Cheap is expensive, hacking is free

/0 Comments/in

What an old saying! Is “cheap is expensive” still valid nowadays?

**Is everything free to download on the internet?**

Yes, everything can be downloaded for free on the internet. Think of WordPress and all the information related to it. Setting up a WordPress website is just a matter of investing time and energy.

And yes, even illegal plugins are “free” to download. But in this case, the saying holds true: “cheap is expensive.”

These so-called “free” plugins have been uploaded online by people who want to profit from them. They insert code into the plugin that allows them to receive your login information or gain control over your website.

What happens then? Your website starts displaying ads for a product, or it links to strange websites.

And that’s not all. I regularly encounter websites, which, thanks to hackers, appear in Google search results with descriptions like “Buy your v i a g r a here.”

This is something you definitely don’t want! Promoting a product you have nothing to do with can be troublesome. Especially if your business has built a reputation, you certainly don’t want to be associated with such junk.

Most “free” plugins operate surreptitiously, so they won’t be detected easily. They may stop functioning when you’re logged in or display information only twice to visitors, making it hard for administrators to notice anything suspicious after three visits.

But for every new visitor, it’s an unpleasant experience. With such ads, visitors lose interest in exploring your website.

Ultimately, downloading “free” paid plugins and setting up a WordPress business website can cost you a lot of money, and as you can guess, it becomes expensive in the end.

**What to do if your website is hacked?**

If your website displays content unrelated to your services and information, thoroughly check your website.

If you have an SEO plugin, review the meta description.

However, it’s more likely that there is code injection. In your WordPress admin, go to Appearance > Editor and check the files of your theme.

Popular theme locations where hackers often insert their ads and scripts include header.php, index.php, page.php, single.php, homepage, and front pages. But it could also be injected into the database. Since WordPress stores all content in the database, it becomes an attractive place for hackers to place their code.

**Prevention is better than cure**

Yes, there’s another old saying, but it’s very applicable, especially for business websites. Once a website is hacked, you not only suffer the consequences of the hack but also need to remove all malicious code and backdoors, which takes a lot of time.

Then, the website needs to be secured, which again takes time and money.

**Putting a WordPress website online without security**

Putting a WordPress website online without security is like buying a car without locks. It may be fine for a while, but sooner or later, the wrong person will find your car.

At the beginning, when your website is new, it won’t be easily found by hackers or scripts, and there won’t be a problem. However, after some time, it’s just a matter of time before your website attracts scripts that test it for exploits (vulnerabilities).

**What do you recommend then?**

From experience, I recommend securing every important website. Any website that generates revenue and is critical to your business should be secured to avoid unnecessary costs.

**So, you’re just trying to make money!**

Well, that’s my recommendation, but at the same time, I’m giving away all the information for free on my website! As a programmer, hoster, and web designer since 2007, I’m already quite busy. However, I receive requests weekly to repair hacked websites, and I can see how frustrating it is for website owners.

For me, diving into the code and fixing it is straightforward. I know where to look to clean up the code within 10-15 minutes, or I can restore a backup.

But I realize that many people who haven’t found me on the internet yet may find it very frustrating when their website shows strange ads. It can be a search before they find someone who has been doing this since 2007 and enjoys restoring and securing websites.

That’s why I hope that people will have their websites secured before they get infected.

**Do you offer a guarantee?**

Yes! When I secure your website, I’m so confident in the quality of my work that I offer 6 to 12 months of guarantee. If a script or hacker still manages to get through, I will make sure your website is as good as new. I’ll restore a backup, secure the website, and ensure it runs perfectly. And it’s free, that’s the guarantee!

With my experience in WordPress since 2007, I know how websites function and the hack scripts that circulate online, as well as the tricks that hackers use.

I will secure your website as well as possible, and if your website gets hacked, I’ll find all the backdoors and make sure hackers and scripts can’t access your website anymore.

WordPress for business: the advantages and disadvantages

/0 Comments/in

**WordPress for Businesses: Pros and Cons**

When setting up a business website, you have various options. You can choose to hire a programmer-designer to develop a website with management capabilities, or you can opt for a WordPress website.

