What is FTP?

File Transfer Protocol (FTP) is a network protocol used to transfer files between computers over the web. Users granted access can receive and transfer files in the FTP server known as the FTP host/site.

FTP provides basic, unencrypted file transfer capabilities to connect users over the internet. Developed in 1971 and thoroughly used throughout the 90s, this file-sharing option is now an archetype of the past, replaced by SFTP and SSH. 

The thing is, FTP wasn’t designed to be secure and has many security vulnerabilities like:

• Packet Sniffing. FTP is plain text which means it’s not encrypted. All transmissions, logins, passwords, and data are readable by anyone on the network. 
• Brute Force Attacks. Because FTP isn’t encrypted, it’s highly susceptible to hackers systematically checking frequently used passwords until the correct password matches.
• Anonymous FTP Vulnerabilities. Anyone can access older or anonymous FTP servers without needing a username or password. 
• Port stealing. Hackers can guess the next open port or use a PORT command to gain access as a go-between.

FTP doesn’t provide any safeguards preventing even the most inexperienced of hackers. Additionally, federally compliant organizations or networks can’t use FTP because of its lack of security. In fact, in 2017, the FBI issued a notice and warning about the potential for data breaches in the healthcare system for organizations using FTP. 

How to Secure Your Data 

Easy, don’t use FTP. Seriously. There are other protocols like SFTP, FTPS, and HTTP. SFTP (Secure File Transfer Protocol) is the refreshed, secure version of FTP. 

Other ways to keep your data secure:

• Frequently update your protocols. Attacks over protocols occur when you slack on updating your system.
• Install an SSL (secure socket layer) certificate. SSLs encrypt the data on your website.
• Use 2FA (two-factor authentication). Minimize the chances of hackers breaching your server. 

There’s definitely a time and a place for using FTP. An FTP server allows you to organize your files, provide access to other users to download these files remotely, and also set permissions for what users can and can’t do to your files. If you choose FTP, we recommend having your own private FTP server with a strong password. This way, you can transfer your files easily, but without security concerns.

Despite its security concerns, FTP remains available for file sharing but isn’t recommended for most uses. When using FTP, ensure you’re following every security protocol possible and consider using other alternatives like HTTPS or SFTP. 

The post Is FTP Secure? The Complete Breakdown of FTP Hosting and If It’s Right for You appeared first on The A2 Posting.

Common WordPress Security Attacks

Security Attack #1: Brute-force

Brute-force: In this attack, bad actors attempt to guess login information by using automated password generators.

Basic defense: Use strong passwords. For recommendations about how to generate strong passwords, see our Knowledge Base article.

Security Attack #2: Cross-Site Scripting (XSS)

This is a hacking technique where malicious code from user input is injected into web pages and then viewed by site visitors. XSS attacks can potentially extract sensitive information, affect website functionality, and more.

Basic defense: Wherever a web site receives user input, the input should be filtered as strictly as possible based on the expected or valid input.

Security Attack #3: SQL injection

In this type of attack, malicious SQL statements are injected via unsanitized user input. SQL injection attacks can be used to tamper with data, extract sensitive information, and more.

Basic defense: Scan your site for SQL injection vulnerabilities using online website scanning tools like Sucuri SiteCheck.

Security Attack #4: Backdoor

A backdoor is malicious code that contains a hidden way to bypass the login or authentication process of a website.

Basic defense: Make sure your server has antivirus and firewall protection and is kept up to date. Also make sure you keep WordPress itself and any associated plugins updated with the latest security patches.

Security Attack #5: Denial-of-Service (DoS) attacks

This type of attack renders a website inaccessible or unavailable to its users. For example, a Distributed Denial-of-Service (DDoS) attack sends traffic from multiple sources to a website, overwhelming its network connection.

Basic defense: Using a well-established Content Delivery Network (CDN) such as Cloudflare can help mitigate or even prevent these types of attacks.

Security Attack #6: Phishing 

Attackers use the phishing technique to impersonate a legitimate company, typically via email, in order to obtain personal information directly from the target. The attacker then uses the information to hack the site or commit fraud.

Basic defense: Spam filters can detect and prevent most malicious emails from reaching users’ inboxes.

Security Attack #7: Hotlinking

This is a technique where a website links directly to the targeted website’s assets, such as video or image files, in order to increase SEO ranking or to feature media without using their own server resources or bandwidth. For example, if website B hotlinks to website A’s featured image, and website B receives a lot of traffic on the page with the image, website A’s server resources are depleted, potentially affecting website A’s performance.

Basic defense: Use a plugin or Content Delivery Network (CDN) such as Cloudflare to help protect your media files.Conclusion

Conclusion

Now that you understand the various types of security threats to be aware of, consider the following root causes of why your WordPress site may be vulnerable to security breaches:

• Your WordPress site is out of date and requires an update to the most recent version.
• You have unused or outdated themes or plugins installed on your site, which cause compatibility issues and open up security holes.
• Your WordPress site admin login page is still set to the default /wp-admin, making it vulnerable to brute-force attacks.

Give your site a thorough security audit, or contact the A2Hosting Guru Crew if you want to improve the security of your WordPress sites.

The post 7 WordPress Security Attacks You Must Know appeared first on The A2 Posting.

Fortunately, there’s no shortage of CSS frameworks that can fast-track the design and development process. By opting for a framework, you can create standardized, higher-quality code, with less time and hassle.

In this post, we’ll discuss what CSS frameworks are and why you may want to consider using one for your next project. We’ll then share advice on how to find the framework that’s right for you, before exploring six popular CSS frameworks. Let’s get started!

An Introduction to CSS Frameworks

CSS (Cascading Style Sheets) controls the presentation of a document that’s written in a markup language such as HTML. Unlike some other languages, CSS creates a separation between presentation and content. This gives you more flexibility in how you display your content.

This language also promotes code reuse, as multiple pages can use the formatting defined in a single CSS file. This can reduce complexity and repetition, while also improving your project’s performance, such as by reducing your website’s page loading times.

