So my wordpress site domain is from Godaddy, and hosted in a hong kong server, as our target users are mainly from hong kong. When i wish to improve SEO and started submitting backlink to directory sites, i always get the error message of "The URL could not be validated. Either the page does not exist or the server cound not be contacted."
I have read from another platform that someone commented: You're getting the error because you're using an SSL that belongs to someone else. When these directories attempt to verify your site using the "https", they get a warning that says your site is potentially harmful and the third party SSL is the reason given. My suggestion would be to buy an SSL directly from your web host or from a reputable SSL company."
But unfortunately, i can't ensure if this is the right direction and how can i do that.
Could someone teach me please? By the way my website link is , hopefully you can find some clues with the link. Thanks in advance.
https://www.bananaportal.com/
Have you tries https://easyengine.io/docs/lets-encrypt/
Most trusted and almost free SSL certificate for everyone to install fully Secure and trustable certificate that widely accepted in the world.
The certificate itself is fine. You can see the results of two different tests here:
https://www.sslshopper.com/ssl-checker.html#hostname=https://www.bananaportal.com/
https://www.ssllabs.com/ssltest/analyze.html?d=www.bananaportal.com
Many directory sites are unable to process https, and that might be the source of your problem. In any case, directory sites aren't going to improve your SEO anymore.
The issue relates to esoteric web browsers, you can read more on it here: https://community.letsencrypt.org/t/some-browser-say-certificate-is-not-trusted/28766
It is also important to mention, that your current certificate is doing perfect on encryption, but the authentication is the simplest and cheapest (free) possible. You've never showed any legal document that prove your claimed identity, in order to receive the certificate.
You can be more impressive with a Verisign payed certificate.
Related
I have some subdomains running in all in wordpress. They worked fine but when I tried to install or delete or update any plugin, wordpress was showing me a message that i need to connect ftp and all info, which we didn't. Later I tried to login my cpanel whm, I got redirected back to a error page
Internal Server Error
500
Error ID 25356b0625763
cpsrvd Server at mydomain.test
What could possibly go wrong and how can I recover it?
And yes, I see hacker placed a text that they hacked it. In main site, there was nothing hosted, all were in subdomain..
I've written some articles that specifically answer the question that you've asked about how to recover:
https://support.cpanel.net/hc/en-us/articles/360055310013-What-can-be-done-if-a-cPanel-account-is-compromised-
https://support.cpanel.net/hc/en-us/articles/360061360914-Is-it-possible-to-clean-malware-from-a-hacked-website-
As for what went wrong, that can be and is most often a very complex topic that requires a high level of expertise to properly and accurately diagnose.
That type of investigation would be risky and unreasonable to do via Stackoverflow due to the amount of identifiable server information that you'd need to provide.
I'd also like to mention that an account compromise occurs due to vulnerabilities in the websites and scripts hosted within the account and that those compromises will be contained within that individual cPanel account unless the attack were to make use of the symlink race vulnerability, which should be solved at the kernel level to be done properly:
https://docs.cpanel.net/ea4/apache/symlink-race-condition-protection/
cPanel's Security Advisor will let you know about the status of the symlink race vulnerability on your specific server:
WHM >> Home >> Security Center >> Security Advisor
There are no known vulnerabilities in cPanel or WHM that would allow for an account-level compromise to escape an account or allow a root compromise to occur.
If you suspect that you've discovered a zero-day vulnerability in cPanel or WHM, you should submit a ticket to cPanel support, as the issue would be taken very seriously.
However, the process of investigating and diagnosing the cause of an account-level compromise that came about due to a vulnerability in a website or script is something that a security specialist would be best equipped to take care of for you. Typically you'd want to seek out a Web Application Security Specialist.
As for the 500 error that you're seeing provided by cpsrvd (cPanel's webserver that handles requests for the cPanel, Webmail, and WHM interfaces) that is not likely related to the compromise. You can typically find more information about the cpsrvd 500 error by reviewing the cPanel error log at:
/usr/local/cpanel/logs/error_log
cPanel support would always be happy to assist with any 500 errors that you're experiencing on cpsrvd.
I have a CMS that I've developed similar to wordpress that is geared for small businesses. Typically one user uses the system to make changes. Recently Firefox 51 is displaying a notice that says "This connection is not secure. Logins entered here could be compromised. Learn More"
I have deployed this CMS on numerous websites. Now, from what I see, Firefox wants me to install an SSL on each one of these? This really isn't practical or is it? Is there really a threat? Now I feel like my users will be scared and deter them from using the system.
