Menu

Blog Archives
Kenny

Home

Author Archives: Kenny

About Kenny

Kenny is owner of webhostpark and has been working in hosting industry since 2006. We provide unbiased hosting reviews and release the latest promo news. Follow me on Google plus

5 Steps to stop wordpress brute force attack

wordpress brute force attack

When I trying to login our company blog site for news update, I get a message showing "WordPress Login Temporarily Disabled" and a support page link for problem fixing. After doing my research, it's because of "brute force attack" for wordpress site, our company blog is one of the victims and our hosting company blocked the login access for any user. After a bit research, we collected following solutions to deal with wordpress brute force attack.

Brief introduction of brute force attack

Brute force attack is the most basic hacking method to gain access to a site: it tries usernames and passwords over and over again until it gets in. Those victim sites using simple user name and password can be compromised easily by this hacking. At the meanwhile, because of the over and over again trying, the server memory/cpu usage goes up dramatically, if there's mass trying on lots of sites, the hosting server can be brought down quickly.

5 efficient steps to stop brute force attack

step1. Use strong username and password

Basic but crucial configuration to maintain a safe site. For wordpress, it's highly recommended to change the default user "admin" to something else you prefered. It can be done through phpmyadmin panel -> open your database -> click on "wp-users" -> click edit button beside the user name -> rename the "admin" to your prefered word -> click save at the buttom to make the change. We can also set a strong user password there directly.

It's crucial step after we have wordpress installed. No matter how the hacker is trying, they can not get in our site even the server is brought down. Our data is still safe.

step2. Hide the login page

It doesn't mean to remove the login link on website home page, it means to change the login URL to something else other than wp-login.php or wp-admin. We highly suggest to have plugin "stealth login page" or "HC Custom WP-Admin URL" installed. We can fully custom the login url as we liked thus hackers can not get it in any way.

step3. Install wordpress security plugins

We have provided a list of 6 leading wordpress security plugins. It's highly recommended to have them installed for high level protection. Free and easy to do, so why not use?

step4. Use CDN service

CDN is great to filter those spam traffic and reduce the hosting server loads. It's not only good for single site health but for entire hosting server. We highly suggest start with free CDN provider "Cloudflare", it's good enough for small to medium size. Pretty easy to configure.

step5. Use a decent hosting provider

A good provider not only prepares good hosting servers but good policies to keep our site alive. Normally, when there's such attack on customer site, many hosters will shut down customer site directly to save their server. But a good hoster like inmotion will try to fixe the problem on server end. For instance, our site is being attacked but they only blocked login access with fix solutions. This is what called customer caring.

Further resources of brute force attack:

  1. wordpress official solution
  2. solution from inmotion hosting
  3. solution on rackaid

Is Justhost Good Business Website Hosting Choice?

justhost business hosting

Justhost is supporting millions websites on the planet for its affordable and rich feature plans. How about hosting a business website with justhost? We have done in-depth research and carried out this review. If you're going to put your business website on justhost server, this article provides you side by side guidance to do it correctly.

What does Justhost Provide?

Justhost is featured budget web hosting provider in various top 10 list. Since from the very beginning, justhost has been offering pretty standard cpanel linux hosting with unlimited for everything. At the moment, justhost keeps a single shared plus 3 VPS/dedi server plans to support our different website requirements.

The advantage of hosting business site with justhost

To learn about justhost advantages, we have to check about how existing customers say and what service we can receive. So following are brief list of justhost advantages to power a successful site.

Enough disk space/data transfer. Justhost provide unlimited for both account space and data transfer. Means we can upload as many files as we can.

Strong data center support. The justhost servers are central managed in Utah data centers which is the same place of bluehost server. These data centers are setup to meet the next 30 years IT requirements with leading technologies. Although the company has migrated lots of business to this place, there're still over 3/1 free resources left for further expansion. Because the data center is fully managed by justhost group leaders, they have full access to respond quickly.

Powerful control cpanel system. It's customized cpanel system from justhost. Their tech team has fully integrated billing/domain/hosting under one place. In this way, we no longer have to navigate on multiple windows but focus on the same one.

Very affordable price. Only $3.50/mo, we get free domain name registration, unlimited domain hosting and email accounts. It's not only affordable by business owner but also for personal webmasters. For those starter business owner, it's absolutely good choice to reduce investment.

Multiple upgrade options. You always want to see good growth for website. however, that means you need higher hosting plans to support the usage. Justhost provides seamless upgrade to vps/dedicated server space. Just confirm the package you prefered and pick up a proper time then migration will be done in short period.

