Green Hosting News

Five steps to boost your WordPress security

15th Apr 2015

Updated 3rd July 2015

Wordpress is one of the most popular CMS's today but its popularity has attracted the unwanted attention of potential attackers who look for out of date installations and vulnerabilities to gain access to your website's admin area.

This can cause serious problems, including:

- Attackers gaining access to your website, posting their own content or defacing your content.

- Heavy load on the website server as thousands of attempts to access your website log in is made, resulting in your website being taken offline.

How to protect your WordPress website

There are ways to improve the security of your WordPress website so that you and your visitors can continue to enjoy its great features.

1. Update your WordPress installation, the plugins and the theme

This needs to be done first and foremost, before any of the items below. Always make sure you back-up your website before starting the updates. Keep an eye out for new software releases and update your WordPress website each time.

2. Change the 'admin' username

WordPress' default Administrator username on initial installation is 'admin'. If you haven't changed this it gives attackers a better chance of guessing your log-in details straight away. Make sure none of your user profiles have the username 'admin'. You need to change the Administrator username or create another user at 'Administrator' level (with alternative username), log in as this new user and delete the original user which has the 'admin' username. Please note that the new user profile must have Administrator level access.

3. Limit login attempts

There is a very useful plugin that allows you to set a number of log-in attempts before a user is blocked. If an attacker is trying to guess your username and password their IP will be blocked until your stipulated timeframe. The 'Limit Login Attempts' plugin can be installed and configured easily and was still working on Wordpress 4.1.1 at the time of writing this article.

4. Rename the wp-login URL

A potential attacker would usually try to find your log-in page from the default WordPress URL but this makes their job so much harder.
The 'WPS Hide Login' plugin allows you to change the standard log in URL from
www.yourwordpresswebsite/wp-login.php
to
www.yourwordpresswebsite/login-of-your-choice/
Again, this is easy to install and set up. Although the plugin is no longer maintained it was still working on Wordpress 4.1.1 at the time of writing this article.

5. Add a '403 Forbidden' to your .htaccess file

As additional security to the above WP login rename you can add a small amount of code to your website's .htaccess file. If a hacker attempts to find your standard wp-login.php page they will run into a '403 Forbidden' rather than the '404 Page not found' on your website. Here's the code:

<FilesMatch "wp-login.php">
Deny from All
ErrorDocument 403 "Forbidden"
</FilesMatch>

Please note: You should always back up your website before making changes such as these described above. These changes are suggestions only and we cannot be responsible for any problems with third party WordPress software, plugins or themes now or in the future. These changes shouldn't be attempted unless you understand their implications and have a good knowledge of WordPress. If you have a web designer who initially set up your WordPress website then you may wish to ask them to check and make these changes for you.

Additional steps - if your website has been compromised you may find the following useful.

6. Plugin Vulnerabilities

Plugin Vulnerabilities alerts you when installed plugins contain known security vulnerabilities. Also lists vulnerabilities that exist in other versions of installed plugins. This plugin checks the plugins you have installed against a list of verified security vulnerabilities. If the installed version of a plugin is vulnerable an alert is added to the Installed Plugins page, otherwise details of the vulnerabilities are included on the Plugin Vulnerabilities page.

7. WordFence

Wordfence starts by checking if your site is already infected. It will run a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. This is quite a powerful plugin and the options and settings are not intended for a complete novice but it will provide an additional layer of security if configured correctly.

If you need help

If you do not have a web designer or are not able to check and update your WordPress website then we can help. Please send us a helpdesk support request and we can provide a quote for any work needed. It is much more cost effective to defend your website now than to recover a hacked or compromised website.


Planetary in cinemas on Earth Day

9th Apr 2015

Our amazing clients at Planetary Collective release their beautiful feature length documentary at select theatres internationally on Earth Day, 22nd April.

The Planetary film expands on the view that all of us are inseparable from each other, the planet and the universe as a whole. A perspective shared by astronauts and indigenous elders alike. Our words can't do it justice, check out the stunning trailer below.

PLANETARY [Trailer] from Planetary Collective on Vimeo.


Studio Binky in Mollie Makes

12th Jan 2015

We always knew that our favourite designer, illustrator and Green Hosting customer Studio Binky was amazing and it seems that Mollie Makes magazine agrees with us.

Binky is featured in issue 49 this month with their sweet pull out craft papers and free downloadable calendar as well as cute phone/tablet/desktop wallpapers.

Check it out at the Studio Binky website

See the feature at Mollie Makes online.

“A ‘Binky’ is a sideways flip a rabbit does when feeling free and happy” - Lydia, Creative Director

Studio Binky in Mollie Makes


Low carbon, high fun Beespoke tours

13th Nov 2014

Beespoke tours

Beespoke is now powered by our Green Hosting and what could be more appropriate for such a low carbon company? Organising fun cycling tours from London to various locations in Europe Beespoke focus on friendly, supportive long-distance cycling to interesting places with beautiful views and great food. What more could you want?

Visit Beespoke at beespoketours.co.uk


They are Nova

13th Nov 2014

Nova logoNova's mighty team of two have chosen our Green Hosting to power their blog about consciousness, sustainability and creativity. We love the ethos of Nova, run by Becca and Tayler. Two university friends working in separate parts of the world with a connection in London.

Becca works in Jodhpur, India with the Sambhali Trust, who help Dalit females who have been domestically and/or sexually abused to recover and learn new trades. Taylor is based in the Lamjung district of Nepal working with young volunteers on projects which have a positive impact on the lives of those from less-advantaged communities.

On the Nova blog you'll find a whole range of inspiring posts from healthy recipes to stories of travel and book reviews. Take a look at wearenova.com


« 10 11 12 13 14 »