Archive

WordPress version 5.1 is here

wordpressWordPress version 5.1 is here, you can find the details here https://wordpress.org/support/wordpress-version/version-5-1/ . If you are using an older version of WordPress, I suggest you upgrade as soon as possible.

Before you upgrade, always verify the plugins that you have installed are compatible. An upgrade to the outdated plugins may require. Do a backup of your WordPress website before the upgrade.

It is a common mistake made, the users backup the WordPress files only. WordPress website is a database CMS. Content updates are changes in the database table, thus making a database dump / backup is important.

Without the latest database backup, you have a high chance of getting a broken website during restoration.

About Website cache?

There are many types of cache, some served with the web server and some are integrated with the website applications, like WordPress. Whichever the type of cache you are using, the objective is to speed up the website.

PEOPLE WORKINGYes! I just said ‘sped up the website’. Wait a minute speed up my website? I have a broken website and mt updates were never appear!

Certainly, your website and her website are not the same. Apart from the website, She is using a IIs web server but you are using an outdated Apache 2.2 web server. For your information, Apache 2.4 is newer and better.

Caches are intended to speed up your website but the question is ‘how much’? Is your website properly loaded? The idea of ‘cache’ is to store the data frequently access or preloaded so that it can speed up on displaying the page on the website.

The cache uses the technique of compressing, preloading, minifying, combine and expiring to speed up the loading process. However, these caches introduce 2 main issues;

  • A broken website
  • Updates are not reflected.

These are known issues. They can be annoying. Some learn the processes. If you choose to use cache, some of these are unavoidable. Some caches are more intelligent, they automatically flush each time you have made an update but I suggest you manually flush for a better result.

If the cache has a commercial license. Ask for trial. You need a few days of intensive testings to make sure all pages of your website are loading properly.

 

Sucuri Firewall Pro is better?

Sucuri Firewall Pro is better? Yes, in a way. It depends on the users, and on how he or she is managing the website. However, I personally feel Sucuri is better and can be better.

In the market, Sucuri is not the only one markets website protection. There is big name like Cloudflare, Stachpath and others. But my discussion is on Sucuri today, and the Pro plan. They don’t have a free plan like Cloudflare. For their plans: You can find it here

I set up and use most, Actually, they do the job. However, I like Sucuri. The set up gives me a feeling that it is more secure for those choose to use their own DNS. The website webroot point to Sucuri proxy, not to your source. In this way, it is difficult to find your source IP and attack it.

sucuri firewallEven your source IP is exposed, you can protect your web server only allowing sucuri proxies to access it. It is strongly recommended that you do that. When you are using a firewall proxy, your log will show the proxy IP instead. Sucuri has a tutorial on this, how The X-forward can be found here for the most web server.

Sucuri Package from us comes with monitoring too. You can check your website is status and infected by malware or not as little as 6 hours interval.

Most website proxies include CDN. With the feature, it speeds up your website. A bigger brand has more POP than Sucuri. However, never get the impression that the site responds faster. For example, my website vastspace.net scores 86 in Pingdom speed test with Sucuri and 72 only with the other firewall. Test location for both set up was the same. To confirm, I used GTmetrix, Yslow is 81 and 89 with Sucuri.

I feel too the website has loaded faster even the load time at GTmetrix has proven.  I’m not sure you have to pay more to improve loading speed (image loading speed for example) if this is the case, Sucuri is cheaper.

Sucuri is easy to understand and straight forward to most as compared to many web firewall. I found what I need, I have tried some web protection GUI. I’m either overwhelmed by the clickable icons or they have limited features. Actually, the worst feelings are having to pay for a particular feature. In my opinion, do not put them there but sell them as the addons.

Like I have mentioned, this is my opinion. Sucuri is value for money. It costs lesser than most, you will get website protection and speed. It is worth considering.

 

 

 

Modsecurity in cPanel

Another great feature in WHM/ cPanel easily neglected is the modsecurity. It is useful you have not got any web protection like Sucuri Firewall Pro. Users did not enable this feature to protect their open sourced website like WordPress, Joomla etc. This module is enabled by default but there is no rule to process. So it is as good as it is disabled.

Go to modsecurity to install vendors, I use OWSAP commonly. And remember to enable to process the rules in configuration. The rules will stop common attacks and viabilities of your website. This is important feature to those do not have ant web protection.

Transfer Tools in WHM/ cPanel

This is a very useful tool in WHM/ cPanel. But many server admin or users have neglected this. Either it is not often used or the control panel has many features and too clustered. But nevertheless, today I’m showing you these tools found in WHM/ cPanel.

transfer tool in cpanelThere are 2 transfer tools might be handy if you are moving to another host. The Restore a Full Backup/cpmove File and the transfer Tool. So both do the same job but the processes are different. You must know these tools in case one has an error. Restore a Full Backup/cpmove File is kind of semi-migration tool. You go to the website via cPanel of the source server and do a Full backup, The backup will be in certain formatted name recognised by cPanel as a restoration when it has completed. The backup file will be located in your home directory. You can either use rsync if you have the root access or use FTP to the source server. Place the backup file in the backup home directory of the destination server, and you use Restore a Full Backup/cpmove File to restore a backup file.

