Tag Archives: WP Security

01.20.23
by

Improve WP Security Disable Comments and Hotlinking


(Ananova News) January 20, 2023.

Often spammers leave malicious links in comments or use someone’s else image without permission (hotlinking). Miscreants very conveniently steal images and use the image URL directly on the website, which is served from the original location. Most images have licensing restrictions attached to them like no commercial use under any circumstances. Without paying for the license, the hotlinking allows them to use the image. Digital assets need proper attribution to the original creator.

To disable comments and hotlinking, log in to your WordPress dashboard and navigate to the “Settings” section.

  • From there, click on the “Discussion” tab and scroll down to the “Other Comment Settings” section.
  • Uncheck the box next to the “Allow people to post comments on new articles” option and click on the “Save Changes” button.

To disable hotlinking, you will need to add a few lines of code to your website’s .htaccess file.
WordPress.com uses CDN to speed up the delivery of your assets with hotlink protection.
Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

01.19.23
by

Maintain WP Security Implement SSL for WordPress Website


(Ananova News) January 19, 2023.

Secure Sockets Layer (SSL) security protocol encrypts the data transmitted between your website and users’ browsers. It ensures that the information coming to and from your website is secure. Thus, helping to prevent hackers from intercepting sensitive information. SSL-secured websites contain a certificate that verifies a secured connection. 

SSL is an important aspect to maintain security and a must for every website – Rohit Kumar (Ananova Expert Team). Let’s Encrypt provides free SSL, so, there should be no hesitation to implement the same.

It’s recommended to purchase premium SSL from a reputable provider like Instant SSL, cPanel.net or Namecheap. It’s easy to install and configure on the most cPanel control panel.

An eCommerce customer wants to read HTTPS in the website URL, to consider it secure. SSL encryption is a must for websites collecting sensitive information such as Credit Card numbers, entering user names and passwords, health data, financial accounts, or any other private information.

Most browsers like Google Chrome and Firefox warn the visitor if the website doesn’t have an SSL certificate or has mixed content. 

“This website might not be secure.” – for websites that do not have SSL.

The browser displays a small lock image before the URL when clicked provides information about the certificate holder, the issued by, the expiration date, the issuer’s public key and a digital signature of the certificate issuer.

There are three different types of SSL certificates: domain validated (DV), organization validation (OV) and extended validation (EV). 

  • DV SSL for personal websites is the least expensive option. It requires that the website owner verify that the domain is registered to the domain owner, which is done through the WHOIS database.
  • OV SSL for business or nonprofit websites, and requires a higher level of verification. The SSL certificate issuer verifies the address and location of the owner.
  • EV SSL for e-commerce businesses and businesses exchanging financial data as it offers the most amount of protection. The certificates offer the highest monetary warranties to any website viewers affected by an SSL failure.

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.

01.19.23
by

Improve WP Security: Disable PHP File Execution


(Ananova News, January 19, 2023.
Disabling PHP in specific writeable directories stops the PHP execution process. While it’s enabled with proper configuration in some directories. The hackers attempt to break the website by uploading backdoor access files or malware in the PHP code of WordPress files to gain access to the website. The.htaccess file can be used to disable PHP execution.
Insert the following code into the .htaccess file in a directory:

php_flag engine off
<Files *.php>
deny from all
<Files>

Technical experts always suggest keeping software (theme, plugins, third-party add-ons, and WordPress Core) updated and up-to-date with the latest fixes. Always use strong and unique logins and passwords to secure accounts. Hence, it is always suggested to have managed WordPress hosting, as the provider monitors website security, takes regular backups, and keeps them up.

Companies like WordPress.com have the expertise to protect hosted websites from cyber attacks, breaches, hacking, identity and access management (IAM), malware and vulnerabilities, and phishing. They take care of updating WordPress core, themes, plugins, and PHP, disabling external URL requests, and implementing SSL. They keep regular backups, which ensure business continuity. A secured website has a good online reputation, so businesses prioritise security. Every eCommerce store and business website needs protection against cyberattacks, malware, and viruses. Businesses want to protect data as well as sensitive information and thus want to ensure website functionality and online reputation. Hence, it asks for crucial security measures. Google penalises or blacklists malicious or phishing websites.