How to secure your wordpress website from malware?

WordPress is one of the most popular content management system. Initially it was used only for blogs, however these days, the wordpress is being used to create wide range of websites. The availability of wide range of themes and plugins (and their low cost) has added to the popularity of the wordpress.

Actually, the themes and plugins which makes wordpress a good choice, also leads to one of the biggest problem on wordpress platform and that is MALWARE. There are many plugins and themes which are not secure enough to evade even the simplest of malware attacks. Secondly, its wide use attract hackers. Discovery of single vulnerability in any widely used theme / plugin or wordpress core can lead to the hacking of millions of websites!

So in this situation, what can be done to prevent malware attacks on your website or how to make your website strong enough to withstand the malware attacks. I will be discussing some of such methods which can help you secure your wordpress website.

Choose Your wordpress theme wisely:

http://www.smashingmagazine.com/2014/12/what-to-consider-when-choosing-a-wordpress-theme/

Choose the right plugins for your website:

http://code.tutsplus.com/tutorials/choosing-the-right-plugin-for-your-next-wordpress-project–wp-34921

Keep WordPress Version Latest:

https://codex.wordpress.org/Updating_WordPress

Update your theme & plugins:

Free and un-supported wordpress plugin may lead to security holes in your website. Avoid using plugins with bad ratings. Also use plugins only if you are 100% sure you need them.
http://www.sitepoint.com/a-guide-to-updating-wordpress/

Install Security Plugins:

Instead of doing each small (but important) security action manually, there are many plugins available these days, which allow you to undertake these security actions with utmost ease and secure you from most of the malware attacks.

Some of these plugins are given below:

iThemes Security Plugin (FREE)
https://wordpress.org/plugins/better-wp-security/

Bulletproof Security Plugin (FREE + Pro version)
https://wordpress.org/plugins/bulletproof-security/

All in one WP security Plugin
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Sucuri Website Firewall (Paid)
https://wordpress.org/plugins/sucuri-cloudproxy-waf/

Regular Backups:

One of the most important thing to take care of. Must take regular file and database backups. Store them at the third party storage. Also, you should be able to restore from the backup quickly and easily.

Find more information about wordpress security here:
http://codex.wordpress.org/Hardening_WordPress

Note: We offer daily incremental backup service along with malware protection plans for wordpress websites. To get your website’s free security audit send us email on : info@cwebconsultants.com

Forwarded Emails (From Hostgator) Are not Delivered to Gmail

BACKGROUND:
We have recently advised one of our client to buy VPS hosting from Hostgator, as many of our previous clients have used the hostgator successfully for VPS hosting. The client bought the hosting but faced many issues. But the biggest problem was not getting the response to tickets. Anyway, let’s get to the specific issue quickly.
 

WHAT WAS THE PROBLEM:
The client had set up the emails forwards (on hostgator hosted emails) to the gmail email account. So the issues was:
 
Not all forwarded emails  (email hosted on hostgator for hosted domains) were getting delivered to the forwarded gmail email address. Mainly automatic emails from websites and many other emails were not forwarded (although they were received in the hostgator hosted email address.).
 

TROUBLESHOOTING
It was found that the email address were being forwarded to the gmail but gmail was rejecting the emails thinking they were spam.
 

SOLUTION
Instead of forwarding the email address, we advised the client to configure email account import in gmail, which solved the problem.
 

For more details you can view this page:
https://support.google.com/mail/answer/21289?hl=en

Why Inodes On My Server Are Running Out So Fast?

We have encounterd this situation many a times on our servers, when all the inodes are used and websites stop working. Even the WHM panel stops working. This is really bewildering situation to be in.

Why It Takes Place:
In 90% of the cases, we have found that the reason is SPAM. One of the domains hosted on your server was generating spam. That spam mesages were not delivered to the supposed email address so were being stored on the server. The volume of messages was so much that the server choked!

How to enter the server when WHM panel is not working:
You can enter the server through SSH login on command line or through parallel plesk panel (hostgator provides it with VPS hosting).

How to find the folder with excessive number of files on server:
You have to have access to the SSH console to follow the below given steps.
Also these steps apply if you are using exim4 as your mail server:

Execute the following shell commands on your server remote console.
$ cd /
$ for i in *; do echo -e “$(find $i | wc -l)\t$i”; done | sort -n

It will take sometime to display results so wait for results. It will list all the main folder along with their file counts. You can go into the folder (cd to the folder) that is found to have too many files & execute the same command again. In this way, you can narrow down on the required folder.

You will find large number of files in “input” and “msglog” folder as described here:
http://forums.cpanel.net/f43/large-number-small-files-filling-out-var-spool-exim-input-directory-405811.html

How to fix it?
Delete all the files inside the input folder and msglog folder:

Follow this article to know how to delete all the files from directory including sub-directories
http://www.cyberciti.biz/faq/delete-all-files-folder-linux/

Thats all, you will find that a large number of inodes are freed up. But be aware to block or stop the spam from the suspect website.

Is Your Website Mobile Friendly or Responsive?

Google has recently (21st April, 2015) released a new mobile friendly update (read the full Google blog post here).  It will badly effect those websites’ ranking in Google mobile search results, which are not mobile friendly websites. This is really significant as more & more users, all over the world, are browsing Internet from their smart phones instead of their desktop computers or laptops. So the consequences of this update on your web page ranking (in mobile search) will be significant.
As the update has already been rolled out, so the main question is, what should you do to be sure that you are not adversly affected by this update.  I have mentioned some steps below which will help you assess your website against the Google mobile website update.
How to test if your website is mobile friendly or It is not? 
Go to this Google Mobile Testing Tool. Enter your website URl and It will show you if your website is mobile friendly or not. (as show below)
Mobile Friendly Website Test
Enter your website URl to test if your website is mobile friendly

If your website is detected as Mobile friendly then its all OK – You can relax and there is nothing to worry about. this Google update does NOT apply to your website. (You will see the following result)

Your website is mobile friendly.
Your website is detected as mobile friendly.

If test result turns out to be negative. Then you should take immediate action.

Mobile Friendly Test Failed
Your website is NOT mobile friendly.
So the next question could be, what should you do if your website is found to be NOT mobile friendly?
The answer is very simple and straight, you have to make your website mobile friendly, there is no other way out. You can take one of the two actions (discussed below). The decision is very subjective and it depends upon your budget as well as website type.
  • You should consider complete re-design of your website. Build a new responsive website to replace your current website. Many points will have to taken care of while redesigning the website as responsive (especially if your website ranking was good in Google SERPs). This is completely out of scope of this post to discuss those points.
  • Make your existing website moible friendly or responsive.
As I mentioned above, the decision is very subjective and depends upon various factors like budget, website type, criticality of the Google ranking etc… Get in touch with your web developer to discuss your project and find the best solution.
It does not cost much to make your website mobile friendly if your website is small business website, but it can may need substantial budget for a ecommerce or large website.
Get in touch with us today discuss your website. We have experienced web developers who can help you make desicion by discussing pros and cons of each apprach.