500 Internal Server Error

500 Internal Server Error

500 Internal Server Error is a very common Error that you might face if you’re a webmaster. Before we go ahead and explain you the reasons why you may get an 500 Internal Server Error and how to fix it? let’s first understand what this error is all about.

What is 500 Internal Server Error ?

The 500 Internal Server Error is an HTTP status message that means something is wrong on the server side but there is no specific information is available about the issue.

It becomes really tricky to find out the root cause of an 500 error. Since a website owner can customize the message that should show up to users when there is an 500 Internal Server Error, you should also know what are the common messages that may show up when there is an 500 error.

Here are some commonly used messages for this error.

  • 500 Internal Server Error
  • 500. That’s an error
  • HTTP 500 – Internal Server Error
  • 500 Error
  • Temporary Error (500)
  • HTTP Error 500
  • HTTP 500 Internal Error
  • Internal Server Error

Sometimes you see a message like the below.

The server encountered an internal error or misconfiguration and was unable to complete your request.

If you have seen this error on your website, the first thing you should do it “Don’t Panic”. I have seen most webmasters get panic when they see error on their website and sometimes made a mistake without knowing the root cause of the error.

In this article, we will tell you some ways to fix 500 internal server error.

What Cause a HTTP 500 Internal Server Error?

As we mentioned earlier in this article that knowing the root cause of an HTTP Internal Error is tricky. Since these error are general in nature and don’t provide any information about the root cause, we can only assume some reasons why that happened.

There could be a problem in the website coding or may be there is a problem with the page you’re trying to load.

Precisely, we can say that there is a problem with the server but server don’t have much information to provide about the issue.

How to Fix an 500 Internal Server Error?

As we have mentioned multiple times earlier that an 500 error is a server side error and it nothing to do with your computer or internet connection. That means, if you have seen this error on your website, you need to fix something on the server where your site is hosted.

Here are some common causes of a 500 error and possible fixes.

Many Visitors Are Trying To Access Your Website At A Same Time:

This is one of the most common reason why you see an 500 error. When there is a lot of traffic on your website and your server can’t handle the load, a 500 error happens. Usually, it is a temporary problem and fixes automatically as soon the load on your site reduces.

A corrupt .htaccess File

If you’re using WordPress to run your website, a corrupt .htaccess file can also cause this error. To confirm, if that is the cause of the error, just login to your web hosting account using FTP or Web FTP, and rename your .htaccess file, if your site comes back to normal, you have solved the problem. Now go to Settings » Permalinks and click the save button, this will create a new .htaccess file for your website.

PHP Memory Size Limit

All web hosts preset your PHP memory size limit, if you’re performing an operation on your site that required more PHP memory, you need to increase the size of your PHP memory.

There are two ways to do this,

  1. You can use the control panel provided by your web host and increase the limit. Web host like Godaddy has that option in their web hosting control panel.
  2. Ask your web hosting provider to do the needful for you.

Permission Error

Incorrect permission on one or more files or folder can also result an 500 internal error. If you’ve given the wrong permission to someone of your website’s files and folders, visitors can see an 500 error when they will try to access them. We have seen that an incorrect permission on a PHP and CGI script is usually the cause of an error.

Final Thoughts

Internal Server Errors are common and sometimes takes time to find out the root cause of the problem. If you’re getting an 500 error, don’t panic and don’t make any big change to your website without any proper research. Take your time and find out the root cause. That is the only way to fix an 500 internal server error.

Find The Real IP Address Of a Website Using CloudFlare CDN

Find The Real IP Address Of A Website Using Cloudflare

If you want to know the IP address of a website, usually a simple DNS lookup do the job for you.

But have you ever come across with a situation where the DNS lookup returned you the IP address of CloudFlare.

CloudFlare is a popular content delivery network that website owners use to speed up their websites and provide seamless user experience to users when they open up their website from the different parts of the World.

CloudFlare has over 35% market share in the CDN industry and has a 10 Tbps Capacity and 117 Data Center Global Footprint.

Over 6,000,000 websites, e-commerce portals, and web applications use CloudFlare’s services on the internet.

CloudFlare maintains around 391 nameservers and if you want to use their services, you may require pointing your nameservers to CloudFlare.

When a website owner points their website’s nameservers to CloudFlare, the DNS lookup start showing the CloudFlare’s IP address instead of the actual IP address of the website and this is where the actual problem arises.

CloudFlare works between your website and your host. See the diagram below to understand it better.

how does cloudflare works

When someone visits a website using CloudFlare, it visitor first enters to CloudFlare CDN network and then CloudFlare redirect the visitor to the actual website.

If you want to see the actual IP address of a website using CloudFlare’s services, a DNS Lookup will not work in this case.

Here is an example: I did the DNS lookup of the website dailydot.com, which is using CloudFlare CDN, the lookup returned the following results.

dns lookup resultsAs you can see in the image above that the DNS Lookup showing the IP address of CloudFlare and not the actual IP address of the website.

So how can you know the actual IP address… What is the way out?

A Simple Way To Know the Actual IP Address of a Website Powered by CloudFlare

Here is the answer to your problem.

