Category Archives: security

How Can You Protect Your WordPress Website Against DDoS Attacks

DDoS (distributed denial of service) attacks are one of the most popular and hardest to deter hacking attacks known. In a distributed denial of service attack, a server is flooded with so many connection requests that it buckles and goes down because it doesn’t have the bandwidth to support all the connection requests. This is similar to what happens to a website when it goes viral and is flooded with traffic until it goes down, only in this case, the traffic isn’t legitimate viewers. The whole purpose of a DDoS attack is to take the website down and disrupt its ability to support legitimate web traffic, as well as incur high bandwidth fees and possible disruption of service for the website owner.

You may wonder, who would want to do that to my website? Why would they want to do that to my website? The answer is that it could be anyone that doesn’t like you, disagrees with the content of your website, or even just in general feels like causing chaos.

Good web hosts already take security measures to help protect you from these types of attacks. You can find out who the best web hosting is by browsing through the expert and user reviews and ratings. But, even the most secure web host can’t provide complete protection for your website. The rest is up to you.

1. Virtual Private Networks

A virtual private network (VPN) is an encrypted server you can connect your website to. Its entire purpose is to mask the origin of your website’s server, which makes it much more difficult to target your website in a DDoS attack. VPNs were originally used by businesses and private users to connect to the internet safely, but nowadays they can be utilized by websites as well for an extra measure of protection.

Another major way in which a VPN can help protect you is encrypting your web traffic between you and your website if you use it on your personal PC. This makes it much harder for a hacker to use sniffing tools (tools designed to intercept and access the information passed between you and the internet) to find out your login credentials and hijack your website.

2. Plugins

If you’re using WordPress, there is great news for you. WordPress already has several plugins to help you protect yourself against a DDoS attack. Loginizer limits the amount of times someone can try logging into an account before their IP address gets blocked from your website, which is helpful in preventing brute force attempts as well as attempts to flood and confuse your server with login traffic. The Wordfence and Bulletproof Security plugins assist further by blocking traffic that is demanding too many connection requests at once, as well as setting up blacklists of bad IP address ranges that have been found to have malicious intent.

However, plugins shouldn’t be your only choice for protecting your website from DDoS attacks. Many plugins go neglected by their developers and lack up to date security measures to keep your website safe. You should make sure you are only using plugins that are up to date, have numerous good reviews, and are well trusted within the WordPress community.

3. Surveillance

None of the security tools in the world can replace your own eyes. In the case that a DDoS attack slips through, you may notice that your pages are loading slowly and have time to block the bad IP address ranges before your website goes completely down.

Check your website out every day by doing a scan through the main pages. If you notice anything out of place, go ahead and assume that something is wrong and take measures to block any suspicious traffic. The same goes for your page views and other web performance statistics. If these suddenly drop for apparently no reason, don’t just assume it’s a bad day. Investigate further to see if you’re a victim of an attack.

Again, make sure that your web host is a good web host that takes security measures to help protect your website against DDoS attacks, as well. If they don’t, or if you notice you keep getting DDoS attacks, it may be time to switch web hosting providers.

4. Don’t Go Looking For Trouble

You have every right to defend yourself and your website online, but first ask yourself if the fight is really worth the battle. You never know if the person you get in a dispute with online is a hacker or has hacker friends, and hackers love to have any excuse to attack a website. A DDoS attack may be the least of your concerns if you manage to piss a hacker (or hacker’s friend) off.

So don’t fall for flamebait or trolls. Ask yourself if you’ve got better things to do. Responding to verbal attacks or disagreeable opinions online could just be the fuel that starts a fire you don’t want to have to put out.

Additionally, show good web etiquette and only post your website’s URL where it is welcomed. Don’t advertise or spam other websites with your URL if they are not designed for advertising.

