Protect Your WordPress Site from Brute Force Attacks: A Comprehensive Guide


Cheap reseller Hosting


Welcome to our comprehensive guide on how to protect your WordPress site from brute-force attacks. As the world’s most popular content management system, WordPress is an attractive target for hackers and malicious cyber-attacks. One of the most common methods used by attackers to gain unauthorized access to a website is through brute force attacks. These types of attacks use automated systems to repeatedly try different combinations of usernames and passwords until they find the correct one.

Brute force attacks can cause severe damage to your website, including stolen data, defacement, or even complete loss of control over your site. However, with proper knowledge and precautions, you can greatly reduce the risk of falling victim to these attacks.

In this guide, we will discuss what exactly brute force attacks are and why they pose a threat to your WordPress site. We will also explore various techniques and tools that you can use to secure your website and prevent such attacks from happening. By implementing these measures, you can ensure the safety and integrity of your WordPress site, protecting not only yourself but also your visitors’ sensitive information.

Whether you’re a new WordPress user or an experienced developer, this guide will provide valuable insights into securing your site against brute-force attacks.

Understanding Brute Force Attacks

A brute force attack involves automated software trying countless combinations of usernames and passwords until it guesses correctly. To prevent this, you need to make it as difficult as possible for attackers.  

Strong Passwords and Username

  • Avoid common usernames: Don’t use “admin” or other predictable names.  
  • Use strong passwords: Avoid making simple passwords like BOD, Phone no, etc. Instead try to create a password with upper and lowercase letters, numbers, and special characters.
  • Password managers: Make use of the best password manager to get and store complex passwords.

Limit Login Attempts

  • WordPress Core: While not as robust as plugins, WordPress Core offers basic protection. You can adjust the number of failed login attempts before lockout in the wp-config.php file. However, it’s generally recommended to use a dedicated plugin for better control.
  • Security Plugins: Many plugins offer advanced features to limit login attempts, including IP blacklisting, CAPTCHAs, and more.  

Two-factor authentication (2FA)

  • Enable 2FA: This adds an extra layer of security by requiring a second form of verification (e.g., code from your phone) after entering your password.  

Keep WordPress and Plugins Updated

  • Regular updates: Ensure your WordPress core, themes, and plugins are up-to-date with the latest security patches.  

Security Plugins

  • Consider a security plugin: Numerous plugins offer comprehensive protection against brute force attacks and other threats. Popular options include:
    • Wordfence  
    • Sucuri  
    • iThemes Security
    • All In One WP Security & Firewall  

+Hide Login Page

  • Change login URL: Some plugins allow you to change the default /wp-admin login URL to a custom one, making it harder for attackers to find.

Web Application Firewall (WAF)

  • Consider a WAF: A WAF can filter traffic and block malicious attempts, including brute force attacks.  

IP Blocking

  • Manually block IP addresses: If you identify malicious IP addresses, you can block them using your hosting control panel or a firewall.

Regular Security Audits

  • Go through vulnerabilities: As a website owner, it’s your responsibility to monitor security audits to check the potential weaknesses in your website.

Read: Delete an FTP User Account in Webuzo: A Quick and Easy Tutorial

Additional Tips

  • Allow only needed permissions to users.
  • Take regular backups of your website to safeguard your website’s files and data.
  • Keep an eye on your server logs for suspicious activity.

By combining these measures, you can significantly reduce the risk of successful brute-force attacks on your WordPress website. Remember to choose the methods that best suit your website’s needs and resources.


Cheap web Hosting


How to Stop Contact Form Spam in WordPress?


Cheap reseller Hosting


WordPress is a well-known name in the IT world. It is well said that popularity brings advantages and disadvantages too. Similarly, contact form spam in WordPress is getting into talk in the IT market. One of the most talked about threats to any website is using contact forms and inviting abuse and spam.

As contact forms consist of blank fields, any spam bots can fill out these fields in the way they like. It is normal to get 1 or 2 messages, but if it’s happening repeatedly, you have to take it seriously. There are possibilities you will lose the real message from the potential customers. For all this, the spam bots are the main culprit. Before getting into deep it’s time to study what is Spam bots.

What are Spam bots?

Spam Bots: Automated Pestilence

Spam bots are malicious computer programs designed to automate the sending of spam. They are the digital equivalent of unsolicited junk mail, but far more pervasive and efficient.

