cicinimo.ga

Archive for the ‘Uncategorized’ Category

WordPress Security Tips and Hack Defense

Friday, September 15th, 2017

From WordPress core, theme and plugin safety, to user name and password best practices and database backups.

Other topics to consider include:

  • layered security measures like using the .htaccess file to enable or disable features
  • limiting file permissions
  • black listing and white listing IPs
  • disable file editing
  • using HTTPS

WordPress Security
If you run a large commerce site and it gets hacked, you can lose valuable customers and of course, money. Web hosts are likely to suspend accounts that are hacked taking your site offline. You don’t want to waste your time patching up a site after hacks or paying hosting when your site is down.

Why is WordPress so successful?
WordPress is the world’s most popular content management system now powering 20% of all websites. It’s success is due to its intuitive interface and the fact that its free and open source. Its features provide endless options for extending functionality through the addition of plugins and the ability to customize your site with themes and widgets. With thousands of paid and free themes and plugins available on the web, the option to create a site that is both functional and uniquely yours is virtually limitless.

Why is WordPress exposed to attack?
These same features are the most common ways that we expose our sites to attack. Because WordPress is open source, anyone can easily explore the core code or search through any of the most popular themes and plugins for hacks. These are items of WordPress that are out of your control.

Your host and WordPress hacks
Unless you pay big money to have your own server for web hosting, you also can’t control the hosting environment your website is run on.

Brute force attack
A brute force attack is also something that is out of your control. While you can’t always stop them, you can put into place measures to limit the damage and make it difficult for someone to successfully hack your site. Even tech giants like Microsoft, Apple and Amazon have had their security breached. No site, WordPress or otherwise, is completely secure. What you must do is recognize where weakness exist and create extra layers of defense to protect your content in the event your site is hacked. Use as many common solutions as possible to help manage the weakening of your site through human error.

A brute force attack can last months and involve thousands of servers world-wide. All hosting providers who offer WordPress are potential targets Hackers use compromised servers and PCs to hack websites’ administrator panels by exploiting hosts with “admin” as account name, and weak passwords which are being resolved through brute force attack methods.

4 Points of Vulnerability
1. host security breaches
2. out of data WordPress core
3. unsafe plugins and themes
4. brute force attacks

Managing your WordPress powered site well is the most valuable security tool available to you.

  • speed
  • options
  • services
  • security
  • backup solutions
  • control
  • server type
  • price point

Choosing WordPress to power your site means WordPress is the foundation of everything on your site. The fact that it is free and open source carries many benefits. But with each update, the exploits of the previous version are made available to the public making previous versions more susceptible to being hacked. Employing backs security through obscurity tactics, you can remove or hide the version number of your WordPress installation from displaying. You can even choose a more simple solution with plugins to hide the version number. This may deter a bot from attaching to your site, but this does not patch holes in older versions of WordPress. Only updating your WordPress installation as newer versions are made available will remove the published exploits.

Updating WordPress is simple (since version 3.7 was released with automatic updates)
In previous versions of WordPress a new version banner would display in your dashboard whenever there is an update available. Now WordPress installs will automatically update to new minor versions without you having to lift a finger. Minor versions are usually for security updates. You will, however, still need to update for to new major versions.

To update WordPress

  1. First things first! Backup your WordPress.
  2. Dashboard
  3. Updates

The biggest threat to your site
The quickest way to compromise your site includes adding poorly, maliciously coded or out of date themes or plugins from untrusted developers or sites. Due to the open source nature of WordPress many themes or plugins are distributed under a GPL or GPN (General Public License) licenses. So its easy for themes and plugins to be forked and redistributed on free WordPress theme and plugin sites with the addition of hidden or malicious code. This code can be as simple as exposing a virus or as serious as exposing your visitors to identity theft.

Before downloading a free theme or plugin:

  1. Research the author and only download from the authors site or the WordPress depository
  2. Ask advise at WordPress.org/support
  3. If you are going to use free trusted plugins or themes, check the version number compatibility listing and verify that the plugin or theme is still being supported and updated. Many themes or plugins are slow to receive updates or are simply abandoned.
  4. If you don’t use it, lose it. If you are not using a theme or plugin, delete it.
  5. Use paid supported themes and plugins (not free).

Experience shows that nearly all WordPress attacks could be defended against and defended by simply using safe, up to date and trusted plugins and themes.

