October is National Cyber Security Awareness Month

Securing a website is an integral part to having a successful online presence, yet it’s something most people neglect until disaster strikes. According to Forbes, there are 30,000 websites hacked every day. In order to avoid being part of this statistic it’s important to be proactive about your website’s security. If you’re one of the almost 20% of users worldwide who uses WordPress there are a few easy ways you can help secure your website.

In an effort to help all of you be more proactive about your web security we’re offering all of our security features for 50% off their regular rates through the month of October.

SSL Certificate ($12.49 for 1 year) – An SSL (Secure Sockets Layer) certificate creates a secure, encrypted link between your website and your visitors. This ensures that all data passed between your website and your visitors cannot be accessed by hackers. Sensitive information like usernames, passwords, credit card information, addresses, really anything you don’t want someone else getting their hands on will be protected by an SSL certificate.

Malware Scanner powered by SiteLock ($17.49 for 1 year) – SiteLock provides comprehensive security for your website. SiteLock will scan your website daily to check for any malware injections, quickly diagnosing and removing any harmful files on your website. It will also scan your MySQL databases to check for any SQL injections that hackers may have planted to get into your website.

Premium Backup Service ($9.99 for 1 year) – The sad reality is that any website that is connected to the internet is at risk of being hacked. There are measures we can all take to mitigate our risk of being hacked, but there’s really no such thing as 100% security. This is why backups are important. Our premium backup service provides 2 layers of backup protection. The first layer of protection is our automatic backup service. We will automatically take a backup of your account once a week and store the files on our backup server to ensure you have a backup available should you need one.

The second layer of protection is our backup on demand feature. This adds a user-friendly plugin into your cPanel allowing you to quickly and easily take backups of your whole account. These backups are then automatically generated in your home directory where you will be able to download them to store them in a separate location.

Advanced Spam Filter powered by cPanel ($5.99 for 1 year) – Most everyone realizes how much of a nuisance spam is, but many people don’t realize just how harmful it can be to your computer. Clicking on one wrong link in a spam message could give a hacker unlimited access to everything you have stored. The advanced spam filter is a cPanel plugin that allows you to add and modify spam rules to ensure spam stays out of your inbox, keeping you out of harm’s way.

All of these features add important layers of security to your website, minimizing your risk of being hacked and losing your website content. Be proactive, not reactive, and make sure you get yourself secure!


Power Plan Plus Features Explained

We’ve recently overhauled our Power Plan Plus package to offer even more great features, allowing you to get the most out of your hosting account. These features allow you to run your websites more quickly and more securely.

1. Power Plan Plus Only Servers – We are now deploying servers that are dedicated to Power Plan Plus customers only. These servers will host fewer accounts than those servers with Power Plan customers, which in turn allows you to use more processing power than before.

2. 2X Computing Power – You’ll have twice the available computing power than you would on our regular shared hosting servers. That means twice the memory and CPU, allowing your websites to run more quickly and efficiently.

3. SSD Database Storage – All database drives on the Power Plan Plus servers are SSD, which run over 50% faster than standard hard drives. This is especially important for database driven websites as they will load information much more quickly.

4. Automatic Malware Scanner – Keeping your account secure from hackers is important. Our automatic malware scanner will scan uploads made by FTP or the cPanel file manager to check and see if anything malicious is being uploaded.

5. Automatic Malware Quarantine – If malware is detected on your account we will automatically quarantine the files so that the hackers can’t take control of your account.

All these features are designed to give you a faster, more secure hosting environment. If you’re currently hosted on our old Power Plan Plus you can upgrade and simply pay the difference for your remaining term.

If you’d like to upgrade from the Power Plan to the Power Plan Plus we’ll upgrade you at the introductory rates! That’s a savings of up to $120!

Contact Us to get your upgrade.

How to Find Your WordPress Authentication Information

If you’ve been using WordPress with WebHostingPad you’ve become familiar with the authentication popup we’ve had to implement in order to stop the ongoing global brute force attacks on WordPress admin login pages. Several months ago, Google released an update for Chrome that essentially broke this autehntication popup by not displaying the information needed to get past the popup.

If you compare the windows above, you’ll see the Chrome window on the left does not include the crucial username and password information needed to complete the form and get past the authentication window. This, pretty clearly, is quite the annoyance.

