Everyone who is running the website is asking the same question – how to protect it from hackers. And that is obvious, as no one wants to take the risk of their business, and take clients under the risk. Due to the fact that WordPress is one of the most popular platforms for website development – the question related to the safety of a given platform is really common.
First of all, there is a need to talk about the statistics, here are the most popular situations, due to which sites are being hacked:
- in 41% of cases websites were hacked because of the vulnerability of account hosting;
- 29% of websites had been hacked because of security issues in the WordPress theme;
- in 22% of cases the issue was in the WordPress Plugins;
- and only 8% of websites had been hacked because of weak passwords.
As we see, there are different reasons which influence the security of the website. In any case, it is always better to predict the situation, than to solve the problems. In this article, we are going to talk about ways of protecting the website from hackers attacks.
Place the website using a reliable hosting provider
This is obvious, that hosting provider is one of the most important things when we are talking about safety and good performance. There are a few main issues, which you should take attention at, choosing a hosting provider:
- support of the latest versions of PHP and MySQL;
- usage of the latest versions of the software;
- regular antivirus scanning of the websites;
- automatic backups of the websites.
Update WordPress engine on a regular basis
Each system is being updated on a regular basis, and WordPress is not an exception. Updating the programs is crucial for ensuring safety, deleting possible defects of the systems and to improve performance. Taking into account the fact that the safety and performance of WordPress influence the productivity of the business.
Use only trust-able plugins and themes for the WordPress
As mentioned before, in 50% of cases websites are being hacked because of usage of not trust-able plugins and themes for WordPress. That is why it is crucially important to think pragmatically before uploading new plugins if there is no real need in that action – our advice is to not set it up. In order to protect the website, there is also a need to check the theme and quality of the template code.
Use the correct access rights
In order to minimize the possibility of hackers attack, there is a need to set up a few options:
- all folders should have right 755 or 750;
- all files should be 644 or 600;
- for the wp-config.php right 600 is required.
Make sure that hosting provider is able to provide you with support, and set up all required rights for you.
Use non-trivial prefixes in the database tables
By default, prefixes in the WordPress database are wp_. And of course, everyone knows about that, including hackers. That is why making them more complicated is crucial for engaging security. There is a possibility to set up custom prefixes, during the installation process. In case if the installation process is over, and you are left with the standard set of things, then you can change it in wp-config.php and in the database.
Protect your website through the .htaccess
Not everyone knows, but file .htaccess is a very strong instrument, which is working with different service settings. With its help, it is possible to not let the review of website directories, trough browser. In the same time, protecting all the files and folders, located in the WordPress settings.
Change the login and password on the periodical basis
Everyone receives notifications regarding the need for changing the passwords on a regular basis, but a lot of us do not take it seriously. That is the nature of the human being, we all act the same way, and only after being hacked we take it more seriously. Many companies force their employees to change all the passwords on monthly or at least quarterly basis. They simply cannot log in with the old password, after some period of time. This practice ensures the security of all the data, stored on the company servers, and decreases the risk of hacker attacks. Try to apply this practice in your company, and ensure the safety of a business.
Use additional protection during authorization
For sure, changing passwords on a regular basis increase security of the website. There is one more important rule to follow – apply double authorization for the login page. The weak passwords make hackers find access to the website very quickly, using automatic systems of password picker. More complicated passwords increase the chances of not being hacked immediately. While the additional level of authorization ensures that you will be informed immediately after the third person is trying to log in into the website.
Protect the website from spam comments and regularly check whether you are not in the blacklist
It is extremely important to not let spammers and robots to comment under the posts, as it can be the reason for the bad reputation of the website. One of the most popular plugins, which is able to help you with this issue – Akismet.
Quite often it happens that you do not know that you have actually been hacked. They are silently adding the bad script to the settings, sending spamming letters, which in the result may cause you being in the blacklist. As we all know, being in the list of bad websites decreases the number of visitors, shows you on the lower level in the google search, and cause many other unpleasant things.
Use plugins for website protection
If you want to make your website even more secure, and to spend too much time on all actions described above – use plugins, which provide you with complex support. For example, Wordfence Security, scans website on the case of damaging codes or viruses, for free. Acunetix WP Security checks the website weak sides and suggests methods of solutions. In order to get the maximum effect, and ensure an even higher security level – use the methods, described in the article, together with the plugins which are going to scan the website.
There are a few more cases, which can ruin even the perfectly performing website: Duplicating of the content
There are two types of the duplicates, which are being used on the website, copied content from another site and inside duplicates. It is a well-known fact that plagiarism is damaging for each website, it places you lower in the search engines and decreases the number of visitors. In the same time, not everyone knows that the same fragment of text inside the website is causing the same effect. So, if you want your website to be successful – never allow any kind of plagiarism and duplicates.
The bad URL structure of the website
URL can do both, make the website successful and play the worst joke with its owner. Of course, URL is being generated by the default, but still, there is a place for custom settings. In order to make the website even more successful – the URL should be short, easy to remember, have a clear structure and everyone should be able to write it from the memory.
No description on the category pages
It is really important to add a description to each category, located on the website. It gives a clear vision to the visitor on what is going to be described on the page. Additional to that, it increases the unique content on the website, decreases chances of the duplicate content, which generally improves the status of the website.
We have described the most popular mistakes, which can run the website to crash and increase the chances of hackers attacks. In the same time, we provide you with an impressive amount of pieces of advice, thanks to which you may be sure that your WordPress website will be safe and perfectly performing. Years of successful experience, provided us with all the knowledge, we are happily sharing with you! Aren’t sure yet, what is the best way of running the business? Contact us! We are always glad to consult, support and provide your business with the best solutions.