Many different systems use CSS. This includes WordPress themes, which uses CSS to output the data generated by this popular Content Management System (CMS). Every WordPress theme contains a single style.css file:

Although you can write pure CSS, many designers and developers choose to use a CSS framework. This is a collection of stylesheets that provide a basic structure and classes for common elements.

You can use these pre-prepared stylesheets as a reference for resolving problems of a similar nature. Alternatively, you can override the framework’s generic functionality for your specific use case.

There can be some confusion about when to use a framework, and when it makes more sense to opt for a library. With libraries, you control when this technology performs a particular function. The rest of your code exists independent from that library. However, with CSS frameworks the control flow is in the framework, and you’ll customize it in places to better suit your project.

Why You Might Want to Use a CSS Framework

CSS frameworks can reduce the amount of code you need to write. Instead of programming everything from scratch, these frameworks provide all the tools you need to spin up a basic UI.

You can then spend your time perfecting this interface to meet your project’s exact requirements. Since you’re not starting every project with a blank slate, you’ll have more time to focus on the specific features that make your site or app unique.

A CSS framework can also be useful for agencies and freelancers who manage multiple client sites. Using this tool, you can create a theme and then deploy it across countless websites. This can help you onboard new clients more quickly, and grow your business without drastically increasing your workload.

If you’re collaborating on a project with multiple people, a CSS framework can help you achieve consistency. For example, instead of each team member inventing their own class names, a CSS framework implements standardized naming conventions. This typically results in higher-quality code that’s easier to read and maintain.

When your code is consistent, you’ll also find it easier to onboard new team members or freelancers. It’s also worth remembering that just because your staff are happy in their role now doesn’t necessarily mean they’ll stick around forever.

It’s smart to ensure that even if your head developer leaves, your project can continue. To make sure your project is never wholly reliant on a single person, it’s a good idea to implement a standardized approach that’s clearly defined and understood by everyone. A framework can help you achieve this uniformity across your project.

Factors to Consider When Using a CSS Framework

A CSS framework can be a valuable addition to your project. However, if you have little previous experience with CSS, then it’s important to familiarize yourself with this language before jumping into the world of frameworks.

By taking the time to master pure CSS, you’ll be better equipped to identify issues with your syntax. When you know how to achieve the desired results in pure CSS, you’ll also find it easier to scan your framework’s documentation for the information you need. This can boost your efficiency, particularly when it comes to problem-solving and troubleshooting.

We always recommend taking some time to sharpen your CSS knowledge before you start shopping around for a suitable framework. Depending on your previous experience and knowledge, this may require a significant amount of time and effort.

A CSS framework will also add to your project’s overhead. Depending on your project, this may include lots of unnecessary or irrelevant code that you don’t even use. Bloat is never good, but it makes zero sense to increase your project’s size without adding any value.

Since your project exists inside the CSS framework, this may be limiting for your application or website. If you rely on a framework too heavily, there’s also the risk that your finished project will look similar to other sites and apps that use the same framework. This can make your project blur into the background, when it should be standing out from the crowd.

How to Choose the Right CSS Framework

To start, your chosen framework should meet all of your project’s technical requirements. It’s also smart to look for characteristics that make this framework a good fit for your project. For example, a lightweight framework may be the perfect addition to a mobile-focused design, but it may be less ideal for a large, complicated application.

Over time, your project’s requirements will likely change. Although it’s impossible to predict the future, it’s always worth considering how your project might develop over the long-term. Your chosen CSS framework should be able to support your site or application as it evolves over months, and potentially even years.

When choosing any technology, it’s always smart to consider its ease of use. Even if you’re fluent in CSS, learning any new technology requires a big upfront investment. Every moment that you spend familiarizing yourself with your new framework is time that you could have invested directly into your project.

Ideally, your chosen framework will be intuitive, user-friendly, and have a gentle learning curve. This will minimize the time between installing the framework and starting to reap the benefits. If a framework is user-friendly, then you’re also much less likely to encounter major issues, including stumbling blocks that require you to pause development in order to research the problem.

When considering ease of use, it’s important to find out what support is available. Ideally, the framework will be backed by official documentation, tutorials, and perhaps even professional support.

You should also consider the level of community resources available, including third-party blogs, forums, and social media sites. An active community can be an invaluable source of additional support. You could even put your questions directly to the community via channels such as Stack Overflow.

6 Popular CSS Frameworks (And When To Use Them)

With so many CSS frameworks to choose from, picking just one isn’t always easy. That’s why we’ve compiled this list of the six most popular CSS frameworks. Along the way, we’ll help you make the right decision, by suggesting the kind of projects each framework is perfect for.

1. Bootstrap

Originally named Twitter Blueprint and developed as a tool for internal teams, Bootstrap has since grown into one of the most popular CSS frameworks. Today, Bootstrap is used by around 22 percent of all websites, and its GitHub consists of over 20,000 commits from more than 2000 contributors.

To get started, you can download Bootstrap’s source Sass and JavaScript files from either Composer, Meteor, or the Node Package Manager (npm). You can also use the npm template repository to quickly generate a Bootstrap project, or check out any of the official examples, that are supported by extensive documentation.

All of this makes Bootstrap a great choice for anyone who’s new to CSS frameworks, or has limited pure CSS experience. This may include back-end developers who want to make some changes to their projects’ User Interface (UI). For these designers, Bootstrap provides templates for all of the most popular UI components, including alerts, tabs, forms, and dropdowns.

Bootstrap is also designed for responsive, mobile-first front-end development. This makes it a good fit for mobile projects.

If you do require additional support, Bootstrap has a large and active community on Stack Overflow. You can also access real-time support via the Bootstrap Slack channel.

2. Foundation

Foundation is a front-end framework for building websites, applications, and emails. Thanks to its Sass compiler, the responsive Foundation framework is ideal for creating projects fast.

Foundation favors clean, semantic code and takes a mobile-first approach. After ensuring that your project is fully compatible with mobile devices, you can add in more complexity for a fully-responsive design.

