Impact the Web without Sacrificing Quality, Security and Service.
Be Online Today!
Get Your Organization Online TODAY!

1) Choose a Domain Name that will be your unique address on the internet.
2) Select the Package that suits our needs the best.
3) Sign up!
Relax, we'll take care of the rest and send your log in information once your domain is registered.

If you're looking for complete solutions for your internet needs, we can help you get either your business or personal web pages online. Contact us today and we'll be happy to answer any questions you may have.247_support 30day search for your new domain 26 Years Of Service

WordPress Security Guidelines

WordPress Security Guide:

WordPress is an amazing program but because of it’s popularity, hackers love to target it. Protecting your site should be a high priority. This guide will help get you started in protecting your assets. There’s a lot here, and some of it is quite technical but take your time, do one step at a time and test it before going on to the next step.

Step 1

Backup your files: You’re going to be editing some text files that if done wrong, will cause your site to fail. Before you edit, you should make a backup of them before editing them every time. 

Backup your site. We’ve got you covered. This step is to back up your website. At TLCWebHosting.com, we backup your site each night, then the next night we shuttle your backup to an off site disaster recovery server; As a safe guard, we also back up your site weekly and monthly, just in case. Note that when we restore an account, everything is restored including email (any new email since the backup was made will be gone). If you want us to try to manually preserve your email, you can request this but there may be a fee applied to your account.

We do not recommend plug ins like “Backup Buddy” unless you are aware of how to manage the backups to prevent them from consuming all this disk space on your account.

Step 2

Update WordPress, your plug-ins, and themes. TLCWebHosting.com recommends that you check and keep these up to date daily or weekly. This is by far the most important thing you can do.

Step 3

Change Your Login Name and Password. By default many user use the default user name of Admin. Hackers know this and use this name most often when trying to hack an account. Change the name to something unique and not something simple like “admin1” or “admin123”. Instead use something like RedRock4x.

Suggestion: Add that new user, make it an admin then delete the original login of “admin”.

Set all user passwords to use UPPER and lower case letters, numbers, and symbols. Do not use the same password you use for any other account. Some good examples are “U#kS59$ZMM” or “NomEX4%3”. This prevents hackers from brute forcing the password using automated script. Our server logs are full of hacking bots attempting to hack into client accounts all day long.

Step 4

Install the WordFence Plug-in. Most of the default settings are fine, but set the plug in to scan your themes and plug-ins. TLCWebHosting.com recommends you start out with the free version and upgrade if you see the need. logo

Step 5

Change your WordPress Keys. This may seem a bit technical but basically you’re editing a text file by replacing 4 lines of text. These lines contain keys used in encrypting information to secure your account. Before editing this file, make sure you back it up and log out of WordPress. The text file is named wp-config.php in the root directory of your WordPress site.

The four lines you’ll be replacing look like this:

define('AUTH_KEY', ';9XU7x`RNK`cq@w+jfa*M2r1{64G$lgoU<7>fvWvU7]3|TnDyPw-m>j<h;a5fnse');
define('SECURE_AUTH_KEY', 'gBQ!+b,$PX|{kh.kel;A|= .Y#Uy+H&|u*>VVDZL0=o_(B,b%|~l$kJPZhbk6+0@');
define('LOGGED_IN_KEY', '-^zHS<O]q-,d{V4P1z{s~7.`q[-Jf(MQW-p1bPwQ_!ts5|FwTRz^|RTf(Tw4tSt1');
define('NONCE_KEY', 'ASJYydb_tdQb%<Yj!-$I+M WzvT@iOm>-($^{NN~(mQ#^I;g~67|}=CiY@|vtP`i');

You need to generate new lines by using this tool:  WordPress Key Generator and replace the lines in your wp-config.php file and save.

Step 6

Change Table Prefix in your database. Warning make a backup of your database Before continuing.

Install and use the plug in named Change DB Prefix By Ms. Bhumi Shah (https://wordpress.org/plugins/db-prefix-change/) to change the default prefix of your WordPress database tables to something else. A good prefix should be lowercase numbers and letters followed by an underscore (nothing too obscure), for example “treverwp33_” or “bolt12_”

Step 7

Prevent search engines from spidering sections of your site that hackers will be interested in. There’s no guarantee that search engines will obey your request, but at least the well known spiders will respect your wishes. Simple add or create a text file called robots.txt in the /public_html folder of your site. Inside the file, add the following:

# Prevent search engines from spidering sections of your site 
 User-agent: *
 Disallow: /cgi-bin
 Disallow: /wp-admin
 Disallow: /wp-includes
 Disallow: /wp-content/plugins/
 Disallow: /wp-content/cache/
 Disallow: /wp-content/themes/
 Disallow: */trackback/
 Disallow: */feed/
 Disallow: /*/feed/rss/$
 Disallow: /category/*

Step 8

Use the text file /public_html/.htaccess to protect different aspects of your site. By default files that begin with a period can’t been seen. you’ll need to allow hidden files in the File Manager tool in your control panel to see the file so you can edit.

Add the following lines to ALL your .htaccess files throughout you site directories.

# STRONG HTACCESS PROTECTION
<Files ~ "^\.htaccess">
 order allow,deny
 deny from all
 satisfy all
</Files>

Add this to your /public_html/.htaccess

# LETS SECURE config.php
<Files ~ "^\config.php">
 Order deny,allow
 Deny from all
</Files>
#prevent the Hacker from browsing your directory tree by adding:
 Options All -Indexes
#PREVENT SOME SQL SCRIPT INJECTIONS:
 Options +FollowSymLinks
 RewriteEngine On
 RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
 RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
 RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
 RewriteRule ^(.*)$ index.php [F,L]

Add this to your /public_htm/wp-content/.htaccess

#LIMIT ACCESS TO THE /wp-content DIRECTORY
<Files ~ "^\">   
    Order allow,deny
    Deny from all
    Satisfy all
</Files>

Deny Access to Your Dashboard Back End

This one is optional* but is highly recommended. There are two version for this. You only need to use one of them. It prevents everyone except systems with YOUR IP ADDRESS from getting into the adminisrative site of WordPress. *The drawback is that IP Addresses change and thus, you will be locked out unless you determine in advance a method for updating this file. You’ll need to know your IP Address which you can get from HereIsYourInfo.com

Option 1) Place the following lines in your /public_html/wp-admin/.htaccess file but change IP.ADD.RE.SS to your actual IP ADDRESS.

# deny access to wp admin
 order deny,allow
 allow from xx.xx.xx.xx
 deny from all

Option 2) Place the following lines in your /public_html/.htaccess file but change !^IP\.ADD\.RE\.SS$ to include your actual IP ADDRESS. For example, if your IP Address is 123.45.768.9 you’d use !^123\.45\.678\.9$

# DENY EVERYONE FROM WP-LOGIN EXCEPT THOSE WITH APPROVED IP ADDRESS
<IfModule mod_rewrite.c>
 RewriteEngine on
 RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
 RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
 RewriteCond %{REMOTE_ADDR} !^IP\.ADD\.RE\.SS$
 RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

Note, if you want to add more than one IP Address, you just repeat the line with the IP address in below the existing one.