results in analytics show large numbers of visitors from countries like China, while the website is in Dutch.
  5. If the website no longer appears without any modifications or updates being made.

What happens when your WordPress website is hacked?

If your WordPress website is hacked, a script has found an unsecured opening through which it can modify or place files on the server.

Since WordPress is open source, scriptwriters can look for vulnerabilities and exploit them.

These vulnerabilities can be found in plugins, themes, or WordPress files themselves.

Note! The scripts made to test WordPress websites for vulnerabilities are automated. They are written by people all over the world, with the aim of advertising their own websites or products to a large number of websites.

The snowball effect of a hack

A PHP file written to hack WordPress websites can simply be placed on a server by someone unknown and will spread itself.

It starts with one website, the snowball, and once it starts rolling and spreading to multiple websites (i.e., servers), it multiplies the reach of the hack. Ultimately, you end up with an avalanche of scripts that test and infect websites.

All these scripts send requests to the website (and thus the server), causing files to be requested so often that even a well-secured website becomes slow due to the influx of requests.

Who writes hack scripts/viruses?

The authors of the scripts can be teenagers looking to get rich quick at the expense of others, or “poor but brilliant programmers” in countries where there may be no work. They sit at home and can set up this cybercrime relatively anonymously. They may have never hacked a WordPress website of someone they know and often see it as innocent “entertainment” or a financial necessity, not considering themselves cybercriminals but rather creators of “something big” that is successful.

What can you do against these scripts/viruses if your website is hacked?

You can look for and remove them, but always make sure to create a backup of the website before deleting any files.

The files that a script has placed are often cleverly hidden, sometimes up to three directory structures deep. Think of locations such as httpdocs/wp-content/plugins/the-plugin/incl/

The names of the files often change, making it difficult for server software to recognize them. Some examples I often encounter on hacked websites:

  • Object.php
  • Incl.php
  • Article.php
  • Index.html

But they can also use randomly generated numbers or letters at the time of infection.

Then you get changing filenames like:

  • 15738.php
  • rfjrjgh.php

Due to the changing filenames, the server security cannot add them to their database as a recognition point.

Can the server detect and remove hack files based on their content?

The server cannot differentiate between plugins that are allowed to send emails, such as Contact Form 7, and a script designed to send spam. Even if it detects a potentially dangerous function, it will not block its functioning.

Is a security plugin enough to prevent a hack?

A plugin developed to secure WordPress reduces the chances of scripts gaining access to your website.

These plugins set write permissions correctly and adjust the standard WordPress values that are most commonly used by scripts and hackers. iThemes Security PRO NL even sends you an email when files are unexpectedly modified, indicating that a script is active on the server.

Security plugins like iThemes Security PRO NL block most scripts. However, well-crafted scripts, coded by an intelligent team, can still find ways to access the server or the database.

What is the next step after removing the hack scripts from the website/server?

Removing the files is only resolving the consequence; the cause and vulnerability still exist in the website, and your WordPress needs to be secured to prevent a recurrence.

You can read more tips on how to secure WordPress on my website www.wpbeveiligen.nl.

And you can choose a security package where we remove infected files, secure the website, and you can opt for 3-6-12 months of additional warranty.

The source code betrays your WordPress website

/0 Comments/in

The source code of a website is visible to everyone; in many browsers, you can press F12 or right-click to view the source code of a website.

broncode wordpress

What is the source code?

The source code is the raw version of the website without styling. The source code doesn’t display PHP code but it shows the output of PHP.

The source code displays only the specific page you requested the source code for. However, there are programs that can download the source code of the entire website.

What does the source code reveal about WordPress?

The source code of a standard WordPress installation reveals the version of WordPress.

meta generator wordpress

When hacking a WordPress site, knowing which version you are dealing with is one of the most crucial points.

But there are more pieces of information visible in the source code that can reveal weaknesses in your WordPress website.

Various plugins often leave some advertising behind.

meta generator plugin

Unfortunately, the theme can also be easily found in the source code, allowing hackers to check if that theme contains any exploits.

versie wordpress

What can you do against the open source code?

The source code will always be there, visible to every visitor and, most importantly, visible to Google. Google reads the source code of your website and uses that information to determine if your website is interesting for visitors.

It is essential to have a clear source code where the information of your website is the main player.

There are plugins that enrich the source code with important information such as the page title, the description that Google can display, and links to relevant articles and pages that visitors and Google can explore.

Can WPbeveiligen do something about the source code?

The information revealed in the source code can be altered. By using filters, sensitive information such as the WordPress release and the plugins used can be hidden, making it more challenging for hackers and hackbots to hack your WordPress site.

What is hackers code

/0 Comments/in ,

Base64 encoding is a technique used to convert code, such as PHP, into a line of numbers, letters, and characters. It was initially used in the mid-2000s to make a piece of copyright code unrecognizable or to prevent easy modifications. However, nowadays, Base64 is often used to obfuscate malicious code and hide it within websites. The encoded code remains unreadable until it is executed, becoming active once executed.

