a few steps to protect your wordpress from hackers

1- Stay UPDATED – Run the latest version of WordPress, and upgrade your plugins and themes as quick as possible.
2- Have a strong password.
3- Disable PHP Execution in Certain WordPress Directories – This disables PHP execution in the upload directories and other directories of your choice. Basically so even if someone was able to upload the file in your uploads folder, they wouldn’t be able to execute it.
a- Block Access To wp-content Folder

The wp-content folder contains all your images, plugins and themes, it is a very important folder for your WordPress site. If this folder gets hacked they can delete all your themes and plugins on your site leaving your site blank.

To block access to your wp-content folder create a new htaccess file and save this at the root level of your wp-content folder.

Now add the following code in this new htaccess file.

Order deny,allow
Deny from all
<Files ~ “.(xml|css|jpe?g|png|gif|js)$”>
Allow from all
</Files>

b- Block file types being served from uploads and wp-includes

Having cleaned numerous WordPress hacks, in our experience most backdoor access files disguise themselves in /wp-includes/ folder or in your /wp-content/uploads/ directory. Usually these are .php files with names that some what seems like WordPress core files, but they are not. One of the measures that you can take to improve your WordPress security is disabling PHP execution in certain WordPress directories. We will show you how you can use .htaccess file to disable PHP execution in a specific directory.

Create a blank file in a text editor. Call it .htaccess and paste the following code in there:

<Files *.php>
deny from all
</Files>

Now upload this file in your /wp-content/uploads/ folder. You should also upload it in your /wp-includes/ folder.

Code Explanation: This code checks for any PHP file and denies access to it.

4- Delete themes and plugins you not using.
5- Deny access to the wp-config.php file.

Open your wordpress main .htaccess and paste the following code in there:

<Files wp-config.php>
Order Allow,Deny
Deny from all
</Files>

6= Disable Directory Browsing

If someone has access to your directories they will be able to view all the folders in this directory if you don’t have an index.html or a index.php file. You can stop this with htaccess by adding the following line the main .htaccess file, the one on the public_html. This will make sure that the hacker can not browse a directory even if an index file doesn’t exist.

# directory browsing
Options All -Indexes

7- Protect Against Requests That Haven’t Got A HTTP_USER_AGENT

You can stop this with htaccess by adding the below code to the main .htaccess file, the one on the public_html.

<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.yourwebsite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

Finally Good Luck!

Wowza Addons, Transcoder and Wowza nDVR added to our Wowza Packages

Hosting Marketers tries always to bring the latest and the best of web developments and at the best price. This time we proudly announce that we have introduced Wowza Transcoder and Wowza nDVR special Addons.

1- Wowza Transcoder

Transcoding is the process by which the digital file for a live video stream is ingested, decoded, and transformed into multiple file formats and bitrates to create different versions of the video for optimal viewing on various device types and at various bandwidths.

The transcoding feature of Wowza Streaming Engine is now available to our customers, what it does is transforms incoming live streams from encoders, IP cameras, IPTV headends, and other live sources to keyframe-aligned H.264 streams for adaptive bitrate delivery to any device, anywhere. This means the viewer will see the stream at the best possible bitrate possible to his internet connection, the better the internet connection the better the video quality, for viewers with low internet connection the video will be automatically adjusted to the best bitrate possible.

2- Wowza nDVR

Wowza nDVR, also available to our customers, allows live streaming to be recorded and the viewer to play or pause the live stream, rewind to a previously recorded point, or resume viewing at the current live point.

We also now allow our customers to record live streams directly to the wowza server with the option to start a new file every time the customer broadcasts, deleting previous file or append to the existing file.

Wowza packages can be ordered directly from https://hosting-marketers.com/wowza-hosting/

Node.js some information

As third-party software, Hosting Marketers does not support node.js beyond installation.
All our servers have node.js installed, but you need to configure it on your account, for that we need to know which port you using for the node, and you will need to create cron job and a bash file. The port we need to open it on our server firewall.

Create a file for example server.js on your account. on this file enter the code:

var http = require(“http”);
http.createServer(function(request, response) {
response.writeHead(200, {“Content-Type”: “text/plain”});
response.write(“Hello World”);
response.end();
}).listen(5002);

the number 5002 is your node port, open a ticket and explain that you going to use node and you want port 5002 opened.

