– WebCare360

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Admin Access Control”
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist WebCare360′s IP address
allow from xx.xx.xx.xxx
# whitelist Xunny’s IP address
allow from xx.xx.xx.xxx
# whitelist Khawaja’s IP address
allow from xx.xx.xx.xxx
# whitelist aa_Numb’s IP address
allow from xx.xx.xx.xxx
# whitelist Work IP address
allow from xx.xx.xx.xxx
</LIMIT>

Paste your IP Address and upload the file.

Now if you have more than one IP make sure you list them there. For example, Work, Home, Vacation IP, if you ever use it. Each time you want to visit your wp-admin panel from another location, you would have to add an extra IP address.

– WebCare360

Hackers attack your blog for so many reasons but the main one is because they want to hijack your Google ranking in order to promote (and increase) their own Google ranking. And as you can imagine, there are many different types of hacks. One of the most popular hacks is a Pharma hack where the hackers insert spam content into your site that is related to different types of medications. Other hacks are more obvious because they use adult content and software sales.

– How do I know if my blog or website has been hacked?

Although it’s usually obvious when a blog or website is hacked, there are times when you may suspect you’ve been hacked but just aren’t sure. Here are a few of the warning signs you’ve been hacked:

• Your Google Page Rank starts to drop for no apparent reason.
• Your blog loads more and more slowly (and you haven’t added a ton of plugins).
• You notice strange links on your website.
• Your Google webmaster tools show strange keywords to describe your site.
• You perform a Google search for your site, the results show titles and descriptions that do NOT describe your site, yet still have your URLs.
• Your website or blog traffic starts decreasing for no logical reason.

If you aren’t sure your site has been hacked (or just want to be sure), do a Google search for a spammy keyword like this keyword:yoursite.com. Try different spam keywords to make sure your site is clear.

– Keep Your WordPress and WordPress Plugins Updated to the Latest Version

The latest version of WordPress always contains bugs fixes for any security vulnerabilities, therefore it is important to keep yourself updated at all times.

–  Hide your WordPress version

A large number of WordPress themes include the WordPress version info in the meta tag. Hackers can easily get hold of this information and plan specific attack targeting the security vulnerability for that version.
To remove the WordPress version info, log in to your WordPress dashboard. Go to Design->Theme Editor. On the right, click on the Header file. On the left where you see a lot of codes, look for a line that looks like this

<meta name=”generator” content=”WordPress <?php bloginfo(’version’); ?>” /

–  Change the WordPress admin username

Most hackers know that ‘admin’ is the username and then they only have to guess the password. Make it twice as hard and change the admin username to something other than ‘admin’

– Remove the Footer Credit

Most WordPress templates will come with a link back to WordPress in the footer saying, “Powered by WordPress”. If you don’t want to get hacked, this absolutely has to go. It is used as a marker by hackers who query search engines to compile lists of WordPress sites. This is known as dorking; implying that people who leave such footprints on their sites are dorks. Removing this will probably stop you from getting hacked as your site will probably not be found once it is removed. If you would like to give credit to WordPress for making a free publishing platform in some other way, you could link to them on your about page. To remove the footer credit, open up

wp-content/(name of the theme you are using)/footer.php

and delete the link to WordPress.

– Remove the Meta Generator Tag

Most WordPress templates will also come with a HTML tag in the head like this:

This has to go too as it gives away what version of WordPress you are using. All a hacker would have to do is look up a hack for your version of WordPress and if you are vulnerable (some vulnerabilities require certain server settings or environments) they will take you down. To remove the meta generator, open up :

wp-content/{name of the theme you are using}/header.php

and delete the meta generator tag.

– Remove the Generator Tag in the RSS Feed

WordPress also gives away which version you are using in the RSS feed with a generator tag like this:

<generator>http://wordpress.org/?v=3.2.1</generator>

Again, this gives away the version you are using so is particularly dangerous. RSS feeds are another way in which hackers compile lists of sites which they might be able to attack.
To remove the RSS generator, open up wp-includes/general-template.php and search for the function called the_generator (around line 1858). It will look like this:

function the_generator( $type ) {echo apply_filters(‘the_generator’, get_the_generator($type), $type) . “\n”;   }

and place a hash (#) in front of the word echo, so it looks like this:

function the_generator( $type ) {#echo apply_filters(‘the_generator’, get_the_generator($type), $type) . “\n”;   }

– Avoid Using Free Themes (malicious code)

you can run into serious trouble by installing plugins and using themes without checking them for malicious code. If you don’t know PHP, I’d recommend only installing plugins and themes which are listed in the official WordPress directories

– Encrypt Your Login

Whenever you try to login to your website, your password is sent unencrypted. If you are on a public network, hacker can easily ‘sniff’ out your login credential using network sniffer. The best way is to encrypt your login with the Chap Secure Login plugin. This plugin adds a random hash to your password and authenticate your login with the CHAP protocol.