WordPress is currently the most popular Content Management System, and more and more entrepreneurs are choosing WordPress for their business websites. But what are the specific pros and cons of using WordPress for business websites? Let’s explore this topic in this article.

**Advantages of WordPress for Businesses**

There are several advantages of using WordPress for business websites. As an entrepreneur, you can benefit from the following advantages of WordPress:

1. **User-Friendly**: WordPress is easy to use, making it accessible to both beginners and experienced users. It allows users to develop beautiful websites using the CMS.

2. **Continuous Development**: WordPress is continuously evolving, with an average of eight updates per year. These updates ensure that the CMS remains up-to-date and improved.

3. **Wide Range of Functionalities**: WordPress offers over 40,000 plugins, providing users with endless possibilities to style and customize their websites as they wish.

4. **Search Engine Optimization (SEO)**: The technology behind WordPress is designed to offer many possibilities for search engine optimization, allowing your website to rank well on Google.

5. **Cost-Effective**: WordPress is open-source, and its development work is already done. You only need to pay for website design or even nothing if you decide to do it yourself.

As you can see, WordPress for businesses has several advantages. It’s not surprising that WordPress is currently the most popular CMS, with its user-friendly and cost-effective system continuously evolving and offering a wide range of functionalities while being SEO-friendly.

**Disadvantages of WordPress for Businesses**

Unfortunately, there are some disadvantages associated with using WordPress for businesses, with the primary concern being security. This is due to three factors:

1. **Open-Source Code**: WordPress has open-source code, meaning anyone can access it. Unfortunately, some people use this information for malicious purposes, making WordPress security less reliable.

2. **Vulnerable Plugins**: While plugins add functionality, they can also be a security risk. Many plugins are infected with viruses or provide easy access to hackers.

3. **Lack of Knowledge**: WordPress provides features to improve website security, but many users are unaware of how to implement them effectively. This lack of knowledge leaves many WordPress websites vulnerable to attacks by hackers.

To reduce vulnerability to viruses and hacking, users need to take active steps to enhance their WordPress website’s security. Unfortunately, many users are unaware of the necessary actions, leading to frequent encounters with viruses and hackers. This is the most significant disadvantage of using WordPress for businesses.

**Conclusion**

Using WordPress offers several benefits, including its user-friendliness, continuous development, vast functionalities through plugins, SEO features, and cost-effectiveness. The only major drawback of WordPress is its vulnerability to security breaches. To avoid encountering viruses and hackers, users need to take certain actions or ensure their WordPress websites are adequately secured. As many users lack the knowledge to implement security measures, they often face issues with viruses and hackers.

If you are still uncertain about WordPress, you can click here to compare your options!

WordPress plugins

/0 Comments/in

**WordPress Plugins and Security: How to Improve Your WordPress Security**

Many people see the thousands of plugins available for WordPress as a significant advantage of this popular CMS. However, when it comes to the security of the CMS, these WordPress plugins can also pose a problem. In this article, you will learn more about the security of WordPress concerning plugins. You will discover how WordPress plugins can cause issues, how to prevent problems with them, and how to enhance the security of your website using specific security plugins for WordPress.

**Why are some plugins bad for WordPress security?**

WordPress offers approximately 35,000+ different plugins. Unlike the technology and system behind WordPress, these thousands of plugins are not thoroughly audited and checked by WordPress for security. As a result, you might install a WordPress plugin that doesn’t improve or enhance your website but instead causes security problems. A plugin could contain a virus (hack file/backdoor), or it might expose your website to attacks by hackers due to specific vulnerabilities in the plugin. In the following sections, you will learn how to prevent these issues and how to improve your WordPress security using certain plugins.

**How do I prevent problems with WordPress plugins?**

As WordPress does not thoroughly check the security and reliability of the thousands of CMS plugins, it becomes your responsibility as a WordPress user to do so yourself or have it done by WPbeveiligen. Before installing a plugin for your WordPress website, there are several factors to consider to ensure you do not jeopardize your website’s security. These include:
1. **Plugin Rating**: If a plugin has been highly rated with four or five stars, it indicates that other users are satisfied with the plugin and that it is likely not harmful.
2. **Plugin Version**: Plugins with a detailed version number, such as 3.8.7.6.2, are more likely to have been updated and improved multiple times.
3. **Last Updated Date**: If a plugin has been updated recently, it means that the developers have made improvements compared to several months ago.
4. **Plugin Description**: A well-described and clear plugin is more reliable than one with no description or a brief description.
5. **Installation Description**: A clear and well-crafted installation description shows that the plugin developers have paid attention to details, making it more trustworthy.

