Monthly Archives: June 2018

Top 10 WordPress Security Plugins in 2018

WordPress is one of the most popular web software that is used to create beautiful blog or setting up e-commerce sites.  In addition, there are both free and paid versions of plugins and themes available for the WordPress platform.  Often, a few of these free plugins or themes are uploaded by people who have tweaked them for their own gain.  These unscrupulous individuals could inject malicious code that allows them to gain entry to your blog’s back end access without your consent. There are also cases whereby these hackers attack and compromise your blog in order to redirect traffic to malicious URLs which is why it is crucial to scan WordPress for malware regularly. In this post, we will focus on the best 10 plugins and services to scan your WordPress for malware.

 

 

1) Vaultpress

Vaultpress is a real-time backup and security scanning service designed by Automattic, which is the company responsible for the growth and success of WordPress.com.

VaultPress is now powered by the Jetpack plugin and effortlessly backs up every comment, media file, posts, revision and dashboard setting on your site to VaultPress servers. With VaultPress, your website is well protected against accidental damage, hackers, malware, and host outages.

There are 3 plans available inside VaultPress – the Personal, Premium plan and Professional plan. The Personal plan offers brute force protection and uptime monitoring but does not include daily malware scanning. If you require daily malware scanning, the Premium plan (USD 99 per year) will perform daily Malware scanning for your website. For the Professional plan (USD299 per year), it is the best option since on-demand scans for infiltrations and malware as well as automated resolutions can be done without lifting a finger!

In order to activate VaultPress, you need to install the VaultPress plugin first and connect it to your website via FTP/SSH.  By doing this, it will start monitoring your website on its own. You’ll be able to access information about any security threats found during your daily scan and make updates if needed (or restore a fully secured backup generated by VaultPress) – all from your VaultPress user dashboard.

 

 

2) MalCare Security & Firewall

Developed by the team behind BlogVault, the MalCare Security & Firewall plugin packs an intelligent machine-learning based security firewall, a one-stop login protection system and a no false positive security scanner.

Brute force attack is a common issue for WordPress sites, and so the Web Application Firewall and the Login Protection are activated in the free version of MalCare plugin which helps to safeguard your website 24/7 from bots, hackers, and the rest.

By leveraging MalCare’s early malware detection technology, this could successfully detect complex malware that goes undetected in other popular plugins. This will help prevent your website from being blocked by web hosts or blacklisted by Google.

This plugin is able to identify a malware accurately and reducing the number of false positives being reported significantly. This means that you are alerted only when the plugin has confirmed that it has detected malware and not a ‘possible suspect.’

Meanwhile, the premium version of the plugin automatically deletes malware that has been found on your website. In addition, there are options like IP Blocking, Login Protection, and Website hardening which serve as added layer of protection. If you have multiple websites to maintain, managing plugins can be a headache. Updating or removing plugins, themes and WordPress core can be carried out from within the MalCare Pro dashboard.

MalCare is truly a one-click security solution for your website.  All heavy lifting is done at their end that ensures your site’s security does not come at the cost of your site’s performance. In short, MalCare is the most innovative and effective WordPress solution available that helps to keep your website protected from malware, hackers and the rest.

 

 

3) Sucuri SiteCheck Scanner

You can always perform a free remote malware scan of your website by visiting Sucuri SiteCheck Scanner website and enter the URL of your website before hitting the “Scan Website” button. The scanner will extract the links, javascript files and iframes, and revisits your website main page as a search engine bot.

How Sucuri SiteCheck works is that it compares all the pages and links against Sucuri’s malware database and reports the anomalies which include malware, blacklisting, defacing, website errors and out-of-date software. The scan generates a report of the malware found and recommendations on how to manage them.

The scanner does not access your server. This is a major disadvantage because anything malicious in the server that is not displaying in the browser is not detected by the remote scanner. And hence, this scan is ineffective for backdoors, phishing and malicious usernames.

Besides scanning, the Sucuri Security plugin can do much more – audit logging, integrity checking, email alert, security hardening and other tools. You can also choose to activate the plugin and generate a free API if you do not want to run the URL often.

