Are attacks on WordPress websites a thing of the past?

/0 Comments/in

Every WordPress website is hosted by a web hosting company, a company with several server security specialists. Large web hosts employ IT professionals with 30-50 years of cybersecurity experience.

Many people with a WordPress website therefore assume that it is within the capabilities – and even responsibilities – of the web hoster to keep the website hack & malware free.

After all, the attacks are done on the website towards the server right? And malware + hacks eventually end up on the hoster’s server. Right?

In the video below (english), Mark Maunder, the Founder & CEO of WordFence – 1 of the largest WordPress antivirus services – explains that because of connection encryption (TLS), it is hardly possible for hosting companies to identify and/or directly stop attacks. Only the elaboration can be identified. But in many cases that is already too late.

ance attacks are constantly changing & the elaboration (payload, hack, malware) are constantly changing & there is still a piece of customer privacy and self-determination over the website & the server is made for performing tasks and not blocking… it is not feasible for web hosts to recognize, block, and remove all malware.

For that reason, as a WordPress security specialist, I still have work to do 😉

But WordFence has now launched an interesting service.

WordFence Intelligence

WordFence’s security experts see millions of attacks, and their effects, through the WordFence plugin.

Based on that information, they can fairly quickly determine which hacks & IP addresses come from hacked or rogue servers. They are going to make that information of those addresses and hacks available to web hosts via a WordFence Intelligence API.

Will that be a solution that will prevent all attacks and malware on web hosts’ servers in the future?

There will always be a 30-60 minute “wait time” between attacks, their processing and blacklisting/information.

So 100% protection cannot be provided by this tool for web hosting companies either, but it can address the biggest dangers. It can stop thousands of Web sites from being attacked!

And better yet, that thousands of requests on the server via changing ip’s are blocked faster which benefits server capacity and reduces power costs.

So a good development!

But who knows, maybe we will gradually move toward a time when massive attacks on millions of websites will become a thing of the past.

Until then, as a website owner, make sure that your website is at least protected with an antivirus plug-in with firewall, or better yet, have your website protected!

Shared webhosting

/0 Comments/in

Actually every hosting package is shared, renting a server quickly costs hundreds of euros per month and nobody wants to spend that.

So what does the web hoster do? It cuts the server capacity into parts.

Important to realize with Shared web hosting

The number of websites you share the server with can impact the loading speed of your website. With the cheapest hosting packages, you may be sharing a server with 100-250 other websites!

Het risico van een Shared server

  1. Als 1 van die websites in een “loop” beland – het oneindig herhalen van een servercommando kan de server traag worden waardoor de laadtijd van je website zomaar omhoog schiet naar 10-15 seconden. Een loop wordt niet altijd even snel ontdekt en kan weken doorgaan.
  2. Als een website op de server aangevallen wordt met een DDOS aanval kan jouw website onbereikbaar worden. Dit is meestal met 1, maximaal 2 dagen opgelost doordat de webhost de aangevallen website offline haalt of verhuisd van server.
  3. Als websites campagnes starten, advertising kan dat zorgen voor bezoekerspieken waardoor je website tijdelijk traag wordt. Dit kan meerdere keren per maand/jaar voor blijven komen.
  4. Als een website door malware geïnfecteerd raakt kan die gaan spammen, dat betekent dat er honderden e-mails vanaf de server verzonden wordt waardoor de server na enkele dagen tot een week op de blokkade-lijsten komt te staan van veel internetdiensten zoals internet-providers, e-maildiensten. Daardoor word e-mail van jouw website ook geblokkeerd!

The Risk of a Shared Server

  1. If one of those websites ends up in a “loop” – the infinite repetition of a server command, the server can become slow, causing the loading time of your website to skyrocket to 10-15 seconds. A loop is not always detected quickly and can go on for weeks.
  2. If a website on the server is attacked with a DDOS attack, your website can become unreachable. This is usually resolved with 1, maximum 2 days as the web host takes the attacked website offline or moves it from server.
  3. When websites launch campaigns, advertising can cause visitor spikes that temporarily slow down your website. This can continue to occur several times per month/year.
  4. If a website gets infected by malware, it can start spamming, which means that hundreds of e-mails are sent from the server, causing the server to end up on the blocking lists of many Internet services such as Internet service providers, e-mail services after a few days to a week. As a result, email from your website will also be blocked!

