Industry Buzz

The Homesteader - vol 2

Homestead Small Business Blog -

Step into the lightLet us all help you improve your site. Getting the opinion of your fellow Homesteaders can help a great deal. You could get some great ideas or learn some new tricks with Homestead Websitebuilder. Submit your site to be featured in The Homesteader.10 Great Marketing TipsOur partners at Constant Contact provided us with a great article containing tips to help market your business on a smaller budget. We hope it helps!Drop Down MenusIf you didn't already know, Homestead Websitebuilder has drop down menus!See how! 

The Homesteader - vol 1

Homestead Small Business Blog -

Great ideas are meant to be sharedAt Homestead, our goal is to help you build a home on the internet and succeed online. In order to achieve this, we introduce our monthly newsletter and the Homestead community , which highlight helpful articles, customer sites, tips and other ways to enhance your website.As a Homestead member, we hope that you will join the community to discuss being a small business online, receive insight from fellow members and solution providers that will help you stake a claim. So come join the conversations. Ask questions, offer opinions and make suggestions. We’re eager to hear from you.The Homestead Community , please come check it out. It is our online support center where Homesteaders from all over answer your questions and share insights. Together we can help each other succeed.We know that you are busy, and understand if you don't wish to receive this newsletter. You can easily unsubscribe in the footer, and we won't bother you again. However, if you are interested in participating, everyone can benefit from your knowledge and experienceHomestead WebsitebuilderIf you haven't already tried the new Homestead Websitebuilder or didn't even know about it, we highly recommend you take a look. It will present your business with a much more modern look and feel, including drop down menus and image slideshows. All you have to do is create a new site .Helpful hintOn page SEO starts with page titles and descriptions. Homestead Websitebuilder makes it extremely easy to add these essential components to your page.See how!Featured siteHere's a new site built with Homestead Websitebuilder and it's a great start! Take a look at it. You can suggest improvements and maybe get some ideas for your own site.Let's talk! 

5 essential elements every website homepage should have

Name.com Blog -

When someone visits your website for the first time, there’s a limited opportunity to convince them to stay on your site, click through your pages, and make return visits in the future. No pressure, right? While there’s no perfect formula for a homepage that’s sure to capture the attention of every person who visits your […] The post 5 essential elements every website homepage should have appeared first on Name.com Blog.

Get Started with Blockchain Using the new AWS Blockchain Templates

Amazon Web Services Blog -

Many of today’s discussions around blockchain technology remind me of the classic Shimmer Floor Wax skit. According to Dan Aykroyd, Shimmer is a dessert topping. Gilda Radner claims that it is a floor wax, and Chevy Chase settles the debate and reveals that it actually is both! Some of the people that I talk to see blockchains as the foundation of a new monetary system and a way to facilitate international payments. Others see blockchains as a distributed ledger and immutable data source that can be applied to logistics, supply chain, land registration, crowdfunding, and other use cases. Either way, it is clear that there are a lot of intriguing possibilities and we are working to help our customers use this technology more effectively. We are launching AWS Blockchain Templates today. These templates will let you launch an Ethereum (either public or private) or Hyperledger Fabric (private) network in a matter of minutes and with just a few clicks. The templates create and configure all of the AWS resources needed to get you going in a robust and scalable fashion. Launching a Private Ethereum Network The Ethereum template offers two launch options. The ecs option creates an Amazon ECS cluster within a Virtual Private Cloud (VPC) and launches a set of Docker images in the cluster. The docker-local option also runs within a VPC, and launches the Docker images on EC2 instances. The template supports Ethereum mining, the EthStats and EthExplorer status pages, and a set of nodes that implement and respond to the Ethereum RPC protocol. Both options create and make use of a DynamoDB table for service discovery, along with Application Load Balancers for the status pages. Here are the AWS Blockchain Templates for Ethereum: Ethereum Network – US East (Northern Virginia) Ethereum Network – US East (Ohio) Ethereum Network – US West (Oregon) I start by opening the CloudFormation Console in the desired region and clicking Create Stack: I select Specify an Amazon S3 template URL, enter the URL of the template for the region, and click Next: I give my stack a name: Next, I enter the first set of parameters, including the network ID for the genesis block. I’ll stick with the default values for now: I will also use the default values for the remaining network parameters: Moving right along, I choose the container orchestration platform (ecs or docker-local, as I explained earlier) and the EC2 instance type for the container nodes: Next, I choose my VPC and the subnets for the Ethereum network and the Application Load Balancer: I configure my keypair, EC2 security group, IAM role, and instance profile ARN (full information on the required permissions can be found in the documentation): The Instance Profile ARN can be found on the summary page for the role: I confirm that I want to deploy EthStats and EthExplorer, choose the tag and version for the nested CloudFormation templates that are used by this one, and click Next to proceed: On the next page I specify a tag for the resources that the stack will create, leave the other options as-is, and click Next: I review all of the parameters and options, acknowledge that the stack might create IAM resources, and click Create to build my network: The template makes use of three nested templates: After all of the stacks have been created (mine took about 5 minutes), I can select JeffNet and click the Outputs tab to discover the links to EthStats and EthExplorer: Here’s my EthStats: And my EthExplorer: If I am writing apps that make use of my private network to store and process smart contracts, I would use the EthJsonRpcUrl. Stay Tuned My colleagues are eager to get your feedback on these new templates and plan to add new versions of the frameworks as they become available. — Jeff;  

The Death of SquirrelMail

cPanel Blog -

As of cPanel & WHM version 74, we will begin to deprecate our support of SquirrelMail, one of our bundled webmail applications. We expect to stop shipping SquirrelMail for new installations of cPanel & WHM in version 76 and will remove our support with version 78. As this change will disrupt many users, we are taking this opportunity to explain the reasons behind our decision. We also are opening a dialogue with you, our community, about ...

The U.S. Is Facing a Critical Skills Shortage, Reskilling Can Be Part of the Solution

LinkedIn Official Blog -

We are in the midst of a widespread economic shift. Artificial intelligence, widening skills gaps, and the rise of independent workers will dramatically impact the way we work. Although meaningful change may feel like it’s a long ways off, a recent McKinsey report estimates 50% of today’s jobs are susceptible to artificial intelligence capabilities that are already in the market. While these shifts are looming, there are proactive steps professionals can take to build the skills they need to... .

1 year and 3 months working at Cloudflare: How is it going so far?