Is this an issue for wordpress users? Is there a relatively simple solution?
This is the reply I got from Host Gator regarding support for Let's Encrypt
While our System Administrators are certainly looking at the
opportunity to incorporate open SSL certificates in the shared
environment I do not currently have a time line to implementation. As
of now if you requested us to install a Let's Encrypt SSL Certificate
it would be treated as a 3rd Party Installation and incur a $10 fee.
Additionally, though I understand this may not be an ideal solution,
you would be able to perform these installations and attempt to
configure the automatic renewals on a hosting package with root level
access, such as a VPS or dedicated server.
I want to also note that I have a dreamhost account and it took only the click of a button to add and SSL to a domain. So easy, really hope to see other host's follow suit.
SSL is now fairly easy to obtain or add to your sites, most of the hosting provider supports AUTOSSL in WHM panel which is free and you can add ssl to each of your domains by just clicking or you can also install Let’s Encrypt. You'll just need a hosting provider to support it.
While you can ssh to your host and install letsencrypt and automatically renew those certs every 3 months.
But in your case if you are using hostgator, you can obtain StartSSL Free cert, you can generate your Class 1 certificate for free for a year then follow their guide on how to install third-party ssl certs hostgator? .
Firefox and Chrome have added those notifications to HTTP screens that have login forms.
You really should add SSL certificates to your sites. Let's Encrypt makes the whole process pretty dang easy. If you don't want to, or don't have the technical know-how, using a free CloudFlare account with flexible SSL enabled will do the job as well.
You can disable that message going on about:config, search insec, than double-click the line security.insecure_field_warning.contextual.enabled
This will set that option to false and you won't display that message anymore.
I had acquired a little, old, static website about 4 years ago. It does not have, nor has it ever had, an SSL.
The business owner has contacted me a few times in the past year citing the website is giving users (her and her customers) a security warning. I finally got her to send me a screen shot and they are using HTTPS in the browser to access the website.
I will probably never know WHY (I asked).
Is there a way to redirect people who are attempting to access a website by typing in https when there is no ssl and it should just be http?
It is the only thing I can think of doing.
I found this on StackOverflow How to make a 301 redirect from https to http for the whole site (nginx/1.4.6 server)
And I was already directed to, ServerFault by Nelson Teixiera and when I posted there I was told:
"Unfortunately, many SO people, apparently including Nelson Teixeira, have no clue what's topical here, but feel inclined to sent people over here anyway. He was wrong. How about fixing your SSL so the warnings go away? It's 2015 after all... – Sven"
Not without an SSL site.
You can redirect a user as long as you have a valid HTTPS site with correct certificate running on the server. No valid HTTPS site means no communication with the browser and therefore no chance to send any information (e.g. a redirection) to the user's browser.
Anyway in such a situation IMHO it does not make sense to redirect the users back to the non-secure website as the HTTPS connection can be directly used to display the web-page.
Does anybody know of a security vulnerability in Wordpress whereby fraudsters are sending out banking phishing emails (purporting to be banks) with a login link pointing to a valid domain but with extended path that may be unknown to the legitimate owner of the domain?
For Example:
href = [HOST]=http://www.ponnuki.net
[EXTENSION] = /wordpress/MOBILE-DO/absa-mobiledo/absaBanking/index.php
Judging from the number of these I have been receiving recently, it appears that the hosts are not geo-specific, so the obvious conclusion is that they are seeking out vulnerable hosts to piggy-back on.
Can someone recommend who would be the best to report this to?
If you believe you have found a security issue with Wordpress, see below.
For actual security issues with the self-hosted version of WordPress,
then you should send an email with the details to security [at]
wordpress.org. Include as much detail as you can.
Taken from the Wordpress Codex.
Im trying to share a wildcard SSL cert across many applications. The way it would work is users would have websites with thier domain, but when they need a secure connection they would be redirected to a designated SSL site like https://client422.domain.com
Can session data be shared across the domains even if I place both domains on a single site and a single App Pool?
I wrote a blog article on creating a wildcard cert with OpenSSL (although the article could have a typo or two in the openssl config part, if you figure out the config, it will work as far as the openssl commands are concerned).
http://codingathome.blogspot.com/2008/11/creating-self-signed-certificate.html
If my article is too difficult, and if you have linux available, i've heard that tinyCA is the way to go.
Now, as far as 'session data' sharing goes, thats a whole different ball of wax. I'd say its possible if you store session data on server side.