Read: How to Update the Plugin Manually via FTP

How Spam Bots Work

  • Creating fake accounts: These bots generate numerous fake profiles on various online platforms to spread their spam content.  
  • Harvesting email addresses: They scour the internet to gather email addresses, building extensive lists for mass spamming.  
  • Sending spam messages: Once armed with email addresses or platform accounts, spam bots relentlessly distribute unwanted messages, often containing advertisements, scams, or malware.  
  • Overloading systems: By flooding platforms with spam, they can disrupt normal operations and hinder user experience.

Types of Spam

Spam bots can distribute various forms of spam, including:

  • Email spam: Unwanted commercial or deceptive messages sent via email.  
  • Social media spam: Spammy posts, comments, or messages on platforms like Facebook, Twitter, or Instagram.  
  • Comment spam: Irrelevant or promotional comments on blogs and websites.  
  • Form spam: Automated filling of online forms with spam content.

Now, we will study the various techniques to block the contact form spam in WordPress.

Read: How to Fix Error in WordPress, “Sorry You are Not Allowed to Upload this File Type”

What Are the Best Practices for Controlling Spam in WordPress?

1. Use a Strong Anti-Spam Plugin

A dedicated anti-spam plugin can be your first line of defense.

Some popular options include:  

  • Akismet: This is a well-known plugin that effectively filters out spam comments and contact form submissions.  
  • Contact Form 7 Honeypot: This plugin specifically targets contact form spam using the honeypot method.  
  • Google reCAPTCHA: While not a standalone plugin, it’s a robust anti-spam tool that can be integrated into many contact form plugins.

2. Implement CAPTCHA

CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a challenge-response test used to determine whether a user is a human or a computer. It’s a reliable way to deter spam bots.  

  • reCAPTCHA: Google’s reCAPTCHA is a popular choice, offering various levels of protection.  
  • hCaptcha: An alternative to reCAPTCHA, hCaptcha also provides effective spam protection.  

3. Honeypot Fields

A honeypot field is a hidden field in your contact form that only bots can see. If this field is filled out, the submission is likely spam.  

Many anti-spam plugins, like Contact Form 7 Honeypot, utilize this method.  

4. Limit Form Submissions

Restricting the number of submissions from a single IP address can help to prevent spam attacks. Selected contact form plugins provide this feature.  

5. Block Spammy IP Addresses

If you identify the IP addresses of spammers, you can block them manually in your WordPress settings or use a firewall plugin.  

6. Regularly Update WordPress and Plugins

Keeping your WordPress installation and plugins up-to-date is essential for security. Updates often include patches for vulnerabilities that spammers exploit.  

7. Consider a Firewall Plugin

A firewall plugin can provide an additional layer of protection by blocking malicious traffic and detecting suspicious activity.  

Additional Tips

  • You can opt for a branded form with built-in anti-spam features.  
  • Monitor your contact form submissions regularly to identify any suspicious activity.
  • Be cautious of free contact form plugins as they might not offer adequate spam protection.

By combining these methods, you can significantly reduce spam on your WordPress contact form and protect your website

Wrapping

Combatting contact form spam in WordPress is essential for maintaining the integrity of your website and ensuring genuine interactions with your audience. By implementing the strategies outlined in this guide, such as using CAPTCHA, employing spam filters, and regularly updating and monitoring your plugins, you can significantly reduce spam submissions and protect the user experience.

Remember, staying proactive and vigilant is key to keeping your WordPress contact forms spam-free. By taking these steps, you can enhance the security and effectiveness of your website’s communication channels, ultimately fostering a more positive user experience for your visitors.


Cheap web Hosting


How to Fix Error in WordPress, “Sorry You are Not Allowed to Upload this File Type”


Cheap reseller Hosting


When you try to upload a file to your WordPress Media Library, there is the possibility that you may get an error, “Sorry, you are not allowed to upload this file type.”    

When you try to upload a file to your WordPress Media library, library, there are chances you will get the error.  

In WordPress, the file types allowed are:

  • Images Extension Supported: .jpeg, .jpg, .png, .gif, .ico
  • Documents Extension Supported: .pdf, .psd, .xlsx, .odt, .ppsx, .pps, .pptx, .docx, .doc
  • Audio Extension Supported: .mp3, .wav.ogg
  • Video Extension Supported: .webm, .flv, .mp4, .svi, .nsv

If you type extensions apart from this, then you will get an error message highlighting, “Sorry, you are not allowed to upload this file type.”