5. Cloud Distribution Networks

Cloud distribution networks (CDN) can give you an extra layer of security by handling your web traffic load for you. These networks spread your web traffic among multiple servers so that in case your website gets a DDoS attack, the traffic gets spread out among their servers and doesn’t take your website down. Additionally, they include security measures such as encryption, connection request limits, and CAPTCHAs to prevent DDoS attacks from happening in the first place. CloudFlare offers their basic tier of service for free, and walks you through the entire setup step by step.

Additionally, don’t assume that just a little bandwidth above your current web traffic load is everything you need. Make sure you have plenty of bandwidth to handle a sudden spike in traffic so if your website goes viral it won’t buckle under the load. Doing this will also make it harder for hackers to take your website down in a DDoS attack, since it will take a lot more traffic than normal to take your website down.

6. Have A Plan

Make sure you have a contingency plan in the event that a DDoS attack takes place. A very simple plan looks something like this:

Check the traffic flow to determine just how much traffic you have to handle during the DDoS attack.
Start using any tools or technologies you have access to that can help you handle the DDoS attack’s traffic load.
Try to identify the originating IP addresses/IP address ranges and, if so, block them from accessing your website.
Temporarily change your IP address with your web hosting provider’s help to throw the attackers off the trail for a bit.
Contact your web hosting provider to see if there’s anything additional they can do to help you.
If everything else fails, shut down your website. This will make the attacker’s efforts useless and they may move on faster.
After the situation has passed, analyze your website’s security and see if there’s anything more you can do to prevent future attacks.

7. Why are DDoS Attacks So Bad?

Ultimately, DDoS attacks are so disastrous because they can lower your readership by causing your viewers to lose faith in your website’s stability. Dead air is just as disastrous for a website as it is a TV or radio station. So, you want to make every preparation you can ahead of time to prevent a DDoS attack from ever being a problem.

Now is the time to take action. Check your website and see what plugins or tools you can install to help you in the event of a DDoS attack. Check every corner of your website and administrative tools and make sure you are familiar with all of it. Teach yourself more on how DDoS attacks work, and create a contingency plan today that will help you know what to do should your website be victimized in a DDoS attack.

Tips to secure your WordPress website against vulnerabilities

secure-wp
You might end up on this article searching for How to secure WordPress website against exploits? or

How to prevent by WordPress site against hacks and malware?

Or Tips securing your WordPress website against all exploits.

Of course this is the right article and this talks about all sorts of techniques, tools and plugins to help you secure your WordPress website.

As per W3Techs WordPress powers more than 58% of all the websites that use CMS which comes out to 24.9% of all websites in the world.

So with the increase in usage of WordPress and with the ever increasing popularity of how easy it is to set up and how easy it is to use there has been a rise of using more and more WordPress Themes as well as plugins.

But since it is easy there is also a rider which comes along with it. It becomes quite easy for hackers to hack it if used in all its default settings.

Hence the need to understand security and to secure your WordPress powered website because no one likes to get their website hacked.

It is obvious when you search on Google this keyword: “prevent WordPress hack” it comes up with 8 million or more results that how desperately people like developers as well as novice users want to know hack prevention techniques and tools for their WordPress website.

Here is a list of tips and tools as well as techniques we as WordPress theme developers could think of.

Of course this article can lead to a discussion and more input and more additions can be made as time passes by.

We will start with the simplest techniques and then move on to the more complex ones:

Simpler tips for security:

hosting
1. Hosting: Your hosting plays a crucial and important part in having your WordPress website secure. Many times its the bad host which gets you hacked. If you have a great hosting in place many things can be sorted out quickly and most of your frustration can be reduced. For example: Backups are easy. Brute Force attacks and spam and SQL injection are often checked and avoided. Hence we will talk about the most recommended hosts and their tools.