To know the actual IP address of a website using CloudFlare, the website CrimeFlare will help you out

Below is the address of the website


The website CrimeFlare tells you the actual IP address of a website using CloudFlare CDN services. All you need to do is to enter the domain name in the search box available on the CrimeFlare website and press the search the search button.

Here is the lookup we did for the DailyDot.Com website

Enter the domain name to know the actual IP address

Below are results of this search

crimeflare lookup results

As you might have noticed that the CrimeFlare give us the actual IP address of the server where the website DailyDot is hosted but the DNS lookup was giving us the IP address of CloudFlare.

If you have liked this article, feel free to link back to us or share the article on your social media channels.

WordPress Website Hacked? Wondering What to Do? Learn How to Fix it in 6 Easy Steps

how to fix hacked wordpress website

For most of the part, WordPress is highly secure.

The chances of a well-maintained WordPress website being hacked are minimal, and that’s one of the reasons why 26% of the internet site around the world uses WordPress as their CMS.

But can we say WordPress is hack-proof?

Hell no. It can be hacked, and it happens loads of time.

Considering you’re reading this article, I assume you’re one of the victims, and your WordPress website has been hacked.

It is a stressful condition, but you need to be calm. Consolidate your mind that everything is alright and make yourself as relaxed as possible.

There are good chances that being in stress you will take some wrong decisions leading to more harm to your website.

Before we try to recover your website, let us make sure your site has been (actually) hacked.

How to Tell if Your Website is Hacked

If you nod for any of the situations below, then your site is hacked.

  1. Security Warnings – If you’re using any of the security plugins like Sucuri, then it’ll send a warning if it detects unusual activities. Most of the times, blog owners avoid these warning but you shouldn’t. If you see a warning, quickly evaluate it to check what’s causing the issues.
  2. Website Redirections – If your site is getting redirected to any other internet site (mostly porn, illegal contents, etc.) then you can be sure that someone has got unauthorized access to your WordPress site.
  3. Unable to Login – In certain situations, an attacker would steal your login information and change it. If suddenly out of nowhere you’re unable to login to your WordPress dashboard then it implies your website has been compromised.
  4. Taken Down by Host – Web hosts use algorithms to detect the unusual behavior of a site and is most likely to take your website down if anything suspicious occurs. However, a good host will inform you in advance and also help you get your site back.
  5. Other Signs – Few other possible signs of a site being hacked are –
  • Google marking the site as insecure/compromised
  • Security warnings from Browsers
  • Strange links from your site pointing to non-desirable sites
  • Sudden spike in traffic
  • Displaying pop-ups that you didn’t implement
  • If you’re observing one or more of the above situations, then it is time for you to be worried. You need to take quick actions before the situation gets worse.

Steps to Fix a Hacked WordPress Website

As stated before, the first thing to do is to calm down. Settle down and follow the below steps to repair a hacked WordPress site.

1. Talk to Your Web Hosting Company

Your very first bet is to speak to your web hosting company. A good web host takes the security of the client’s website as a priority and will most likely help you fix it.

They have experienced security experts who might have faced the exact situations before and will quickly take necessary actions.

Also, in a shared hosting environment, the host will be more interested in knowing what caused the hack. If the hack leads to the server, then all the website hosted on the server will be compromised.

Moreover, talking to your web host gives you a clearer idea of what needs to be done.

2. Change Your Security Password

A no-brainer. The very first thing you do when you’re suspicious about the hack is to change your WordPress login password.

Changing your password will restrict the hacker from further accessing your dashboard. While the changes won’t be recovered, it will save the site from getting more vulnerable.

3. Scan for Malware

If you’re on your own, then the next important thing to do is to scan your WordPress website for any possible malware.

There are many plugins available, but I recommend using Sucuri plugin. Here are the steps you need to follow to scan your site for malware using Sucuri –

  • Login to your WordPress dashboard and install Secure Plugin (if not available)
  • Go to Sucuri Security > Malware Scan
  • Click on ‘Scan Website’ button

Once the scan completes, Sucuri will show a warning if it detects any active malware (as shown below.)

sucuri wordpress scan

Image Source – Sucuri

Click on ‘Request Malware Cleanup’ button and follow the steps to remove common malware.

4.  Replace Malicious Files

If you have found malicious files on your server, then the easiest way is to delete the compromised files and replace with the original ones.

For instance, you can do a fresh install of WordPress without affecting your site content. It will most likely replace all the core files (except the files in directory wp-content.)

Go to Dashboard > Updates and click on ‘Re-install Now’ button.

5. Restore from the Previous Backup

If for some reasons, reinstalling WordPress does not fix the malicious files, then you need to restore from a previous backup manually.

But for this to work, you need to have a backup file available. If you have used a WordPress backup plugin like Updraft Plus or Backup Buddy, then congratulate yourself.

You can easily restore your site from a point when it wasn’t hacked. Although it may erase some of the latest articles published, it will secure your website.

If you do not have a handy backup, then check if your web host has a policy to back up your site monthly/weekly (most of the good WordPress hosting providers like Godaddy does.)