By checking plugins based on the above points before installing them, you gain more control over the security of your WordPress website. There have been many cases where users installed a certain plugin and ended up having to rebuild their entire website, so ensure you do not face such problems by always verifying these factors for better WordPress security.

**Which plugins can I install to enhance WordPress security?**

While plugins can pose a danger to your WordPress website, there are also plugins available that can improve its security. These plugins include iThemes Security, Wordfence Security, and BulletProof Security. These security plugins not only provide you with the means to enhance your WordPress security but also guide you on how to do it best and, in some cases, even create backups of your website. It is highly recommended to install one of these plugins to improve the security of your WordPress website. In combination with the above tips to download only the right plugins, this is the best way to enhance WordPress security by making smart use of WordPress plugins.

WPbeveiligen dedicates itself weekly to securing websites, which gives them extensive knowledge about the workings and security of numerous plugins. WPbeveiligen also knows which security plugin is currently the most effective.

For peace of mind and assurance, entrust the security of your WordPress website to Mathieu from WPbeveiligen.

WordPress and hackers: how do I improve my WordPress security?

/0 Comments/in

**WordPress and hackers: How do I improve my WordPress security?**

A few years ago, WordPress had a bad reputation. The popular CMS was known for being an insecure platform, allowing hackers to easily infiltrate and damage WordPress websites. While the WordPress security and its image have improved over time, hackers still find ways to breach your WordPress website. In this article, we will explore three essential tips to enhance your website’s security and keep hackers at bay.

**Tip 1: Choose the right hosting**

Ensuring a secure environment for your website begins before you even start building it or creating a WordPress account. The first step to creating a secure website is selecting a trustworthy hosting company that can provide a safe internet environment for your WordPress site. Opting for an unreliable hosting company can put you at a disadvantage right from the start. Therefore, prioritize reliability and reputation over deals when choosing a hosting provider.

**Tip 2: Start off on the right foot**

Once you have found a secure and reputable hosting company, it is crucial to implement good security practices from the beginning. Here are some steps to improve your WordPress security during the setup process:
1. Adjust the Table Prefix: Change the default “_wp” table prefix to something more unique, like “8fjO18fkcJ_.” Hackers are aware of the default prefix, making it easier for them to infiltrate your website if you don’t modify it.
2. Choose a secure username: Never use the default ‘Admin’ username. Instead, opt for a username based on your real name or a nickname that is not easily guessable.
3. Set a strong password: A strong password should contain at least eight characters, including uppercase letters, lowercase letters, numbers, and special characters like ! and %.

By modifying the Table Prefix, selecting a unique username, and setting a strong password, you can reduce the risk of hackers easily accessing your WordPress website, thus enhancing your website’s security.

**Tip 3: Choose only reliable plugins and themes**

WordPress offers thousands of plugins and themes, providing users with a wide range of options. However, not all plugins and themes are secure. To prevent your website from becoming more accessible to hackers, it is essential to check the reliability and safety of plugins and themes before installing them. Evaluate their ratings, update frequency, and the quality of the descriptions and installation instructions. If you have doubts about a particular plugin or theme’s reliability, it’s best not to download it to avoid compromising your WordPress security.

**Conclusion**

To keep hackers from gaining access to your WordPress website and improve its security, take the following actions:
1. Choose a reliable and reputable hosting provider with years of experience.
2. Modify the Table Prefix, change the default ‘Admin’ username, and set a strong password during the initial setup.
3. Install only trustworthy plugins and themes.

By implementing these steps, you can significantly enhance your WordPress security and protect your website from potential hacker attacks.

For reliable hosting with enhanced security, you can trust WPbeveiligen. With experience since 2007, they are not only experts in security but also skilled WordPress website developers.

