UpdraftClone release new SQL-Admin feature

UpdraftClone release new SQL-Admin feature

The team at UpdraftClone (part of the UpdraftPlus family) have been working hard on the latest Clone SQL-Admin update.

When using UpdraftClone to clone a site, you will now have access to the MYSQL admin panel, which allows you to manage the cloned site database directly within your my-clones page.

After cloning a site, a link will be sent to your email account notifying you when the process has finished. Within the email, you will now find a link for your MySQL administration login.

You can also access this feature via a link that can be found in https://updraftplus.com/my-account/clones, under the “Status” heading. Below is a screenshot of how the new feature looks and where you can find it within your UpdraftClone page.

Clicking on the “MySQL login” link will take you to the following page, where you need to hit “Enter” on the selected Clone.

This will take you to the final SQL-Admin page, where you can directly manage your Clone’s database.

We are sure you will enjoy using this new feature and hope the extra functionality makes your experience cloning a site that little bit better.

Be sure to let us know any feedback you may have in the comment section below.

The post UpdraftClone release new SQL-Admin feature appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

6 reasons why your WordPress website can be vulnerable to hackers

6 reasons why your WordPress website can be vulnerable to hackers

With the brilliant features and customisation options that WordPress provides, it’s no surprise that almost 33% of websites use WordPress CMS. However, potential security issues are something that can come back to bite site owners.

In fact, out of the 8,000 hacked websites analyzed in a recent study, 74% were using WordPress.

If you are using a WordPress website, it is important to ensure your security is properly setup in order to minimise risk. ⚠

So what is the best course of action to take?

The following security issues are some of the most vital and could leave your WordPress site vulnerable to hackers. It is important that you identify these issues and fix them; straight away.

1. Unsecured Hosting Service

One of the major resources that goes into making a website is web hosting.

From your site’s performance to its security, your hosting service can affect it all. As such, it is crucial that you choose a hosting provider that offers adequate security.

As you consider and analyse your hosting options, the following tips should help you.

    • Go through all the security features that it provides.
    • Understand that when it comes to hosting, expensive doesn’t always mean better.
    • Some providers have their entry-level plans costing as much as the high-end plans of other hosting providers. This doesn’t always mean they can be compared.
    • Know the difference between the two most popular types of hosting services.

      Shared Hosting:
      A shared hosting service offers basic security scans that can detect WordPress malware.
      It also allows you to track visitors coming to your site. This can help you identify harmful visitors and block their IP addresses.
      The main highlight of a shared hosting service is its ability to host more than one website, which also makes it a lot cheaper than other hosting types.

      Managed Hosting:
      This is the hosting service that provides a firewall for security along with a routine malware scan.
      Some providers offer ‘Managed hosting services’  that restrict access to WordPress files and folders to keep them safe.
      For example, WP-Engine prevents changes in all PHP files, while Pantheon doesn’t allow writing on folders except for the one containing theme and plugin data.
  • Test customer support:
    Customer support is another factor that you need to consider while comparing hosting providers.

    Whether it’s a trivial issue or a complete breakdown; if it’s about the hosting service, the provider should offer full customer support.

    To find out how qualified a provider’s support system is, simply get their contact details and reach out to them. Ask them all your questions and see how patient and cooperative they are while addressing your concerns.

    Based on this experience, you’d get an idea of how they’ll react in case of a security breach. This should help you decide if you want to buy from them or not.

If you have already purchased a hosting plan from the wrong provider, don’t worry. You don’t have to wait for your plan to expire. Services like BlogVault and Migrate Guru can help you migrate to different hosting providers without any hassles.

2. System updates

Like any other CMS, WordPress requires regular updating. Ignoring this could make your WordPress site a potential security risk.

In fact, 80% of the WordPress websites that have been hacked were running outdated themes and/or plugins. Eye-opening, right?

Being an open source CMS with thousands of developers working on different themes and plugins means your WordPress dashboard may receive many updates based on the plugins and themes that you are using.

You need to make sure that all the core themes and plugins are updated to the latest version.

Steps to Update a Plugin:

  • Open your WordPress dashboard and go to Plugins > Installed Plugins

  • The dashboard will take you to the page displaying plugins that you have installed.

    Identify the plugins that are pending and update and click ‘update now’.

Similarly, you can update themes on your site in much the same way by going to Appearance > Themes.

This will also unlock the latest features added to the theme/plugin/system. This helps in maintaining your website’s security and stability at the same time.

3. Pirated Themes or Plugins

While setting up a WordPress website won’t burn a hole in your pocket, making it aesthetically pleasing and rich in features could as a good WordPress theme/plugin can cost you anywhere between $10-$200.

To escape from these ‘supposedly’ uninvited costs, webmasters often take the cheaper route and use nulled/pirated plugins/themes, which are available for free or at negligible prices.