6. Check User Accounts

Have a thorough look in your WordPress users section and identify if there’s anyone you didn’t add with administration access to your site. If there’s any such user account, then delete it right away.

Also, make sure to provide administrative access to only those whom you trust.

7. Change Your Password, Again!

I know you did this in the beginning, but I want you to do it again.

But this time, it’s not only your WordPress login password but overall modifications. You need to change the password of the following:

  • WordPress Dashboard
  • FTP Login
  • CPanel Login
  • Web Hosting Account
  • Admin Email Address and
  • Domain Registrar (if separate from web hosting)

It ensures and gives you a satisfaction of complete security for future.

8. Hire A Professional

While many prefer to do things on their own and save money, there are few not familiar with scripts, coding, and technical aspects.

For those, hiring a professional to recover a hacked website is the optimal solution. It may cost a bit higher, but it is a sure shot way to deal with a hacked site.

Also, hackers sometimes hide the malicious scripts in unusual ways which are hard to detect for plugins and regular users like us. These malicious scripts allow hackers to come back anytime and cause damage to your site.

A professional security guy will give you a peace of mind and often saves a lot of time.

Final Words

Precaution is better than the cure.

Don’t wait for your website to be hacked. Prioritize the security and install security plugins, take backups while you still can.

I hope this guide has helped you fix your hacked website. Share your thoughts in the comments section below.

How to Score 100/100 in Google PageSpeed Insights With WordPress

score 100 on google pagespeed insight with wordpress

Website loading speed has always been one of the significant factors for overall user experience and now that Google has also made it clear to favor faster-loading sites, it is time to work on the matter and boost our site speed.

Another harsh truth is that people are getting impatient. If your web page is not loading in 2 seconds then almost 75% of visitors will leave your site and never look back.

That affects your website ranking and overall experience of readers. Also, your bounce rate increases which are not good for SEO rankings.

Google PageSpeed insight is a tool by Google which analyzes your website loading speed and ranks your site on a scale of 1-100 (higher the better.)

The results given by Google PageSpeed Insight includes both Desktop and Mobile devices and the score is different for both.

Getting a 100/100 score is a milestone and while there are tons of factors that decide this score, I have listed some of the most important ones that will help you get a super high score in Google PageSpeed Insight test.

But before getting started here’s some motivation for you.

Below is the PageSpeed score for Google.com website.

google pagespeed insights

As you can see, not even Google (developer of the tool) has got a perfect score.

However, their desktop website is nicely optimized with 92/100 score.

So now as you may have got some relief, let’s move on and take a look at important changes that can improve Google PageSpeed Insight scores.

Note that, there’s no fixed order of implementing these changes. Run the test for your site and do proper changes accordingly.

1. Eliminate Render-Blocking Resources Above The Fold

Eliminating Render-blocking resources is the most difficult part of your site as you need some technical knowledge to solve this error.

Here we have to move all the Javascript code from header and body of the site to the footer (at the bottom) of the website.

You can use WordPress plugin AutoOptimize to handle this technical part for you.

After installing the plugin, go to its settings and uncheck “Force JavaScript in <head>” and check “Inline all CSS” option.

2. Optimize Images

The next step in improving our Google PageSpeed Insight is to optimize images on our site.

Images take a long time to load and if you’re like me who loves to add only high-quality images to the site, then loading time of your still will also be high.

To avoid this situation, we should either optimize images to be added before uploading or while uploading to the site.

There are many free image optimization tools available on the Internet for both Windows and Mac OS, which reduces the size of websites without degrading the quality.

If you want WordPress to automatically optimize your images then install WP Smush.it plugin which will automatically reduce the size of pictures when you upload them to WordPress.

A good practice is to keep the size of images lower than 200KB and in JPEG/JPG format.

3. Minify CSS, JavaScript, and HTML

Minifying HTML, CSS, and JavaScript files can be a tricky thing to do on a dynamic website. But, if you have a simple website just like me then it’s not going to take us a while to get it done.

Minifying your code removes:

  • White space characters
  • Developer/Programmer’s Comments
  • New line characters
  • Block delimiters

You can either install and let WP Super Minify plugin or you can follow this tutorial to do it manually.

**Installing too many plugins may cause server issues and lower the performance of it.

4. Leverage Browser Caching

Browser caching is an amazing method to store the static files of your site and deliver them using the cache technology.

However, it is one of the challenging parts as well. To make it a little simpler, I would suggest you use Content Delivery Network (CDN) on your website.

A CDN, as the name suggests, is a network of servers located at various locations around the world. These networks cache the static version of your web page such as CSS, Javascript, Images, etc. And when a visitor lands on your site, these files are delivered from the nearest server location.

It affects the loading time of your site as well as improves server’s performance.

MaxCDN is a popular and recommended CDN which I’ve used and trust. Alternatively, you can use CloudFlare Free CDN service which is also satisfactory – if not best.

5. Enable GZip Compression

Being a desktop user you must be familiar with compression technology where we compress multiple files into one to save space.

Similarly, we use GZip compression which allows your web server to provide smaller file sizes which load faster for your website readers.