In addition to free service, Sucuri also offers many paid services as well. For instance, a Firewall service (CloudProxy) that can perform malware cleanup, prevent hacking, security monitoring and many more.

 

 

4) iThemes Security (Formerly Better WP Security)

The iThemes Security plugin is hugely popular with over 800,000+ WordPress users downloads recorded to date. This plugin secure your site and scan WordPress for malware. The free version of iThemes Security plugin provides 30 layers of protection and security including a 1-click “Secure Site” check, Malware scans (via Sucuri SiteCheck), strong password enforcement, brute force protections, database backups, file change detection and much more.

If you are looking for security features such as 2-Factor Authentication, scheduled Malware scans, password expiration, WordPress core file comparisons and many more, then you need consider upgrading to iThemes Security Pro plan. The Pro plan of this plugin will cost USD80 per year which might be a bit high for some bloggers, but can you really put a price on security and peace of mind?

 

5) Anti-Malware Security & Brute Force Firewall

Besides scanning and detects malware, the Anti-Malware Security and Brute Force Firewall helps you to fix them. It detects malware, viruses and other threats on your server, and marks them as Potential Threats.

You will have access to download of new definitions, automatic removal and patches for known vulnerabilities if you register the plugin at GOTMLS.NET. Since the Revolution Slider in WordPress is particularly prone to malware attack, hence the protection for this feature is automatically enabled in this plugin.

The premium version of this plugin offers protection against Brute Force and DDoS attacks, scanning the integrity of the core files and downloads new definitions automatically. You can donate fixed amounts ranging between USD 14 to USD 133.7, and each level opens up different features. For USD 29, almost everything is unlocked for as many websites as you want.

 


6) All in One WP Security & Firewall

The All In One WP Security & Firewall plugin is another popular security plugin that is user friendly. The plugin offers a list of security features such as password strength, built-in captcha, database prefix options, brute force login attack protection, file permissions, htaccess/wp-config backups and firewall protection. In addition, the plugin also provides simple-to-use security scans that you can use to detect and remove malware quickly.

You may utilize the file change detection scanner and database scanner to search for file changes or data tables you didn’t create. You may also use the settings to schedule automatic detection and to have an email sent directly to you inbox whenever a file change occurs. This way you will get to notice quickly if there is any potential hacking attempt.

The plugin does offer Malware specific scanning, but you will need to pay USD 9.95/month for the Site-Scanner plan in order to enable this feature.

 

 

7) WordFence

Wordfence is free and open source and uses the constantly updated Threat Defense Feed to monitor and prevent your website from being hacked. Wordfence is not merely a malware scanner, but it offers almost complete security protection for your website.

The Web Application Firewall can identify more than 44000 known malware and prevent it from attacking your website. It also scans for backdoors, phishing URLs, Trojans, suspicious code and any other security threat.

The scans are generally performed at hourly interval so you will be informed of any malware content on your website within the hour of it reaching your website. This security plugin can scan core integrity as well as monitor traffic in real time.

You are required to pay and obtain a Premium API key if you wish to run scheduled scans, country blocking and other additional features.

 

 

8) ExploitScanner

Exploit Scanner scours the files and database of your website to hunt for alien code. Active plugins are also scanned. This plugin sole function is only detection, thus any clean-up and prevention will have to be done by other means.

You can increase PHP memory access from the plugin admin page if you find scanning is slow on account of insufficient memory. You can customize the scan and exclude some files from scanning, but it is always recommended to perform a complete scan.

The only disadvantage of using this plugin is that it has a tendency to return ‘false positives’. So, you must be able to understand the results of the scan and able to identify the alien code.

 

 

9) Quttera Web Malware Scanner

Auto-generated malicious content, malware, trojans, backdoors, shells, viruses and malicious code injection – if they are lurking in your website, Quttera Web Malware Scanner will find them all.

If your site has been blacklisted by Google, it will reveal that in a scan as well.  This scanner generates a detailed malware report, based on which you can clean up your website. However, you need to contact their support in order to remove the malware.

