Category Archives: Website Security

Easy WordPress Updates

Do you know how to update WordPress? You probably do, because it’s incredibly easy. But, what if there was an easier way to update one of the world’s most popular publishing platforms? Well good news, there is! We’re going to show you how.

WordPress out of the box is already easy to update. A few clicks, and you’re done. With our one click installer Softaculous, you can automate this entirely. First, we need to connect your WordPress website to our installer. Don’t worry, this is easy too! For those who have installed WordPress through our one click installer, be sure to skip to the section Setup Automatic WordPress Updates.

Import WordPress Into Softaculous

Start by logging into cPanel. Here, you’re going to look for an icon called Softaculous Apps Installer. Click this to enter Softaculous.

On the next page, you’re going to look for the WordPress logo. The WordPress logo will be displayed as a large “W” contained in a selection box. Normally, this will be the first option. Click this box to be taken to the next page where you will start to import your website.

On the next page, find and click on Import.

Navigating here was the hard part. Now comes the easy part!

  1. Choose the protocol your website uses. This can be http://, https://, http://www, or https://www.
  2. Choose the website domain you’re connecting to Softaculous.
  3. Click Import and you’re done!

You will see a success page after your WordPress website has been imported.

Setup Automatic WordPress Updates

Navigate to the installations page for your installed WordPress websites. In the following section, you will be presented with tools that will allow you to manage your website. Each row is unique to the website you’ll be managing.

  • Under Admin, you will be able to login directly into WordPress.
  • Under Options, you will have a suite of tools that allow you to clone, edit settings, backup, and remove your website.

For this demonstration, click on the pencil icon to be taken to the complete settings of your website. This is where everything happens, and where you’ll make some of your biggest changes. It will look like the image below.

On this page, you will now be able to enable automatic updates. Take a look at the following options and their checkboxes. Check any of the following options that you would like Softaculous to maintain for you.

Auto Upgrade will allow you to automatically update WordPress within minor versions, or major versions. For reference, a minor version change occurs when the WordPress version number changes from 4.1 to 4.2. A major version change occurs when the WordPress version number changes from 4.5 to 5.1.

If you have any custom plugins or themes, it is suggested to choose to only enable minor version upgrades until they have been tested with the next major version of WordPress.

Auto Upgrade WordPress Plugins will allow you to upgrade any plugins that you have installed directly within WordPress. Custom plugins do not apply here, and will need to be upgraded manually or by a developer.

Auto Upgrade WordPress Themes, similar to Plugins, will allow you to upgrade any themes that you have installed directly through WordPress. Just as with custom plugins, if you have any custom themes, these will need to be upgraded manually or by a developer. Child themes of course will still auto upgrade.

If you wish to receive email notices when upgrades occur, uncheck the box Disable Update Notifications Emails. If you would like to be on the safe side while Softaculous handles your upgrades, be sure to also enable backup options to add a little more redundancy in case anything needs to roll back.

When you’re done configuring your settings, click Save Installation Details, and you’re done! Softaculous will handle your WordPress upgrades for you.

You may have been provided a link to this article by one of our technical support team members. If this guide has helped you, we’d love to hear about it! Comment below, and share your feedback.

GlowHost provides Shared Web Hosting services starting at $4.95/mo. If you’re looking for an easier way to manage your WordPress website, sign up today and let our team help migrate and set up everything for you! We’ll even configure automatic updates described in this article; so you don’t have to worry about lingering security issues.

Website Software Updates for Dummies

Welcome to The Internet, a platform that allows the exchange of information and ideas. Most of the world connects to The Internet, so clearly it’s trusted. But is it safe? Well, the short answer is – it depends. You see, there are countless millions of websites, and many billions of web pages that need constant monitoring to protect them from spam, malware, and the bad guys who look to do harm to these pages. That’s where you come in, the ever vigilant webmaster constantly on the lookout for devilish hackers and armies of bots who just want to tell you about the latest pill. It’s up to webmasters like you to keep your websites safe for anyone who comes across your pages using tools and methods available to you such as software updates.

Take this write up as a utilitarian asset to help you better understand securing your websites by keeping them up to date. You may think you know a lot about this stuff, but stick around. You might learn something new.

Web Hosting Basics

Web hosting is a service which allows individuals and companies to establish a presence on The Internet. Simply put, you’re renting online space on a computer, more commonly known as a server. This online space allows visitors to view your websites in their web browser. With the introduction of control panel software such as cPanel and Plesk, the days of setting up your own server with complex configurations are over. Anyone can have a website up in a matter of minutes.

Web Hosting Terminology

You may want to familiarize yourself with some of the terms commonly mentioned in web hosting. These are important since the way you secure your website would depend on how it’s hosted.

Shared Hosting: The most common form of hosting since it’s the most cost-effective, you’ll usually share a single server with hundreds of other neighboring websites.

Virtual Private Server: Similar to a dedicated server, everyone on this type of service would be running their own operating system and software. Virtual servers offer higher levels of isolation compared to Shared Hosting, but most VPS all share a single dedicated server and generally share a central kernel.

Virtual Dedicated Server: Different hosts use this term interchangeably, but since GlowHost was one of the first hosts if not the first to use this term, I’m going to give you our definition. A VDS is similar to a dedicated server, where everyone on this type of service would be running their own operating system and software and each has it’s own unique kernel for maximum customization. A VDS, sometimes referred to a Virtual Machine (VM) or Virtual Environment (VE), offers the highest levels of isolation compared to Shared Hosting or VPS. Virtual Dedicated Servers from GlowHost are unique in that they live on a cluster of dedicated servers compared to a VPS which lives on just one dedicated server. A VDS will remain online if a single server goes down, in fact, our VDS can sustain multiple down servers without being detected. A simple VPS will be offline if there is a single dedicated server failure or overload.

