What is a DDOS attack?

/0 Comments/in

Understanding DDoS Attacks and How Hosting Providers Handle Them

DDoS stands for Distributed Denial of Service, which means that multiple computers continuously send requests to a server until its processing power or bandwidth reaches its maximum limit. Once the server reaches its limit, other requests (visits to websites) become impossible. Despite being fast, a server will continue to process requests until it can no longer handle them.

Can a Good Hosting Provider Be Temporarily Disabled?

Yes, any hosting provider can be affected, and even good hosting providers are susceptible to DDoS attacks because they often host important websites, making them prime targets. With enough people or infected computers, even a fast server with robust security can be overwhelmed, causing it to slow down or become temporarily disabled. This applies to large companies, informational websites, or web services alike.

Why Would Someone Launch a DDoS Attack on Your Hosting Provider?

DDoS attacks are sometimes launched by hackers to disrupt (often large) companies. The motivations behind such attacks can be due to political reasons, personal dislike for a company, or for possible financial gain. DDoS attacks are becoming more common because attackers can launch them easily from the comfort of their computers or network spaces, assuming they can remain anonymous.

DDoS attacks differ from DOS attacks, which are carried out by a single computer. DDoS attacks involve multiple computers or servers under the control of the attacker through a Botnet, which is a network of infected machines (e.g., Trojans, Worms).

What Can Hosting Providers Do About DDoS Attacks?

Hosting providers have several options, each with its pros and cons:

  1. Limiting the server’s speed in sections to ensure only a small number of websites go down at a time. However, this approach can still lead to an overload if a group of websites on the server receives a high number of requests, causing issues even with smaller attacks.
  2. Tightening security measures to reduce the number of requests and limit certain server functions. This approach affects all website owners as it restricts the functionality of their websites.
  3. Employing sufficient staff to monitor the server 24/7 and respond promptly to excessive requests. Some hosting providers adopt this strategy, but it is labor-intensive and costly, which may result in increased prices.

Does a Hosting Provider Have Poor Quality if Uptime Is Not 100%?

Not necessarily, occasional downtime can happen, but it becomes an issue if it occurs frequently or for prolonged periods. A good hosting provider should ensure that the server is quickly restored. This requires well-trained personnel who conduct preventive checks and act promptly when necessary.

Research and experience with various hosting providers have shown that many of them have uptimes ranging from 90% to 99%, which is high considering the constant global activity of internet criminals.

What Can You Do Against a DDoS Attack?

You can take several measures to protect your website from DDoS attacks:

1. Keep your website up-to-date to reduce the likelihood of hackers gaining access to the server.

2. Regularly create backups of your WordPress website. Store them securely at home or use an external backup service provided by your hosting provider.

By taking these precautions, you can minimize the impact of DDoS attacks and ensure the security of your website.

Help! My WordPress admin is not accessible

/0 Comments/in

Issues with WordPress Admin and Possible Solutions

WordPress users often encounter problems with their admin area, especially after updates or activating plugins or themes. If you face such issues, here are some common problems and possible solutions if you want to fix the website on your own.

If Your Admin Is Not Accessible After Activating a Plugin:

Sometimes, plugins can cause issues when they conflict with other components, resulting in a white screen or an unresponsive admin area. If you can’t deactivate the plugin normally, follow this possible solution:

Possible Solution: Use an FTP editor like Filezilla to navigate to the “Plugins” folder (wp-content > plugins). Rename the recently activated plugin folder. This will automatically deactivate the plugin.

If Your Admin Stops Working After a WordPress Update:

Always create a complete data backup before updating!

WordPress updates can sometimes lead to an inaccessible admin area. This may be due to a conflicting plugin that can’t handle the latest update, or the update itself might not have been applied correctly, causing missing code or files.

Possible Solution: Use an FTP editor like Filezilla to manually upload the WordPress core files to the server. Update the following folders: wp-admin, wp-includes, and the root files. However, avoid overwriting the wp-config file, theme, and plugin folders. Refer to the image below to see which files to keep and which ones to update.