My WordPress website is sending spam, now what?

/0 Comments/in

If you receive a notification from your hosting provider or Google indicating that your website is sending spam, it means that your website has been infected with a file that is sending unauthorized emails to a list of addresses. This can lead to your website being blacklisted, and all email communication from your IP address might be blocked, causing significant issues, especially if you use your email for business purposes.

To address the issue and prevent further spamming, follow these steps:

1. **Check if you are on a blacklist**: You can use websites like `mxtoolbox.com` to check if your IP address is blacklisted. This will give you an indication if your email communications are affected.

2. **Identify and remove the spam file**: To find and remove the spam file, you need some background knowledge. Spam files are usually PHP scripts and are often encoded using `eval` or `base64`, making them difficult to recognize when opened in a code editor. Compare your current website files to a fresh WordPress installation to identify suspicious files. Look for files with unusual names or those added at a different time than the rest of your files.

3. **Fix the root cause**: Simply removing the spam file is not enough. You need to address the vulnerability that allowed the spam script to be uploaded to your server in the first place. Common ways spam scripts are uploaded include exploiting vulnerabilities in plugins, injections, or FTP access. Take steps to secure your WordPress website, such as updating plugins, using strong passwords, and following best security practices.

4. **Request de-listing**: Once you are confident that the spam file is removed and your website is secure, you can request de-listing from the blacklist. The de-listing process may take a few hours.

5. **Prevent future spam**: Implement security measures to prevent future spam attacks. Enhance your WordPress website security by following best practices and avoiding common security pitfalls.

Remember that maintaining the security of your WordPress website is an ongoing process. Regularly update plugins, themes, and WordPress core to patch vulnerabilities and regularly perform security checks to ensure your website remains secure and spam-free.

Removing the comment option completely in WordPress

/0 Comments/in

The provided code is designed to remove the comment functionality from various parts of a WordPress website. This can be useful for websites that do not require user comments and want to prevent potential spam or security issues associated with comments. Here’s an explanation of each section of the code:

1. `remove_admin_bar_links`: Removes the comment bubble from the WordPress admin bar.

2. `df_disable_comments_post_types_support`: Disables comments and trackbacks for all post types (such as posts and pages).

3. `df_disable_comments_status`: Disables comments and pings on the front-end (i.e., the website itself).

4. `df_disable_comments_hide_existing_comments`: Hides existing comments on the front-end.

5. `df_disable_comments_admin_menu`: Removes the “Comments” link from the WordPress admin menu.

6. `df_disable_comments_admin_menu_redirect`: Redirects direct access to the “Comments” page in the admin to the main admin page.

7. `df_disable_comments_dashboard`: Removes the recent comments box from the WordPress admin dashboard.

8. `df_disable_comments_admin_bar`: Removes the comments link from the WordPress admin bar.

If you add this code to your theme’s `functions.php` file, it will disable comments and related features across your WordPress website. Be cautious when modifying the `functions.php` file, as incorrect code can cause errors on your website.

Regarding removing existing comments, there are a few methods:

1. **Manually deleting comments**: If you have a relatively small number of comments, you can delete them manually from the WordPress admin dashboard. You can increase the number of comments displayed per page to make the process faster.

2. **Using a plugin**: There are plugins available that can help you delete all comments at once. One such plugin is “Delete All Comments.”

3. **Deleting comments from the database**: If you are familiar with database management, you can directly remove comments from the `wp_comments` table in the database. However, be cautious when making direct changes to the database, and always back up your database before attempting any modifications.

Remember, once you remove comments, they cannot be recovered, so it’s essential to make a backup before proceeding with any deletion process. Additionally, disabling comments using the code snippet provided will prevent new comments from being submitted, but it won’t remove existing comments from the database.

10 misconceptions about WordPress security

/0 Comments/in

These are some of the most common misconceptions about WordPress security that need to be addressed to stay a step ahead of hackers:

1. My password is unique, so nobody can guess it.

Unfortunately, hacking scripts use dictionary words and variations with numbers and characters to guess passwords, making even creative ones like “Stroopwafel” vulnerable.