CloudFlare Blog -

This post is inspired by a very good blog post from one of my colleague in the US, which I really appreciated as I was a newcomer to the company. It was great to see what it is like working for Cloudflare after one year and to learn from the lessons she had learnt. I'll try to do the same in three parts. Beginning with how my on-boarding went, my first customer experiences and finally what is my day-to-day life at Cloudflare. These writings only reflect my personal feelings and thoughts. The experience is different for each and every newcomer to Cloudflare. Chapter 1 - On-boarding, being impressed and filling the (big) knowledge gaps. Before I joined Cloudflare, I was working as a Security Consultant in Paris, France. I never had the opportunity to move abroad to speak English (me.englishLevel = 0), I never had any reason to live outside of France and was at the same time looking for another Job. Perfect then! When I saw the job posting, I immediately applied as I knew the company well, the mindset and the products Cloudflare provided. It took me 6 months to get the offer probably because I was abroad and the French-speaking team was still under construction, to be honest, I would have given it a year if it was needed. At Cloudflare, every new Solutions Engineer is sent to San Francisco for about a month to get a proper onboarding. This has primarily served three purposes: Meet people, Understand the Sales pitch Be technically prepared to face the customers! I was optimistic in meeting the criteria with four weeks of training in SFO. However, I quickly changed my mind after the first hour! Thinking "This is really tough." I literally had to learn two languages, English and Cloudflarian. Post on linkedin I shared as I was so excited to start, that shows how hyped I was For learning English, I decided to postpone as I had so many things to learn, I was meeting with (impressive) guys talking about a product as if I never heard about it before. For me, Cloudflare was a plug-and-play product implementing complex things in a way that kids could setup and understand. Digging deeper I discovered a monster. Not just a simple, well-crafted feature set that can be toggled on/off. but at the same time, a very well furnished product where being a master of a specific piece can take an age to learn! Things I learnt: People at Cloudflare are impressive. They are at the same time smart, humble, knowledgeable and happy to share/help! Break, reverse-engineer, test, re-break the product with your test zone, that's the best way to not presume but to understand how it works. Ask questions as many as you can, if you're thinking about asking the question it means that's not clear to you so ASK! Cloudflare is a transparent company, use this to your advantage to learn by yourself! We've got access to every single line of code of the product, if you're asking yourself how something works, just dig into the code or ask someone to point you to the correct portion of the codebase. The internal WIKI is your new god! Chapter 2 - Come back to London and First customer experience After the 4 weeks, I was almost dead and my head felt like it had gained kilos not from the SF food but with knowledge, I've gone back to my new home, the UK! Remembering that my girlfriend and I had left the apartment before unpacking the boxes, the joy! After the weekend, the big day had arrived! My first day at Cloudflare London, I met the team which I was already quite familiar with given the number of interviews I had during my hiring process. They hadn't changed, they were always so friendly and I felt at home very quickly. English level at the time: 0 + 4 weeks in SFO My first customer meeting When I came back, I was literally thrown on to a call with a customer. Shadowed by a fellow colleague. I was excited and terrified at the same time. I discovered that they were Irish with a very difficult accent. I was not able to understand any words they were saying. Looking at my SE shadow with the MAYDAY eyes (please help me), who let me go it alone for this one, so I kept asking to repeat again and over again for the whole meeting. The customer had been quite nice and was repeating and we finally ended the call with what every customer wants: answers and solutions. The calls after, I was gaining more and more confident and able to do them on my own, I was still ending the calls with things to catch up on as I wasn't able to answer directly on the phone. The more calls I had about different subjects, the more I felt capable. I was also noticing my English level improving. Today I'm able to follow a complete call with those Irish guys and it makes me proud to know how far I have come learning a new language. Things I learnt: A customer has NO reason to challenge you, make fun of you, or judge in any way what you say, the vision you have of your own presentation is ALWAYS perceived worse than what the customer/audience/colleague is observing. Keep this in mind when you need to do a presentation, or in general talk in public. Cloudflare trusts you and when the company hires you, don't doubt your capabilities, you ARE capable. No need to postpone the opportunities, put yourself in a challenging situation, make mistakes, that's the way we all learn. Never assume, ask or verify with someone if you are unsure. You'll never be expected to know everything about everything, just to be able to produce the work needed to get a valuable answer. Chapter 3 - Mess around and enjoy to be part of the Rocketship It took me about 4 months before feeling confident in myself and autonomous, I mean autonomous in a sense that I was not discovering a new subject for any new customer or researching general questions, I knew the global subject and that there was one, to be able to dig for myself and to get to the solution I was looking for. I started to be by myself, taking the lead on things, being confident (what a sentiment). I started to do things not especially related to my work with customers or prospects like taking time to improve my LUA skills, HTTP knowledge, Python, I wrote my first technical blog article and I even took part of the project of building a sound-level monitoring system based on a Raspberry PI and a decibel meter sending alerts to our internal chat system when the level was too high! Talking with engineers is also so great, discovering what's going on behind the scene, how the product is built and designed you're supposed to be the guru of the product in front of the customers. I discovered that no matter the subject you pick-up at Cloudflare, mastering it will take a LONG time, which is quite exciting as I hate to be bored, really. As a Solutions Engineer, you're not asked to master every subject, that's why we're a team and we've our own preferences / natural abilities in terms of technical subjects. We then kind of provide consulting to each other when it's needed, and that's what's great. I really enjoy my life at Cloudflare because I see me as my own boss, with deadlines, pipelines, objectives and no matter the path I take, the importance is to reach the target. Personal development is part of it, I was never asked to stop doing non-directly related to customer things, you're even advised to do so. It will give you the satisfaction of doing something that makes sense and challenges you. Sweets delivery when we started to roll-out the DNS F-root (Yeah!) The company itself now, and being part of a Rocketship has its advantages. It reassures me of the fact I took the correct decision 1 year and 3 months ago. I'm not saying that because I am career-obsessed but because I see the technical choices we make, how much we're growing, the fact we have such a smart team and we are able to keep it and that gives me the evidence that the fun at Cloudflare isn't going to stop. Things I learnt: Take time to fill your gaps, you will never be reproached for it. Spend time on what you like and share with the team, don't keep it a secret! Don't carry the whole load on your shoulders because 1) you couldn't afford it for the long term and 2) we're a team and need coverage on subjects. Conclusion: Working at Cloudflare took a lot of energy at the beginning to keep up the pace with the team. A team which is knowledgeable and keen to share the information is priceless and gives you the mission of reproducing the same with the colleagues asking you for something. During the 1 year and 3 months I have been: part of the 70th class, we only had at the time 100 data centers, I have visited 3 countries I've never been I've seen the release of Argo, Rate limiting, Load balancing, Ampersand, Access, Workers, Stream, FireBolt, 1.1.1.1 DNS resolver Spectrum Cloudflare Apps Store Mobile SDK Furthermore, I'm still excited delivering my best, day after day, to create a better internet. If you’re willing to join an impressive team and work for a very dynamic company to help creating a better internet, we’re looking for many different profiles in our different offices over the planet! Let's have a look!

What Can We Do About IoT’s Security Problems?

Nexcess Blog -

By the end of this year, there will be billions of connected endpoints. The world has never seen a larger digital threat surface. And it has never seen one that is so poorly-secured. “The ease with which hackers can exploit security vulnerabilities in these cheap and plentiful [IoT] devices is disturbing,” writes PivotNine Chief Analyst… Continue reading →

Rackspace Names Jay Ferro SVP and Chief Customer Officer

The Rackspace Blog & Newsroom -

SAN ANTONIO – April 19, 2018 – Rackspace® today announced Jay Ferro as its new chief customer officer. Ferro brings 25 years of experience as a CIO and CTO overseeing technology strategy and operations, which gives him a deep understanding of Rackspace customers’ needs and challenges. Ferro will help ensure customers get the full value […] The post Rackspace Names Jay Ferro SVP and Chief Customer Officer appeared first on The Official Rackspace Blog.