Do not overwrite these files: wp-content (contains plugins and themes), wp-config.php (contains database connection information), and .htaccess (contains permalink structure).

Overwrite the other files with those from a new WordPress release.

wordpress important files

If your website still doesn’t work after manually updating the files, it might be necessary to revert to an older version of WordPress. This is not an ideal solution but could be necessary for plugins with outdated code.

Remember, it’s always best to keep your WordPress installation, plugins, and themes up to date to minimize the chances of encountering such issues. If you are unsure or find the process too complex, seeking professional assistance is recommended to ensure a smooth and secure website.

Making a good website yourself

/0 Comments/in

Creating a Good WordPress Website on Your Own

If you want to create a good WordPress website on your own, it’s essential to keep the following points in mind:

1. Know Your Target Audience: Determine your target audience and tailor your website accordingly. For the business market, opt for a sleek and professional design with concise information. If targeting the average consumer, use an informative layout with eye-catching colors and images. For younger audiences, focus on visuals as they have shorter attention spans.

2. Brand Yourself: Consider how you want your target audience to perceive your brand. A professional image is crucial for businesses, while sympathy and approachability are essential for consumer-focused websites. Building a positive connection with your audience can increase the “gun” factor, encouraging consumers to choose your products or services.

3. Promote Your Website: Creating a website and waiting for visitors is like opening a shop in an obscure alley. You need to ensure people can find your website. Some methods include offering a unique product that generates word-of-mouth, using Google Ads for visibility, optimizing your content for search engines, distributing flyers and business cards, or sponsoring other companies for advertisement exchange.

4. Design and Style: Choose a style based on your target audience. Colors evoke specific emotions and moods. Warm colors create a different atmosphere than cool colors. For instance, commercials on TV often use cool colors when presenting problems and warm colors when showcasing their solutions. Consider the effects of different colors on your audience’s perception and emotions when designing your website and promotional material.

5. Showcase Your Product or Service: Clearly present your product or service on the website and provide sufficient information. Make sure visitors don’t have to search or guess what you offer.

Finally, after successfully creating your WordPress website, take measures to protect it from hackers and scripts that might use your website for their own advertising purposes. Secure your hard work and make sure your website stays safe and functional for your visitors.

Why did a hacker hack my website?

/0 Comments/in

Dat klopt, de meeste hackers richten zich niet specifiek op één bepaalde website. In plaats daarvan schrijven ze scripts of geautomatiseerde programma’s om tientallen, zo niet honderden, websites tegelijk te hacken. Deze scripts zijn niet selectief en proberen elke kwetsbare website die ze tegenkomen te gebruiken voor hun doeleinden.

De reden achter het schrijven van deze scripts is vaak om zoveel mogelijk reclame te verspreiden en zo geld te verdienen. Ze plaatsen bijvoorbeeld advertenties op gehackte websites of sturen e-mails via het domein van de gehackte website om producten of diensten te promoten die de hacker aanbiedt. Dit kan voor hen lucratief zijn, vooral als ze toegang krijgen tot een groot aantal gehackte websites en zo een breed publiek kunnen bereiken.

Voor veel hobbywebsites kan het verwarrend zijn waarom ze het doelwit zijn geworden van hackers, maar in werkelijkheid hebben de hackers waarschijnlijk geen specifieke reden om juist die specifieke website aan te vallen. Ze richten zich gewoon op kwetsbare websites in het algemeen om hun eigen winst te maximaliseren. Daarom is het belangrijk voor alle website-eigenaren, of het nu hobbywebsites zijn of bedrijfswebsites, om hun websites goed te beveiligen en regelmatig te controleren op mogelijke kwetsbaarheden. Zo kunnen ze de kans verkleinen om slachtoffer te worden van dergelijke geautomatiseerde hackpogingen.

Is WordPress security a job for the hosting provider?

/0 Comments/in

A WordPress website that is not properly secured and therefore gets hacked can cause problems on the server.

  1. The site starts sending spam.
  2. The site consumes all resources of the server.
  3. The server’s IP gets blacklisted.

