Most Common Questions (8)

Getting Started How to Start a website ?

In this guide, you will learn about the basics of your hosting account and the many features available to you. Your hosting account is a powerful tool for you to use not only in building and managing your website, but also for email, web applications, and much more. To get started using your hosting account, this guide will show you how to transfer your domain name, set up and access your email accounts, use FTP, explore your File Manager, manage your passwords, and Even build your own website if you have questions other than this you may use our support or post an inquiry.

What is domian Name ?

The first step for your successful presence in the World Wide Web is a domain. Once you own your unique Internet address, your website or eShop can be found on the Internet and suitable e-mail accounts can be created so domain is the identity of a business to be live on the internet the first step is to choose a good domain name for your business. the next thing after domain is a good hosting as domian and hosting are the first steps to start a website to be live

How to Choose a Good Hosting Plan?

The very first decision that you need to make as you start building, or plan to build, a website is choosing the appropriate hosting plan. In most cases your website needs will develop overtime. If you need extra space or RAM to run intense processes on the server, then probably a shared hosting account won’t be enough. Assess your needs, determine what features your website will have, even check if you will need to host more than one website with us. Here is a short list of what offers we provide for your hosting needs.
Shared Hosting
Pro Web Hosting
VPS Hosting
Dedicated Hosting

How to Use FTP Account ?

FTP (File Transfer Protocol) is a common connection protocol to upload and manage files on your hosting account. FTP will help you move, delete, create, edit, etc files on the server. This is a preferred method of interacting with the server utilized by most web developers to deploy a new website to your account. A great advantage of FTP is that it does not have limits on how large a file can be to upload it to the server. The brand cPanel offers a specialized tool to set up FTP

File Manager Access?

File Manager The File Manager provided by the cPanel is a great tool for doing simple file and folder operations. It resembles a File Manager like any on your computer, but it displays the files and folders that your own hosting account has. With this tool, you can copy, paste, move, create, delete and rename files and folders. It should come in handy as you make simple operations with your files on the server. We recommend that you become familiar with this tool.

Managing your Passwords and cPanel Access?

Your cPanel access on shared hosting is a powerful tool to manage your hosting account. It includes different modules that can manage from email creation to adding new products to your hosting. Therefore, the data that is provided by the cPanel is sensitive and you should only share, if ever, access to it with collaborators that you trust. Although not recommended, you could have multiple people of your trust access the cPanel to assist in the managing of your sites. Because of the sensitive nature of the cPanel access, it is imperative that you create strong passwords for your cPanel and that you keep them safe. They are important credentials that will be required as you work along with our support lines if ever you need our assistance.

Secure Reliable Hosting

Hosting possibilities are provided for both beginners and professionals. They are offered with either a Windows or Linux operating system. Since security plays a major role with us, the data of all hosting packages is secured simultaneously in two data centres in different locations through geo-redundancy: If one data centre fails, the second one takes over within seconds so that the performance is not affected.

Database

With databases you can save your personal data easily, efficiently and in an organised way. This data can be managed and updated at all times. we offer MySQL (Linux) and MSSQL (Windows) database

Wordpress Security (26)

What is Security over internet ?

Security is an important topic. Therefore, Evekon Technologies supports you to protect your personal data, e-mails and entire computer and Websites as till the birth of internet to now we cant say we are 100% secure but we make our best efforts to be secure we are leading towards Cloud Linux more secure Environment.

How to Secure Wordpress Website ?

On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of themes, plugins vulnerabilities, weak passwords and obsolete software , So below you will find the major steps to secure your websites.

Wordpress latest Security Updates

Most WordPress admins don’t even know they’re vulnerable, but we here help you and guide you not to be a next victim. We have arranged a revised security updates for your WordPress website, follow them on urgent basis and be safe.

Maintain Strong Passwords:

If you aren’t using a password that’s at least ten characters, including numbers and letters, capitals and lowercase … you’re doing it wrong again. Do it right, especially this one. This is not an excuse that password is hard to remember. You can save it in any note pad file in your computer, but a secure password is your 1st key to secure WordPress website. Sample Password should be: SL*!!d83S7!_-hS

Always keep with updates:

“WordPress updates are released” is not just news to be read while sipping your coffee. They are released to fix bugs, introduce new features and most importantly, to patch security holes. Is WordPress one step ahead from hackers? Ofcource not, this is the most used open source script in the website development field. That’s why it’s much easy to hack too. WordPress always issues a routine updates just for your security. Do not ignore notices comes in top bar of your WordPress admin.

