Author James 'IT Manager' | Posted in Security | No Comments »
Adding server-side protection around the wordPress wp-admin folder is like adding a second layer of protection to your WordPress admin area, login page and files. Server-side protection can be added by adding a .htaccess file (directory level configuration file) in your wp-admin WordPress sub directory.
Most common attacks against WordPress have been brute force attacks, or sending of specially crafted HTTP requests to WordPress files in wp-admin, therefore it is very important to add an extra layer of protection to the WordPress wp-admin section. By adding the .htaccess file to the wp-admin directory, you are safe guarding your WordPress blog or website from such attacks.
Password protect wp-admin directory with a .htaccess file
With the .htaccess file you can configure the server to password protect all the files in the wp-admin folder. Therefore before accessing WordPress files, such as the admin area login page you have to first authenticate against the server itself, using HTTP authentication. By password protecting the WordPress admin area, if a malicious user tries to access your WordPress admin area login page to launch a brute-force attack, or any other file which resides in the wp-admin directory to send a harmful crafted HTTP request, he is greeted with a server side login prompt and no direct access to WordPress files is possible.
To password protect your WordPress admin area, you have to create a .htpasswd file. A .htpasswd file contains a list of users and passwords used access the wp-admin file. The credentials to access wp-admin, should be different than those you use to login to your WordPress admin area. Once the .htpasswd file has been created, you can then create a .htaccess file and populate it with the below directives:
AuthUserFile /etc/httpd/.htpasswd
AuthType Basic
AuthName “restricted”
Order Deny,Allow
Deny from all
Require valid-user
Satisfy any
Note: the AuthUserFile directive should contain the path of where the .htpasswd file is stored on the server or on your hosting space.
Further protection of wp-admin folder with htaccess file
If you always access the blog from a fixed IP, you can also restrict access to the WordPress admin area by IP. To do so, simply add the below directive to the .htaccess file, where xxx.xxx.xxx.xxx is your IP. It is possible to add more IP’s to the list at a later stage by editing the existing .htaccess file.
allow from xxx.xxx.xxx.xxx
You can also block a spammer, bot or malicious user from accessing your blog with the .htaccess file. To do so, simply add the below directive to the .htaccess file where xxx.xxx.xxx.xxx is the IP to be blocked. It is possible to add and remove IP’s to the list at a later stage by editing the existing .htacess file.
deny from xxx.xxx.xxx.xxx
There are many other htaccess directives which you can use to ensure your WordPress security and protect your site or blog from malicious attacks — such as denying directory listing etc. You can read more about .htaccess directives from the Apache Tutorial: .htaccess files. As you can see, by adding a .htaccess file to the WordPress admin area beefs up the security of your WordPress installation.
You can also use .htaccess files in other directories of the WordPress installation, or even in the root directory to fine tune your WordPress installation security. Still it is very important to install the latest version of WordPress and plugins, irrelevant of the extra layers of security you add to your WordPress installation. WebsiteDefender is an online security service that can help you keep up to date and secure your WordPress blog or website. It will also alert you when a new version of WordPress, or a plugin you are using is available.
Author James 'IT Manager' | Posted in News | No Comments »
For every website owner who uses dedicated servers, one of the responsibilities is ensuring that their websites are properly protected from being hacked or infiltrated. We often hear of websites that were damaged, have their data stolen and rankings reduced to dust because their data is hacked. Even if you take certain measures to secure your website if the machine that you use to access is infected you may be facing a loss of valuable data.
As a website owner you need to know the different kinds of hacking and how they can affect your website:
• XSS. The major cause of this kind of vulnerability is weak security of HTML codes and client side scripts. These are typically found in web applications that allow code injection by malicious web users into the web pages viewed by other users. The major cause of this is JavaScript, VBScript and Activex.
• SQL injections. This allows sending the crafter a user name and or password field which changes the SQL query.
• Defacement is done by a group of hackers with the intent to steal content and other information from a website. They substitute web pages and home pages. Hackers target the web server and its operating system.
Here are some security measures that you can implement to protect your website from hackers:
• Avoid using older versions of software since they are usually not secured. Use the latest ones that are available in the market today. There are new updates from time to time since new hacking methods keep evolving too.
• Use secured passwords. To avoid a hacker from guessing them, make your password a combination of letters, numbers and special characters.
• Monitor your website logs daily to spot any unusual traffic spike in your stats and to ensure that this is not hacking.