These are issues that cannot be prevented by the hosting provider. They can, however, limit the consequences by taking your website offline until it is made hack-free.

You would expect the hosting provider to be able to solve these problems by securing certain aspects “better,” right?

However, this is not possible. Your WordPress website requires certain permissions on the server to function properly. For example, it needs the right to upload files to the media library.
The server will not prevent this, and even though the server scans files, it cannot detect whether a file is harmful or not due to the thousands of variations of virus scripts.

If your website gets blacklisted, more websites are affected

The server has only one IP address per server/VPS (computer). When a website starts sending spam, that server with that IP address can end up on the blacklist. As a result, outgoing mails are no longer allowed by other hosting companies, internet providers, and email providers who want to protect their server and customers from an abundance of spam.

Conclusion

It is up to you to make your WordPress website secure so that hack scripts cannot place harmful files on the server through vulnerabilities in your WordPress website or plugins.

You can learn how to achieve this here.

Afbeelding direct van klembord naar de tekst editor plakken

/1 Comment/in

Met deze plugin genaamd The Paste kun je screenshots direct in je bericht of pagina zetten, zonder deze eerst op te moeten slaan en dan weer te moeten uploaden!

Hoe handig is dat!

Een afbeelding direct van je klembord (geheugen) in de tekst-editor

Afbeeldingen direct van je klembord in de pagina of een bericht smijten. Hoe werkt dat?

Je download de plugin The Paste, activeert de plugin en vanaf dat moment kun je met CTRL + V gewoon afbeeldingen en screenshots in het bericht plaatsen zonder die eerst te moeten opslaan naar de computer en uploaden.

Waarom zou je deze functie willen?

  • Als je heel veel blogt, als je vaak je schermafbeelding wilt delen
  • Als je grote tutorials of artikelen schrijft met veel losse screenshots / afbeeldingen
  • Als je geen zin hebt om afbeeldingen continu te uploaden
  • Als je niet wilt zoeken en invoegen via de mediabibliotheek

Hoe komt een screenshot of afbeelding in mijn klembord?

Windows schermafbeelding maken
Het klembord van Windows zit standaard onder de Windows-logotoets + PrtScn-knop

Mac schermafbeelding maken
Bij mac zit een ClipBoard die je kunt benaderen via de onderstaande toetsencombinaties.
Volledig scherm: Command (⌘) + Shift + 3
Selectie: Command (⌘) + Shift + 4, sleep daarna om een gebied te selecteren.
Venster: Command (⌘) + Shift + 4, druk daarna op de spatiebalk en klik op het venster.

Notities en aanwijzingen toevoegen in de screenshots

Een pijltje, wat informatie toevoegen, ik raad LightShot aan. Die is kosteloos op moment van schrijven en werkt erg fijn!

Ja maar, SEO dan?

Je zou alts kunnen toevoegen, klik in je editor op de afbeelding en selecteer dan het potlood icoontje. En de bestandsnaam? Als je Google echt 101% te vriend wilt houden moet je de afbeeldingen toch los opslaan, een goede naam geven en dan uploaden.

The Paste gaat vooral om gemak en snelheid 😉

WordPress help – What if your WordPress website has been hacked?

/0 Comments/in

What are possible indications that your WordPress website is hacked?

  1. If the website loads very slowly for days/months, your WordPress website may be hacked. (Test the speed: Speedtest)
  2. If your WordPress website unexpectedly redirects you to an unknown website.
  3. When your hosting provider takes your WordPress website offline due to spamming.
  4. If the visitor results in analytics show large numbers of visitors from countries like China, while the website is in Dutch.
  5. If the website no longer appears without any modifications or updates being made.

What happens when your WordPress website is hacked?

If your WordPress website is hacked, a script has found an unsecured opening through which it can modify or place files on the server.

Since WordPress is open source, scriptwriters can look for vulnerabilities and exploit them.

These vulnerabilities can be found in plugins, themes, or WordPress files themselves.

Note! The scripts made to test WordPress websites for vulnerabilities are automated. They are written by people all over the world, with the aim of advertising their own websites or products to a large number of websites.

