Security

As mentioned in my earlier blog post, I am using LetsEncrypt free SSL certificate on one of my sites. The certificate was due to expire in few weeks. The CertBot dispatched an alert message for the same on my official email address. As I’m using SSL for the first time and having several doubts in mind, I decided to renew LetsEncrypt certificate immediately. I fired the following command in the Linux terminal (10 days prior the certificate’s expiry date) and restarted Nginx. ...

After Google declared HTTPS as a ranking signal, thousands of sites have switched to HTTPS from HTTP. To secure your site with HTTPS, you must install an SSL certificate on the server and configure the web server to redirect HTTP traffic to HTTPS. Before Let’s Encrypt Certificate Authority was launched in 2016, companies used to charge a hefty amount for providing SSL certificates. Now, you can easily get free SSL certificates to secure your personal or business portal, thanks to Let’s Encrypt. ...

Google makes sure that the site which the user is about to visit is clean. It displays a warning message for the websites which are not safe. One of the most common messages that a search engine user see is “This site may be hacked” The search engine will show this message in the search results in one of the below cases. Malicious code in web pages The hacker may have inserted a malicious code in the web pages. When Google comes across this code and finds it suspicious, your site will be flagged as hacked. You can use the free AW Snap tool to find malicious pages. ...

1000s of WordPress websites are hacked every day because the hackers are aware of the security loopholes in plugins and themes that the website is using. Usually, the websites that use outdated or nulled WordPress plugins and themes fall prey to hackers. There are incidents where websites that use powerful WordPress security plugins are hacked. To keep your WordPress website or blog safe, you must back up the database and images on regular basis. You should also use a WordPress security plugin and tweak web server settings to minimize threats. ...

Dual factor authentication has become one of the most important security features in the last few years. Major websites like Google Mail, Outlook, Facebook are now protecting user accounts in a better way by allowing them to use a mobile device as their identity. To activate 2 step authentication, the service provider will ask you to install Google Authenticator app (or any of its alternative). Some websites will ask you to verify the mobile phone number so that the authentication service will send a 4 or 5 digit code when required. This code will be used for one-time verification, and it will be valid only for a few hours. ...

WordPress is claimed to be one of the most secure content management systems of the decade, but you need to take some precautions while using it. The login page is accessible to everyone using the Internet. To access the page, the user has to enter example.com/wp-login.php simply. If you’re using a weak password, then a software or a bot can easily hack your website. Some hackers will target your site with a DOS or DDOS attack. If your hosting provider has not set up a firewall for your account, your website and web server will be down. If the site has many visitors, you’ll lose some revenue. If the access to the wp-config file is not restricted, the hacker will get your database name and its password. ...

WordPress CMS has been prone to many online threats ever since Matt Mullenweg and the team officially launched it. The content management system is impressive, but you can’t stop hackers from attacking websites powered by WP. Attacks can be prevented by installing a WordPress security plugin. If the internet is the only source of your income, you shouldn’t risk your site. There are a lot of useful web tools that can keep your website safe. The best ones are listed below: ...