But TurboHub, our exclusive dashboard for WordPress sites, gives you a snapshot of your security status and makes detecting vulnerabilities and updating your protection as easy as one click.

Whether you take care of your own website or are an agency or web developer who manages dozens of sites, TurboHub makes reviewing security status and making the necessary updates a breeze.

Advanced WordPress Security From One Easy-To-Use Dashboard

The TurboHub security tab is the fastest and easiest way to keep your site safe. Whether you manage one website or 1,000, it is vital for monitoring site health and security.

Loaded with features to keep you secure, you can quickly review potential threats in one convenient place. Verify your SSL certificates, make sure malware detection and proactive defenses are enabled, and review potential threats.

Plus, TurboHub recommends actions to eliminate security vulnerabilities. From salt key status to inactive plugins or themes, you can take immediate action directly from the control panel. In most cases, you can enhance your security with one click.

What Is TurboHub?

TurboHub is A2 Hosting’s exclusive control panel for WordPress sites. Designed to make managing and protecting WordPress sites easier, it offers comprehensive metrics about the performance, health, and security of your websites.

Improve your efficiency and workflow by reviewing all of your A2 Hosting WordPress sites in one place. Easily view current performance and security snapshots, review recommendations, and make improvements and updates across all of your sites.

TurboHub Security Features

WordPress site security is one of the core features of the TurboHub control panel. From proactive defense to security best practices, it puts the top security features at your fingertips.

SSL Status & Proactive Defense

When it comes to website security, you need to be proactive. TurboHub’s SSL status and proactive defense indicators ensure your SSL certificate is valid and your malware and proactive security defense are active.

SSL, or Secure Sockets Layer, is the industry standard in data encryption for information transferred between a web server and a web browser. It protects online transactions and personal information, ensuring data privacy over the Internet.

A valid SSL certificate tells web browsers – and your customers – that your website follows SSL protocols for secure data transfer, keeping them safe.

Malware and proactive security defenses protect your website against malicious attacks that can hijack your website or steal customer data.

Advanced Website Hosting Protection

TurboHub allows you to instantly validate the status of your firewall and DDoS and brute force protection. These ensure you are safe against attacks designed to gain access to your web server.

A firewall is a digital barrier that blocks unauthorized access to your sites from cyber threats. When active, they block malicious traffic based on predefined security rules.

Reinforced Distributed Denial of Service (DDoS) protection prevents malicious attempts to attack your website and take them offline. DDoS attacks use multiple compromised computer systems to slow down or even crash websites, preventing access to legitimate users.

Brute force protection shields against relentless attacks attempting to log into your system. Attackers will systematically try to guess passwords, encryption keys, or other secret information. Brute force attacks are typically automated, allowing them to rapidly test millions of combinations.

A2 Recommended Actions

TurboHub also includes a number of A2 Hosting recommended security actions, like locking editing abilities on plugins and themes or bcrypt password hashing. These recommendations improve your overall website security, lowering the risk that hackers can access your site data.

Common recommendations include:

• Locking the editing for plugins and themes from WP Admin to prevent the misuse of built-in editing capabilities for malicious purposes.
• Deny direct access to configuration files to block bots and web users from directly accessing and potentially exploiting WordPress config files.
• Remove old wp-config.php backups to eliminate unnecessary files with potentially sensitive information.
• Use bcrypt password hashing for a more secure password storing and hashing method.
• Disable XML-RPC services to close a possible entryway a hacker could exploit your site.

You can easily toggle these options on or off from the TurboHub security panel to fit your security needs and keep your website data safe.

Best Security Practices

TurboHub also analyzes your website to ensure you are following the best security practices. You can identify potential vulnerabilities at a glance and take action to secure your sites. Simply review the recommended security updates and follow the instructions to implement these improvements.

When necessary, TurboHub will recommend the following actions:

• Regenerate salt key passwords to protect your account even if your login cookies are compromised.
• Check for and remove insecure SQL backups and files that could be accessed by hackers.
• Reduce potential vulnerabilities and improve site performance by removing unused plugins and unused WordPress themes.

Just follow the steps associated with each best practice to protect your site.

More TurboHub Features Coming Soon

Committed to the fastest and most reliable hosting solutions, A2 Hosting developed TurboHub to streamline WordPress site performance and management.

From personal sites and hobby projects to agencies and developers managing client sites, it offers features that simplest updates and makes everyone a performance and security expert.

But we aren’t done yet. We have an exciting lineup of advancements that will enhance your workflow and your websites.

A2 Intelligent Performance

Optimize your site’s performance with the power of AI. A2 Intelligent Performance monitors critical performance indicators to keep your site performing at its best. Easily review the data and make the most informed decisions about your site’s speed and reliability.

A2 AI Assistant Inside WordPress

Launch new websites quickly and easily with our AI co-pilot. Exclusive to TurboHub, our A2 AI Assistant for WordPress writes content, generates images, and can even design page layouts. Trained on WordPress help documentation, it will answer common questions and help you get the most out of your WordPress site.