The consideration, shared hosting package or not?

keuze hostingpakket kosten

Small informative website

If you have a small informative website such a Loop or DDOS attack will not make much difference, the web hoster usually makes sure that the server is up and running again within 4-48 hours and your website will be accessible again.

The Shared hosting packages you often have already for 3-10 euros per month, which are often called “Basic, Standard or Starter”. They usually host many other websites.

Webshop

If you have a webshop with many visitors, it is best to choose a hosting package with fewer other websites.

For a webshop package you pay between 25-50 euros per month. Such a package is called a Webshop, Business or Premium package.

Large corporate website or high-traffic website

And if you really want to be sure that you are not bothered by other websites, for example if you have a high-traffic website with thousands of visitors, then take a Dedicated package. Then you have an allocated server capacity that is separate from other packages.

For a DDS, which you can best get Managed, you quickly pay 55-150 euros per month.

Summary: don’t choose the cheapest hosting package of 1-2 euros per month when your website is an important source of income for you that you can’t miss for a day and take a package higher when you have a webshop.

 

NOTE: Often you will see a package that does not cost 10-50 euros per month but only 1-5 euros per month. This is often only for the first few months!!! After that you start paying full price. So pay attention to that before you buy a 50+ euro package that you have to start paying monthly.

What is spam

/0 Comments/in

Spam is unwanted email that often has a commercial background, such as advertising products or services.

What makes an email spam is that you receive it without having signed up for the advertisement.

How does a “spammer” get your email address?

They are obtained by computers using scripts (also called BOTS) from websites that can be found on Google.

Place a contact form

It is advisable to use Contact form 7. With Contact form 7 you can place a contact form on your website.
The customer can send you a message that appears in your mailbox, without revealing your email address on the website.

Legislation on spam

It is legally required to provide recipients of advertising with the option to unsubscribe.
Therefore, you often find a link at the bottom of the email, in very small letters: unsubscribe here.

Be careful when unsubscribing, as they may use tricks.
Read carefully what it says, otherwise you may click on a sentence like:
Do you not want to receive email from third parties but do want to receive email from us? Click here…

Then you’re still stuck with it!

What WPbeveiligen does against spam

Of course, we are actively involved in making websites hack-free. Websites are often hacked to send spam!

We also offer hosting with the necessary spam filters so that you receive less spam.
We also have various manual options to prevent spam, such as setting filters based on domain name, email address, specific words, and more!

 

25 reasons to use WordPress for your corporate website

/0 Comments/in

 

  1. WordPress is open source, free to use
    As they themselves have stated on their website for over 10 years, ”WordPress is free and always will be”.
  2. 95% of all web hosts support WordPress
    WordPress runs on PHP and MySql
  3. The installation is easy
    At many web hosts, it takes just a few clicks without you having to worry about files and the database
  4. WordPress allows themes as well as templates
    With thousands of free themes and temaplate options, your website can take any form you can think of
  5. WordPress is search engine friendly by default
    The structure of pages is well picked up by Google
  6. There are numerous formatting options for texts
    Whether you want to use titles, bold, quotes or video from YouTube, it is all possible without difficult html codes or embed codes.
  7. You can switch between the visual editor and html editor
    Although the visual text editor gives you many possibilities, you can still quickly switch to html view to insert html codes
  8. You can divide news items into topics and post types
    So you can add a pre-set layout
  9. WordPress is available in more than 100 languages
    Since 2022 you can choose which language you want to manage your website in at the login screen so you can start working in your own language right away
  10. With plugins you can easily add features to your website
    There is a plugin database with more than 55,000 free plugins available
  11. WordPress has a support forum
    This forum is maintained by members and various administrators, here you can personally get answers to your questions about WordPress codes, using WordPress, Plugins and themes
  12. WordPress is currently the most widely used website system
    WordPress is used by millions of large companies, news blogs, for web shops (WooCommerce) and startups
  13. WordPress is used by millions of programmers and website builders
    Right now in every city you have website agencies working with WordPress so you always have someone to manage, modify or improve your website
  14. WordPress will be 20 years old next year (2023)
    WordPress is one of the longest running systems with the most support over the years, Matt Mullenweg and his team have been managing WordPress for years with great success
  15. Security updates come out annually and sometimes even monthly that address the latest security threatsMatt Mullenweg and his team use their experience as well as the community (thousands of dedicated specialists) to release security updates to keep WordPress secure
  16. There are hundreds of Filters and Actions pre-programmed
    Those Filters and Actions allow you to create new features (plugins) without having to write hundreds of lines of code each time
  17. WordPress has a built-in comment system
    There is a standard form under each blog post or news item for visitors to leave a comment (you can also disable this)
  18. WordPress is a light and fast system
    WordPress is a well-optimized system that displays pages to visitors and Google within 1-3 seconds
    (The use of plugins or a web hoster with problems sometimes make WordPress slow, avoid this by being careful with the plugins that are installed)
  19. WordPress makes images web-friendly
    If you upload images from a high quality camera or phone they are much too large for internet use, that’s why WordPress instantly creates a few sizes you can choose from after uploading
  20. WordPress also has a webshop module
    With WooCommerce you can easily create a webshop that integrates with the style, navigation and shape of your website
  21. WordPress is user friendly
    There is also sufficient documentation for starters, so WordPress can be used not only by specialists but also by beginners
  22. WordPress has links with many large companies
    Many large companies – Bol, Amazon, accounting systems, planning software – have created plugins for WordPress that allow you to easily link your website to their services
  23. WordPress can be used on phones and tablets
    There are apps available that make it easier to manage WordPress on smartphones and tablets
  24. WordPress has export possibilities
    Data from your website can be exported in various ways, useful if you want to load the data into another program
  25. Logging in and managing your website is easy
    With the latest module from iThemes Security you can even login with face-id, or with an email link. This way you no longer have to remember passwords and you can easily manage the website from anywhere

