Hosting

With the ever-growing trend of HTTPS, SSL certificates, and a renewed focus on improved user experience, website owners are now emphasizing more and more on website security.

Cloud hosting and otherwise it doesn’t matter. If your site needs to remain secure you need an SSL certificate.

SSL certificates are the way towards having a safe and secure website.

If you do not know anything about SSL certificates, HTTPS, and website encryption, this is the perfect blog post for you.

In this article, we discuss the basics of SSL certificates, its role in improving website security, different types of SSL certificates, and how SSL affects a website’s search engine rankings.

What is an SSL certificate?

According to the definition by SSL.com:

“SSL is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browser remain private.”

In simple words, when you install an SSL certificate to your website, it creates an additional layer of security, which ensures that whatever information users share on your site remains 100% safe and protected.

Also, when your website is protected by an SSL certificate, the URL changes from HTTP to HTTPS. The extra “s” represents the SSL certificate and additional layer of security.

In other words, website visitors can quickly and easily spot whether a website is secure or not — just by looking at its URL and whether or not it starts with HTTPS.

The importance of SSL certificates

As we just discussed, website visitors can quickly spot if your website is secured by SSL or not.

As concerns about online privacy and data protection continue to grow, online users are becoming more hesitant in visiting websites that do not guarantee 100% safety.

Websites without SSL certificates (HTTP websites) aren’t 100% secure. Whenever a visitor lands on such unsafe websites, Google Chrome explicitly warns users that they should not share any information, e.g., email address, credit card information, bank account info, etc.

This results in more and more people quitting the website as soon as they land on it. Moreover, it also directly impacts the site’s revenue and sales potential.

Different types of SSL certificates

Installing an SSL certificate isn’t really an option anymore — especially if you are competitors have already moved to HTTPS.

You need to provide the best user experience to your website visitors, and you cannot really do that without a safe and secure website. It means that you have to install an SSL certificate as soon as possible.

Besides, there are no disadvantages of installing an SSL certificate (except the cost that you have to bear), but there are plenty of advantages.

Once you start browsing, you will find out that there are a few different types of SSL certificates. Here is a quick rundown of the five common SSL types:

  1. Single domain SSL certificate
  2. Multi-domain SSL certificate
  3. Organization SSL certificate
  4. Wildcard SSL certificate
  5. Extended SSL certificate

If you have a single website or blog, the single domain SSL certificate would be the best option for you.

One important thing to note here is that the single-domain SSL certificate does not cover subdomains. If you also want subdomains covered, you should look into Wildcard SSL certificates. If you want multiple domains with multiple subdomains to be covered, a multi-domain SSL certificate would be a better option.

SSL certificates and search engine rankings

Does an SSL certificate affect and improve a website’s search engine rankings?

It does so directly and indirectly.

First, when you migrate from HTTP to HTTPS, your website gets a slight boost in the search engine rankings.

Second, an SSL certificate improves user experience, average page-on time, engagement rate, click-through rate, etc. All these factors eventually lead to improved rankings in the SERPs.

Brian Dean from Backlinko also conducted a study that showed a positive correlation between the use of HTTPS and top positions in the search engine results pages (SERPs).

As we mentioned earlier, installing an SSL certificate isn’t really an option anymore. If you truly want to become an authority in your niche, you must move to HTTPS.

 

Even More Reasons To Use SSL Certificates

Starting May of 2017, the Google Chrome browser will show a full-page warning whenever users are accessing an HTTPS website that’s using an SSL certificate that has not been logged in a public Certificate Transparency (CT) log.

By doing so, Chrome becomes the first browser to implement support for the Certificate Transparency Log Policy. Other browser makers have also agreed to support this mechanism in the future, albeit they have not provided more details.

This new policy was first proposed by Google engineers in 2016, and was scheduled to enter into effect in October 2017, but was later delayed for 2018.

 

Luckily if you host with cloudways you can get a free SSL certificate using letsencrypt

Get a free cloud server now with free SSL Certificates

 

 

 

 

.

0

Hosting

It comes with a powerful free version and the pro version is very reasonable.

Check out the free plugin here

Has your WordPress-hosted website been hacked despite all your security measures? unfortunately, this is the hard reality of this age that despite all the technology and WordPress security features, no website is completely safe from being hacked by professional hackers.