Protect WordPress Admin:

Are you using “admin” as your administrator user name? This is a common thing that we keep ‘admin’ as a user name in most of the WordPress websites, so hacker knows it already. Some time we use our names as user name, it’s also not good exercise. Hackers can find usernames fairly easily from blog posts. Always use different usernames instead of default. What if you already have your username as ‘admin’? You can still change it by accessing your cpanel and there in phpmyadmin tab there is a table for user see there will be user login and display name change the user login there it will then not be displayed in blog post in this way you can secure your wordpress admin .

Limit Login Attempts:

In the case of a hacker or a boot attempting a brute-force attack to crack your password, it can be useful to limit the number of failed login attempts from a single IP address. Limit Login Attempts Plugin does just that, allowing you to specify how many retries will be allowed, and how long an IP will be locked out for after too many failed login attempts. There are ways around this, as some attackers will use a large number of different IP addresses, but it’s still worth doing as an additional precaution. so do install a plugin from wordpress directory limit login attempts this will secure you to somehow

Disable File Editing:

In a default WordPress installation, you can navigate to Appearance > Editor and edit any of your theme files right in the dashboard. The trouble is, if a hacker managed to gain access to your admin panel, they could also edit your files that way, and execute whatever code they wanted to. So it’s a good idea to disable this method of file editing, by adding the following to your wp-config.php file: define( ‘DISALLOW_FILE_EDIT’, true ); in your wordpress files and folder on the server in wp-content you will find a file name wp-config.php add the line of code
define( ‘DISALLOW_FILE_EDIT’, true ); in this file and update the file

Avoid free / null Themes and Plugins

It’s better to avoid using free themes, if possible, especially if they aren’t built by a reputable developer. The main reason for this is that free themes can often contain things like base64 encoding, which may be used to sneakily insert spam links into your site, or other malicious code that can cause all sorts of problems. Free themes / plugins are still less harmful rather than using null theme, as every famous paid theme is available as free in null condition. It’s simple if you are using a null script in your website; you are welcoming hackers to stay in your website with no restriction. Null theme / plugins always are also breach security level created by other security parameters installed in the website.

Keep regular Backups

I can’t overemphasize the importance of making regular backups of your website. This is something that many people put off until it’s too late. Even with the best security measures at your disposal, you never know when something unexpected could happen that might leave your site open to an attack. If it happens you want to make sure all of your content is safely backed up, so that you can easily restore your site to its former glory.

Use security Plugins:

As well as all of the measures above, there are tons of plugins you can use to tighten your site’s security and reduce the likelihood of being hacked. Here are a handful of popular options:
BulletProof – protects your site via .htaccess.
Wordfence full-featured security plugin.
Stop Spammers is an aggressive spam plugin that stops spam registrations,

Wordpress security Measures take serious:

WordPress security is taken very seriously, but as with any other system there are potential safety issues that may arise if some basic safety precautions are not taken. This article will go through common forms of vulnerabilities, and the things you can do to help keep your secure WordPress installation. This article is not the ultimate solution to your concerns miracle safety. If you have any specific safety issues or concerns, you should discuss it with people you trust to have sufficient knowledge of computer security and WordPress. Basically, security is not about entirely secure systems. Such a thing might well be impractical, or impossible to find and/or maintain. A secure server protects the privacy, integrity, and availability of the resources under the server administrator’s control Qualities of a reliable web host might include, Readily discusses your security concerns and which security features and processes they offer with their hosting. Provides the most recent stable versions of all server software. Provides reliable methods for backup and recovery. Decide which security you need on your server by determining the software and data that needs to be secured. The rest of this guide will help you with this

Security of Themes:

Keep in mind some all-purpose ideas while considering security for each facet of your system:

Limiting access

Making smart choices that lessen possible entry points available to a malicious person. Containment Your system should be configured to minimize the amount of damage that can be done in the event that it is compromised.

Preparation and knowledge

Keeping backups and knowing the state of your WordPress installation at habitual intervals. Having a plan to backup and recover your installation in the case of catastrophe can help you get back online faster in the case of a problem.

Trusted Sources

Do not get themes from untrusted sources. Restrict yourself to the WordPress.org repository or well known companies. Trying to get themes (or plugins) from the outside may lead to issues.