 

 

10) Theme Authenticity Checker

You can rely on Theme Authenticity Checker to identify theme vulnerabilities quickly and easily. Whether a code clean-up is required or not can be determined by Theme Authenticity Checker.

This plugin scans the source code of the theme looking for unwanted alien code. When it finds the mischievous elements, it will highlight the location where you can find it, along with a snippet of the code. The disadvantage of using this plugin is that it does not automatically remove the offending code. You need to assess the impact of the code and decide whether to remove it manually or keep it.

 

 

Conclusion

If you do perform a malware scan on WordPress and the result shows your website to be clean, can you rely on it? Maybe, but always take it with a grain of salt as scans are not foolproof.  You are reminded that there is no 100% perfect malware scanner out there and scanning for malware is likely to throw up some false positives. If you do decide to scan WordPress for malware it’s a quick and easy first step to protect your website. Though it takes more than a few scans and plugins to safeguard your website from security threats, website security is something you need to think through fully and implement diligently.

One of the best ways to minimize malicious code from reaching your website is to download themes and plugins directly from trusted theme developer or author’s page and not from any suspicious third party websites or forums. Many compromised plugins and themes with malicious codes are often found in sharing sites and open forums. So, you have been warned!

10 Technical Things all Non-Technical People Should Know When Creating a Website

When you are brand new in website creation there’s tons of information to sort through and this can get yourself feeling a bit overwhelming indeed.  In fact, you might stumble across a group of acronyms, technical jargons and phrases that are literally unheard of before. If you are not an expert in coding, you might be wondering things like “How much of this technical stuff do I really need to know anyway?”, “Is this worth the headache?”, “Is there any plugins or apps that can perform the function that I needed for my website?”, “Can’t I just inform my web hosting provider to fix it for me if the same problem arise again?” and many more.

If you do not possess web development skills or coding knowledge required to build a website, you are still able to build a decent website by leveraging the advances in technology these days.  Although you don’t necessarily need an in-depth technical knowledge or “know-how”, there are still a few technical matters that you need to get familiar with when it comes to creating and maintaining a website. Below are ten technical things non-technical people will want to know more about as they build and maintain their websites.

 

  1. Where Your Domain is Hosted and The Type of Hosting You Need

You should know exactly where your domain will be hosted and what types of servers you will need to access it before you finally select a hosting provider for your domain. In the current market, there are 4 hosting options available for your domain: Shared server, Virtual Private Server (VPS), Cloud server and Dedicated server. Always ensure you understand each type of hosting in depth first before making a final decision on choosing a hosting provider. If you are unsure which hosting plan suits your requirement, always contact the potential web hosting provider beforehand to learn more about the different kinds of hosting options available, and which option is best for your website.

 

Here are some of the common questions that will be asked by your web hosting provider when you try to contact them. So, please get ready with your answers before calling them.

  • Your budget and bandwidth requirement
  • The business needs and goals you’re trying to achieve
  • How much traffic your site will generate
  • What type of content you need to create and access

 

 

  1. Content Management System Elements and Navigation

Once you have get past the 1st phase above, you need to know whether you are going to design the website by using a website builder or leveraging the power of Content Manageent System (CMS) such as WordPress or Drupal. With CMS, you will want to know what types of content files and folders it supports, how you can administer user access and roles, how much storage space you can use, if and what you can customize, where you can navigate to different parts of your site, etc.

 

In addition, you need to grasp the basic understanding on how to navigate through the control panel in your CMS and identify which plugins you can access and manage, as well as how you will be able to update and assign permissions to all your website data and files. You’ll need to know how to assign who can read, write, and execute different files on the backend of your website. Otherwise, your website’s security may be at risk. So, you’ll need to know more about FTP (File Transfer Protocol) and what it means.  For this purpose, you can always perform a Google Search on what is a FTP or finding Youtube videos on “FTP Explained”. Alternatively if you want to make things simplified, try ServerFreak’s WordPress Hosting today and let their technical team support to handle the above tasks on your behalf without you going through the hassle of fixing these list of items.