Method 1: Edit wp-config.php (Advanced)

To successfully upload, you have to follow these steps, Site Tools > Site > File Manager and thenedit the wp-config.php file for your WordPress site. It is located in the public html folder.

Now, above the line, “That’s all, stop editing! It’s time to publish the post. Type the command mentioned below:

define(‘ALLOW_UNFILTERED_UPLOADS’, true);

Now, save all the changes to your file and this will allow you to upload the desired file from your WordPress wp-admin > MediaAdd New.

Method 2:

Double-Check the File Extension:

Sometimes the error appears even for allowed file types if the extension (like .jpg for jpeg images) is misspelled. Make sure the extension on your file matches the actual file type.

Change File Format (if applicable):

If the file type isn’t crucial, consider converting it to a format that WordPress allows. Like, you can convert a PNG image to a JPG.

Use a Plugin (for more control):

Plugins like “File Upload Types” let you add new file types to the list of allowed uploads in WordPress. This gives you more control over what can be uploaded but remember only to enable trusted file types.

Contact Hosting Provider (for Multisite or Server-side issues):

If you’re on a WordPress Multisite network, specific upload settings might be configured. Contact your hosting provider for assistance in such cases. They can also help diagnose if the issue lies with your server’s MIME type settings.

Wrapping Up

Remember, for security reasons, it’s suggested to remove that new line you have inserted in the wp-config,php after uploading the given files. This is important from a future point of view, as you need to upload more then you can insert the line again.


Cheap web Hosting


How to Update the Plugin Manually via FTP


Cheap reseller Hosting


This article considers the steps to update the plugin manually via FTP. Manually updating a plugin via FTP involves replacing the old plugin files with the new ones on your web server. It’s useful when the automatic update in the WordPress dashboard fails.

Downloading the New Plugin Version:

  1. Find the latest version of the plugin you want to update. You will get it from the plugin’s official website or the WordPress plugin directory.

Using an FTP Client:

  • You can download and install an FTP client like FileZilla if you already don’t have one.
  • Next, you can use your FTP credentials (host, username, and password) to connect to your web server. These can be found in your web hosting provider’s control panel.

Backing Up and Replacing the Old Plugin:

  • Here, you have to navigate > /wp-content/plugins/ directory within your server’s file structure.
  • Then, you have to locate the folder for the plugin you want to update.
  • Here’s where you create a backup: Right-click on the plugin folder and choose “Rename.” Add “-old” to the end of the folder name (e.g., “my-plugin-old”). This creates a backup in case you need to revert to the previous version.
  • Now you can delete the original plugin folder.

Uploading the New Plugin Files:

  • Now, on your local computer, you have to locate the downloaded folder containing the new plugin version. 
  • In your FTP client, go to the local files section (usually on the left side) and browse to the new plugin folder.
  • Here, you have to right-click on the folder and select “Upload” to transfer it to the /wp-content/plugins/ directory on your server.

Activating the Updated Plugin:

  1. To activate the plugin, you have to log in to your WordPress admin dashboard.
  2. Move to the “Plugins” page.
  3. You will see the newly uploaded plugin listed as inactive.
  4. Find the plugin and click “Activate.”

Optional: Cleaning Up

  1. Once you’ve verified the updated plugin that works properly, you can go back to your FTP client and delete the old plugin folder (the one renamed with “-old”) if you don’t need it anymore.

Remember: Updating plugins via FTP bypasses the WordPress update process, so the plugin’s database entries might not be automatically updated. If the plugin requires database changes, you need to follow additional instructions provided by the plugin developer.

It’s generally recommended to update the plugins through the WordPress dashboard whenever possible, as it’s a simpler and safer process. But in case of issues, manually updating via FTP can be a helpful alternative.


Cheap web Hosting


How to install JetBackup for WordPress?


Cheap reseller Hosting


Installing JetBackup for WordPress depends on whether you want the free or paid version:

Free Version:

To get the free version check these steps below:

Log in to your WordPress Admin Dashboard.

Navigate to “Plugins” > “Add New“.

Search for “JetBackup for WordPress” in the WordPress Plugin Repository.

Click “Install Now” and “Activate Plugin” once the installation is complete.

Paid Version:

To get a paid version of JetBackup for WordPress, check these steps below:

If you have the Free Version Installed, you have to uninstall it by logging into your WordPress Admin Dashboard > “Plugins” > “Installed Plugins”, look for “JetBackup for WordPress” and click “Deactivate” then click on “Delete”.

