Top 10 Tips to Secure Your WordPress Website in 2018

In the past couple of years, the number of Internet users and bloggers has increased tremendously. As WordPress is easy to setup and configure, it has become one of the most popular and widely used applications by bloggers. Due to this popularity, WordPress is now the favourite hang-out spot of hackers. Every day, some scary report about a major site being hacked or a sensitive database being compromised hits the web, and freaks everyone out.

But it’s not only about how to secure WordPress website from hackers, it’s first important to know why should I secure my WordPress site? What are the odds that someone is really going to try to hack me?

Doesn’t it concern you that you might be hosting hidden links to Viagra sites or Google is flagging your site as malware-infected? Hmm. Let’s tell you the gravity of security threat you’re facing. Consider the following:

  • It’s not terribly difficult to determine if a site runs on WordPress or not.
  • If a site runs on WordPress, appending the domain with wp-login.php will almost always take you to the login page (even if it’s not linked anywhere on the site).
  • Because ‘admin’ is the default first user name, most WordPress-powered sites use it and that user name has full administrator access.
  • Thus, for most WordPress websites, the security of the entire site is literally only as strong as the admin password.

A little frightening, no? Let’s try to scare you a little bit more. Every day, there are almost 50,000-180,000 unauthorized login attempts on the WordPress hosted sites. The vast majority of these are hackers using brute force techniques (trying millions of combinations of usernames & passwords) to get into websites and wreak havoc. It is possible,perhaps even probable, that a hacker halfway across the globe is trying to hack into your site at this very moment.
Now that you realize how vulnerable your website is, here is a chicken-scratched list of how to secure a WordPress website from hackers and while we are at it, let us guide how to protect a WordPress website from malware too.

1.Maintain strong passwords

Let’s kick off the list with the easiest step you can implement immediately. If your current admin password is ‘password123’ or something remotely similar in its simplicity, then you have a serious issue. You might as well have a flashing neon Welcome! sign for hackers hanging in your website’s front window.

We suggest that you use strong passwords which include upper/lower keys, numbers and symbols. Something like rockSTAR19!@ or $h@ruKh r0ck$ is a great example of a strong password. As aforementioned, most hackers try to brute force the password so if your password is as strong as we suggested earlier, you should be fine.

2. Keep up with updates

Second crucial step is to make sure that your blog’s version is up to date. The WordPress team creates patches to help fix security holes. But, will WordPress always be one step ahead of the hackers? Of course not. Quite the contrary. For the most part, as with detecting terrorist attacks by our government, software is always going to be one step behind the hackers.

But when major security holes are known and patches are available there is no excuse not to implement them. Thus, keep a tab on WordPress updates. The same goes for WordPress security plugins and themes.

3. Clean your site like you clean your kitchen

Now that you’ve got the latest plugins and updates why not get rid of the old ones? You wouldn’t leave dirty dishes and silverware sitting in stale water for three days in your sink would you? Of course not. It would be a breeding ground for filth and muck. If you have old themes and plugins that you’re not using anymore, especially if they haven’t been updated, you can basically just go ahead and start the countdown to your next security breach. A messy site also makes it much more difficult for security professionals to operate should your site be compromised.

4. Create Backups

Make it a habit to  backup your blog and database at regular intervals and do not depend upon your WordPress hosting company’s backups as it might be possible that the backup they have contains the hacked data. (If the backup ran after your blog was hacked). You can do this manually or use an available plugin.

5. Rename the administrative account

When WordPress is installed on a System by default; it sets username ‘admin’ as the administrator of the blog. For better security it’s not suggested to use ‘admin’. After installation, you can create a new user with administrator rights and delete ‘admin’.

But remember that it isn’t the pinnacle of security measures. Hackers can find usernames fairly easily from blog posts or elsewhere. More important than disguising the specific admin username is to make sure that every username of your site with administrator access is protected by a strong password. (Yes, we’re referring you back to #1 in this list.)