 

Styling your page with CSS

/0 Comments/in

Quickly design some elements with CSS in your page or post, you can do it with this plugin!

You download the postpage specific custom css plugin and install it. Then on every page and post you will see a box where you can throw in CSS. How easy is that!

The advantages of this method/plugin:

  • The code only appears on 1 page, and will not modify the elements on other pages
  • The code is not loaded on other pages which is better for your SEO and loading speed
  • You no longer have to look for the page ID to modify this element only on a specific page
  • You no longer have to look up the page in the regular Customizer which would load the code directly on every page

Remove unnecessary images from your media library

/0 Comments/in

How do you get rid of all those unused and unnecessary images in your media library? Do you have to delete them 1-by-1? And what if the image was used anyway?

With the WPS cleaner plugin for WordPress you can find and remove unused images from your media library for free. The deletion can be done in bulk, meaning you can delete 30 at a time with 1 click!

Have no fear, the plugin first checks that your images are no longer used anywhere.

At the time of writing, WPS Cleaner checks that your images are not used in:
Content of a post, Featured thumbnail, Website icon, Image Widget and Gallery, Woocommerce, DIVI Builder, Logo DIVI, Beaver Builder, Elementor, Visual Composer.

Note that if you have a lot of images, the plugin is going to analyze them first. That can take a while!

Installing WPS Cleaner

You can install WPS Cleaner through your admin > plugins > New plugin > WPS Cleaner
But also download it from WordPress.org and upload it to your plugin menu!

Download WPS Cleaner

Disclosures from the WordFence security whitepaper

/0 Comments/in

WordFence is 1 of the biggest in malware protection, they have an excellent firewall that they use to stop attacks from millions of unwanted IP addresses.

Now they have written a white paper (which you can read here) with new revelations in the field of security and also where most problems arise.

  1. Websites that are not maintained
  2. Plugins that are no longer updated by programmers
  3. Nulled plugins are still being used.
    These are plugins that actually have to be bought but are provided for free by criminals. Free is not the right word, since you pay by means of the malware that the criminals put on your website via the Nulled plugin.
  4. Most successful hacks still come from brute-force guessing of usernames and passwords.

Are you already aware of the above 4 points? There are many more in the whitepaper!

123456 not the most popular password after nine years, which one is?

/0 Comments/in

According to NordPass, a ‘password manager,’ ‘password’ is currently the most used password in the world. However, ‘123456’ remains very popular – Notwithstanding that it has been number one for years, it is still very commonly used, we currently encounter ‘123456’ in second place.

NordPass recently released the results of its annual survey of the most commonly used passwords. The survey was conducted in 30 countries.

Is your password among these?

Act fast is the message, change your password today before it’s too late.

