30 Jul

WordPress Security: Tips To Secure A WordPress Website

WordPress, the most popular Content Management System(CMS) in the market, which powers almost 34% of all the websites on the Internet. This popularity also brings some problems to your room making it the most targeted CMS by hacker to get benefited using a site. If you are serious about your website, then you need to pay proper attention to your site and WordPress security best practices. Keeping your WordPress site secure takes a little effort but should be top of the agenda for anyone serious about their website.

Hacker uses two approaches to hack WordPress websites. They target individual sites as well as large clusters. Nothing in this world is hack-proof but what We can try is make this as difficult as possible, so they go elsewhere.

In this tutorial, We will share our Best Tips to keep your WordPress website secure.

1. Update your WordPress

WordPress is an open source software which is regularly maintained and updated. By default, WordPress automatically installs minor updates. For major releases, you need to manually initiate the update. Not updating your themes and plugins can mean trouble. In most cases, WordPress-powered sites are compromised because their core software, files, themes, and plugins are outdated making them traceable. WordPress also comes with thousands of plugins and themes that you can install on your website. These plugins and themes are maintained by third-party developers which regularly release updates as well. Every WordPress site administrator should regularly check for update and keep WordPress including plugin and theme files up-to-date.

How to configure automatic updates

You can configure automatic updates as well. To auto-upgrade WordPress core, insert this code into your wp-config.php file:

define( 'WP_AUTO_UPDATE_CORE', true );

For plugins, use:

add_filter( 'auto_update_plugin', '__return_true' );

For themes, use:

add_filter( 'auto_update_theme', '__return_true' );

2. Install a WordPress Security Plugin

Many users find it easier to rely on a one-stop security solution. If that is the case with you, one of the following WordPress security plugins might be suitable:

iThemes Security – available in both a free and premium version, iThemes provides over 30 different ways to improve the security of your website.

WordFence – is another security plugin that offers both a free and premium version. With just over 11 million downloads, WordFence has a strong user base who depend on this plugin for their security needs.

Sucuri – While Sucuri maintains a free plugin in the WordPress repository, they also provide a more comprehensive service that includes: malware and blacklist scanning, DDoS protection, malware cleanup, firewall protection and more. One of the great features of the Sucuri service is that it includes cleanup in the event that you site is compromised.

3. Install SSL Certificate

SSL (Secure Sockets Layer) is a protocol which encrypts data transfer between your website and users browser. This encryption makes it harder for someone to sniff around and steal information. For instance, our hosting service comes with free SSL on all plans which customer can avail from cPanel >> Let’s Encrypt SSL.

4. Use a Strong Password

The most common WordPress hacking attempts use stolen passwords. You can make that difficult by using stronger passwords that are unique for your website. Not just for WordPress admin account, but also for database user, WordPress hosting account.

5. Disable File Editing

If a user has admin access to your WordPress dashboard they can edit any files that are part of your WordPress installation. This includes all plugins and themes. It can be accessed by going to Appearance >> Editor. Another way you can find the plugin editor is by going under Plugins >> Editor. If you disallow file editing, no one will be able to modify any of the files – even if a hacker obtains admin access to your WordPress dashboard.

To make this work, add the following to the wp-config.php file (at the very end):

define('DISALLOW_FILE_EDIT', true);

6. Change your WP-login URL

By default, the URL We use to log into our dashboard is either wp-login.php or wp-admin, added after your site’s main URL. For instance, YOURSITE.com/wp-login.php and guess what, those two are also the most accessed URLs by hackers who want to get into your database. If you change that URL, you reduce the chances of finding yourself in trouble. Guessing a custom login URL is way harder for hackers.

The iThemes Security plugin does this trick. For instance, your login URL can turn into something like YOURSITE.com/my_site.

7. Securing wp-includes Folder

The wp-includes folder contains only the files that are strictly necessary to run the core version of WordPress, one without any plugins or themes. Remember, the default theme still resides in the wp-content/theme directory. Thus, no visitor (including you) should require access to content of the wp-include folder. You can disable access using this following code snippet by updating your default .htaccess file:

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

8. Hide wp-config.php and .htaccess files

While this is an advanced process for improving your site’s security, if you’re serious about your security it’s a good practice to hide your site’s .htaccess and wp-config.php files to prevent hackers from accessing them. We strongly recommend this to be done by an experience developer because a slight mistake can take down your site. You should start by taking backup of the files as well. To hide the files, there are two things you need to do:

Go to your .htaccess file and add the following code,

<Files wp-config.php>
order allow,deny
deny from all
</Files>

<Files .htaccess>
order allow,deny
deny from all
</Files>

Another security measure that you can take is to restrict wp-config.php file permission. Set the file permissions to 600 so that only true owners can edit the wp-config file. To change the file permission of wp-config, select the file from cPanel >> File Manager and then choose the option ‘Permission’.

9. Disable PHP File Execution in Certain WordPress Directories

Another way to harden your WordPress security is by disabling PHP file execution in directories where it’s not needed such as /wp-content/uploads/.

You can do this by opening a text editor like Notepad and paste this code:

<Files *.php>
deny from all
</Files>

Next, you need to save this file as .htaccess and upload it to /wp-content/uploads/ folders on your website using File Manager or FTP Client.