It's crucial to have scalable upgrade options for business website because we never know how big it will be since we want to make further success on it. Justhost not only provides seamless upgrade to your desired package but also ensures zero downtime. The best of the best is we will know when to upgrade. Once our website usage reaches shared server limitation, we'll get email warning, we can then check and evaluate the proper solution. In this way we won't get website shut down for no reason. It's very important feature to give our business a good representation for visitors.

justhost business features

The limitation of justhost service

Everything seems to be perfect with justhost, however we must realize their budget hosting feature. In hosting industry, you really get what you pay. Less paying means busier server configuration and less resource allocation. The hosting provider must be profitable for such low priced service, they have to oversell a bit. The direct effect is overall server speed is slowed down with more restrictions. Before justhost got merged into endurance, they have 50000 inodes limits for every hosting accounts and the actual bandwidth limitation is very high.

There's lot of improvement being applied by justhost tech team, however it will still need time to approve their efforts. Normally, since we're going to put out business on website, we must find a reputable or decent server plan to support it. Price is not a crucial consideration because we're going to be profitable on website orders.

As about justhost, it's good enough if you just want to use for product shows or company blog. But if you need to configure a shopping cart for mass order management, it's not a good idea. You might consider their VPS to start with or find a dedicated business hosting service like arvixe business hosting plan. For a profitable business website, we should not be confused for price issue.

HongKong vs Japan vs Singapore for Asia Hosting Choice

Asia is well known for its prosperous economy and population. However, there're not so many famous data centers to support the fast growing IT requirements. People always need to research a bit in order to find the right asia hosting provider. Till present, those leading data centers are mainly located at Japan, Hongkong and Singapore. This article provides side by side guidance and comparison of the tree locations and find out the best choice for hosting.

Networking

With no doubt, all the three areas have the best network specifications in asia. Especially for Japan, it manages one of the 13 root DNS servers(10 in USA, 2 in Europe) based its powerful internet abilities. Japan is also the terminal service provider of multiple Asia countries like China. Comparing to any other country/district in this area, Japan is unbeatable for international competition.

Hongkong is leading because of its bridge role to connect mainland and oversea net. For Chinese web users, they always have to select Hongkong for decent performance.

Singapore is doing the best in south asia for its modern and advanced international connections. It's also the primary consideration for lots of oversea companies who want to setup their asia IT services. Especially for hosting company who is trying to get asia customer orders, they advertise heavily to have data center service in this area.

Support

There's big difference with regarding to support. The three areas are featured in different parts while they're all leading in technologies. Let's see one by one.

Japan, the main weakness is lack of English language support. Most services are pre-configured via Japanese thus you have to be familiar with the service itself in order to use it properly. When there's a problem and support is required, we might have to wait longer till issue fixed.

Singapore is completely English based country. Most services are provided with English, no matter for domestic or international users there wouldn't be any problem in using the service. That's why they're liked by lots of international groups seeking for perfect IT solutions.

Hongkong is a little different from the two. It's tightly connected to China mainland on many areas. Comparing to any other location, Hongkong has the best geographic advantage for Chinese users. People from HK and China mainland can speak both Chinese and English. Being one of the main internet gateways, Hongkong is primary consideration when Chinese user needs same level hosting service from USA.

Business Environment

All those three areas are open market and actually play important roles on international business. Especially for Singapore, it occupies very good place to serve different markets. For internet services, Singapore is considered the gate of southern Asia. Being a famous international center, there's not a barrier at all to make business there. This is why lots of international hosting providers configure data center service in this area to support their asia clients.

Hongkong and japan are also great. However, with regarding to hosting, they have different targeted markets. Hongkong is mostly liked by Chinese. As we know, it's not so easy to put up a website in China, webmasters have to apply ICP license in order to keep the website online. Also, the governmental institutes will check hosted websites on server every few periods. Because of this, lots of mainland hosting companies rent servers from Hongkong and USA datacenters to give people alternative choice. Hongkong, for its great connection and friendly policies, it's liked by millions Chinese webmasters. About Japan, it's also pretty open but they're still popular from local or eastern asia districts.

Conclusion

As from above explanation/comparison, the three areas come with different features to support our hosting requirements. If your targeted market is eastern asia, japan & hongkong should be primary consideration. If we want to serve southern asia clients, there's no better place than Singapore. But if we want to deal with Chinese users, Hongkong is definitely the best choice from any side comparison.

Best 6 Free WordPress Security Plugins

Millions of websites are created by wordpress fans. However, it has been targeted attacking based the software popularity. From web analysis report, the daily attacks are millions on multiple famous sites using wordpress. Because of this, lots of companies make good business by offering wordpress securing service. In this article, we'll introduce 6 best FREE plugins to secure a wordpress site in few minutes.