–  Use Strong Password

Make sure you use a strong password that is difficult for others to guess. Use a combination of digits, special characters and upper/lower case to form your password. You can also use the password checker on WordPress 2.5 and above to check the strength of your password.

–  Protect wp-admin folder

Your wp-admin folder contains all the important information and it is the last place that you want to give access to others. Use AskApache Password Protect to password protect the directory and give access right only to authorized personnel.

–  Hide Your Plugin Folder

If you go to your http://yourwebsite.com/wp-content/plugins, you can see a list of plugins that you are using for your blog. You can easily hide this page by uploading an empty index.html to the plugin directory.
Open your text editor. Save the blank document as index.html.
Using a ftp program, upload the index.html to the /wp-content/plugins folder.

–  Do Regular Security Scans

Install the wp-security-scan plugin and perform a regular scan of your blog setting for any security loopholes. This plugin can also help you to change your database prefix from wp_ to a custom prefix.

–  Define User Priveleg

If there is more than one author for your blog, you can install the role-manager plugin to define the capabilities for each user group. This will give you, the blog owner, the ability to control what users can and cannot do in the blog.

–  Use Strong Password

No matter how secure your site is, you still want to prepare for the worst.
make sure you back up EVERYTHING, including your posts, comments, files, images, logos, template, links, and HTML coding. That way, even if your blog does get wiped out, you’ll have everything you need for quickly putting it back together.

The best pluggin to do that : Backup Buddy.

If you want free plugin :Install the wp-database-backup plugin and schedule it to backup your database daily, but i must warn you this plugin only backup the database

– Analyze Server Logs

The best security tool, regardless of whichever plugin/software you install, is you. In order to be confident that you are completely protected, you have to take a proactive approach to your website’s security. Three times a day I check my server logs and web analytics to see if there is any unusual behavior.

– WebCare360

But, now we are ready to announce that we are providing daily *offsite backups to our shared and reseller hosting clients with no additional cost. Yes! You read it right, with no additional cost. So, we have taken your headache of taking daily backups and have setup our system for automated daily backups.

If, any clients needs backup, they are required to open a support ticket regarding this concern, and their backup will be provided with 48-72 hours.

– WebCare360

Due to the very huge demand of the streaming servers, WebCare360 has decided to officially announce that now we are providing special streaming servers to cater the needs of the streamers. The main feature of the streaming servers are as;

• 1 Gbps (Unshared Connection)
• 100TB bandwidth / 33 TB bandwidth
• 24×7 useable connection
• Offshore / Onshore location

At some locations we allow 100TB bandwidth per month so the amount of the bandwidth will depends on your budget and the location choice.

For offshore location, you never receive any DMCA complaints, neither we’ll force to to remove your channels. (Locations : NL / RU/ RO/ SW). But, keep in mind that you are in need of a dedicated server with dedicated port of 1 Gbps so don’t expect that you will able to get server within 300Euro’s. So, don’t tell us 300Euro’s for an offshore located server is too much costly

For other locations, DMCA complaints will be forward to you and you will be given 24 hours approx. to comply with the complaints.

We already have many satisfied streamers with bulk orders, so we may select orders of our choice. You will pay for the quality service and we assure you, you’ll be loving that

Romania servers will be back and will be ready for sale after a month or so, and there might be some increase in the prices.

So, now we are only selling our stock at Russia (Moscow), at cheap prices. If you are interested in any other location or need a customized server specification, feel free to contact us.

– WebCare360

WebCare360 is offering the special discount promotions in the month Feb. We are giving 15% OFF to all our new clients on Shared/Reseller Packages for the first month.

To avail this exclusive promotion you just need to enter the code “FEB15” and you will have 15% OFF for your first month.

]]> http://blog.webcare360.com/feb-promotions-shared-reseller-hosting-valentines-special/feed/ 2 http://blog.webcare360.com/new-servers/ http://blog.webcare360.com/new-servers/#comments Fri, 20 Jan 2012 21:58:26 +0000 WebCare360 http://blog.webcare360.com/?p=95 WebCare360 is considering to add more stock with DDOS protection !!