Rackspace Hires Laura Sue D’Annunzio as Chief People Officer

The Rackspace Blog & Newsroom -

SAN ANTONIO – APRIL 19, 2018 – Rackspace® today announced Laura Sue D’Annunzio as its new chief people officer. D’Annunzio brings 28 years of strategy consulting and HR experience to Rackspace, where she’ll lead the company’s HR organization, including talent acquisition, talent management, talent development and employee engagement/culture. She will report to Rackspace CEO Joe […] The post Rackspace Hires Laura Sue D’Annunzio as Chief People Officer appeared first on The Official Rackspace Blog.

5 Questions for Rackspace Chief People Officer Laura Sue D’Annunzio

The Rackspace Blog & Newsroom -

Laura Sue D’Annunzio has spent much of her career helping companies and their employees work successfully through major changes; she’s now bringing that experience to her new role as chief people officer at Rackspace. She served most recently as an advisor to CEOs on strategic human resources issues, and as a career coach for MBA […] The post 5 Questions for Rackspace Chief People Officer Laura Sue D’Annunzio appeared first on The Official Rackspace Blog.

Cloud Sites Scope of Support

Liquid Web Official Blog -

We know that your website is critical and must be available 24/7/365.  We also understand that you don’t have the time to maintain servers and networks. That’s why you’ve chosen Cloud Sites, so you could focus on your website and not the back-end infrastructure. But, sometimes, things go wrong and you need help. That’s why we have support technicians who know the Cloud Sites platform and can help pinpoint problems when they occur. But we have more than that – we have the Most Helpful Humans in Hosting to advise and consult when developing and maintaining your Cloud Sites website.     Support Availability Our Cloud Sites platform is supported by the Most Helpful Humans in Hosting and is backed by the industry’s best guarantees. Our team is available 24/7/365 to provide assistance on a wide array of requests relating to your Cloud Sites platform and the features we offer. Typically, we work through queue-based support systems that enable us to handle your requests in the order in which we receive them. However, if you have an urgent request, please reach out to our phone support or live chat for immediate assistance. You can reach us any time via phone, chat, tickets or at cssupport@liquidweb.com.   Technologies The Cloud Sites platform is a shared, locally-redundant infrastructure providing multiple, diverse technologies for website development and use. This clustered environment ensures there are failover devices for your critical infrastructure needs without having to pay for multiple devices. It includes both PHP and Windows operating systems environments. When you create your website in our platform you can choose from several of the latest technologies. We keep two or more of the most current versions available at all times. And you are not limited to only one technology – for example, you can have both windows and PHP-based websites in the same account. However, because these technologies are shared across all accounts, we can not tailor operating system versions to meet individualized customer requests. Our team will be glad to assist and provide guidance on code or modules which can be modified per site, but sometimes unique changes or code modules may not function in our standardized environments. Also, we strive to always stay current with industry-standard technologies. As technologies advance, newer versions are released and replace older versions which become unsupported by their developers. We match industry standards and retire technologies as they reach the end of their sustainment periods. When these retirements take place, we will reach out to customers as early as possible to allow time to plan and update websites’ so that they work with newer technologies. We understand your need for the most feature-rich and secure versions so we constantly make the necessary moves to implement these updates. Also, as the caretakers of your infrastructure, we have to ensure the overall security of your environment and we will take action to ensure the safety of your websites. One benefit of our platform that enables you to stay current with the latest updates, is the quick ability to change technologies. With just one click in the control panel, your website code can be processed by a different technology. This flexibility allows you to test and make changes on your schedule.     Content Management Systems Cloud Sites allows you to use any number of different Content Management Systems. You can create your website from scratch, load your own code, or choose from several CMSs during the initial setup. For your convenience, our CMS installer includes the latest versions of WordPress, Joomla, Drupal, Media Wiki, Windows IIS and more. Typically, the installers start you out on the right foot and create the CMS administrator portal. However, if you run into any issues with provisioning the site or the CMS, our team will be glad to advise. Because of the shared nature of our infrastructure, some select CMSs may not work in our environment. If your CMS requires root access to the server, it is not a good fit for our shared environment. If you have a question about loading your CMS at any time, we are your support team and we can help point you in the right direction.   Plugins, Themes, and Custom Code The Cloud Sites platform includes state-of-the-art servers and software designed, tested, and integrated to work seamlessly with Windows / .NET as well as Linux / PHP websites from the same Control Panel. Our experts can provide advice on how to configure and utilize core add ons. However, our experts only provide limited support for custom themes and non-core third-party plugins. When time permits, our team can analyze logs and other errors to advise on the best course of action and alternate solutions. Because we have fine-tuned our Cloud Sites platform, some custom code may conflict with our systems. While we are happy to consult with you on these issues, modifying or developing code is outside of our expertise and is best handled by your development team. If a problem stems from a paid plugin or theme, the best channel to request support is through that specific plugin’s developers. Free plugins and themes are generally supported directly via the provider’s organization such as the WordPress.org forums. In all cases, our experts will be glad to recommend alternative plugins and themes that are supported and can be integrated into our platforms.   Migrations The Cloud Sites product provides you a platform to host your websites. Your website may have started somewhere else – maybe on your local server or at a different hosting company. To bring your website into the Cloud Sites platform, the most common migration method is to ‘zip’ or ‘tar’ your website files at the original location and then unpack those files in your Cloud Sites file structure. You can use FTP or the built-in file manager tool to accomplish this transfer. In addition, your control panel has quick links to database tools so you can upload your database. Depending on your Content Management System, database copies can be imported into your Cloud Sites database instance. If you run into any issues with file or database uploads, our team will be glad to assist you with these items. Often, simply unpacking files, updating the setup/configuration, and pointing them to the appropriate database will cause your website to start right up. We have testlinks you can use to evaluate your website before you have to repoint your DNS service. If your website doesn’t come up, our team can advise and help evaluate the areas where you may be running into issues. But, because we do not have expertise on the original configuration you used to create the website, our troubleshooting may be limited to logs and error reporting that we see from our infrastructure. Code updates will best be handled by developers you employ or contact to assist with the site deployment.   Website Development, Optimization   We understand that you know your business and that you know how you want to get your message across to your customers. Developing your website is critical and typically entails unique coding, customization of plugins, and data creation/management. Our team understands how important this process is to your success and we do work from a consultative standpoint with your development team. However, coding, debugging, website design, website development, search engine optimization (SEO), and plugin customization exist outside of our expertise and are beyond our scope of support and are best left to your development team. Once the website design is complete, you’ll want it to hum for your customers. Besides hosting your website on the latest technologies, our technicians are experts on the Cloud Sites platform and can provide guidance on performance optimization of your site. While we do not conduct optimization services ourselves, we have a range of experience about what works best with our product at your disposal.   Security Another area we focus on is keeping your website, data, and customers secure. The Cloud Sites product places all of your website data into segregated file structures inside our infrastructure so that access to your data is limited and secured. In addition, you can control access to your files via users created in your control panel. To help manage your customers, you can also create accounts within your master account (think of them as sub-accounts dedicated to specific clients) – providing an extra level of security and compartmentalization. Each sub account is treated as its own compartment, even from the main account, to ensure there is no way for malware to spread across these account barriers that customers designate. As your partner, we ensure that the datacenter infrastructure, as well as platform hardware and software, are up-to-date and secure. Upon request, we can also provide a consultation on how you can secure individual sites. However, due to the customizations and unique development you create for each website, individual site security is ultimately your responsibility. Our technicians will provide guidance for good security practices but you need to ensure your sites remain up-to-date and correctly configured. Ensuring that your site is regularly updated with current releases for the content management system and associated plugins is critical to maintaining security.   Backups Disasters happen. There may come a time when you make a change and your website no longer works. You use a plugin and it corrupts your database. Having a backup of your data, simplifies your recovery process and can be a lifesaver. The Cloud Sites product includes a 3rd party backup solution add-on that is usable directly from your control panel. You can tailor several backup choices and deploy it on websites that are critical to your business. The Cloud Sites platform does maintain snapshots that go back up to 32 hours; however, they are not a guarantee and are targeted for infrastructure recovery instead of individual website restoration. Based on infrastructure constraints, Liquid Web may clear these snapshots at any time and does not recommend customers consider these as your sole backup solution. Our team will be happy to check the status of snapshots for your account, or you can view them via FTP yourself. Ultimately, you are responsible for backing up your critical data and storing this data in an accessible location. As a general best practice, we recommend that backups are stored separately from the server the website resides on.   Client Management The Cloud Sites product includes robust features to help manage your client base. You can create customer accounts to improve the visibility and organization of your clients and their websites. In addition, you can create unique usernames for your customers, giving them direct access to their websites and data. You can also control those customers’ access via your Cloud Sites Control panel. Although it is not a requirement, placing each of your clients into separate accounts allows you to segregate the actions of one of your customers from impacting your other clients. This also helps to ensure the security and privacy of separate websites. If you are a reseller and wish to obfuscate the use of the Cloud Sites platform, “White Label” control panels can be provided to your clients, giving them access to an administrator interface that is free of Liquid Web labeling. This “White Label” control panel frees you from several time-consuming aspects of website management but also prohibits clients from activating features that would be charged to your account. Additionally, placing clients in individual accounts allows their reported usage information to be easier to review. This option allows you to determine which clients use what resources so you can charge them appropriately.   Data and Third Party Services We know that your data is critical. In many cases, it is your entire business – which is why you will never see our team manipulate your data. Since it’s too important for us to take any action on we will not delete, rename, or move your files, code, or development efforts unless given written direction to do so. In addition, we understand that your databases and their optimization are vital. We can advise on database connectivity and performance issues, however, we do not troubleshoot queries or add/delete data. For critical database issues, we recommend that you contact a professional DBA. Services that are handled outside of Liquid Web (DNS hosting, Security services, CDN services, or 3rd party Backups for instance) are not supported by our technicians. We will be glad to provide guidance when possible but do not perform configurations or customizations with third-party code or control panels. We have trusted specialists, partners, and agencies to assist with needs outside of our scope of support. For additional information on these providers please contact our solutions team.   If you have any questions about our Cloud Sites scope of support, don’t hesitate to contact us via phone, chat, or ticket. We are your support team, available 24/7/365 and are always happy to help our customers. For more Cloud Sites updates, be sure to follow us on Twitter and subscribe to the Liquid Web Blog. The post Cloud Sites Scope of Support appeared first on Liquid Web.

