Monthly Archives: January 2023

01.21.23
by

Linux is the topmost choice of business organizations


Linux is authoritative and accessible as it is dependable, reliable, and resilient. It has a vast community which takes ownership to Linux distributions and helps to develop services, and applications and provides remedies to bugs.

Linux Enterprise Distributions

Cent OS (Communication Enterprise Operating System)
https://wiki.centos.org/Download
It’s free and open to use under the terms of the GPL license.


Red Hat, Debian, SUSE Enterprise

Home or Enthusiast-oriented Distributions

Fedora, Open SUSE

Benefits

  • The administrators modify the GRUB menu to make it more secure, furthermore use the command line to debug and repair boot issues.
  • Linux files and directories are just different file types. The BTRFS (Better FS) enterprise file system is blown away with power and ease in comparison to early traditional file system designs like LVM.
  • Administrators can download packages for distribution with no requirement for their installation.
  • Easy to manage processes and control services.
  • Managing users require less time.
  • Nginx – a performance-centric web server, is rapidly taking share market from Apache and has already surpassed IIS.
  • PAM (Pluggable Authentication Module) helps to manage when and how users connect.
  • Administrators can harden the Linux system to gain the best.
01.21.23
by

Business Web Hosting on Dedicated Servers


Most branded businesses opt for a dedicated server or cloud hosting for their website.

Why dedicated-Server?

  • Host-only the customer’s website who has rented the Server
  • Provides total control of bandwidth, space, and security
  • Dedicated equipment leased from the provider is often reliable
  • Most companies offer excellent customer services

Discounts

Most companies offer attractive discounts when the payment mode is quarterly, half-yearly, or annually. The businesses choose a monthly way, as they don’t want to be stuck for more extended periods.

Dedicated Server Customers

  • Large businesses or websites having substantial traffic
  • The websites collect credit card information, name, address, or other private or confidential details like shopping carts, and forums.
  • Online gaming or casino websites

Benefits Over

Shared Hosting

  • Mostly hosting business starters or personal websites devoted to a celebrity or resume web pages.
  • Limited or otherwise capped space and bandwidth

Free Server

  • Mostly hosting personal web pages.
  • The provider puts ads on web pages to compensate for the cost.

Drawbacks

Costliest: cost runs a couple of hundred dollars

Find the best-dedicated server providers on Ananova, where quality companies are listed with the monthly rate, space, and bandwidth they are offering.

01.21.23
by

From Personal To Professional


Nowadays, PHP is used for both the ‘Personal Home Page’ and ‘Professional Home Page’ development of website applications and pages.

PHP – Hypertext Pre-Processor

Features

  • Simple: easy-to-use
  • Open Source: free
  • Server-side scripting language: Applications run on a server. The code contains HTML and PHP code placed between ‘<?PHP’ and end ‘?>’ tags.
  • Programming Style: Procedural or Object-Oriented Programming (OOP)
  • Powerful: fast to implement, logic and commands similar to C language
  • Development Environment: Linux, UNIX (HP UX, Open BSD, Solaris) Windows, Mac OS, RISC OS
  • Supported Web Servers: Apache, IIS, FastCGI (Lighttpd & Nginx)
  • Secured
  • Flexible: Almost 75% of websites are designed using PHP which includes Facebook, Yahoo
  • Web Development Features: dynamic content, sending & receiving cookies.
  • Database Support: Supports a wide range of databases and their functions like MySQL to retrieve, edit, delete, and many more operations. Supports Abstraction layer such as PDO or database connect using Open Database connection via ODBC. Connect to other databases via cURL or sockets like CouchDB.
  • Support connections with other servers to create raw network connections using protocols like HTTP, LDAP, IMAP, NNTP, PoP3
  • Writing desktop applications using a graphical interface
  • Word Processing or Text Processing which includes regular expressions, XML document interpretation, and access. Generate and display text from XHMTL or XML files.
  • Advanced Features: Can work as a web-server module or CGI interpreter, executing code using Cron-tables in Linux or Task Scheduler on Windows (such scripts run from the command line using PHP interpreter), creating image & PDF files, make video adjustments. 
01.20.23
by

Improve WP Security Disable Comments and Hotlinking


(Ananova News) January 20, 2023.