6. Firewall Plugins

There are a few plugins that scan suspicious-looking requests based on rule databases and/or white-lists. For example, ‘WordPress Firewall‘ plugin uses some WordPress-tuned pre-configured rules along with a whitelist to screen out attacks without much configuration.

7. Change the WordPress table prefix

The default table prefix for wordpress is wp_ . We know it, you know it and so the hacker does too. SQL Injection attacks are easier with the default table prefix because it is easier to guess. Changing your database table prefix is highly recommended and you can do it using any of the wp security plugins.

8. Secure wp-config.php

Wp-config.php is important because it contains all the sensitive data and configuration of your blog and therefore we must secure it through .htaccess. Simply adding the code below to the .htaccess file in the root directory will do the trick.
# protect wp-config.php

<files wp-config.php>
Order deny,allow
Deny from all

9. No directory browsing

It’s not a good idea to allow your visitors to browse through your entire directory. This is an easy way to find out about directory structures and this makes it easier for hackers to lookout for security holes. In order to stop this, simply add the piece of 2 lines in your .htaccess in the root directory of your WordPress blog.

# disable directory browsing
Options All “Indexes

10. Block WP- folders from being indexed by search engines

Search engine spiders crawl over your entire blog and index every content unless they are told not to do so. We do not want to index the admin section as it contains all the sensitive information. The easiest way to prevent the crawlers from indexing the admin directory, is to create a robots.txt file in your root directory. Then place the following code in the file:
User-agent: *
Disallow: /cgi-bin
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: */trackback/
Disallow: */feed/
Disallow: /*/feed/rss/$
Disallow: /category/*

11. Preventing SQL Injection & URL Hacking

WordPress is a database-backed platform that executes server-side scripts in PHP. This makes WordPress vulnerable to malicious URL insertion attacks.

In a SQL injection , hackers embed commands in a URL, and gain access to sensitive information of your site. Other versions of URL hacks can trigger unintended PHP commands which, again, can lead to injecting malware or revealing sensitive information. So how do you prevent such attacks?

Simply copy and paste the code below to your .htaccess in the root. It works like a charm.

# protect from sql injection
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

12. Prevent Brute-Force Login Attempts

Hackers often rely on automated scripts which make numerous attempts to log into your WordPress administration page by trying thousands and millions of combinations of usernames and passwords. Remember the stat we cited to frighten you? It’s worth citing again: Every day, there are almost  50,000-180,000 unauthorized login attempts on the WordPress hosted sites.

Before you pass out at the magnitude of that number, know that you’re far from powerless against these nameless, faceless hack attempts.

First, go back to step #1 on the list.

Second, install a login limiter for WordPress. A login limiter can essentially block or quarantine an IP address or username which tries and fails to send login requests above a threshold rate. For example, a login limit of 10 attempts per 5 minutes can be backed up with a penalty timeout of 1 hour. A WordPress plugin which lets you enforce a login limiter is iThemes Security.

Over to you!

Remember, steps above are not the only security safeguards you should be considering, but they are a well-rounded start, especially for those who may have trouble implementing the basics.Take action on these tips and you’ll have the essential WordPress security measures in place.

Originally published on ZNetLive Blog- 


5 Best Free WordPress Themes for Business Blog/Website

Whether you are a small business or large company, you just need to showcase your products and services to end customers. And in this digital era, you can easily do this via making a strong online presence. So, for doing that you need a good looking and well optimized website that can help you market your business and build your brand.

To help you get going right away, have prepared a list of the best free WordPress themes for your business. Get started with your business blog/website, and make it look correct with these free WordPress themes.

Shapely: Shapely is a robust and accomplished WordPress theme with excellent style and great functionality. It is the foremost advanced free WordPress theme in the market with the vast customization options. This theme comes with many homepage widgets which can be accustomed add portfolio, testimonials, optical phenomenon sections, your product or service pages and much more. It is also mobile friendly and responsive that makes it perfect from business point view.

This theme is well suited for business, landing page, portfolio or any other creative websites with its distinctive one page setup. Also, it is SEO friendly that will help to attain the best search engine results.