We understand that this is an issue, and as such we tried to remove the authentication popup to see if perhaps the brute force attacks had subsided, but unfortunately they have not as we almost instantly were attacked by it again. As such, we’ve had to re-add the popup.

Unfortunately this is a global attack on all WordPress accounts and the authentication popup is the most effective way we’ve found to stop it from affecting your services. Short of forcing all customers to install a plugin (which we don’t want to do), this is the safest thing for your websites and for our servers.

As an example, if you visit https://sucuri.net/security-reports/brute-force/ you’ll see just how many attacks are happening daily through this one firewall alone. They are being hit by anywhere between 12 million and 50 million fake WordPress admin login attempts a day.

So, how do you get the authentication info if you’re using Chrome?

Step 1: Log in to your Account Manager by clicking here.

Step 2: In the navigation menu, click Support, then click on WordPress Auth Info from the dropdown menu.

Step 3: Find the authentication info for the server where you’re hosted. This is the information you’ll input for the username and password in the authentication popup window.

If you’re unsure which server you’re hosted on, you can find out by clicking on Services in the navigation menu and selecting My Services from the dropdown. From there, click on the hosting package. Under the Hosting Information box you’ll see a server name.

As always, if you have any questions or need help with any of the information above feel free to contact us any time.

cPanel Virtual Memory Usage error

There’s a strange little bug that’s becoming more frequent within cPanel that I think is worth addressing. The bug, in this case, is the usage bar for Virtual Memory Usage showing as full, even though the actual usage isn’t anywhere near full. You’ll notice this bug pretty much right away when you login to your cPanel. You’ll be greeted by a red bar under your Stats section similar to what’s shown in the screenshot below.


As you can see, this can be a bit startling when you first log in to see a full usage bar. What you’ll notice, though, is the number above the bar shows barely any usage at all (0.3mb out of 1024mb). That is the actual usage. What we’ve been told from cPanel is that they are aware of this bug but aren’t planning on fixing it because they are doing away with the x3 theme.

There is, however, a fix to this bug, and that fix is to switch from the outgoing x3 theme to the new cPanel Paper Lantern theme. How to accomplish this is fairly straightforward. After logging in to your cPanel you’ll see a dropdown menu at the top that says “Switch Theme” with x3 currently selected. What you’ll want to do is click on the dropdown menu and switch from x3 to Paper Lantern.


Fair warning: The Paper Lantern version of cPanel is vastly different than x3. It may come as a bit of a shock to you when you switch over because it looks completely different than the outgoing version. When you make the change you’re going to see something similar to the screenshot below.


As you can plainly see, this is a complete change from what the old x3 used to look like. In fact, cPanel has gone so far as to change the names of certain icons/areas (from parked domains to Aliases, for example). The paper lantern theme has come under quite a bit of scrutiny becasue of how different it looks, which is why we’ve been hesitant to force a change across all accounts. The reality is that eventually we are going to have to do this because x3 is going to be gone and there’s nothing we can do about that.

The good news is that if you don’t much care for this new Paper Lantern theme, you’re not alone. There’s been so much complaint about it that cPanel has gone so far as to make a new style for Paper Lantern that mimics the look of x3. This allows you to use the new cPanel theme with a style you’re comfortable with. In order to change the style, simply click on your username in the upper right hand corner and choose “Change Style” from the dropdown menu. In the new window you’ll see an option for a “Retro” style which you can select to take you back to the old x3 style layout. In doing so your cPanel will look like the screenshot below.


As you can see, the issue with the memory usage bar is gone and the cPanel looks like the old version. Keep in mind that the icons will still have their new names, so places like the old domain redirect area will now be called “Aliases.” Everything else, for the most part, will function just like your old cPanel interface, just quicker and more efficiently.

As always, if you have any questions about this or anything else let us know, we’d be happy to help you out!

WebHostingPad State of the Union Address

whppodiumSo, it’s been over a month since our last post. Oops, sorry about that. We’ve been working on quite a few projects simultaneously so finding some time to set aside and write here has proven to be a bit difficult over the past several weeks. That’s my excuse and I’m sticking to it. The good news is that a lot of these projects are nearing their completion, so I wanted to take some time out to show you some of the things we’ve been doing to try and make your hosting experience even better.

