Site hosting news, tutorials, tips, How Tos and more
Many of you are using Microsoft’s Office 365 services for your business or for your personal convenience.
We introduce a new O365Backup service to backup Office 365 – a comprehensive solution to backup Office 365 email, attachments, calendar, contacts, tasks, OneDrive, SharePoint, Groups and Teams.
Automatically Backup Office 365 Content Securely
You can easily set up automated backups for your Office 365 content. Your Office 365 data is secure during transit and your data is encrypted at rest.
Search and Restore Tools are Available
Tools are available in a separate O365Backup Control Panel to search your Office 365 archive and you can restore content from your backup archive.
A Cost-Effective Solution – Unlimited Storage + Unlimited Retention
O365Backup starts at $3.34 per month with unlimited storage and unlimited retention.
FREE 30 Day TRIAL
If you want to test the Office 365 backup service, no problem. We’ll give one user a 30-day FREE Trial so you can test it out and make sure the solution works for your needs.
WordPress is one of the most popular applications on the web with over 74 million installations – that’s a staggering 35% of all the active websites! Unfortunately, with its massive install base, it is natural for hackers to focus a lot of attention on hacking WordPress sites.
In this post, I’ll describe the most common attacks and what you can do about it to lessen the probability of being a victim.
In general, we have found that hackers compromise WordPress installations mostly by one of the two following methods:
Hackers operate many bots that worm through sites and test random login and passwords in the WordPress Admin page.
To get an idea of the scale of attempted logins we’ll take a look at some stats from our own infrastructure. At Winhost, we deploy an Intrusion Prevention System (IPS) on the network edge to detect many malicious activities and try to stop hackers before requests hit our servers. We have rules deployed on the IPS system to thwart Brute Force attacks. However, we cannot make the rules too aggressive because then it can block legitimate requests. It’s a delicate balancing game which we tweak constantly.
Based on the statistics of our IPS system, we typically track 9-10 million WordPress login attempts a month (both malicious and legitimate attempts). Check out the plot below.
About 20% of these attempts are blocked by our IPS system.
2. Outdated Plugins / Themes
Many WordPress sites use various plugins and themes to enhance their sites. The problem is that many plugins and themes have security holes that allow hackers to upload malicious files to the server without the need to log in as an administrator. As a result, we constantly see malicious bots testing for these plugins.
What does Winhost recommend to protect your WordPress site from getting hacked?
Credential Security
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="1.2.3.4" allowed="true" />
</ipSecurity>
</security>
</system.webServer>
</configuration> PHP Version
Set your site’s PHP version to 7.1 or above
Update WordPress Frequently
Backup Site and Database
We recommend that you backup your site and MySQL database. We recommend you keep at least 2 weeks worth of backup because you may not realize your site is hacked immediately. Don’t rely on Winhost’s nightly backups because it will only store about 3 days worth of backups. You can automate the backups by using our SiteBackup service.
SiteLock Security service
Consider subscribing to SiteLock Premium or Enterprise Service and enable SmartScan. SmartScan will check your site daily for malicious files and also report on newly created files.
What we do at Winhost to protect your WordPress site
Visit Winhost to learn more about our WordPress Hosting solution