Posts by Siva_G

Fast, Secure And Intelligent Server

THPro is proud to announce a new server with major upgrade in its security and speed. Due to a constant battle against brute forces and data reconnaissance by hackers, we are compelled to up our security in a fashion that makes it very hard to break/hack into our servers. 

 

To switch over your current site to the new web server, please call us (800)-325-4315

 

In coming weeks, we are rolling out our own products which will help our clients not only feel safe but also to take full advantage of our craftmanship

 

  • Total Secure Site: Take an aggressive stance against malware and hacking attempts against our servers, and by extension, Websites. We are also launching our own CDN to deliver the web content across the internet with very minimum latency and lightning speeds
  • SSL / HTTPS / TLS: We now offer fully integrated HTTPS / SSL for your website. Encrypt your website and reap the benefits. Google recently announced that secure websites rank higher than their un-secured ones.
  • Chat: We understand how important it is to capture every visitor on your website and convert into a sale. So, by providing a live chat panel on your website, you can increase your sale conversions by engaging the client when the opportunity arises. The chat feature is available via a desktop and mobile interface.
  • Merchant Accounts: Card transaction play a major role in your business constituting for about 40% of small business transactions. Why not accept the cards on site? Coming soon with an Android and iOS app to facilitate those needs.
  • Market Place: Help others and grow together! Give us the leads that you don’t want and we will give it others in need of it. We are developing a Lead Market Pool because we know how hard it is to capture a lead, don’t let it slip away.

Release data: TBA

WordPress Safety

WordPress Safety For Server Admins

 

 

This topic is for agencies that has WordPress (here in WP) as their platform to hold their clients' websites. Multi-site especially. WP is famous and as you know, fame draws lot of attention. In world of web, we are talking about hacking attempts and brute forces. It is very important to protect your server with any kind of attack. So, in this post, I will go through some information that no other company shares!

 

So Sit tight! . . . Read the article . . . and forget everything you just read. . . Not!!

 

Before you attempt to tackle this process prepare with the following; a) try to understand the way WP works, b) know the software that is needed to run on your server, c) security precautions, etc. We have clients that come to us with a virus attacked site or a malware injected sites because they went with a low cost, unreliable hosting provider where their c-block is shared with millions of others. The bad news is, if you are not technically savvy, google is penalizing your website and even provide you with a nice "Un-trusted website !!" warning when people try to visit your website. So, I highly recommend anyone to research and understand how WP works.

 

 

The following recommendations are for NGINX server admins. WP works with Apache and Nginx but I prefer the latter because its fast, reliable, non-blocking and easy to create server blocks. Too much flexibility!

 

For server admins:

  • Check the logs:  The server logs typically located at
    /var/logs/nginx/

    Look in access.log and error.log. Investigate the IP's and the paths. I'm sure you will find multiple post requests to wp-login / wp-admin and xmlrpc.php. Block those attempts and save bandwidth.

  • Expensive operation: Compared to all the processes a server does, writing to a file is considered expensive process because it uses considerable amount of CPU and RAM. So, why not turn of logging and give more power to the server to respond to the incoming requests. Logging is found at /etc/nginx/nginx.conf . Comment out the current log paths and add following
    access_log off; error_log off;
  • Rate Limit: This is where you limit the number of requests hitting your server. Limit it something like 10 requests / second and 10 mb per request. Research on its implementation because there are many variables associated.
  • Limit access to login portal: It is super easy to find out if you have WordPress installation and all it takes to add "/wp-admin" or "/wp-login" at the end of url and bam! I got the login screen. If you don't protect this screen with who can access it, its like an open invitation for hackers. And again, research the ip protected implementation. Typically, this is done at /wp-login directive in server block. You can allow the IP's you trust and deny the rest.

Websites are not DIY anymore

Can I Build My Own Website? Seems Easy Enough.

Website design has grown to new heights. It’s not only the appealing look and intuitive navigation, but also the content that goes on a page. There are so many attributes associated with it that I can write a book about it. Here are the few things to consider while designing a page.

 

Skill Level - 1 (Generally Tech Proficient):

  1. Follow the SEO rules by moz before starting anything
  2. Don’t overload the page with super high resolution images that takes lot of time to download. When is the last time you waited more than 5 seconds for a website to load?
  3. Make sure the content is clear and don’t embed the content in pictures
  4. A user likes to interact with website once it loads. So, it is a good idea to place your phone number / Contact form links above the fold (definition: the viewable area when the website opens up).
  5. Try not to use page blocking pop ups.
  6. Absolutely NO FLASH players. Never.

Skill Level - 2 (Tech Savvy & Interested):

  1. Combine photos with CSS sprite sheet technique
  2. Resize the photos to a max size of 1600 x 900.
  3. Place Javascripts in footer or after the <body> tag
  4. Make a habit of using JPEG images instead of PNG. The difference between JPEG and PNG is , the latter uses additional channel "Alpha" (Transparency). This is good for logos but for full color images, stay away from it.

Skill Level - 3  (Tech Passionate):

  1. Enable gzip compression.
  2. Use NGINX server.
  3. (For NGINX) Hide the server info, take care of XSS attack, click jacking and cross site scripting. Just copy and paste the following  lines in nginx.conf. Typically, the file is found at /etc/nginx/nginx.conf
server_tokens off;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

Say goodbye to PHP and welcome to NodeJS ( In my opinion... ) Static sites built on NodeJS are insanely fast and can save hundreds of dollars in server costs. Don't take my word for it, watch it for here and decide yourself

Still not convinced?
We designed a website for one of our clients Haynes Construction which has high quality images all around and loads instantaneously. If you are thinking that the website is on an insane server, you would be wrong !
Call us at 800-325-4315  to find out more or if you are interested to get something similar. We are more than happy to give you some tips if you are already working with any other company

(For WordPress Users) Offload the MySQL database to a standalone server. Offload images & any other static content to CDNs like Cloudflare.

  1. Cache, Cache, Cache....
  2. Minimize Web-Requests.
  3. Minimize in-line CSS scripts.

Too much to handle ? I was just getting warmed up....

As I mentioned before there is a ton that can be done on a website and if your business is based on the website, don't do the mistake of doing it yourself unless you know what you are doing.  

Feel free to contact us