Enhanced Staging

Our upcoming enhanced staging feature makes developing, testing, and deploying website updates a snap. This robust tub maximizes compatibility by recording changes on both staging and live sites. And the advanced 2-way sync ensures changes are mirrored in both environments.

Enhance Your Website Security With TurboHub

Enhance site security and improve your site performance with TurboHub for WordPress from A2 Hosting. Quickly review potential security risks and easily make improvements to protect your website. Streamline your WordPress site management today. TurboHub is available on all A2 Hosting WordPress hosting plans.

The post WordPress Security Made Easy With TurboHub appeared first on The A2 Posting.

Our Legacy of Speed and Performance

At A2 Hosting, we have built a strong reputation in the web hosting industry as leaders in speed and performance. Our commitment to providing the fastest, most reliable hosting solutions has always been our top priority. And that is why we developed TurboHub. It not only helps speed up site performance, but it also streamlines managing your WordPress sites.

What is TurboHub?

TurboHub is our state-of-the-art WordPress control panel that makes WordPress sites faster than ever! It’s an essential tool that allows individual site owners to improve performance, site health, and security. And the multi-site dashboard simplifies the workflow for agencies and developers. From a single control panel, you can monitor and maintain all of your sites, creating a seamless and more efficient WordPress experience.

Features of TurboHub

Site Performance Optimizations

TurboHub’s comprehensive metrics help you gain in-depth insights into your site’s performance. It highlights top recommendations and allows for one-click changes to boost performance.

Single-Click Multi-Site Management

Managing multiple WordPress sites has never been easier. With TurboHub, you can see all your sites from a single location, making updates and performance checks a breeze. This is particularly valuable for agencies and developers handling numerous client sites.

Site Health Monitoring

Keep your websites in peak condition with our site health monitoring tool! This is perfect for agencies and site owners with multiple websites and gives you an at-a-glance view of a site’s status to help you maintain smooth and secure operations effortlessly. Monitoring and maintaining multiple sites has never been easier!

Security Vulnerability

Through our partnership with Patchstack, we also alert you to high-priority plugin vulnerabilities so your site is never at risk. With the ability to see site risk at a glance, it helps you keep everything running smoothly and securely.

Other features to enhance your WordPress experience:

• Quick access to all of your WordPress sites.
• Grant access to users managing your account or request access to sites you manage for others.
• Automate plugin updates for each site.
• Site notes to enable easy communication between team members or companies.
• Quick access to databases, files, and email.
• Status information that lets you know your sites are online and running, including SSL, domain, and nameserver status.
• Ability to hide sites from search engines while under construction.
• Ability to place sites in maintenance mode during edits.

How Do I Get TurboHub?

TurboHub is now available free for all WordPress sites on our Managed WordPress, Managed VPS, and Shared plans. By choosing one of our plans, you instantly gain access to TurboHub and can start experiencing the benefits of a faster, more efficient WordPress site. TurboHub can be conveniently accessed through your MyA2 panel.

Don’t have an A2 plan, take advantage of our low prices and get started with TurboHub today!

Stay Tuned for More

TurboHub is constantly growing and evolving. We have an exciting roadmap ahead of us with many new features and improvements planned! At A2 we are dedicated to providing our users with the best tools available, and we encourage you to stay tuned for future updates on how TurboHub can help speed up and secure your website.

What’s Next for TurboHub?

A few items on our TurboHub roadmap that will help us achieve our goal of providing WordPress professionals with fast setup, fast websites, and fast support:

• A2 Intelligent Performance – Leverages advanced AI technology to automatically optimize your site’s performance. Easily monitor load times, uptime, and other critical performance indicators to ensure your site is always performing at its best. This will help you make informed decisions to continuously improve your site’s speed and reliability.
• A2 AI assistant inside WordPress – Helps you write content, generate images, and answer common WordPress questions.
• Enhanced Staging – Records changes to staging or live sites and lets them be pushed live or pulled back to staging.

Get started with an A2 Hosting plan today and get access to this new amazing tool and enhance your WordPress experience!

The post Introducing TurboHub – Transform Your WordPress Experience appeared first on The A2 Posting.

Fortunately, there are many ways to protect your website from the threat of malware and other cybersecurity issues. Many hosting providers enable customers to configure a range of site security settings using the popular Linux control dashboard cPanel. 

In this post, we’ll explain what website security is and why it’s important. We’ll also provide seven actionable tips that you can use to improve your site security and protect your website with cPanel. Ready? Let’s get started!

Why Protecting Your Website Is Important

It takes time and money to create a high-quality website for your business. However, without the right level of security, you could be putting your site at risk. 

According to cybersecurity statistics published by Forbes, one in three Americans have been a victim of ransomware attacks, and only five percent of companies ensure that their folders are properly protected.  That’s why it’s so important for site owners to take steps to secure their websites on a regular basis.

