WordPress Premium Plugin: .htaccess Site Access Control

Get .htac­cess Site Access Con­trol pre­mi­um ver­sion from HERE!

.htac­cess Site Access Con­trol plu­g­in allows you to pass­word pro­tect your site: WP login page, admin pages, and/or the whole site. The plu­g­in adds in this func­tion­al­i­ty on top of Word­Press, using the .htac­cess pass­word pro­tec­tion func­tion­al­i­ty.

As of ver­sion 1.0, the options of the free plu­g­in include:
1. Enabling/disabling the pass­word pro­tec­tion to wp-login.php, Word­Press admin pages. Note that you’ll be asked to re-type the .htac­cess username/password you cre­at­ed before enabling any of the set­tings — to ensure that you would­n’t enable the pass­word pro­tec­tion with­out even know­ing the pass­word your­self!
2. Mod­i­fy­ing the exist­ing users: you can change any .htac­cess user’s pass­word and remove the users.
3. Adding one .htac­cess user.

With pre­mi­um plu­g­in, you can also:
1. Create/modify an unlim­it­ed num­ber of .htac­cess users;
2. Pro­tect your whole site, mak­ing it acces­si­ble to only those who have the .htac­cess user.

Get our pre­mi­um plu­g­in from HERE!

Using the pass­word pro­tec­tion will give you extra secu­ri­ty lay­er of pro­tec­tion from brute force hack­ing attacks. Addi­tion­al­ly, it’s also an easy way to pass­word pro­tect your entire site, with­out need­ing to cre­ate sep­a­rate Word­Press users for each vis­i­tor.

When you enable the pass­word pro­tec­tion, the user won’t be able to see any­thing — not even see the pro­tect­ed page — until he/she inserts the username/password. You can pass­word pro­tect the whole web­site, includ­ing the admin­is­tra­tor pages; you can pass­word pro­tect the admin­is­tra­tor pages; or you can pass­word pro­tect the Word­Press login page.

If you have any sug­ges­tions, please let us know! You can con­tact us via http://wpsos.io/.

WordPress Plugin: Site Language Definition

Site Lan­guage Def­i­n­i­tion is a sim­ple plu­g­in for forc­ing the web brows­er to know what lan­guage your site is in.

Site Lan­guage Def­i­n­i­tion solves a com­mon prob­lem: your web­site is in your cho­sen lan­guage but for some rea­son the brows­er ‘thinks’ it’s in anoth­er lan­guage.

It is par­tic­u­lar­ly com­mon to think that your site is in a dif­fer­ent lan­guage — many Chrome users get mes­sages from Chrome along the lines of, “This site is in Indone­sian. Would you like Chrome to trans­late it?” even when the site does­n’t have a hint of Indone­sian! This has very neg­a­tive SEO ram­i­fi­ca­tions: Google pri­or­i­tizes in its search results sites that it knows are in the user’s lan­guage.

Site Lan­guage Def­i­n­i­tion plu­g­ins adds the nec­es­sary lan­guage attrib­ut­es to your web­site to force the browsers see the web­site as con­fig­ured under the Word­Press Gen­er­al Set­tings. If you need to change the lan­guage, just go to Set­tings -> Gen­er­al, and change the lan­guage of your web­site.

If you have any oth­er sug­ges­tions, please let us know! You can con­tact us via http://wpsos.io/

WordPress Plugin: Remove Feed Links

Remove Feed Links is a sim­ple plu­g­in for remov­ing feed links from the head of your web site.

Word­Press always includes links to the RSS and ATOM feeds by default — but some­times, you just don’t want them.

Maybe your site does­n’t have a feed, such as a sta­t­ic brochure site.
Maybe you don’t want peo­ple using RSS or ATOM to fol­low the site on a read­er, but instead you want them to come direct­ly to the site.
Or maybe you just want to remove every extra char­ac­ter in the code for speed rea­sons.

For us, it was all three of the above! But we could­n’t find a good solu­tion, oth­er than going in and edit­ing direct­ly the tem­plates — which we try to avoid.