Over the time, enabling GZip compression has become a standard practice, and if you aren’t planning to left behind your competitors then it is recommended for you to enable it on your server.

Refer to this step by step guide to enable GZip for improving website speed. There are various ways mentioned for different servers, choose and follow the appropriate one.

6. Reduce Server Response Time

This one goes hand in hand with above-mentioned change.

The only reason why people face slower server response time is because of shared web hosting where multiple requests from different websites stored on the same servers are happening at once.

Google knows our server is not fast and it wants us to either upgrade to a dedicated web hosting (which is costly) or improve the current performance.

For the later, I would suggest you use Cache Enabler plugin from the team of popular KeyCDN.

It is a lightweight plugin which also is a plug and play. Meaning, you don’t have to do any changes or make settings, just install and activate the plugin and you’re good to go.

The performance after using the plugin won’t be a match to a dedicated server but it is enough to remove that error from Google Pagespeed Insight test and improve our score. That’s what more important for us as of now.

7. Enable Lazy Load Images

Again, I would like to use the same sentence I used earlier in point #2. Images take a long time to load and which in turn increases the loading time.

If you’ve 15 images on a single page, each of 100KB (let’s assume) then the server has to load 1.5MB of data at once which will take forever (not really) – but few seconds.

Lazy load is a simple solution to this complex problem where instead of loading all the images at once, we’ll load images one by one as the reader scrolls and they appears on the screen.

It improves the user experience as well as loading time by dividing the server request to load an image.

Install lazy load plugin to add this feature on your site. At the time of writing this post, the plugin has 80,000+  active users with 4.2-star ratings.

If you’re using a theme from MyThemeShop, then there’s an inbuilt functionality to enable Lazy Load on your site under Theme Options.

8. Don’t Overlook Mobile Experience

And lastly, to further improve the Google Pagespeed Insight mobile score, we need to optimize our site for mobile users.

It can be done in several ways, such as using a responsive theme/framework, removing pop-ups and interstitial ads, and enabling AMP.

Premium themes such as Genesis, MyThemeShop, StudioPress are already mobile responsive.

Accelerated Mobile Pages technology is oriented to the mobile users and it strives hard to serve web pages instantly.

Whether you have observed or not, but AMP pages are getting ranked higher and it may become full-fledged SEO ranking factor in 2017.

I’ll soon write a step by step tutorial on enabling AMP on WordPress website.

Signing Off

Depending on the structure of your site and optimization performed by you, there could be more changes you may have to consider for scoring 100/100 score in Google Pagespeed Insight test.

While getting this score may not boost your rankings overnight, it will help you outrank your competitors with less optimized sites.

If you think some instructions aren’t clear and I should add more suitable links or write in detail steps then do leave your thoughts below.

Run a quick test of your web URL and comment down what are your scores. Let’s see who has got the highest score.

Socialize this article and help your blogger friends achieve high scores in Google PageSpeed Insight.

3 Steps Guide To Transfer Website from One Host to Another

3 steps guide to transfer website from one host to another

Most websites owners are not technical. They own a business website but don’t know how to manage it. Even if they are not happy with their web hosting provider, they keep hosting their website with them because they don’t know how to transfer a website from one host to another.

Some of them are so innocent that they think it is not possible to change the host. I have seen people asking “Can I transfer my website from one host to another?” or “How to transfer web hosting from one company to another?”.

Once I was also like one of them. I learned the process of transferring my website from one host to another by myself and In this article, I will mention how I did it.

Here is my story.

I still remember the time when I was in process of making my first website live, and I was in search for a good web hosting company. I picked a web host that was claiming 99.9% uptime guarantee, unlimited bandwidth, unlimited domain, unlimited email and what not. I put my belief on them and bought their web hosting plan.

The hosting process went smooth and I was able to put my website live in few hours.

I was happy  🙂

I was thinking, I have made the right decision. Now I can relax and focus on my business, rest will be taken care by my web host.

But, my happiness couldn’t last long. One fine day when I reach to my office and tried open my website, It shows me an error. I was shocked, why I am not able to open my website, what’s going wrong with it.

It didn’t take me long to realize that my website is down. The day going forward, this becomes a practice for my host to not keeping their promises of providing 99.9% uptime and unmatched customer support.

And finally, I decided to move my website to a new hosting provider.

How I transferred my Website from One Host to Another in 3 Easy Steps?

Transferring a website from one hosting provider to another is not very difficult. At least, not as difficult as it seems.

If your website is hosted on WordPress, the process becomes, even more, easier.

I think I was lucky that I had chosen WordPress to built my website.

In this guide, I will tell you how I moved my website to a new host. I have broken down the complete process into 3 steps to make this guide a bit more easy to understand.

Things you need

Before we start the process, here are the things you will require to complete the migration process

  • Admin login details of the website that you want to transfer
  • Duplicator WordPress Plugin
  • FTP access to your new web hosting provider

The Website Transfer Process

Here are the 3 steps that you need to follow to transfer your website to another host.

As I mentioned earlier, this guide is to transfer a WordPress website to a new hosting provider. So if you want to transfer your WordPress website to a new host, simply follow these steps.