Download Click To Preview Get Hosting

Himalayas: Himalayas is one-page style responsive WordPress business theme. It has a lovely layout to best suited with all types of business.

Himalayas basically offers everything that you need for one-page theme. You name it: a beautiful full-width slider, transparent sticky menu, search box on top, about section, Call to Action section, services section, portfolio section, our team section, blog section, contact us section, footer widgets, social icons and many more. All this features are present in this theme. This is not a premium theme; it is a free theme that has all the features of premium theme.


Download Click to Preview Get Hosting

Ascendant: Ascendant is a multipurpose WordPress theme suited to creating any kind of website. It comes with an enormous array of feature that may allow you to create many various forms of content– from portfolios, to services and team members.

This theme is very nice for designing event-oriented websites and agency pages. You’ll be able to make the most of the member practicality to showcase individuals on your organization, and add testimonials to boost up social proof. Ascendant is totally responsive, and can adapt to the screen size of any device. Your content will be handled graciously and can shine on each manner attainable.


Download Click to Preview Get Hosting

Illdy: Illdy is a multipurpose WordPress theme based on Bootstrap front end framework which is fully responsive and mobile friendly. This theme is appropriate for business, landing page, portfolio or any other artistic websites. This leaves heavy lifting to WordPress Customizer therefore you can create your website on live preview mode. This is the most flexible WordPress theme and it is completely free to use for private and commercial websites.

Illdy works with most popular free and premium WordPress plugins such as Contact Form 7, Gravity Forms, Yoast SEO, Jetpack, WP Super Cache, NextGEN Gallery and soon with WooCommerce. It has SEO friendly environment which will help you get the highest rankings on search engines. This theme comes with full screen background image and parallax scrolling enabled sections for sleeker user experience.


Download Click to Preview Get Hosting

Vega: Vega has three built-in color schemes: Blue, Green and Orange. You can choose any one color which will change the complete website’s color in a single click. In addition, there are multiple blog layouts to display blog articles on your site. As the business owners, you may need to share your latest products, strategies, stories etc. for the website visitors. Vega theme provides you multiple layouts for your blog page. Vega is fully responsive that looks great on any device. Hence, it is a contemporary theme for the smart people.


Download Click to Preview Get Hosting


Now what is left? You have gone through the best WordPress business themes, it’s time to take a step ahead by choosing a web hosting service for your blog/website, and what could be better than having WordPress hosting for WordPress site. Stop thinking, get best hosting for WordPress from here – managed WordPress hosting.

How to change your website’s domain name without losing Google rankings

image-for-move-your-domain-to-new-site-without-effecting-SEO-540x180-17 simple steps to move your site to a new domain name without losing your Google ranking

“Remote as it may sound right now, .coms could well be out of fashion by 2020, shifting a lot of consumer energy–including advertising budget–toward the new suffixes (gTLDs).as per the report Internet 2020″: An Analysis of How New gTLDs Will Transform the Internet.

New gTLDs’ are trending, more so than .COMs, and this new boom in domain names has opened a way for many businesses to rename their websites with more memorable, relative and brandable domain name.

Are you too planning to change your current domain, but scared of losing out on your SEO rankings? Don’t worry! In order to help you out, I am here with this seven step guide to help you shift your website to new domain with same SEO rankings.

We’ll follow Matt Cutts advice on shifting your site’s domain “Move the site in stages by moving sub-directories and examine how Google ranks the new domain”.

So we’ll take small baby steps to shift our site to a new domain name:

1. Purchase a new domain name

First step in the process is to buy a domain name for your website depending on which category it belongs to and getting it registered with the web hosting provider.

2. Prepare a holding page for your new URL

This should be the immediate step as you cannot just park your newly chosen domain, so create a single page with new URL structure so that Googlebot recognizes it as a real site and not just a parked domain.

Moreover it is your communication portal with people searching your site, where you can let them know that you have moved on to new URL/web address.