Foundation provides HTML, CSS, and JavaScript, which is great for rapidly prototyping websites. If you’re using Foundation to create emails, this framework provides tested patterns that work with all of the major email clients, including Outlook. This can help you create emails that display and function correctly, regardless of how the recipients choose to access them.

Despite its speed, Foundation is far from a limited framework, and many developers use it to create large applications. It’s also highly customizable, which makes Foundation a good choice for designers who want to create a unique experience for their end users, and who aren’t afraid to dig into Foundation’s more complex features in order to achieve the desired result.

Despite its current status as an open-source project, Foundation was originally maintained by ZURB. Today, ZURB continues to offer a full program of tutorials, online courses, custom training, and even an official Foundation certification.

3. Skeleton

The Skeleton framework is a small collection of CSS files that you can use to rapidly generate clean code and simple layouts. Coming in at under 400 lines of code, this bare-bones framework is a good fit for smaller projects, or projects that don’t require the utility of a larger, heavier solution.

As a lightweight framework, Skeleton shouldn’t add unnecessary bloat to your project, which can be particularly valuable for mobile designs. If you’re creating a mobile project, Skeleton has a well-structured grid that enables you to create a responsive layout with minimal hassle.

Skeleton provides a 12-column fluid grid with a maximum width of 960px. This grid shrinks according to the browser and device. However, if you need to alter the maximum width you can make that change with a single line of CSS.

Skeleton serves its scalable grid using media queries. It also provides a list of mobile-first queries for styling your project across multiple devices. All styles outside of a query apply to all devices, so larger devices are targeted for enhancement. This prevents small devices from having to parse large amounts of unnecessary CSS.

If you’re new to the world of CSS frameworks, Skeleton’s simplistic approach makes this a good framework for beginners. For CSS newcomers, it can even be a valuable learning tool before progressing to more complex and feature-rich frameworks.

Unlike some of the other CSS frameworks on this list, Skeleton is designed as a starting point that you can develop into something more substantial. It’s also worth noting that Skeleton’s lack of templates may become an issue if you try to use this framework in larger or more complex projects.

4. UIKit

UIKit is a responsive, lightweight CSS framework that you can use to create clean and professional-looking interfaces. This framework defines all the core components such as table views, buttons, labels, and navigation controllers.

UIKit is also extensible, and supports a comprehensive collection of advanced components that are not bundled with the core framework. This includes parallax girds, dynamic pagination, and sliders.

Alongside CSS files, UIKit provides an autocomplete package for Sublime Text and Atom editors. Since users don’t have to repeatedly look up UIKit markups and class names, this framework is great for your overall productivity.

Unlike other frameworks such as Bootstrap and Foundation, UIKit breaks the layout into three components: grid, flex, and width. Instead of restricting you to a 12-column grid setup, UIKit gives you the flexibility to create as many columns as you require.

Over at the UIKit website, you’ll find extensive official documentation and a series of video tutorials. Despite these useful learning resources, we find that UK Kit is a more complex framework that’s best suited to experienced developers.

5. Semantic UI

Semantic UI is a framework for creating responsive layouts. Based on natural language principles, Semantic UI aims to make code readable and easier to understand by creating a shared vocabulary around UI.

To achieve this, Semantic UI treats words and classes as interchangeable concepts. All classes are human words and use syntax from natural languages, including noun/modifier relationships and word order. Semantic UI also uses plurality to link concepts intuitively. As a result, its code often resembles regular text.

Human-readable code and ease of use makes Semantic UI a great choice for anyone who’s new to the world of frameworks. If you do have previous experience, it’s worth noting that Semantic UI integrates with React, Angular, Meteor, Ember, and various other frameworks.

In addition to the functionality you’d typically expect from a CSS framework, Semantic UI provides simplified debugging and performance logging. This enables you to track down bottlenecks without digging through stack traces. These added extras make Semantic UI suitable for larger projects, including enterprise apps and websites.

6. Pure

Built on Normalize.css, the Pure framework is a set of small, responsive CSS modules that provide layout and styling for native HTML elements. This includes many common UI components. Pure has a minimal and unopinionated design, so you should have no issues adding new CSS rules and overriding Pure.css with your own styles.

Coming in at 3.87B minified and gzipped, this is a simple, lightweight framework. If you only require a subset of Pure’s modules, you’ll save even more bandwidth. This makes Pure ideal for smaller projects, or any project that has modest requirements.

Its small footprint also means that Pure is a good choice for mobile projects, where you’re typically working with less memory. Even better, this framework is responsive out of the box, thanks to its use of Pure Grids and Vertical Menus. With Pure CSS, you can be confident that your UI will look and display correctly across a range of mobile and tablet devices.

Conclusion

Building applications and websites from scratch can quickly start to feel repetitive. Instead of wasting time coding the same elements over and over again, a CSS framework can handle this busywork for you.

If you’re still unsure which CSS framework is right for you, here’s a quick reminder of the six frameworks we covered earlier:

1. Bootstrap: An open source framework that’s perfect for responsive, mobile-first front-end web development.
2. Foundation: With an emphasis on speed, Foundation is ideal for rapid prototyping.
3. Skeleton: Coming in at under 500 lines of code, this CSS framework is designed with mobile devices in mind.
4. UIKit: A lightweight, modular framework that targets highly-experienced, professional developers.
5. Semantic UI: This theming framework contains pre-built semantic components that can help you create professionally-designed, responsive websites.
6. Pure: A collection of responsive CSS modules that have much to offer for mobile developers.

A CSS framework can be your secret weapon for developing professionally-designed websites and applications in record time. However, once you’re ready to send your project out into the world, you’ll still need somewhere to host it.

By choosing a provider that’s optimized for web frameworks, you can ensure that you’re getting the very best out of your finished project. At A2 Hosting, we’ve optimized our plans for a wide range of frameworks, including Bootstrap. We even offer 1-click framework setup!

The post What Is a CSS Framework? (And When to Use 6 Popular Options) appeared first on The A2 Posting.