Often spammers leave malicious links in comments or use someone’s else image without permission (hotlinking). Miscreants very conveniently steal images and use the image URL directly on the website, which is served from the original location. Most images have licensing restrictions attached to them like no commercial use under any circumstances. Without paying for the license, the hotlinking allows them to use the image. Digital assets need proper attribution to the original creator.

To disable comments and hotlinking, log in to your WordPress dashboard and navigate to the “Settings” section.

  • From there, click on the “Discussion” tab and scroll down to the “Other Comment Settings” section.
  • Uncheck the box next to the “Allow people to post comments on new articles” option and click on the “Save Changes” button.

To disable hotlinking, you will need to add a few lines of code to your website’s .htaccess file.
WordPress.com uses CDN to speed up the delivery of your assets with hotlink protection.
Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

01.20.23
by

Disable PHP Error Reporting


(Ananova News) January 20, 2023.

PHP error reporting feature displays errors and warnings on the website when something goes wrong. For debugging purpose, it is very useful, but pose a security threat, when reveals sensitive information. Furthermore, looks unprofessional if errors or warning messages displays on the website.

Thus, the feature is disabled, by inserting the following code in the wp-confifg.php file.


ini_set('display_errors','Off');
ini_set('error_reporting', E_ALL );
define('WP_DEBUG', false);
define('WP_DEBUG_DISPLAY', false);

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

01.19.23
by

Disable External URL Requests


(Ananova News) January 19, 2023.

External URL requests are requests made by your website to external websites or servers. For some functionality and a better experience, there may be a need to tap into other sites or services. While these requests can be useful, they can also present a security risk if they are not properly configured or may respond slower than intended. If external sources respond slowly they might affect the website’s performance. The website is being held back by the external resources it’s trying to load.

To better enhance the security of your website, you may want to consider disabling external URL requests.

To disable external URL requests, you will need to edit your website’s wp-config.php file. Insert the following code into the file:

define(‘WP_HTTP_BLOCK_EXTERNAL’, true);

  • This will block external URL requests on your website.
public function block_request( $uri ) {
	// We don't need to block requests, because nothing is blocked.
	if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) {
		return false;
	}

	$check = parse_url( $uri );
	if ( ! $check ) {
		return true;
	}

	$home = parse_url( get_option( 'siteurl' ) );

	// Don't block requests back to ourselves by default.
	if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) {
		/**
		 * Filters whether to block local HTTP API requests.
		 *
		 * A local request is one to `localhost` or to the same host as the site itself.
		 *
		 * @since 2.8.0
		 *
		 * @param bool $block Whether to block local requests. Default false.
		 */
		return apply_filters( 'block_local_requests', false );
	}

	if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) {
		return true;
	}

	static $accessible_hosts = null;
	static $wildcard_regex   = array();
	if ( null === $accessible_hosts ) {
		$accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS );

		if ( false !== strpos( WP_ACCESSIBLE_HOSTS, '*' ) ) {
			$wildcard_regex = array();
			foreach ( $accessible_hosts as $host ) {
				$wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) );
			}
			$wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i';
		}
	}

	if ( ! empty( $wildcard_regex ) ) {
		return ! preg_match( $wildcard_regex, $check['host'] );
	} else {
		return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it.
	}

Courtesy: https://developer.wordpress.org/reference/classes/wp_http/block_request/

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

01.19.23
by

Maintain WP Security Implement SSL for WordPress Website


(Ananova News) January 19, 2023.

Secure Sockets Layer (SSL) security protocol encrypts the data transmitted between your website and users’ browsers. It ensures that the information coming to and from your website is secure. Thus, helping to prevent hackers from intercepting sensitive information. SSL-secured websites contain a certificate that verifies a secured connection. 

SSL is an important aspect to maintain security and a must for every website – Rohit Kumar (Ananova Expert Team). Let’s Encrypt provides free SSL, so, there should be no hesitation to implement the same.

