WordPress Security – Protecting your WordPress Installation
February 3rd, 2012 @ 11:46 amWordPress is one of the most popular and easy to use blogging platforms around, it allows users to create any kind of site imaginable without the need to learn a coding language or get bogged down with technical details. It’s open source software that’s constantly being audited and analyzed by the community, but security holes are always bound to open up with web-based platforms which present a threat to your site and its data. The absolute best way to protect your site from malicious activity is to be prepared before it happens, but luckily it’s as easy to secure your WordPress site as it was to install it.
Always stay updated
One of the easiest and most effective ways of keeping WordPress safe from attackers is to keep it updated as new versions are released. Every piece of software, especially those exposed to the internet, are always vulnerable to bugs and exploits if they are not routinely updated to patch up holes in their security. Web technologies are constantly evolving and hackers are always finding new ways to trick your software into trusting them when it shouldn’t, but WordPress is a very closely monitored system and any time a major security exploit is found the developers are very quick to release an update to fix it. The moral of the story is that being lazy and holding off on a WordPress update can cost you dearly, it’s a matter of clicking on button on your WP backend and it’s a real lifesaver.
However, your WordPress installation isn’t the only thing that needs to be kept up to date. You’re probably using a variety of different plugins and a theme as well, and outdated components can also present security risks. Always keep every part of your site up to date and beware of plugins and themes that seem unprofessional or were poorly made, they often make your site less secure by implementing faulty code.
Use secret keys in your WP-config file
The WP-config file contains all the information someone would need to access the database associated with your WordPress site, so you’ll want to do everything in your power to secure that file and make sure no one can access that sensitive information.
One of the best ways to do this is to use secret keys in the config file. Doing this is very easy, just head over to api.wordpress.org/secret-key/1.1/ and paste that information into WP-config, read through the file and find the area that says Authentication Unique Keys and replace the four lines you see there.
Use a security plugin
There are a lot of little things to worry about in terms of WP security like file permissions, htaccess settings, and a variety of other little factors that hackers can take advantage of. Instead of staying on top of it all yourself, you can try using a trusted plugin solution that gives you a simple GUI where you can keep everything secure without the headache of traversing an FTP.
One of the best complete solutions is Bulletproof Security which keeps track of almost every possible security hold that your installation might have and offers one-click solutions to all of them, it’s very user friendly and a great way to sleep well at night knowing your site is more secure than most.
Another great plugin to use is WP Plugin Security Check. Some of the most insecure parts of any WordPress site are the third party plugins installed for a variety of different purposes, and this plugin checks through all of them to make sure there aren’t any obvious holes or inadequate coding.
What Are SSL Certificates and How Do I Use One?
January 30th, 2012 @ 10:22 amWhile surfing the web you’re bound to have come across an SSL enabled page at some point and wondered what that meant. SSL encryption is usually encountered in areas where it’s important for the site to be secure and safe from unauthorized access like payment processing, inputting sensitive information, and anything else that you do on the Internet through a browser or application that is best kept from wandering eyes. SSL has become an essential feature for many web activities that require a secure connection and you may need to enable it on your own site depending on how your users interact with your server.
How does SSL work?
SSL stands for Secure Sockets Layer and it serves primarily as a mechanism to verify a web page’s identity using encrypted certificates and keys. It’s a basic transaction of information between your browser and a web server before sharing data that ensures that all information is encrypted until it reaches the server to be decrypted.
First, your browser or application will request that a web server identify itself before any information is transferred. The server will then send the browser a copy of its SSL certificate, which must be checked by the browser using a combination of private and public keys to verify that the owner of the page is who they say they are using the site’s domain and IP address. If the browser accepts all of this information and trusts the certificate, it will tell this to the server which will send back an acknowledgement and finally begin to transfer information under the protection of SSL encryption so that no third parties can interfere.
The process of verification works both ways – the server checks to see that the user on the other side of the secured channel is who they appear to be and vice-versa. When the SSL certificate is first sent to the browser, the public key is included. The browser will use this public key to encrypt information before sending it to the server, and the server will use it’s own private key to decrypt it. If the information is accessed by any third parties between the browser and server, they will receive encrypted information that is impossible to read without the server’s private key.
How do I get SSL for my site?
If you want to use SSL encryption on your own site to enable secure connections with your users, it’s not very complicated. Royalty Networks offers multiple types of SSL certificates. Just choose the appropriate package and follow the instructions. A basic SSL setup will cost less than $20.00 per year. You will need to provide information about you and your site, once things are setup a private key will be generated (be sure to make a copy of this and keep it safe).
What’s the Difference Between Linux and Windows Servers?
January 12th, 2012 @ 8:06 amMost people that purchase hosting accounts never understand the difference between Linux or Windows servers. For them, all they need and want to know is that hosting plans with Windows servers are more expensive and when feature lists between two hosting plans look similar, they choose Linux servers solely based on price. This decision is supported 99 out of 100 times if they seek technical advice because most technical support groups and website coder prefer Linux hosting over Windows hosting.
In spite of the adage, “you get what you pay for”, the fact is that in this case, the Linux hosting accounts are the better choice even though they are less expensive. Linux hosting is far more popular than Windows hosting and the Linux hosting works better with the ways in which most websites are programmed and coded. Websites themselves require a server that has within its programming structure certain functions that the code of the website calls upon in order for the site to operate and deliver a particular user experience. Linux hosting provides this structure readily and website design code more often than not expects the server to support Linux included functions. In fact, Windows servers will oftentimes have to emulate a Linux server in order to allow many websites to operate properly.