Fortunately, there are many ways to protect your website from the threat of malware and other cybersecurity issues. Many hosting providers enable customers to configure a range of site security settings using the popular Linux control dashboard cPanel. 

In this post, we’ll explain what website security is and why it’s important. We’ll also provide seven actionable tips that you can use to improve your site security and protect your website with cPanel. Ready? Let’s get started!

Why Protecting Your Website Is Important

It takes time and money to create a high-quality website for your business. However, without the right level of security, you could be putting your site at risk. 

According to cybersecurity statistics published by Forbes, one in three Americans have been a victim of ransomware attacks, and only five percent of companies ensure that their folders are properly protected.  That’s why it’s so important for site owners to take steps to secure their websites on a regular basis.

However, although protecting against cybercrime is one of the main benefits of maintaining good site security protocols, there are also some other benefits, including: 

• It helps to keep your employees safe. In the same way that your website can be at risk of malware attacks, your workers can be too. Viruses can pass from device to device. Therefore, if your site becomes infected, the devices your team members use to access the site may become compromised too.
• It can prevent your website from going down. Site owners should aim for as little website downtime as possible. Good cybersecurity measures can help you achieve this. By putting protective measures in place before attacks happen, you can prevent malware from causing issues that make you take your site offline to fix them. 
• It can inspire confidence in your customers. For online businesses, reputation is everything, even when it comes to your website. By following good cybersecurity protocols and sharing this with your customers, you can help them feel safe and secure when using your site. 

Next, we’ll take a look at cPanel, a commonly used control panel for WordPress sites. You can use it to make your website more secure without investing in any expensive plugins. 

A Brief Introduction to cPanel

cPanel is a control application that enables you to carry out server tasks for your WordPress website:

It isn’t the only application of this type available, but it’s the most commonly used Linux control panel. cPanel provides users with an easy-to-use interface for carrying out essential server-side maintenance tasks, including:

• File management
• Database management 
• Email management
• Site backups 

It can make your site easier to manage due to its automated processes and 24/7 support team. As such, it could be worth considering if you’re looking to save time and effort on your website management.

There are also several ways in which you can use cPanel to enhance cybersecurity. Next, we’ll take a look at some of the things you can do to protect your website with this application. 

How to Protect Your Website With cPanel (7 Essential Tips)

There are many site security plugins that you can use to enhance your cybersecurity. However, many of these are premium plugins that aren’t available for free. By using cPanel, you can secure your website using tools already at your disposal, so you don’t have to spend a penny. Here are our top seven tips for protecting your website with cPanel.

1.  Update cPanel Regularly 

Outdated elements on your website can lead to serious vulnerabilities. This is also true for cPanel. If it isn’t up to date, you could be leaving your site open to attacks and breaches. 

Additionally, you could be missing out on access to new security features by using an outdated version. Updates are used to fix bugs, add new features, and improve the security of cPanel. As such, it could be a good idea to ensure that you are always using the latest version of the software.

The good news is that keeping cPanel up to date is fairly easy. Depending on your hosting package, you may not need to manually update it at all, as the system administrators may take care of it for you.

If you do need to update it manually, start by logging into WebHost Manager (WHM). In the upper right corner of the main WHM screen, you should be able to see the current version of cPanel you’re running:

If a new version is available, you’ll also see a box just underneath this giving you the option to Update Now. All you have to do is click on this and wait for it to finish upgrading (it might take a while). Note that the Update Now box isn’t visible in the image above, as we’re currently already running the latest stable build. 

2. Choose Strong Passwords and Regularly Update Them

It’s imperative to ensure that all of your site entry points are protected by strong passwords. Without secure passwords in place, seasoned cybercriminals can easily infiltrate your site and install malware. 

Thankfully, with cPanel, it’s easy for you to reset your password. It even comes with a password generator to help you protect your site using strong credentials. To keep your site as safe as possible, it’s recommended that you change all passwords on a regular basis. Configuring them around once a month is usually sufficient. 

To change your cPanel password, log in and head to the Preferences tab, then click on Passwords and Security: 

Next, you’ll be prompted to input your old password, as well as your new updated password. You’ll also see a score that tells you how weak or strong your credentials are. If your chosen password is too weak, you might want to click on Password Generator instead. This will automatically generate a new, stronger login: 

Once you’ve done that, copy the generated password and paste it into the New Password field. Also, be sure to save it in a secure location that you can access in case you forget it and need a reminder. 

When you’re ready, click on Save Password Now! Once you’ve done that, your update should be complete, and you can start using your new credentials. 

3. Password Protect Your Vulnerable Directories 

In addition to having a strong password for your cPanel account, it’s equally important to password protect your vulnerable directories. Doing this in cPanel enables you to limit access to certain content for specific users.

Once you’ve added password protection to a directory, your site will prompt visitors to enter a username and password in their web browsers before they can access it. This helps to keep sensitive content secure from unauthorized access.

To add password protection to a directory, start by logging into cPanel. Next, scroll down to the Files section and click on Directory Privacy:

Here, you should be able to see a list of all your directories. Click on Edit next to the name of the folder you want to protect. On the next page, tick the box next to the text that says Password protect this directory. Then, type in a name for the protected directory below and click on Save:

Once you’ve done that, you should see a brief ‘success’ message. Click on Go Back, then enter a Username and Password in the appropriate text boxes, and then click on Save.

Note: You can also automatically generate a strong password by clicking on the Password Generator button:

If you ever want to remove the password protection, repeat the steps above to navigate to the directory again. Then, clear the Password protect this directory checkbox.

4. Enable cPHulk Brute-Force Protection

cPHulk is another useful service provided by cPanel that helps to protect your server against brute force attacks. These attacks involve an attacker using an automated system to attempt to guess your username and passwords by repeatedly trying different combinations in rapid succession.

Using cPHulk through cPanel will enable you to block the IP address or accounts exhibiting suspicious behavior automatically. This prevents attackers from carrying out any further attempts to log in, thus preventing them from gaining unauthorized access and installing malware on your site.