a. Shared Hosting: Most people just want to start their website and hence they don’t want to spend a lot in their first go and thus select shared hosting as their platform. There are thousands of hosting companies which provide shared hosting and we can’t possibly add all of them here but we are including only 4 shared hosting which we have personally tried and can recommend. However there might be even better or similar service. Do let us know:

i. Bluehost: Bluehost has been referred constantly by WordPress.org on its hosting page: https://wordpress.org/hosting/ It is a good starting point for shared hosting in case you need a WordPress website since it has both WordPress premium hosting for future and simple shared hosting with 1 click install. Since its a shared hosting which costs you 3 to 4 USD per month you can’t complain much about lack of features or services. However it has an automated tool for backup known as backup wizard comes along with cpanel which you can use. Thus backups can ensure that you are safe and if ever your website gets hacked you can restore the backup.

ii. A Small Orange: We are personally hosted on this hosting and most of the features present in Bluehost are present here. But above all which we like most and can say that is even better than the above host is the support. Support tickets are answered within 5-6 hours and always we get to chat with someone on the live chat within a few minutes. Support is what makes this host stand out from the rest because there are a lot of answers and help which they can provide free. All you need to do is ask them for it. Example: NGINX server cache installation, Backups and how to use it etc.

iii. SiteGround: Another popular WordPress shared hosting they also provide good tools for you to backup your website. Rest cpanel and standard features are present. Chat is also proactive and support tickets are answered often.

iv. Godaddy: Godaddy is the largest registrar of domains and hence many prefer it for their hosting as well. Overtime Godaddy also has made several changes to make it a reliable hosting for WordPress. It also has started giving standard Cpanel WordPress hosting which allows for backups and other easy to use tools.

b. Managed WordPress hosting: For those who have a little budget and want to have hosting manage their security for them. These 2 hosting companies out of the many out there we found reliable, cheaper than rest and often helping you secure your website as well as letting you know which plugins are good and which aren’t good. They also have nightly backups means that you are at peace of mind with them. So ever a hack happens which is rare since they manage it, they can restore the backup quickly:

i. WP Engine: WP Engine lets you know the list of plugins that they recommend for most. Hence vulnerable plugins are kept at bay.

ii. FlyWheel: Flywheel tells you not to install any security plugin as they handle the security themselves which means you don’t need to do anything once you install with them and they take care of the rest.

2. Back Ups: BackUps can be by use of cpanel file manager or via ftp (for files) and database download using phpMyAdmin using cpanel or the host database access. There are 100s of tutorials out there on how you can backup your WordPress website manually. However you should consider reading the Codex Backup Procedures as they are safe and have been written nicely: http://codex.wordpress.org/WordPress_Backups. There are several plugins as well. We will talk about them in short as most of them we mentioned here are working fine and have good reviews from others:

a. BackUpWordPress https://wordpress.org/plugins/backupwordpress/
b. BackUpBuddy (paid version of this plugin also present)
c. VaultPress
d. Dropbox Backup and Restore
e. Amazon S3 BackUp and Restore

3. Update WordPress Version: Most of the times due to use of older version of WordPress your site is at risk of getting hacked. WordPress recognises many security flaws and parameters in its previous versions and as reported by fellow contributors which from time to time are updated. Hence using the latest version of WordPress should reduce the risk of getting hacked or attached by malware.

4. Updating WordPress plugins and themes: Generally in the same way theme authors and plugin authors release updates and features. Most of the time they are feature updates. But from time to time these authors also recoginize security flaws and hence its a good practice to keep using the updated plugins and themes as well.

5. Change default username and password: Default username and default password use like simple series of number or keeping admin is fine as long as you are on local server or on a test site. But for business websites it is important that you change the default username and password. Now with WordPress latest versions it is possible to choose secured username and it generates secured password but for users with older versions of WordPress you may go to your profile to change your password. However for changing username use either phpMyAdmin in case you are comfortable changing it from there or else use any of the plugins below:
a. Admin renamer extended
b. Username Changer

6. 2 Step Authentication for Brute Force Attacks: 2 step authentication is essential in case your site receives a lot of Brute force attacks and has a high traffic or sensitive information. 2 step authentication secures your WordPress login area and makes it very complex for brute force attacks. Plugins which can be used for 2 step authentication are:
a. Clef
b. Duo
c. Authy
d. Google Authenticator
e. Rublon

These simple steps should make an user feel at piece of mind in terms of at least having timely backups and at least presenting his website with bare minimum security.