The solu­tion? We built the “Remove Feed Links” plu­g­in which does pre­cise­ly what you expect: it removes the links, in the HTML the user sees, to the RSS and ATOM feeds that Word­Press includes by default.

The plu­g­in Remove Feed Links does that by remov­ing post, com­ments, and/or extra (cat­e­go­ry, tags, author) feeds from the head of your site.

The instal­la­tion and use is very straight­for­ward. You should:

1. Upload the fold­er ‘remove-feed-links‘ to the ‘/wp-con­tent/­plu­g­in­s/‘ direc­to­ry
2. Acti­vate the plu­g­in through the ‘Plu­g­ins’ menu in Word­Press

As of ver­sion 1.0, you can choose between 3 options which feed links do you want to remove. You can remove:
1. Com­ments feed links;
2. Posts feed links;
3. Extra Feed links: cat­e­go­ry, tag, search page, author page feed.

If you have any sug­ges­tions, please let us know! You can con­tact us via http://wpsos.io/.

WordPress Plugin: Keyword Landing Page Generator

Get Key­word Land­ing Page Gen­er­a­tor pre­mi­um ver­sion from HERE!

Key­word Land­ing Page Gen­er­a­tor allows you to have one land­ing page, with dif­fer­ent ver­sions (at dif­fer­ent URLs) depend­ing on the key­word — so you can show each vis­i­tor a cus­tomized ver­sion of the land­ing page!

It’s a com­mon prob­lem of mar­keters that you’d like to show dif­fer­ent ver­sions of a land­ing page to a user accord­ing to what they are look­ing for — one for peo­ple look­ing for a “cheap” prod­uct, one for peo­ple look­ing for the prod­uct deliv­ered “fast,” and one for peo­ple look­ing for a “high qual­i­ty” ver­sion of the prod­uct, for exam­ple. Or if you want to have sep­a­rate pages for peo­ple search­ing for red, green, or blue ver­sions of your prod­uct. The pos­si­bil­i­ties are end­less!

Until now, the only solu­tion was to cre­ate hun­dreds of dif­fer­ent land­ing pages — not only is this very time-con­sum­ing but, if you want to update them, it turns into a night­mare!

The solu­tion? The Key­word Land­ing Page Gen­er­a­tor. This pre­mi­um plu­g­in lets you have one land­ing page, but actu­al­ly have three (or three-thou­sand!) unique pages on Word­Press to dri­ve traf­fic to, each one cus­tomized for that tar­get mar­ket.

Each page has a unique URL that is SEO friend­ly and very easy to mod­i­fy, indi­vid­u­al­ly or all at once. You could have Google-friend­ly URLs such as: /intro/cheap/ and /intro/fast/ and /in­tro/high-qual­i­ty/ in the above exam­ple — and an unlim­it­ed num­ber. The pages dis­played would be the same to all — except at the points in which you define, where the head­line text or image or any oth­er com­po­nent or com­po­nents (as few or as many as you like) would change accord­ing to the rules, def­i­n­i­tions, and text you’ve defined in the easy-to-use plu­g­in con­fig­u­ra­tion.

Get Key­word Land­ing Page Gen­er­a­tor from Enva­to!

WordPress Update 4.4.1 Released

Last week, Word­Press announced the release of an update to address secu­ri­ty and main­te­nance issues. The pub­lish­ing plat­form urged users to update their sys­tems imme­di­ate­ly, pro­tect­ing them from a cross-site script­ing (XSS) vul­ner­a­bil­i­ty.

Aaron  Jorbin, a Word­Press con­trib­u­tor who pub­lished news of the update’s release on the com­pa­ny’s offi­cial blog, warned that Word­Press ver­sions 4.4 and ear­li­er could allow sites to be com­pro­mised due to the cross-site script­ing vul­ner­a­bil­i­ty.  The loop­hole was dis­cov­ered and report­ed by Crtc4L.

The bug allows remote attack­ers to gain access and com­pro­mise sites. Hack­ers are able to pass mali­cious con­tent between sites through the cross-site script­ing vul­ner­a­bil­i­ty. The kind of code injec­tion bypass­es the same-ori­gin pol­i­cy, which is an impor­tant con­cept in web secu­ri­ty appli­ca­tions. Wikipedia says under the pol­i­cy, “a web brows­er per­mits scripts con­tained in a first web page to access data in a sec­ond web page, but only if both web pages have the same ori­gin.” 