To enable CPHulk Brite-Force protection, you’ll first need to log in to WHM. From there, navigate to Security Center in the left-hand sidebar, and click on cPHulk Brute Force Protection:

Next, you can toggle the button to ON to enable cPHulk protection:

Once it’s enabled, you can tweak the Configuration Settings. For example, you can specify how many failed login attempts are required to lock IP addresses out, and how long they should be locked out for. Once you’re done making changes, click on Save:

Note that aside from Configuration Settings, several other tabs are available on this page: Whitelist Management, Blacklist Management, and History Reports.

You can whitelist and blacklist certain IP addresses manually by navigating to the appropriate tab. This is useful in certain circumstances. For example, it may be a good idea to whitelist your own IP to avoid a lockout from your server.

If you ever need to see a log of what actions cPHulk has taken, you can do so by clicking on the History Reports tab. 

5. Protect Against Hotlinking 

Hotlinking (sometimes called ‘direct linking’) refers to when another website links out directly to content hosted on your website, such as image files. When visitors to their website load the page, your site serves the image files they see. This allows the other website to effectively ‘steal’ your bandwidth and use it to show pictures to their visitors. 

Naturally, this is something you’ll probably want to avoid. Fortunately, you can do so easily. All you have to do is configure hotlink protection using cPanel. Here’s how to go about it.

First, log in to cPanel and scroll down to the Security section. Then, click on the Hotlink Protection icon:

On the next page, you can toggle Hotlink protection ON or OFF. You can also change your configuration settings. For example, you might want to specify certain URLs that are allowed to access your files (cPanel will automatically populate this box with suggested local URLs):

Next, you can also specify the specific file extensions you want to block direct access to by adding them to the Block direct access for the following extensions box (make sure you separate each file extension by a comma):

Again, the above box should be automatically pre-populated with commonly hotlinked file extensions. However, you might want to add extra file extensions that aren’t already included. 

You can also add a URL to the Redirect requests to the following URL text box:

This will serve users from blocked sites with the specified URL page instead of the hotlinked file. Once you’re done making changes to the settings, just click on Submit.

6. Utilize Patchman by SITELOCK

Patchman is a really useful security service that helps to prevent your site from being hacked. Once installed, it will automatically scan your website for malware. If it detects any potential threats, it immediately emails you to notify you of them. If you don’t resolve the issue within 24 hours, Patchman will quarantine the affected files to protect your site:

Not only that, but Patchman also detects whether your WordPress, Drupa, or Joomla installation requires patching. Again, it will notify you of this by email and automatically apply the patch if you don’t fix it yourself within a week.

A2 Hosting has partnered with Patchman to provide our web hosting customers with free malware and vulnerability scans. Therefore, if you have a web hosting account with us, Patchman should already be enabled for your domain. 

However, if you want to manage your settings or carry out specific administrative tasks, you can do so by accessing the Patchman dashboard. To get to the dashboard, start by logging into cPanel, then click on Patchman in the Advanced section:

From here, you can run manual scans, view detected items and applications, and carry out manual actions. For example, you can review potential malware and choose to either ignore it or quarantine it:

Utilizing Patchman is one of the best ways to protect your website from security threats. However, not all hosting providers include access to it. Therefore, it may be a good idea to choose a hosting service provider that partners with the service.

7. Use Secure Shell File Transfer Protocol (SFTP)

SFTP stands for Secure Shell File Transfer Protocol. As the name suggests, it’s a secure version of the regular File Transfer Protocol (FTP). It uses the Secure Shell protocol to encrypt transfers.

If you didn’t already know, FTP is how you transfer files between your computer and your hosting server to make them accessible to the public and vice-versa. These files are often confidential and may include sensitive data such as usernames and passwords.

The problem is that the original FTP protocol doesn’t encrypt this data, which leaves it vulnerable to interception by attackers. If you want to prevent hackers from getting access to your data, it’s recommended that you encrypt it by using STFP instead.

In order to transfer files using SFTP, you’ll need your main cPanel account’s private key for authentication. To find it, log in to cPanel and scroll down to the Security section. Then, click on SSH Access:

]

On the next page, click on Manage SSH Keys:

If you already have a public/private key pair, you can use those for SFTP transfers. If you don’t already have one, you can generate a new one by clicking on Generate a New Key:

Once you’ve generated a new key, go back to the Manage SSH Keys interface, and click on the Manage link next to the new key. Next, click on the Authorize button to allow it:

Go back and scroll down to Private Keys and click on View/Download. The next page should display your SSH key details. You can click on Download Key to save it somewhere safe to your computer:

Once you’ve done all the above, your site is ready for an SFTP connection. You can open your preferred FTP client and use the private key you downloaded to connect via SFTP.

Conclusion

Keeping your site safe from malicious activity and malware is extremely important. Fortunately, cPanel offers you several ways to ensure that your site is secure and protected. 

Here’s a quick recap of how to protect your website using cPanel:

1. Update cPanel regularly. 
2. Choose strong passwords and update them regularly. 
3. Password protect your vulnerable directories. 
4. Enable cPHulk Brute-Force protection.
5. Protect against hotlinking.
6. Utilize Patchman by SITELOCK.
7. Use Secure Shell File Transfer Protocol (SFTP).

If you’re looking for a hosting provider that understands the importance of site security and reliable hosting, check out our affordable Linux hosting plans!

Image credit: Free-Photos.

The post How to Protect Your Website With cPanel (7 Essential Tips) appeared first on The A2 Posting.

What is a Fully Qualified Domain Name (FQDN)? 

A Fully Qualified Domain Name (FQDN) is a domain name consisting of three parts: the hostname, the domain name, and the top-level domain. The hostname is the specific computer or device on the network that you want to use the FQDN for. The domain name is the section of the FQDN that uniquely identifies your network. The top-level domain is the highest level of classification for domains and is assigned by ICANN. For example, when you type “www.google.com” into your web browser, “www” is the hostname, “google” is the domain name, and “.com” is the top-level domain. 