But, did you know as a website owner, you can take steps that can fix or clean your hacked WordPress site or determine if your site has indeed been hacked? Here is how…

Sure Signs of Hacked WordPress Site

There are several signs, both visible and less visible, which you can use to confirm if your WordPress has been hacked and compromised. Some of the common signs of a hacked WordPress site include:

  • Defacing of the website home page, which is the most visible sign. However, home page defacing may be avoided if the hackers want to remain undetected for a longer duration.
  • Injection of data or bad links to your website (example, your website footer), commonly done through the creation of a backdoor on the WordPress website.
  • A sudden drop or spike in the website traffic, as indicated by Google Analytics reports.
  • Inability to log in to your WordPress account as the admin, which suggests that your WordPress admin account may have been deleted by the hacker.
  • Creation of spam user accounts in the WordPress account, including those with admin user rights.
  • Addition of unknown files and scripts on your web server folder (commonly in the wp-content folder).
  • Slow or unresponsive website caused due to an overload of HTTP requests sent to your web server.
  • Inability to send or receive emails using WordPress, generally caused due to the hacking of the WordPress mail server.
  • Addition of unscheduled tasks to your web server by the hacker.
  • Browser warning about security risks when the user tries to access a compromised or hacked website, due to the detection of suspicious code or scripts running on the site.
  • The traffic to your website being redirected to another URL address.

Here are the steps to Fix a Hacked WordPress Site.

Here are the steps to follow to fix your compromised site:

1. Identify the Type of Hack

This can be done by using scanning tools, which can locate malicious codes. Additionally, check for any core vulnerabilities in the WordPress core files, located in the wp-admin, wp-includes, and other root folders.

You can also check the Google’s Transparency Report to use their diagnostic tools, which can indicate the current security status of your website.

2. Remove the Hack

  • Cleaning the Hacked WordPress Files: You can perform a manual fix on any core infected files such as the wp-config.php file or the wp-content folder.
  •  
  • Other infected custom files can be cleaned either using a backup file or a fresh downloaded copy.
  •  
  • Cleaning the Hacked Database Tables: This is required to remove any infected malware files from your database tables.
  •  
  • You can also use database search to locate any of the typical malicious PHP functions such as eval, base64_decode, or preg_replace.

Once you have identified the location of the malware files, you can compare them with a recent backup version of the data to see

what has changed. Removing the hack typically comprises of:

Fixing and restore your website can be achieved by any of the following methods, which are discussed in detail in the following sections:

  • Removing Backdoors: Another method that hackers use to gain illegal entry into your website is by backdoor PHP functions that are injected into files such as wp-config.php along with directories such as /themes, /plugins/, or /uploads. Common PHP functions such as base64, eval, exec, and preg_replace are used for backdoors and legitimate use by most WordPress plugins. Hence, along with avoiding any site breaking, backdoors must be properly cleaned to avoid any reinfection of the website.
  • Manual Clean-ups
  • Use of WordPress Security Solutions

 

Conclusion

Make Your WordPress Website much Faster.

Host it now on Cloudways Managed Cloud Hosting platform.

With the increasing number of websites being hacked or compromised, website owners must learn to stay calm and complete the entire process of website cleaning and restoration to prevent another security lapse in the future. If you have any questions on a hacked WordPress site, comment below.

  • Install a WordPress firewall plugin to provide protection for your website and lower the possibility of a future hack.
  •  
  • Additional steps include checking the user permissions for the WordPress admin rights, disabling of user cookies on the WordPress admin to prevent future hacks, and updating your WordPress account password.
  •  
  • Update all the installed WordPress plugins and themes. As the majority of the WordPress hacks occur due to vulnerabilities in third-party plugins and themes, it is important to report it to the plugin development team, who can develop and release a security patch. If you are not using certain plugins, remove them from your site.
  •  
  • Use the latest updates on all software on your WordPress site, as most vulnerabilities arise due to outdated versions of software tools.

Fixing the Vulnerability of Your WordPress Website

Along with repairing and restoring your hacked website, it is equally vital to fix the security flaws of the site that caused the hacking in the first place. Most hackers can exploit the security-related loopholes even after the compromised website has been cleaned and restored. Listed below are the points to remember to remove the security loopholes in your WordPress site:

This is among the fastest methods of restoring your hacked WordPress site back to running mode. This method can be implemented only if you have taken regular backups of your site and if the backup themselves have not been hacked. However, if your website has daily content changes and user comments, restoring your website using the backup method can make you lose valuable data.

