Archive for the ‘Web Hosting’ Category

Moving a WordPress Site to the Root Directory

Thursday, June 1st, 2017

There are a couple of common reasons people will want to move their WordPress website from a directory to the root directory.  The most common we’ve seen are:

  1. They installed WordPress in Softaculous’ default /wp directory, and don’t want to have to setup a forwarder for their website.
  2. They developed their site in a directory so that their website would not be offline or interfered with and now want to replace their existing site with the WordPress site.

While you can use the Duplicator plugin to create a zip archive of your website and then restore it in the root, there really is no need to create a large file to download and then re-upload.  The advantage of this is the plugin will rename all of the URLs that will need to be updated.  Disadvantage however is it is much slower, and potentially creates a very large file you will need to download and then re-upload.

Here’s how to do the move without the plugin:

1 – Backup Your Site

Before doing the move, to be safe, we recommend you use the backup wizard to create a backup of your home directory and MySQL database.  The backup Wizard will download the two backup files to your local hard drive.

  • Log in for your domain and open your cPanel
  • Click on Backup Wizard in the Files section
  • Click Backup, and then Home Directory and MySql Database

2 – Remove Old Files from the Root Directory

You can do this in a number of ways, deleting the files or moving them to a directory called something like “old_site”.

  • It is important that you delete or move the file called index.htm or index.html.  WordPress uses a file named index.php as its starting index file.  Most web servers, including ours, will load the html file before the php file.
  • Make certain there are no files in the root directory that would have the same name as any files that are in the directory where your WordPress website is currently.
  • If your WordPress site is currently using a caching plugin, deactivate the plugin and remove any cached files.

3 – Update WordPress’ Target Address

Log into your WordPress dashboard, and go to Settings > General, and update the target WordPress Address and Site Address so that the directory is removed.

When you click the Save button, you will immediately see a 404 Not Found error page.  Do not ba alarmed, that is normal.  You will be able to log in once you move your files in the next step.

4 – Move the Files

Using either FTP or the File Manager, you’re going to move the files from the directory WordPress is in to the root directory for your website.

Using FTP

Connect to your site using your usual FTP program (FileZilla shown here).  You should be connected with the /public_html directory as the current directory.  In our example, your computer’s file system is in the window on the left, and the server’s on the right.

  • On the server’s side, double click on the directory where the WordPress site is.
  • Click the very top file, scroll to the very bottom, and shift-click to select all of the files.
  • Drag and drop the files on the top icon which shows a yellow folder followed by two dots (..).

Using the cPanel’s File Manager

  • Open up the cPanel for your domain, and click the File Manager icon in the FILES section of cPanel.
  • On the left column, click the plus sign next to public_html.  This will show you on the left column what directories are in the root public_html folder.
  • Click on the directory name on the left column where WordPress is installed.
  • Select the upper most directory on the right window, and shift-click the bottom most file so all files and directories are highlighted.
  • Click Move on the top menu bar
  • A window will pop up.  Delete the directory name so only /public_html/ is displayed, and click the Move Files button.

5 – Update Permalinks

You now need to log in again to the WordPress dashboard.  Enter in your domain name followed by /wp-admin.  The final step in moving your site is to update the permalinks for your website.  Log into your WordPress dashboard, and navigate to Settings > Permalinks.  Click on Plain, and then the blue Save Changes button.  Once this has been saved, your site will now be fully functional.  It is highly recommended once you’ve completed this step, you update your permalinks again to “Post name” and click the Save Changes button again.  This makes your URLs more readable, and better for indexing by search engines.

6 – Setup 301 Forwarding

If there are external links or your site has already been searched and ranked by search engines, you’ll want to setup forwarding with the 301 redirect (permanent redirection) so that you can preserver your existing search engine rankings.  The redirection will also ensure anyone that’s linked to your old site’s location will still be able to find you.

  • On the cPanel, click on Redirects in the Domains section
  • Choose 301 option
  • Enter in the directory where WordPress was installed
  • Type in your domain name where WordPress has been moved to and click the blue Add button.