Different computer types use different terminology for FQDNs like network names or full computer names. 

Why should I use an FQDN? 

FQDNs indicate unique addresses on the internet. If you don’t have an FQDN, you don’t have an accessible website. They’re required for installing SSL certificates, imperative to the security of your website. 

Apart from having an accessible website, FQDNs are also useful to have a discoverable computer on an internet network, like when you need to access a computer remotely. This is common in an office to track a computer’s activity. 

Also, FQDNs help you access domain services like FTP (File Transfer Protocol) and email. For example, if you want to connect your domain name’s email to an email app on your phone like Gmail or Apple Mail, you need to know the FQDN for the mail server, which is typically something like “mail.yourdomainname.com.” 

Here is an example of an FQDN:

1. www.a2hosting.com
2. mail.a2hosting.com
3. ftp.a2hosting.com

How to find your FQDN

If you’re not sure how to find your FQDN, please review the following links: 

Find your FQDN for Windows OS (operating systems).

Find your FQDN for macOS.

When you generate a domain name, it should contain three parts. The first part is the hostname which identifies the specific computer or device on your network that will be using this FQDN. The second part of an FQDN is the domain name and it uniquely identifies your company’s network. Finally, there is the top-level domain (TLD) which classifies domains as either generic or country-code TLDs such as .com for commercial purposes. If you need help viewing any of these components within your own FQDN contact our support team today!  

Related Articles:

• How to manage cPanel Mail Exchanger (MX) records
• How to use the DNS Zone Editor in cPanel
• How to verify site ownership with Google
• How to determine your account’s server name

The post What Is a Fully Qualified Domain Name? appeared first on The A2 Posting.

Brute Force is a website attack that uses either humans or systems to target protected information, with the main goal of obtaining login information. This blog discusses some well-known methods for preventing Brute Force attacks.

1. Hide the WordPress Admin Login Page

WordPress by default has the login page as either one of the following:

•  /wp-login.php
• /login
• /wp-admin
• /admin

Gaining access to login pages, particularly the admin login, provides hackers with unrestricted access to the entire site.

There are several ways to hide the login area, including using a plugin like WPS Hide Login, which allows you to change the admin login to another URL of your choosing. When someone tries to access wp-admin/wp-login.php/login/admin, they will get a 404 error.

2. WordPress Two-Factor Authentication (2FA) 

A two-factor authentication gives you an extra layer of security by requesting additional identification factors like the following: 

• A unique password (OTP) sent by SMS/e-mail
• A phone call
• A QR code
• A push notification

WordPress supports two-factor authentication via plugins like the Two-Factor plugin or time-based authentication via Google Authenticator. The Google Authenticator plugin enables per-user two-factor authentication. You could enable it for your administrator account while using less privileged accounts as usual.

3. Cloud-Based Security Plugins

While traffic is beneficial to any website, excessive bad traffic depletes your server’s resources. Similarly, limiting the number of users who can enter your site at the same time protects you from distributed denial of service (DDoS) attacks. Popular cloud security plugins such as Sucuri or CloudFlare not only protect against brute force login attacks, but also other security threats such as DDoS, spam, and bots. They provide complete protection for your WordPress site. Examine the security measures provided by your hosting provider for your website.

Conclusion

As previously stated, a brute force attack is one of the most traditional attacks, but it remains the most common type of WordPress security attack. While plugins and other security tools are available to help mitigate security threats, it is always important to keep your WordPress up to date. This includes updating any plugins and themes, as outdated plugins or themes provide a good backdoor for hackers to attempt a security attack. If you have any questions or need any help protecting your site contact our support team today!

The post How to Protect Your WordPress Against Brute Force Attack appeared first on The A2 Posting.

This new PHP version has allowed popular frameworks like Symfony and WordPress to run on PHP 8.1, so you know that A2 Hosting’s servers will be able to support it! You can now take advantage of PHP 8.1 with your PHP applications hosted by us.

New Updates!

PHP 8.1 is the most recent release of PHP and features new updates, such as:

Scalar Type Hints

PHP will now receive better error messages when type hinting doesn’t match. This means that if you’re expecting a string and PHP receives an integer, PHP will throw a clear and concise error message to help you debug the issue easier. PHP will also not allow errors to occur when typing hinting at your PHP variables. This is just one of the ways PHP 8.1 helps you keep your PHP applications secure and bug-free!

Return Type Declarations

PHP 8.1 now supports return type declarations which means that PHP will be able to tell what kind of data you’re expecting back from a function. PHP 8.1 can not only help with security but also PHP performance as PHP will be able to execute the function and return the type of data you’ve requested without an extra step which speeds up PHP execution!

PHP 7 Compatibility

PHP 8.1 now has improved compatibility with PHP 7 so PHP developers don’t have to rewrite their PHP scripts for PHP 7. PHP 8.1 is backward compatible with PHP 7 so you don’t have to rewrite your code!

Contact Us Today

A2 Hosting is a leading provider of PHP hosting with a 99.9% uptime guarantee and a 24/7 support team to help you get the most out of PHP 8.1, today! Our expert Guru Crew team can help you with any questions or concerns about your PHP application, PHP 8.1 support, or migrating to PHP 8.1! We are available 24/7/365.

The post A2 Hosting Supports Newest PHP Version 8.1 appeared first on The A2 Posting.

Step 1: Purchase a Web Hosting Package

The first step to using A2’s SiteBuilder is finding a hosting package. If you’re unsure how to choose the best plan, please consult our guide. Selecting a package comes down to three main questions:

1. First, how many unique daily visitors does your site have?
2. What resources do you need? (disk space, bandwidth, CPU)
3. Do you need a managed or unmanaged solution?

We offer shared, VPS, and dedicated hosting plans with options for dedicated WordPress hosting and reseller hosting. 

Upon checkout, select which A2 SiteBuilder plan you want. 