10. Change Security Keys

It is recommended that you change the WordPress Secuity key periodically so that if someone/something got login credentials, resetting the security keys will log them out immediately. You can generate a new set of security keys and place them in the ‘wp-config.php’ file and here is the URL where you can generate new set of keys. It’ll help secure your WordPress site. Its generate new keys every time someone browse the URL.

11. Choose a Good Hosting Company

You should find/choose a good hosting provider who has up-to-date security system deployed on their servers. You might look for Cloudlinux, Litespeed, Imunify360 Scanner etc. A company with good support and daily backup system will help you to run your WordPress site properly.

12. Don’t Use Nulled Themes

We have seen, people are using nulled theme for their website which is one of the main reason for security breach of a site. You should try to get the premium theme by paying the charges to actual seller. Nulled themes contain hidden malicious codes, which could destroy your website and database or log your admin credentials very easily.

13. Monitor your site – to find any unusual activity.

14. Back up your site regularly – in-case of emergency.

15. Use Latest PHP Version – PHP is used for backend coding and using latest version of PHP will enhance the site security parameter.

16. Use Clever Usernames and Passwords – do not go with the common ones, think and use harder.

17. Captcha Protection – Protecting your site with google captcha protection.

That’s all, we hope this article helped you learn the top WordPress security best practices as well as discover the best WordPress security plugins for your website.

13 Dec

WordPress Update Released v5.0, Update Your WordPress NOW!

WordPress has released an update on 6th December, 2018. We urges all our client to update their WordPress developed site to latest released version.

In order to update, please login to your WordPress Admin Panel >> Dashboard >> Updates >> here you should find with an option to update WordPress to latest Version or you can use “Re-install Now” button to have latest version installed for your account. Sites that support automatic background updates are already beginning to update automatically.

More information on the latest update is available on the following URLs:

Version 5.0

WordPress 5.0.1 Security Release

If you face any trouble updating your WordPress to latest version feel free to contact us. If you want us to update your WordPress, please create an support ticket with your WordPress Admin login details and We will update them for you.

Thank you for choosing TetraHost

Support Desk, TetraHost
M: +880 191 3377417 | E: support@tetrahostbd.com
https://www.tetrahostbd.com

14 Aug

Have a WordPress site? WP Super Cache is Must for You!

WordPress is the world’s most popular blogging software and the most used by our clients here at TetraHost. Naturally, when something comes along to make one of the best pieces of software ever made even better, we’d like to let you know aout it! WP Super Cache is a plugin that will speed up just how quickly your blog loads;

WP Super Cache is a static caching plugin for WordPress. It generates html files that are served directly by Apache without processing comparatively heavy PHP scripts. By using this plugin you will speed up your WordPress blog significantly.

Download and Installation
1. Download the newest version of the WP Super Cache plugin from the WordPress.org plugin db and follow the instructions contained in the readme.txt file. If you have installed WP-Cache before this shouldn’t be any more difficult.
2. After installation, go to the WP Super Cache options page and set your desired cache time.

Installation shouldn’t be a problem, but should you have any issue just submit a support ticket in our client area and we’ll be only too happy to help.

Here’s to happy, speedy bogging!

05 Aug

Bangla Language support on WordPress Site

Now a days, Bangla is an well-spread language over internet. Every single person is trying to make something on Bangla, even if it is a small facebook status! We are really thankful to all the person behind this and making Bangla Language available everywhere.

On this blog, I will try to help you with installing/having Bangla Support on WordPress. I will try to keep this blog as mush simple as I can. Please note, there are many thing that needs to be describe but today i will let you know only about having Bangla support on your WordPress site. I will assume that you have already installed WordOress on your site/account.

Process for having Bangla is very simple and has few steps only, they are:

1. Visit the following link and download “bn_BD.mo” on your computer.
http://svn.automattic.com/wordpress-i18n/bn_BD/trunk/messages/

2. Login to your hosting account, you can either login via cPanel or FTP. Now, go to your WordPress installation folder, then go to wp-includes folder. Here create a new folder with name “languages”. Once you are done creating the folder, upload the “bn_BD.mo” file from your computer to the newly created folder.

3. Now, go back to the main installation folder and download “wp-config.php” file. Open it with an text editor like, Microsoft Frontpage or Dreamweaver.

4. You need to find the following chunk of code:
========================================
/**
* WordPress Localized Language, defaults to English.
*
* Change this to localize WordPress. A corresponding MO file for the chosen
* language must be installed to wp-content/languages. For example, install
* de.mo to wp-content/languages and set WPLANG to ‘de’ to enable German
* language support.
*/
define (‘WPLANG’, ”);
========================================

5. On the last line where it says “define (‘WPLANG’, ”);” change/replace it with “define (‘WPLANG’, ‘bn_BD’);”. Here we are putting the language file name without extension which is “.mo”.

6. Now, save the file and replace it with the file you have on your wordpress installation folder.

You are done with the job! Those were the steps for having your WordPress Site on Bangla Language. Now, visit the site and you will see the result, your WordPress site is on Bangla now! We know, now you want to know how to make new post on Bangla and how a user can make comment on Bangla. Well, we will try to write another article soon 🙂