The base installation of WordPress can be more than enough for somebody to start their blog or site. With plenty of features already at a user’s disposal you may never even realize that more are available. Where are these additional features you might ask… Plugins!
Plugins are scripts written by the WordPress community that can add a variety of features or functionality to your site and the best part is most of them are free. In today’s tutorial we are going to install a plugin to help beef up the security of our WordPress site.
In the admin section of your WordPress site on the left hand side you’ll want to click the “Plugins” tab. Once in the plugins manager page, click on “Add New” toward the top. You will be presented with all the different plugin options you can install. For now, we are looking for a specific plugin. In the search bar in the top right, search for “Wordfence” and the first result should be the one we are looking for.
Click the “Install Now” button and then also click “Activate” once the installation is complete.
To give some quick background on what we are installing, Wordfence is a security plugin that we recommend to pretty much any WordPress site. With Wordfence you can secure your site against a variety of malicious attacks that I will cover in a future post.
After installation you will see the plugin show up under the plugins tab. Another thing to note is that for some plugins a new tab may appear where you can adjust its settings.
If you have any questions or run into any issues feel free to leave a comment down below or open a support ticket.
Visit Winhost to learn more about our WordPress Hosting solution
Welcome back folks to the next installment in our WordPress tutorial series. Last time we covered the installation of WordPress as well as getting your first post up and running. In this article we will be covering the steps on how upload and insert images to your posts like this one.
As with most cases we are going to start by logging in to the admin section of your site. (The URL should be something like HostingAccountDomain.com/wp-login)
Once you are logged in you will be taken to the WordPress admin dashboard displayed below. On the left hand side you will want to hover over the icon of a camera/music note. On the options that appear you will want to click “Add New”
To upload your images you can either drag the file straight from your computer to the page or click the “Select Files” button.
Now that the image is in your library it can be used across your site such as in a post or page. Below is an example of using the image in a post. First you would create a new post, then you click the “Add Block” button, finally you would click the block for “Image”.
Once the block is added, click on “Media Library” and select your desired image.
That’s about all there is to it and with that we will wrap up this WordPress tutorial, in our next one we will cover installing and configuring plugins and themes. As I mentioned in the last post please feel free to comment if there is anything specific you would like to be covered in a tutorial.
Visit Winhost to learn more about our WordPress Hosting solution
The latest version of these apps are now available in the control panel app installer:
* Drupal has replaced Acquia Drupal.
Visit Winhost to learn more about our application hosting solutions
WordPress is an incredibly popular content management system (CMS). I have seen estimates say the it accounts for around 20%+ of self-hosted sites. This can be attributed to a variety of reasons such as a painless installation, low initial cost (free), and general ease of use. Due to this immense popularity I wanted to take some time a work on a tutorial series on some of the basics for users that may need some help getting started.
The first step of course would be to sign up for a Winhost hosting account so your site can be seen by the world.
Once you gain access to the control panel you can then easily install WordPress using our app installer. The steps are to so can be found here https://support.winhost.com/kb/a1214/app-installer-how-to-set-up-wordpress.aspx. Be sure to remember the username and password you choose as you will need them in just a few moments.
Congratulations! You are now a proud owner of your very first WordPress site, now lets get your first post up.
To accomplish this you will need to log into the admin section of your site. Maybe the fastest way would be to navigate to the /login page on your site, for example www.HostingAccountDomain.com/login. You’ll be met with a login screen where you will use the credentials that you selected during the installation process.
After you log in you will be taken to the admin section dashboard which may, at first glance, look intimidating, but after some use it will become very familiar. I will hopefully be covering all of the options in future tutorials, but here I will only focus on adding a new post.
You will click on Posts on the left menu (the icon looks like a thumbtack) and from there click “Add New”.
You can add your content title and main text. There are some editing options on the right hand side that you can experiment with, and when the your test post is ready go ahead hit the big blue “Publish” button in the top right.
There you have it, your first WordPress post! Hopefully the steps were easy enough to follow, if you happen to get lost please feel free to open up a support ticket and we can assist you.
Also please let me know if there is anything specific you would like to see covered in a future tutorial in the comments below.
Visit Winhost to learn more about our WordPress Hosting solution
Lately, we have been seeing a higher number of DotNetNuke (DNN) sites getting hacked via a known Telerik.Web.UI.dll vulnerability that’s been around for years. DNN released a patch a few years back. However, we have been seeing in influx of compromised DNN sites caused by this easy-to-fix vulnerability.
If you’re using DNN Versions 5.6.3 through 9.0.1 you must apply this patch to avoid disruptions to your site. More importantly, prevent it from getting hacked.
If you are running a DNN site and need help or want us to patch DNN for you, stop reading and contact our support department. We can help you apply this patch to your site at no cost. Please note that if your DotNetNuke site requires upgrading, then we can help you with that but we do charge for upgrading services.
First thing you need to do is download the patch directly from the DNN Site here: Critical Security Update September 2017
Once you have zip file from the DNN Site, you need to install it as you would an Extension within DNN.
Log into your DNN site as the SuperUser default login.
Navigate to: [HostingAccountDomain.com]/Admin/Extensions
Or look for the Extensions link within your DNN Site.
Click on the Install Extension Wizard button
Select Choose File button and select the zip file you just downloaded from DNN in Step 1 and click Next
If you receive a random 500 or 404 error within your DNN site after clicking Next from Step 5. Please note the following, otherwise move on to Step 6 below.
You most likely received this error because you need to increase your maxRequestLength setting within your web.config file. You can access this file via FTP.
Look for the setting: maxRequestLength=”12288″
And change it to: maxRequestLength=”28000″
The above increases the limit to 28 MB.