HTTPS with Advanced Hosting

Friday, May 19th, 2017

You may have read that Register4Less.com has added to our paid hosting plans Let’s Encrypt, a free open-source SSL certificate.  This certificate is now installed automatically when you order an advanced hosting plan, and has been installed for all existing paid hosting plans.

Benefits of having your site visitors connect using the https encrypted protocol include:

  • Better Search Engine ranking
  • Enhanced User Trust
  • Protect your User’s sensitive information

Forcing an https:// Connection

When people visit your website, but default if they type in your domain without specifying https://, they will connect with a standard unencrypted http:// connection.  Older links to your website may also not specify the secure protocol, so these would also provide un-encrypted connection.

You can however quite easily switch an http to an https connection by editing your .htaccess file.  Here’s how to do this.

  1. Log in for your domain, and go to Paid Hosting > Manage Advanced Hosting to open up the cPanel window
  2. In the Files section, click on the icon for File Manager.  This will open in a new window
  3. On the upper right click on Settings.  If the option for Show Hidden Files (dotfiles) is not checked, check it and save.
  4. On the left column, click on the public_html folder.
  5. Look for a file named .htaccess in your public_html folder.  If there isn’t one, go to File and create a new file named .htaccess in the /pubic_html folder.
  6. Select the file, and click Edit
  7. Paste the following two lines into the file, and click the Save Changes button.
          RewriteCond %{HTTPS} off
          RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

PHP 7.1 Now Available

Thursday, April 6th, 2017

Php 7.1If you are one of our customers that uses our Advanced Hosting Platform, you’ll be pleased to know Register4Less has now added PHP version 7.1.   PHP is one of the most popular programming languages used on the web today.  Sites like Facebook, WordPress, Twitter and Wikipedia all run using PHP.

The cPanel default (and native) version of PHP is 5.6.  Switching to version 7.1 should make your website load more quickly, thanks to the optimizations that have been made in 7.1.

To make the switch for your website, do the following:

  • Log in on http://register4less.com for your domain that’s using the advanced hosting.
  • Open up the cPanel (Paid Hosting > Manage Advanced Hosting)
  • In the Software section, look for “Select PHP Version” and click the link or icon.
  • You may want to note the current version you are using in case you need to revert if your website has problems with PHP 7.1.  It’s probably 5.6 though.
  • From the drop down menu, select 7.1 and click the Set as Current button.
  • Click on “Use Defaults” at the bottom of the page to use defaults PHP modules.

You’ll want to test your site to make sure everything is functioning correctly.  For WordPress sites, some plugins are not yet compatible with PHPp 7.1, so you may want to try 7.0 if things are not working correctly, or revert back to the version you took note of earlier.

Upgrade of Basic Hosting Server to NGINX

Tuesday, March 28th, 2017

NGINX is an open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. NGINX is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.

This past week, out network staff have upgraded the hosting platform for the 10MB free hosting service Register4Less.com provides with every domain name.  The server for the http://Register4Less.com website itself has also been upgraded to NGINX.  The hosting platform had been using Lighttpd for a number of years before the upgrade.

NGINX provides a number of advantages over Lighttpd or Apache, including:

  • possible per-domain customizations if required,
  • sub-domains can now be setup by ftping using the same credential as the domain it’s based on, using its own top-level folder,
  • no database use for configuration, so even more responsive than before,
  • using latest stable Nginx web server for better security.

While our staff are confident that the change from Lighttpd to NGINX will be seamless, we ask that if you are using our basic hosting platform and see any issues to contact our support team.

In the industry today, NGINX is second only to Apache in terms of volume of sites that use it as the web server application.

Site Publisher

Friday, May 6th, 2016

SitePublisherA new feature has been added to our paid hosting platform that allows you to create a simple website with no HTML coding needed.  Three different styles of web pages are supported.  To access this new feature, connect to your cPanel by going to the menu for Paid Hosting, and then click on Manage Advanced Hosting.