Step 1: Install the Backup Plugin

The first step is to take a backup of the website that you want to transfer.

Install Duplicator Plugin on the WordPress website that you want to transfer. The plugin will create a backup of your complete website. The backup will include your themes, plugins, database, content and WordPress core files.

To install Duplicator on your WordPress website, simply go to your admin dashboard, click on plugins, now click on add new, search for Duplicator in the search box and now install & activate the plugin.

If you’ve still not got it, here is an official guide from the plugin owner.

Step 2: Create Backup Files

After you install the plugin on your WordPress website, it is the time to create a backup (package).

To create a package, go to duplicator plugin, click on packages and now click on “New Package”. See the image below.

create backup

After you click on the “Create New” button, you will see the below screen.

website backup process

Just click on next button. Now it will take you to this screen.

website backup step 2

Now click on the build to create your backup and installer files.

package building process

After the building package process complete, download the Installer & Archive files on your computer.

Step 3: Change Nameservers, Crate Database & Upload Backup Files

This is the 3rd and the final step.

Now you have backup files ready with you. Now go to your domain admin panel and change the nameservers to the new name servers that your new web host must have provided to you. If you don’t know the new nameservers, contact your new web host and ask them about it.

After you successfully changed your nameservers, it is the time to create a database.

Note: You may also add your domain to your hosting using cPanel if you’re using multiple domain hosting and the domain that you want to transfer is not your primary domain for that hosting account.

Go to your cPanel and click on mysql database wizard to create a database.

database wizard

create database using wizard

Now after you create your database. Upload the backup files to your new hosting under your domain name. You can upload the files using an FTP or cPanel’s file manager.

After you successfully upload your files. Visit the following URL in your browser.


Note: Replace YourDomainName.Com with the domain name that you are transferring to the new host.

You will see the below screen.

duplicator installer screen

Now provide the database details that you’ve created and click on “Run Deployment” button.

The plugin will now install all the files and databases to your new web hosting account.

That’s it. You’re.

Now you have successfully moved your website to a new host.

Here is an small video that you can watch to understand the process even better.

If you’ve found this tutorial helpful, please don’t forget to share it on social media.

WordPress Security

wordpress security

WordPress is a popular blogging platform and according to a recent survey, around 26% sites on the Internet are powered by WordPress.

But, as you know, “with greater power comes great responsibilities”, WordPress has become a major target for hackers.

Another survey, reveals that out if all the blogging platform hacked, WordPress was on the top. See the chart below.

number of wordpress websites hacked

Does that mean WordPress isn’t secure? No. If your site gets hacked then it’s all your fault and not of WordPress.

WordPress is an open source platform and almost all open source (with few exceptions) are prone to hack.

But, it can be secured. It can be secured up to a great extent which will give a tough time to hackers trying to bypass the security.

And whose job is to add those extra levels of security? You guessed it… Yours.

You put a lot of time and efforts in establishing your WordPress site and get it to be popular within your niche.

So, it’s always recommended to take care of security and making securing your site the first priority.

In this article, I’ll discuss some common, uncommon, and creative ways to secure your WordPress site.

But before, you need to know what types of attack is WordPress vulnerable to –

Types of Attacks WordPress May Face

  • Backdoors: Injected code within files or plugins on your server. Most common is the use of nulled plugins and themes.
  • Pharma Hacks: Used to insert rogue code in outdated versions plugin, theme or WordPress itself.
  • Brute Force: Using automated scripts to exploit weak passwords and get access to your WordPress dashboard.
  • Malicious Redirects: It creates backdoors in WordPress installation using FTP, SFTP, wp-admin, and other protocols.
  • Denial of Service (DoS): a Most dangerous form of vulnerability, which exploits errors and bugs in the code to overtake the memory of website. DoS attacks were able to bring down the internet On October 21st, 2016.

So, now let’s get started and understand ways to improve WordPress security like top bloggers.

11 WordPress Security Tips To Secure a WordPress Website

Move to a Secure WordPress Hosting Provider

I have always stretched my clients to chose a secure web host which understands website security and takes necessary steps to keep your site safe.

If you’re using a low-quality hosting service from a bad reputed host then immediately migrate your website to one of our recommended WordPress hosting providers.

Use a clever username and complex password

The next important security check you can do is to set a unique username with a complex password. It is often underestimated by a lot of site owners and they simply use username admin and set a password to 123456.

I understand you’re in a hurry while installation but do change it to something more secure afterward. You can try this password generator to get a strong password.

Below are the results of a security survey which reveal passwords of hacked websites.

  • 123456
  • password
  • 12345
  • 12345678
  • qwerty
  • 123456789
  • 1234
  • baseball
  • dragon
  • football

As you can see, people are this dumb to use silly passwords.

Always Update to Latest Version

Updates are for your goods. Every update of a software brings some good changes and most of the time updates are rolled out due to security issues.

Having outdated plugins or themes installed on your WordPress site leads to Pharma Hacks attack.

You can download the latest WordPress version from here.

Change WordPress Login URL

It is a clever tactic used by top bloggers to secure WordPress sites.