• Record the IP addresses of the websites that are tapping into yours.
• Use the latest version of pre-hack backup for your website.
• Use only secured plug-ins, widgets and codes.
• Host your website on different C class IPs.
• Use high quality software that has a good coder to protect your site.
• Avoid using public wifi which is a security risk
You Need a Trusted Server Administrator
The best way to protect your sites from hacking is by continuously learning from new articles or available resources that can help you in resolving your problems and hacks. Don’t forget to keep backups. Although this will not protect your site, at least your records will be safe. Be careful of revealing too much about your website since this can attract the wrong crowd. After all, you are responsible for your own site.
After website damage control, the next best thing to do is to get the services of a reputable web server administrator. Even the most seasoned veteran needs networking assistance from time to time. The job of these administrators is well defined. They will log into your dedicated server on a scheduled basis to perform operating system maintenance. The administrator will install upgrades and patches for your current applications. They will monitor the following: OS resource utilization, CPU usage, memory utilization, and disk space and log rotation (in some cases). Their main job is to configure and maintain the web server so that you can concentrate on designing your website and uploading the content you want.
Since using a dedicated server will leave all aspects of the web maintenance to you, it is wise to get somebody to assist you with the hassles of keeping your server and files protected from hackers and other dangers. Some website administrators also offer email administration services which can assist you in monitoring your email box and as an additional bonus, they can help your users and customers in case technical problems arise. Aside from their monitoring abilities they can also help you in controlling spam. For a well-managed environment, five hours of web server and email server administration for each of the servers is suggested.
Look for an advanced dedicated server monitoring system that resides on a private network and ranges within the data center so that there will be no security issues that may arise from allowing access through firewalls. As your systems grow and become more complicated, intrusion detection is a must for website owners who uses dedicated servers. Select an intrusion detection company that can satisfy your needs. Through their services you can insure that your system is protected from potential hacks from outside sources.
Subscribe to a dedicated server remote backup system that can assist you in data retention and disaster recovery back up since saving your data is crucial. Many businesses do not realize how powerful having a dedicated offshore server can be until an emergency happens. A good example of how having a good backup system works is during the 9/11 World Trade Center attack. Some companies had an estimated data loss of $700 million but for those who had a backup facility with duplicate applications and staff, their data was transferred back without a hitch. This way, there is no real los only minimal ones that can be remedied.
Redundancy in IT systems is one of the most effective ways to keep your online business running even in an emergency. To secure your data from potential loss look for backup solutions that are tailored to your website needs. In this online business climate, having a disaster recovery plan is essential to ensuring your business continuity.
Original Article: http://www.thehostingnews.com/prevent-site-hacks-and-recovery-on-dedicated-servers.html
Author James 'IT Manager' | Posted in Special Offers | No Comments »
Follow us on Twitter
We are now using Twitter and to celebrate we are offering our existing customers a ’25% off discount’ if you ‘Follow us on Twitter’, this promotion applies to all new hosting plans ordered with a 1 year or 2 year billing contract. This is a limited time offer so please hurry before this promotion ends.
Follow us on Twitter
Author James 'IT Manager' | Posted in Business | 2 Comments »
I’ll tell you the same thing I tell every one of my new web marketing clients, “WordPress is incredible – and you should be using it for your website.” It can save you both time and money, while making it far easier to build a beautiful and limitless website that you can manage and control yourself.
Once you learn more about WordPress, you’ll understand why over 80 MILLION websites are built on WordPress, and why now is the time for you to learn what WordPress is all about, and how it can provide immense value to your small business.
Here are my Top 10 Reasons for why you should strongly consider WordPress for your website:
Read the rest of this entry »
Author James 'IT Manager' | Posted in News | No Comments »
On January 12th, a series of earthquakes measuring 6.5 to 7.3 on the Richter scale devastated Haiti. There is now a critical shortage of essential supplies and support personnel to assist the people of Haiti through this crisis.
Although normally fiercely competitive, as members of the hosting community we know that the power we wield as a group is much more than we can wield individually. And so we’ve come together to help assist those affected by this disaster. With the generosity of all our combined customers, we hope to make a difference. And you can too. One dollar helps. One hundred dollars helps one hundred times more.
We’ve partnered with the American Red Cross to provide support, which may include mobilizing relief workers, sending relief supplies, and providing financial resources for recovery.
Heres what you can do to help: Donate to the International Response Fund. 100% of the funds will go to the American Red Cross Haiti Relief and Development fund.
