11th Dec 2015
Brand new for our clients we have a range of badges to show that your website is 100% wind powered by our Green Hosting.
See our badges page for all of the different versions (various sizes, colour and black & white transparent PNGs).
All you need to do is copy and paste the code provided for the badge of your choice into your website. If you need any assistance in doing this then do get in touch and we'll be happy to help.
15th Apr 2015
Updated 3rd July 2015
Wordpress is one of the most popular CMS's today but its popularity has attracted the unwanted attention of potential attackers who look for out of date installations and vulnerabilities to gain access to your website's admin area.
This can cause serious problems, including:
- Attackers gaining access to your website, posting their own content or defacing your content.
- Heavy load on the website server as thousands of attempts to access your website log in is made, resulting in your website being taken offline.
There are ways to improve the security of your WordPress website so that you and your visitors can continue to enjoy its great features.
This needs to be done first and foremost, before any of the items below. Always make sure you back-up your website before starting the updates. Keep an eye out for new software releases and update your WordPress website each time.
WordPress' default Administrator username on initial installation is 'admin'. If you haven't changed this it gives attackers a better chance of guessing your log-in details straight away. Make sure none of your user profiles have the username 'admin'. You need to change the Administrator username or create another user at 'Administrator' level (with alternative username), log in as this new user and delete the original user which has the 'admin' username. Please note that the new user profile must have Administrator level access.
There is a very useful plugin that allows you to set a number of log-in attempts before a user is blocked. If an attacker is trying to guess your username and password their IP will be blocked until your stipulated timeframe. The 'Limit Login Attempts' plugin can be installed and configured easily and was still working on Wordpress 4.1.1 at the time of writing this article.
A potential attacker would usually try to find your log-in page from the default WordPress URL but this makes their job so much harder.
The 'WPS Hide Login' plugin allows you to change the standard log in URL from
www.yourwordpresswebsite/wp-login.php
to
www.yourwordpresswebsite/login-of-your-choice/
Again, this is easy to install and set up. Although the plugin is no longer maintained it was still working on Wordpress 4.1.1 at the time of writing this article.
As additional security to the above WP login rename you can add a small amount of code to your website's .htaccess file. If a hacker attempts to find your standard wp-login.php page they will run into a '403 Forbidden' rather than the '404 Page not found' on your website. Here's the code:
Deny from All
ErrorDocument 403 "Forbidden"
Please note: You should always back up your website before making changes such as these described above. These changes are suggestions only and we cannot be responsible for any problems with third party WordPress software, plugins or themes now or in the future. These changes shouldn't be attempted unless you understand their implications and have a good knowledge of WordPress. If you have a web designer who initially set up your WordPress website then you may wish to ask them to check and make these changes for you.
Additional steps - if your website has been compromised you may find the following useful.
Plugin Vulnerabilities alerts you when installed plugins contain known security vulnerabilities. Also lists vulnerabilities that exist in other versions of installed plugins. This plugin checks the plugins you have installed against a list of verified security vulnerabilities. If the installed version of a plugin is vulnerable an alert is added to the Installed Plugins page, otherwise details of the vulnerabilities are included on the Plugin Vulnerabilities page.
Wordfence starts by checking if your site is already infected. It will run a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. This is quite a powerful plugin and the options and settings are not intended for a complete novice but it will provide an additional layer of security if configured correctly.
If you do not have a web designer or are not able to check and update your WordPress website then we can help. Please send us a helpdesk support request and we can provide a quote for any work needed. It is much more cost effective to defend your website now than to recover a hacked or compromised website.
10th Jul 2014
The world of domain names has just become a lot more exciting with the creation of gLTDs (generic top level domains). Admittedly they have a really boring moniker but gTLDs can help immediately define your business name and website by industy or type.
Instead of the usual .com & .org.uk type domain names you can now choose from many more, like .events or .menu for example. For those trading in the capital there is even a .london gTLD! What a cool way to show potential customers or service users what you do and where you are.
Long, descriptive domain names are cumbersome and have the potential to be mis-spelled by those looking for you. Other domain names can seem to be irrelevant to your organisation and what you do. Just imagine, if you're a company that teaches how to cook organically, something like organic-chef.training would be ideal!
There are so many new gTLDs, in fact too many to list here and their prices vary but if you're interested in finding out a great new domain name for your website then please hop over to our Green Hosting contact page to get in touch.
11th Feb 2014
Recent changes to ICANN's (Internet Corporation for Assigned Names and Numbers) policies mean that some domain name owners will be required to verify their contact details via their domain registrar.
If you are required to verify your details you will receive an e-mail notification from your domain name registrar. Please be aware of any possible fake or spam e-mails imitating this request and always make sure that the e-mail is from your domain registration company.
You will be required to verify your details within 15 days of being asked to do so. Failure to do this within the 15 day timeline means that your domain will be suspended. Your domain registrar is obliged to make the suspension until your details are verified.
If your domain is suspended your site will not be available online and you will see a message like this at your web address (will vary depending on domain registrar):
If we are the e-mail contact for a client's domain then we will carry out this verification on their behalf.
To find out more please see ICANN's information about verification of contact details.
19th Dec 2012
Unfortunately there's another domain scam doing the rounds via e-mail. We've been bombarded by them here.
I'm sure you would be able to tell that these renewal notices are fake but we just wanted to let you know about them to make sure. Here's what they look like:
If we have purchased domains on your behalf we will always contact you directly to let you know that your renewal is due, at least 30 days beforehand.
Green Hosting works handsomely with:
Auto-installer now available on all accounts