Next, log in to the JetApps Client Area, and navigate to “Services”. “My Services” {JetApps Services Page}, click on the corresponding “JetBackup for WordPress” license then click download.


Cheap web Hosting


How to Enable LiteSpeed Web Cache Manager on cPanel?


Cheap reseller Hosting


LiteSpeed is a built-in caching engine that allows to boost website performance. This guide will describe the steps to enable LiteSpeed web cache manager in cPanel.Initially, you have to log in to your cPanel account with a username and password.

  1. Initially, you have to log in to your cPanel account with a username and password.

2. Once you have logged in to your cPanel the cPanel dashboard will be shown, scroll down and go to the Advanced section > LiteSpeed Web Cache Manager.

3. After logging in, you have to click on the WordPress cache icon.

4. The next step is to click on the Scan button. This will highlight all the active WordPress installations.

5. Eventually, once all the WordPress installations are discovered, you have to select the ones you want to activate and then click on Enable.

This is how you can implement these steps to use LiteSpeed web cache manager for WordPress sites on your cPanel server.

In conclusion,

enabling LiteSpeed Web Cache Manager on cPanel can significantly enhance website performance and speed, ultimately improving user experience and search engine rankings.

By following the simple steps outlined in this guide, website owners can harness the power of caching to optimize their site’s performance.

Embracing LiteSpeed Cache can lead to tangible benefits, such as reduced server load and faster page load times. Stay ahead in the digital landscape by leveraging this powerful tool to deliver a seamless and efficient web experience for your visitors.


Cheap web Hosting


How to Set up Google Tag Manager in WordPress


Cheap reseller Hosting


Understanding exactly how visitors interact with your WordPress website will teach you a lot about its workings. Whereas analytics tools will help you to monitor certain information by default.

Simultaneously, Google Tag Manager offers an easy way to develop and manage tags on your website without understating the coding This tool will guide you to create conditions for tracking particular actions on the website, like how many times a document is downloaded, how often a link is clicked on, or how many people watched an embedded video.

This document will help you learn what Google Tag Manager is, and what are the steps to set up a Google Tag Manager in WordPress.

What is Google Tag Manager?

It is a free tracking tool that allows you to manage and deploy website tags without changing the code.

It has in-build templates that are integrated with Google Ads, Google Analytics, and other tools. With the help of its preview mode, you can monitor the tags or triggers that work well before they get published.

There are two main ways to set up Google Tag Manager (GTM) in WordPress:

1. Using a Plugin:

This is the recommended method for most users as it’s easier and doesn’t require editing theme files. Here’s how to do it:

  • Install the plugin: Search for “Google Tag Manager” in the WordPress plugin directory and install the plugin by DuracellTomi.
  • Activate the plugin: Once installed, go to “Settings” and then “Google Tag Manager.”
  • Enter your GTM container ID: You can find this ID in your GTM account under “Container”.
  • Save the settings: Now, the GTM code will be automatically added to your website’s header and body sections.

2. Editing Theme Files:

This method involves manually adding the GTM code to your theme’s header.php file. It’s a less recommended approach as it requires some technical knowledge and can be overwritten when you update your theme. Here’s how to do it:

  • Access your WordPress dashboard: Go to “Appearance” and then “Theme File Editor.”
  • Locate the header.php file: Click on the theme header file (e.g., header.php).
  • Find the <head> tag: Look for the opening <head> tag in the code.
  • Copy the GTM code snippet: Go to your GTM account and copy the provided code snippet.
  • Paste the code: Paste the first part of the code snippet just below the opening <head> tag.
  • Click on the Save button: You have to click on the “Update File” button to save your changes.

Additional Tips:

  • Backup your website: It’s always recommended to back up your website before making any changes to theme files.
  • Test your website: After adding the GTM code, ensure your website still functions correctly.
  • Use a preview and debug mode: GTM offers a preview and debug mode to help you test your tags before publishing them.

Set Up Google Tag Manager Soon!

Unleashing Google Tag Manager’s full potential in WordPress has never been this simple.

From better analytics to more personalized user experiences, Google Tag Manager on your WordPress site can make a world of difference. Ready to step up your game? Check out our step-by-step guide.

Tag or share with your friend who needs this setup on their WordPress site.