 

  1. Simple Structure of a Web Page

Even if you are not building a website from scratch, you still need to understand what is considered a basic structure of a webpage and where they appear on a webpage in its source code. Below is the list of basic terms that you need to know regarding a webpage structure:

 

  • Header
  • Navigation bar
  • Main content
  • Section
  • Article
  • Body
  • Side bar
  • Footer

 

In addition to webpage structure, you also need to know what is “Duplicate Content” and understand the basics of URL parameters and semantic URLs. This is very important if you wish to have your website continue to rank higher in search results in search engines. Learn more about the technical things you need to know about URLs by reading this piece published by Mozilla.

 

  1. Basics of HTML Code

Hyper Text Markup Language (HTML) is the standard markup language for creating web pages and web applications. You are required to know some of the basics of HTML even though you probably don’t need to write HTML code from scratch. The advantage of knowing HTML basics is that it will help you identify and fix both large and minor issues on your website. For instance, when you’re writing website content, you’ll want to verify your HTML code if it’s not appearing accurately.

For basic understanding, here are some HTML tags or attributes you need to know:

 

“h1” “h2” “h3” “h4” for header text

“p” to start a new paragraph of text

“br” to include a line break between paragraphs

“strong” for bolded text

“em” for italicized text

“u” for underlined text

“ol” for ordered lists

“ul” for unordered or bullet-point lists

“li” for line items in lists

“a” tags for hyperlinks

“img src=” tags for images

 

If you wish to learn more about HTML, you can always refer to good reference site such as W3 Schools

 

  1. What CSS and JavaScript Are and What They Do

HTML code usually works in tandem with CSS (Cascading Style Sheets) code and Java Script. While the HTML code defines the structure for the website, the CSS code controls the website layout and presentation while Java Script programs the behavior of the webpages.

 

Even if you have zero knowledge on how to write in each code, you should know why they’re used on websites and where you can find the code on your particular website. Java Script allows your website to be more interactive, and CSS makes it so things don’t just appear in black and white text and boring boxes on your website.

 

To learn more about what each type of code does, you can read up W3 Schools resources on CSS and Java Script

 

  1. Technical SEO for Content

You might have heard of On-Page and Off-Page SEO. But what is a Technical SEO?

Technical SEO is essentially defined as how well the search engine spiders can crawl your website and index your content.

Technical SEO needs to be optimized to make the necessary foundation that provides your content and links with the best possible marketing environment so you can shine in the search engine results without any obstacles. For this purpose, you need to ensure your website pages are optimized for search engines and especially mobile devices. It is important to know the following key On-Page SEO components are located on your website and how you can update and edit them:

 

Title tags

Meta descriptions

Image alt tags

Canonical tags

Internal links and anchor text

For more in-depth details, kindly visit Kissmetric’s blog post to learn more.

 

  1. Redirects and Status Codes for Website Pages

Here are some of the basic status codes that will inform you whether your URLS are working and loading properly for your site visitors. You might have encountered some of these codes before for instance, Error 404.

 

200: Page loads just fine.

301: Page is being redirected to a new URL permanently.

302: Page is being redirected to a new URL temporarily.

404: This page doesn’t exist and is not able to load.

 

  1. What Plugins Are and How to Install Them

A plugin is a piece of software containing a group of functions that can be added to a WordPress website. They can extend functionality or add new features to your WordPress websites. WordPress plugins are written in the PHP programming language and integrate seamlessly with WordPress.” (quote from WP Beginner)

The use of plugins offer all kinds of customization to your website, but you should know exactly how they work first, or you could risk the functionality or security of your entire website. The plugins can be installed directly from your CMS Dashboard.

Before you install any plugins, make it compulsory to understand what a plugin is exactly supposed to do, what it’s compatible with, and how to properly install or uninstall it.