GDPR: What You Need to Know

Reseller Club Blog -

Businesses, large and small, are in the midst of preparing for compliance with the Europeans Union’s new data privacy laws: The General Data Protection Regulation, or the GDPR, which will go into effect on May 25, 2018. The GDPR is very broad in scope and can apply to businesses both in and outside of the EU. Businesses that don’t comply with the GDPR could face heavy fines. Here’s what you need to know about the GDPR. (Note: You should consult your own legal counsel to determine if you are subject to the requirements of the GDPR.) What is GDPR? GDPR is short for the General Data Protection Regulation that goes into effect on May 25, 2018. It was passed by the European lawmakers to create a harmonized data privacy law across all the EU member states. Its purpose is to:   Support privacy as a fundamental human right; Require companies that handle personal data to be accountable for managing that data appropriately; and give individuals rights over how their personal data is processed or otherwise used. What is Personal Data? In a nutshell, GDPR defines personal data as “any information relating to an identified or identifiable natural person.” Okay, so what does that mean? In addition to the kinds of information you might think about – name, address, email address, financial information, contact information, identification numbers, etc., personal data can in some cases be information related to your digital life, like an IP address, geolocation, browsing history, cookies, or other digital identifiers. It also could mean information about a person, including their physical, mental, social, economic or cultural identities. In short, if information can be traced back to or related in some way to an identifiable person, it is highly likely to be personal data. You can find out more about the GDPR here. What rights does the GDPR provide to individuals? There are several rights an individual may exercise under the GDPR, including: Right of access: Individuals can ask for a copy of the personal data retained about them and an explanation of how it is being used Right to rectification: Individuals have the right to correct, revise or remove any of the personal data retained about them at any time Right to be forgotten: Individuals can ask to delete their personal data Right to restrict processing: If an individual believes, for example, that their personal data is inaccurate or collected unlawfully, the individual may request limited use of their personal data Right of portability: Individuals have the right to receive their personal data in a structured, commonly used and machine-readable format Right to object: Where an individual decides that they no longer wish to allow their personal data to be included in analytics or to receive direct marketing emails or other personalized (targeted) marketing content at any time, the individual may opt out of use of their data for these purposes Please note that these rights are not absolute, and limitations/exceptions may apply in some cases. Some responsibilities of the GDPR you should understand Generally speaking, there are two types of parties that have a responsibility regarding the handling of data: the “controller” and the “processor.” It is important to determine whether you are acting as a controller or a processor and understand your responsibilities accordingly. A “data controller” determines the purposes, conditions and means of the use of personal data. A “data processor” on the other hand, only acts on the instructions of the “controller” and processes personal data on their behalf. So, what does this mean for you? As a reseller you are the controller in relation to your customer’s data. Since ResellerClub acts as the Registrar on record, this also makes us a data controller. It is your responsibility to ensure that you have the necessary notices and/or consents in place in order to transfer personal data to us for use. In addition, we are reviewing and updating, as necessary, our agreements with you and with our subcontractors (to include the necessary GDPR terms), as well as notices, policies and internal processes, features, and templates to assure our compliance and help you achieve compliance. How does the GDPR affect your business? Individuals, companies, or businesses that have a presence in the EU or, if no presence, offer goods or services to, or monitor the behavior of, individuals in the EU need to comply with this law. Please consult with your own legal counsel about whether GDPR applies to you and your business. What do you need to do differently to comply with GDPR? If the GDPR applies to you, there are various obligations you will need to comply with in order to continue doing business with your customers from the EU. Luckily, not all of these obligations are new, so you should be complying with some of them already. The most important differences in this context are as follows: More information about your use of personal data must be communicated to your customers. You should make sure that your privacy notices/policies are updated to reflect the new requirements of the GDPR, including setting out the purposes of your processing personal data, how long you are retaining such data, and what legal basis for use of personal data are you relying on. You should determine the legal basis for your use of personal data: If you are relying on consent to use your customers’ data you should ensure that the consent you have meets the new requirements of the GDPR (more details on this below). Please note that sending marketing emails or showing promotional content in any form to your customers may require, in certain circumstances, prior opt-in consent from them. As a reminder, you have already agreed through acceptance of our terms of service to lawfully obtain and process all personal data appropriately and have attested that you have permission to expose your customers to promotional content. You will also need to comply with the rights provided to individuals by the GDPR. See section above “What rights does the GDPR provide to individuals?” for details. To the extent that you have these obligations, we have tools in place to help support your compliance efforts – we’ll get into some detail about this below. These include methods for you to obtain consent on your website for all visitors and to show promotional content to your existing customers, as well as ways for you to confirm and document consent for new ones, too. You should consult with your legal counsel on the above and your other obligations under GDPR. What kind of Consent is required under the GDPR? When in doubt, and you are relying on consent to market to your customers, express consent is typically your best option. You obtain and document express consent when you explicitly ask your potential customers for permission to send them emails and other marketing content, and they agree, and that agreement is recorded. ResellerClub has ways for you to indicate whether you have obtained express or implied consent from a customer, outlined in more detail below. There may be circumstances where you can rely on something similar to implied consent for sending emails or promotional content to customers even when subject to the GDPR. This is called a “soft opt-in” where – you have obtained their contact details in the context of a sale of a product or service, you are sending emails and showing personalized ads relating to similar products or services the customer has the ability to opt-out of receiving such emails when they first provided their data when making a purchase and in every subsequent communication sent from you. You should consult with your legal counsel to determine whether you can rely on the soft opt-in going forward under the GDPR. If you have customers with soft opt-in consent, you can store them as implied consent, but you will need to maintain your own documentation about how you obtained that soft opt-in consent. Your customers should also be given an easy way to withdraw their consent in order to comply with the GDPR.   How is ResellerClub complying with GDPR? ResellerClub’ partners will be able to opt-out of receiving emails at any time by clicking the ‘unsubscribe’ link included at the bottom of every marketing email they receive from ResellerClub. Additionally, when you visit our website, tools will deployed to collect cookie consent in order to understand and record their choice of cookies and work with those that site visitors have allowed. Overall, we’ve classified our plan in 3 broad categories: 1. Privacy Statement We are reviewing and updating, as necessary, our agreements with you and with our subcontractors (to include the necessary GDPR terms). We are also updating our Privacy Policy, Terms of Service, internal processes, features, and templates to assure our compliance.   The ResellerClub Privacy Statement will explain what information we collect about you as a ResellerClub partner and how we handle your personal data in this context where the GDPR applies. This statement will include descriptions of how your personal data will  be used by ResellerClub. Once published, we suggest that you review our Privacy Statement. To the extent that you collect and process personal data, you are required to help your customers understand exactly what data is being collected and how it will be used. It is important that you have a Privacy Statement with contains details of your data processing activities.   Where required, we will also support you, as a ResellerClub partner, in fulfilling GDPR related data subject requests you receive from your customers. 2. WHOIS The European data protection authorities have expressed concern over the unlimited publication of personal data of domain name registrants in the WHOIS. To ensure our WHOIS output is compliant with the GDPR, we will implement the following changes starting May 25th, 2018: For Existing Domain Names: For all existing domain names, if either of the Registrant, Admin, Tech and/or Billing contacts is identified as being from the EU, we will mask the WHOIS output for that domain name with placeholder details in place of the users’ personal information (this service will be referred to as “GDPR WHOIS Protection”). All domain names that have Privacy Protection enabled, which is a separate service from GDPR WHOIS Protection, will continue to show the Privacy Protection contact details in the WHOIS output. In addition Privacy Protection provides the following services and functionality which are not available with GDPR WHOIS Protection: Privacy Protection enables registrant to get emails like domain sale inquiries if needed from the website http://privacyprotect.org/; and Privacy Protection allows the registrant to receive emails from a web form on the privacyprotect.org website. For New Domain Registrations, Renewals, Transfers: All domain registrations and transfers from SuperSite will use the details from the customer contact created during the purchase flow or all the 4 contacts: Admin, Billing, Technical and Registrant contact. The customer can log in to the control panel and change the default contact  or edit any of the 4 contacts If any of these contacts created / selected at the time of domain registration are from within the EU region, GDPR WHOIS Protection will be enabled for the Domain name by default during the purchase process. GDPR WHOIS Protection will work exactly as explained above Users will be alerted in the purchase flow that their personal information is protected in WHOIS results for free However, they still have the choice of layering Privacy Protection over GDPR WHOIS protection in order to receive emails like sale notices. WHOIS data for EU customers will always be masked regardless of whether or not Privacy Protection is enabled Partners using the ResellerClub API must note two new attributes that will be recorded for domain names: Data protection eligibility: This indicates whether the contact information must be masked for a particular domain name. Data protection status: This indicates if the data protection status is currently turned ON or OFF. Partners using the API must incorporate the following changes to enable customers to manage their data protection settings: A new API method to disable and re-enable data protection; A new API method to resend an authorization email for disabling data protection; A new API method to cancel disabling request; Two new parameters in domains/details and domains/details-by-name API methods Data protection eligibility Data protection status Our engineering team is currently working on building these changes into the system. While we do that, to enable our API partners to plan ahead, we will aim to share the final API specification with sample request and response patterns as soon as they are ready. .  Also, we will  confirm when the new API methods will be available on the demo environment. Notwithstanding the foregoing, access to personal data of domain name registrants may be granted when such access is necessary for technical reasons such as for the facilitation of transfers, or for law enforcement when it is legally entitled to such access. 3. Cookie Consent When you visit the ResellerClub website, the web server passes on a cookie i.e., a string of text, to the web browser. These cookies enable our website to work, or work more efficiently, as well as provide information and additional services. Cookies are used for  purposes of marketing, analytics or are essential for site functionality and making experiences better. To ensure that we capture and record the appropriate consents for cookies deployed on our website, we will be using TrustArc, a globally trusted third-party compliance management tool. This way, you will be able to select and manage your cookie preferences. Generally, cookies may fall into any of the following *categories: Strictly necessary/required cookies: These cookies are required to enable core site functionalities. If you choose to block these cookies, you may not be able to register, login to the website, access certain parts of the website or make full use of the website. Functional cookies: In addition to core functionalities, these cookies collect and store login details, and can be opted out of Analytics cookies: These cookies analyze site usage by monitoring how users navigate through the website, and can be opted out of Advertising cookies: These cookies make users’ information available for targeted advertising, and can be opted out of *The cookie definitions stated above are in accordance with how TrustArc (our cookie consent tool) identifies and segregates cookies.   What should you do as a partner? If you use cookies on your website, you may have to comply with these enhanced consent requirements for cookies. To help you implement this, we have shortlisted 3 open-source tools you may be able to utilise to obtain and manage cookie consent from your customers: Cookie Consent by Insites Tarteaucitron.js Cookie Consent These are just three tools out of the many options available on the internet. We are not, by any means, endorsing these tools and recommend you seek advice from your legal team before you decide to proceed with any of these (or other) cookie consent tools for ensuring thorough compliance. What if you have more questions about GDPR? If you have specific questions about GDPR, you can reach out to us at gdpr@resellerclub.com. Other changes You may be aware that there is likely to be further change in the near future about the way in which you can send marketing communication to your customers in the EU. The rules contained in the EU Directive on Privacy and Electronic Communications is under review and we are expecting a new ePrivacy Regulation to be finalized soon. Once these new rules are finalized, we will be reviewing our forms and features again to provide our partners with the necessary tools to achieve compliance. NOTE: The information included on this page is meant to guide you through the process of understanding GDPR and is not a substitute for legal advice. Find more information on the GDPR website.