The snowball effect of a hack

A PHP file written to hack WordPress websites can simply be placed on a server by someone unknown and will spread itself.

It starts with one website, the snowball, and once it starts rolling and spreading to multiple websites (i.e., servers), it multiplies the reach of the hack. Ultimately, you end up with an avalanche of scripts that test and infect websites.

All these scripts send requests to the website (and thus the server), causing files to be requested so often that even a well-secured website becomes slow due to the influx of requests.

Who writes hack scripts/viruses?

The authors of the scripts can be teenagers looking to get rich quick at the expense of others, or “poor but brilliant programmers” in countries where there may be no work. They sit at home and can set up this cybercrime relatively anonymously. They may have never hacked a WordPress website of someone they know and often see it as innocent “entertainment” or a financial necessity, not considering themselves cybercriminals but rather creators of “something big” that is successful.

What can you do against these scripts/viruses if your website is hacked?

You can look for and remove them, but always make sure to create a backup of the website before deleting any files.

The files that a script has placed are often cleverly hidden, sometimes up to three directory structures deep. Think of locations such as httpdocs/wp-content/plugins/the-plugin/incl/

The names of the files often change, making it difficult for server software to recognize them. Some examples I often encounter on hacked websites:

  • Object.php
  • Incl.php
  • Article.php
  • Index.html

But they can also use randomly generated numbers or letters at the time of infection.

Then you get changing filenames like:

  • 15738.php
  • rfjrjgh.php

Due to the changing filenames, the server security cannot add them to their database as a recognition point.

Can the server detect and remove hack files based on their content?

The server cannot differentiate between plugins that are allowed to send emails, such as Contact Form 7, and a script designed to send spam. Even if it detects a potentially dangerous function, it will not block its functioning.

Is a security plugin enough to prevent a hack?

A plugin developed to secure WordPress reduces the chances of scripts gaining access to your website.

These plugins set write permissions correctly and adjust the standard WordPress values that are most commonly used by scripts and hackers. iThemes Security PRO NL even sends you an email when files are unexpectedly modified, indicating that a script is active on the server.

Security plugins like iThemes Security PRO NL block most scripts. However, well-crafted scripts, coded by an intelligent team, can still find ways to access the server or the database.

What is the next step after removing the hack scripts from the website/server?

Removing the files is only resolving the consequence; the cause and vulnerability still exist in the website, and your WordPress needs to be secured to prevent a recurrence.

You can read more tips on how to secure WordPress on my website www.wpbeveiligen.nl.

And you can choose a security package where we remove infected files, secure the website, and you can opt for 3-6-12 months of additional warranty.

The source code betrays your WordPress website

/0 Comments/in

The source code of a website is visible to everyone; in many browsers, you can press F12 or right-click to view the source code of a website.

broncode wordpress

What is the source code?

The source code is the raw version of the website without styling. The source code doesn’t display PHP code but it shows the output of PHP.

The source code displays only the specific page you requested the source code for. However, there are programs that can download the source code of the entire website.

What does the source code reveal about WordPress?

The source code of a standard WordPress installation reveals the version of WordPress.

meta generator wordpress

When hacking a WordPress site, knowing which version you are dealing with is one of the most crucial points.

But there are more pieces of information visible in the source code that can reveal weaknesses in your WordPress website.

Various plugins often leave some advertising behind.

meta generator plugin

Unfortunately, the theme can also be easily found in the source code, allowing hackers to check if that theme contains any exploits.

versie wordpress

What can you do against the open source code?

The source code will always be there, visible to every visitor and, most importantly, visible to Google. Google reads the source code of your website and uses that information to determine if your website is interesting for visitors.

It is essential to have a clear source code where the information of your website is the main player.

There are plugins that enrich the source code with important information such as the page title, the description that Google can display, and links to relevant articles and pages that visitors and Google can explore.

Can WPbeveiligen do something about the source code?

The information revealed in the source code can be altered. By using filters, sensitive information such as the WordPress release and the plugins used can be hidden, making it more challenging for hackers and hackbots to hack your WordPress site.