1. Wordfence Security

The top recommended security plugin for enterprise class security and performance. Wordfence provides a fast caching engine, firewall and anti-virus scanning. It can quickly report malicious URLs and doubtable traffic. It's also announced to be the only wordpress security and performance plugin that can verify and repair your core, theme and plugin files without a backup.

Wordfence official download: http://wordpress.org/plugins/wordfence
See video introduction here:

The plugin also provides premium paid support and features including scheduled scanning, country blocking and more. It would be great for enterprise users to automate the full system. However the free option is already perfect for small to medium users.

2. Stealth Login Page

An advanced wordpress plugin for login protection. Using this plugin, we can fully customize the wordpress login URL instaed the default one. We can also disable the wp-login.php file directly for further protection. Things we can configure:

  • Define the wordpress site login URL such as http://mysite/login
  • Redirection of unauthorized login attempts
  • Authorization code on login form

stealth login page

Plugin download: https://wordpress.org/plugins/stealth-login-page

3. Sabre

Sabre(Simple Anti Bot Registration Engine), a plugin dedicated for anti-spam registration on wordpress site. The plugin will auto analyze if its real user registration and block those well know spammers directly. At the meanwhile, captcha authentication is added to registration form so spam registration is almost 100% avoided.

Sabre download: https://wordpress.org/plugins/sabre

4. Bad Behavior

An outstanding plugin to filter spam links. Acting as a gatekeeper, bad behavior prevents spammers from ever delivering their junk or ever reading your site in the first place. It's not only good to keep your wordpress site clean but also helpful to avoid DOS attack.

Bad Behavior: https://wordpress.org/plugins/bad-behavior

5. TAC(Theme Authenticity Checker)

The sole purpose of TAC is for theme verification. TAC will check each theme source file and find out malicious codes if any. Once founded, TAC will show the path to the theme file, the line number, and a small snippet of the suspect code. There're many theme resources on internet but not all are 100% clean. Especially for those free themes trying to collect user information, tac will ensure its cleanness before applying to your production site.

TAC download: https://wordpress.org/plugins/tac

6. AskApache

A network level protection to prevent automatic attacks. Beyond a simple security plugin, it's a powerful firewall and dedicated for wordpress protection. AskApache makes full use of available apache modules & rules and load the commands to .htaccess file. Not only the wordpress login page is protected, all site files are secured.

See full description on official page: https://wordpress.org/plugins/askapache-password-protect

Why You Need Business Email Solution?

business email solution

Our modern business highly relies on email communication. While there're tons of free email service like yahoo, gmail and hotmail, there're also plenty of paid solutions and actually charge on high prices. So what's the difference between a free and paid email service? Following comparison gives us side by side understanding and show us how important it is to register a reliable email service.

Advantages of free email service

Free – Definitely the biggest spotlight. Everybody be able to register with a free email service with no restriction. For most free email like hotmail, yahoo etc, we can probably use it life time free. And the truth is most users are free service based.

Lots of storage – For today's tech development, storage space no longer a problem for most online service. Especially when everything go into cloud, we can easily get multi GBs free space. For people who like to store lots of files online with basic protection, free email service like gmail is good enough.

Social network integration – Those leading free email services are all linked to various social network services such as facebook, linkedin etc. Many websites can be authenticated directly via our social or email accounts. Especially the google email, a single email address has full access to various google services like analysis, google drive and more!

Weakness of free email

Privacy – Probably the most concern for business email communication. While we only have web access to email service, the server hardware and network are fully managed by service provider. Thus they have full access to all our data. Just two days before, google updated their terms of use(http://www.google.com/intl/en/policies/terms/archive/20131111-20140414/) and claim to have access to incoming/outgoing messages to send accurate ads. It's definitely not good at all if there's sensitive information in our messages.

Not only for google, actually all free email providers are doing the same, there's just no announcement. Just think about the logic.

email securitySecurity – Since we don't have access to any equipment, we can't get a single piece of security configuration to trust with. Just think about the amount of users and what the result would be in case the server compromised. For example, the yahoo mail system got multiple hacking before and millions of email id/password were published online.

Advertisement – All free email services are advertisement based. Just login to your free email account and see how many ads there are. Some ads is placed exact the same place from top of incoming messages so you can't avoid to click. Obviously not good at all for prefessional business communication.

Advantages of Business email service

While there're so many weakness with free email, business mail service perfectly solves all problems. Normally, we have several options to configure the service, either signing up available email plans or install email server by ourselves. This is a completely clean system with professional management over multiple tasks including email, calendar and email filters etc.. We can configure the way how we want to send/receive emails. Also, it comes with a function that doesn't exist with free service – mailing list. We can easily send list email with no restriction. It's extremely helpful if we want to send announcement to subscribers.