We offer four tiers of SiteBuilder: (all prices reflect USD)

• Free (1-Page Site)
• Basic (10-Page Site) $6/monthly
• Business (10 Pages & Unlimited Templates) $12/monthly
• Enterprise (Unlimited Pages & Templates) $16/monthly

The hosting plan you need depends on answers to the above questions. If you’re still not sure, contact our sales team today. They’ll assess your hosting needs and set you up with an appropriate plan. 

Step 2: Log in to your cPanel to access A2 SiteBuilder

Once you purchase your website, log in to your cPanel to access A2’s SiteBuilder. 

Follow these instructions: 

1. In cPanel, locate the Software section and click the A2 Website Builder icon.
   
2. On the A2 Website Builder page, click the Create Site button.
   

Additional controls appear. Click Login under Actions. Then, it transfers you to the SiteBuilder. In this SiteBuilder, you can pick a theme, edit every page aspect, and add a blog or eCommerce integration.

Now you’re ready to design! Only three more steps until you’ve created the website of your dreams.

Step 3: Choose Your Template

We offer various pre-designed templates to customize to your liking. You can edit every aspect of the template, from the layout to the color schematics. 

Step 4: Add Content

You can’t sell a piece of a blank canvas at an art exhibition just as you can’t advertise your website without content. With A2’s SiteBuilder, you can add text, logos, headlines, videos, pictures, and any additional content to your website. 

Step 5: Publish Your Site

Once you’ve chosen a template and added your first content, you’re ready to publish your website. 

Click the Publish button and your website is off to the races! You can further edit your website at any time, whenever you need to add content or change existing content. 

And that’s all there is to it! A2’s SiteBuilder offers:

• A plethora of pre-designed templates 
• Easy drag and drop editing
• eCommerce capabilities 
• SEO (search engine optimization)
• Social sharing across social channels
• Easy image uploads
• Easy video integrations

In only 5 steps, you no longer need to worry about WordPress complications. A2’s SiteBuilder gives you WordPress power in a simple form!

Frequently Asked Questions (FAQs)

Is the A2 SiteBuilder included in my web hosting package?

Yes, you can add SiteBuilder to any one of our plans, but the cost depends on how many pages you need to design. We offer a free SiteBuilder package for one page, but if you need to design additional pages, we offer higher-tiered packages. 

Do I need technical expertise to use the A2 SiteBuilder?

No. We designed it for ease of use and for users of all experience levels. Even seasoned developers like it because of its ability to help you customize your website quickly and affordably.

Can I change my template after publishing my site?

Yes! You can change the website’s template at any time without losing any of the content. 

Related Resources:

• Build A Website Fast & Easy With The A2 Website Builder
• How to Design Your Site with A2 Website Builder
• 3 Ways Using a Website Builder Can Save You Time
• Should I Use A Website Builder Or Hire A Web Developer?
• Can You Build a Website for Free?

The post How Do I Create a Site Builder Website? The Step-By-Step Guide appeared first on The A2 Posting.

With our LiteSpeed Hosting solution, you address speed issues with a blazing-fast platform.  Read on to discover how it can help you build a site fit for the modern consumer.

What Is LiteSpeed?

LiteSpeed — a drop-in, speed-enhanced web server — is available with our Turbo packages. With LiteSpeed, our clients experience 20X faster page loads compared to traditional solutions. If you’re serious about boosting your site’s performance, you should make the switch to LiteSpeed.  Here’s why:

High-Performance

A slow website impacts your bounce rates, SEO rankings, and bottom line. With Litespeed, we take care of your site’s performance so you can focus on other high-value activities. Here’s what we can guarantee with our solutions:

• 40% faster CPU performance
• 2X faster to first byte
• 9X more traffic capacity
• 3X faster read/write speeds

Free Site Transfer

Are you ready to experience A2 Hosting but fear migrating to our servers on your own? Don’t worry; in most cases, we can move sites for free. Call our 24/7/365 Guru Crew Support for more information about our free site transfer.

With our worry-free migration services, you can eliminate all speed optimization barriers.

Developer Friendly

We’ve been serving various website needs since 2003, and we’ve always enabled our clients to enjoy the most popular development software. We support older versions, too! Here is some of the development software we can link to your account:

• PHP 5.6, 7.1, 7.2, 7.3, 7.4, or 8.0
• MySQL
• 6/MariaDB
• PostgreSQL 9.6
• Python 3.4
• PERL 5.10
• Apache 2.4
• js 12
• FTP/SFTP
• Free SSH Access
• SSL & Free SSL

Perpetual Security

Recent cyber security statistics reveal that hackers attack 30,000 sites across the globe every day. With our Perpetual Security feature, we prevent our clients from falling victim to such attempts. A2 Hosting accounts come with free HackScan Protection to block malware before they can do any damage. Also, our reinforced distributed denial of service (DDoS) Protection boosts the likelihood of remaining online even after attacks.

Benefits of Turbo Plans

At A2 Hosting, our goal is to provide our clients with the best web hosting solutions that are both ultra-fast and reliable, like our Turbo plans. These are the options we offer for such services:

• 40% faster CPU performance
• 2x faster to first byte
• Can handle 9x more traffic
• Improved user experience with fast page loads
• Better SEO rankings

Built for Speed

Below are some components that make our turbo plans super fast, apart from LiteSpeed Hosting:

• Non-volatile memory express (NVMe): Through this component, we offer 3X faster read/write speeds.
• HTTP/3: This feature is the new gold standard in providing faster and more reliable connections for sites and Application Programming Interfaces (APIs).
• Edge Side Includes (ESI): With ESI, you don’t have to designate entire pages as non-cacheable. Instead, you can determine which portions can be cached and those that cannot.
• Quick UDP Internet Connections (QUIC): This element is an ideal alternative to transmission control protocol (TCP). QUIC creates multiplexed connections between computers, which further enhances your website’s speed.

Advanced Caching Software

Every time someone visits your site, your server has to run a request to convert all information pieces to viewable parts in a web browser. This process sometimes causes sites to run slowly, but it doesn’t have to.