The next steps we are going to discuss are more complex steps in securing your WordPress website even further.

Complex Steps:

1. Steps listed in Hardening WordPress by Codex: http://codex.wordpress.org/Hardening_WordPress
Most of these steps are for developers or for people who have been using WordPress for quite long and understand how wp-config works. Have used file manager or ftp and can implement changes in htaccess, wp-config etc.

These steps surely act as a starting point in securing your website. However still some of the few security plugins we are going to discuss next will place a net cover of security on your WordPress website and hence you should check the following ones as well:

2. Plugins that will help in malware detections and change of files detection:

a. Sucuri Site Scan: Sucuri Site Scan has quite a few tabs. On the first tab are general settings about when to get notified for alerts like login, brute force attacks, registration of new users, alerts for failed login attempts, plugin installation etc. So if you have many users in your website and many administrators or editors who might install plugin then these features are useful and essential. The second one is malware scan which tells you about any kind of malware or malicious codes present in any plugin or theme directory. It also checks for error files, modified files if any. Scan should be reduced if your site traffic is low and you are hosted on shared hosting since scan also takes up a lot of hosting ram. The third part is hardening of security like removing WordPress version (as lower versions are more prone to hack, hackers check version and they know on which version what kind of security vulnerabilities are present). Hence removal of WordPress version, Uploads directory where media gets stored needs to be secured and hardened, restricting wp-content access, readme.html to be hardened, default admin account to be removed and changed, default database prefix to be changed Sucuri Firewall protection we haven’t tested this but shows up using Cloudproxy Firewall which it claims should help you secure your site against DDOS, Brute Force and SQL injections. If you have used this feature then do let us know as we don’t have proof of this firewall really helping.

b. Antivirus: Another plugin which we have found useful is Antivirus. It detects WordPress Theme files and database files for security and exploit. Only con of this security plugin is that it will use wp-cron and if you set up a daily scan and in case your shared hosting isn’t that powerful and your website is bigger in size in terms of pages, posts and database then this plugin might eat up a lot of resource as it scans through the files and database tables.

c. Anti-Malware and Brute Force Security by ELI: Anti-malware and Brute Force Security as the name suggests does a great job in this regard. In case you sign up for the plugin at gotmls.net you get all the updates of known threats. It also scans htaccess for any scripts, it checks for timthumb exploits and warns you, it checks for any backdoor scripts and asks not to use you, and checks your login for any vulnerabilities. So this way this plugin does the task of anti-malware. Checks all original WordPress files as well. You may use it and check for any problems in your existing website and rectify them.

d. Theme Authenticity Checker: Well for most cases we try to have plugins scanned and general WordPress dashboard security like login, WordPress files etc but WordPress themes and their security is also important because there can be unnecessary scripts or obfuscated malicious code which can be easily hacked. Hence this plugin serves as a nice tool to get your theme scanned and checked and once you know which files are unwanted or which code is problematic can refer it to original theme author for either removal or change of code to safer practices or if there are too many vulnerabilities rather use a more safer theme. For most cases for theme checks it does better than Antivirus.