Any disadvantage? The only disadvantage might be the price. Being enterprise choice, business mail service can be very expensive according to our exact requirement. Especially when we want to configure our own email platform, the cost is high.

As we see, the paid business email has unbeatable advantages for professional communication. Especially when you need to manage multiple online tasks together, a good email platform is the best choice.

TOP business Email solutions

The most popular business mail provider would be Microsoft Exchange who has been offering reliable and powerful services since early ages. Exchange server has been primary choice by most world TOP 500 companies. After more than 10 years development, exchange server got huge improvement and now is fully integrated into cloud. See more details on microsoft official page.

exchange server

Besides Exchange, there're also lots of reputable email solutions like smartermail, openexchange etc. Many business email plans are configured on such platform to meet our different requirements.

Biggest Hosting Providers For Different Services

Web hosting is a handy product nowadays for its popularity and affordability. While the competition is pretty high among thousands of hosting groups, it's interesting to know who's leading in different areas. We have done a bit research from various reports and announcement. Following are number one providers managing the biggest market share in each hosting categories. In case you're looking for hosting services, you can take a brief view about the entire industry and don't go wrong in choosing service provider.

Godaddy – Biggest Shared Hosting provider

godaddyBeing the biggest domain registrar on the planet, godaddy is selling domain names by per second frequency. While people purchase a domain name from godaddy, the great price notice in configuring website hosting is almost irresistible to most people. From their official reports, there're over 10 millions US clients and multi millions international clients being hosted on their servers. Not to mention their huge domain database, their hosting users statistics is almost horrible comparing to most competitors.

Since from the very start in 1999, godaddy has been using inhouse developed control panel software for both domain and hosting management. However, from the start of 2014, godaddy has introduced cpanel for optional choice for new client registration. Since they're complined hard by lots of people for non-friendly control panel design, their new change could bring more power to earn more success.

Godaddy official site: www.godaddy.com

endurance – Biggest Linux Hosting Provider

endurance groupNo matter how people talk about this name, we have to accept the truth. Endurance does not offer any hosting package directly but selling on hundreds of popular brands like ipage, fatcow and justhost. Their rank of biggest linux provider greatly relies on acquisition over hostgator and bluehost. These two brands had served multi millions clients on the globe and well recognized by most people. Actually, their linux hosting plans are considered industry standards and followed by many companies. When we liked a linux hosting plan, check first if it's offered by endurance brand because they're everywhere nowadays.

endurance official site: www.enduranceinternational.com

Microsoft – Biggest Windows Hosting Provider

windows azureBeing the windows server provider, microsoft also provides hosting itself. From netcraft report, microsoft is ranked the biggest windows hosting provider. Especially for windows cloud, microsoft manages total of 23400 servers(22300 servers for amazon). Microsoft currently is most well known for it's cloud service "Windows Azure". It's not only a service but an ongoing developed platform for super developer friendly. No matter if you just need simple website hosting or develop apps in cloud environment, windows azure is the best place for both performance and security. How much does it cost? Try out 30 days for free then decide if you like to pay!

Windows azure official: windowsazure.com

1and1 – Biggest VPS server provider

1and1 vpsYou might be surprised about this but this company does offer the most vps servers. From editorial anylisis, it's because of their huge shared hosting users. Only $0.99/yr to try out and then you pay $5.99/mo. However, once your website grows up mostly you will need VPS support, thus it's reasonable for clients to keep the service for easier management. I can't say 1and1 is doing good for web hosting service, however they indeed support large amount clients.

1and1 official site: www.1and1.com

RackSpace – Biggest Dedicated server provider

rackspaceThe most well known and reputable dedicated server provider. The rackspace server is not cheap but you get for the pay. Rackspace servers are mainly targeted for enterprise business with advanced configuration. The company has a team of professionals from the industry and they're actually building the standards. They company is doing close co-operation with popular communities like NASA, their produce "OpenStack" is widely used by many cloud providers.

Rackspace official site: www.rackspace.com

Amazon – Biggest Cloud server provider

amazon cloudThe most reputable and biggest cloud service provider. Amazon is also the very first company for business cloud service offering. Since 2006, amazon has started their cloud service and has been powering dozens of world leading names including Dropbox, Adobe, Twitter, NASDAQ and NASA etc. Not only for enterprise support, amazon cloud is also open for personal service, for example its free 5GB cloud drive service.

Amazon cloud hosting portal: aws.amazon.com