By default, the login URL of your WordPress site looks like http://www.yoursite.com/wp-admin/

And the first step hackers try is to visit this page and try random login credentials.

Changing WordPress login URL improves your site security to a good extent and keeps you safe from noob hackers.

Use free WPS hide login plugin to change the default login URL.

Limit Login Attempts

Another simple yet creative way to secure your site is to limit login attempts by a user.

Often the hacking scripts are automated and fixed to keep using different credentials until they get some data. By limiting the login attempts, WordPress will disable the login for the user or browser used.

Use the free Cerber Limit Login Attempts plugin and it will handle this job for you.

Enable Two-Factor Authentication

Two step factor authentication is probably the best way to secure your website as it adds an extra level of security which is almost impossible to break.

It involves a 2 step process in which you need a second method alongside the units login credentials. The second method used is generally a text (SMS), phone call, or time-based one-time password (TOTP).

You can use Authy plugin to add two-step authentication to your website which allows up to 100 authorization per month.

Another recommended plugin is Google Authenticator which entirely free and makes a use of secret keys or QR codes.

Install HTTPS – SSL Certificate

Secure Socket Layer certificates add an extra level of security to your HTTP request and it can prove to be secure for your site as well as user’s information.

Sites with active SSL certificates have added S in the HTTP version.

Also, there will be a green padded lock which signifies that the site is secure.

You can either use CloudFlare or LetsEncrypt services to add a free SSL certificate onto your website or you can buy a SSL certificate from Godaddy.

Disable File Editing in WordPress Dashboard

WordPress is commonly used by many users and the administrator often allow multiple users with full access.

Due to the nature of work, it may become a compulsion to allow full access which may turn out to be a nightmare for the original website owner.

For security, you should disable Appearance Editor which contains codes of your WordPress site.

Also, there’s no need for other users to see the code as they aren’t going to use it for any contribution.

To disable Appearance Editor from other users, simply add the below lines of code in your wp-config.php file.

define(‘DISALLOW_FILE_EDIT’, true);

It will remove the ‘edit_themes’, ‘edit_plugins’ and ‘edit_files’ capabilities of all users.

Use WordPress Security Plugin

The next big step to secure your WordPress website is to install a WordPress security plugin which would take care of most of the work.

There are a lot of developers and services which prove hardening of WordPress and some of these are:

I personally use WordFence security plugin on my site and it does a great work of handling basic security issues such as but not limited to:

  • Generating and forcing complex passwords while adding new users.
  • Malware scanning
  • WordPress Security Firewalls
  • Two Factor Authentication
  • reCAPTCHAs
  • IP Whitelisting and Blacklisting
  • Monitor DNS Changes

Enable DDoS Protection

DDoS is a type of DoS (Denial of Service) attack which is getting common day by day.

Unlike other attacks, DDoS attack is not used to hack and retrieve data from your site but takes your website down for hours or even for days.

To secure yourself from these attacks, what you can do is to use 3rd party security services such as CloudFlare.

CloudFlare is one of the biggest DDoS protection networks and they use this network to keep your site up even if it’s a victim of DDoS attacks.

Most importantly, they offer a free service which makes it worth giving a shot.

You can also consider moving to a DDoS protected dedicated server if your website receives heavy traffic.

Take Daily WordPress Backups

By applying above security tips, there are very fewer chances that your site will be hacked, but you should always be prepared for the best.

If in case your site gets hacked and you lose all of your data, then having a proper recent backup is the only way you’ll be able to recover and get your site up and running again.

Most of the quality web hosting service, inclusive SiteGround takes daily backup of your site and they’ll help you recover this backup data.

You can also take daily backup of your site using the free UpdraftPlus WordPress plugin which enables you to take periodical backups to remote storage systems.

Refer to this guide to learn how you can set up UpdraftPlus on your WordPress website.

Signing Off

WordPress security is your responsibility and you shouldn’t take it lightly. An attack can cause you a big loss and all your hard work of months or years will be wasted.

Securing a site is easy with WordPress and you hardly require any technical knowledge.

Do implement a maximum number of these security tips and make your website hack proof. It will help you in long run.

What’s your take on the WordPress security? How do you make sure that your blog is hack proof and you are free from attacks? Share your thoughts below.

Have any other security technique you are using which is missing from this list? Add a comment and help other readers.

Also, do share this post with your friends and followers on different social media channels and help them in securing their blogs and sites.

Error 500 Fix: Not Able To Access Wp-Admin After WordPress Upgrade

Around 16 million website on internet use WordPress and about 50000 new WordPress sites are launched daily.

As per an estimation, about 54.2 million new posts are published daily using WordPress.

The popularity of WordPress is huge. 27% of the internet runs on WordPress.

I myself run all of my sites on WordPress. In fact this website is also running on WordPress.

WordPress keep releasing new updates to make their content management system more robust, secure and technology ready.

Whenever a new update comes in, I prefer to upgrade my WordPress version to the latest one.

Recently I got a new message in my WordPress dashboard. It was about the new WordPress update i.e 4.7.2.

