The HTTP Strict Transport Security (HSTS) HTTP header ensures web browsers always load your image gallery with HTTPS. After you force SSL usage, follow below to add HSTS in Zenphoto. Warning: Once enabled, HSTS disallows the user from overriding an invalid or self-signed certificate message. Your website will be inaccessible without a valid SSL. Add Read More >
Search Results for: Content Security Policy
How to change your admin password in Drupal 8
In keeping with good security policy, it is important to change your password on a regular basis. Being the administrator, you have a different dashboard available to you than the normal users do. Changing your password within the admin dashboard is quick and easy in Drupal 8. Follow the instructions below to learn how. Be Read More >
24 Ways to Harden Your VPS
There are many reasons to harden your VPS. The best practices for VPS security involve learning the settings, steps, and options that are needed to keep your server secure. You will also find yourself continually researching and updating your knowledge and software tools to keep your security up-to-date. Server security depends on everyone who interacts with the Read More >
Best Practices for Using Checksums
In this article: Checksums Best Practices Checksums Defense in depth involves layers of security, and file management is a core part of it. If you offer or recommend downloadable content, it’s important to understand the importance of verifying checksums on your Linux server, PC, or Mac. Whether you use a content managment system (CMS), framework, Read More >
How to Install and Set Up Sucuri for WordPress Hosting
In this article: This article describes how to install and set up Sucuri for WordPress hosting. This security plugin secures your website with features like: NOTICE: Sucuri for WordPress is just one way to secure your website’s data. Check out the many features WordPress Hosting by InMotion Hosting includes supplementing security for your website. Install Read More >
Create a Website for a Personal Trainer
There are many web design tasks that need to be prioiritized for a personal trainer’s website. Similar to certification continuing education units (CEU), you’ll need to learn more about analytics and SEO for your website regularly. Below we cover how to create a website fit for the personal trainer. Security Call to Action Marketing Analytics Read More >
How to Setup an SSL for a QuickStarter Website
An SSL on a website shows visitors that you care about their security. Similar to the privacy policy page since the implementation of General Data Protection Regulation (GDPR), security-conscious people will expect to see it. Some may even leave your website if it’s not there. Even a single page website benefits from an active SSL Read More >
How to fix the Connection not Private error in Chrome browsers
Google recently made it a policy for their Chrome browser to provide a warning before opening insecure websites that request a user name and password. This issue typically happens on websites without an SSL certificate. This tutorial will discuss how to fix the issue from the website administrator’s or owner’s viewpoint using SSL certificates. InMotion Read More >
Configuring Your VPS or Dedicated Server as a Mail Server
Many common email providers enforce guidelines and policies for sending/receiving email. Typically, they will publish their acceptable use policies. For example, Google, Yahoo!, and AOL all provide best practices to help reduce the amount of Spam within their respective networks. By the end of this article, you will know how to configure your domain and Read More >
Allowing Ports in APF
One of the most important aspects of server security is the firewall server configuration. Generally speaking, firewalls function by preventing unauthorized traffic from accessing your server. By default, APF (Advanced Policy Firewall) blocks most ports except those needed for web servers to operate, such as port 80, 443, etc. Occasionally, you may need to open Read More >
WordPress wp-login.php Brute Force Attack
There have now been several large scale WordPress wp-login.php brute force attacks, coming from a large amount of compromised IP addresses spread across the world since April 2013. We first started this page when a large botnet of around 90,000 compromised servers had been attempting to break into WordPress websites by continually trying to guess Read More >
Close open ports for PCI compliance
If you’ve read our previous article on how to pass PCI compliance scans, you might have recently failed a PCI scan and are curious about what needs to be done to pass. One of the most common PCI compliance requirements for passing a PCI scan that fails is the use of open ports on the Read More >
Getting Started Guide: Drupal
Drupal is a popular choice for government institutions and security-conscious users. It is the third most popular self-hosted (as of 2021), meaning you install it on your own web server, PHP-based content management system (CMS) and built for experienced developers. This isn’t to say casual users can’t host a website with Drupal, but advanced users Read More >
