Archive of ‘Web Dev’t’ category

How to harden your WordPress?

blog-security

WordPress has been always targeted by hackers because of its known vulnerabilities. These vulnerabilities does not limit only to WordPress core files but, most of the times, are the outdated plugins and themes. Securing your WordPress website takes time and should be done in a recurring process. Here are the steps you should take to protect your WordPress.

1. Harden the security of your WordPress.

This article from WordPress codex go through some common forms of vulnerabilities, and the things you can do to help keep your WordPress installation secure. Before proceeding to the steps below, I highly recommend that you follow all the listed steps in the article and execute them.

2. Install Wordfence

This plugin, available for FREE in WordPress plugin store, is a highly recommended security plugin for your WordPress site to help you secure your website. It offers multiple features such as scanning integrity of your WordPress core files, and as well as for malware vulnerable themes, plugins, etc. NOTE AND READ: Since this is a wordpress plugin, make sure you always update it.

3. Rename your wp-login.php

Another great plugin called Rename wp-login.php works to easily rename your wp-login.php which is highly targeted by spammers and hackers trying to get in to your WordPress. This plugin will rename your wp-login.php so you only you will know where to access admin dashboard. However, if you are using the WP comment system, the point of hiding the login page will make no sense because your commenters will have to login in order to comment. Thankfully, Shrewdies wrote a detailed guide to help us fix that.

4. Scan your website

After all the hard-work, you want to make sure your website is really secured. Sucuri SiteCheck provides remote scanning and will report to you if your website is free from malware, and other security flaws.

5. Stay up to date

Know the latest plugin vulnerability. Subscribe to Sucuri’s blog. Being the security firm that we trust, Sucuri’s blog are the most up-to-date when it comes to reporting vulnerabilities simply because… it is their business.

Thanks to Mark Magno.

Defend your WordPress from hackers!

wordpress-security

There was a known plugin named Exploit Scanner that can help detect damaged files caused by hacks. Aside from this, you can consider the following:

  • Change passwords frequently all users most Administrators and Editors.
  • Modify also your FTP account’s password.
  • Re-install the latest version of WordPress.
  • Make sure all of your plugins and themes are up-to-date.
  • Lastly, update your security keys.

Security Update asap!

xss
Written by on October 14, 2015 of Sucuri.net

 

Brief Summary

A recent vulnerability affecting WordPress website users using Akismet version 3.1.4 and lower have been identified by Sucuri.net. The vulnerability is about WordPress Convert emoticons like :-) and ???? to graphics on display, said Sucuri.net on their official Security Disclosure.

Update as Soon as Possible

If you’re using a vulnerable version of this plugin, update as soon as possible! In the event where you can not do this, please contact Jolly Works Hosting Support.

More details of the vulnerability, please head on to Sucuri.net’s blog.

NetCraft: Hostgator has fraud warning

hostgator-fraud-noreply

Last April 6, 2015, I bought a hosting from Hostgator.com and to test my script with them. Before, I was very curious to know how performing well are the websites being hosted with them, or should I say my website later on. Well, to cut it short, a few hours exploring their portal, here my observations:

1. Portal Credibility. Their portal hosting panel is under beta and some are not functioning like the phpmyadmin which it tooks me almost an hour to discuss with the agent about it. They should inform customers like me that it is better to use the cpanel link instead of the portal link.

2. Incomplete Email Notice. I received confirmation email containing my password, and the login details are for billing only. I thought this is also my password in the cpanel. It’s only after the agent I talked to that I should received a separate email about my cpanel account. When the agent resend the cpanel details, my gmail account received it at the spam folder and marked with warning about fraud/identity theft notice against hostgator. Click the picture to see the whole photo.

hostgator-fraud-email

3. Security and Privacy Issues. My Opera browser detected that the cpanel server of hostgator has an issue of fraud/identity theft as shown in the picture below. Click image to see the whole picture.

hostgator-warning

4. Non-sense Verification. I was shocked that after a couple of hours exploring hostgator panel, and I try to talk to an agent via live chat, my account is already inaccessible with the words “please contact hostgator”. And I think, if I didn’t report the issue, they will not disable my account. The agent told me that it’s their policy that after getting paid, all accounts will undergo identity verification, and they asked me about my credit card, government ID, etc. Because I wanted to continue testing their services, I provided a scan copy of my driver’s license and my account was restored after 8 hours to be exact which I received via email.

For me, this policy is nonsense. Considering that I or other customers have undergone very tedious process of Credit Card/Debit Card/Paypal verification, Hostgator should not validate or verify again. They should stick to policy that “the payment details must be the same with the account details they will use”. Well, I am not surprised anymore that netcraft has an issue with hostgator’s fraud/identity theft transactions because of this. Their employees might sell the identity proof that we have submitted to them, or their storage where our identity proof was saved can be copied by intruders.

5. Ticket Response Dissatisfaction. I have created a ticket since April 6, and I also follow up this via live chat about the issue and until now as I write this blog, I didn’t received any reply. Maybe because they can’t justify their fault. See picture below.

hostgator-fraud-noreply

6. Server’s Performance and Security Issue. As I have shown evidences above about their server’s problem about fraud and identity theft, there’s no other words that I can stay with them.

7. Account Cancellation. Cancelling account with them is tedious and I need to finish my current subscription, after that, it will stop. But they can still continue charge me if I didn’t cancel my paypal transaction with them.

You can check and read my conversation transcript with their CHAT support HERE.

Verdict: I can’t stay anymore with hostgator considering these observations and experience with them. Maybe sometime, if they have resolved fraud issue and server issue, I can return back to them because of low-budget hosting.

WordPress as Final Project

utclocal

Final Project Development

Pre-Requirements

1. You must have complete profile HTML website (http://domain.cu.cc/profile)
2. You must have a complete blogsite (http://domain.cu.cc/blog)

Note: Consequences are already cancelled, but I have deducted to your grades.

Goal

Convert your /profile into a wordpress personal website.

Thus you have /profile, /blog, and the root (domain only) no slashes.

final project = http://www.domain.cu.cc
midterm project = http://www.domain.cu.cc/blog
prelim project = http://www.domain.cu.cc/profile

Personal Website Example

Development Guidelines

As you can see in the image:
1. All menus of your /profile should be recreated in your newly personal wordpress site.
2. These menus are made from PAGES
3. The submenus of favorites are MUSIC, VIDEOS, OTHERS page, etc
4. The submenus of gallery are MY PHOTOS, FAMILY, FRIENDS, LOVERS page
5. Submenus are popups menus when pointer is pointed to gallery or favorites
6. Autobiography page can be ONE PAGE only
7. Music and Video pages can be ONE PAGE only
8. The same requirements to gallery (6pics/page in self photos, 4pics/page in family/friends/lovers)
9. In the header, you MAY use your own banner/logo but take note of your full name and the word “official personal website” below.
10. At the sidebar, the gd-blog-rating, recent articles, related sites, chatbox, facebook-profile, who’s online are required to be displayed. You can add as many widgets you want.
11. Include /blog and /profile links in the related sites.
12. Create a POST with the title WELCOME and create any welcome message you want showcasing your personal website. Look for the option STICKY before publishing, to make the article posted always on TOP.
13. Create any article of any category you want.
14. Gather STARS.

CHECKING WILL START ON MARCH 15, 2015

1 2 3 4

Content Protected Using Blog Protector By: PcDrome. & GeekyCube.