Without giving a second though, I clicked on the “please update now” link and WordPress automatic update begun.

The update was running smooth and as soon the update got completed and it was redirecting to the new version’s Welcome Screen, I got an error.


Wordpress Login Error

I was shocked. I messed up something, I thought.

What is the problem, I had no idea about.

Without wasting anymore time I tried to check if my website is live or not. I typed the URL of my website in the browser, it was running without any error.

I thanked God!

But if the website is running smooth, what is the reason I am not able see the Login Page. Why I am redirecting to wp-admin/upgrade.php?_wp_http_referer=%2Fwp-admin%2F with an error 500.

I did a google search. Thankfully I was not alone.

I have found there are many people like me how have encountered this error while upgrading to the latest version.

I was happy, I was thinking that I now will find an easy fix for this problem as there are many people suffering from this issue.

But I was wrong, After reading about 20 articles on the internet, I couldn’t find find a solution.

Then I decided to search the WordPress official support forum and I have found a thread which was about the same problem.

While I was reading the comments on the page, I found a comment.

Solution for Unable to access admin login after upgrade

Somebody just have discovered the culprit. It was W3 Total Cache plugin.

I was using the plugin on my blog.

Now the solution was to delete the files i.e advanced-cache.php, db.php, and object-cache.php.

If you’re not sure where to find these files, let me tell you.

These files are located in your Wp-Content folder. You can find these folder after login to your hosting account using FTP or cPanel (File Manager).

cache files

After I found the file, I simply renamed them.

After renaming all the 3 files, I visited the URL i.e www.mydomain.com/wp-admin

As soon I pressed Enter, a new screen popped up. It was asking me to update the database.

WordPress Database update required notice

I clicked on the update WordPress database button. I my database got updated successfully.

Now I was able to see the login screen.

I renamed the all 3 files back to their original name and my WordPress site is running smooth now with no issues.

I hope the article was helpful for you. Now it is your turn to fix the error on your site.

If you liked the article, please consider to share it on social media. Thanks for reading.

How To Do 301 Redirect

Like you, one day i was also surfing to the internet to find out a way out redirecting my non www domain to www. I read many articles which give me a trick to do it using .htaccess file but as i was using a shared hosting with IIS server so it was not possible using the .htaccess file. luckily i stumbled to a post which give me a code that i need to put in my web.config file to redirect my non www to www domain. As per the instruction mentioned in the post i put the code in my web.config file but nothing happened. I start reading other posts on internet, all of the web guru’s were suggesting the same thing. Than i realized there is something wrong with my server. When i did a whois lookup using a website who.is i came to know that i was using IIS 6.

Limited period offer: Buy Godaddy’s Economic Hosting Plan with Free Domain for $1 per month. Click to active the offer. Final price will be shown into the cart.

301 redirectAfter finding out my IIS version, i started reading few more posts about how to do 301 redirect using web.config in IIS 6. After reading few posts i find out that you can’t redirect the non www domain to www using the code that i had in IIS 6. The redirection was only possible in IIS 7 with the code that i had.

I put up a request to my host to transfer my site to a IIS 7 server. My host did the job in less than 2 hours. I put the code and it worked. So here is the code that i used to do 301 redirect for my asp.net website.

Requirements For The Below Code to Work:

  • web.config file
  • IIS 7 Server
  • Windows 2008

<rule name=”Redirect to WWW” stopprocessing=”true”>
<match url=”.*”></match>
<add input=”{HTTP_HOST}” pattern=”^yourdomainname.com$”></add>
<action type=”Redirect” url=”http://www.yourdomainname.com/{R:0}” redirecttype=”Permanent”>

<rule name=”Default Document” stopprocessing=”true”>
<match url=”(.*?)/?default\.aspx$”>
<action type=”Redirect” url=”{R:1}/”>

Don’t forget to replace yourdomainname.com  with your real domain name.

Redirecting your non www domain to www or vice a versa is very important in SEO. It help you deal with canonical issue. Google and other search engine suggest to do this redirection. Hope our post must have helped you deal with you question “How To Do 301 Redirect Non WWW to WWW in Web.Config”. For other tips & tutorial don’t forget to subscribe to our blog.

How To Activate Reseller Club VPS Trial?

Being able to choose the right hosting package, as everything else, should be based on a users need. Insufficient server resources for a website that is resource intensive can mean server stalling and website crashing. And excessive resources for a website that doesn’t require too much server resources could mean under-utilization of the server and unnecessary money spent.

In this article I will be discussing VPS Hosting, and I have listed two questions that should be able to capture your need for a VPS Package.

Question 1: Are you operating or starting up a business where client interaction with your website is important? For instance, a game based site, forum, or popular business. Initially you might see modest growth, but you’re expecting rapid expansion and user interaction via the website? If that’s the case, I assume you would require your website to be agile, scalable and flexible to support the growth?

Question 2: Are you looking at owning your very own “Virtual Machine” that is as good as a private dedicated server, but at a much more affordable price? This could be to meet your App or Software Development needs.