3. Plan a URL mapping

If you want Google or search engines to index your content under new URL and to rank this new URL in their search results, then generate a list of old URLs by searching into the sitemaps and of the URLs that get maximum traffic by checking your server logs or analytics software.

Finally, map these selected URLs to your redesigned site – the new destination.

4. Prepare your URL for 301 redirects

It is an amazing method of notifying search engine spiders and visitors of your permanent web address change. Redirect your old URLs to the new URLs correctly.

The 301 permanent redirects is considered as the most search engine-friendly method of redirection to the new domain address. However implementing a 301 redirect may vary depending on the server environment and language that you are using.

5. Test some part of your content

It is not wise to transfer all the content of your site to the new domain at once. So apply 301 Redirect for each page which you plan to move from old site to new site separately and conduct a check whether it is appearing in the search engines or not.
This will help in identifying issues which your site will face while redirecting it.

6. Create remaining pages and transfer all the content

As discussed above, transfer all the content to the new web address by using 301 redirects. But before going LIVE, do check that all the content has been redirected to the new page. Also check for the missing links and ensure that all links are working as they need to. This can be done with Xenu’s link sleuth –the link testing software.

Once you are sure enough that all the content (titles, descriptions) and links of your old site have been transferred to the new site, make your website live.

Note: Update both external and internal links coming to your site.

7. Add your new website to Webmaster Tools account

Use Google Webmaster Tools’ ‘Change of Address Tool’ to intimate Google that your site has have moved to a new domain name. Create XML sitemap and submit it to the webmaster tools. Also check for the crawl errors with the help of this tool to ensure that 301 redirects are functioning properly.

Also, do not forget to update your email address when your site is up and running on new address.

With these above- mentioned tips, you’ll surely retain your SEO rankings on moving your website to a new domain name.


Which is the best cloud data storage solution for your business?

which-is-the-best-cloud-data-storage-solution-for-your-business )

One of the biggest challenges which organizations face today is managing the data. Data is the lifeblood of every corporate, including web hosting, and as such it should be secured and protected. Storing, managing and distributing data to ensure its availability is imperative.

Running applications, maintaining high traffic websites, backing up documents, databases or emails – each and every process needs a lot of storage. Not only this, but when your organization grows, its urge for data storage also increases.

The traditional dedicated storage mediums like hard disk racks lack the required competency in managing the dynamic organizational data. Building and managing your own storage repository can not only be expensive, but time consuming. How?

  • Any additional storage space requirement would mean investing more on hardware.
  • You will need dedicated staff to manage the complex structure.
  • Predicting the future storage requirement will be difficult.
  • If the prediction goes wrong, you can land up in either running out of storage space or under-utilization of capacity, which may result in your hardware sitting idle in the datacenter.
  • Most importantly, in ground storage repository, backing up data is a complex process.

So, what is the solution to all these data storage issues?

May be a technology that allows you to store data on a virtual platform, is available on-demand, protects and create backup for your data automatically and makes you pay only for what you use. Yes! We are talking about the Cloud technology.

Cloud data storage solutions are revolutionary solutions as they store data remotely, maintain it, and create automatic backups for future reference. The users can store their files online and access them from anywhere, anytime through the internet. Here, the cloud backup service provider keeps the copy of the data on an external server, so that the users can access it easily. A number of cloud storage options are available in the market.

Let’s take a look at what they are and how they store and manage your data.

1. Microsoft OneDrive

A powerful cloud storage solution by Microsoft- OneDrive offers every possible means of data storage and management.

  • Easy accessibility
  • Device compatibility
  • High collaboration

2. Google Drive

Google Drive is the Cloud storage solution by Google. Running on both free and fee based structure, it also stands as a good cloud storage solution.

  •  Free storage
  • Store & share
  • Everywhere accessibility

3. Amazon Simple Storage Service (S3)

It is a simple to use web service interface and object storage platform for developers and IT teams to store data in a highly safe and secure way.

  • Store data and files
  • Highly available data
  • Secured data storage platform

You can easily get started with Amazon S3 storage, by simply creating an account and creating your bucket. You pay for only what you use.