10 Tips To Speed Up Your Magento Applications

Friday, September 15th, 2017

In addition to being written in PHP, Magento is also designed as a flexible ecommerce platform. You can use Magento to easily customize the look, functionality, and content of the web store. Also, you can speed up ecommerce application development by availing robust tools provided by Magento for search engine optimization, digital marketing, and catalogue management. However, you must not forget the simple fact that most customers will abandon the ecommerce website if it does not load in 3 seconds. Hence, you must explore ways to speed up the Magento application to keep the users engaged and convert them into customers.

10 Simple Tricks to Speed up Your Magento Ecommerce Application

1) Implement Caching

You can easily speedup the Magento application by implementing a variety of caching. The caching mechanism will reduce load on the server time and decrease server response time. The ecommerce platform comes with built-in caching modules and supports third-party caching solutions. Hence, you can easily implement browser caching, page caching, and expire headers. Likewise, you can install and configure cache by using robust tools like APC, Redis, Memcached, and Varnish.

2) Use PHP Accelerator

Magento is written in PHP. Hence, you can easily increase the performance of PHP scripts by using tools like eAccellerator, APC, and Xcache. These tools speed up PHP script execution by implementing a specific form of caching. The caching mechanism caches the PHP scripts in their compiled speed and increases the performance of the ecommerce application.

3) Enable Flat Catalogue

Magento stores the customer and product information based on the entity attribute value (EAV) model. When you enable flat catalogue, the product or customer data will be merged into a single table. The merger will make the application respond to MySQL queries faster. Hence, you can easily enhance the performance of the Magento application by enabling flat catalog for products and categories.

4) Enable Magento Compilation

While loading a page, Magento searches for application files in a specific order. Hence, it needs to read additional filesystems each time a web page is requested. You can easily reduce the number of filesystem reads through the complication feature provided by Magento. The feature will copy all application files into a single include directory, and cache the files which are used more frequently. You can take advantage of the compilation features to enhance the loading speed of the Magento application significantly.

5) Clean up Magento Logs

Magento saves the log files up to 180 days by default. If you do not clean up the logs frequently, the size of the database will keep on increasing. You can always control the database sizes by cleaning up logs at regular intervals. Magento further allows you to enable log cleaning and change save log days. You can simply change the configuration to clean up the logs automatically on schedule.

6) Remove Unused Modules and Extensions

You can easily add functionality to the Magento applications by using varying modules and extensions. But each extension affects the performance of the ecommerce application adversely by running additional HTTP request and loading extra CSS and JavaScript files. Hence, you must check the usage and relevant of the extensions included in the web store. You can easily enhance the application’s performance by disabling the unnecessary and unused extensions using your Magento admin account.

7) Use Content Delivery Networks

As a system of distributed servers, a content delivery network (CDN) loads web pages based on the current geographic location of the user. It stores a copy of the website on shared servers and delivers website content to the users from his nearest server. You can always increase the speed of ecommerce website by delivering static content through CDNs. You also have option to choose from an array of CDNs according to the precise needs of your Magento application.

8) Use GZIP Compression

You can easily increase the loading speed of the ecommerce application by compressing the content delivered to end users at both client and server ends. GZIP compression makes it easier for you compress the content at the sever level. Hence, the server delivers compressed content to the browsers faster. In addition to making network transfers faster, the GZIP compression also reduces the amount of bandwidth consumed by the Magento application. You can easily enable GZIP compression by adding a code snippet to the .htaccess file.

9) Optimize Images

Images constitute over 50% of each ecommerce application’s page speed. Hence, the size of the images will directly impact the speed of your Magento application. You must optimize images to make the load faster and enhance the performance of your web store. You can optimize the images in a number of ways. You can use robust tools like PhotoShop to optimize the images before uploading. At the same time, you can also use extensions like TinyPNG or Compressor to optimize the images automatically.

10) Merge and Minify CSS and JavaScript

Often JavaScript and CSS increases page loading time by sending additional HTTP requests to the web server. You can reduce the number of HTTP requests sent to the server by combining the JavaScript and CSS files. Magento provides specific options to merge JavaScript and CSS files. You can simply enable the option to combine the JavaScript and CSS files automatically. Also, you can use specific extensions provided by Magento to minify the JavaScript and CSS file. These extensions will increases your website speed significantly by removing whitespace from the coding.

You can always use the latest version of Magento to avail several new features and performance improvement. Likewise, you also need to select a reliable and fast web host to maintain the performance of the ecommerce application over a longer period of time. Most of the checks have to be done from the beginning, i.e. during the phase of Magento application development. But the performance of the Magento application will keep diminishing as you add new product catalogues and integrate third-party APIs. That is why; you must monitor the speed of your ecommerce websites consistently. You must identify and fix all performance issues in the website to enhance its loading speed and user experience.