Tag: Wordpress

10 website security tips with Megan Ferrell and show feedback.

10 website security tips with Megan Ferrell and show feedback.

10+ Web Site Security Tips
10+ Web Site Security Tips

Feedback on/about the podcast.

  • Who is this podcast for?

The short answer to this question is, me. This podcast came about by me wanting to have something for my children to remember me by. I originally started reading books, recording them and then archiving them. The first book I read was Night Before Christmas. We have a family tradition of reading it Christmas eve. I wanted there to be a recorded version of myself that my children could listen to and share with their kids, long after I was gone. From there, I started reading Encyclopedia Brown books. This series holds fond memories for me and my youngest as it is one of the first books we read together, and then tried to figure out the answer. It was a lot of fun and if you have not read any of the books I highly recommend reading them. Even as an adult, they hold great value. After doing the books for a while, the next logical step was to do a podcast. Something that shared my discipline in Linux/Unix. So the podcast, web hosting podcast, was born.

For those that wonder what the target market would be for this podcast, I am not 100% certain. I like to think it is someone that is new to hosting and wants to get the most out of their shared hosting plan. I really like to share and give out information to anyone that will listen, and anyone that knows me personally, I think would agree. There is a wealth of information jammed into my head about everything from Apache to Xen Virtualization. Most of it is going to be very boring. So, I try to wade through the minutiae and bring the elements of hosting that I think would be not only interesting, but relevant. My hope is that this remains fun, for me, and in the end if someone finds one thing that is useful then that would be a bonus.

If you have questions or comments regarding the podcast or your own web site please feel free to drop me a line. The easiest way to reach me is through the contact form on https://webhostingpodcast.com/contact

 

10 website security tips + a few more for good measure.

Megan Ferrell from websites 503 joins me via zoom.us to discuss 10 website security steps. We take time going over the questions after the speed round of her answering them. We then add a few of our own recommendations for good measure. I urge anyone that has a website to look over these 10+5 security steps and see how your web site rates. These steps are very easy to fulfill so you get a 100%.

  1. Is your CMS software up to date?
  2. Are you using trusted third-party plugins and themes?
  3. Have you changed default settings on your CMS?
  4. Do you promptly remove outdated access permissions?
  5. Does your website URL start with HTTPS?
  6. Are you using a WAF (Web Application Firewall)?
  7. Is your server monitored for malware?
  8. Do you use SFTP instead of FTP to upload files to your website?
  9. Do you have daily backups of your website?
  10. Are passwords difficult?

    Bonus round

  11. Have you changed all default passwords sent to you when you signed up?
  12. Does your developer or another person know your passwords?
  13. Have you disabled and removed all unused themes or plugins?
  14. Have you hidden your login page?
  15. Have you enabled or use two factor authentication?

The original 10 steps came from the following link.

Upcoming topics and additonal show ideas.
In the coming episodes, we are going to take a look at SEO, Managed WordPress Options that are FREE, modifying the robots.txt file and touch on some development topics. I am also looking at starting a web hosting round table show in 2018 using google hangouts or youtube. If anyone is interested in participating in the round table, please use the contact form to get in touch. The idea from the round table came from watching the podcasters round table. I would like to have no more than 6 people on at a time, a topic would be determined ahead of time to ensure a proper fit, and then discuss that topic in a round table setting. I think it would be very informative to get many different points of view. For example, my idea of a developer/designer could possibly be different than yours. If this sounds like something that would interest you please let me know.

Web hosting one click installers, David Anderson of Canvas Host talks domains

Web hosting one click installers, David Anderson of Canvas Host talks domains

Web Hosting Podcast episode 3


News / security

WordPress plugin with 200,000 installs has a backdoor – Display Widgets version 2.6.1 and 2.6.3
https://www.bleepingcomputer.com/news/security/backdoor-found-in-wordpress-plugin-with-more-than-200-000-installations/

ransom-ware outbreak

Company agrees to pay $1 million in bitcoin to unlock 157 web servers.
https://www.bleepingcomputer.com/news/security/south-korean-web-hosting-provider-pays-1-million-in-ransomware-demand/

CloudFlare now includes apps June 27th – https://blog.cloudflare.com/cloudflare-apps-2/
Some of the great apps on cloudflare I have found.
– social icons – add social icons automatically to your site
– tweet this – highlight and tweet text
– Facebook comments – Facebook Comments app lets people comment on content on your site using their Facebook account.
– Facebook Like – Add a Facebook Like button to your site to build your social media presence.
– Pinterest – Let your visitors share your content and increase your social presence with Pinterest buttons!
– google maps – quickly add a map to your page.
– spotify, soundcloud, trebble – add music playlists to your site.
– ecommerce apps for paypal
– fun stuff – particles and browser blast.
– check out all the apps here.

One click installers

What are one click installers?
One click installers allow you to “install” a range of popular software from a library of applications for use. These can include wordpress, joomla, drupal and many others depending on your host and possibly the hosting plan you select at signup.