 

  1. Tools You Can Use to Test and Optimize Your Website

There are a considerable number of tools on the internet that help your website run more efficiently and securely on the backend. Along with plugins, you’ll also want to utilize various tools that crawl your website automatically or offer important analytics on technical things like:

  • How fast your web pages load
  • User history and behavior
  • Keywords and information on your technical SEO components
  • Broken links
  • Security vulnerabilities

For a start, you sign up for Google Webmaster Tools in order to gain a basic understanding on how these tools work and what to look for when using them. Most often these tools are easy to use even for a novice and they help to provide detailed real time information on how your website is performing technically.

 

  1. How to Keep Your Website Safe and Well-Maintained

Website maintenance is important to any businesses, regardless of size. Once you get your website up and running, you will need to learn why your website need to install a SSL certificate, and how to prevent things like SQL injections and cross-cite scripting. You will also need to know how to schedule routine backups for your website and know where your backed-up files are stored. Getting yourself prepared can help you minimize the impact if you already have a data breach response plan ready. Always remember that proper website maintenance will help to maintain the value of the website over time.

In conclusion, you are capable of building a functional website even if you are not very technical. However, you still need to know at least some of the things mentioned above first. By understanding the key points listed in this article, you will be in a better position and well equipped than those non-technical people who are dealing with website creation and maintenance for the first time.

 

Selamat Hari Raya Aidilfitri from ServerFreak!

Serverfreak wishes all our Muslim customers Selamat Hari Raya Aidilfitri    Maaf Zahir & Batin ! 

May you have lots of great time during this festive season. Drive Safe !! 🚗..

During this festive season, our technical support team is available to assist you 24/7 through our helpdesk. Please submit your ticket to support@web-hosting.net.my or submit ticket directly from our website helpdesk!

 

 

Grow Your Business Successfully with Instagram

=Why Instagram is the social channel you need to optimize for massive growth=

 

Humans are visual creatures in general and there’s no denying that clients today are easily influenced by images rather than words or text. Like they say, an image speaks a thousand words, hence that’s the key reason why Instagram has grown so fast over the years and become a major social powerhouse right after Facebook. With Instagram, you can build your own followers who will then become your fan base and ambassadors to promote your brand or business. Such powerful marketing ability is one of the reasons why Instagram is considered as one of the best marketing tools for every business owner after Facebook.

 

Instagram Promotes Higher Engagement Rate

Instagram is a visual medium, so to build your brand you’re going to need to incorporate strong photos that will invoke higher interest from potential audience. By posting attractive photos related to your product or company brand, you stand a great chance to convert potential customers and visitors online into customers very soon. It’s an act of persuading people (or becoming an influencer) by leveraging the power of images.

Since people like and comment actively on photos or pictures that resonate with them (which is very true for fashion and apparel businesses), business owners will stand a chance to identify customer preferences, including which products are most sought after.

 

Instagram Allows Us to Reach Consumers of the New Millennium
Youngsters nowadays have their own Instagram account and spend more time in Instagram than Facebook. The young generations of today e.g. Gen-Y have equally good purchasing power as well so businesses must take advantage of this powerful social media platform by posting high quality images that can attract this group of people for their business and brands.

It has been reported that more websites and businesses have successfully gained higher number of visitors by having their own Instagram account.

 

User-Friendly i.e. Simple to Use

Are you a business owner who doesn’t have a sound graphic design knowledge? Worry not. Instagram is designed solely for people like you who have zero knowledge on computers. Instagram is created for the purpose of posting pictures so the effect functions available on Instagram will enable you to transform your photos becoming more appealing to your fans out there, thus creating an everlasting impression to your audience or potential clients.

 

The Power of Influencer Marketing

Influencer marketing is a hot marketing trend right now in the online marketing world.  More and more big brands are taking advantage of influencer marketing to boost sales and establish loyal customer base. There’s no denying the fact that Instagram is becoming the number one choice platform for businesses to build a solid brand name, thus now is the golden opportunity for any businesses to seize.

 

Autoplay Videos with Sound

Besides images, you can also play videos on Instagram. For Instagram Stories, for example the videos are set to play with the Sound On by default whereas Facebook videos are set to Sound Off by default. This difference alone is clearly an advantage for Instagram users.