Vulnerabilities on Your Computer

Make sure the computers you use are free of infections of spyware, malware and viruses. No amount of security or WordPress on your web server will make any difference if there is a key logger on your computer. Keep your operating system and the software on it, especially your web browser updated to protect against security breaches. If you browse untrusted sites, we recommend also using tools like no-script (or disabling javascript / flash / java) in your browser.

Vulnerabilities in WordPress

Like many modern software, WordPress is updated regularly to address new security issues that may arise. Improving software security is always an ongoing concern, and to this end, we must always keep up to date with the latest version of WordPress. Older versions of WordPress are not maintained security updates.

Updating WordPress

The latest version of WordPress is always available from the main WordPress website at http://wordpress.org. Official releases are not available from other sites — never download or install WordPress from any website other than http://wordpress.org. Since version 3.7, WordPress has featured automatic updates. Use this functionality to ease the process of keeping up to date. You can also use the WordPress Dashboard to keep informed about updates. Read the entry in the Dashboard or the WordPress Developer Blog to determine what steps you must take to update and remain secure. If vulnerability is discovered in WordPress and a new version is released to address the issue, the information required to exploit the vulnerability is almost certainly in the public domain. This makes old versions more open to attack, and is one of the primary reasons you should always keep WordPress up to date. If you are an administrator in charge of more than one WordPress installation, consider using Subversion to make management easier.

Reporting Security Issues

If you think you have found a security flaw in WordPress, you can help by reporting the issue. See the Security FAQ for information on how to report security issues.If you think you have found a bug, report it. See Submitting Bugs for how to do this. You might have uncovered vulnerability, or a bug that could lead to one.

Passwords

Much potential vulnerability can be avoided with good safety habits. A strong password is an important aspect of this. The goal with your password is to make it difficult for others to guess and hard for a brute force attack to succeed. Many generators automatic password are available that can be used to create passwords. WordPress also has a device for measuring the strength of the password that appears after you change your password in WordPress. Use this time to change your password to ensure its strength is sufficient. Things to avoid when choosing a password: Any permutation of your own real name, username, company name, or name of your website. A word from a dictionary, in any language. A short password. Any numeric-only or alphabetic-only password (a mixture of both is best). A strong password is necessary not just to protect your blog content. A hacker who gains access to your administrator account is able to install malicious scripts that can potentially compromise your entire server

FTP

When connecting to your server you should use SFTP encryption if your web host provides it. If you are unsure if your web host provides SFTP or not, just ask them. Using SFTP is the same as FTP, except your password and other data is encrypted as it is transmitted between your computer and your website. This means your password is never sent in the clear and cannot be intercepted by an attacker.

File Permissions

Some neat features of WordPress come from allowing various files to be writable by the web server. However, allowing write access to your files is potentially dangerous, particularly in a shared hosting environment. It is best to lock down your file permissions as much as possible and to loosen those restrictions on the occasions that you need to allow write access, or to create specific folders with less restriction for the purpose of doing things like uploading files. Here is one possible permission scheme. All files should be owned by your user account, and should be writable by you. Any file that needs write access from WordPress should be writable by the web server, if your hosting set up requires it, that may mean those files need to be group-owned by the user account used by the web server process. / The root WordPress directory: all files should be writable only by your user account, except .htaccess if you want WordPress to automatically generate rewrite rules for you. /wp-admin/ The WordPress administration area: all files should be writable only by your user account. /wp-includes/ The bulk of WordPress application logic: all files should be writable only by your user account. /wp-content/ User-supplied content: intended to be writable by your user account and the web server process. Within /wp-content/ you will find: /wp-content/themes/ Theme files. If you want to use the built-in theme editor, all files need to be writable by the web server process. If you do not want to use the built-in theme editor, all files can be writable only by your user account. /wp-content/plugins/ Plugin files: all files should be writable only by your user account. Other directories that may be present with /wp-content/ should be documented by whichever plugin or theme requires them. Permissions may vary. Changing file permissions If you have shell access to your server, you can change file permissions recursively with the following command: For Directories: find /path/to/your/wordpress/install/ -type d -exec chmod 755 {} \; For Files: find /path/to/your/wordpress/install/ -type f -exec chmod 644 {} \; Regarding Automatic Updates When you tell WordPress to perform an automatic update, all file operations are performed as the user that owns the files, not as the web server’s user. All files are set to 0644 and all directories are set to 0755, and writable by only the user and readable by everyone else, including the web server.