Personalized Parking Page

A domain registered with Register4Less.com will have a parking page generated by us if nothing else is setup for the domain.  If you prefer to setup your own parking page, choose the Under Contruction template.  You’ll enter in a title, description, your email address and Google Analytics tracker ID (optional).

Personal Website

With the personal website, you will enter in more contact information (name, tag line, avatar image URL), along with contact information, an about me description, links to social media (Facebook, Twitter, LinkedIn) and the Google ID.

Business Website

The business website adds more options for your site, including a description header, business description, business hours and hour notes, social media links and a google maps URL to help customers find your business.

Publish and your site is live

With all of these options, once you click Publish, your web page will instantly go live.  All of your content can be edited at any time.

Change Where Your Site’s Hosted (without changing where it’s hosted!)

Thursday, April 14th, 2016

The Domain Name System (DNS)

When you type in the name of a website, there’s a lot that happens in the background that will connect your web browser with the server the site is on, and what does that is DNS.  Every website, every service, practically every device connected to the Internet has a unique address that tells every other device where to connect to it.  That numeric address an IP address like this one: 192.99.3.191 (IP version 4) or 0:0:0:0:0:ffff:c063:3bf (IP version 6).  Problem is, numeric addresses are not easy to remember, so the DNS system translates web addresses like www.register4less.com that you and I are familiar with into the IP address where that website is hosted.

The Hosts File

This week, we’ll cover how you can override the actual IP address a website is on for Mac and Linux computers.  Next week, we’ll cover how to do this on a Windows computer.

On your Mac or Linux computer, there is a hosts file that contains a listing of IP addresses and domain names.  Your computer will look to the hosts file prior to going outside to your ISP for cached (saved) DNS or to the DNS server for the domain, so if you have an entry for a domain in your hosts file, it will supersede the domain’s actual DNS.

There are a number of reasons why you would want to have an entry to override a domain’s actual DNS information.  If you’re testing a new environment as discussed above, this is a very quick and easy way to get your domain to resolve to a new host without complications.  You can also use the hosts file to “blackhole” sites that you do not want accessible like spyware sites, ad networks, pornographic sites, etc.  For those sites, you would specify the IP address as 127.0.0.1.

How to Edit Your Hosts File (Windows)

In Microsoft operating systems, most versions will have the HOSTS file is located in the following location:

C:\Windows\System32\Drivers\etc

As with Mac and Linux, the hosts file on Windows is a text file.  To edit the file, open the File Manager, navigate to this directory.  Locate the file, right-click on it, and choose to open the file with Notepad. You will see a file similar to this in Notepad:

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host
# localhost name resolution is handle within DNS itself.
#       127.0.0.1       localhost
#       ::1             localhost

Enter in the the IP address of the new server, along with the domain name and www. plus the domain name.

# Override the actual IP address where the domain's DNS resolves
198.27.68.184 lakesideninos.org www.lakesideninos.org

Write the file and exit Notepad.

How to Edit Your Hosts File (Mac)

The hosts file is a text file that is in a directory that you would not normally access, /etc.  The best way to edit and save the hosts file is to use a text editor on your computer’s console/terminal.  One your mac (if you’re a Linux user, we are assuming you know already how to access the console and use the vi editor), do the following:

  1. Open Finder and click on Applications
  2. Double click the Utilities folder
  3. Double click on Terminal
  4. type sudo vi /etc/hosts and hit the enter key
  5. You will be prompted to enter in your account password for your computer.  Type that in and hit enter.

You will see a file that looks something like this:

# 
# Host Database 
#           
# localhost is used to configure the loopback interface
# when the system is booting.  Do not change this entry.
# 
127.0.0.1       localhost

In our example we are going to use the domain name lakesideninos.org and the IP address 198.27.68.184, the IP address for our ahs2.R4L.com server.