1. Updated, redesigned billing system

Our billing system is outdated, and that’s putting it nicely. We’ve been working on shifting to a new, better looking, better functioning billing style which will help you more easily manage all areas of your hosting account. It’s still a work in progress, but here are a few screenshots showing how much nicer it will look.

1. Revamped client area home page. This is what you will be greeted by when you log in. A central hub giving you an overview of your whole account.

2. Better domain management area allowing you to control just about every aspect of your domain names.

3. Perhaps the most exciting section of the updated billing area is the seamless integration with cPanel. I’ll start off by saying that this will not limit your cPanel access in any way. You will still have complete and total access to cPanel. however, for those of you who would rather have a single login area, you will be able to access all of the cPanel features directly from your billing area. This centralizes all of your information, allowing you to access everything from a single login point. You will no longer have to worry about having to remember different login information.

There is plenty more to see, but that will come once we complete the updates.

2. Weebly Website Builder

As you may have noticed, in the first screenshot above there is a panel for “My Weebly Websites.” That’s because we’ve been working out a partnership with Weebly so that you can use their website builder with our web hosting. We understand the need for an easy to user website builder, and Weebly is one of the best we’ve ever come across. We will be offering a free trial version, as well as three different levels of paid Weebly builders. We’re still working out a few kinks, but we’re slowly rolling this out for all of you to use.

3. Server Updates

As we all know, computer technology is always evolving. Things seemingly change so fast that by the time new products are shipped they are already obsolete. Some of our older servers are getting some pretty significant upgrades which will help your websites run significantly better.

Along with this, we’re upgrading all of our servers to the latest stable version of CentOS, the operating system on which the servers run. This is a huge task, to say the least. To give you an idea, here’s the basic procedure. CentOS cannot simply be updated on a server like your Windows or Mac OS X updates on your computer, as much as we wish it could. We have to remove all of the data from the server prior to upgrading the operating system. What this means is that we have to manually transfer all accounts off of a server that needs to be upgraded onto a different server. Only then can we upgrade the operating system. After it’s upgraded, that server will also get any hardware upgrades it needs, then it becomes the new server for any accounts that need to be transferred off of a different server needing upgrades.

Pain in the you-know-what? You bet!

4. Changes to cPanel

This is an important topic so it will be getting its own post down the road, but it’s worthwhile to touch on it here. The cPanel interface as we all know (and are all comfortable with) is going to be changing. The x3 theme that has been the standard for years is going EOL (end of life), and as such, we are going to have to switch out all of your cPanel themes to the new Paper Lantern theme. The bad news? Paper Lantern is significantly different than x3. The good news? There have been enough complaints to cPanel that they have made a “retro” skin for the new theme. This retro skin mimics the look of x3, but uses all of the Paper Lantern back end. For more information about this, you can click here to visit the cPanel blog.

I’m sure there’s plenty more I’m forgetting about, but that’s the gist of the bigger projects we’ve got going on right now. As always, we’d love to hear any feedback from you on what you think needs improving. Our job is to make your job of running your website as easy as possible and we’re always looking for ways to do that.

Secure WordPress Hosting, what is it, exactly?

wordpress_developmentIn February, I wrote about ways to secure your WordPress blog (you can see that post by clicking here). One of the 5 points I made was to have a WordPress specific hosting account. Since that post, we’ve had numerous people ask about what exactly our WordPress Hosting has to offer, and how it differs from regular shared hosting. Because of that, I decided to make a post about it.

So, what do you get with Secure WordPress Hosting?

1. Automatic Malware Scanning – Allow me to be a little bit blunt here. WordPress websites get hacked, and they get hacked a lot. It’s the reality of using WordPress. There are a countless number of themes, plugins, addons, and all sorts of other things that you can use to customize your WordPress. Each one of these presents a hacking risk. How, you might ask? Most themes and plugins are created by the community. That means WordPress has no hand in their creation. As such, there’s no telling how secure they are from the get-go. As these themes/plugins get older, if security holes aren’t patched (or if a user chooses not to update them) then hackers have an easier time gaining access through these vulnerabilities. Through these vulnerabilities, they gain access to your account and upload malicious content.

