WordPress Premium Plugin: .htaccess Site Access Control

Get .htaccess Site Access Control premium version from HERE!

.htaccess Site Access Control plugin allows you to password protect your site: WP login page, admin pages, and/or the whole site. The plugin adds in this functionality on top of WordPress, using the .htaccess password protection functionality.

As of version 1.0, the options of the free plugin include:
1. Enabling/disabling the password protection to wp-login.php, WordPress admin pages. Note that you’ll be asked to re-type the .htaccess username/password you created before enabling any of the settings – to ensure that you wouldn’t enable the password protection without even knowing the password yourself!
2. Modifying the existing users: you can change any .htaccess user’s password and remove the users.
3. Adding one .htaccess user.

With premium plugin, you can also:
1. Create/modify an unlimited number of .htaccess users;
2. Protect your whole site, making it accessible to only those who have the .htaccess user.

Get our premium plugin from HERE!

Using the password protection will give you extra security layer of protection from brute force hacking attacks. Additionally, it’s also an easy way to password protect your entire site, without needing to create separate WordPress users for each visitor.

When you enable the password protection, the user won’t be able to see anything – not even see the protected page – until he/she inserts the username/password. You can password protect the whole website, including the administrator pages; you can password protect the administrator pages; or you can password protect the WordPress login page.

If you have any suggestions, please let us know! You can contact us via http://wpsos.io/.

WordPress Plugin: Site Language Definition

Site Language Definition is a simple plugin for forcing the web browser to know what language your site is in.

Site Language Definition solves a common problem: your website is in your chosen language but for some reason the browser ‘thinks’ it’s in another language.

It is particularly common to think that your site is in a different language — many Chrome users get messages from Chrome along the lines of, “This site is in Indonesian. Would you like Chrome to translate it?” even when the site doesn’t have a hint of Indonesian! This has very negative SEO ramifications: Google prioritizes in its search results sites that it knows are in the user’s language.

Site Language Definition plugins adds the necessary language attributes to your website to force the browsers see the website as configured under the WordPress General Settings. If you need to change the language, just go to Settings -> General, and change the language of your website.

If you have any other suggestions, please let us know! You can contact us via http://wpsos.io/

WordPress Plugin: Remove Feed Links

Remove Feed Links is a simple plugin for removing feed links from the head of your web site.

WordPress always includes links to the RSS and ATOM feeds by default — but sometimes, you just don’t want them.

Maybe your site doesn’t have a feed, such as a static brochure site.
Maybe you don’t want people using RSS or ATOM to follow the site on a reader, but instead you want them to come directly to the site.
Or maybe you just want to remove every extra character in the code for speed reasons.

For us, it was all three of the above! But we couldn’t find a good solution, other than going in and editing directly the templates — which we try to avoid.

The solution? We built the “Remove Feed Links” plugin which does precisely what you expect: it removes the links, in the HTML the user sees, to the RSS and ATOM feeds that WordPress includes by default.

The plugin Remove Feed Links does that by removing post, comments, and/or extra (category, tags, author) feeds from the head of your site.

The installation and use is very straightforward. You should:

1. Upload the folder `remove-feed-links` to the `/wp-content/plugins/` directory
2. Activate the plugin through the ‘Plugins’ menu in WordPress

As of version 1.0, you can choose between 3 options which feed links do you want to remove. You can remove:
1. Comments feed links;
2. Posts feed links;
3. Extra Feed links: category, tag, search page, author page feed.

If you have any suggestions, please let us know! You can contact us via http://wpsos.io/.

WordPress Plugin: Keyword Landing Page Generator

Get Keyword Landing Page Generator premium version from HERE!

Keyword Landing Page Generator allows you to have one landing page, with different versions (at different URLs) depending on the keyword — so you can show each visitor a customized version of the landing page!

It’s a common problem of marketers that you’d like to show different versions of a landing page to a user according to what they are looking for — one for people looking for a “cheap” product, one for people looking for the product delivered “fast,” and one for people looking for a “high quality” version of the product, for example. Or if you want to have separate pages for people searching for red, green, or blue versions of your product. The possibilities are endless!

Until now, the only solution was to create hundreds of different landing pages — not only is this very time-consuming but, if you want to update them, it turns into a nightmare!

