Security
How to add http headers using Plesk
There’s a few reasons why you might want to add custom headers on your website, however the most common reason today is to add apache or nginx security headers. Many of these headers cannot be pre-applied globally as they would directly affect functionality of some sites that rely upon functionality which these headers would restrict,…
Read MoreHow to get a free SSL certificate with SSL It! and Let’s Encrypt on Plesk
Historically SSL certificates have been costly. Enter: Let’s Encrypt. A free SSL provider with a massive amount of industry support. Free Let’s Encrypt certificates are the best option for most use-cases as they’re really simple to install and cover end-to-end encryption for website visitors. However in select cases, like an online store, you may wish…
Read MoreEverything you need to create a website
In this article we provide a breakdown of each of the components you need in order to have a custom presence on the Internet, including a website and email services on your own domain. When you register a domain and host it all in the same place, it’s not always obvious that the service being…
Read MoreHow to Secure or Harden Your WordPress Website
This article was originally written in Feb 2014 and receives regular updates as tactics change. Tip: If your website is currently hacked, this isn’t the guide you want. Check out our guide to cleaning a hacked WordPress site. Then come back here to harden it after the website has been cleaned. How and why do…
Read MoreHow to prevent fraudulent transactions with WordPress + WooCommerce
While most of these guidelines will help you with any eCommerce application, there will be specific mentions for WooCommerce related plugins as it has (arguably) become the standard for eCommerce on WordPress. Fraud and Website Security The first thing to understand about managing fraudulent transactions is that they don’t directly have anything to do with…
Read MoreHow to Password Protect any Folder in Plesk
This feature is also known as HTTP Authentication. Here’s how to do it: That’s it! If you visit the URL that corresponds with that directory, you’ll be prompted to enter a username and password before you can view it. Note: it may not be immediately obvious but when you click on “Password Protected Directories” the…
Read More403 Forbidden errors when working on your website? Firewalls, firewalls, firewalls
A 403 forbidden error most frequently occurs when our security systems are protecting your site. Way more often than not, our web application firewall (called Mod Security or modsec) is protecting your website from automated hacking attempts. However, in some cases, legitimate actions can be incorrectly identified as an attack and your action will be…
Read MoreHow to create mail authentication records: SPF, DKIM, DMARC
Have you ever had: What’s causing that? Why is it rejected or filtered to spam? While there can be additional reasons for a message being filtered to spam, more often than not, any one of the above issues will occur because there’s an issue with the sending domain’s email spoofing protection configuration. These protections, or…
Read MoreJanuary 2017 WordPress Botnet Bruteforce Attacks
Although we haven’t seen any major reporting on it yet, as of 2017 our servers have detected a massive botnet attacking WordPress installations in an attempt to exploit weak passwords. Our typical firewall rules are configured to allow at most 15 login attempts prior to immediately blocking the IP at the network level. This works…
Read MoreHow to fix a hacked WordPress site
If your WordPress site has been hacked, don’t panic! Just like everything else IT related, solving this is simply a matter of following the right steps. The following guide will help you to fix your hacked WordPress website. About WordPress Hacks It’s important to keep in mind that most WordPress hacks are not targeted: it’s highly unlikely…
Read MoreHow to improve Fail2ban IO Performance
Solution #1: inotify vs gamin If you don’t have it installed already, get python-inotify installed. Fail2ban should then automatically start using that library rather than gamin for log file updates. This is very helpful when it comes to servers with *many* log files. Details on how this is done here. If that doesn’t cut it,…
Read MoreHelp! My WordPress site is redirecting/opening windows to spam pages!
Today one of our techs was working on a website for one of our customers with Hands-On Support and came across a disturbing discovery: the website was opening a new window to a malvertising (malicious advertising) site. It would only happen on the first page load, and only when it registered a click on the…
Read MoreKeep your plugins updated!
It has been brought to our attention that the popular “All-In-One SEO” plugin for WordPress leaves your website open to what is called a cross-site scripting attack. This means both your website and your visitor’s computers could be vulnerable when visiting your website! Please be sure to login to your WordPress install and update the…
Read MoreHow to use FTP or SFTP and Select an FTP App
Choosing an FTP or SFTP application shouldn’t be a difficult process. This overview will suggest a great application that works on Windows, Linux and Mac OS X called FileZilla. It will show you how to configure it to connect to your server, how to set up the appearance for the simplest usage, and then talk…
Read MoreHow to install an SSL Certificate with Plesk
This guide will walk you through the steps necessary to obtain and installing a commercial SSL certificate in Plesk. If you wish to install a free Let’s Encrypt certificate with Plesk, the process is much simpler and you can learn all about it here. The Let’s Encrypt guide at that link replaces this one only…
Read MoreHow to Choose an SSL Certificate
Choosing the right SSL certificate can be a tricky process mostly because the industry uses confusing language and provides many similar sounding options. By the end of this article, you’ll be able to better understand the often cryptic meaning (no pun intended) behind the specifications for an SSL certificate and clearly differentiate between your options.…
Read More