However, although protecting against cybercrime is one of the main benefits of maintaining good site security protocols, there are also some other benefits, including: 

• It helps to keep your employees safe. In the same way that your website can be at risk of malware attacks, your workers can be too. Viruses can pass from device to device. Therefore, if your site becomes infected, the devices your team members use to access the site may become compromised too.
• It can prevent your website from going down. Site owners should aim for as little website downtime as possible. Good cybersecurity measures can help you achieve this. By putting protective measures in place before attacks happen, you can prevent malware from causing issues that make you take your site offline to fix them. 
• It can inspire confidence in your customers. For online businesses, reputation is everything, even when it comes to your website. By following good cybersecurity protocols and sharing this with your customers, you can help them feel safe and secure when using your site. 

Next, we’ll take a look at cPanel, a commonly used control panel for WordPress sites. You can use it to make your website more secure without investing in any expensive plugins. 

A Brief Introduction to cPanel

cPanel is a control application that enables you to carry out server tasks for your WordPress website:

It isn’t the only application of this type available, but it’s the most commonly used Linux control panel. cPanel provides users with an easy-to-use interface for carrying out essential server-side maintenance tasks, including:

• File management
• Database management 
• Email management
• Site backups 

It can make your site easier to manage due to its automated processes and 24/7 support team. As such, it could be worth considering if you’re looking to save time and effort on your website management.

There are also several ways in which you can use cPanel to enhance cybersecurity. Next, we’ll take a look at some of the things you can do to protect your website with this application. 

How to Protect Your Website With cPanel (7 Essential Tips)

There are many site security plugins that you can use to enhance your cybersecurity. However, many of these are premium plugins that aren’t available for free. By using cPanel, you can secure your website using tools already at your disposal, so you don’t have to spend a penny. Here are our top seven tips for protecting your website with cPanel.

1.  Update cPanel Regularly 

Outdated elements on your website can lead to serious vulnerabilities. This is also true for cPanel. If it isn’t up to date, you could be leaving your site open to attacks and breaches. 

Additionally, you could be missing out on access to new security features by using an outdated version. Updates are used to fix bugs, add new features, and improve the security of cPanel. As such, it could be a good idea to ensure that you are always using the latest version of the software.

The good news is that keeping cPanel up to date is fairly easy. Depending on your hosting package, you may not need to manually update it at all, as the system administrators may take care of it for you.

If you do need to update it manually, start by logging into WebHost Manager (WHM). In the upper right corner of the main WHM screen, you should be able to see the current version of cPanel you’re running:

If a new version is available, you’ll also see a box just underneath this giving you the option to Update Now. All you have to do is click on this and wait for it to finish upgrading (it might take a while). Note that the Update Now box isn’t visible in the image above, as we’re currently already running the latest stable build. 

2. Choose Strong Passwords and Regularly Update Them

It’s imperative to ensure that all of your site entry points are protected by strong passwords. Without secure passwords in place, seasoned cybercriminals can easily infiltrate your site and install malware. 

Thankfully, with cPanel, it’s easy for you to reset your password. It even comes with a password generator to help you protect your site using strong credentials. To keep your site as safe as possible, it’s recommended that you change all passwords on a regular basis. Configuring them around once a month is usually sufficient. 

To change your cPanel password, log in and head to the Preferences tab, then click on Passwords and Security: 

Next, you’ll be prompted to input your old password, as well as your new updated password. You’ll also see a score that tells you how weak or strong your credentials are. If your chosen password is too weak, you might want to click on Password Generator instead. This will automatically generate a new, stronger login: 

Once you’ve done that, copy the generated password and paste it into the New Password field. Also, be sure to save it in a secure location that you can access in case you forget it and need a reminder. 

When you’re ready, click on Save Password Now! Once you’ve done that, your update should be complete, and you can start using your new credentials. 

3. Password Protect Your Vulnerable Directories 

In addition to having a strong password for your cPanel account, it’s equally important to password protect your vulnerable directories. Doing this in cPanel enables you to limit access to certain content for specific users.

Once you’ve added password protection to a directory, your site will prompt visitors to enter a username and password in their web browsers before they can access it. This helps to keep sensitive content secure from unauthorized access.

To add password protection to a directory, start by logging into cPanel. Next, scroll down to the Files section and click on Directory Privacy:

Here, you should be able to see a list of all your directories. Click on Edit next to the name of the folder you want to protect. On the next page, tick the box next to the text that says Password protect this directory. Then, type in a name for the protected directory below and click on Save:

Once you’ve done that, you should see a brief ‘success’ message. Click on Go Back, then enter a Username and Password in the appropriate text boxes, and then click on Save.

Note: You can also automatically generate a strong password by clicking on the Password Generator button:

If you ever want to remove the password protection, repeat the steps above to navigate to the directory again. Then, clear the Password protect this directory checkbox.

4. Enable cPHulk Brute-Force Protection

cPHulk is another useful service provided by cPanel that helps to protect your server against brute force attacks. These attacks involve an attacker using an automated system to attempt to guess your username and passwords by repeatedly trying different combinations in rapid succession.

Using cPHulk through cPanel will enable you to block the IP address or accounts exhibiting suspicious behavior automatically. This prevents attackers from carrying out any further attempts to log in, thus preventing them from gaining unauthorized access and installing malware on your site.