The solution? The Keyword Landing Page Generator. This premium plugin lets you have one landing page, but actually have three (or three-thousand!) unique pages on WordPress to drive traffic to, each one customized for that target market.

Each page has a unique URL that is SEO friendly and very easy to modify, individually or all at once. You could have Google-friendly URLs such as: /intro/cheap/ and /intro/fast/ and /intro/high-quality/ in the above example — and an unlimited number. The pages displayed would be the same to all – except at the points in which you define, where the headline text or image or any other component or components (as few or as many as you like) would change according to the rules, definitions, and text you’ve defined in the easy-to-use plugin configuration.

Get Keyword Landing Page Generator from Envato!

WordPress Update 4.4.1 Released

Last week, WordPress announced the release of an update to address security and maintenance issues. The publishing platform urged users to update their systems immediately, protecting them from a cross-site scripting (XSS) vulnerability.

Aaron  Jorbin, a WordPress contributor who published news of the update’s release on the company’s official blog, warned that WordPress versions 4.4 and earlier could allow sites to be compromised due to the cross-site scripting vulnerability.  The loophole was discovered and reported by Crtc4L.

The bug allows remote attackers to gain access and compromise sites. Hackers are able to pass malicious content between sites through the cross-site scripting vulnerability. The kind of code injection bypasses the same-origin policy, which is an important concept in web security applications. Wikipedia says under the policy, “a web browser permits scripts contained in a first web page to access data in a second web page, but only if both web pages have the same origin.” 

The vulnerability was spotted by Crtc4L, who is an independent security researcher based in the Philippines. They were awarded a bounty through HackerOne for their discovery.

In addition, the update also contains several bug fixes unrelated to security. Among them are support for all the new emoji characters lately added to the emoji collection, including the diverse hand gestures and faces. Fans of emojis on iOS will rejoice at the long-awaited news.

WordPress 4.4.1 fixes 52 bugs from the last version. Fixes to solutions included: “Some sites with older versions of OpenSSL installed were unable to communicate with other services provided through some plugins,” and “if a post URL was ever re-used, the site could redirect to the wrong post.”

Automatic updates are being rolled out to sites that support automatic background updates. To download manually, you can either head over to Dashboard > Updates in WordPress and click on the “Update Now” button, or download WordPress 4.4.1 from WordPress directly.

Recap 2015 – A Year of Security Vulnerabilities

HAPPY NEW YEAR WPSOS READERS!

The time to make new year resolutions is here. The time to wave goodbye to 2015. The time of fresh beginnings. The time to look back on the good and bad of the past year. And the time to review all that happened and move on as a better version of yourself.

Contrary to popular opinion, it’s not always external hack attacks that do the most harm. Sometimes it is inherent flaws in the system unnoticed by users until the minute they are exploited. Techworld did a great piece on security flaws of the year 2016 detailing accidental flaws in services leading to attacks in 2015.

Google Android Flaws

Google’s Android platform for smartphones has spread far and wide. Stretching across several manufacturers has made it difficult to push updates to all devices at the same time, leading to multiple security issues. In the summer of 2015, many security flaws were made public, of which Stagefright was the most devastating. Followed by Stagefright 2.0, it had a way of beating Android 5.0 lockscreen’s security code.

Anti-virus Flaws

Of all the anti-viruses, the most flawed (yet popular) AVG was first singled out by an Israeli security firm enSilo which discovered a software flaw. It was patched in two days. However, later on a Google engineer found another flaw in AVG’s Chrome browser Web Tune-Up plug-in which allowed attackers to scour through entire browsing histories.

Juniper VPN ‘Back Door’ Flaw

Apparently the VPN part of Juniper’s NetScreen firewall kit has had a backdoor since 2012. A weakness in a piece of encryption furniture called Dual_EC_DRBG random number generator contained a software flaw that allowed the insertion of a back door.

 

TalkTalk attacked thrice

The telecommunications company was attacked not just once, but thrice! According to the company, ‘only’ 159,959 accounts were compromised, of which 15, 656 had their bank account details compromised.

Independent’s ransomware

Independent news blog was caught serving TeslaCrypt ransomware by Trend Micro. The site was attacked several weeks before Trend informed them.