If you’ve answered yes to either of the above questions then VPS is the perfect hosting option for you. A Virtual Private Server allows you root access and provides you with the private resources similar to a Dedicated Server. This allows you to customize your software application and a host of other aspects at a fraction of the cost you would pay for a complete Dedicated Server.

Advantages of Virtual Private Servers

  • Server administration has full root access to the virtual machine
  • Any VPS account is isolated and separated from other accounts on the same server
  • Hardware or any replacements or physical upgrades are taken care of by the web hosting provider as he is responsible for the management of the underlying physical server
  • Customers coming to your site will experience faster load times so you will eliminate visitors from becoming impatient and leaving.
  • With VPS hosting, you have your own server and have access to dedicated resources which automatically translates to having access to more RAM, a faster CPU speed, and more disk space for storage.
  • From a user point of view, VPS is easy to scale up and down and used on a per demand basis
  • A VPS is cheaper compared to a physical server with similar amount of resources

 Interested in trying out VPS?

You can do so by using the 30 Day trial @ USD 5 offer at ResellerClub which is exclusively available for FreeASP.Net users. The process to acquire your VPS trial with ResellerClub is listed below.

How to Purchase VPS from ResellerClub.com?

Reseller Club VPS

You have to use a coupon code “VPSTRIAL” during check out to activate this offer. Click on the link mentioned below & follow the instructions to avail this offer.

Once you click on the VPS Hosting Link, you are only three simple steps away from owning your own Virtual Private Server!

Step 1: ResellerClub provides 10 Fully Managed VPS Plans, each featuring CentOS Linux with complete root access handled with Parallel’s Virtuozzo Power Panel. You can choose the plan most suited to your requirements to move on to Step no.2.

For VPS trial purposes please select from plans VPS 1, VPS 2 & VPS 3 since these three plans allow you the option of trying out the ResellerClub VPS service @ USD 5.

reseller club vps plans

Step 2: In the next Step you will be able to select the Operating system (CentOS 6 or Ubuntu 12), the control panel to manage the VPS package, and the billing panel to manage the billing transactions on your website. The trial offer doesn’t include the price for these additional yet important elements, but I would suggest paying a little extra since that would help ensure you get to experience the services & functionality of the VPS package thoroughly. Once you have made your choice you can move on to Step 3 by clicking next.

reseller club vps add ons

Step 3: In this step you can select the existing domain name that you wish to associate your VPS Hosting package with, or else register the domain name you want by using the “I want to register a new domain name”. Once you have selected the domain name you wish to use, you can click on “Proceed to Checkout” which will be in green.

vps trial domain name

The Coupon Code for you to avail of the exclusive USD 5 for 30 Days VPS Trial offer with ResellerClub is “VPSTRIAL

reseller club vps order details

Your VPS is now completely deployed and ready to use.

A VPS server is an ideal choice when looking to upgrade from a shared hosting package. However, for websites with a larger quantity of traffic, virtual private hosting may not be the best solution since their need for resources are high, which would require an entire server, or multiple servers. For any other more than moderate requirement or development purpose a VPS Hosting package is perfect

If you have any queries on the VPS service that you wish addressed by ResellerClub, you can drop them a mail at “vpstrial@resellerclub.com

Heartbleed Bug

heartbleedAlmost everyone is talking about the Heartbleed Bug. But do you know what is Heartbleed Bug is actually and why you should also care about it. The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. The bug allows the hacker to steal protected information such as your passwords, your account details, your emails or anything you saved on server memory. The bug is related to SSL/TLS encryption used to secure the Internet. If any server (Dedicated Hosting or Shared Hosting)has a Heartbleed Bug and use SSL/TLS encryption is likely to be hit by a hacker. Any server which is using a vulnerable versions of the OpenSSL software could be the next target of hackers.

How To Fix It

Here is a good news as well. People who want to secure their server and wants to fix the issue can use this Fixed OpenSSL.  The fixed version of OpenSSL has already been lauched and has to be deployed to fix the issue. Operating system vendors and distribution, appliance vendors, independent software vendors have to adopt the fix and notify their users. Service providers and users have to install the fix as it becomes available for the operating systems, networked appliances and software they use.

How To Run Heartbleed Test

It is really simple to test your website for Heartbleed Bug. All you need to put your URL in the box available on the this page & it will tell you if your website is affected or not.

Most of the people says Heartbleed bug is a design flaw in SSL/TLS protocol specification but in actual it is an implementation problem.

Every website which use OpenSSL SSL/TLS protocol to encrypt the information is likely to be effected by HeartBleed bug. OpenSSL is the most popular open source cryptographic library and many of popular sites on internet, schools sites, social media sites, ecommerce sites, government sites use OpenSSL. All of those sites are required to be tested against the bug and if the bug found a patch is required.

Affected Versions of OpenSSL

Below are the list of affected and non affected versions of OpenSSL

  • OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
  • OpenSSL 1.0.1g is NOT vulnerable
  • OpenSSL 1.0.0 branch is NOT vulnerable
  • OpenSSL 0.9.8 branch is NOT vulnerable

For more information about HeartBleed Bug, Its consequences and how to fix it can be found at http://heartbleed.com/