Now in case this is your own vps or a dedicated server:
then create a file for example node.sh and on this file enter the below code:

#!/bin/bash
PGREP=”/usr/bin/pgrep”
NODE=”node”
$PGREP ${NODE}
if [ $? -ne 0 ]
then
/usr/local/bin/node /home/cpanel-username/public_html/server.js> /dev/null 2>&1
fi

we are assuming your first file is server.js.

Now create cron job for the node.sh, this file should be on 755 permissions.
the cron can be:

*/10 * * * * sh /home/cpanel-username/public_html/node.sh >/dev/null 2>&1

this will mean the server will check every 10 minutes if the node is working and restart if it goes down.

this can apply to any script which uses node.js

then to test if the system is working call on your browser:

http://domain:5002
the page should load:
Hello World

But if you are on a shared hosting:
You cannot use the node.sh option because when it pgrep it will find that there is other node process going on so it will not start yours. You will have to contact us so that we use the SCREEN option which will leave the process running on background even when we close the cmd window.
so we open cmd and type
screen
/usr/local/bin/node /home/cpanel-username/public_html/server.js
CTRL D + A
this will close the window and the process will continue, to test
http://domain:5002
the page should load:
Hello World

Download Red5 | 0.8 final | 1.0.2 | 1.0.5

Sometimes you cannot find the red5 version you need, specially the 0.8 and the 1.0.2, for this reason we decided to upload to our servers these versions.

Download red5 0.8 final

Download red5 1.0.2 version

Just in case the 1.0.5 version you can also download it here.

For the installation of red5 0.8 version you can read our post how to install red5 0.8 on centos servers

To install 1.0.2 or 1.0.5 more or less is the same process. But on the red5 1.0.5 you need java 7 or java 8, you can read how to install java 8 here.

On red5 1.0.2 and 1.0.5 it is easy to restart if you upload to /etc/init.d/ this red5 restart script. Change the permissions of the file to 755.
then to restart red5 just call on ssh:
# /etc/init.d/red5 restart

If you run the below command after you setup your red5 and the restart script your server will automatically start the red5 once your server is booted
# chkconfig red5 on

Let us know if you need any help.

How to install Java 8 (JDK 8u45) on Centos 6- 64 bit

# cd /opt/
# wget http://hosting-marketers.com/downloads/jdk-8u45-linux-x64.tar.gz
# tar xzf jdk-8u45-linux-x64.tar.gz

Install Java with Alternatives

After extracting archive file use alternatives command to install it. alternatives command is available in chkconfig package.

# cd /opt/jdk1.8.0_45/
# alternatives --install /usr/bin/java java /opt/jdk1.8.0_45/bin/java 2
# alternatives --config java


There are 3 programs which provide 'java'.

  Selection    Command
-----------------------------------------------
*  1           /opt/jdk1.7.0_71/bin/java
 + 2           /opt/jdk1.8.0_25/bin/java
   3           /opt/jdk1.8.0_45/bin/java

Enter to keep the current selection[+], or type selection number: 3

At this point JAVA 8 has been successfully installed on your system. We also recommend to setup javac and jar commands path using alternatives

# alternatives --install /usr/bin/jar jar /opt/jdk1.8.0_45/bin/jar 2
# alternatives --install /usr/bin/javac javac /opt/jdk1.8.0_45/bin/javac 2
# alternatives --set jar /opt/jdk1.8.0_45/bin/jar
# alternatives --set javac /opt/jdk1.8.0_45/bin/javac 

Check Installed Java Version

Check the installed version of java using following command.

root@tecadmin ~# java -version


java version "1.8.0_45"
Java(TM) SE Runtime Environment (build 1.8.0_45-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.45-b02, mixed mode)

Configuring Environment Variables

Most of java based application’s uses environment variables to work. Set the Java environment variables using following commands

  • Setup JAVA_HOME Variable
# export JAVA_HOME=/opt/jdk1.8.0_45
  • Setup JRE_HOME Variable
# export JRE_HOME=/opt/jdk1.8.0_45/jre
  • Setup PATH Variable
# export PATH=$PATH:/opt/jdk1.8.0_45/bin:/opt/jdk1.8.0_45/jre/bin

Important updates, news, reviews of our customers sites and tricks for common problems…