To enable CPHulk Brite-Force protection, you’ll first need to log in to WHM. From there, navigate to Security Center in the left-hand sidebar, and click on cPHulk Brute Force Protection:

Next, you can toggle the button to ON to enable cPHulk protection:

Once it’s enabled, you can tweak the Configuration Settings. For example, you can specify how many failed login attempts are required to lock IP addresses out, and how long they should be locked out for. Once you’re done making changes, click on Save:

Note that aside from Configuration Settings, several other tabs are available on this page: Whitelist Management, Blacklist Management, and History Reports.

You can whitelist and blacklist certain IP addresses manually by navigating to the appropriate tab. This is useful in certain circumstances. For example, it may be a good idea to whitelist your own IP to avoid a lockout from your server.

If you ever need to see a log of what actions cPHulk has taken, you can do so by clicking on the History Reports tab. 

5. Protect Against Hotlinking 

Hotlinking (sometimes called ‘direct linking’) refers to when another website links out directly to content hosted on your website, such as image files. When visitors to their website load the page, your site serves the image files they see. This allows the other website to effectively ‘steal’ your bandwidth and use it to show pictures to their visitors. 

Naturally, this is something you’ll probably want to avoid. Fortunately, you can do so easily. All you have to do is configure hotlink protection using cPanel. Here’s how to go about it.

First, log in to cPanel and scroll down to the Security section. Then, click on the Hotlink Protection icon:

On the next page, you can toggle Hotlink protection ON or OFF. You can also change your configuration settings. For example, you might want to specify certain URLs that are allowed to access your files (cPanel will automatically populate this box with suggested local URLs):

Next, you can also specify the specific file extensions you want to block direct access to by adding them to the Block direct access for the following extensions box (make sure you separate each file extension by a comma):

Again, the above box should be automatically pre-populated with commonly hotlinked file extensions. However, you might want to add extra file extensions that aren’t already included. 

You can also add a URL to the Redirect requests to the following URL text box:

This will serve users from blocked sites with the specified URL page instead of the hotlinked file. Once you’re done making changes to the settings, just click on Submit.

6. Utilize Patchman by SITELOCK

Patchman is a really useful security service that helps to prevent your site from being hacked. Once installed, it will automatically scan your website for malware. If it detects any potential threats, it immediately emails you to notify you of them. If you don’t resolve the issue within 24 hours, Patchman will quarantine the affected files to protect your site:

Not only that, but Patchman also detects whether your WordPress, Drupa, or Joomla installation requires patching. Again, it will notify you of this by email and automatically apply the patch if you don’t fix it yourself within a week.

A2 Hosting has partnered with Patchman to provide our web hosting customers with free malware and vulnerability scans. Therefore, if you have a web hosting account with us, Patchman should already be enabled for your domain. 

However, if you want to manage your settings or carry out specific administrative tasks, you can do so by accessing the Patchman dashboard. To get to the dashboard, start by logging into cPanel, then click on Patchman in the Advanced section:

From here, you can run manual scans, view detected items and applications, and carry out manual actions. For example, you can review potential malware and choose to either ignore it or quarantine it:

Utilizing Patchman is one of the best ways to protect your website from security threats. However, not all hosting providers include access to it. Therefore, it may be a good idea to choose a hosting service provider that partners with the service.

7. Use Secure Shell File Transfer Protocol (SFTP)

SFTP stands for Secure Shell File Transfer Protocol. As the name suggests, it’s a secure version of the regular File Transfer Protocol (FTP). It uses the Secure Shell protocol to encrypt transfers.

If you didn’t already know, FTP is how you transfer files between your computer and your hosting server to make them accessible to the public and vice-versa. These files are often confidential and may include sensitive data such as usernames and passwords.

The problem is that the original FTP protocol doesn’t encrypt this data, which leaves it vulnerable to interception by attackers. If you want to prevent hackers from getting access to your data, it’s recommended that you encrypt it by using STFP instead.

In order to transfer files using SFTP, you’ll need your main cPanel account’s private key for authentication. To find it, log in to cPanel and scroll down to the Security section. Then, click on SSH Access:

]

On the next page, click on Manage SSH Keys:

If you already have a public/private key pair, you can use those for SFTP transfers. If you don’t already have one, you can generate a new one by clicking on Generate a New Key:

Once you’ve generated a new key, go back to the Manage SSH Keys interface, and click on the Manage link next to the new key. Next, click on the Authorize button to allow it:

Go back and scroll down to Private Keys and click on View/Download. The next page should display your SSH key details. You can click on Download Key to save it somewhere safe to your computer:

Once you’ve done all the above, your site is ready for an SFTP connection. You can open your preferred FTP client and use the private key you downloaded to connect via SFTP.

Conclusion

Keeping your site safe from malicious activity and malware is extremely important. Fortunately, cPanel offers you several ways to ensure that your site is secure and protected. 

Here’s a quick recap of how to protect your website using cPanel:

1. Update cPanel regularly. 
2. Choose strong passwords and update them regularly. 
3. Password protect your vulnerable directories. 
4. Enable cPHulk Brute-Force protection.
5. Protect against hotlinking.
6. Utilize Patchman by SITELOCK.
7. Use Secure Shell File Transfer Protocol (SFTP).