What is hackers code

/0 Comments/in ,

Base64 encoding is a technique used to convert code, such as PHP, into a line of numbers, letters, and characters. It was initially used in the mid-2000s to make a piece of copyright code unrecognizable or to prevent easy modifications. However, nowadays, Base64 is often used to obfuscate malicious code and hide it within websites. The encoded code remains unreadable until it is executed, becoming active once executed.

Free online Base64 encoders are available that can help execute or reveal the encoded code. As an example, I have taken the following code and run it through the encoder:

“`html
OntwerpExpert
“`

The encoded version looks like this:

“`
PGEgaHJlZj0iaHR0cDp3d3cub250d2VycGV4cGVydC5uZXQiPk9udHdlcnBFeHBlcnQ8L2E+
“`

As you can see, the encoded version is not easily recognizable, but it can be decoded back into its original form.

If your website contains Base64-encoded code, you may not notice it immediately. Such scripts are often written to operate stealthily, avoiding detection to remain active for as long as possible. The code can find its way into your website through vulnerabilities, not only as complete files but also as small lines in your index.php, header.php, and other files.

It is crucial to find and remove all instances of such code. A single line of code could serve as a backdoor and reintroduce the codes even after you have removed them.

**Prevention is better than cure.** To prevent scripts from adding code to your website, ensure that files are not writable where they shouldn’t be. Keep your plugins up to date as outdated plugins are often exploited by hackers to gain access to websites.

If you find Base64-encoded code in your website’s theme, plugins, or uploads directory, it is highly likely that your website has a vulnerability. In such cases, it’s essential to seek professional help to remove the malicious code and secure your website. You can contact WPbeveiligen to assist you in this process.

The backup – a silent lifesaver

/0 Comments/in ,

**Before you know it, you’ve invested a significant number of hours into your website.** Writing a post over the weekend, updating on Monday, uploading photos on Wednesday, and sharing pages on Facebook and LinkedIn… Before you know it, you’ve spent about 100 hours working on your website. And your website is getting a decent amount of visitors!

And then, one day, you visit your website and see nothing but a piece of code indicating that your website has been hacked, and the data has been wiped from the database… Pages are gone! Visitors who were directed to those pages via Google, social media, and other websites are gone too.

Only when your data is gone, you realize how much you’ve lost. And you think, “If only I had a backup!”

**What is a backup?**

A backup is a copy of all your files on the server that you can restore in case something happens to your files in the future. And with a WordPress website, you need to ensure that you include the database in the backup because it’s not among the standard data!

**So, which files should you include in the backup?**

It’s mainly about the database. WordPress stores all text for posts and pages and the settings of your theme + plugins in the database.

After the database, it’s essential to secure the data, the images, the theme, and the plugins you use. You can find these in the wp-content folder on the server.

**How often should I make a backup?**

It is advisable to do this at least once a month so that you don’t lose too much data after a hack.

**How do I make a backup of the website?**

There are several ways to do this. If you have little experience with the server or FTP, the easiest method is to install a plugin that creates backups for you.

Plugins like IThemes Security, BackWPup, and various others do this in different ways.

**Make sure to configure the plugin properly** before relying on it for backups. There are usually various options to download the backup or store it in another location. Don’t store the backup among regular data (uploads map) because it may also get damaged during a server hack.

**If you’re handy with FTP, etc.**

If you are familiar with FTP, you can also manually copy the files to your computer using Filezilla or other software. Take at least the wp-content folder, but preferably the entire WordPress installation, including the main folder where important files like the .htaccess and wp-config are located.

For the database, you can often access it via phpMyAdmin, which is a management tool for the database available at most hosting providers. Go to the correct database and click on the “Export” tab in phpMyAdmin and download an SQL file or a zipped database.

**Does WPbeveiligen back up websites?**

Yes, the server automatically creates a backup every 7 days. And regularly, a backup is stored separately as the weekly backups are overwritten every week. WPbeveiligen has been hosting websites for years and knows how important it is to keep a backup. If you contact them, you can also request a customized hosting package.