Adding an entry to your hosts file

  1. Hold Shift and G down together to place the cursor at the bottom of the file.
  2. Type o to go to insert mode on the next line
  3. Type in the IP address followed by a space, then the name of the website, and then the name of the site again with www. in front of it and hit enter. In our example, I would type in the following:
# Override the actual IP address where the domain's DNS resolves
198.27.68.184 lakesideninos.org www.lakesideninos.org

# Block out unwanted websites
127.0.0.1 badsitename.com www.badsitename.com
  1. Hit the Esc key to exit insert mode.
  2. Type :wq and hit enter to save and exit the editor.
  3. type exit and hit enter to close Terminal.

Undoing the Change

Once you’ve tested the site and want the real DNS to apply, you will want to make the changes for the domain to point to the new host (assuming that’s why you are overriding the real DNS resolution), you will want to delete the entries from the hosts file.

  1. Follow the instructions above to open the terminal and edit the file with vi.
  2. Use the arrow keys to move the cursor to the first line where the domain and its IP address appear.
  3. Hit the d key twice to delete the line.
  4. Do the same with the entry for www. plus the domain.
  5. Type in :wq to write the hosts file and quit the editor.
  6. Hold Control d to close Terminal.

Using Customer Service / Support

Monday, April 4th, 2016

Smiley SupportOur support team often gets complimented that we have the best support in the industry, and that our customers tell their friends and colleagues about us all the time.  One of our team has even once been “accused” of cloning himself because he’s always there.

As you can imagine, this is of course nice feedback to hear. Then this….

This morning I had a chat session with a customer that’s been with us for a few years, and he was looking for information on how to transfer the registration and hosting away to another provider.  We have domains that transfer in to us and away from us.

Normally when we get a transfer away I inquire as to the reason for the transfer.  The reason he gave was that he could not get the free basic hosting service to work.  I asked if he’d contacted our support team for help, and his initial reply was yes.  I wanted to check with whom he spoke, and turned out he had not contacted our support team, and that’s a shame.

He’s already got the transfer process underway, and of course we recommend our customers rights to move their domains to another registrar if they so choose.  He’s moving to a registrar that does charge for Whois privacy, so will be paying quite a bit more for the registration service.  Moving the domain’s registration and hosting will also not necessarily solve the issues he’s having with hosting.

So the take away from this is if you are having an issue with an R4L service, please get in touch with our support team.  It’s not really possible for our team to know what customers are having issues with connecting to a mail account, server, or other issue unless we hear from you.  Usually these kinds of issues are pretty quick for us to look into, and once resolved, you can get to using the hosting or mail service.  In the case with this particular customer, not only could we have helped him months ago to get his site online, but he’d still be able to take advantage of the free hosting and Whois privacy we provide with the domain registration.  Where he’s transferring doesn’t provide these free services,  so his cost per year will be going up substantially.

Getting in Touch with the R4L Team

Secure Online Chat

Our newest way to get in touch with the support team is via the secure chat from our website.  Simply go to https://Register4less.com and click on Chat Now – Online.  The chat session between you and the agent that answers your chat is fully encrypted, so if you’re renewing a service with us, it’s safe to provide payment information over the chat.  All chat sessions automatically will create a transcript in our support ticketing system.

Support Ticketing – Email

Our support address is support@Register4Less.com, or support@R4L.com.  All email there gets tracked by a ticketing system.  Tickets can be transferred between agents, be assigned a reminder date, etc.

Toll-Free Phone

You can also reach our team by calling within the US and Canada toll free 1 (877) 905 – 6500.  Outside of North America, call int + 1 (514) 905-6500.  If you are calling outside of our core office hours (9 – 5 Eastern), please leave a voice message and we will call you back as soon as we are able.

User Manager and Unified Logins

Wednesday, February 24th, 2016

cPanelUnified Logins

In the past, cPanel maintained different specifications/rules for usernames and passwords for email, FTP, and Web Disk.  These different rules meant that users logins for each of these services had to be different.  Requiring different username/password combinations for different services complicates access unnecessarily.