If you’re looking for a hosting provider that understands the importance of site security and reliable hosting, check out our affordable Linux hosting plans!

Image credit: Free-Photos.

The post How to Protect Your Website With cPanel (7 Essential Tips) appeared first on The A2 Posting.

Brute Force is a website attack that uses either humans or systems to target protected information, with the main goal of obtaining login information. This blog discusses some well-known methods for preventing Brute Force attacks.

1. Hide the WordPress Admin Login Page

WordPress by default has the login page as either one of the following:

•  /wp-login.php
• /login
• /wp-admin
• /admin

Gaining access to login pages, particularly the admin login, provides hackers with unrestricted access to the entire site.

There are several ways to hide the login area, including using a plugin like WPS Hide Login, which allows you to change the admin login to another URL of your choosing. When someone tries to access wp-admin/wp-login.php/login/admin, they will get a 404 error.

2. WordPress Two-Factor Authentication (2FA) 

A two-factor authentication gives you an extra layer of security by requesting additional identification factors like the following: 

• A unique password (OTP) sent by SMS/e-mail
• A phone call
• A QR code
• A push notification

WordPress supports two-factor authentication via plugins like the Two-Factor plugin or time-based authentication via Google Authenticator. The Google Authenticator plugin enables per-user two-factor authentication. You could enable it for your administrator account while using less privileged accounts as usual.

3. Cloud-Based Security Plugins

While traffic is beneficial to any website, excessive bad traffic depletes your server’s resources. Similarly, limiting the number of users who can enter your site at the same time protects you from distributed denial of service (DDoS) attacks. Popular cloud security plugins such as Sucuri or CloudFlare not only protect against brute force login attacks, but also other security threats such as DDoS, spam, and bots. They provide complete protection for your WordPress site. Examine the security measures provided by your hosting provider for your website.

Conclusion

As previously stated, a brute force attack is one of the most traditional attacks, but it remains the most common type of WordPress security attack. While plugins and other security tools are available to help mitigate security threats, it is always important to keep your WordPress up to date. This includes updating any plugins and themes, as outdated plugins or themes provide a good backdoor for hackers to attempt a security attack. If you have any questions or need any help protecting your site contact our support team today!

The post How to Protect Your WordPress Against Brute Force Attack appeared first on The A2 Posting.

This new PHP version has allowed popular frameworks like Symfony and WordPress to run on PHP 8.1, so you know that A2 Hosting’s servers will be able to support it! You can now take advantage of PHP 8.1 with your PHP applications hosted by us.

New Updates!

PHP 8.1 is the most recent release of PHP and features new updates, such as:

Scalar Type Hints

PHP will now receive better error messages when type hinting doesn’t match. This means that if you’re expecting a string and PHP receives an integer, PHP will throw a clear and concise error message to help you debug the issue easier. PHP will also not allow errors to occur when typing hinting at your PHP variables. This is just one of the ways PHP 8.1 helps you keep your PHP applications secure and bug-free!

Return Type Declarations

PHP 8.1 now supports return type declarations which means that PHP will be able to tell what kind of data you’re expecting back from a function. PHP 8.1 can not only help with security but also PHP performance as PHP will be able to execute the function and return the type of data you’ve requested without an extra step which speeds up PHP execution!

PHP 7 Compatibility

PHP 8.1 now has improved compatibility with PHP 7 so PHP developers don’t have to rewrite their PHP scripts for PHP 7. PHP 8.1 is backward compatible with PHP 7 so you don’t have to rewrite your code!

Contact Us Today

A2 Hosting is a leading provider of PHP hosting with a 99.9% uptime guarantee and a 24/7 support team to help you get the most out of PHP 8.1, today! Our expert Guru Crew team can help you with any questions or concerns about your PHP application, PHP 8.1 support, or migrating to PHP 8.1! We are available 24/7/365.

The post A2 Hosting Supports Newest PHP Version 8.1 appeared first on The A2 Posting.

Looking to learn more in-depth about the security included with all these plans? Below is an explanation of the different security tools and features included and how this can help you make sure your website is safe and secure.

The Importance of Security on Websites Using WordPress

When there’s a huge demand for a script or CMS, there’s a good chance that hackers and attackers will be keeping an eye on websites using it. At any one time, there could be hundreds or thousands of attacks happening on the internet. This makes WordPress websites a target.

As such, hackers will always be scanning WordPress websites for vulnerable areas. This means website owners who don’t properly prepare and secure their WordPress sites may be at risk. This is why you need to keep the security on your website in tip-top shape! Below are the features we offer at A2 Hosting on our Managed WordPress plans to help ensure your security success.