What are the results of this?

There have been a number of cases when a website using a nulled theme unwittingly granted backdoor access to the hackers through the URL: http://www.example.xyz?backdoor=go

The hackers were able to access the site as the URL triggered a backdoor to the website, creating a new WordPress administrator account with the following credentials:

Username: backdooradmin
Password: Pa55W0rd

This is generally a result of an additional shortcode that has been added to the functions.php file by the actual theme owner.

To save your site from such risks. Always acquire themes and plugins from the official WordPress repository or other trusted sources such as Theme Forest or Themeisle.

4. Dummy Login Details

Default login page:
Using the same old usernames and an easy-to-guess passwords makes life so much easier for hackers trying to get into your website’s back-end.

How to Fix?

  • Username and Password issue:
    Try to create a username and password that you have not used on another account.

    Please note that it is crucial to have a unique username. If the username is easy to guess, the only thing that a hacker will need to find out is your password.

    Be sure to never display your username on your website. To do this would be like giving hackers a personal invitation to feast on your WordPress dashboard. Instead, use a nickname or a title that’s different from the username.
    Default login page URL issue: www.yoursite.com/wp-admin

    This is the most effortless and the most common choice of a WordPress login page URL, which leaves your site vulnerable to hackers.

    Most hackers don’t attack manually. They program bots to access login pages and crack the login credentials of target sites.

    Using the default login page URL will reduce work for bots and hackers trying to get into your website.

    The best way out is changing the default login URL.

    For example, changing – www.yoursite.com/wp-admin to www.yoursite.com/welcometomysite

    To do this, follow these simple steps.

    – First, take a complete backup of your WordPress site using UpdraftPlus.

    – Then install and activate the ‘Easy Hide Login’ plugin (it’s free).

    – Go to the plugin’s settings and submit your choice of login slug (such as “welcometomysite”).

    – This will change your WordPress login address from yoursite.com/wp-admin to yoursite.com/welcometomysite and make it much more difficult for people to hack your site.

5. Writable PHP Files

Just like any other computer program on or off the web, a WordPress website also consists of files and folders.

One of these folders is the ‘Uploads’ folder. This folder stores all themes and plugins data for your site.

Potential hackers can find a way to upload a PHP code to this folder to gain access to your website.

Once hackers have access via this method, they can steal content that you were planning to publish in the future along with other important resources like email addresses from your mailing list. They may also sell back-links from your site or use your content to create links to their websites without your knowledge. Or worst of all, they can destroy the whole website and take it down.

The worst part of this type of hack is that you would not know about any of this until your hosting provider or a search engine banned your website.

To save yourself from this, you can disable PHP execution via the following steps.

  • Create a .htaccess file in the ‘Uploads’ folder in your website’s root directory in cPanel.

  • Create a new file with Notepad (on Windows) or TextEdit (on Mac).
  • Paste the following code in this file and save it as .htaccess (not as .htaccess.txt).

    # BEGIN WordPress

    RewriteEngine On
    RewriteBase /
    RewriteRule ^index.php$ – [L] RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    # END WordPress
  • Upload this file to the ‘Uploads’ folder.
  • Now, you have a new .htaccess file specifically for your ‘Uploads’ folder. Right-click to edit it and paste the following code.

    Order Allow, Deny
    Deny from all

After implementing the above steps, your website will prevent the execution of any foreign files consisting of ‘PHP’. This change will add another brick to your site’s security wall.

Also, note that using this method is a bit risky. Even a trivial mistake can damage your site. So, if you are unsure about using cPanel, consult someone who is.

6. Lack of a SSL certificate

While http://yoursite.com and https://yoursite.com will both load the same web-page, there is a small difference that can break the deal.

The SSL certificate.

The first URL in the example above isn’t using an SSL certificate, while the second example is.

This can greatly affect a website’s security by putting the communication between the visitor’s device and your web servers at risk.

An SSL certificate encrypts the information so it can’t be accessed by anyone but the intended recipients. To safeguard your website against such leaks, it’s recommendable to install an SSL certificate as early as possible.

Installing an SSL certificate is usually straight forward and easy to do. You can usually buy an SSL certificate from your hosting provider, but If they don’t sell an SSL service, you should consider buying from another provider.

Getting an SSL certificate from your hosting provider will also save you the hassle of installation. They will set everything up and you just have to redirect your ‘http’ pages to ‘https’.

In Summary 

Failing to secure your WordPress site against security threats can hurt your business in a number of ways. It’s no surprise that all webmasters need to pay attention to website security and have an adequate backup plugin and system in place. Despite your best efforts, should the worst happen and your site suffers a malicious attack; UpdraftPlus can provide a safe and secure backup and restore option. This will help ensure your website always has that all important safety-net, even in the event of a hack. 