This process doesn’t vary much from visitor to visitor, making caching essential. Turning on your cache stores your files within a much faster random-access memory (RAM). When caching software, your site won’t have to run complicated processes. Instead, your server stores HTML files for a fast load speed.

Upgraded Server Hardware

At some point in your company’s life, peer-to-peer networking becomes insufficient. As you grow, your user demands will exceed the capacities of routers and shared storage devices. For this reason, upgraded server hardware can do wonders for your business.

With a trusty server on your side, you can manage email campaigns for more people, grant access to multiple users, and manage shared resources in the workplace.

Optimized Configurations

Our experts know our hosting infrastructure inside and out, making it easy to optimize our solutions for various sites. Whether you have a CSS, JS, or HTML site, we have the right hosting infrastructure to meet your needs.

With our optimized configurations, you can enjoy faster load times while reducing overall page size. We can help you save up to 80% bandwidth and boost your site’s performance tenfold.

The A2 Hosting Edge

A2 Hosting is nothing like your typical hosting company. We designed our Turbo plans for super speed, limited occupancy, and various performance add-ons to provide clients with the fastest web hosting services available anywhere.

With our solutions on your side, you can boost your user experience and conversion rates. Read on for more reasons to switch to A2 Hosting.

Super Speed

Fast web hosting servers allow you to customize your website in a way that addresses your unique requirements. These services are essential to thrive in the modern world.

Fast hosting leads to a quick load time — a crucial SEO component that encourages clients to hang around. Additionally, a fast website equates to better security and more revenue. If your slow internet is driving away clients, It’s time to say goodbye to mediocre hosting.

Guru Crew Support

With A2 Hosting, our exceptional services don’t end when you sign up with us. Our 24/7/365 Guru Crew Support proves it.

When you manage a company, you typically observe normal business hours. However, overseeing a website is a different story.

Websites require 24/7 support because anyone can access the internet from anywhere in the world. Any time of the day, you have visitors reading your content or making purchases. Every time you experience technical difficulties, you can lose traffic and credibility.

Whether you experience a breakdown or network outage, our support team will be there for you 24/7/365.

Money-Back Guarantee

We believe in all our groundbreaking solutions, inspiring us to offer a money-back guarantee. There’s nothing to lose but everything to gain from our offer, so why not give it a shot?

We don’t think you’ll cancel because we offer up to 20X faster web hosting to help you thrive in the modern world! However, if you do, we’ll give you a hassle-free refund. We hate breakups as much as the next person, but we won’t hold it against you.

99.9% Uptime Commitment

Uptime refers to a measure of system reliability expressed as a percentage of time a machine has been available. When hosting providers boast impressive uptime rates, it’s a good indication of high-performance servers. Our 24/7/365 support staff will get your site running in no time.

Upgrade Your Website Now

In today’s modern world, your website speed can make or break your online presence. A fast load time can boost your SEO, conversion, and sales efforts. Whether you need shared web or managed dedicated services, there’s an ideal Turbo Hosting for your needs. With its LiteSpeed Hosting feature, you never have to lose an online client again because of a slow website.

Contact our sales team today to discover how working with us can transform your business.  We’d love to help you achieve your 2022 business goals.

The post What is LiteSpeed? The Ultra-Fast Web Server You Should Know About appeared first on The A2 Posting.

Apache Log4j 2 is a Java-based logging library developed by the Apache Foundation. It is used by numerous enterprise applications and cloud services to provide advanced logging capabilities. If you have a managed hosting account, you can rest assured that we take care of server configuration and updates for you. If you have an unmanaged server, now is a good time to review your security configuration and make sure updates are installed in a timely manner.

On November 24, 2021, Alibaba Cloud’s security team reported a Log4j 2 remote code execution vulnerability to Apache. The exploit takes advantage of some Log4j functions that perform recursive analysis. With specially constructed malicious requests, attackers can trigger remote code execution.

The vulnerability impacts default configurations of several Apache frameworks, including:

• Apache Druid
• Apache Flink
• Apache Solr
• Apache Struts2

On December 10, 2021, this vulnerability was officially designated in the NIST national vulnerability database as CVE-2021-44228 (also known as the “Log4Shell” vulnerability).

How the Vulnerability Impacts You

Depending on the type of hosting account you have with A2 Hosting, you may or may not need to take action:

Shared, Reseller, and Managed WordPress Accounts

If you have a shared, reseller, or Managed WordPress hosting account, you do not need to do anything. These servers automatically receive frequent updates that include patches for the Log4j 2 vulnerability.

cPanel published an update to mitigate CVE-2021-44228 the same day the vulnerability was announced. For more information, see cPanel’s blog entry.

Managed VPS and Dedicated Servers

If you have a Managed VPS or Managed Dedicated server, you most likely do not need to take any action – your server is updated automatically with patches for the Log4j 2 vulnerability. The only exception is if you have installed any software utilizing log4j outside of cPanel/WHM you should ensure those installations are updated. All software installed and managed by A2 has already been updated.

cPanel published an update to mitigate CVE-2021-44228 the same day the vulnerability was announced. For more information, see cPanel’s blog entry.

Unmanaged VPS and Dedicated Servers

If you have an unmanaged VPS or unmanaged Dedicated server, make sure you keep it up-to-date with the latest security patches.

If you use Log4j 2 it is very important to ensure you have updated to the most recent version.  The first patch included another vulnerability which required a second patch.

Java 8 (or later) users should upgrade to release 2.16.0.

Java 7 users should upgrade to release 2.12.2.

More information can be found at Apache.

For information about how to install updates on unmanaged servers, please see this Knowledge Base article.

The Bottom Line

Heartbleed… Shellshock… The Log4j vulnerability is only the latest in a long line of security bugs. It isn’t the first, and it surely won’t be the last.

If you have a managed hosting account, you can rest assured that we take care of server configuration and updates for you. If you have an unmanaged server, now is a good time to review your security configuration and make sure updates are installed in a timely manner.

The post Log4Shell: 0-day Exploit in Popular Apache Logging Package Log4j 2 appeared first on The A2 Posting.