Managed WordPress Security Features

A2 Hosting’s new Managed WordPress plans now come with a selection of enhanced security features that have been designed to support our users such as HackScan Protection, Reinforced DDoS Protection, and KernelCare. We’re including a complete breakdown below of three of the main tools we will be including in the plans and the different security features they provide our users:

WordPress Toolkit

We include different levels of cPanel’s WordPress Toolkit on all of our WordPress plans. Below are some of the main security perks:

• 1-Click Hardening: Used to scan existing and new sites for settings that may be potentially vulnerable.
• Automatic Hardening: This can keep your site safe through the auto-application of the industry’s best practices in security.
• Mass Hardening: Scans all your sites for vulnerable settings while securing every site with just a click.
• Security Rollback: In rare cases, security updates may create compatibility issues on your website. This feature will allow you to quickly revert the changes made.
• Mass Updates: This allows you to execute updates for all of your website’s WordPress themes, core, and plugins.

Jetpack Security

We will also be including the popular Jetpack Plugin. This plugin comes with a multitude of security features including:

• Automated Spam Filtering: Protects your site by keeping spam content away.
• Brute Force Attack Protection: Works to keep your website safe by blocking unsafe login attempts from distributed attacks and malicious botnets.
• Free Daily Malware Scans (Included with our Fly & Sell Plans): This feature automatically checks your site for vulnerabilities such as malware. You’ll also receive immediate alerts if Jetpack finds problems to be addressed quickly.

A2 Optimized

All of our plans also come with our plugin, A2 Optimized. We’ve focused on various security measures with A2 Optimized, which include the following:

• Deny Direct Access to Configuration Files and Comment Form: This allows you to protect your configuration files by creating a Forbidden error to bots and web users who try to access WP configuration files.
• Lock Editing of Plugins and Themes from the WP Admin: This prevents exploits to use the built-in editing capabilities of the WP Admin.
• Login URL Change: With this, you can hide your wp-login and wp-admin pages, blocking off hackers from entry through brute force attacks.
• Regenerate wp-config salts: WP salts and security keys help to secure the site’s login process along with the cookies that WordPress implements to authenticate users.
• ReCAPTCHA on Comments and Login: Used to increase site security while decreasing spam by adding a CAPTCHA to the login screen and comment forms.
• Unused Themes & Inactive Plugin Notifications: Themes and plugins with security flaws can still have an impact on the site. Having these notifications can help you better manage other features on your site for improved security.

cPanel Security Features

There is also a wide range of improvements to cPanel’s Security. This includes:

• Directory Privacy: Blocks users who want to open a folder that you’ve designated for protection. They will first need to enter a username and password for access.
• Free SSL Certificate (Free RapidSSL On Sell plans): This allows you to secure pages on your website so that details such as credit card numbers, logins, and more are sent encrypted instead of plain text.
• Hotlink Protection: Stops your images from being used on other sites.
• Imunify360: A comprehensive security suite for real-time and proactive website protection. It provides an all-in-one security solution that features a Web Application Firewall, an Intrusion Prevention and Detection system, a Network Firewall, Patch Management, and Real-time Antivirus protection.
• IP Blocker: Blocks a range of IP addresses to stop hackers from getting access to your site.
• Leech Protection: Stops users from publicly posting or sharing passwords to restricted areas of your site.
• ModSecurity: Provides real-time monitoring for incoming threats and blocks malicious connections before reaching your WordPress website and applications.
• Patchman: This scans your account for any outdated WP malware scripts, vulnerabilities, and applications. It will then fix any vulnerabilities without doing damage to the site.
• SSH: Provides more secure file transfers.
• Two-Factor Authentication (2FA): If turned on, it will require the app on your smartphone to provide a unique security code that you must input apart from your password when trying to log into your account.
• Virus Scanner: Configurable scan of your account to identify any security threats.

Need Help? Ask Our Guru Crew

If you need support or just have a few WordPress Hosting questions, you can count on our expert Sales team! Working 24/7/365, our friendly and knowledgeable staff are more than happy to address any concerns or issues. You may also reach them via email, phone, or live chat, so you can get the answers you need when you need them.

The post New Managed WordPress Enhanced Security Features with A2 Hosting appeared first on The A2 Posting.

Apache Log4j 2 is a Java-based logging library developed by the Apache Foundation. It is used by numerous enterprise applications and cloud services to provide advanced logging capabilities. If you have a managed hosting account, you can rest assured that we take care of server configuration and updates for you. If you have an unmanaged server, now is a good time to review your security configuration and make sure updates are installed in a timely manner.

On November 24, 2021, Alibaba Cloud’s security team reported a Log4j 2 remote code execution vulnerability to Apache. The exploit takes advantage of some Log4j functions that perform recursive analysis. With specially constructed malicious requests, attackers can trigger remote code execution.

The vulnerability impacts default configurations of several Apache frameworks, including:

• Apache Druid
• Apache Flink
• Apache Solr
• Apache Struts2

On December 10, 2021, this vulnerability was officially designated in the NIST national vulnerability database as CVE-2021-44228 (also known as the “Log4Shell” vulnerability).