Starting with version 54, cPanel is introducing a new username standard, with all usernames now following a typical email address format.  By implementing a common username format, cPanel account owners can now give end users the same login for email, FTP, and Web Disk, easing account management.

mail-ftp-web-diskThe User Manager

There is now a single interface with which you can quickly create, search, filter and manage User accounts on cPanel.  This streamlined interface provides improvements over existing interfaces, including:

  • A single page User creation screen which can create an email, FTP, and Web Disk account at the same time
  • A simple way to configure and maintain email, FTP, and Web Disk settings for a User in a single page
  • A simple way to link separate email, FTP, and Web Disk accounts that share the same username so your End Users can start taking advantage of a Unified Login immediately
  • Password reset for all of a User’s services in single step

The User Manager List View

manageUsers

The User Manager Create/Edit Screen

editUser

If you have old accounts that have different usernames and passwords, you will see these displayed separately, and have a link to connect them to one synchronized account login.  User accounts can very easily be edited for the users name, email address, alternate email address, and restrictions you would want on their accounts.

Where does this take us?

Usually you will connect to the cPanel using your register4less.com account by navigating to Paid Hosting > Manage Advanced Hosting.  This will then open the cPanel interface as normal.  We do occasionally get requests by domain owners to give their web development person direct access to the cPanel.  While this can be covered by creating a sub-user with permissions enabled for Manage Email hosting and Manage Web Hosting, some developers are more comfortable with accessing the cPanel interface directly.

The cPanel development team are looking to the future and building a robust User Model, which will allow for granting of access to specific cPanel feature sets in addition to the common email, FTP, and Web Disk services.

Keeping Spam off your WordPress site/blog

Tuesday, February 9th, 2016

Less Spam with GreylistingThis is part 1 of a 2 part post.

If you’re hosting a WordPress site/blog, chances are, you’re going to have to deal with spam comments being posted to your site.  WordPress is the most popular CMS (Content Management System) environment in use by developers, with over 25% of websites globally now running WordPress.  While it’s undeniably a powerful and flexible platform with which to build your site, it’s also the number 1 targeted platform for spammers.

Can’t I Just Ignore Spam?

Some people new to hosting sites will leave spam comments on their websites, thinking the appearance of comments & ping backs will look like their website is getting increased traffic and interest.  Reasons you don’t want to do this include:

  • Bad links will hurt your search engine placement.  Google and other search engines are cracking down on bad links.  If your site is linking to known unrepeatable sources, you will likely see your SEO rankings decline.
  • Spam on your website tells your visitors you’re not paying attention to your website.  Generally visitors to  your site will see spam comments for what they are.  This essentially tells your site visitors that you’re not keeping up with the management of your site’s content.
  • Spam will slow down your website.  Spam creates unnecessary additional content for your website to load, and can grow quite quickly if not managed.  This will add time for every page to load on your website, and encourages visitors to abandon the page load and go elsewhere.
  • Most Spam comments and trackbacks contain links.  More bad news for your site’s visitors.  Many of these links go back to virus/malware, which if followed, could lead to your visitor’s computer becoming infected, and possibly their computer/email account becoming compromised.

Now that you understand why it’s important to keep up maintenance of your website and keep comments & ping backs free from spam, let’s look at some approaches to help you accomplish this.

Automatically Filter Spam Using an Anti-Spam Plugin

By default, the anti-spam filter Akismet is installed and waiting for you to activate it.  To do so, simply log into your WordPress dashboard, click on Plugins, and activate for Akismet.  You will need to register with them to get the plugin running.  Akismet will trap spam and notify you by email when new comments are awaiting moderation.

Regularly Check and Approve/Decline Comments

A continuation of the first point, Akismet will trap comments posted to your site, and allow you to Approve, Trash, or mark comments as Spam.  Letting Akismet know a comment is spam also will help train its filter.  No spam filter is perfect, so sometimes Akismet will place a legitimate comment or pingback into the spam folder.  You should not just delete everything thats been tagged as spam, but go through to make sure legitimate comments get approved.

Disable Comments After a Period of Time

If you’re writing posts to your site, consider disabling comments to the posts after real comment traffic has settled down.  What this period will be will depend on your site and how active comments are given a post you’ve put up.