No idea how best to create a “secure” password? Here are some tips :

Tips for securing your passwords

1. Create long, unique passwords and never reuse them.

2. Strongest passwords consist of Complicated combinations of numbers, uppercase letters, lowercase letters and symbols.

3. Use a password manager. such as Dashlane, among others This technological solution encrypts stored passwords and enables secure sharing. Too often passwords are still stored in an excel sheet, which makes it very easy to retrieve passwords.

Still no idea how to compose a secure password, you can also use a password generator, of which many free versions can be found. e.g. lastpass.com can be used to generate a password.

Do you also need to upgrade from PHP 7.4?

/0 Comments/in

Did you get an email from your hosting company telling you to raise the current PHP version? Or that they are raising the PHP version for you soon?

What does this mean for you? Is raising the PHP version really necessary? What now if your website crashes on php 8 and higher?

We are going to answer this for you!

Is raising PHP version really necessary?

Yes, the reason is that PHP 7.4 is no longer supported as of November 28, 2022. Thus, there will be no more security updates for PHP 7.4 from this date.

How big an impact does PHP have on your website?

PHP is a programming language in which most of WordPress is written.
Every element in WordPress, every piece of information in your website is processed by PHP. And additionally a bit by html, css and some ajax/jQuery.

What should you do with PHP version 7.4 or lower?

If your web host expects you to increase the php version on the server, it is a matter of logging into your hosting panel, or directadmin/cpanel or plesk and going to the php settings there.
You will often see a dropdown that shows 7, 7.4 or in the worst case even 5.6.
Set it to 8.0 or preferably the latest one like 8.4 or higher.

Can’t figure it out? Consult the hoster’s documentation, contact their support department or hire a professional to do it for you.

But what if your site doesn’t work on PHP 8.0 or higher?

Some themes and plugins are not updated by the developers. Those themes and plugins then still work on PHP 7 but crash when you switch to PHP 8 and above….

How do you know if your website is not ready for php 8.0 and higher?

If there are plugins or themes on your site that have not been fully updated, chances are that this will cause the following error message on one of your pages:

What to do with this critical error?

This error message that WordPress shows you by default will not help you any further.

To understand where the error is occurring, you can look in the logs:

  1. The error log at your host
    Consult the error log at your host. What is the error log? The error log is the log file that contains the PHP errors. This contains not only the information about the specific error and where it specifically goes wrong, but also the path in that error code then tells you where it goes wrong.
  2. The WP Debug mode
    Another option is to set WP_DEBUG to “true” in the wp-config.php file. This file is located in the folder where your WordPress is installed on the server. You can access the files via (S)FTP or if your host’s control panel has a file management option, you can also make changes that way.

The error usually comes from a theme or plugin… that hasn’t been updated yet.

Make sure all plugins and your theme are updated. And when possible, only perform the PHP update after that. If everything in your website is up to date, but still errors occur due to 1 of the plugins or theme…. Contact the developer of the plugin or theme.

If they do not respond, do not offer a solution, or indicate that the problem is not caused by them, you can contact a professional who may be able to solve the error for you.

This is how to recognize a virus file!

/0 Comments/in ,

For me as a WordPress specialist, it’s easy to see which files don’t belong on the server. But there are also several ways you can recognize a virus file or a spam file!

This is how you recognize a virus file

  • The file has a different modification date on the server.
    All files have the modification date from when you installed WordPress, but the virus file has a more recent date.
  • The file has a code that is unreadable, all numbers and letters mixed together.
    The file is often encrypted, All you can read then is eval65. This is the encoding after which the numbers and letters come. The server executes this strange code like regular php but it is not readable to humans like regular php is.
  • The file has a strange name.
    Since files should not be recognizable by virus scanners from the server, the name is generated so you get random letters and numbers as the file name.
  • Often the file is located in the httpdocs/root of the website.
    Since directories change quite often, the hacking scripts often target the root directory of your website. But there is also a fairly good chance that there are multiple files. Consider the wp-includes folder and the uploads folder.
  • The file is 9-of-the-10x a .php file.
    Php files can execute scripts, which is why they are usually php files and very occasionally html.

These are some ways to recognize files put on your server by a script. However, if your WordPress is leaky, they can also inject lines of code into your existing files. These are therefore more difficult to detect.

They often put the lines of code in the index.php, the header.php or in the WordPress core files.

Beware! Once you have removed the files, the problem is not solved. After that, it is important that you secure WordPress and make sure there is no more code in your website. This is because if there is a so-called backdoor in your website, they can still place files on your server through that route. And yes, this unfortunately happens often.