2. Frequent updates will keep my website secure.

While updating WordPress regularly is crucial, security vulnerabilities can also exist in plugins, themes, and server settings. Immediate updates might cause conflicts, leading to errors on your website.

3. My competitor hacked my website.

In most cases, hacking scripts are responsible for around 90% of website hacks. These scripts test thousands of websites for vulnerabilities, spreading to new ones upon success.

4. My security plugin protects my website.

Hackers can bypass login panels and gain access to your website through server file vulnerabilities, making security plugins alone insufficient.

5. My hosting provider will notify me if there’s a problem.

When a website is hacked, it can be taken offline immediately to prevent server overload, spamming, and slow performance. Hosting providers may inform you afterward, but by then, your website could already be down.

6. Other CMS systems are more secure.

Other CMS systems may seem less targeted due to lower popularity, but they also face security vulnerabilities.

7. A more expensive hosting provider guarantees better security.

The cost of hosting doesn’t necessarily guarantee expertise in securing specific systems like WordPress.

8. Securing a WordPress website is easy after reading a few articles.

It takes months to learn all the tricks used by hackers, and continuous updates are required as new hacks emerge.

9. Once secured, always secure.

Security measures can protect your website from numerous hacks, but new vulnerabilities may be discovered in the future.

10. I can tell if my website is hacked.

Many hacking scripts operate in the background and can hide their presence. Website defacement or signs of hacking may not always be visible to website owners. Using a malware scanner like Sucuri can help effectively detect malware on your website.

Remember, securing a WordPress website requires continuous vigilance, staying informed about the latest threats, and using reliable security tools. Regular updates, strong passwords, security plugins, and professional support can go a long way in protecting your website from potential threats.

The Anti-Malware plugin

/0 Comments/in

As a security expert for WordPress websites, it can sometimes take longer than expected. Finding one line of code among more than 700,000 lines of unique code that a typical WordPress website contains is quite a challenge.

But occasionally, you come across something in the middle of the night that you think, “I must share this!”

That’s exactly the case with this Anti Malware plugin that takes a lot of work off your hands:

  • Automatically removes known backdoors
  • Blocks SoakSoak and other exploits of the Revolution Slider
  • Protects wp-login against brute force attempts
  • Updates Timthumb if it has outdated versions
  • Provides the option for a quick one-click scan
  • Allows you to check all .htaccess files with one click for redirects, etc.
  • Performs checks on dozens of server directories with one click

While this plugin is not an all-in-one solution against hackers and scripts, it is a useful tool to quickly scan the website for various malware scripts, backdoors, and .htaccess files.

If you landed on this article because you are looking for solutions for a hacked website, don’t make it too difficult for yourself and let WPbeveiligen clean and secure your WordPress website. That will save you many sleepless nights.

Premium themes: pros & cons of premium themes

/0 Comments/in

Premium themes from ThemeForest, Elegant Themes, and many other major theme developers are widely used. These themes are beautiful, versatile, and professional-looking.

However, both developers and hackers are well aware of this fact. Hackers know that these themes have been downloaded and used millions of times worldwide. As a result, hackers target these premium themes and write scripts that exploit vulnerabilities in the themes to upload files to the server.

You can read about what these uploaded files do here, and how to recognize these files here.

Premium themes have some major drawbacks when it comes to the security of your website. They contain 2 to 20 times more code than necessary.

Why Premium themes contain more code than necessary

Premium themes are designed to be flexible, offering various ways to display content. All these functionalities are pre-programmed.
Instead of having 3 templates for home, subpages, and single pages, they have 8 + site builders and several files that control the templates if you want to customize the content further, add sliders, social media functions, etc.

Even if you don’t use these features, they are still present on the server and can be accessed by hackers. If your website is not properly secured, they can even execute files, giving them considerable power.

Incorrect use of Premium themes

When used correctly, a premium theme is a “cheap” solution for developing a website. However, I often see the mistake of not using these flexible themes properly and making graphical modifications outside the theme’s capabilities in the code (hardcoding).

The problem with this is that you won’t be able to update the theme! Updates include new files, which means you will get graphical changes. Especially when a programmer has written the code (perhaps due to a lack of knowledge about premium themes and all their possibilities), you, as the website owner, cannot update without reapplying all the previous adjustments to the new version.