Free online Base64 encoders are available that can help execute or reveal the encoded code. As an example, I have taken the following code and run it through the encoder:

“`html
OntwerpExpert
“`

The encoded version looks like this:

“`
PGEgaHJlZj0iaHR0cDp3d3cub250d2VycGV4cGVydC5uZXQiPk9udHdlcnBFeHBlcnQ8L2E+
“`

As you can see, the encoded version is not easily recognizable, but it can be decoded back into its original form.

If your website contains Base64-encoded code, you may not notice it immediately. Such scripts are often written to operate stealthily, avoiding detection to remain active for as long as possible. The code can find its way into your website through vulnerabilities, not only as complete files but also as small lines in your index.php, header.php, and other files.

It is crucial to find and remove all instances of such code. A single line of code could serve as a backdoor and reintroduce the codes even after you have removed them.

**Prevention is better than cure.** To prevent scripts from adding code to your website, ensure that files are not writable where they shouldn’t be. Keep your plugins up to date as outdated plugins are often exploited by hackers to gain access to websites.

If you find Base64-encoded code in your website’s theme, plugins, or uploads directory, it is highly likely that your website has a vulnerability. In such cases, it’s essential to seek professional help to remove the malicious code and secure your website. You can contact WPbeveiligen to assist you in this process.

The backup – a silent lifesaver

/0 Comments/in ,

**Before you know it, you’ve invested a significant number of hours into your website.** Writing a post over the weekend, updating on Monday, uploading photos on Wednesday, and sharing pages on Facebook and LinkedIn… Before you know it, you’ve spent about 100 hours working on your website. And your website is getting a decent amount of visitors!

And then, one day, you visit your website and see nothing but a piece of code indicating that your website has been hacked, and the data has been wiped from the database… Pages are gone! Visitors who were directed to those pages via Google, social media, and other websites are gone too.

Only when your data is gone, you realize how much you’ve lost. And you think, “If only I had a backup!”

**What is a backup?**

A backup is a copy of all your files on the server that you can restore in case something happens to your files in the future. And with a WordPress website, you need to ensure that you include the database in the backup because it’s not among the standard data!

**So, which files should you include in the backup?**

It’s mainly about the database. WordPress stores all text for posts and pages and the settings of your theme + plugins in the database.

After the database, it’s essential to secure the data, the images, the theme, and the plugins you use. You can find these in the wp-content folder on the server.

**How often should I make a backup?**

It is advisable to do this at least once a month so that you don’t lose too much data after a hack.

**How do I make a backup of the website?**

There are several ways to do this. If you have little experience with the server or FTP, the easiest method is to install a plugin that creates backups for you.

Plugins like IThemes Security, BackWPup, and various others do this in different ways.

**Make sure to configure the plugin properly** before relying on it for backups. There are usually various options to download the backup or store it in another location. Don’t store the backup among regular data (uploads map) because it may also get damaged during a server hack.

**If you’re handy with FTP, etc.**

If you are familiar with FTP, you can also manually copy the files to your computer using Filezilla or other software. Take at least the wp-content folder, but preferably the entire WordPress installation, including the main folder where important files like the .htaccess and wp-config are located.

For the database, you can often access it via phpMyAdmin, which is a management tool for the database available at most hosting providers. Go to the correct database and click on the “Export” tab in phpMyAdmin and download an SQL file or a zipped database.

**Does WPbeveiligen back up websites?**

Yes, the server automatically creates a backup every 7 days. And regularly, a backup is stored separately as the weekly backups are overwritten every week. WPbeveiligen has been hosting websites for years and knows how important it is to keep a backup. If you contact them, you can also request a customized hosting package.

Cheap is expensive, hacking is free

/0 Comments/in

What an old saying! Is “cheap is expensive” still valid nowadays?

**Is everything free to download on the internet?**

Yes, everything can be downloaded for free on the internet. Think of WordPress and all the information related to it. Setting up a WordPress website is just a matter of investing time and energy.

And yes, even illegal plugins are “free” to download. But in this case, the saying holds true: “cheap is expensive.”

These so-called “free” plugins have been uploaded online by people who want to profit from them. They insert code into the plugin that allows them to receive your login information or gain control over your website.

What happens then? Your website starts displaying ads for a product, or it links to strange websites.

And that’s not all. I regularly encounter websites, which, thanks to hackers, appear in Google search results with descriptions like “Buy your v i a g r a here.”

This is something you definitely don’t want! Promoting a product you have nothing to do with can be troublesome. Especially if your business has built a reputation, you certainly don’t want to be associated with such junk.

Most “free” plugins operate surreptitiously, so they won’t be detected easily. They may stop functioning when you’re logged in or display information only twice to visitors, making it hard for administrators to notice anything suspicious after three visits.

But for every new visitor, it’s an unpleasant experience. With such ads, visitors lose interest in exploring your website.

Ultimately, downloading “free” paid plugins and setting up a WordPress business website can cost you a lot of money, and as you can guess, it becomes expensive in the end.

**What to do if your website is hacked?**

If your website displays content unrelated to your services and information, thoroughly check your website.

If you have an SEO plugin, review the meta description.

However, it’s more likely that there is code injection. In your WordPress admin, go to Appearance > Editor and check the files of your theme.

