Improve WP Security Disable Comments and Hotlinking


(Ananova News) January 20, 2023.

Often spammers leave malicious links in comments or use someone’s else image without permission (hotlinking). Miscreants very conveniently steal images and use the image URL directly on the website, which is served from the original location. Most images have licensing restrictions attached to them like no commercial use under any circumstances. Without paying for the license, the hotlinking allows them to use the image. Digital assets need proper attribution to the original creator.

To disable comments and hotlinking, log in to your WordPress dashboard and navigate to the “Settings” section.

  • From there, click on the “Discussion” tab and scroll down to the “Other Comment Settings” section.
  • Uncheck the box next to the “Allow people to post comments on new articles” option and click on the “Save Changes” button.

To disable hotlinking, you will need to add a few lines of code to your website’s .htaccess file.
WordPress.com uses CDN to speed up the delivery of your assets with hotlink protection.
Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

Disable PHP Error Reporting


(Ananova News) January 20, 2023.

PHP error reporting feature displays errors and warnings on the website when something goes wrong. For debugging purpose, it is very useful, but pose a security threat, when reveals sensitive information. Furthermore, looks unprofessional if errors or warning messages displays on the website.

Thus, the feature is disabled, by inserting the following code in the wp-confifg.php file.


ini_set('display_errors','Off');
ini_set('error_reporting', E_ALL );
define('WP_DEBUG', false);
define('WP_DEBUG_DISPLAY', false);

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

Disable External URL Requests


(Ananova News) January 19, 2023.

External URL requests are requests made by your website to external websites or servers. For some functionality and a better experience, there may be a need to tap into other sites or services. While these requests can be useful, they can also present a security risk if they are not properly configured or may respond slower than intended. If external sources respond slowly they might affect the website’s performance. The website is being held back by the external resources it’s trying to load.

To better enhance the security of your website, you may want to consider disabling external URL requests.

To disable external URL requests, you will need to edit your website’s wp-config.php file. Insert the following code into the file:

define(‘WP_HTTP_BLOCK_EXTERNAL’, true);

  • This will block external URL requests on your website.
public function block_request( $uri ) {
	// We don't need to block requests, because nothing is blocked.
	if ( ! defined( 'WP_HTTP_BLOCK_EXTERNAL' ) || ! WP_HTTP_BLOCK_EXTERNAL ) {
		return false;
	}

	$check = parse_url( $uri );
	if ( ! $check ) {
		return true;
	}

	$home = parse_url( get_option( 'siteurl' ) );

	// Don't block requests back to ourselves by default.
	if ( 'localhost' === $check['host'] || ( isset( $home['host'] ) && $home['host'] === $check['host'] ) ) {
		/**
		 * Filters whether to block local HTTP API requests.
		 *
		 * A local request is one to `localhost` or to the same host as the site itself.
		 *
		 * @since 2.8.0
		 *
		 * @param bool $block Whether to block local requests. Default false.
		 */
		return apply_filters( 'block_local_requests', false );
	}

	if ( ! defined( 'WP_ACCESSIBLE_HOSTS' ) ) {
		return true;
	}

	static $accessible_hosts = null;
	static $wildcard_regex   = array();
	if ( null === $accessible_hosts ) {
		$accessible_hosts = preg_split( '|,\s*|', WP_ACCESSIBLE_HOSTS );

		if ( false !== strpos( WP_ACCESSIBLE_HOSTS, '*' ) ) {
			$wildcard_regex = array();
			foreach ( $accessible_hosts as $host ) {
				$wildcard_regex[] = str_replace( '\*', '.+', preg_quote( $host, '/' ) );
			}
			$wildcard_regex = '/^(' . implode( '|', $wildcard_regex ) . ')$/i';
		}
	}

	if ( ! empty( $wildcard_regex ) ) {
		return ! preg_match( $wildcard_regex, $check['host'] );
	} else {
		return ! in_array( $check['host'], $accessible_hosts, true ); // Inverse logic, if it's in the array, then don't block it.
	}

Courtesy: https://developer.wordpress.org/reference/classes/wp_http/block_request/

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

Maintain WP Security Implement SSL for WordPress Website


(Ananova News) January 19, 2023.

