The Register4Less.com Blog

New Softaculous Default Settings

If you’re using our cPanel based hosting, the R4L team has made a change to the default settings for the software installation program Softaculous.

When installing WordPress, automatically now a security plugin called WordFence will be installed.  We are also changing the default settings when installing WordPress so that WordPress itself, plugins and themes will automatically stay updated.

WordFence

With over 10.7 million downloads, WordFence is the most downloaded WordPress security plugin, and reputedly the best security plugin.  WordFence will help you scan your site for malware/hacks, and help clean the site if problems are detected.

Updating Your Settings

 Basic Options:

• Where to email alerts: — Enter in your email address

Click the Save Changes button before advancing to the advanced options.

Advanced Options:

 Alerts:

These will depend on how many sites you manage, and how many users you have using your site.  For high volume applications, leave only Alert when an IP address is blocked, Alert when someone is locked out from login, and Alert me when someone with administrator access signs in checked.

Firewall Rules:

• Check Immediately block fake Google crawlers.  It provides false traffic numbers.
• 404’s that exceed 2 per minute, choose throttle it
• How long is an IP address blocked when it breaks a rule, choose the maximum 1 month

 Login Security Options:

• Choose Force admins and publishers to use strong passwords
• Lock out after how many login failures, default is 5, recommend 2 or 3
• Lock out after how many forgot password attempts, default is 5, recommend 2
• Amount of time a user is locked out, set to 60 days
• Immediately block the IP of users who try to sign in as these usernames, set admin

Of course, your admin username must not be “admin”.  These settings help protect against brute force attacks

Part 2

Hide the Username from the Author Archive URL

Or better yet, don’t make public posts from your admin account at all.  If your admin name is published with posts or comments that you make on your site, this will be visible to hackers as well.  This is like having your admin username be “admin”.

Another way an attacker can potentially gain access to your username is via the author archive pages on your site.

By default WordPress will create an author archive under the URL http://yoursite.com/author/myblogs, using your username myblogs.  This is essentially the same security hole as described in last weeks post having the admin username be “admin”.

This is less than ideal, for the same reasons explained above for the “admin” username, so it’s a good idea to hide this by changing the user_nicename entry in your database, as described here.

Disable file editing via the dashboard

In a default WordPress installation, you can go to Appearance > Editor and edit any of your theme files in the dashboard.  If a hacker has cracked your WordPress login, they will have access to these files, and upload whatever files or scripts that they wish.

To disable this method of file editing, add the following to your wp-config.php file:

define( ‘DISALLOW_FILE_EDIT’, true );

Use a Security Plugin

As well as all of the measures above, there are many plugins you can use to strengthen your site’s security and reduce the chance of being hacked.

Here are a handful of popular options:

• http://wordpress.org/plugins/better-wp-security/ – offers a wide range of security features.
• http://wordpress.org/plugins/bulletproof-security/ – protects your site via .htaccess.
• http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ – adds a firewall to your site.
• http://wordpress.org/plugins/sucuri-scanner/ – scans your site for malware etc.
• http://wordpress.org/plugins/wordfence/ – full-featured security plugin.
• http://wordpress.org/plugins/websitedefender-wordpress-security/ – comprehensive security tool.
• http://wordpress.org/plugins/exploit-scanner/ – searches your database for any suspicious code.

Change the wp_ Table Prefix

By default, each table in the WordPress database begins with wp_. Just like the other default features already mentioned, if you leave it as is, it makes it easier for hackers to infiltrate your site and database tables since the table names are the same across most WordPress installs.

Changing this to something more customized and memorable to you means it will be less accessible to hackers.

There are many plugins that can change the table prefix to something else you choose and here are some of the most popular ones:

https://wordpress.org/support/topic/secure-wordpress-change-table-prefix-after-installation

Check Your File Permissions

If you’re hosting your site on a Linux or Unix server (all of our servers are Linux), files have permissions for owners, groups, and all users.  Permissions are grated for files to be readable, writable and executable.  If your file permissions on important files and directories are too open, almost anyone could have access to these files on the server.

The WordPress Codex has a great guide that explains file permissions in-depth.

Limit Access to Important Pages

Your admin dashboard and login page are among the most important pages since they can grant access to your entire site. Limiting access to these pages means you and your users will be the only ones that will be able to access your site, keep you all a little safer.

Click here to learn how you can limit access to a specific IP address.

Part 1 of 2.

More and more of our customers are opting to use WordPress to build and maintain their websites.  WordPress is an excellent Content Management System (CMS), and now is used for approximately 20% of websites out there.

With WordPress being so popular, it has become a target platform for hackers and spammers to attack WordPress sites.  The platform is mature and secure, however there are steps every developer should take to help protect their websites from these people.  Some are just common sense, and some involve adding additional plugins to your website.

While the following recommendations will largely apply to any CMS platform like Joomla & Drupal, in our examples here, we’ll be focussing on the Web’s number one CMS platform, WordPress. (more…)

Register4Less.com’s new FTP gateway allows you to connect to all of your sites using a common configuration.  The new FTP gateway that makes publishing your website work in the same fashion whether you are using one of our advanced hosting plans or the free 10MB hosting we provide with your domain registration.

In the past, if you upgraded from the 10MB service to one of the advanced hosting plans, we would migrate your website over to the new AHS server, but you needed to create an FTP account on the server if you wished to publish using FTP.  Now however, you can connect to our FTP server on ftp://ftp.R4L.com, and the server will check which type of hosting plan your domain has and on which server, and then connect you to the right place.

(more…)

You have registered your domain name now, want to build a website, but are not sure of how to proceed. With Register4Less.com, you have several options, and we’ll lay these out below.

R4L Free Hosting Platform

On most accounts with us, we provide you with 10 MB of space for hosting a site free with your domain registration. The free hosting platform is perfect if you’re building a small personal or business site, and have some experience with HTML and CSS, and potentially Javascript.  The free hosting platform does not support databases like MySQL or server side scripting languages like PHP, Python, or Perl, but does support Javascript.
The best way to connect with the server to publish your site, whether directly from the program you are using or from an FTP program like FileZilla is to use the FTP service.  Please see this page on R4L’s help Wiki for instructions.

(more…)

For those of you who watch the R4L Blog, great news. The new advanced hosting services are now live! This is literally the biggest undertaking we have taken in terms of adding new services for our customers, and one that our entire team is very excited about.

Hosting on R4L Dedicated Servers

First, a little history on how this development came about. (more…)