The 3 major one click installers used for hosting.
fantastico -https://netenberg.com/
softaculous – https://www.softaculous.com/
installatron – http://installatron.com/

All have panel integration (cpanel, plesk, etc..)

All allow you to install the most current version of popular software including.
wordpress
drupal
joomla
magento

Why I like installatron over the others.

– Ease of use, hands down installatron is easiest to use.
– clone a site and move a site to another location – very easy to do.
– remote backup including dropbox integration.
– automatic install of security plugins (wordpress specific in this case) during the one click install.
– automatic update with backup and rollback ; this is huge. Installatron will automatically backup, then attempt to update each piece that needs a update. If a update fails it will roll back to the backup file. It sends emails out regarding the status of the updates and if they were successful or not.
– schedule of backups and retention. This only backs up the installed application and not your entire cPanel or control panel account. This allows your site to be portable and easy to restore in the event something happens to your site.
– Easily login to your wordpress site from inside of cPanel.
– Easily reset your wordpress login credentials, this includes the password.
– Install two factor authentication on creation of wordpress site, or later on. This can be enabled by default.
– Limit failed login attempts, by default.
– You can import current installs into installatron so that it can manage it for you. This is very handy to help manage automated updates and backups.

Follow this blog post to see how to import your current install of wordpress into installatron. Keeping your WordPress Website Updated | Enrolling in an Automatic Updater

 

Domain registration with David Anderson of Canvas Host

Topics covered with David from Canvas Host.
– What is a domain registrar.
– Buying a new domain.
– Price change after one year – this is very common to see a $1.99 or lower, intro price and then have a much higher price renewal after the first year. Could be much much higher.
– Domain transfer to new registrar – unlock domain, generate epp code, send epp code to new registrar. Watch the transfer fee, will renew for 1 year.
– Grace periods – 0 – 45 days after it expires. Just the cost to renew.
– Redemption – after 45 days. This costs a lot more money + renewal. Fee varies on registrar.
– Pending deletion after 80 days, which then anyone can register after released. This is cheaper than paying redemption fees, but could cost you your domain.
– Loosing a domain by lapsing and entering delete state.
– Contact information must be current on domain registration so that you can be reached. DO NOT USE bogus/false info!!
– Private registration – $7.50 per year, can vary by registrar, some TLDs are free for private registration. For exmaple, *.uk. Some domains can’t have private registration, .us for example.
– Warning about domain registry of america letter and the scam. Domain slamming. https://en.m.wikipedia.org/wiki/Domain_name_scams

If you have show topic suggestions, recommendations or want to be on the show follow this link

Free SSL/TLS for your web site, Caching options for your web site

Free SSL/TLS for your web site, Caching options for your web site

SSL/tls

What is ssl and tls. – https://en.wikipedia.org/wiki/Transport_Layer_Security
Auto ssl in cpanel – https://blog.cpanel.com/autossl/
Other free SSL sites – Lets encrypt https://letsencrypt.org/
Google will penalize page rankings if SSL is not used as well as mark pages without HTTPS as non-secure.

Caching

In episode one we discussed gzip compression and using cache control headers (expires and headers) to improve website speed.
Now we are going to take it a little farther and discuss more caching options for your site.

A web cache (or HTTP cache) is an information technology for the temporary storage (caching) of web documents, such as HTML pages and images, to reduce bandwidth usage, server load, and perceived lag. A web cache system stores copies of documents passing through it; subsequent requests may be satisfied from the cache if certain conditions are met.[1] A web cache system can refer either to an appliance, or to a computer program.

Source wikipedia -https://en.wikipedia.org/wiki/Web_cache

2 WordPress specific caching plugins that I have used.

w3 total cache – https://wordpress.org/plugins/w3-total-cache/
wp super cache – https://wordpress.org/plugins/wp-super-cache/

Common features of both.

– PHP caching.
– Compress pages.
– Don’t cache pages for known users.
– Cache rebuild.
– CDN support.
– Extra homepage checks.

Cloud flare -https://www.cloudflare.com/

Cloud Flare is software as a service cache.

Free plan has many options and features that you will want to use.

– Auto Minify
– Page Rules – custom define patterns for your site. for exmaple lock down wp-admin with custom rules.
– apps – add your google analytics code to every page automatically, even error pages. – https://www.cloudflare.com/apps/
– force ssl and version of ssl, even if you don’t have a ssl cert a free one can be provided
– spdy or http2 integration.
– allow for ipv6 to be used
– access rules, define rules based on IP or Country to use a captcha to see your site.
– AMP (accelerated mobile pages) automatically
– scrape shield – email obfuscation, hotlink protection.
– Always online – if your service provider has a issue, a static version of your site will still be online for pages that have been visited and are sitting in cache.

If your web hosting provider is a cloud flare partner, then you may have immediate access right now to cloud flare inside of cPanel. It is quick and easy to get setup.

If you have show topic suggestions, recommendations or want to be on the show follow this link