How the Vulnerability Impacts You

Depending on the type of hosting account you have with A2 Hosting, you may or may not need to take action:

Shared, Reseller, and Managed WordPress Accounts

If you have a shared, reseller, or Managed WordPress hosting account, you do not need to do anything. These servers automatically receive frequent updates that include patches for the Log4j 2 vulnerability.

cPanel published an update to mitigate CVE-2021-44228 the same day the vulnerability was announced. For more information, see cPanel’s blog entry.

Managed VPS and Dedicated Servers

If you have a Managed VPS or Managed Dedicated server, you most likely do not need to take any action – your server is updated automatically with patches for the Log4j 2 vulnerability. The only exception is if you have installed any software utilizing log4j outside of cPanel/WHM you should ensure those installations are updated. All software installed and managed by A2 has already been updated.

cPanel published an update to mitigate CVE-2021-44228 the same day the vulnerability was announced. For more information, see cPanel’s blog entry.

Unmanaged VPS and Dedicated Servers

If you have an unmanaged VPS or unmanaged Dedicated server, make sure you keep it up-to-date with the latest security patches.

If you use Log4j 2 it is very important to ensure you have updated to the most recent version.  The first patch included another vulnerability which required a second patch.

Java 8 (or later) users should upgrade to release 2.16.0.

Java 7 users should upgrade to release 2.12.2.

More information can be found at Apache.

For information about how to install updates on unmanaged servers, please see this Knowledge Base article.

The Bottom Line

Heartbleed… Shellshock… The Log4j vulnerability is only the latest in a long line of security bugs. It isn’t the first, and it surely won’t be the last.

If you have a managed hosting account, you can rest assured that we take care of server configuration and updates for you. If you have an unmanaged server, now is a good time to review your security configuration and make sure updates are installed in a timely manner.

The post Log4Shell: 0-day Exploit in Popular Apache Logging Package Log4j 2 appeared first on The A2 Posting.

You may believe that having an unused theme will not harm your system, but WordPress themes are highly vulnerable and are a favorite place for hackers to inject malware into your site. In this blog, we’ll go over why you should delete unused WordPress themes, when you should keep them, and the best ways to do so in order to keep your WordPress safe and reliable at all times.

Why You Should Delete Unused WordPress Themes

Before we begin, let’s clarify that we’re talking about deleting both unused and inactive WordPress themes. The term “inactive themes” refers to themes that have been installed but are not being used. Of course, you could have as many deactivated themes in your system as you want, but this has an effect on the health of your site. Here are some reasons why you should get rid of any unused or inactive WordPress themes:

• Additional themes consume hosting server space because your themes are also a collection of files that require storage, which may require you to pay an additional fee for an unused item.
  When you have more inactive themes, it takes more time to create backups, migrate your site, and perform SEO scanning.
  WordPress themes are a good host for malware, and having fewer themes reduces site risk.
  Outdated WordPress themes pose even greater security risks; you must either keep all themes up to date or risk allowing hackers easy access to your site.

When You Should Keep Deactivated WordPress themes

Yes, it’s a good idea to let go of unused and inactive themes, but in some cases, such as the ones listed below, you need to keep them.

• If you have a child theme, you must keep the parent theme installed and deactivated on your WordPress system.
  Keeping one or two default themes on hand as a backup in case your primary themes fail.

Two Best Methods to Remove a WordPress Theme

You can either delete the WordPress theme through the administration dashboard or manually through cPanel. The steps are very simple in either case; however, when using a dashboard to delete a theme, you will not be able to delete an active theme.

However, if you do this manually through cPanel, WordPress will attempt to use the next installed theme after you delete an active theme. If no active installed themes are found, you must manually install a new WordPress theme. We recommend reading the article How to Disable and Delete WordPress Themes for a step-by-step guide on how to delete or disable themes effectively.

Conclusion

As this blog has highlighted, while it may be easier to simply keep installed WordPress themes because they appear to be harmless, they actually pose a security risk and consume storage space, which may have an impact on cost and performance. Always double-check that you are not deleting an active theme, and make a backup before deleting theme files as a precaution. If you have any further questions or encounter any problems while deleting the WordPress theme, please contact A2 Hosting Guru Crew; our team of experts is available around the clock to assist you in the best way possible.

The post How to Delete Your WordPress Theme appeared first on The A2 Posting.

• Common signs of eCommerce fraud
• Easy ways to prevent fraud

Red Flags for eCommerce Fraud

It’s hard to believe that your business is not immune to eCommerce fraud. However, the truth is, even if you take all precautions and employ best practices, there are still risks for your company. That being said, it is always important to educate yourself on signs of impending fraud so you can work on preventing any issues as they pop up: Here are some of the most common signs of fraud to look out for:

1. More Than One Card on an IP Address

An IP address with multiple cards can be a red flag. To avoid being caught, most fraudsters will attempt numerous transactions with the same card.

2. Large Quantities of Your Product Are Being Purchased

If you offer a product with high demand, it’s expected to have larger and more consistent purchases. However, large quantities purchased from multiple locations by the same person or group can indicate fraud.

3. Shipping to Unusual Locations

If the shipping address does not match the product, this is a red flag. This could mean the person is ordering with a stolen credit card.