3. Security Plugins that will secure it further

a. All in One WP Security and Firewall: This one takes care of the following which summarizes most of the security you can take on your website:
i. User Login Security
ii. User Account Security
iii. User Registration Security
iv. System File Security
v. Firewall SetUp
vi. Blacklist Feature
vii. Database Security
viii. BackUps
ix. Firewall and Brute Force

b. WordFence Security

c. Better WP Security (now iThemes Security)

d. BulletProof Security

4. Others kept out of this list but may be useful:

a. Acunetix WP Security: Recently a lot of negative reviews have cropped up for this plugin on WordPress.org hence we couldn’t recommend it to you.

b. 6Scan Security: Many clients have complained about site going blank after installation of this plugin and hence we couldn’t recommend it to you.

c. Exploit Scanner

d. Quttera Web Malware Scanner

A Detailed Guide: on Setting Up Correct File Permissions and Ownership for WordPress

file-permission
When it comes to improving the security of a WordPress website, installing security plugins is usually considered as the best practice that every WordPress website must follow. However, people don’t pay much attention to setting up file permissions and ownership of a WordPress site. But remember that, file permissions and ownership are crucial elements that help ensure the overall security of a website. And, not setting up them properly can cause fatal errors and can compromise the security of your site and make it susceptible to attack.

Through this post, I’ll provide a detailed insight on setting up proper file permissions and ownerships in a WordPress site: what exactly do we mean by file permissions and ownerships and how to properly set them up. I’ll also share with you the different type of WordPress file configurations and how they differ from each other.

Using Terminal For Changing Permissions and Ownerships Over FTP Client
As you read through this post, in several sections, you’ll find that terminal is used for changing permissions and ownerships. But, probably a few of you might wonder why can’t you use an FTP Client to serve such a need? The reason that we’ll not be using the FTP client is that it comes with certain limitations.

Wondering what?

While it’s true that the FTP Client can help in transferring files and changing the permissions of files and folders, but it refrains users from changing the ownerships settings. Now, before you begin to setup your file permissions and ownerships, be sure about getting logged-in into your server using the “SSH” command. If you’re not familiar with using Linux commands, then you can have a better understanding of the same by going the article: “Introduction to Linux Commands.

Understanding the Difference Between Groups and Users
One important concept that you need to become familiar with before getting down to anything technical is the difference between users or groups. That’s because, both users and groups are closely related and are used to define permissions.

The user is basically an account having access to a computer system, while a group that help identify a set of users. What this means is that at the time whenever you need to transfer your files using an FTP client, you’ll need to get logged in with your main server – using your user account. And based on how your web host has set up your user account, you might be a part of one or more groups.

In essence, you can consider “Users” and “Groups” to be just like WordPress users roles. Both of these concepts are same in a contextual manner, however, the former is being used on the server.

What makes users and groups important is that they help in recognizing identifying files and folder privileges. Any user, who is the owner, of a particular file usually have complete privileges on that file; a few other users belonging to the same group as the owner will have lesser privileges to the file. Lastly, everyone else won’t be having any privileges on the file.

What Exactly Does File Permissions Mean?
So now that you’ve come to know about a few basic aspects of file permissions and ownerships, let us now talk about what exactly do we mean by WordPress file permissions.

In simple terms, permission is something that makes users authorized to read, write, modify and access different files and directories, belonging to a website. In WordPress, permission is normally highlighted by a set of different numbers, such as: 644 or 777. These numbers are also referred to as “permission mode”.
If you’re a programmer and have worked on WordPress files and plugins before, then you most likely would have stumbled across a situation wherein: a certain program asks to change the permissions associated with some specific files and directory, since they cannot be configured by a plugin. Put it simply, in order to give your web server the ability to access anything from a file, you’re required to change the file’s permission.

Oftentimes, permission mode in WordPress are being referred to as a statement: “who can do what”, to which every single numeric value (of the permission mode) represents the “who” part of that statement.

  • The first numeric value corresponds to what can a user account having ownership of the file can do.
  • The second numeric
    value corresponds to what all other user accounts – that are a part of the group that owns the file – can do.
  • The third numeric value represents
    what leftover user accounts can do.

