Site hosting news, tutorials, tips, How Tos and more

Archive for the ‘Web security’ category


Introducing fully managed WordPress hosting, security and hardening

If you use WordPress and are worried about being hacked or compromised, or you just don’t have time to keep up with the frequent updates and maintenance, we just launched a service made for you.

Our Managed WordPress Hosting service includes:

  • WordPress hardening for maximum security.
  • Monthly updates of WordPress core, Plugins and Themes.
  • One of our in-house WordPress security experts will personally examine your WordPress installation for malicious files and signs of compromise every month. If your WordPress installation is compromised or hacked, we’ll clean it up.
  • Configuration of automatic WordPress site and database backups.
  • WordPress-specific support and personalized assistance.

And if you need it:

  • Free website migration from your old host for a quick, smooth transition
  • WordPress installation, including database set up, Plugins and Themes

You can learn more about Managed WordPress Hosting and find a link to sign up here.

The Managed WordPress Hosting service includes the Winhost Max Plan, so if you are an existing Winhost customer and already have a hosting plan, contact us for pricing or open a helpdesk ticket and we’ll take it from there.

Every day we clean up compromised WordPress sites for our customers. For them it’s an inconvenience and an expense that they weren’t expecting and don’t welcome. But since WordPress is the most popular blog/CMS application in the world, it’s a natural target for hackers. If everything in your WordPress installation is not up to date, you are at risk.

And unfortunately, even if everything is up to date, you can still be vulnerable. That’s why Managed WordPress Hosting includes a WordPress hardening service, to increase security and reduce the chance that you will become a victim.

So if you love WordPress but could live without the constant maintenance and security tasks, let us do it for you!



Filezilla ENETUNREACH FTP Error with Kaspersky Anti-Virus

If you’re using the anti-virus application Kaspersky Endpoint Security 10 for Windows and Filezilla for FTP, you might have encountered an ENETUNREACH “Network unreachable” error when trying to upload your files to the server. Or, perhaps you updated Filezilla to version 3.11.0 (or above) and it stopped working, giving you the same ENETUNREACH error.

This is a known issue between Filezilla and Kaspersky. It happens because of the new way Filezilla binds IP addresses to prevent data connection stealing. You can read about the details in this forum post.

You can fix this issue by either reverting back to an earlier version of Filezilla (version 3.10) or by adding an exclusion to the Kaspersky firewall.

Follow these directions to add an exclusion for Filezilla:

  1. Open the Kaspersky application window (by clicking the Kaspersky icon in the notification area or through the Start menu)
  2. Click on the Settings tab
  3. On the left column, click the Anti-Virus protection category to expand it
  4. Click the Firewall item
  5. Click the Application Network rules… button to open the “Firewall” window
  6. Locate the “FILEZILLA PROJECT” folder (it should be under the “Trusted” folder) and click the plus (+) sign next to it to expand the folder
  7. Click on filezilla.exe
  8. On the lower split window, click the Additional… button to open the “Application control rules” window
  9. Click the Exclusions tab
  10. Check the box for “Do not inherit restrictions of the parent process (application)”
  11. Check the box for “Do not scan network traffic”
  12. Click OK on the “Application control rules” window
  13. Click OK on the “Firewall” window

You should be able to connect to the server with Filezilla now.

Of course, there are lots of other reasons why you may get an FTP error. If you do, we offer free (and excellent) technical support for our customers. You can always reach our Support team 24/7 at support@winhost.com or through our support portal at support.winhost.com.



How to order PCI scanning service

banner-fotw

Did you know you could order Payment Card Industry (PCI) scanning service from your Winhost Control Panel?

If you accept credit card payments – or plan to in the future – you will have to have regular PCI scans of your site and a review of your data handling procedures. The SiteLock PCI service can make that process much easier.

To use the SiteLock PCI scanning service, you have to first open a SiteLock Basic account. The PCI scanning will be a child service of the SiteLock Basic account. The SiteLock account comes with a bunch of great non-PCI features, so you can definitely benefit from both services.

To get started you can click on the PCI Scan tab in Control Panel:
fotwpci-1
Or go straight to the SiteLock page. Select the domain you wish to apply SiteLock to, then hit the “Continue” button:
fotwpci-2
Choose which SiteLock plan you want to use. Basic is the minimum that’s needed for the PCI service, but the other SiteLock plans have benefits you may want to take advantage of:
fotwpci-3
After selecting your plan, click the “Skip Adding TrueShield Plan” link on the next page:
fotwpci-4
(We’re skipping TrueShield in the interest of keeping this focused on the PCI scanning service, but TrueShield is also a very useful service, and you can read more about it here.)

The next page will display a summary of your SiteLock order. Click the “Submit My Order” button:
fotwpci-5
The next step is adding the PCI scanning service to your SiteLock account. Go back to the SiteLock tab and click the “Add” link in the PCI column:
fotwpci-6
The next page will display a summary of your PCI scanning service order. Click the “Submit My Order” button:
fotwpci-7
When PCI service is activated, you can access the SiteLock dashboard from the SiteLock tab in Control Panel:
fotwpci-8
SiteLock will also send you an email that includes their phone number, if you should need to call them during any part of the PCI verification/scanning process. This article covers the account set up only, the actual PCI scanning and verification process is a bit more complicated than we can get in to here. But you’ll find plenty of information on how to proceed in the SiteLock portal.

If you don’t accept credit card payments, the SiteLock service can still protect your site from hackers, vulnerabilities, spam, spyware and viruses. It can scan your site daily to detect threats, and also offers TrueShield service that can protect your website from malicious traffic while speeding it up with a Content Delivery Network (CDN)



Disabling php for your site

banner-fotw

php is such a popular and widely used scripting language that sometimes it seems as if it’s always been part of website development. It hasn’t, of course, but it’s wide use in many popular third party “canned apps,” and the fact that a lot of people continue to use very old versions, makes it a prime target for hackers.

So if you don’t use php in your site, or an application that is php based, you may want to disable php as a preventative security measure. The bad guys can’t exploit something that’s not there, right?

The good news is disabling php is easy and you can do it in about 30 seconds. Here’s how:

In the Site Tools section of Control Panel, click on PHP Version.

fotwdisable-ftp-1

In the dropdown, select “None,” and click the “Update” button.

fotwdisable-ftp-2

And that’s all there is to it.

See, maybe even less than 30 seconds. 😉

For what it’s worth, php isn’t inherently less secure than any other web technology. It’s popularity is what makes it a frequent target. But it’s certainly possible to safely run any php application, even those third part applications that are the favorite targets of hackers. We’ll be posting more security-related articles in the future.

If you want to take a look at other security measures that are available right now, check the website.

Finally, if you run a WordPress blog – one of the hackers favorite targets – and are concerned about security but don’t necessarily have the time or inclination to tackle all the details, we offer a WordPress Hardening Service that buttons up your WP installation and lets you carry on with your life worry-free. Well, at least you won’t have to worry about WordPress. Log in to the Support Portal and open up a tech support ticket, they can give you all the details.