Security

How to add http headers using Plesk

plesk-http-headers

There’s a few reasons why you might want to add custom headers on your website, however the most common reason today is to add apache or nginx security headers. Many of these headers cannot be pre-applied globally as they would directly affect functionality of some sites that rely upon functionality which these headers would restrict,…

Read More

Everything you need to create a website

everything-need-website-online

In this article we provide a breakdown of each of the components you need in order to have a custom presence on the Internet, including a website and email services on your own domain. When you register a domain and host it all in the same place, it’s not always obvious that the service being…

Read More

How to Secure or Harden Your WordPress Website

how-to-secure-a-wordpress-website

This article was originally written in Feb 2014 and receives regular updates as tactics change. Tip: If your website is currently hacked, this isn’t the guide you want. Check out our guide to cleaning a hacked WordPress site. Then come back here to harden it after the website has been cleaned. How and why do…

Read More

How to prevent fraudulent transactions with WordPress + WooCommerce

managing-fraud-wordpress-woocommerce

While most of these guidelines will help you with any eCommerce application, there will be specific mentions for WooCommerce related plugins as it has (arguably) become the standard for eCommerce on WordPress. Fraud and Website Security The first thing to understand about managing fraudulent transactions is that they don’t directly have anything to do with…

Read More

How to Password Protect any Folder in Plesk

Plesk password protect folder

This feature is also known as HTTP Authentication. Here’s how to do it: That’s it! If you visit the URL that corresponds with that directory, you’ll be prompted to enter a username and password before you can view it. Note: it may not be immediately obvious but when you click on “Password Protected Directories” the…

Read More

How to create mail authentication records: SPF, DKIM, DMARC

spf-records-what-are-they

Have you ever had: What’s causing that? Why is it rejected or filtered to spam? While there can be additional reasons for a message being filtered to spam, more often than not, any one of the above issues will occur because there’s an issue with the sending domain’s email spoofing protection configuration. These protections, or…

Read More

January 2017 WordPress Botnet Bruteforce Attacks

Although we haven’t seen any major reporting on it yet, as of 2017 our servers have detected a massive botnet attacking WordPress installations in an attempt to exploit weak passwords. Our typical firewall rules are configured to allow at most 15 login attempts prior to immediately blocking the IP at the network level. This works…

Read More

How to fix a hacked WordPress site

How to fix a hacked website

If your WordPress site has been hacked, don’t panic! Just like everything else IT related, solving this is simply a matter of following the right steps. The following guide will help you to fix your hacked WordPress website. About WordPress Hacks It’s important to keep in mind that most WordPress hacks are not targeted: it’s highly unlikely…

Read More

How to improve Fail2ban IO Performance

Solution #1: inotify vs gamin If you don’t have it installed already, get python-inotify installed. Fail2ban should then automatically start using that library rather than gamin for log file updates. This is very helpful when it comes to servers with *many* log files. Details on how this is done here. If that doesn’t cut it,…

Read More

Keep your plugins updated!

It has been brought to our attention that the popular “All-In-One SEO” plugin for WordPress leaves your website open to what is called a cross-site scripting attack. This means both your website and your visitor’s computers could be vulnerable when visiting your website! Please be sure to login to your WordPress install and update the…

Read More

How to use FTP or SFTP and Select an FTP App

Choosing an FTP or SFTP application shouldn’t be a difficult process. This overview will suggest a great application that works on Windows, Linux and Mac OS X called FileZilla. It will show you how to configure it to connect to your server, how to set up the appearance for the simplest usage, and then talk…

Read More

How to install an SSL Certificate with Plesk

plesk-ssl-certificate

This guide will walk you through the steps necessary to obtain and installing a commercial SSL certificate in Plesk. If you wish to install a free Let’s Encrypt certificate with Plesk, the process is much simpler and you can learn all about it here. The Let’s Encrypt guide at that link replaces this one only…

Read More

How to Choose an SSL Certificate

Choosing the right SSL certificate can be a tricky process mostly because the industry uses confusing language and provides many similar sounding options. By the end of this article, you’ll be able to better understand the often cryptic meaning (no pun intended) behind the specifications for an SSL certificate and clearly differentiate between your options.…

Read More