Security

How to prevent fraudulent transactions with WordPress

While most of these guidelines will help you with any eCommerce application, there will be specific mentions for WooCommerce related plugins as it has (arguably) become the standard for eCommerce on WordPress. Fraud and Website Security The first thing to understand about managing fraudulent transactions is that they don’t directly have anything to do with…

Read More

Elegant Themes Divi critical security update

Heads up for our Divi users (theme and builder plugin) as well as Extra, Bloom, and Monarch plugins. The following alert was sent out on Monday March 11th: Today some of our products were updated to patch a security issue. This issue was patched after being privately disclosed to our team by an independent security…

Read More

How to Password Protect any Folder in Plesk

This feature is also known as HTTP Authentication. Here’s how to do it: Log in to Plesk and choose “Password Protected Direcotires” under your domain Select Add Protected Directory. Enter in the directory name (wp-admin), location (probably httpdocs) and title of the protected directory and click OK. Once the directory is added, select the directory.…

Read More

What is SPF / Sender Policy Framework?

SPF records are used to prevent spammers from trying to make it look like their spam comes from your email address. While SPF records don’t guarantee prevention of forged addresses, they do a lot to help prevent it. Spammers commonly use sender forgery to try and trick their recipients into reading their SPAM emails. SPF works by publishing a list of…

Read More

January 2017 WordPress Botnet Bruteforce Attacks

Although we haven’t seen any major reporting on it yet, as of 2017 our servers have detected a massive botnet attacking WordPress installations in an attempt to exploit weak passwords. Our typical firewall rules are configured to allow at most 15 login attempts prior to immediately blocking the IP at the network level. This works…

Read More

How to fix a hacked WordPress site

If your WordPress site has been hacked, don’t panic! Just like everything else IT related, solving this is simply a matter of following the right steps. The following guide will help you to fix your hacked WordPress website. About WordPress Hacks It’s important to keep in mind that most WordPress hacks are not targeted: it’s highly unlikely…

Read More

How to improve Fail2ban IO Performance

Solution #1: inotify vs gamin If you don’t have it installed already, get python-inotify installed. Fail2ban should then automatically start using that library rather than gamin for log file updates. This is very helpful when it comes to servers with *many* log files. Details on how this is done here. If that doesn’t cut it,…

Read More