It’s recommended to purchase premium SSL from a reputable provider like Instant SSL, cPanel.net or Namecheap. It’s easy to install and configure on the most cPanel control panel.

An eCommerce customer wants to read HTTPS in the website URL, to consider it secure. SSL encryption is a must for websites collecting sensitive information such as Credit Card numbers, entering user names and passwords, health data, financial accounts, or any other private information.

Most browsers like Google Chrome and Firefox warn the visitor if the website doesn’t have an SSL certificate or has mixed content. 

“This website might not be secure.” – for websites that do not have SSL.

The browser displays a small lock image before the URL when clicked provides information about the certificate holder, the issued by, the expiration date, the issuer’s public key and a digital signature of the certificate issuer.

There are three different types of SSL certificates: domain validated (DV), organization validation (OV) and extended validation (EV). 

  • DV SSL for personal websites is the least expensive option. It requires that the website owner verify that the domain is registered to the domain owner, which is done through the WHOIS database.
  • OV SSL for business or nonprofit websites, and requires a higher level of verification. The SSL certificate issuer verifies the address and location of the owner.
  • EV SSL for e-commerce businesses and businesses exchanging financial data as it offers the most amount of protection. The certificates offer the highest monetary warranties to any website viewers affected by an SSL failure.

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

01.19.23
by

Improve WP Security: Disable PHP File Execution


(Ananova News, January 19, 2023.
Disabling PHP in specific writeable directories stops the PHP execution process. While it’s enabled with proper configuration in some directories. The hackers attempt to break the website by uploading backdoor access files or malware in the PHP code of WordPress files to gain access to the website. The.htaccess file can be used to disable PHP execution.
Insert the following code into the .htaccess file in a directory:

php_flag engine off
<Files *.php>
deny from all
<Files>

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

01.19.23
by

Secured WordPress Hosting


(Ananova News) January 11, 2023.

Choosing a secured WordPress web hosting provider is a must, and with that, a business website may need security plugins like Jetpack or Wordfence. Along with the provider, a business also purchases security software as an essential aspect of maintaining website security. It’s expected of a web hosting provider to prevent cyberattacks and malware or virus threats. So, Ananova always recommends going with well-known hosting companies. You can check their track records and security features, such as SSL certificates, firewall protection, and malware scanning, by looking them up online or doing some research.

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

01.04.23
by

Disable Access to wp-config.php on WordPress


(Ananova News) January 04, 2023.

Ananova technical experts recommend disabling access to wp-config. PHP to secure WordPress thus preventing unauthorized access. The file contains sensitive information like database credentials, configuration settings and security keys. The administrators can change table prefixes, relocate core WordPress file folders like wp-pluginswp-uploads, and wp-content, and perform other advanced configurations.

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the installation.
 * You don't have to use the web site, you can copy this file to "wp-config.php"
 * and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * Database settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://wordpress.org/support/article/editing-wp-config-php/
 *
 * @package WordPress
 */
 
// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );
 
/** Database username */
define( 'DB_USER', 'username_here' );
 
/** Database password */
define( 'DB_PASSWORD', 'password_here' );
 
/** Database hostname */
define( 'DB_HOST', 'localhost' );
 
/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
 
/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
 
/**#@+
 * Authentication unique keys and salts.
 *
 * Change these to different unique phrases! You can generate these using
 * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
 *
 * You can change these at any point in time to invalidate all existing cookies.
 * This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );
 
/**#@-*/
 
/**
 * WordPress database table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_';
 
/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the documentation.
 *
 * @link https://wordpress.org/support/article/debugging-in-wordpress/
 */
define( 'WP_DEBUG', false );
 
/* Add any custom values between this line and the "stop editing" line. */
 
 
 
/* That's all, stop editing! Happy publishing. */
 
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
}
 
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';

Courtesy: https://jetpack.com/blog/wp-config-php/

How To Disable Access to wp-config.php Using .htaccess

# to protect wp-config.php
<Files wp-config.php>
order allow,deny
deny from all
</Files>

Here “deny all” will deny everyone access to wp-config.php.