Secure Sockets Layer (SSL) security protocol encrypts the data transmitted between your website and users’ browsers. It ensures that the information coming to and from your website is secure. Thus, helping to prevent hackers from intercepting sensitive information. SSL-secured websites contain a certificate that verifies a secured connection. 

SSL is an important aspect to maintain security and a must for every website – Rohit Kumar (Ananova Expert Team). Let’s Encrypt provides free SSL, so, there should be no hesitation to implement the same.

It’s recommended to purchase premium SSL from a reputable provider like Instant SSL, cPanel.net or Namecheap. It’s easy to install and configure on the most cPanel control panel.

An eCommerce customer wants to read HTTPS in the website URL, to consider it secure. SSL encryption is a must for websites collecting sensitive information such as Credit Card numbers, entering user names and passwords, health data, financial accounts, or any other private information.

Most browsers like Google Chrome and Firefox warn the visitor if the website doesn’t have an SSL certificate or has mixed content. 

“This website might not be secure.” – for websites that do not have SSL.

The browser displays a small lock image before the URL when clicked provides information about the certificate holder, the issued by, the expiration date, the issuer’s public key and a digital signature of the certificate issuer.

There are three different types of SSL certificates: domain validated (DV), organization validation (OV) and extended validation (EV). 

  • DV SSL for personal websites is the least expensive option. It requires that the website owner verify that the domain is registered to the domain owner, which is done through the WHOIS database.
  • OV SSL for business or nonprofit websites, and requires a higher level of verification. The SSL certificate issuer verifies the address and location of the owner.
  • EV SSL for e-commerce businesses and businesses exchanging financial data as it offers the most amount of protection. The certificates offer the highest monetary warranties to any website viewers affected by an SSL failure.

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

Improve WP Security: Disable PHP File Execution


(Ananova News, January 19, 2023.
Disabling PHP in specific writeable directories stops the PHP execution process. While it’s enabled with proper configuration in some directories. The hackers attempt to break the website by uploading backdoor access files or malware in the PHP code of WordPress files to gain access to the website. The.htaccess file can be used to disable PHP execution.
Insert the following code into the .htaccess file in a directory:

php_flag engine off
<Files *.php>
deny from all
<Files>

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

Secured WordPress Hosting


(Ananova News) January 11, 2023.

Choosing a secured WordPress web hosting provider is a must, and with that, a business website may need security plugins like Jetpack or Wordfence. Along with the provider, a business also purchases security software as an essential aspect of maintaining website security. It’s expected of a web hosting provider to prevent cyberattacks and malware or virus threats. So, Ananova always recommends going with well-known hosting companies. You can check their track records and security features, such as SSL certificates, firewall protection, and malware scanning, by looking them up online or doing some research.

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

Disable Access to wp-config.php on WordPress


(Ananova News) January 04, 2023.

Ananova technical experts recommend disabling access to wp-config. PHP to secure WordPress thus preventing unauthorized access. The file contains sensitive information like database credentials, configuration settings and security keys. The administrators can change table prefixes, relocate core WordPress file folders like wp-pluginswp-uploads, and wp-content, and perform other advanced configurations.

<?php
/**
 * The base configuration for WordPress
 *
 * The wp-config.php creation script uses this file during the installation.
 * You don't have to use the web site, you can copy this file to "wp-config.php"
 * and fill in the values.
 *
 * This file contains the following configurations:
 *
 * * Database settings
 * * Secret keys
 * * Database table prefix
 * * ABSPATH
 *
 * @link https://wordpress.org/support/article/editing-wp-config-php/
 *
 * @package WordPress
 */
 
// ** Database settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', 'database_name_here' );
 
/** Database username */
define( 'DB_USER', 'username_here' );
 
/** Database password */
define( 'DB_PASSWORD', 'password_here' );
 
/** Database hostname */
define( 'DB_HOST', 'localhost' );
 