What the automatic malware scan does is scan every single file that is uploaded to your account, and checks for any malicious code in these files. This protects you on two levels. Any time you upload a plugin or theme that may have vulnerabilities, it will stop those from getting to your account. Also, if by chance you let a theme or plugin get out of date, and it does happen to get compromised, any attempt to upload malicious files will be automatically blocked.

2. Automatic Malware Quarantine – Of course, detecting malicious files is only good to you if something is done with them. Any file our system detects as being malicious will automatically be put in quarantine and won’t affect your account, or website. Any time this happens, an email is automatically sent to you letting you know these files were detected and removed from your account. After 24 hours, these files are automatically removed from the quarantine area.

3. Premium Backup Service – An important part of website security, WordPress or not, is having a fail-safe. A fail-save, in terms of websites, is a backup. It’s imperative to have backups of your website in case something goes wrong. Our premium backup service offers two tiers of protection. One form of protection is our automated backup service. Once a week, we will automatically backup your account. This will be kept on our backup servers and if you need it restored, we can take care of that for you.

The other option you have is to take backups yourself directly inside your cPanel. You will have access to our backup on demand tool, which will allow you to take a backup any time. This is especially handy if you are making significant changes to your account and want to have a backup just in case something goes wrong.

4. SSD Database Storage – WordPress is largely database driven. Most of the data you store is done in a MySQL database. As such, it’s important that the database runs as quickly and seamlessly as possible. In order to do this, all databases are stored on SSD drives (solid state drives). SSD drives run faster, and are much more reliable than standard hard drives because they have no moving parts, which means there’s less opportunity for them to fail. Think of it as your information being ready on demand, without it having to be searched for.

These are only some of the features you’ll get with WordPress hosting from WebHostingPad. We offer three different packages, based on what you need, so to find out more specifics you can visit our WordPress Hosting page.

Poll: Added Account Security

Security is of paramount importance to us, but we also don’t want security measures to impede our service’s ease of use. For this reason, I’ve decided to put a question forth to you, our customers, to see what you’d like for us to do.

Recently, we’ve been noticing an influx of customers requesting that either a PIN or a secret question/answer be added to their Account Managers to make sure that only they (or other verified users) have access to it. While we do verify accounts in other ways, this added measure makes absolutely sure only verified users have access to billing information with WebHostingPad.

I’ve been mulling over whether or not a security PIN should be made a requirement across all accounts in our system. It is, in my opinion, something that should be done. I think it’s a relatively painless way of making sure only you have access to your account. My apprehension with doing this is that I don’t want it to be seen as a hassle for you to get access to your account.

So, we’re going to do this the democratic way. You can vote below as to whether or not you’d like a PIN added. We’ll keep the poll open for a couple of weeks so plenty of people have time to place their votes.

[poll id=”2″]

We’ve revamped our Refer a Friend program (again)!

As the title pretty clearly says, we’ve been working behind the scenes to make our refer a friend program easier to use. This is all in an effort to make sure it’s easier for you to get credit for the friends and family members you refer to WebHostingPad. As was the story when I posted about our reward points program, we want to make sure that you get the credit you deserve to make your hosting more affordable.

Previously, the refer a friend program was pretty cumbersome all around. Your friend had to sign up, go to a form online, fill out the form, then I had to manually sort through all of them and add credit accordingly. That, as I’m sure you can imagine, was a pain in the you-know-what for me. But, even more of a pain was the fact that plenty of people simply weren’t filling out the forms with the correct information which means credit couldn’t be given.

Now it’s super simple to refer friends to WebHostingPad. Everything is tied in to your account manager. Now, when you log in, you’ll see a new tab for “Refer a Friend” with two options in the dropdown. The first, Invite Friends, is where you’ll want to go to send your friends an invite to host with us.

When you go to that page you’ll see a section for you to add email addresses as well as a default email template that you can use to send out to any friends or family members that may need web hosting. You can change this email to whatever you’d like, but the important thing is to not change the URL that is in this email. That is the URL the person must use when they visit WebHostingPad in order for you to get credit for them signing up.

Now it’s as simple as that. Just send people that email (or just send them the link, it doesn’t really matter) and anybody who signs up will track to your account and you’ll get credit for it. There are, of course, terms to this program which can be found by clicking here but they are short and sweet, at least as far as terms and conditions go. So feel free to start referring people and earn credit on your account that you can put toward any new purchase or renewal!