 

Customer Targeting Made Easy with Instagram

Similar to Facebook, business owners can differentiate their fans based on location and demographic on Instagram. In addition, they can also create customer profiling for their followers easily because people tend to like and follow accounts that are relevant to their interest!

 

Businesses Can Now Post Ads on Instagram

With the recent changes on the Instagram platform, users can now post ads just like Facebook!  The ads on Instagram are more image centric and also allows businesses to engage with their clients easily because the posts are more clustered compared to Facebook. The timeline in Instagram is well arranged than Facebook since users on the Facebook platform have to scroll down and find your posts.


Conclusion:

Instagram might not seem like the ideal platform for all industries – especially non-visual ones – but with the right approach, you can have success for your business. So give Instagram a try today if you still do not have an Instagram account. It’s never too late to get started!

Benefits of Cloud Server for Your Business

Everything is “cloud” nowadays, from Cloud Storage to Cloud Computing and now:  Cloud Server. In short, “cloud” is fast becoming the new norm in our daily life.  By the end of 2018, it’s estimated that that 90% of Malaysian businesses will be using at least one cloud service.

Why are so many businesses moving to the cloud? That’s because cloud server offers supreme performance, great reliability, tighter security and many more benefits.

Check out 4 benefits of cloud server for your business below:

 

1) Supreme Server Performance

With cloud server, your server will have improved performance than normal shared hosting and Virtual Private Server (VPS). In short, cloud server is your “mini” dedicated server which have comparable dedicated server like performance albeit at a much cheaper cost. With ServerFreak Cloud Server, you can expect elite-level performance with consistently fast load times, where dynamic requests are processed with lightning speed. This makes it ideal for business websites that receive high volume of traffic – especially during new product launching day!

 

2) Great Uptime for Business Continuity

As a business owner, you should know that any downtime will hurt your business.  With our cloud server solutions, you can be sure that your business continuity is well taken care of by us.  You no longer need to worry anymore about local servers being down because now you can leverage our cloud server redundancy technology. Redundant cloud servers not only mean that your data is stored in more than one location, it also means that your site and databases run on multiple dedicated servers at the same time which creates even more of a safety net.  If one server goes offline, the others pick up where it left off, resulting in near 100% to five-nines uptime (99.999% – which is 5 minutes or less per year!).

 

3) Unlimited Email Sending Limit and Software Customization

Unlike shared hosting, you can send unlimited emails for your email marketing campaigns through cloud server regardless of the size of your email list. Since you’re running a business, this unlimited email delivery feature will save some of your capital because there are 3rd party email autoresponder providers out there such as GetResponse or Aweber, for example, which charge you up to thousands of Ringgit per month just to send out unlimited emails to email audience size of 100,000 people alone.

 

In addition, you are also allowed to install any software which consumes high amount of server resources that are previously restricted or prohibited inside a shared server. Owner of the cloud server can install and run their own operating system, control panels or software of their choice at their own convenience. Also, you have full access to the server and can reboot the server anytime since you are given root access to the cloud server. With cloud server, you enjoy great flexibility.

 

4) Secured Environment & Robust Disaster Recovery

When it comes to security, you can run your site with confidence on a cloud hosting plan. ServerFreak have stepped up their security protocols to protect databases and applications against common threats such as malware, denial of service and cross-scripting.

Preventative measures such as encryption are used to protect data and prevent attackers from infiltrating a network. Although you’re never completely immune to an attack, you can run your business website with peace of mind that it’s safe and secure on a cloud hosting plan.

With your sensitive business data stored in the cloud, your access to it won’t be restricted by hardware malfunctions or other unfortunate events. Disaster recovery can now be a simple and affordable process even for businesses that can’t match the resources of enterprise-level companies.

From the 4 benefits listed above you can see how cloud server will benefit your business! So what’s holding you back?

Contact our ServerFreak sales specialist now at sales@serverfreak.com to get started and expand your business’ digital footprint with our Cloud Server solution today!