Security

How to block an entire country from your website

October 17th, 2014

If you own a website or a blog, you know the awesome feeling when you get good traffic. This blog title might get you to ask a question, why in the world will anyone want to block an entire country from their website. Well you’ll be surprised to know that there are many out there who are actually blocking particular countries from their website. Some are targeting their website to specific countries and don’t want traffic from other countries to better manage their server resources while others just don’t want to deal with certain countries for their known spammers or hackers crowd[E.g. China accounts for nearly 41% of the total cyber attacks that were made around the world]

If you’re looking to block an entire country from your website then you’re in luck. We’re going to share the steps on how you can block countries from your website using your .htaccess file.

How to block a country from your website using the .htaccess file

 

1] First you  need to find the list of IPs for the country that you need to block. To find this, visit http://www.ip2location.com/free/visitor-blocker. Select the country that you wish to block and then choose the output format as Apache .htaccess deny and then download the file.

2] Now log into your cPanel

3] Click on File Manager and then select the Web Root radio button. You need to ensure that SHOW HIDDEN FILES is checked. Then click on GO to access the files.

4] Here you need to look for .htaccess file. Once you’ve located it, right click on the file and click on Edit.

5] Once you’re in the .htaccess editor, simply copy the code from the file that you downloaded in Step 1 and paste the code here. Click on Save to ensure the code is saved in the file. [Note: Selecting popular countries can result into thousand lines in block code]

That’s it, now any visitor from the IP range that you’ve added in the .htaccess file will not be able to access your website. We recommend that you take extra precaution while trying these steps.

Have any questions? Feel free to drop a comment below and we’ll answer your questions.

WordPress Security: Change Admin Username

September 7th, 2014

Whenever you’re setting up your WordPress website, the default username is always admin. In the excitement of getting started we ignore making any changes to the username and complete the installation. Unfortunately, this makes it easier for a Hacker to run a brute force attack as he now only needs to work on finding the password to get to your website’s admin dashboard. If you’ve committed this innocent mistake then it’s time to rectify it for the safety of your own WordPress website.

How to change WordPress ADMIN username

  • First you need to login to your website’s admin dashboard.
  • Hover over Users [left hand menu] and click on Add New.
  • You will need to fill in all the fields that include username, email, first name; last name, password etc [Choose a good username and a strong password]. Before clicking on Add New User don’t forget to change the role to Administrator.
  • You will now find the new user created in the Users section. You’ll then need to logout from the admin dashboard.
  • Now login again into your Admin dashboard with the new username and password.
  • Click on Users on the left the hand Menu and then click on Delete just below the old admin user. *We recommend taking a backup of your WordPress Website before you delete the old admin user*
  • You will now be taken to a screen where you will need to attribute all posts of the old user to the new one that you just created. Ensure you check the radio button Attribute all posts to and then select the new username from the dropdown Then click on Confirm deletion button. [If you don’t do this correctly, all posts that were attributed to the old username will be lost.]
  • You will now see that the old user has been deleted.

That’s how simple it is to fortify your WordPress security from a Brute force attack. Hackers will now have a tough time trying to guess the username and the password of your website.

Security tips for your Joomla website

August 20th, 2014

Website security has become the talk of the internet. With security loopholes discovered almost every other day, we know you’re concerned about your website. We recently shared a few easy ways to secure a  Drupal website and this time we want to talk about a few tips to secure your Joomla website.

Tips to secure your Joomla website

1] Updates: Your Joomla website and the supporting extensions should always be updated. Updates add more features or a security patch which is essential for your website in order to block any possible loop holes. These updates are generally very easy to install and won’t take much of your time. Think about this, it’s easy to update your website and it’s components than to figure what caused your website to crash and rebuild it again. Remember to take a backup before you apply the updates.

2] Delete unwanted extensions: Keep only those extensions that are required for your website, the rest need to be deleted. Many beginners tend to try a lot of extensions to see how it will help them with their website. Only a few extensions end up actually giving value to the website, the rest are just lying there with absolutely no additional benefit to the website. They simply take up your hosting space and can also become a potential threat to your website if they are not regularly maintained (updated).

3] Use strong login details: We are all aware that we need to set up strong passwords to secure the login page but we also need to setup an equally strong user name. The default usernames are generally ‘admin’ or ’administrator’ which are vulnerable to brute force attacks. Think of usernames as passwords and make it strong and not easy to guess. This way you’re adding another barrier for an attack on your website’s login gateway.

4] Setup right permissions: A very important tip to secure a Joomla website is setting up correct permissions for your website’s files and folders. We recommend setting the permissions of the folders to 755 and the files to 644. If you’re not aware on how to make changes to the permissions then you can check out this blog post.  Never use 777 for either your files or folders as this gives read, write and execute rights to everyone.

5] Security extensions: If you need an easy solution to take care of your website’s security then you can utilize one of the many security extensions available. You can try jSecure security extension, which covers a lot of security features that you will need to secure your Joomla website.

These tips should be good enough to give you a head start in securing your website. We would love to know of any security tips that have worked like a charm for you. Don’t forget to share them by leaving a comment below.

Three easy ways to secure your Drupal website

August 9th, 2014

Website hacking is on the rise and thousands of websites are becoming victims each day. You may be running your website on WordPress, Drupal or any other Content Management System but the risk of being hacked is almost the same for all. We are here today to share with you 4 very easy ways that will help you secure your Drupal website.

Three ways to secure your Drupal Website

1] Did you know that you could actually limit the number of login attempts to your account? Brute force attacks are common these days and the only way in, is through the login page. You can use a module called Login Security to temporarily or permanently ban IP addresses that are attempting a brute force attack on your website.

2] You need to enable auto logout for all the users of your Drupal website. Incase if your laptop gets stolen and you are still logged in then they can mess up your entire site. You can check out the module Automated Logout which will log out users after a specific amount of time.

3] Finally you need to update the Drupal core and all modules that are supporting your Drupal website. This will ensure that the any vulnerability with the older versions is taken care of. We recommend that you always take a backup before performing any update.

We do agree that there are more complex ways to strengthen the security of your Drupal website, but think of this as the basics which have to be done. You can start by setting up strong alpha numeric passwords for all your website users. Sometimes the biggest of the issues arise due to the smallest of the problems hence all precaution measures need to be taken.

Do leave a comment below if you have any crucial ways to secure a Drupal website.