How to add http headers using Plesk

There’s a few reasons why you might want to add custom headers on your website, however the most common reason today is to add apache or nginx security headers. Many of these headers cannot be pre-applied globally as they would directly affect functionality of some sites that rely upon functionality which these headers would restrict,…

Read More

Everything you need to create a website

In this article we’re going to provide a breakdown of each of the components you need in order to have a website on the Internet. When you register a whole new domain and host it all in the same place, it’s not always obvious that the service being provided is actually broken up into multiple…

Read More

How to Secure or Harden Your WordPress Website

This article was originally written in Feb 2014 and receives regular updates as tactics change. Tip: If your website is currently hacked, this isn’t the guide you want. Check out our guide to cleaning a hacked WordPress site. Then come back here to harden it after the website has been cleaned. How and why do…

Read More

How to prevent fraudulent transactions with WordPress

While most of these guidelines will help you with any eCommerce application, there will be specific mentions for WooCommerce related plugins as it has (arguably) become the standard for eCommerce on WordPress. Fraud and Website Security The first thing to understand about managing fraudulent transactions is that they don’t directly have anything to do with…

Read More

Elegant Themes Divi critical security update

Heads up for our Divi users (theme and builder plugin) as well as Extra, Bloom, and Monarch plugins. The following alert was sent out on Monday March 11th: Today some of our products were updated to patch a security issue. This issue was patched after being privately disclosed to our team by an independent security…

Read More

What is SPF / Sender Policy Framework?

Have you ever had an email message bounce back with a cryptic response like “5.7.1 Command Rejected”, or had someone email you only to get a similar message? What’s causing that? Why is it rejected? The answer, more often than not, is that there’s an issue with the sending domain’s SPF Record. So, what is…

Read More

January 2017 WordPress Botnet Bruteforce Attacks

Although we haven’t seen any major reporting on it yet, as of 2017 our servers have detected a massive botnet attacking WordPress installations in an attempt to exploit weak passwords. Our typical firewall rules are configured to allow at most 15 login attempts prior to immediately blocking the IP at the network level. This works…

Read More