How to Use Facebook Ad Dayparting to Optimize Your Results

Social Media Examiner -

Want to make sure you serve Facebook and Instagram ads when your followers are online? Have you considered dayparting your ad campaigns? In this article, you’ll discover how to use dayparting to schedule Facebook and Instagram ads to pause and run on specific days and times. What Is Dayparting? Dayparting is the practice of scheduling [...] This post How to Use Facebook Ad Dayparting to Optimize Your Results first appeared on Social Media Examiner.

What Is A Domain Name? – Domain Names Explained

Pickaweb Blog -

What Is a Domain Name? A domain name provides an easy way of remembering an internet address. This name is unique. A domain name is your piece of internet real estate. There are lots of different tld´s (domain extensions) that you can register. For example .uk, .co.uk (very popular for UK websites and businesses),.org.uk, .com, .net, org, info, .eu, .me.uk, .biz, The post What Is A Domain Name? – Domain Names Explained appeared first on Pickaweb.

POP3 vs IMAP – What’s the right option for your business?

Reseller Club Blog -

Instant messaging has done nothing to stall the importance of email for both personal and business use today. We use email often enough, if not everyday. Do we really understand how it works and which email setup will work best for our business? Let’s investigate that and in particular I’d like to address the difference between POP3 and IMAP. First, the basics. While I won’t bore you with the history of email, there are a few important terms that you need to know to get the most value from email for your business.   Email terminology you should know: Email server-An email server is a machine that hosts your email. It’s usually provided when you purchase a hosting package Email account– An email account is something I’m sure you are aware of. However, for clarity in this blog, an email account is the data storage area for your emails and where they come in and go out. Email client-An email client is a computer program that is used to read, compose and send emails and is the interface between the mail server and the user. Email clients use an email protocol (either POP or IMAP- we’ll explain that later) to download and read emails. Some examples of email clients include: -MS Outlook, Outlook Express, Eudora, Thunderbird (which are Windows-based) -Pine, Elm and Mutt (which are Linux-based) Configuring an email client typically requires account credentials, server host names and port nos. (if hosting provider uses other than default ports) Webmail– Unlike email clients, ‘Webmail’ refers to webmail applications or web-based mail access. These applications are hosted on the email server and can be accessed via their URL, for example – gmail.com,etc Email protocol-There are different stages to delivering an email and to ensure successful delivery these are defined by protocols namely POP and IMAP. Email hosting– Email hosting is a web service which operates email hosting servers. Unlike webmail services such as Gmail and Outlook Mail, email hosting services are usually paid for and are suited to businesses that- Require more space for their emails. Want to brand their email address with their own domain name -for example, employee@companyname.com.   We offer 3 different types of email solutions for businesses- Business Email, Enterprise Email and G Suite by Google Cloud. While Business and Enterprise Email are largely differentiated by storage space for businesses at different stages of growth, G Suite offers various other collaboration and productivity tools for a modern office in addition to email.   Now to address our topic – What is the difference between POP3 and IMAP and why should you care? When you first configure an email client such as Outlook or Mail, you will usually need to specify the protocol you want to use. While some mail clients will have a default setting, it helps to understand what the two options really mean and how they can help you. POP: POP or the Post Office Protocol is a set of rules for email retrieval. Like a post office, you log in, collect or read your email and leave. Also known as the ‘download-and-delete’ email protocol, mail on a POP server is deleted as soon as you have downloaded it. The protocol is currently in its 3rd version. Some examples of POP3 Servers include- Dovecot, qmail, sendmail, Exim, Microsoft Exchange Some examples of POP3 Clients- MS Outlook, Outlook Express, Thunderbird, Eudora Positives: A simple procedure to access email POP lets you download emails to your machine and read them even while offline This helps reduce the amount of space your email account uses on your web server Negatives: It is unidirectional- a one-way communication from the mail server to a single computer, post which it is deleted from the server. If you try to access your mail account from another device, you will not be able to see those emails. Sent mail is stored locally on your device and not on the mail server Though there exists an option to keep a copy of your email on server (through which email clients can tell the server not to delete the emails), this leads to multiple copies of your mailbox on clients as well as on server and so it makes the management of emails difficult.     IMAP: In contrast to POP3, email accounts configured with the Internet Messaging Access Protocol are retained on the server even after the user has downloaded it. It was in fact introduced as an alternative to POP3. Positives: IMAP allows a two-way communication between the mail server and the client. Emails are stored on the server even after they are downloaded/accessed from multiple devices through multiple clients. If you read a message from an IMAP server, it is marked as ‘read’ across all the clients that you connect with. In other words, all your activities through IMAP are synced Once messages are downloaded, the copies still remain on the server for you to access at any time Unlike POP, an email in a IMAP setup is only downloaded when you click on it. Also, attachments are not automatically downloaded either. Thus, checking your email with IMAP is much faster and more efficient Sent mails are stored on the server so you can access them at any time Negatives: The emails will eventually take up a lot of the space on the server unless you purchase more space IMAP is not available offline   Of the two, IMAP is a clearly a better option for the modern business world. I hope I’ve given you a fair understanding of email terminology and in particularly the difference between POP3 and IMAP.