More coming next week.

We’ll post part two of this next week.  Until then….

Reseller Hosting

Monday, January 18th, 2016

advanced-hostingRetail Advanced Hosting Plans

Register4Less.com offers two types of advanced hosting services.  Our regular hosting plans provide web only, email only, and combined web and email hosting on a per domain basis.  These are priced between $1.45/month for our entry level 50MB Agate web hosting plan to $11.95/month for our 25GB web, 100 email (200GB space for mail) Topaz Hosting plan.  All of these plans feature the cPanel (control panel) interface to manage email and web hosting features.  The Trendy Tools web builder is included with all web hosting plans, as is the ability to install WordPress, Joomla, Drupal, PHPbb, PHPList and other applications.

Reseller Advanced Hosting Plans

Our reseller plan allows you to create your own hosting plans, so you can define what disc space is allocation for web and email hosting.  The reseller plans start at $24.95 for our Opal 50GB plan and go up to $79.95 for our Onyx 200GB plan.

With the reseller plan, you can sell web hosting plans directly to your customers, or if you have a lot of domains you want to set up, this allows you to host as many as you wish, provided of course that they fit within the space the plan you have selected allows.

Steps for setting up Reseller Hosting

When you purchase a retail hosting plan, the features this plan has are predefined.  With reseller hosting, you have the freedom of defining different packages you can sell to your customers or assign to your own domains, but you do first have to create these.

WHM vs cPanel

In addition to the cPanel interface to manage the hosting services for your domain, you will have an additional WHM (Web Host Manager) interface to use to manage the other domain you will be setting up to use your hosting service.  To connect to this, log into the domain under which you purchased the reseller hosting package (we’ll call this your reseller domain), and go to Paid Hosting > Web Hosting Manager (WHM).

Defining Packages

The first thing you will want to do once you’ve purchased a reseller hosting plan is to setup your packages.  With WHM open, on the left column click on Packages and then the icon for Add a Package.  You can at any time create, edit or delete a package.  A good example set of features for a hosting package are:

  • Disk Quota (MB) – 1,000
  • Monthly Bandwidth (MB) – unlimited
  • Max FTP Accounts – 10
  • Max Email Accounts – 10
  • Max Email Lists – 10
  • Max Databases – 10
  • Max Sub Domains – unlimited
  • Max Parked Domains – unlimited
  • Max Add-on Domains – 0
  • Maximum Hourly Email by Domain Relayed – unlimited
  • Maximum percentage of failed or deferred messages a domain may send per hour – unlimited

Under Settings, you’ll want CGI Access selected, and the other options not.  Paper lantern is the recommended theme, and choose default for the Feature List.

Once you have completed your settings, make sure you click the blue Save Settings button.

Setting up DNS

When you are adding a domain to your hosting plan, you will need to make sure the DNS is set correctly.  This will have been done automatically for your reseller domain, so what we want to do is configure the domain your adding to have the same DNS setup as your reseller domain.

To do this, instead of typing in all of the settings in the custom DNS zone editor, you will use the DNS > Point Domain(s) to Zone function.  Once on this page, locate the domain you are adding and check the selection box next to it, and the find the Custom Zone box that has your reseller domain in it.  Click the Point to this Zone button in this custom zone box.  You can point more than one domain at a time.

Creating a New Account

Now that you have your packages created and DNS set, you’re ready to add the domain to WHM.  To do this, click on Account Functions, and then Create a New Account.

You will enter in the name of the domain, the username and password (twice), and an email address for the owner of the domain.  You will choose a package from a drop-down list, and should check the option Use the nameservers specified at the Domain’s Registrar.  Leave the Local Mail Exchanger option selected and click the blue Create buttons.

For your customer, they can then login to their cPAnel by entering in the name of their domain and append /cpanel or :2083

 

Softaculous Defaults & WordFence

Monday, December 28th, 2015

softboxbigNew Softaculous Default Settings

If you’re using our cPanel based hosting, the R4L team has made a change to the default settings for the software installation program Softaculous.
When installing WordPress, automatically now a security plugin called WordFence will be installed.  We are also changing the default settings when installing WordPress so that WordPress itself, plugins and themes will automatically stay updated.

