Company Blog

WordPress and Security – an Important Guide

  • Posted On  2015-07-13 11:28:07 by AryanIct.com Blog



WordPress powers approximately 50% of all the websites online around the world. This means that it is a very attractive platform for hackers to try and compromise as it gives them the ability to take down many websites in just one go.

We’ve prepared this guide to help you understand the risks and threats as well as explaining how you can defend against them.

Choose a custom username and strong password

The default WordPress login is “admin” and all WordPress hackers know this. Usernames can only be changed using phpMyAdmin after WordPress is installed so it is important to choose an un-common username when installing WordPress.

Assuming you are using Softaculous for installing WordPress, you may specify the username on the installation setup screen.

Good strong passwords are equally important for basic security of your WordPress. Choose a selection of letters and numbers not based on a dictionary word. Worried about how you might remember it? We suggest using RoboForm or LastPass tools in order to securely store all your passwords.

Do not use the same username and password as your hosting account or any other installed web application.

Perform updates on a constant basis

Update your WordPress installation regularly. We suggest that you check for updates at least once a week as WordPress developers frequently release new updates/patches to secure any security holes that hackers have exposed.

You can update WordPress from the admin area or you can update WordPress directly from within Softaculous.

Back up regularly

Back up your WordPress blog regularly. This means that if you are faced with a hacking attack, you can quickly and easily roll back at any time. At AryanIct, we have two backup options available for you.

Alternative method – Softaculous backup

Softaculous also has a backup option. Check “Backup or Delete WordPress with Softaculous” part of our How to Install WordPress using Softaculous article to learn how to use it.
Use themes and plugins developed by officially recommended suppliers

Many themes and plugins are available for WordPress offering a variety of options and opportunities for your website. Here are our recommendations on which themes and plugins you should choose.

Free Themes – important note

If you wish to use free themes, we suggest you install only free themes that you can search for through your WordPress Admin area at Appearance >> Install Themes tab. These have all been vetted and approved by the official WordPress developers and are safe for use.

We do not recommend you download free themes from third party non-verified websites unless you are 100% sure the theme you are about to download is “clean”.

Free Plugins – important note

We strongly recommend you only use free plugins that are rated highly and have been recently released or updated. WordPress shows you the star rating and the latest updates for any particular plugin through the WP Admin area once you request for more details of a plugin you liked. A high number of downloads and excellent star ratings mean the plugin is used and liked by many other WordPress users and recent updates show that the developers are committed to keeping it secure.

Paid Themes and Plugins

The following sites offer paid themes and plugins and are reputable:

  •     www.themeforest.com
  •     www.themefuse.com

Security Plugins

We recommend you download and enable the following security plugins. These help keeping your WordPress website secure:

1. WordPress Firewall 2

This WordPress plugin investigates web requests with simple, WordPress-specific heuristics, to identify and stop the most obvious attacks.

Main settings:

1. You can choose options and actions that will be blocked by firewall.

2. Here, an email address can be specified to receive warnings and notifications from the plugin.

3. With this option, you can whitelist trusted IP addresses.

2. BulletProof Security

BulletProof Security uses .htaccess website security files, which are specific to Apache Linux Servers. The BulletProof Security WordPress Security plugin is designed to be a fast, simple and one click security plugin to add .htaccess website security protection for your WordPress website.

There are many options available with the BulletProof Security plugin, and you can find details using “Read Me” option. But the main one we are going to use is .htaccess protection that can be enabled with “BulletProof Mode” radio button for each .htaccess.

3. Better WP secrurity.

As most WordPress attacks are results of plugin vulnerabilities, weak passwords, and obsolete software, Better WP Security will hide the places where those vulnerabilities live, preventing an attacker from learning too much about your site and keeping him away from sensitive areas like login and admin areas, etc.

Many different security options are available with this plugin, but you can simply enable basic security mode using “Secure My Site From Basic Attacks” (1.)

Or enable each separate option you need (2.)

Optimization Plugins

Also we recommend the following top rated cache plugins to optimize the performance of your blog.

W3 Total Cache

W3 Total Cache improves the user experience of your site by improving your server performance, caching every aspect of your site, reducing the download times and providing transparent content delivery network (CDN) integration.

WP Super Cache

This plugin generates static html files from your dynamic WordPress blog. After a html file is generated, your webserver will serve that file instead of processing the comparatively heavier and more expensive WordPress PHP scripts.

General Security Tips

Always connect securely to your website. When using your web browser, use a https:// connection. You can easily install one of our SSL certificates to secure and encrypt data between your PC/Mac and your website.

Use FTP securely too. Use FTPS instead of FTP when uploading. This encrypts your FTP connection and any data you upload to your website.