Often, premium themes are not updated, and therefore, they contain vulnerabilities.

Downloading a premium theme for “free”

Downloading a premium theme that should be paid for, for “free,” is the biggest mistake you can make!

Those who distribute these paid themes for free insert a piece of extra code into the theme.

This code publishes information that allows them to find the theme in Google. They then run a query on your website, gaining access to your server, the website, and your WordPress admin.

As I mentioned in a previous article: cheap is expensive, hacking is free.

The proper use of a premium theme

Before using a premium theme, you should familiarize yourself with its features. Then, take a careful look through all the menus the theme has set in your admin area and explore the possibilities so you can give your website the desired layout.

Most premium themes have pre-programmed options for setting and choosing the following:

  • Your logo
  • Sliders (using a built-in slider or Revolution Slider)
  • Theme colors
  • Intro texts, landing page texts, author texts
  • Favicon (the small bookmark icon)
  • Font choices
  • Forms
  • and more…

Additionally, the themes offer in-content shortcodes, tabs, jQuery solutions, and more.

In short, if you have purchased such a theme, you have a lot of options, and it is not a good idea to “conveniently” hardcode things directly into the theme.

After you have made all the settings in the admin panel and WordPress itself, you can update your theme, after creating a backup, when a new version is available. Some themes offer automated updates, while others require manual updates via FTP.

Tip for programmers/designers

Elegant Themes offers you access to all themes for one fixed price. They also have several plugins, such as additional shortcodes, that you can download, and themes in various categories.

Why you don’t get rid of a WordPress hack easily

/0 Comments/in

Hackers are very creative in creating scripts that are not recognized by the server, WordPress, or security plugins like WordFence & Ithemes security.
A hacker writes such scripts to use your website to advertise his own website where he displays sponsored ads or sells products.

There are several ways hackers can use your website to achieve this. As you read this article, you’ll understand why using a security plugin to scan your website is not enough to get rid of a hack.

WordPress hack 1: the cookie method

Using a cookie, the hack script is only loaded once per user. Due to this one-time activation, website owners may assume the hack is gone, if they even noticed it in the first place. The script is also programmed to be active only when a specific user agent is indicated. As a result, the server will not encounter the active script if the user agent is not detected as Chrome or mobile.

WordPress hack 2: the base64/eval method

The code is written in encoded PHP language, making it difficult for various scanners to detect which functions are being executed in a PHP file. The code is made up of numbers and letters, making it challenging to trace the source using a regular search & replace.

base64-example

Example of a piece of Base64 code

WordPress hack 3: the admin method

As a website owner, if you are logged in to the admin panel of WordPress, the hack is designed to disable itself when an administrator is logged in. This makes security scanners less effective or even completely ineffective.

WordPress hack 4: the iframe method

By using a simple line of code, a dynamic iframe can be loaded, allowing later pages to be called up with it. Since this is done via JavaScript, the code does not appear in the visible output of the source code.

To make matters worse, it is often designed to consider the host user, so not every browser will display the iframe.

By using inline code, the iframe is hidden from view.

WordPress hack 5: The Htaccess method

You could easily overlook this. In your root, you have the Htaccess file, which can redirect the browser to other pages. The trick that is often used is redirecting only Android devices to a domain where a file runs that redirects to another website from a list of malware sites at each visit. On a PC, you won’t see it, and you won’t be redirected.

In addition to these 5 methods we just discussed, there are many more possibilities that servers allow to redirect visitors to malicious websites. These methods are unknown to the regular programmer, and that’s why getting rid of a hack is not so straightforward.

As a WordPress website security specialist, I have seen a great number of tricks, and when the regular cleanup techniques such as thorough searching, updating, removing, and scanning do not yield results, it’s time to check the high-tech tricks.

To save yourself some sleepless nights and days of research, you can always contact WPbeveiligen.

With standard warranty and the possibility to extend WPbeveiligen’s service to a guarantee of 3, 6, or 12 months, you can be sure to have a secure website without having to have all the knowledge to preventively and actively block hackers and virus scripts.