We’re very excited to tell you all about the improved website creation UX in Plesk, and why we invested in making it even better in 2021. Let’s face it, creating a website in Plesk was never hard. Type in your domain name, fill in a few details, and bam! In a matter of seconds, your website was ready to go.
Easy as pie, right? Well, turns out, that the procedure was not as clear-cut for new Plesk users. Some of them got frustrated and left without discovering the many benefits Plesk could bring them. A real bummer, and a lose-lose both for us and for them. We had to fix that. In this article, I will walk you through the revamped website creation workflow, and also tell you about the customer pain points these improvements aim to solve.
New website creation workflow
Challenge: How can I create a new website or add my own website in Plesk?
Despite the seeming simplicity, the previous website creation UX had a major flaw. It hid all the options that Plesk offered when creating a new website.
Specific situation: one of our partners told us that four out of five new clients they get migrate existing websites from different web hosting services to Plesk. Plesk comes with the ‘Site Import’ tool for just such a job. However, the partner didn’t know about it and therefore chose to use a third-party solution.
Many other cool Plesk features fared no better in terms of discoverability. New customers did not know that they could upload content easily with the File Manager, pull files from a Git repository, or use our Toolkits (for WordPress, Joomla!, Laravel) to create and manage websites within the snap of a finger.
Thus, our main goal was to clearly show the customers all available options, and make it so that right after website creation they could easily select the desired functionality and thus hit the ground running. The available options depend on the installed extensions, and their visibility can be controlled via the panel.ini configuration file. I will talk about this in more detail later in this article.
Let’s say I need to create my own WordPress website so that I can blog there instead of writing articles for the Plesk Blog. Gotta develop that personal brand! For that, I have chosen the ‘WordPress site’ option.
Challenge: What if I don’t have a registered domain name?
So, the next screen is similar to the old one, just waaay better.
First, I need to type in the domain name of my website. But what if I don’t have a domain name yet? Where can I get one? What if a domain name isn’t important to me at this stage? Can I continue and assign one later? What if I want to quickly show a potential client that my hosting environment can host a Laravel website?
The answer is: “Use a temporary domain name, courtesy of Plesk“.
Plesk automatically generates a free domain name in the .plesk.page DNS zone you can use as a placeholder. We handle all the icky technical stuff like DNS resolving so that you can get on with your work. On top of that, your temporary domain name uses HSTS and is automatically secured by a free SSL certificate from Let’s Encrypt. Your website becomes available on the web right from the get-go, no waiting time needed!
One more important note: previously, you had to enter all required credentials by hand before a website could be created. To speed things up, Plesk now pre-generates system users’ credentials. You can see what they are or change them at any time – just click ‘Connection Info’ on the domain card.
As I haven’t registered my own domain name yet, I choose the temporary domain and click ‘Add Domain’.
Challenge: What’s going on behind the scenes? What does Plesk do for me?
Okay, it’s doing something… but what exactly? Here’s what the process looked like before:
Who doesn’t like staring at spinning activity indicators? Well, everyone, actually.
So, now we give you a glimpse backstage by adding concrete steps with progress bars:
Challenge: What should I do next?
As I chose to use WordPress for my future blog, right after creating hosting for my website Plesk takes me to the WordPress installation screen. What do I need to do next? Click the ‘Install’ button, and that’s it!
No need to scour the interface in search of the desired functionality.
You can see detailed progress of what’s going on under the hood:
Finally, I am taken straight to the WordPress dashboard. Here I can configure and manage the newly created website (which is already available on the web, mind) to my heart’s content.
And it only took a couple of minutes, from start to finish!
Customizable creation options
Last but not least: every option you see is configurable.
You can leave the desired website creation options and hide the others by modifying the panel.ini configuration file. You can disable all options except one.
For example, if you are a WordPress hoster and only ever create WordPress websites, leave only that option available and hide the rest! In this case, the screen with the different website creation options is skipped and the users are taken directly to creating a new WordPress website. Pretty nifty, right?
What if you don’t need to see these options? Disable them altogether, and the world (or at least your Plesk server) is your oyster.
Here is the list of available panel.ini options to customize the website creation process in Plesk:
|Creation option||panel.ini (control option)||Description|
applicationWizard.blankSite = false
|Disables the blank website (skeleton) creation.|
|Deploy using Git||[ext-git]|
enableOnSiteApplicationWizard = false
|Disables the option to pull the files from a remote Git repository.|
enableOnSiteCreate = false
|Disables the option to import a website from another hosting server.|
enableOnSiteApplicationWizard = false
|Disables the option to create a Joomla! website.|
enableOnSiteApplicationWizard = false
|Disables the option to create a Laravel website.|
|New ‘Add Domain’ screen||[domainManagement]|
applicationWizard.enabled = false
|Disables the new website creation screen in Plesk. A blank website will always be created by default.|
applicationWizard.uploadFiles = false
|Disables the option to upload files using File Manager after website creation.|
enableOnSiteApplicationWizard = false
|Disables the option to create a WordPress website.|
To sum it all up: when we make changes to Plesk, the goal is always to solve real customers’ pain points.
With the website creation workflow redesign, we brought more clarity, showed all possible options, tools, and ways of creating a new website, and simplified the process as much as possible.
We hope you like it!
And we hope that Plesk helps you spend less time working, so that you may spend more time with your family, engage in a hobby, and relax.
As always, we’d love to hear your feedback! Have you tried the new and improved website creation process? What are your thoughts? Let us know at [email protected] or in the comments section below.