As always, if you have any questions you can contact us at any time, we’d be happy to answer any questions you have.

How to Change Your WordPress Admin Username

Last week I made a post about how to help add some security to your WordPress websites. One of those tips was not to use the username “Admin” because that’s the default username that WordPress sets. Hackers know this and use it to their advantage. After that post, I got several customers asking us what they should do if they already have Admin as their username. Luckily, there’s a way to change this. Here’s how:

First, login to your cPanel and navigate to the “Databases section.” Click on the icon for phpMyAdmin

On the next window you will see a list of databases on the left side. Select the database for the specific WordPress you want to update. If you’re not sure which database is the right one, you’ll want to check the wp-config.php file in the specific WordPress installation for the database name.

After selecting the database, you’ll see a list of tables below it. You’ll want to choose the _users table from that list.

Next, locate the line with the user login admin and click on the “Edit” button to the left side.

On the next page you’ll see several fields. The one you want to look for is “user_login” where you should see the current username as admin. You’ll change this to the new username you want to use.

From there, just hit the Go button at the bottom of the window and you should be all set. You can now login with your new WordPress username and the same password you previously used for the old admin account.

This is a relatively simple, but extremely effective way of adding a layer of security to your WordPress website.

5 Ways to Secure your WordPress Blog

WordPress is by far and away the most widely used content management system (CMS) on the internet. Over 25% of websites use WordPress. By comparison, the next most popular CMS, Joomla, is only used by 2.8% of websites. The ease of use, huge community, and seemingly endless number of available themes and plugins are among the reasons why WordPress is as popular as it is.

Unfortunately, being so popular also means it’s a popular target for hackers. After all, hackers want to cause as much devastation as possible, and what better way than to try and hack the platform that is used by over a quarter of the internet?

There are some easy ways to protect yourself from these hackers, though. Most of the things below take little to know tech savvy at all, and following these practices will make your WordPress website safe from most vulnerabilities.

1. Don’t use the username Admin

This is simple enough, but something plenty of people don’t do. WordPress installations through script installers like Softaculous sometimes will default to the username Admin. You should always change this. One of the most common hacking attempts is done by what’s known as brute force, which essentially is a hacker using an automated script to try thousands of usernames and passwords. If you use the username Admin you’ve already done half of the work for them.

2. Update your plugins, themes, etc.

Another relatively easy way hackers gain access to WordPress accounts is through plugins and themes. As these plugins and themes get older hackers get more time to try and find the vulnerabilities in the software. They use these vulnerabilities to update malware onto WordPress accounts Keeping your WordPress software updated is a simple way of thwarting attacks from the get-go.

3. Take frequent backups

Taking backups of your website is an important habit to commit to, regardless of what platform you’re using to manage it. Backups will save you if something disastrous were to happen. It only takes one mistake to ruin a website, and not having a backup will lose you hours upon hours of hard work.

There are plenty of plugins that can automate WordPress backups for you. BackUpWordPress is a free, simple plugin that you can use to schedule backups whenever you want.

4. Use strong passwords

You’d think this would go without saying, but you’d be surprised at how simple some passwords are. If you have trouble remembering more complex passwords you can download the program KeePass which will allow you to securely store all of your passwords so you can grab them easily when you need them.

5. Choose the right host

It wouldn’t be a blog post without a sales pitch, right? A good hosting company will help you stop hackers from successfully breaking in to your account. WebHostingPad’s Secure WordPress Hosting does just that, and more. While standard, shared hosting accounts are secure, they don’t specifically enhance WordPress security like WebHostingPad does. With this package you get:

  • Automatic Malware scanning
  • Automatic Malware Quarantine
  • Off-site Backups
  • Global CDN

Along with these security enhancements you also get placed on a special set of servers that host only WordPress websites. This is because we built these servers to specifically run WordPress as fast as they could. The servers include SSD storage (which are much faster than standard hard drives), performance Cloud Linux, more RAM, and more.

Regardless of what web host you choose or what package you’re on, these are some simple steps you can take to protect your WordPress website. Doing such will greatly reduce your risk of being hacked.

Have any of your own ideas on how to protect a WordPress website? Let us know in the comments!