Enable CloudFlare. CloudFlare is a CDN (Content Delivery Network) that improves performance of your blog by serving it from CDN nodes around the world. CloudFlare also has security scanning built in as part of the service offered.

AryanIct.com customers can use CloudFlare’s entry level service free of charge. Paid upgrades are available for CloudFlare’s larger service plans. Click the CloudFlare icon in cPanel for more details.

Change your passwords regularly and keep them secure. Never used a dictionary word and always use a combination of capital letters, lower case characters, numbers, and symbols.

The tips provided above do not guarantee 100% security of your WordPress website. However, they drastically decrease chances of getting your WordPress installation defaced, hacked, or abused.

Read More

Spam Assassin – Your Savior From Spam

  • Posted On  2015-07-13 11:17:14 by AryanIct.com Blog

How many times have you been put off by scores of spam mails when you open your email client, hoping to be able to find that elusive contract mail from a client? Website owners and administrators would vouch for the fact that there is hardly anything as irritating as being caught in a flood of spam mails. And when you are left battling it out without a complex spam avoiding and removing tool, the irritation heightens into sheer anger and frustration. Thankfully, cPanel takes care of your administrative troubles dealing with spam mails through the amazingly efficient and useful Spam Assassin.

All You Need To Know About Spam Assassin

The Spam Assassin is disabled by default, and you can find the option to activate it under the Mail Tab once you login to your cPanel. You click on the link and are then taken to the main customization page. This is where you are introduced to all the options and configuration tools that allow you to make the best use of the Spam Assassin. Hit the ‘Enable Spam Assassin’ button and strike the first nail in the coffin of all the future spam racing towards you.

Who Decides the Strictness of the Spam Check?

You do. That is the whole point. By default, the Spam Assassin starts off at a strictness level of 5, and that is the medium level. Of course, you can change it to 8 or even 10. You may make these adjustments in case you wherein you feel that a strictness level of 5 would cause you to miss emails which were not spam and specifically intended to reach you.

Additionally, you have the option of configuring the Spam Assassin to either automatically delete any mail that is tagged as spam according to your set filters, or simply tag the suspected mails with the word SPAM in the beginning of the subject. If you choose the ‘Auto Delete Spam’ option, you can also have the spam mails moved to separate folder on your server. However, there is a slight downside with this method that you might have to consider. If you get unusually high spam mails, you would have to login to your cPanel more frequently than normal in order to get rid of the space occupied by the spam mails. However, on a whole, Spam Assassin is a wonderful anti spam tool that makes life a little easier for you.

Check Spam Assassin’s FAQ at http://wiki.apache.org/spamassassin/FrequentlyAskedQuestions.

Read More

ICANN Reveals the New gTLDs

  • Posted On  2015-07-13 11:15:47 by AryanIct.com Blog

Call it what you want, a giant boondoggle or the greatest thing to happen to commerce since money, but the Internet Corporation for Assigned Names and Numbers (ICANN) has revealed the applications for the new generic Top-Level Domains (gTLD). These aren’t your COMs and NETs from way back in 2011, but the .COKE and .FATBABY or whatever you can conjure and afford.

There were some surprises, like the multitude of companies going after .APP does not include Apple, Inc., and Google went bonkers, applying for more than 100 new domain extensions.
For anyone whose like, “What?” The new gTLD came about when ICANN opened up the door to any word in all kinds of languages to live on the right of the dot. If Google gets .LOL, for example, they’ll sell it like a traditional registry, just as Verisign does COM/NET/TV.

It’s a pricey venture. ICANN will take in about $357,000,000 for the $185,000 per application. So, yes, Google has dropped a small country’s GDP applying for new gTLDs.

Now it gets exciting. With some domain extensions like .GROCERY a hot item, you’ll probably see bidding wars between the likes of Wal-mart and Safeway. Although it’s not just the big boys who get to offer input. ICANN has opened up a 60-day comment period where the public can submit comments on the newly revealed applications.

ICANN also offers these stats:

    Of the 1,930 applications received:

        66 are geographic name applications.
        116 applications are for Internationalized Domain Names, or IDNs, for strings in scripts such as Arabic, Chinese, and Cyrillic.

    Applications were received from 60 countries and territories, broken down by ICANN’s geographic regions;

        911 from North America.
        675 from Europe.
        303 are from Asia-Pacific.
        24 from Latin America and the Caribbean.
        17 from Africa.

As for AryanIct.com, we need to wait for the domains to be approved, and then we’ll offer as many as we can get. There will be a lot that goes into this process, like an entire new infrastructure for domain registries and registrars (like us.) With that kind of excitement (read: fevered work) we’ll be keeping you posted on all the new updates as the come in.