WordFence

wordfence-logo-429x324With over 10.7 million downloads, WordFence is the most downloaded WordPress security plugin, and reputedly the best security plugin.  WordFence will help you scan your site for malware/hacks, and help clean the site if problems are detected.

Updating Your Settings

 With WordFence installed, you will want to update some of the settings to make the most of its features.  To do this, go to WordFence on the left column, and and click on Options.  Click Here or documentation WordFence Options.  Apart from the default settings, we recommend the following:

 Basic Options:

  • Where to email alerts: — Enter in your email address

Click the Save Changes button before advancing to the advanced options.

Advanced Options:

 Alerts:

These will depend on how many sites you manage, and how many users you have using your site.  For high volume applications, leave only Alert when an IP address is blocked, Alert when someone is locked out from login, and Alert me when someone with administrator access signs in checked.

Firewall Rules:

  • Check Immediately block fake Google crawlers.  It provides false traffic numbers.
  • 404’s that exceed 2 per minute, choose throttle it
  • How long is an IP address blocked when it breaks a rule, choose the maximum 1 month

 Login Security Options:

  • Choose Force admins and publishers to use strong passwords
  • Lock out after how many login failures, default is 5, recommend 2 or 3
  • Lock out after how many forgot password attempts, default is 5, recommend 2
  • Amount of time a user is locked out, set to 60 days
  • Immediately block the IP of users who try to sign in as these usernames, set admin

Of course, your admin username must not be “admin”.  These settings help protect against brute force attacks

Keeping Your WordPress Site Secure

Monday, December 7th, 2015

wordpress_logo1Part 2

Hide the Username from the Author Archive URL

Or better yet, don’t make public posts from your admin account at all.  If your admin name is published with posts or comments that you make on your site, this will be visible to hackers as well.  This is like having your admin username be “admin”.

Another way an attacker can potentially gain access to your username is via the author archive pages on your site.

By default WordPress will create an author archive under the URL http://yoursite.com/author/myblogs, using your username myblogs.  This is essentially the same security hole as described in last weeks post having the admin username be “admin”.

This is less than ideal, for the same reasons explained above for the “admin” username, so it’s a good idea to hide this by changing the user_nicename entry in your database, as described here.

Disable file editing via the dashboard

In a default WordPress installation, you can go to Appearance > Editor and edit any of your theme files in the dashboard.  If a hacker has cracked your WordPress login, they will have access to these files, and upload whatever files or scripts that they wish.

To disable this method of file editing, add the following to your wp-config.php file:

define( ‘DISALLOW_FILE_EDIT’, true );

Use a Security Plugin

As well as all of the measures above, there are many plugins you can use to strengthen your site’s security and reduce the chance of being hacked.

Here are a handful of popular options:

Change the wp_ Table Prefix

By default, each table in the WordPress database begins with wp_. Just like the other default features already mentioned, if you leave it as is, it makes it easier for hackers to infiltrate your site and database tables since the table names are the same across most WordPress installs.

Changing this to something more customized and memorable to you means it will be less accessible to hackers.

There are many plugins that can change the table prefix to something else you choose and here are some of the most popular ones:

https://wordpress.org/support/topic/secure-wordpress-change-table-prefix-after-installation

Check Your File Permissions

If you’re hosting your site on a Linux or Unix server (all of our servers are Linux), files have permissions for owners, groups, and all users.  Permissions are grated for files to be readable, writable and executable.  If your file permissions on important files and directories are too open, almost anyone could have access to these files on the server.

The WordPress Codex has a great guide that explains file permissions in-depth.

Limit Access to Important Pages

Your admin dashboard and login page are among the most important pages since they can grant access to your entire site. Limiting access to these pages means you and your users will be the only ones that will be able to access your site, keep you all a little safer.

Click here to learn how you can limit access to a specific IP address.