Another limitation of backup restore method is that it does not work in the removal of any new infected files or folders added by the hackers to enable them to compromise a website repeatedly.

  • Cleaning to fix and clean the located malware. While WordPress security solutions such as MalCare offers auto-cleaning facilities, Theme Authenticity Checker (or TAC) checks for any malicious code in the installed themes and offers two modes of implementing the fix, namely either manual removal of the infected code or replacement of the infected file with the original clean file.

WordPress security solutions such as MalCare and SecuPress implement the best of security practices such as blocking of PHP execution in untrusted folders and changing the security keys. Most of the available security solutions fix the hacked website by performing the following steps, namely:

  • Scanning to determine the location of the malware and the infected files. Popular WordPress plugins such as Sucuri WordPress Auditing indicates the security status of your core WordPress files, along with showing the location of hacked files.
  • Manual removal of all infected files with new WordPress files (available through download) or replacement all the WordPress files (including the infected ones) with the downloaded files.

A primary indicator of a hacked website is the presence of malicious code inserted into the eval (base64_decode) code function, which is located in the wp-config.php file. Most hackers add and hide their malicious code within this function, which becomes difficult to ascertain from the normal code.

Alternatively, hackers can hide the malicious code in other vulnerable PHP functions such as file, preg_replace. Overall, manualclean-ups are challenging to implement as it involves identifying the malicious hacker code, which can be inserted in different code combinations and patterns.

WordPress Security Solutions

If you do not have the technical know-how to implement a manual clean-up, it is best to apply a practical WordPress security solution. Additionally, most professional hackers hide their malicious scripts in different folder location of WordPress, which enable repeated hacking and are difficult to scan and remove.

  • Website Backup Restore

Manual Clean-ups

A hacked WordPress website can be manually cleaned using either of the following options:

  • Manual replacement of the infected files with the downloaded copy.
  •  

Preventing your WordPress site from getting hacked


We use and recommend using wordfence for WordPress since it comes with so many awesome features for free.

It comes with a powerful free version and the pro version is very reasonable.

Check out the free plugin here

Get an SSL certificate next!

If you are looking to get a very affordable (less than $10) SSL certificate we highly recommend using gogetssl.

We use gogetssl exclusively for our SSL certs because of the price and ease of use.

With Gogetssl we have been able to order and secure a sight fully within MINUTES. check out a super affordable comodo SSL certificate HERE

Once you have installed your certificates or want to test it out simply go to the SSL checker and test out your confiugration.

3

Cloud hosting company DigitalOcean is launching some new price offerings today. In particular, the company is also upgrading its basic $5 droplet instances with better specs for the first time in years.

Five years ago, DigitalOcean offered something quite revolutionary. Before today, you could pay $5 per month and get a server with 20GB of SSD storage, 512MB of RAM and 1 CPU core. But virtual Linux servers have become a crowded space with plenty of competitors popping up and adjusting their prices.

On Linode, you can pay $5 per month to get 1GB of RAM, 20GB of SSD storage and 1 CPU core. On Scaleway, you can pay $3.65 (€2.99) for 2GB of RAM, 50GB of SSD storage and 2 CPU cores. You get the idea, DigitalOcean is overhauling its lineup to remain competitive.

For $5 per month, you now get 1GB of RAM and 25GB of SSD storage, while CPU performance remains the same. All standard droplets now get twice as much RAM for the same price and more storage in general. The higher you pay, the more storage you get.

Starting at $40, you get more CPU virtual cores for the same price except on the $160/month model. There are two new expensive droplets, including a new top-of-the-line one. For $960 per month, you get 192GB of RAM, 32 cores and 3840GB of storage.

Interestingly, there are now more options for $15 per month. You can get 3GB of RAM with 1 core, 2GB of RAM with 2 cores, or 1GB of RAM with 3 cores. Finally, optimized droplets get 33 percent more RAM and also a storage upgrade. DigitalOcean has a new pricing page with more details.

As always, you can go to your administration panel on DigitalOcean and switch to another droplet model. That flexibility has been a key feature behind DigitalOcean’s success. So if you’re a DigitalOcean customer, it’s time to take advantage of those pricing changes.

 

Try Digital Ocean managed with Cloudways for FREE!

Standard and flexible droplets

Optimized droplets

1