Cheap web Hosting


How to Remove WordPress from cPanel Softaculous?


Cheap reseller Hosting


You can easily install and remove WordPress from cPanel Softaculous.  

This tutorial article will help you to uninstall WordPress from cPanel Softaculous.  

  1. Login to your cPanel account

2. Click on the Softaculous App Installer section and click on WordPress.

3. After that you can click on the Installations tab where you’ll see all the installations.

4. Under Installations, you’ll see the dashboard consists of different options. Click on the red dustbin icon under options for the domain that you want to remove:

5. After clicking on the red dustbin icon, you’ll be redirected to this page.

6. Click on the button Remove Installation. You’ll be asked last time about removing the installation and you just need to click OK

When you click on the OK button,

7. You’ll get on the page informing installation was removed successfully.  


Cheap web Hosting


Steps to Install WordPress using Softaculous


Cheap reseller Hosting


This tutorial will help you to install WordPress using Softaculous.

Log-in to your cPanel (Control Panel)

The very first step is to login to your cPanel (control panel) login page and enter the correct details.  

After login, you can check for the Softaculous icon in the control panel as shown in the screenshot below. It will redirect you to Softaculous Endures panel.

Operate the Softaculous from your control panel.

Select the WordPress

Under Softaculous endure; you’ll see the multiple scripts lists from which you’ve to select the WordPress.

Click on the Install button which will showcase the install form.  

After clicking on the Install button, you’ll be redirected to the install form. 

Fill the all necessary details in the install form shown in the screenshot below. The form consists of many details that are prefilled by the default, you can also change it as per your requirement or leave it as it is and continue with the installation with default values.  

Select the installation URL

Select the domain and folder in which you want to install of WordPress. Also, select HTTPS to ensure your website is secure by using a SSL Certificate.

Note: If you want to install WordPress in document root i.e example.com instead of subdirectory i.e. example.com/wp then leaves the In Directory field blank. 

Next,

Finish the remaining installation setup. You can select the version of WordPress as per your requirement. We recommend using the most recent release, as it will be secure and compatible with most of themes and plugins.

In the Site Setting section, you need to type Website Name and Description. However, you can change this after installation.  

Finish the Admin Account section

For the admin username, it’s suggested to use something unique than the default ‘admin’ for the username, as this is the default for all WordPress installations and poses a security risk.  

For a password, you can create a password or generate one using the key icon.

An email address is needed to get notifications, including the password reset (if you forgot the password)

Choose Language helps you to select the default language for your website.

Select Plugin(s) helps you to select plugins as per your business.

In the Advanced Options section, mentioned options don’t need to be changed, but they include the database name, table prefix, disable update notification emails, set auto – upgrade, and more.

Rest of the options your web hosting provider will help you to mention in the boxes.  

The Select Theme helps you to select themes as per your business by default, WordPress uses a theme named after the year, but you can select one that fits the purpose of your website.  

After installing the plugin, the next step is to click on Install. A progress bar will get displayed on your installation status and refresh once the installation is done.

Note: during the going process avoid the closing of the browser as it can interrupt the installation.  

Last, you’ll get the notification displaying “Congratulations, the software was installed successfully.


Cheap web Hosting


How to install WordPress on Plesk


Cheap reseller Hosting


WordPress is an award-winning blog platform that we recommend for blogging. You can have your very own self-hosted WordPress blog with your own domain. Get started with your own WordPress installation with custom themes, plugins, and your own domain name with Hostripples today!

install WordPress on Plesk

This article will explain how you can install WordPress on your server using Plesk.

Step 1 : Login to the Plesk control.

Step 2 : Go to Websites and Domains tab.

Step 3 : Click on Domain Name in the bottom.

Step 4 : Click Add New Database.

Step 5 : Type the name for your database.

Step 6 : Select type of database.

Step 7 : Click OK button.

Step 8 : Next, you need to add a user to the database.  Click the Add New Database User icon.

Step 9 : Type the name of the database user.

Step 10 : Enter a complex password (make sure to note it for future use).

Step 11 : Click OK.

Now the database is created, it’s time to start the installation process.

Step 12 : Install wordpress by downloading the wordpress zip file.

Step 13 : Extracting under the domain directory.

Step 14 : Now, Running the link where wordpress files are located.

Step 15 : Use above database and database username when prompted.

Step 16 : Done

 

Your WordPress has been installed!


Cheap web Hosting


1 2