4. Different IP Address Compared to the Shipping Address

If the person’s IP address making the purchase differs from their location, this is a red flag. Most likely, this person uses a VPN or other service to hide their location. Also, keep in mind that the billing and shipping addresses may be different.

5. Many Transactions in a Very Small Period

Multiple transactions in a short amount of time is an indication that something could be wrong. Fraudsters usually test your business with small purchases before making larger purchases.

Ways to Prevent Fraud

As a business owner, it is your responsibility to prevent fraud in any way possible. There are many ways you can do this, and we will go over the most effective methods below:

1. Analyze and Assess Fraud Risks With Fraud Assessment Tools

Fraud assessment tools will allow you to assess your risk for fraud. This can be done in real-time and provide information about the likelihood of fraud occurring.

2. Update High-Quality Software Helping You Run Things

If you’re using software that is not up-to-date or effective, then it can open your business to fraud. You must have high-quality software that is constantly being updated.

3. Download Fraud Detection and Management Software

Fraud Detection and Management Software is the only way that you can truly protect your business. Whatever software solution you choose, make sure it’s designed to monitor transactions in real-time so that any fraudulent activity will be detected immediately.

3. Keep PCI Compliance

Disregarding PCI compliance is a huge risk. If you are not following the rules, your business can be liable for any credit card fraud on their website or store. This means that you could have legal issues to deal with and loss of revenue and reputation if it’s determined that your negligence led to fraudulent activity.

4. Use RBA (Risk-Based Authentication)

RBA is the only way that you can truly verify someone’s identity. This method ensures that all customers need to provide additional information before they purchase in order for it to be approved.

5. Require CVV Numbers on All Purchases

Requiring CVVs on all transactions can be a huge deterrent for fraudsters. This is because they only tend to make purchases with stolen credit cards or through online retailers that don’t require this information.

6. Use HTTPS Protocol

Using the Hypertext Transfer Protocol Secure will ensure that all of your transactions are encrypted. This prevents any potential hackers from gaining access to your data, and it also provides another layer of security on top of SSL certificates.

7. Use AVS (Address Verification System)

Address verification ensures that the billing information and shipping address match up. If they don’t, this can be a red flag for fraudsters who use stolen credit cards or purchase goods online without having them shipped.

Conclusion

Another great way to avoid fraud is by ensuring a high-quality web hosting company hosts your website. A2 Hosting offers secure and dependable service, so we’re here for you if something goes wrong. With 24/7/365 support and a 99.9% uptime commitment,+*969* we’re available for our customers when you need us.

Our sales teams will help you choose a plan that’s perfect for any business size. Let us take care of everything so that you don’t have to worry about anything but growing your business. Contact us today!

The post The Secret to Identifying and Preventing eCommerce Fraud (7 Easy Steps) appeared first on The A2 Posting.

CAPTCHAs are commonly used in websites to prevent hacker-programmed bots from gaining unauthorized access to a website’s services. If you suddenly received a flood of spam emails, or if your signup forms or ticket purchases received a flood of responses, your site has most likely been hijacked by a bot. This blog provides an overview of captcha, why it is required, and a link to instructions for including it on your WordPress site.

What is Captcha?

Captcha is a test tool that can distinguish between a human and a robot or bot. It begins as a series of blurred and stretched letters and words on a panel. Users are then prompted to enter the identified obscured text. Although many website owners understand the value of Captcha in reducing unauthorized access, having captcha irritates site visitors, particularly those with disabilities.

reCaptcha by Google

Google made reCaptcha available to businesses for free in exchange for using the testing data to train and improve its Google Maps feature identification system. reCaptcha improved the user experience by simply asking the user to tick the box to confirm ‘I am not a robot,’ and if there is any doubt, an image grid is presented asking the user to identify a feature for further confirmation. This was a much-preferred method rather than guessing blurred and stretched letters and numbers.

To make things even easier, Google recently launched “invisible reCaptcha,”. It assesses interaction with a page using data points to determine whether the user is a bot or a human. This tool analyzes key behavioral aspects such as typing behavior, spelling mistakes, and time to fill out a form as a form of validation. However, because no one fully understands how Google processes the data, it is still not a popular method.

Why do you need Captcha on your site?

The primary goal of Captcha is to prevent bots from submitting bogus requests! Here are some well-known reasons why you should use a captcha on your website:

• You can prevent hackers from using bots to answer your online polls, thereby compromising the integrity of your response.
• You can prevent spam, unwanted comments, and links from appearing on your content pages.
• To provide your users with a secure online shopping experience on your website, prevent hackers from stealing sensitive information such as login credentials.
• Filters automated traffic, which means you can prevent unwanted multiple email accounts from being used to hack your site.

How to add Captcha on a WordPress site?

Now that you understand how Captcha can help you stop unwanted traffic and reduce spam, it’s time to put it into action on your website. Captcha can be added to your WordPress site by using the Google Captcha plugin. Learn how to add CAPTCHA protection to a WordPress site in a few simple steps by reading our article How to add CAPTCHA protection to a WordPress site.

The post Why Does Your WordPress Site Need Captcha? appeared first on The A2 Posting.