Dedicated Server: True hardware isolation exists only for dedicated servers. Nobody but yourself will have access to the physical resources of dedicated hosting services.

Collocation: The hardware that you use to host your sites, such as physical servers and firewalls would be supplied by you, then shipped to and racked at a datacenter. You pay for electricity and bandwidth, as well as “remote hands” to make physical changes to your hardware or network that are required to be done on-site.

Now that we’ve covered the basics in hosting terminology, let’s switch gears and jump right into websites and how to keep them safe.

The Problem With Websites

While It may come as no surprise to some webmasters, the ugly truth is websites do get hacked. Regardless of the platform, software, or security tools you use, all web pages accessible to the general public which are powered by PHP or other scripting languages will eventually need updates to keep them secure. This puts webmasters in a difficult position to constantly monitor and maintain their code. Everyone is a target here.

How Websites Get Hacked

Much like an elaborate machine with many moving parts working together, something only works as well as its weakest component. A weak password, outdated PHP file long forgotten, or a public facing page that allows an individual to upload PHP files would all qualify as a weakness in security. These are all targets sought after by would-be hackers. In many cases, detection of these weaknesses are performed by automated scripts or applications (called robots). The robots scour The Internet, and subsequently attempt to exploit a site until they find a way in.

Why Websites Get Hacked

The goal of hackers is to gain unauthorized access to your website or server, and to valuate all data and resources after access is achieved. There are many incentives and reasons why websites get hacked. Each reason would depend on who’s hacking your website, what their intents are, and the type of data they discover. Below are only some examples:

  • Farm user data in order to sell or use for social engineering attempts
  • Gain access to privileged information not available anywhere else
  • Build a powerful botnet that may be leveraged for further attacks
  • Use server resources for cryptocurrency mining
  • Setup phishing pages such as bank account, email, and social network website logins
  • Deface your website, send spam, or build links to other websites
  • Gain bragging rights among their circle of hacker friends

The Solution To Website Hacks

The cause of websites getting hacked are often attributed to negligence or leaving unprotected code accessible to abusive scripts. There is no such thing as a fully secure website, however you can certainly mitigate your risks substantially by having good practices. The guidelines below will help you achieve a moderately high level of security in most circumstances.

Stay Updated: When your website is running open source PHP scripts such as WordPress and Drupal, you will have to update your website regularly as new modules and plugins are released. Many (like the ones mentioned) will automatically update, or give you a simple interface to perform essential security updates within a few clicks. If a webmaster simply misses an update, they would be prone to threats such as zero-day exploits or other attacks due to old code.

Protect Passwords: An obvious rule here, but one that cannot be stressed enough. Storing passwords in plain text files, unencrypted in the database, or even on a piece of paper and dropping it in some public space would open you to threats far worse than what some automated bots could do.

Encrypt Traffic: Ask your host about SSL since many web hosts already provide this essential service. Not only will SSL secure data sent to and from the server your website is housed on, but it will also build trust among your visitors. Not to mention, Google will bump you up in search results since Google now considers website security as part of their ranking algorithms.

Install Security Plugins: Specifically, we mean plugins/modules from open source scripts such as anti-spam tools, brute force login protection, and managed blacklists. If your web host supports the script you’re running, it’s likely the plugins you find and install will work without any issues. Be conservative here as many plugins could be developed that do the same thing. Conflicts are easy to encounter in this area, and many plugins are poorly coded which can make your web site slow to a crawl.

Webmaster Responsibilities

Regardless of how you secure your website, you should always bear in mind that your web hosting provider is not responsible for maintaining your website’s code. They already take care of the complex items behind the scenes such as patching the server’s kernel, isolating customer accounts on shared services, managing mod_security rules, maintaining an elaborate firewall, and the list goes on. You are responsible for keeping up to date with your website updates.

Even with the responsibility falling on your shoulders to maintain your website’s security, you’re not in this fight alone. Your web host will still provide you with the best tools in the industry to deal with these challenges. Such tools may include applications like Softaculous which may help keep your website up to date automatically (some scripts), regular backups (a definite must have), and a support team which should always be standing by to help you with any questions you may have.

Questions To Ask

Up to this point, you might feel like you’re alone and would otherwise have to contract third-party help to secure your website. That’s not always the case, and your web host may offer other services beyond hosting. Here are some questions you should ask your web host if you’re ever in a position where you need help:

  • I’ve been hacked, do you have backups available?
  • Do you offer a website maintenance plan to keep my website up to date?
  • Could you help me repair a hacked website?
  • I need help securing my website.
  • Do you offer deals on third-party security services such as Sucuri?
  • Can you explain how I can set up CloudFlare?
  • What security measures are in place for the server I’m on?

There are many questions you could ask, but this should serve as a good quick-starter.

Test Your Website’s Security

As a measure of good practice, once you’re all secured and ready to take on The Internet, run some security audits. There are an infinite amount of ways to hack a website. Fortunately, that leaves another infinite number of ways to test a website’s security. The simplest approach here is to leverage a third-party scanning service such as Sucuri.

For A Safer Internet

By following good practices explained in this article, you will be helping to create a safer Internet for everyone. Your web host will already have taken the security measures at the server levels, so be sure to take charge of your website updates at the script level.

Talk to a professional

We have a team of security professionals available to help with any questions or concerns you might have regarding your website/business’ security.  Call us today for a free consultation at 1-888-293-HOST (4678).