Next, in the permission mode the numbers represent
the “what” part of the programming statement, and is basically the “sum of the combinations” of the following digits:

  • 4: Read a file, or the many different names of the files placed in a particular folder
  • 2: Write a file or modify it, or allow modifying the contents of a specific folder.
  • 1: Executes a file or run it, or help provide access to the files inside a particular folder.

 
The above mentioned digits are actually the privileges that are associated with the “who” part of the permission mode.
Note: Permissions can vary from one host to the other.

Understanding How You Should Modify the Permission Modes
An FTP client provides an interface that allows to change the permissions of all the files and folders in a highly convenient manner. The interface of the FTP client looks something like:
read

You can even make changes to the permission mode of your WordPress website files using the server’s terminal, but you must-have access to the terminal. Apart from having access to the terminal, you can make use of the “chmod” command for making the desired changes to permission modes of a particular file as well:

sudo chmod 644

Now, for making modification to all of the files (and folders) of your site, you’ll have to use the chmod command together with the find command, as follows:

sudo find . -type f -exec chmod 644 {} +

A Look at the WordPress Server Configurations
Before you start to make changes to your WordPress file permissions, it’s very important for you to become familiar with the process of setting up the server first. You can find many different server configurations that requires a distinct set of permission modes to make a WordPress site work in a proper and secure manner. But, I’ll be sharing only two of the most important and commonly used configurations and how you can set up proper file permissions for those configurations.

1. Standard Server Configuration – This WordPress configuration does not have any relationship between the user account and web server. This is because the configuration requires that the web server must run as any other user account. Before we start with the process of setting up permissions for the files for the standard server configuration, we must make some adjustments to the ownerships of files and folders taking into account the following considerations:

  • your user account must own all the files and folders of a WordPress install.
  • your user account and another user account of your web server should be part of the same group.

You can find out the group that your user accounts are associated with, using the “groups” command within your server’s terminal. And, to figure out the groups that your web server is a part of use the following PHP script:

echo exec( ‘groups’ );

If you come across a situation where your user and the web server belongs to a different group, then you can add a user to any group of your web server, by using the below provided command in the terminal:

sudo usermod -a -G <a-the-group-name> mygroup

In order to ensure that your user account has access to all the things of your WordPress folder and belongs to the newly created shared group, simply run the below mentioned command within the folder of your WordPress install:

sudo find . -exec chown mygroup:a-the-group-name {} +

Abiding by all of the aforementioned commands will ensure that all the files and folders of your WordPress site have correct ownership. Lastly, all you have to do is to make adjustments to the file and folder permission mode. To do so, you must keep the following key points in mind:

  • All files are required to have 664 permission mode.
  • All folders are required to have 775 permission mode.
  • The permission mode of the wp-config.php file ought to be 660.

 
Use either an FTP client for modifying the permission modes, or simply use the below mentioned commands within your WordPress install directory to serve such needs:

sudo find . -type f -exec chmod 664 {} +
sudo find . -type d -exec chmod 775 {} +
sudo chmod 660 wp-config.php

2. Shared Server (Or SuEXEC) Configuration: Compared to the standard WordPress server configuration, the permissions for the shared server configuration can be implemented in a remarkably easier way. This is because, we don’t need to emphasize on setting up the ownership since the web server owns the files and folders. This means that both our user account and web server are the owners, and have same privileges. And so, all we have to do is to modify the permission modes considering the below listed key points:

  • all the files ought to be 644.
  • all your folders ought to be 755.
  • And the permission mode of wp-config.php file should be 600.

 
To change the permissions of the files and folders, simply use the following commands in your WordPress website directory:
sudo find . -type f -exec chmod 644 {} +
sudo find . -type d -exec chmod 755 {} +
sudo chmod 600 wp-config.php

Final Words
One more important thing that you must consider is to avoid using the ‘777’ permission mode since it allows anyone to get access to the list of files, and enables to make modifications to any file in the folder. It’s pretty obvious that giving access privileges of a file to everyone is not good for your website security, as malicious users can place code in the file that can compromise your site’s security.

