Security

How to add http headers using Plesk

plesk-http-headers

There’s a few reasons why you might want to add custom headers on your website, however the most common reason today is to add apache or nginx security headers. Many of these headers cannot be pre-applied globally as they would directly affect functionality of some sites that rely upon functionality which these headers would restrict,…

Read More

Everything you need to create a website

In this article we provide a breakdown of each of the components you need in order to have a custom presence on the Internet, including a website and email services on your own domain. When you register a domain and host it all in the same place, it’s not always obvious that the service being…

Read More

How to Secure or Harden Your WordPress Website

This article was originally written in Feb 2014 and receives regular updates as tactics change. Tip: If your website is currently hacked, this isn’t the guide you want. Check out our guide to cleaning a hacked WordPress site. Then come back here to harden it after the website has been cleaned. How and why do…

Read More

How to prevent fraudulent transactions with WordPress

managing-fraud-wordpress-woocommerce

While most of these guidelines will help you with any eCommerce application, there will be specific mentions for WooCommerce related plugins as it has (arguably) become the standard for eCommerce on WordPress. Fraud and Website Security The first thing to understand about managing fraudulent transactions is that they don’t directly have anything to do with…

Read More

Elegant Themes Divi critical security update

Heads up for our Divi users (theme and builder plugin) as well as Extra, Bloom, and Monarch plugins. The following alert was sent out on Monday March 11th: Today some of our products were updated to patch a security issue. This issue was patched after being privately disclosed to our team by an independent security…

Read More

How to create mail validation records: SPF, DKIM, DMARC

Have you ever had: An email message bounce back with a cryptic response like “5.7.1 Command Rejected”, or had someone email you only to get a similar message? An email bounce with a clear answer about an SPF record or DKIM (or DomainKeys) record failure? Your emails arrive in the destination’s spam folder or not…

Read More

January 2017 WordPress Botnet Bruteforce Attacks

Although we haven’t seen any major reporting on it yet, as of 2017 our servers have detected a massive botnet attacking WordPress installations in an attempt to exploit weak passwords. Our typical firewall rules are configured to allow at most 15 login attempts prior to immediately blocking the IP at the network level. This works…

Read More

How to fix a hacked WordPress site

How to fix a hacked website

If your WordPress site has been hacked, don’t panic! Just like everything else IT related, solving this is simply a matter of following the right steps. The following guide will help you to fix your hacked WordPress website. About WordPress Hacks It’s important to keep in mind that most WordPress hacks are not targeted: it’s highly unlikely…

Read More

How to improve Fail2ban IO Performance

Solution #1: inotify vs gamin If you don’t have it installed already, get python-inotify installed. Fail2ban should then automatically start using that library rather than gamin for log file updates. This is very helpful when it comes to servers with *many* log files. Details on how this is done here. If that doesn’t cut it,…

Read More

Keep your plugins updated!

It has been brought to our attention that the popular “All-In-One SEO” plugin for WordPress leaves your website open to what is called a cross-site scripting attack. This means both your website and your visitor’s computers could be vulnerable when visiting your website! Please be sure to login to your WordPress install and update the…

Read More

How to use FTP or SFTP and Select an FTP App

Choosing an FTP or SFTP application shouldn’t be a difficult process. This overview will suggest a great application that works on Windows, Linux and Mac OS X called FileZilla. It will show you how to configure it to connect to your server, how to set up the appearance for the simplest usage, and then talk…

Read More

How to install an SSL Certificate in Plesk

plesk-ssl-certificate

This guide will walk you through the steps necessary to obtain and installing a commercial SSL certificate in Plesk. If you wish to install a free Let’s Encrypt certificate with Plesk, the process is much simpler and you can learn all about it here. The Let’s Encrypt guide at that link replaces this one only…

Read More