Archive of ‘My News’ category

How to harden your WordPress?

blog-security

WordPress has been always targeted by hackers because of its known vulnerabilities. These vulnerabilities does not limit only to WordPress core files but, most of the times, are the outdated plugins and themes. Securing your WordPress website takes time and should be done in a recurring process. Here are the steps you should take to protect your WordPress.

1. Harden the security of your WordPress.

This article from WordPress codex go through some common forms of vulnerabilities, and the things you can do to help keep your WordPress installation secure. Before proceeding to the steps below, I highly recommend that you follow all the listed steps in the article and execute them.

2. Install Wordfence

This plugin, available for FREE in WordPress plugin store, is a highly recommended security plugin for your WordPress site to help you secure your website. It offers multiple features such as scanning integrity of your WordPress core files, and as well as for malware vulnerable themes, plugins, etc. NOTE AND READ: Since this is a wordpress plugin, make sure you always update it.

3. Rename your wp-login.php

Another great plugin called Rename wp-login.php works to easily rename your wp-login.php which is highly targeted by spammers and hackers trying to get in to your WordPress. This plugin will rename your wp-login.php so you only you will know where to access admin dashboard. However, if you are using the WP comment system, the point of hiding the login page will make no sense because your commenters will have to login in order to comment. Thankfully, Shrewdies wrote a detailed guide to help us fix that.

4. Scan your website

After all the hard-work, you want to make sure your website is really secured. Sucuri SiteCheck provides remote scanning and will report to you if your website is free from malware, and other security flaws.

5. Stay up to date

Know the latest plugin vulnerability. Subscribe to Sucuri’s blog. Being the security firm that we trust, Sucuri’s blog are the most up-to-date when it comes to reporting vulnerabilities simply because… it is their business.

Thanks to Mark Magno.

Defend your WordPress from hackers!

wordpress-security

There was a known plugin named Exploit Scanner that can help detect damaged files caused by hacks. Aside from this, you can consider the following:

  • Change passwords frequently all users most Administrators and Editors.
  • Modify also your FTP account’s password.
  • Re-install the latest version of WordPress.
  • Make sure all of your plugins and themes are up-to-date.
  • Lastly, update your security keys.

Updated COC: Get 1M gems, and build TownHall Lvl-11

freegems

Note: Before doing this, please make sure that your current COC account is connected to your gmail account. Root first your phone before using this hack. Create a new gmail account for this experiment.

What you can do with this COC hack? 

  1. You can have unlimited GEMS
  2. Full storage of GOLD and ELIXIR
  3. Build, create, and upgrade to MAX levels
  4. Attack other members with your own strategy

How? 

  1. After rooting your phone, visit google play and install HOST editor app.
  2. Add this to your host editor: IP Address= 5.196.206.239, Hostname = gamea.clashofclans.com
  3. After doing above, runn your coc app.

How to Root your Phone?

root

In some cases, there were instances that you need some functionalities of your smartphone to do a task which it cannot because it is not rooted.

In my experience, the FRAMAROOT app is the easiest and fastest way to root our smartphones. Why do we need to root our phone? For me, because I can:

  • save space in my internal memory by forcing apps to move to my external memory card
  • backup my apps/sms/phonebook
  • go inside my phone’s root files
  • reprogram my phone’s software
  • change the my phone’s firmware or operating system
  • secure more my phone
  • install more apps that require root requirements
  • and more (too many to mention)

Now, there are things you should take note before rooting your phone.

  1. Check your smartphone model if it’s in the list [HERE]. Take note of the exploit where your phone is listed (ex: boromir).
  2. After doing number 1, download [FRAMAROOT apk here.]

How?

  1. If you used a computer to download the apk, transfer it to your phone and install it.
  2. Run the framaroot app.
  3. Select superSu or superUser.
  4. Choose the appropriate exploit as you have noted above.
  5. Reboot your device.
  6. Enjoy!

Note: Make sure that your battery is not below half of your battery meter. Clean your cache first before doing this tutorial for faster result.

 

Try at your own risk. The author has no liability to any lose of files or damage to your devices that may occur by following the steps provided here. This is for learning purposes only.

NetCraft: Hostgator has fraud warning

hostgator-fraud-noreply

Last April 6, 2015, I bought a hosting from Hostgator.com and to test my script with them. Before, I was very curious to know how performing well are the websites being hosted with them, or should I say my website later on. Well, to cut it short, a few hours exploring their portal, here my observations:

1. Portal Credibility. Their portal hosting panel is under beta and some are not functioning like the phpmyadmin which it tooks me almost an hour to discuss with the agent about it. They should inform customers like me that it is better to use the cpanel link instead of the portal link.

2. Incomplete Email Notice. I received confirmation email containing my password, and the login details are for billing only. I thought this is also my password in the cpanel. It’s only after the agent I talked to that I should received a separate email about my cpanel account. When the agent resend the cpanel details, my gmail account received it at the spam folder and marked with warning about fraud/identity theft notice against hostgator. Click the picture to see the whole photo.

hostgator-fraud-email

3. Security and Privacy Issues. My Opera browser detected that the cpanel server of hostgator has an issue of fraud/identity theft as shown in the picture below. Click image to see the whole picture.

hostgator-warning

4. Non-sense Verification. I was shocked that after a couple of hours exploring hostgator panel, and I try to talk to an agent via live chat, my account is already inaccessible with the words “please contact hostgator”. And I think, if I didn’t report the issue, they will not disable my account. The agent told me that it’s their policy that after getting paid, all accounts will undergo identity verification, and they asked me about my credit card, government ID, etc. Because I wanted to continue testing their services, I provided a scan copy of my driver’s license and my account was restored after 8 hours to be exact which I received via email.

For me, this policy is nonsense. Considering that I or other customers have undergone very tedious process of Credit Card/Debit Card/Paypal verification, Hostgator should not validate or verify again. They should stick to policy that “the payment details must be the same with the account details they will use”. Well, I am not surprised anymore that netcraft has an issue with hostgator’s fraud/identity theft transactions because of this. Their employees might sell the identity proof that we have submitted to them, or their storage where our identity proof was saved can be copied by intruders.

5. Ticket Response Dissatisfaction. I have created a ticket since April 6, and I also follow up this via live chat about the issue and until now as I write this blog, I didn’t received any reply. Maybe because they can’t justify their fault. See picture below.

hostgator-fraud-noreply

6. Server’s Performance and Security Issue. As I have shown evidences above about their server’s problem about fraud and identity theft, there’s no other words that I can stay with them.

7. Account Cancellation. Cancelling account with them is tedious and I need to finish my current subscription, after that, it will stop. But they can still continue charge me if I didn’t cancel my paypal transaction with them.

You can check and read my conversation transcript with their CHAT support HERE.

Verdict: I can’t stay anymore with hostgator considering these observations and experience with them. Maybe sometime, if they have resolved fraud issue and server issue, I can return back to them because of low-budget hosting.

Pacquiao-Mayweather’s fight, finally

pacquiao-vs-mayweather

pacquiao-vs-mayweather

Finally, the most awaited fight of the century is in reality. It’s Pacquiao and Mayweather’s boxing fight. Since 2009, the public is calling for this big fight.

Mayweather just tweeted that the deal is done, and May 2 is their fight at MGM grand arena. This fight can be watched at HBO and Showtime in pay-per-view.

Who’s your bet? Pacquiao or Mayweather?

1 2 3 5

Content Protected Using Blog Protector By: PcDrome. & GeekyCube.