Save your changes and upload the updated web.config file into the same directory overwriting the old web.config file.
Then try Step 5a again.
You will see the Package Information about the HotFix. Go ahead and click on Next.
Click Next on the Release Notes window
Read and place a check next to Accept License
Click Next.
You will then see the Package Installation Report. Click on the upper right X to exit out of the window.
Once your extension page is reloaded. You will see the newly installed Patch for your site.
If you are using DNN, make sure to look into this. There are hackers out there that are targeting DNN and we don’t want you to be a victim of their malicious activities.
If you have any questions or concerns, just contact us.
Many of you are using Microsoft’s Office 365 services for your business or for your personal convenience.
We introduce a new O365Backup service to backup Office 365 – a comprehensive solution to backup Office 365 email, attachments, calendar, contacts, tasks, OneDrive, SharePoint, Groups and Teams.
Automatically Backup Office 365 Content Securely
You can easily set up automated backups for your Office 365 content. Your Office 365 data is secure during transit and your data is encrypted at rest.
Search and Restore Tools are Available
Tools are available in a separate O365Backup Control Panel to search your Office 365 archive and you can restore content from your backup archive.
A Cost-Effective Solution – Unlimited Storage + Unlimited Retention
O365Backup starts at $3.34 per month with unlimited storage and unlimited retention.
FREE 30 Day TRIAL
If you want to test the Office 365 backup service, no problem. We’ll give one user a 30-day FREE Trial so you can test it out and make sure the solution works for your needs.
WordPress is one of the most popular applications on the web with over 74 million installations – that’s a staggering 35% of all the active websites! Unfortunately, with its massive install base, it is natural for hackers to focus a lot of attention on hacking WordPress sites.
In this post, I’ll describe the most common attacks and what you can do about it to lessen the probability of being a victim.
In general, we have found that hackers compromise WordPress installations mostly by one of the two following methods:
Hackers operate many bots that worm through sites and test random login and passwords in the WordPress Admin page.
To get an idea of the scale of attempted logins we’ll take a look at some stats from our own infrastructure. At Winhost, we deploy an Intrusion Prevention System (IPS) on the network edge to detect many malicious activities and try to stop hackers before requests hit our servers. We have rules deployed on the IPS system to thwart Brute Force attacks. However, we cannot make the rules too aggressive because then it can block legitimate requests. It’s a delicate balancing game which we tweak constantly.
Based on the statistics of our IPS system, we typically track 9-10 million WordPress login attempts a month (both malicious and legitimate attempts). Check out the plot below.
About 20% of these attempts are blocked by our IPS system.
2. Outdated Plugins / Themes
Many WordPress sites use various plugins and themes to enhance their sites. The problem is that many plugins and themes have security holes that allow hackers to upload malicious files to the server without the need to log in as an administrator. As a result, we constantly see malicious bots testing for these plugins.
What does Winhost recommend to protect your WordPress site from getting hacked?
Credential Security
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<security>
<ipSecurity allowUnlisted="false">
<add ipAddress="1.2.3.4" allowed="true" />
</ipSecurity>
</security>
</system.webServer>
</configuration>
PHP Version
Set your site’s PHP version to 7.1 or above
Update WordPress Frequently
Backup Site and Database
We recommend that you backup your site and MySQL database. We recommend you keep at least 2 weeks worth of backup because you may not realize your site is hacked immediately. Don’t rely on Winhost’s nightly backups because it will only store about 3 days worth of backups. You can automate the backups by using our SiteBackup service.
SiteLock Security service
Consider subscribing to SiteLock Premium or Enterprise Service and enable SmartScan. SmartScan will check your site daily for malicious files and also report on newly created files.
What we do at Winhost to protect your WordPress site
Visit Winhost to learn more about our WordPress Hosting solution
When you are in a bind to find missing website files, the last thing you want to hear from your hosting provider is “Sorry, we don’t have backups of XYZ.”
At Winhost, we do have a backup system in place to backup our customer’s website files and databases nightly. However, this backup system is intended for disaster recovery. We can pull files out of the backup system but this should not be your only backup source.
There have been times when I’ve had customers ask for certain files from our backups, and for one reason or another we didn’t have them because…
In short, there are many different reasons a hosting provider may not have specific backups.
First off, if you haven’t already, download your website to your own computer. If you have any questions about downloading your website files or databases, let us know and we can help. You may want to get on a schedule to download your site every so often. For extra safety, you can copy the files to an external harddrive.
When you are making changes to your site, it’s always best to make the changes on your own computer and then upload the modified files to the webserver. This way you should have the latest copy. Keep in mind that making changes directly on the server may be convenient, but your local copy will be out of sync.
For those that prefer an automated solution for backups over manual methods, we launched our SiteBackup Service.
If you want to make sure your website files and databases are being backed up – nightly, weekly or what ever your heart desires – then our SiteBackup service is a great way of automatically backing up your website and databases. And to protect you further, the backups are not located in the Winhost data center – they are on the Amazon cloud.
In addition, you get a separate control panel for your backups and the backup control panel is located outside of Winhost data center as well.
We have instructions in our knowledge base on how to configure SiteBackup. But if you want our support department to help you set up the SiteBackup service, just let us know after you order. We’ll help you set it up for you.
Below is a screenshot of the SiteBackup configuration options.
Some of the things you can configure are:
You can backup your MS SQL databases and MySQL database too.
For your site files there is an option to simply restore within the SiteBackup service.
As well as an option to download the site files in zip format.
So the SiteBackup solution is a convenient way to take charge of your site backups. You can sign up for the SiteBackup service through your control panel. If you need help setting it up, just contact our support department. We can help set it up for you.