Popular theme locations where hackers often insert their ads and scripts include header.php, index.php, page.php, single.php, homepage, and front pages. But it could also be injected into the database. Since WordPress stores all content in the database, it becomes an attractive place for hackers to place their code.

**Prevention is better than cure**

Yes, there’s another old saying, but it’s very applicable, especially for business websites. Once a website is hacked, you not only suffer the consequences of the hack but also need to remove all malicious code and backdoors, which takes a lot of time.

Then, the website needs to be secured, which again takes time and money.

**Putting a WordPress website online without security**

Putting a WordPress website online without security is like buying a car without locks. It may be fine for a while, but sooner or later, the wrong person will find your car.

At the beginning, when your website is new, it won’t be easily found by hackers or scripts, and there won’t be a problem. However, after some time, it’s just a matter of time before your website attracts scripts that test it for exploits (vulnerabilities).

**What do you recommend then?**

From experience, I recommend securing every important website. Any website that generates revenue and is critical to your business should be secured to avoid unnecessary costs.

**So, you’re just trying to make money!**

Well, that’s my recommendation, but at the same time, I’m giving away all the information for free on my website! As a programmer, hoster, and web designer since 2007, I’m already quite busy. However, I receive requests weekly to repair hacked websites, and I can see how frustrating it is for website owners.

For me, diving into the code and fixing it is straightforward. I know where to look to clean up the code within 10-15 minutes, or I can restore a backup.

But I realize that many people who haven’t found me on the internet yet may find it very frustrating when their website shows strange ads. It can be a search before they find someone who has been doing this since 2007 and enjoys restoring and securing websites.

That’s why I hope that people will have their websites secured before they get infected.

**Do you offer a guarantee?**

Yes! When I secure your website, I’m so confident in the quality of my work that I offer 6 to 12 months of guarantee. If a script or hacker still manages to get through, I will make sure your website is as good as new. I’ll restore a backup, secure the website, and ensure it runs perfectly. And it’s free, that’s the guarantee!

With my experience in WordPress since 2007, I know how websites function and the hack scripts that circulate online, as well as the tricks that hackers use.

I will secure your website as well as possible, and if your website gets hacked, I’ll find all the backdoors and make sure hackers and scripts can’t access your website anymore.

WordPress for business: the advantages and disadvantages

/0 Comments/in

**WordPress for Businesses: Pros and Cons**

When setting up a business website, you have various options. You can choose to hire a programmer-designer to develop a website with management capabilities, or you can opt for a WordPress website.

WordPress is currently the most popular Content Management System, and more and more entrepreneurs are choosing WordPress for their business websites. But what are the specific pros and cons of using WordPress for business websites? Let’s explore this topic in this article.

**Advantages of WordPress for Businesses**

There are several advantages of using WordPress for business websites. As an entrepreneur, you can benefit from the following advantages of WordPress:

1. **User-Friendly**: WordPress is easy to use, making it accessible to both beginners and experienced users. It allows users to develop beautiful websites using the CMS.

2. **Continuous Development**: WordPress is continuously evolving, with an average of eight updates per year. These updates ensure that the CMS remains up-to-date and improved.

3. **Wide Range of Functionalities**: WordPress offers over 40,000 plugins, providing users with endless possibilities to style and customize their websites as they wish.

4. **Search Engine Optimization (SEO)**: The technology behind WordPress is designed to offer many possibilities for search engine optimization, allowing your website to rank well on Google.

5. **Cost-Effective**: WordPress is open-source, and its development work is already done. You only need to pay for website design or even nothing if you decide to do it yourself.

As you can see, WordPress for businesses has several advantages. It’s not surprising that WordPress is currently the most popular CMS, with its user-friendly and cost-effective system continuously evolving and offering a wide range of functionalities while being SEO-friendly.

**Disadvantages of WordPress for Businesses**

Unfortunately, there are some disadvantages associated with using WordPress for businesses, with the primary concern being security. This is due to three factors:

1. **Open-Source Code**: WordPress has open-source code, meaning anyone can access it. Unfortunately, some people use this information for malicious purposes, making WordPress security less reliable.

2. **Vulnerable Plugins**: While plugins add functionality, they can also be a security risk. Many plugins are infected with viruses or provide easy access to hackers.

3. **Lack of Knowledge**: WordPress provides features to improve website security, but many users are unaware of how to implement them effectively. This lack of knowledge leaves many WordPress websites vulnerable to attacks by hackers.

To reduce vulnerability to viruses and hacking, users need to take active steps to enhance their WordPress website’s security. Unfortunately, many users are unaware of the necessary actions, leading to frequent encounters with viruses and hackers. This is the most significant disadvantage of using WordPress for businesses.

**Conclusion**

Using WordPress offers several benefits, including its user-friendliness, continuous development, vast functionalities through plugins, SEO features, and cost-effectiveness. The only major drawback of WordPress is its vulnerability to security breaches. To avoid encountering viruses and hackers, users need to take certain actions or ensure their WordPress websites are adequately secured. As many users lack the knowledge to implement security measures, they often face issues with viruses and hackers.

If you are still uncertain about WordPress, you can click here to compare your options!