/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
 
/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
 
/**#@+
 * Authentication unique keys and salts.
 *
 * Change these to different unique phrases! You can generate these using
 * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
 *
 * You can change these at any point in time to invalidate all existing cookies.
 * This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );
 
/**#@-*/
 
/**
 * WordPress database table prefix.
 *
 * You can have multiple installations in one database if you give each
 * a unique prefix. Only numbers, letters, and underscores please!
 */
$table_prefix = 'wp_';
 
/**
 * For developers: WordPress debugging mode.
 *
 * Change this to true to enable the display of notices during development.
 * It is strongly recommended that plugin and theme developers use WP_DEBUG
 * in their development environments.
 *
 * For information on other constants that can be used for debugging,
 * visit the documentation.
 *
 * @link https://wordpress.org/support/article/debugging-in-wordpress/
 */
define( 'WP_DEBUG', false );
 
/* Add any custom values between this line and the "stop editing" line. */
 
 
 
/* That's all, stop editing! Happy publishing. */
 
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
	define( 'ABSPATH', __DIR__ . '/' );
}
 
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';

Courtesy: https://jetpack.com/blog/wp-config-php/

How To Disable Access to wp-config.php Using .htaccess

# to protect wp-config.php
<Files wp-config.php>
order allow,deny
deny from all
</Files>

Here “deny all” will deny everyone access to wp-config.php.

Business’s online presence


Do you think every online business is earning? Surely not! Experts say that there are several crucial factors in today’s era on which success depends. Is building a professional website hosted on a good web hosting provider server enough to thrive in business?
Is selecting the web hosting provider a significant aspect that drives online success? A decade ago, there was a boom in Reseller hosting business. The resellers conceal the details from web-hosting customers like the servers’ actual owners. These resellers sell particular webspace and bandwidth from the server they lease or VPS account. A customer feels happy when his business runs smoothly and technical help is available when required. These resellers were like dealers. The support is also actually provided by the parent hosting provider under the name of the Reseller company.

Do you think every online business is earning? Surely not! Experts say that there are several crucial factors in today's era on which success depends. Is building a professional website hosted on a good web hosting provider server enough to thrive in business?

From what I experienced in the early days, this model gained a lot of success. But, as prices got thrashed, running a reseller web hosting company with 100% satisfaction became a daunting task, and thus most resellers closed their business. The ease of hosting companies with the availability of control panels for every job also made the web hosting business competitive. Most companies could set up their hosting services without much complexity.

The platforms like WordPress make it easy to build a website to bring business online. The articles about choosing the best web hosting provider start fading or losing the web crawler’s ranking. The web hosting review and rating websites started losing relevance. The hosting customers rely on something other than the web hosting market stories.
A hosting customer is now intelligent enough to understand its hosting needs or requirement. With the abundant availability of web space, bandwidth and other resources, the business website customer is looking for other factors like website security, backup and support. These news factors determine business online success; thus, a hosting customer is inclined only to those hosting companies that focus on these factors. A must-have online business website needs a sincere, dedicated and technologically advanced hosting provider.

There was a time when customers got attracted by the keywords like unlimited and one-stop-shop. Now, a hosting customer looks to host its website only to branded providers with a customer-centric approach. Hosting providers provide sufficient space, bandwidth, resources, and help on forums, articles, and video clips. Still, a customer goes to a provider with the long-lasting experience to host on a platform.

Many hosting providers offer WordPress different hosting packages. Some offer cheap, and some claim to provide excellent services. Now, customers also look to their budget and some like using cheap web hosting providers. Ananova lists many cheap affordable web hosting providers offering free instant set-up, free domain for life, unlimited Space and Traffic and an adequate money-back guarantee, among many others. The Ananova ranks them depending on the user reviews on factors such as reliability, security, speed of access and factors crucial for running an online business.

Ananova ranks the providers with the latest technology and upgraded and updated software. Many tools are available to monitor website uptime, speed, background technology, and software versions.

Trust Ananova is a listed WordPress hosting provider offering the best hosting features, 24×7 support and technology for your e-commerce website.