4. Azure Storage

Azure Storage is the next-gen cloud storage solution for contemporary applications which require highly available data with high scalability.

  • Offload heavy datacenter management
  • High scalability & flexibility
  • Multiple storage

Thus, Azure cloud storage platform stands as a comprehensive storage solution for meeting application storage needs.

How ZNetLive helps you manage and protect the data?

Our cloud offerings come with durable and highly available data storage solutions mentioned above. In addition to all above, our Virtual Private Cloud is specifically designed to offer a private cloud environment for your data and applications within a public cloud. As such, you get a high data security within the VPC, with encryption chip and private IP. With VPC, you get your private cloud environment which can be accessed and used solely by your organization.

Read full article

Simple Tips To Secure Your WordPress Blog/Website


With the growing hacking attempts, here goes some simple but useful tips to secure your WordPress blog /sites.

Tip 1 : Don’t use ADMIN as the user name

Use a completely random username with the administrative rights. If you are using admin as the username for the administrator login then you are just giving the main entrance key to the hacker.

Tip 2 : Use Strong Password

Make it complex. Use the combination of upper case & lowercase letters, numbers along with special characters. The weak passwords can be easily cracked by the ‘Brute Force’ attack. Change your passwords often.  Don’t use simple passwords like password, 123456, 12345678, abc123, qwerty, etc.

Tip 3 : Plugin Management

Update all active plugins and delete all inactive ones.  Click on Plugins >> Installed Plugins and click on update automatically to update a particular plugin.  The updated versions of the plugins are just not bug free but they are also more secured.

Read more Tips here:


Top 5 Benefits of e-Commerce Web Hosting

The market for e-retailers is certainly very promising today, thanks to the internet boom. Through a simple website, they can reach out to an infinite range of customers, beyond physical boundaries.

The power of technology is something that has made all this possible!

A number of entrepreneurs and SMBs are finding glowing opportunities in the e-stores. But, for all those who are in or are willing to be in the online market sphere, there’s more to understand!

What makes an e-store a hit, is a chain of multiple factors. Good website speed with ability to scale according to increasing traffic, a trustworthy payment gateway, a shopping cart, security of customer data and backup are some of those factors that account for a good e-store. All these factors are by and large affected by the quality of the hosting service you choose and thus call for a good ecommerce hosting service.

e-commerce web hosting

An e-commerce web hosting can be understood as a system wherein the host company provides an organization the required online space and tools, so that it can run its retail store online. It differs from a simple web hosting as it fulfills some additional requirements of a shopping website like SSL certificate, shopping cart, database support, payment gateways and other ecommerce security requisites.

Now what should make you go specifically for an ecommerce web hosting is a difficult thing to know. So let’s put 5 top benefits of an ecommerce hosting solution that will make you go for one.

Top 5 benefits of ecommerce web hosting

An ecommerce hosting solution can be really advantageous for anyone who is looking to start an online business. The benefits can be summed up in below mentioned points:

  1. High availability and scalability
  2. Secure your customers’ transactions
  3. Ease of shopping with cart
  4. Hosting experience with less technical know-how
  5. Multiple website management with single admin panel

How ZNetLive can be your perfect ecommerce Linux and Windows web hosting provider?

Check Here


6 Reasons Public Cloud Fails to Deliver What Private Cloud Does

Today, most organizations are adopting cloud computing technologies to stay ahead of the competition as cloud provides instant provisioning, scalability, virtualized resources, security, ability to expand server base and much more.
Depending upon your business needs and strategies, you have the choice to deploy your infrastructure in either a private cloud or a public cloud. But the question is which one is the best? What are the differences between the two? How can you determine the right solution/path for your business?

Public cloud vs private cloud – an introduction.
The public cloud deployments are used by the organizations for those applications and data whose security and compliance is not a big issue. It is a multi-tenant environment that offers a slice of the server in the cloud which is shared by a number of tenants.
Private cloud, on the other hand, provides the single -tenant environment with dedicated hardware, storage and network per user. Continue reading