The vul­ner­a­bil­i­ty was spot­ted by Crtc4L, who is an inde­pen­dent secu­ri­ty researcher based in the Philip­pines. They were award­ed a boun­ty through HackerOne for their dis­cov­ery.

In addi­tion, the update also con­tains sev­er­al bug fix­es unre­lat­ed to secu­ri­ty. Among them are sup­port for all the new emo­ji char­ac­ters late­ly added to the emo­ji col­lec­tion, includ­ing the diverse hand ges­tures and faces. Fans of emo­jis on iOS will rejoice at the long-await­ed news.

Word­Press 4.4.1 fix­es 52 bugs from the last ver­sion. Fix­es to solu­tions includ­ed: “Some sites with old­er ver­sions of OpenSSL installed were unable to com­mu­ni­cate with oth­er ser­vices pro­vid­ed through some plu­g­ins,” and “if a post URL was ever re-used, the site could redi­rect to the wrong post.”

Auto­mat­ic updates are being rolled out to sites that sup­port auto­mat­ic back­ground updates. To down­load man­u­al­ly, you can either head over to Dash­board > Updates in Word­Press and click on the “Update Now” but­ton, or down­load Word­Press 4.4.1 from Word­Press direct­ly.

Recap 2015 — A Year of Security Vulnerabilities

HAPPY NEW YEAR WPSOS READERS!

The time to make new year res­o­lu­tions is here. The time to wave good­bye to 2015. The time of fresh begin­nings. The time to look back on the good and bad of the past year. And the time to review all that hap­pened and move on as a bet­ter ver­sion of your­self.

Con­trary to pop­u­lar opin­ion, it’s not always exter­nal hack attacks that do the most harm. Some­times it is inher­ent flaws in the sys­tem unno­ticed by users until the minute they are exploit­ed. Tech­world did a great piece on secu­ri­ty flaws of the year 2016 detail­ing acci­den­tal flaws in ser­vices lead­ing to attacks in 2015.

Google Android Flaws

Google’s Android plat­form for smart­phones has spread far and wide. Stretch­ing across sev­er­al man­u­fac­tur­ers has made it dif­fi­cult to push updates to all devices at the same time, lead­ing to mul­ti­ple secu­ri­ty issues. In the sum­mer of 2015, many secu­ri­ty flaws were made pub­lic, of which Stage­fright was the most dev­as­tat­ing. Fol­lowed by Stage­fright 2.0, it had a way of beat­ing Android 5.0 lockscreen’s secu­ri­ty code.

Anti-virus Flaws

Of all the anti-virus­es, the most flawed (yet pop­u­lar) AVG was first sin­gled out by an Israeli secu­ri­ty firm enSi­lo which dis­cov­ered a soft­ware flaw. It was patched in two days. How­ev­er, lat­er on a Google engi­neer found anoth­er flaw in AVG’s Chrome brows­er Web Tune-Up plug-in which allowed attack­ers to scour through entire brows­ing his­to­ries.

Juniper VPN ‘Back Door’ Flaw

Appar­ent­ly the VPN part of Juniper’s NetScreen fire­wall kit has had a back­door since 2012. A weak­ness in a piece of encryp­tion fur­ni­ture called Dual_EC_DRBG ran­dom num­ber gen­er­a­tor con­tained a soft­ware flaw that allowed the inser­tion of a back door.

 

Talk­Talk attacked thrice

The telecom­mu­ni­ca­tions com­pa­ny was attacked not just once, but thrice! Accord­ing to the com­pa­ny, ‘only’ 159,959 accounts were com­pro­mised, of which 15, 656 had their bank account details com­pro­mised.

Inde­pen­den­t’s ran­somware

Inde­pen­dent news blog was caught serv­ing Tes­laCrypt ran­somware by Trend Micro. The site was attacked sev­er­al weeks before Trend informed them.