On a full backup, you can also use FTP 0r SCP remotely dump the backup file to the destination server also. But I found that rsync is more reliable. It is a personal preference, o it is about transfer a file from the source to a destination server.

transfer toolThe other is the transfer tool. The tool migrates the desired accounts or websites from the source server to the destination server. So the transfer tool might be suitable to an intermedia user. You need root or sudo users to access, to migrate the accounts. After you have initiated a transfer, you do not need to stare or watch them.  You can safely close your browser, and the session is still active. You can come back to review the entire transfer process later. Most are self-explanatory, I will not further elaborate.

These 2 migration tools have a high success rate. Even you are migrating a website from another control panel, which limited to the ‘Transfer Tool’. They have saved us plenty of time and effort.

Why WordPress? Do and Don’t

It’s WordPress again? Someone has written to our tech support department, asked if we can install WordPress for him. If you are using Plesk Onyx or cPanel, they have a one-click installer for WordPress in the control panel. Plesk Onyx has this WordPress Toolkit to manage your WordPress under one roof. But this is not the topic today. There are so many WordPress websites. If you are an amateur, I recommend you read further to understand WordPress further. This is extremely important and you will know why.

There are many websites are hacked each day, do you know it is 70% of them are WordPress websites. It is because most have installed WordPress and leave it in Auto-Pilot mode. Things start to turn ugly if you are doing this.

a. If you have decided to use the WordPress website, you need these skills like adjust the php.ini, restart your web server to address the changes if you have a VPS. For Shared Hosting users, you might need to address this through .htaccess or a custom php.ini, for example, time-out error when you are trying to upload a file through WordPress. Contact your web host if necessary.

b. Load only the plugins are needed. Not the more the better. A plugin uses resources like memory and processing power. They can slow down your website. This is bad for your visitors.

c, Compress your image. Do not use a large image with very high DPI. They will greatly slow down the loading time of the page and website. Keep it low enough resolution and still details enough on a computer screen.

d. Always protect your wp-admin login. You can use Sucuri Firewall Pro or Wordfence to protect any unauthorized login attempts to your wp-admin page. Remembered, you are using opensource CMS, anyone can download. The admin login URL or path is known to all. Thus, brute-force login using an automated script is possible and this is happening to all WordPress websites.

f. Update the WordPress and its plugins as soon as there are new releases. As they are opensource, it is vulnerable and especially you do not have any protection. If you are unable to spare the time to monitor and execute this, I will suggest you look for an alternative CMS. Frankly speaking, all opensource CMS has this nature in common. They are vulnerable and hacking is always possible. Tus, protection like Sucuri Firewall Pro is a must.

g. Backup your WordPress website, as often as you made changes. The backup will restore the website in the event if the website is hacked or any incompatibility of plugins. You never know when you will need them. But a backup can save you from a lot of works.

Control panel providers have made life easier to install WordPress into your website. Yes, it is not difficult to install. The problems will start to come when you are maintaining it. In my opinion, it is easy to start but not straightforward at all to maintain it or choosing a right platform isn’t easy. I have seen most WordPress sites are slow. There are a few plugins may help by implementing caching. Again, if you are working with limited resources, you have to avoid heavy plugin like woocommerce for example.

How to protect your email account

We are using our email account to communicate with peoples, coworkers, friend, or business associates. The emails you have sent is representing you, I’m sure you do not want to see they are abused, and impersonating your identity. The truth is these are happening every day. Email accounts from someone are sending Spam, send unwanted email, email that impersonates any financial institutions asking for banking details. These emails are normally from compromised accounts or look similar domain names to trick you.

It’s not surprising that you have received these email. Me too, it’s common to see this type of emails not filtered even your best anti-spam email gateways. There are a few rules to follow can protect your email accounts.

  1. Bruteforce attack is common today. If you have the choices to use a unique username. A common username like sales, support, customerscare, and similar, are targetted. For example, your name is John Tan, avoid using John as the username but john.tan. This can minimize the risk of successful guessing from a hacker.
  2. Always use strong Passwords and update them in 3 months interval or shorter. A strong password consists of capital letters, small letters, number and symbol. I recommend at least 10 characters long.
  3. Use latest anti-virus definition to scan your computers and smart devices for any malware periodically.
  4. Careful emails with links and attachments, never respond to unknown or suspicious emails. Click on links may indirectly infect your computers. Attackers can send you emails with attachment with malware. Scan them,  and do not open these attachments.
  5. Avoid logging in to public and not personal devices to check emails. This will increase the risks that your credentials stolen by bad guys.
  6. Quite similar to point5, do not connect to an unknown or public network to check your emails.

Actually, these apply the same to many areas. If you are adhering to these rules, your risk of having your email account to be compromised has greatly reduced or even not possible.