New – Registry of Open Data on AWS (RODA)

Amazon Web Services Blog -

Almost a decade ago, my colleague Deepak Singh introduced the AWS Public Datasets in his post Paging Researchers, Analysts, and Developers. I’m happy to report that Deepak is still an important part of the AWS team and that the Public Datasets program is still going strong! Today we are announcing a new take on open and public data, the Registry of Open Data on AWS, or RODA. This registry includes existing Public Datasets and allows anyone to add their own datasets so that they can be accessed and analyzed on AWS. Inside the Registry The home page lists all of the datasets in the registry: Entering a search term shrinks the list so that only the matching datasets are displayed: Each dataset has an associated detail page, including usage examples, license info, and the information needed to locate and access the dataset on AWS: In this case, I can access the data with a simple CLI command: I could also access it programmatically, or download data to my EC2 instance. Adding to the Repository If you have a dataset that is publicly available and would like to add it to RODA , you can simply send us a pull request. Head over to the open-data-registry repo, read the CONTRIBUTING document, and create a YAML file that describes your dataset, using one of the existing files in the datasets directory as a model: We’ll review pull requests regularly; you can “star” or watch the repo in order to track additions and changes. Impress Me I am looking forward to an inrush of new datasets, along with some blog posts and apps that show how to to use the data in powerful and interesting ways. Let me know what you come up with. — Jeff;  

Three Signs Your Staff Don’t Take Security Seriously

Nexcess Blog -

Cybersecurity is a constant balancing act between convenience and data protection. The former always wins, no matter how much IT professionals might wish otherwise. The consumerization of IT is at the heart of this issue. Modern workers demand that the tools and applications they are provided in the workplace offer a user experience in-line with… Continue reading →

WordPress Security Through Obscurity: Why It Isn’t Enough to Keep Your Website Safe