The only times that a person should choose Windows hosting over Linux hosting is when they have a website that has been designed with specific Windows based code that calls upon the server to contain specific Windows hosting based applications. For example, you must use Windows hosting if your website is coded to use any of the following:
- Classic ASP or ASP.NET Programming
- MS Access
- Microsoft SQL Server
- C#, Silverlight, MVC
While this is not an all inclusive list, it does contain the most common website coded applications that require Windows hosting. Unless a website’s code specifically requires Windows hosting, it is advisable for everyone, to choose a Linux server.
As mentioned earlier, in many cases a Windows server is called upon to emulate a Linux server in order to host a site. Some may think that this is the best case scenario, mistakenly thinking that the Windows system would then be able to handle both Linux and Windows coded sites. This is a mistake because not all Linux functions can be effectively emulated with Windows hosting without reducing overall performance of the server and as a result affecting the user experience. There are also some specific Linux functions that are coded into many types of websites that Windows hosting cannot emulate.
Therefore it is not a matter of getting full functionality with Windows hosting being able to support both systems whereas Linux hosting cannot. When choosing a hosting plan, the best choice is Linux hosting unless the specific site requires Windows applications. This is the only way to maximize overall server performance, site performance, and end user experience.
Private Label Reseller Hosting; Establish Credibility
December 22nd, 2011 @ 8:12 amThere are likely as many reasons to become a reseller as there are resellers. One of these reasons that is not often mentioned is when search engine optimization (SEO) or website design companies themselves offer private label hosting as a part of their services. While many of these companies already use affiliate links to refer their clients to hosting plans, there are three primary reasons why they should think about moving beyond an affiliate relationship and offer private label reseller hosting themselves. This advice applies to all types of plans whether they be VPS hosting, shared hosting, Windows hosting, or Linux hosting.
The first reason is that when an SEO or web design company shows the client that they have in-house hosting it can give that client an impression that the company they are trusting with their online presence is well established and a full service firm. This can go a long way in establishing credibility as well as setting your company apart from the competition. Especially when it is explained to the client that there are SEO and site delivery/uptime advantages of high end hosting. The client should also understand that simply being 1 of 3000 others on a shared server at the other hosting company, where they never know if they are in a “bad neighborhood”, is not good business and in fact can harm their site delivery and SEO efforts.
The second reason is that using Royalty Networks reseller hosting you are not only able to provide the client with servers that are far from overloaded, you can also know personally that you’re giving that client the best possible web presence and not having them hindered by unresponsive and overburdened servers at other web hosts. Imagine working day and night for a client at your best SEO and design efforts only to have the web host IP neighborhood or response times harming the best possible search engine position. This is not good for the client or for you.
The final reason to consider becoming a reseller, as an SEO or web design company, is that the reseller hosting account allows you to add an additional income stream and payment that you can invoice to your client. Beyond the single affiliate link payment, using reseller hosting the extra income can become substantial when spread across multiple clients adding to your overall profitability as a firm.
Becoming a reseller as an SEO or web design firm is simply smart business. It increases your credibility, your brand, and your profits. At the same time, when partnering with Royalty Networks, it will give your client access to a high end host that will benefit their SEO efforts and overall customer experience. The proposition is win-win and should be considered by any company offering SEO or web design services. The process is simple and with Royalty Networks dual-platform H-sphere reseller hosting plans you can offer either a Linux hosting or Windows hosting under a private label platform that is simple and easy to manage.
Inside Hosting; What is RAID?
December 19th, 2011 @ 8:25 amOnce in a while it is fun to take some time to discuss and explain some of the specific technology that is used with servers, web hosting, VPS hosting, and computer hardware in general. While many of our customers already understand these things, others do not and for them it may be interesting to learn about some of the terminology that is thrown about in technology discussions, as well as understanding some of the technical features we list as a part of our services. After all, what good is it to have named something in a feature list without the customer knowing exactly what it is and why it is important. This knowledge applies across all hosting platforms including VPS hosting, Linux hosting, and Windows hosting.
RAID is one of these terms that you will see referred to in advertisements as well as in discussions about computer hardware. RAID itself, as you likely have guessed, is an acronym and it refers to a redundant array of independent disks. Some will call it a redundant array of inexpensive disks, which in fact was the original meaning, but in this day proper use would be “independent”. The origin of RAID technology was the utilization of storage spread across multiple disks and disk drives, the goal of which was to save money using several inexpensive drives or disks instead of having to use a single high capacity disk. But manufacturers of RAID systems changed the name to “independent” from “inexpensive” for marketing reasons.
RAID is actually used today as more of an umbrella term for many types of disk storage systems. The single common feature of which is that the data itself is spread across an “array” or multiple drives and yet the operating system and user only see and interact with the array as a single disk drive. In other words, the user sees disk drive “F” which is in fact a 5 disk RAID. There are countless types of RAID systems all of which have a different balance between data reliability and redundancy as well as overall speed and performance.
Oftentimes you may see the word RAID followed by a number. This number is not the number of disks that are used in the array, but they are a reference to particular predefined types and configurations of the array. The specific reason as to why an IT person configures a specific system with a given RAID is chosen for many many very technical reasons that are beyond what most readers will find interesting. But at least knowing that RAID is simply a data storage technology using multiple disks that act as one is something that makes you more informed and gives you enough understanding of the word in order to know why it is being used.
We incorporate RAID systems in all of our hosting plans. Each of which is configured to maximize performance, reliability, and safety of all of your data. Whether you are on reseller hosting, Linux hosting, or Windows hosting you can be assured that our systems are utilizing the most advanced and stable RAID configurations available.
Send Us an Email