Read More

HTML5 – Compatibility for All?

  • Posted On  2015-07-13 11:14:26 by AryanIct.com Blog

Many of us remember when Flash was the “only” way to enhance user experience and create rich media interactivity. It was a bittersweet integration, though … Many users didn’t have the browser compatibility to use it, so some portion of your visitors were left in the dark. Until recently, that user base was relatively small — the purists who didn’t want Flash or the people whose hardware/software couldn’t support it. When Apple decided it wouldn’t enable Flash on the iPhone/iPad, web developers around the world groaned. A HUGE user base (that’s growing exponentially) couldn’t access the rich media and interactive content.

In the last year or so, Adobe released Flash Media Server to circumvent the Apple-imposed restrictions, but the larger web community has responded with a platform that will be both compatible and phenomenally functional: HTML5.

HTML5 allows us to do things we’ve never been able to do before (at least without the hassle of plugins, installations and frustration). Gone are the limitations that resigned HTML to serving as a simple framework for webpages … Now developers can push the limits of what they thought possible. As the platform has matured, some developers have even taken it upon themselves to prototype exactly where this generation of scripting is heading by creating Flash-free browser games.

Yes, you read that right: Games you can actually play on your browser, WITHOUT plugins.

From simple Pong clones that use browser windows as the paddles and ball to adventure-based Zelda-like massively multiplayer online role playing games (MMORPGs) like BrowserQuest, it’s pretty unbelievable to see the tip of the iceberg of possibilities enabled by HTML5 … Though it does seem a bit ironic to say that a Pong clone is such a great example of the potential of the HTML5 platform. Click on the screenshot below to check out BrowserQuest and tell me it doesn’t amaze you:
With an ingenious combination of CSS, Javascript and HTML5, developers of BrowserQuest have been able to accomplish something that no one has ever seen (nor would ever even have thought possible). Developers are noe able to generate dynamic content by injecting Javascript into their HTML5 canvasses:
Look familiar? The game-making process (not syntax!) appears eerily similar to that of any other popular language. The only difference: You don’t need to install this game … You just open your browser and enjoy.

Using a popular port of Box2D, a physics simulator, making pure browser-based games is as simple as “Make. Include. Create.” Here’s a snippit:
We may be a few years away from building full-scale WoW-level MMORPGs with HTML5, but I think seeing this functionality in native HTML will be a sigh of relief to those that’ve missed out on so much Flash goodness. While developers are building out the next generation of games and apps that will use HTML5, you can keep yourself entertained (and waste hours of time) with the HTML5 port of Angry
HTML5 is not immune to some browser compatibility issues with older versions, but as it matures and becomes the standard platform for web development, we’re going to see what’s to come in our technology’s immediate future: Pure and simple compatibility for all.

Read More

Choosing Between cPanel and Plesk

  • Posted On  2015-07-13 11:06:50 by AryanIct.com Blog

If you’ve been into web hosting long, you may know of all the different control panels. You know their nuances and differences, as well as the strengths of each:

But the sad truth is, we often forget these things, and wind up using the same control panel out of habit. If that’s you, then take this refresher on the two most popular panels around, cPanel and Plesk. We’ll dive into both, and get right down to the nitty gritty competitive nature of each.

What is cPanel And Plesk, Anyway?

For those more familiar with the business, you’ll already know that cPanel is the most popular platform for managing a server. What you may not know is that cPanel has been around since the mid-1990s and is more or less only compatible with Unix and Linux systems. This means it plays along nicely with Red Hat and CentOS.

Plesk, on the other hand, is a relative newcomer to the scene, arriving in the early 2000s. The difference with it is—you guessed it—it supports both Unix and Windows. So who’s got a real leg up on who? To answer, we’ll need to take a look at the strengths of each. We’ll start with the heavyweight, cPanel:

cPanel is The Windows Of Server Systems

What we mean by this is, because cPanel is so widely used, if you have a problem you can more than likely find a solution. There’s a very large group of people using the software, and because cPanel enjoys such a large support basis, its been studied to death. It also sports an easier to learn interface than Plesk, meaning it plays nicer with the masses, and makes it easier to get into web hosting. In essence, cPanel web hosting is as Ubuntu is to Linux—Please don’t shoot me Tux nerds: I’m just creating analogies!

Plesk Is Bi-server-ual

Plesk, on the other hand, handles multiple servers and operating systems like a champ. The interface is a bit more complicated, and has a slightly steeper learning curve, but in return it supports both Unix and Windows. It also handles multiple commands better than cPanel.

At the end of the day, as most quality hosting options give you a choice between both services, your real conundrum is this: Do you want ease of use with a Unix face, or do you want a multi-server Windows machine?

Read More