DreamHost Blog -

Now you see it. Now you don’t. Website security is like a magic trick that’s getting harder and harder to pull off as time goes by. In fact, hiding aspects of your site as your main form of security just isn’t what it used to be. Poof, there it goes. While obscurity is not an effective deterrent on its own, it can still be useful as part of a more expansive security strategy. There are actually a lot of precautions you can take to protect your WordPress site’s admin area that don’t rely solely on obscurity. The best part is that most of these techniques are fairly simple to implement. In this article, we’ll explain what security through obscurity (also known as security by obscurity) means and discuss why it’s no longer recommended as the sole protection against attacks. We’ll then offer nine tips that will help you secure your WordPress website and admin area. No bunny in hat required. A Brief Look at WordPress and Security WordPress is a pretty secure platform; it has to be since it powers more than a quarter of all websites. When you’re using an up-to-date version of WordPress, your site will be protected against the most common types of attacks. Ever since Version 3.7, you don’t even have to worry about installing new security updates yourself since these are now performed automatically. With that said, no system is ever foolproof. As WordPress is such a ubiquitous platform, it’s also a common target for attackers and malicious bots. Hackers never sleep, and they’re constantly finding new ways to attack your site or exploit flaws in your system. We don’t say this to scare you, but to make you aware that security is something you should never take for granted. However, what if your website is just a small personal blog or a portfolio of your work? No one would bother to attack it, right? Well, we hate to bear more bad news, but the majority of common attacks are automated brute force attempts to gain access to the admin area on as many sites as possible. This means that any site, no matter how big or small, is a potential target. If this worries you, it’s okay. You can channel that concern into productive action. There are actually plenty of easy things you can do to strengthen your site’s security. First, let’s look at one strategy that’s been popular for some time now. An Introduction to WordPress Security Through Obscurity Security through obscurity is when you rely on secrecy and obfuscation to protect your website. The thinking goes that if attackers are not aware of a flaw in your security, or cannot easily find your site’s weak points, that will be enough to keep the site safe. One popular way to implement this strategy is by simply altering some of the default WordPress settings. This could include changing the URL for the WordPress login page, hiding the WordPress version number, and renaming sensitive folders. In theory, this is not a terrible idea, especially since many brute force attacks rely on automated bots to perform the same action against thousands of websites. If you can hide your site’s vulnerable points, you make it harder for them to reach you. However, this is only effective up to a certain point. Relying on obscurity as the sole tactic for protecting your site is not going to work in the long run. Why You Shouldn’t Rely Solely on Security by Obscurity for Your WordPress Site Although security by obscurity has been popular over the years, it’s generally not considered a best practice to make it your website’s only form of protection. This is not a recent trend either, as obscurity has been criticized for a long time — and we do mean a long time. For example, an early critique of this practice comes from the locksmith Alfred Charles Hobbs back in 1853. He would often openly discuss specific vulnerabilities in lock designs, for which he was sometimes criticized. When asked why he would make this sensitive information public knowledge, he simply responded: “Rogues are very keen in their profession and know already much more than we can teach them.” This quotation highlights the main problem with obscurity as a security strategy. It’s based on the assumption that simply by hiding something, you ensure that it will never be found. This is like keeping your house key under your doormat. While it might deter impatient robbers, it only takes one person to lift the mat and completely break your security system. A similar point was made by the 19th-century cryptographer Auguste Kerckhoff, who originated Kerckhoff’s principle. This principle states that any system should remain secure even if all aspects of its design, except the key, become public knowledge. Of course, security by obscurity can still play a role in keeping your site safe. It’s a good way to slow down attackers, even if it won’t stop them outright. It just doesn’t work as the primary method for safeguarding your site. Instead, it needs to be used as one part of a broader security system. How to Actually Protect Your WordPress Admin Area (9 Vital Tips) We’ve spent a lot of time talking about why you shouldn’t rely entirely on obscurity to keep your site safe. Now, it’s time to get constructive. Let’s look at some of the ways you can protect your WordPress admin area. However, before you make any changes to your site, we recommend that you first create a backup. This will save you a lot of trouble if something goes wrong along the way or if you need to revert your site for any reason. Then you can start working your way down the list! 1. Use Two-Step Authentication Two-step authentication (also called two-factor authentication) adds another layer to your login process and makes your admin area more secure. It works by requiring not just your user credentials, but also a one-time passcode whenever you want to access your account. The passcode is generally sent to an external device, such as a cell phone. Adding an extra step to the login process is a little inconvenient, but makes it much harder for attackers to brute force their way in. If your site is hosted with DreamHost, there are a few easy methods for setting up two-step authentication. You can use the Google Authenticator app on your phone or other mobile device, for example. Alternately, you can purchase and use a YubiKey device, a tool specifically designed for this application. 2. Use a Firewall Choosing the right web host is one of the best ways to keep your website safe. You’re almost certainly aware of firewalls and their importance. They are an integral part of computer security, and most people have at least have a passing familiarity with them at this point. When used for websites, they are usually referred to as Web Application Firewalls (WAFs). A firewall sits ‘in front’ of your site, monitoring its traffic and blocking many common threats, such as malware. This makes it an indispensable layer in any site’s security. If your site is hosted on DreamHost, you don’t have to worry, as it will already be protected by a built-in firewall. Otherwise, there are plenty of WordPress-specific solutions available, such as Sucuri and SiteLock. Our personal favorite is Cloudflare, which can easily be integrated into WordPress and offers a number of additional features, including content optimization. 