Database Security

If you run multiple blogs on the same server, it is wise to consider keeping them in separate databases, each managed by a different user data. It is best to exercise initial WordPress installation. This is a containment strategy: if an intruder successfully cracks a WordPress installation, which makes it more difficult to change your other blogs.If you administer MySQL yourself, make sure you understand your MySQL configuration and unnecessary features (such as accepting remote TCP connections) are disabled. See Secure MySQL Database Design for a good introduction. Restricting Database User Privileges For normal WordPress operations, such as posting blog posts, uploading media files, posting comments, creating new WordPress users and installing WordPress plugins, the MySQL database user only needs data read and data write privileges to the MySQL database; SELECT, INSERT, UPDATE and DELETE. Therefore any other database structure and administration privileges, such as DROP, ALTER and GRANT can be revoked. By revoking such privileges you are also improving the containment policies.

Securing wp-includes…

A second layer of protection can be added where scripts are generally not intended to be accessed by any user. One way to do that is to block those scripts using mod rewrite in the .htaccess file. Note: ensure the code below is not overwritten by WordPress, place it outside the # BEGIN WordPress and # END WordPress tags in the .htaccess file. WordPress can overwrite anything between these tags. # Block the include-only files. RewriteEngine On RewriteBase / RewriteRule ^wp-admin/includes/ – [F,L] RewriteRule !^wp-includes/ – [S=3] RewriteRule ^wp-includes/[^/]+\.php$ – [F,L] RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L] RewriteRule ^wp-includes/theme-compat/ – [F,L]

Disable File Editing

The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution. WordPress has a constant to disable editing from Dashboard. Placing this line in wp-config.php is equivalent to removing the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users: define(‘DISALLOW_FILE_EDIT’, true); This will not prevent an attacker from uploading malicious files to your site, but might stop some attacks.

Plugins

First of all, make sure your plugins are always updated. Also, if you are not using a specific plugin, delete it from the system.

Firewall

There are many plugins and services that can act as a firewall for your website. Some of them work by modifying your .htaccess file and restricting some access at the Apache level, before it is processed by WordPress. A good example is Better WP Security or All in One WP Security. Some firewall plugins act at the WordPress level, like WordFence and try to filter attacks as WordPress is loading, but before it is fully processed. Besides plugins, you can also install a WAF (web firewall) at your web server to filter content before it is processed by WordPress. The most popular open source WAF is ModSecurity. A firewall can also be added between your hosting company and the Internet (security in the middle), by modifying your DNS records to pass-through the firewall. That causes all traffic to be filtered by the firewall before reaching your site. A few companies offer such service, like CloudFlare and Sucuri.

Plugins that need write access

If a plugin wants write access to your WordPress files and directories, please read the code to make sure it is legit or check with someone you trust. Possible places to check are the Support Forums and IRC Channel. Code execution plugins As we said, part of the goal of hardening WordPress is containing the damage done if there is a successful attack. Plugins which allow arbitrary PHP or other code to execute from entries in a database effectively magnify the possibility of damage in the event of a successful attack. A way to avoid using such a plugin is to use custom page templates that call the function. Part of the security this affords is active only when you disallow file editing within WordPress. Security through obscurity Security through obscurity is generally an unsound primary strategy. However, there are areas in WordPress where obscuring information might help with security: Rename the administrative account: On a new install you can simply create a new Administrative account and delete the default admin account. On an existing WordPress install you may rename the existing account in the MySQL command-line client with a command like UPDATE wp_users SET user_login = ‘newuser’ WHERE user_login = ‘admin';, or by using a MySQL frontend like phpMyAdmin. Change the table_prefix: Many published WordPress-specific SQL-injection attacks make the assumption that the table_prefix is wp_, the default. Changing this can block at least some SQL injection attacks.

Monitoring your logs

If you are on a devoted or virtual private server, in which you have the luxury of root access, you have the aptitude simply configure things so that you can see what’s going on. OSSEC easily facilitates this and here is a little write up that might help you out OSSEC for Website Security – Part I. Monitoring your files for changes When an attack happens, it always leaves traces behind. Either on the logs or on the file system (new files, modified files, etc). If you are using OSSEC for example, it will monitor your files and alert you when they change. Monitoring your web server externally If the attacker tries to ruin your site or add malware, you can also notice these changes by using a web-based integrity monitor solution. This comes in many forms today, use your favorite search engine and look for Web Malware Detection and Remediation and you’ll likely get a long list of service providers.

Client Requirements ()

Terms of Use ()