In this post, you have read about 6 loopholes that could potentially put your WordPress website security at risk due to hackers. Hopefully, this article helped you secure your site and take it’s security to the next level. 

By Vaibhav Kakkar

The post 6 reasons why your WordPress website can be vulnerable to hackers appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

Latest Easter Updates for UpdraftPlus and UpdraftCentral released

During the recent Easter holidays, the UpdraftPlus team have been working hard getting the latest updates out to our loyal customers. Our newest updates are for UpdraftPlus 1.16.12, UpdraftCentral 0.8.6 (Free) and UpdraftCentral 0.8.2 (Premium).

The latest update for UpdraftPlus includes the fix of an regression issue which caused PcIZip unzips to run slow. Thanks to this fix, we are confident that your experience with UpdraftPlus will be better than ever before.

Another new feature that we are excited to share is the new option that allows UpdraftCentral Premium users to suspend a site. There are numerous reasons that may require you to suspend a site; these can include the non-payment of hosting fees or even a violation of policies. With the latest UpdraftCentral update, you now have this option directly at your fingertips.

The changelog is as follows. We recommend the update for all users.

UpdraftPlus 1.16.12

  • FIX: Regression which caused PclZip unzips to be very slow
  • TWEAK: Add stream_meta to the list of log tables and tables not requiring search/replace

UpdraftCentral 0.8.6 (Free)

  • FIX: Fix fetching of updates fails if permissions fail on one site
  • TWEAK: Add parameters to some filters
  • TWEAK: Add specificity to some general CSS
  • TWEAK: Update bundled UUDRPC library to version 1.4.18
  • TWEAK: Backup status checks are now performed less often once a backup lasts longer than 3 minutes

UpdraftCentral 0.8.2 (Premium)

  • FEATURE: Add capability to suspend a site



The post Latest Easter Updates for UpdraftPlus and UpdraftCentral released appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

New and updated “How to use site-to-site WordPress Migrator” video released

UpdraftPlus Migrator is a powerful, easy to use and popular feature that enables users to clone or migrate a source WordPress site to a destination WordPress site in just a few minutes.

We are pleased to announce that a new and updated UpdraftPlus Migrator “how-to” video guide has now been released. As this was the most requested video on our YouTube channel, we are happy to provide Migrator users with a detailed guide to take you through the full process of migrating a WordPress site.

While there is an in-depth written Migrator guide, we know that many users prefer the visual and audio instructions that a video tutorial video provides. We always try to give as many different options for support and guidance as possible and hope that this new Migrator how-to video will be a useful helping-hand should you need any additional instruction.

Check out the video and be sure to let us know what you think in the comments section below; Also share with us any ideas you may have if you think there are any other how-to videos you would like to see.


The post New and updated “How to use site-to-site WordPress Migrator” video released appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

WP-Optimize announce release of new leading image compression feature

WP-Optimize announce release of new leading image compression feature

As mentioned in our previous preview blog, we have been hard at work developing a new image compression tool for the latest WP-Optimize 2.3.0 (free + paid) release. Our image compression service is an easy to use and handy imaging tool that allows you to quickly and easily optimise, compress and resize images on your website.

How the image compression option will look in WP-Optimize

As unnecessarily large website images can cause frustratingly slow website loading speeds, we identified the need for a new image compression tool within WP-Optimize. Large images can impact on a websites user experience, bounce rate and SEO performance, but with our new image compression options you can improve these factors without compromising quality.

How Image Compression Works

By using the best-in-class Lossy and Lossless compression techniques; WP-Optimize can offer massive savings in image file size and saves the new compressed file in your image library.

If you have a lot of images on your website, you can also use our bulk editing option to compress as many images as you want at the same time – or even set-up ‘Auto-Compress’, which enables you to set WP-Optimize to automatically compress your images as and when they are uploaded.

In order to achieve big savings and increase speed, WP-Optimize gives you the option of choosing either Lossy or Lossless image compression. When using image compression methods, you may find that there may be a slight loss in image quality, but rest assured it will hardly even be noticeable. The Lossy compression method can achieve greater space savings when compared to Lossless, but Lossless compression allows you to keep file data and the original image quality.

For more information on the difference between Lossy and Lossless compression and what kind of results you can expect with WP-Optimize, be sure to check out our in-depth recent blog on this subject.

WP-Optimize doesn’t limit you and will let you work with your favourite kind of images, allowing you to compress NG, JPG, GIF, BMP and TIF pictures up to 5mg in size. Our image optimisation service even allows you to backup your original files so you can quickly restore them in case you make a mistake or need the original full quality image.

You can also be assured that should you wish to remove the WP-Optimize plugin for whatever reason, your compressed images will remain unaffected, allowing you to keep all your new and original content and maintain full control over your website.

Be sure to let us know any feedback comments you may have in the comment section below.

The post WP-Optimize announce release of new leading image compression feature appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.