Hope that the post will make you better understand about the correct way to set up the file permissions and ownerships of your WordPress website.

Author Biography:
Jack Calder is a master in Web development technologies. He has successfully completed so many projects on time. Right now he is a PSD to WordPress Conversion service provider for some potential clients for SKT Themes.

WordPress 4.2.3 update breaks several thousand websites

wordpress back up pluginsWell if you recently upgraded/updated your WordPress website to 4.2.3 and it didn’t break your website you need not worry. But if it did break your website here are some of the possible reasons why it might have caused it in the first place:

WordPress.org core team has actually made changes to the shortcode API as has been listed here: https://make.wordpress.org/core/2015/07/23/changes-to-the-shortcode-api/

What happened due to this was that several plugin developers had used Shortcodes API in the way it suited their requirements and their plugin.

Now with changes to Shortcode API their whole plugin/code came crumbling down and basically breaking the websites which used these plugins.

Most common plugins which got affected were:
1. Types
2. Views

Since then users community have been posting remarks about WordPress auto background updates and whether or not its a good idea.

WordPress.org core team now needs to understand that website development agencies, plugin developers and theme developers all form part of their group and they should have announcements prior to releasing of any major update/changes like this which might possibly break a theme or plugin.

WordPress site hacked. Help!!!

help for WordPress site hackedOften nowadays with increase in number of hackers around the world many WordPress sites have become prone to these hackers. They often get compromised with either loss of data or breach of security with important data being thrown out in open supposed to be private.

Sometimes hackers hack the site completely and leave a black or white page with their info written in bold writing hacked by so and so and their email id for contact.

Many clients visit these email addresses and ask them to remove their hack codes and return them their site.

These hackers in turn charge exorbitant prices for returning the site to normal.

And hence we get to see such posts in WordPress support forum: “Wordpress site hacked. Help!”  “or my WordPress sites keep getting hacked”

How to deal with such situations?

Well as a best practice you should always have a backup of your site. Also there are a number of resources or plugins one should look at while hardening a WordPress security and also should scan their site at sucuri site scanner.

But people often tend to leave their site as it is and don’t often visit their site or update it.

Hence the need for WordPress hack repair consultants like us.

What do we do and how do we solve hacks?

We check your website using various resource tools as to which files have been affected.

Then we download the site and make a complete scan of your website. Each and every file on your website gets checked during this process.

We look for fuzzy codes, intrusion detection, and bad php codes.

When cause is found we replace those faulty infected files with proper working files.

After this is done a full database scan is done. Similarly in database we check which part of mysql has been affected.

Harden your site with sql rename, hiding backend, removing timthumb vulnerability, ensuring strong passwords, having correct file permissions.

If this is not all we harden your WordPress site such that it never ever gets hacked again!!!

Our charges are very nominal starting at $100 and depends on site structure and how big the site is.

Contact us in case your WordPress site got hacked.

WordPress releases 3.6.1 focuses more on Security!

WordPress has been often under fire for being insecure. And it is good to see that team at WordPress has taken this up seriously.

WordPress releases version 3.5.2 they focused on many security fixes and exploits.

In recent WordPress release they went up ahead and fixed even more.

As suggested by Andrew Nacin on WordPress releases 3.6.1 version .

Although in this WordPress release all the CSRF vulnerabilities weren’t fixed however they fixed the file upload CSRF vulnerability.

On another note all the themes on SKT can automatically be upgraded to version 3.6.1 as they have been found to be fully compatible with.

All the custom codes inside your WordPress themes and plugins shouldn’t get affected by this update since it only holds certain fixes for security.

It is however suggested only for people who run WordPress 3.5 and above to update to latest version. Previous version WordPress users should always first back up their WordPress before upgrading and should rather upgrade to 3.5 first and then upgrade to latest version.

Regards,
SKT Themes Team