3. Password Protect the WordPress Admin Directory Your wp-admin directory contains all the files necessary to log in to your site’s admin area. This makes it a primary way for attackers to gain access. One way you can stop them is by protecting the directory with a password. There are a number of ways to do this, but the easiest is through your web host’s panel. There, you will be able to configure the directory to require a password for access. The process for how to do this will differ depending on your host, so refer to its provided documentation for more details. Another way you can achieve the same goal is by adding .htaccess and .htpasswd files to your site’s directory. This is recommended only for advanced users, who want total control over their site structure. That said, it’s important to note that password protecting your admin directory can have a negative side effect. Specifically, it can interfere with all WordPress plugins that use AJAX. This could be a big problem, as many plugins rely on AJAX to work. Fortunately, there is a pretty simple solution. You’ll just need to add the following code to your .htaccess file: <Files admin-ajax.php>    Order allow,deny    Allow from all    Satisfy any </Files> This will allow the AJAX file to be accessed by the plugins that need it, even if the rest of the directory is protected. Related: 15 Essential Plugins and Features For Your WordPress Website 4. Always Use Strong Passwords This may seem like an obvious tip, but it’s one that bears repeating. The most common reason attacks succeed is due to passwords that are easy to guess, such as ‘“123456” and “password.” People like to use passwords they can easily remember, but that makes them equally easy to crack. The good news is that these days, you don’t even need to remember your passwords. By using a password keychain solution, such as Password Safe or Keychain Access, you can save your passwords in one secure location and copy them whenever they’re needed. As for the password itself, WordPress actually contains an excellent generator in the admin area. Just navigate to All Users, and then select your admin account from the list. This takes you to the Edit User page, where you can scroll down to find the Account Management section. Select Generate Password to create a new password, which will appear underneath the button. You can copy this and set it as the user’s new password. You should also take the time to test your password to make sure it genuinely is strong enough. If your password consists of a simple string of words and numbers, you’ll probably find that it can be cracked within minutes. However, passwords generated by WordPress should be very difficult to crack. 5. Limit the Number of Login Attempts Allowed A basic but efficient way of stopping many attackers is to limit the number of login attempts each user is allowed to make. When the limit has been exceeded, the IP address will be prohibited from attempting to log in for a set amount of time. You can implement this technique easily with the free Limit Login Attempts Reloaded plugin. It will automatically set a limit of five attempts from any IP address, and then lock that IP from trying again for 20 minutes. If you want to change these defaults, you can do so by going to Settings > Limit Login Attempts. In addition to the plugin options, this page will show you a list of all lockouts that have occurred. This enables you to keep track of potential unsuccessful attacks. You can also use this page to whitelist and blacklist specific IP addresses. This will make the specified addresses exempt from the login limit, or automatically deny them any time they attempt to sign in. Related: 13 of the Best Security Plugins to Keep Your WordPress Site Safe 6. Limit Login Access Based on IP Address If you notice that your site is getting a lot of invalid traffic from a specific IP address or domain, you can usually assume that it belongs to an attacker. Once you know the address for a potential threat, you can deny it access to your login page altogether. We’ve already talked about using a plugin to blacklist specific IP addresses, but there’s a more flexible way of accomplishing the same goal. This will require you to edit your .htaccess file, and add the following code: deny from 173.236.241.100 As you can see, this snippet will deny access to the user with the IP address 173.236.241.100. If you want to deny an entire subnet, you would write it like this instead: deny from 173.236.241. This will deny all users at the specified subnet from accessing your login page. Just be careful not to accidentally block users who should have access to the site! 7. Disable Login Hints When a login attempt fails, WordPress will display a default error message. This will usually feature a hint as to why the attempt was unsuccessful. This is certainly helpful. In fact, it might be too helpful. This message can inadvertently give potential attackers more information about how to crack your login page. A solution is to replace this message with something more generic. This will require you to add functionality to your site, which you can do by editing the functions.php file. However, this can be risky, especially since the functionality is tied to the theme and will be lost if you switch themes down the road. Instead, we recommend you add the function as a ’Must Use’ (MU) plugin, which are stored in wp-content/mu-plugins. These are plugins that cannot be deactivated in the admin dashboard, and will run on all sites within an installation. In this case, set up the plugin and use the following code: // Display no login error. add_filter( 'login_errors', '__return_false' ); //Display a message. add_filter( 'login_errors'), function(){ return 'Something went wrong!'; }); This will override the default login error message with the phrase “Something went wrong!” You can even give it a try and see the new message in action. Feel free to replace the default text with whatever message you prefer. 8. Keep Your WordPress Site Updated This is another tip we’re willing to bet you’ve heard by now. However, it’s also one of the most important. Using an outdated version of WordPress does not come with any guarantees. Since version 3.7, all security updates are automatically installed on your site. WordPress itself can be set to update automatically as well. We strongly recommend that you do this; it’s good practice to keep software updated. Just remember that vulnerabilities can be introduced by updates as well. The same goes for your themes and plugins. These are entry points, which can contain security vulnerabilities and exploits. Whenever a new version of a plugin or your theme is available, you should update it as soon as possible. This is easy to do, and it can prevent a lot of problems. Have you heard? DreamPress users don’t need most security plugins thanks to the service’s built-in firewall. 9. Understand WordPress User Roles and Permissions One final (but crucial) aspect you’ll need to consider is user roles and permissions. It’s very important to carefully consider which roles you assign to your users. This is to ensure that you don’t give unnecessary permissions to people who could use them irresponsibly. By default, WordPress contains the following user roles with varying permissions: Super Admins have full access to the network, site, and admin dashboard. Administrators have full access to the site and admin dashboard, including plugins and themes. Editors can write, publish, and edit all posts, comments, and pages. Authors can write, publish, and edit their own posts and comments. Contributors can edit and delete their own posts. Subscribers can only view the site. As you can see, certain roles have more privileges than others. You need to make sure that the roles you assign users, either manually or by default when they register, are correct. As a general rule, only give each person the permissions they need to do their job and nothing more. In addition, it’s best to keep the number of users with high-level roles as small as possible. Play It Safe Keeping your site secure is not a task you should take lightly or leave to chance. Attackers are more persistent and resourceful than ever so you need to be their match at every step. This is why relying entirely on security by obscurity is not enough. While obscurity can be a useful tool in your arsenal, it should be no means be the only one. Do you have any questions about WordPress security through obscurity? Or even how to protect your WordPress site and admin area? Join our conversation on Twitter or Facebook. DreamPress was designed from the ground up to make your WordPress website fast and secure. Get the web’s best managed WordPress hosting today! The post WordPress Security Through Obscurity: Why It Isn’t Enough to Keep Your Website Safe appeared first on DreamHost.

Pages

Recommended Content

Subscribe to Complete Hosting Guide aggregator