How To Recover WordPress Password

How To Recover WordPress Password

Forgetting passwords is a common occurrence nowadays. There are so many passwords for different websites that you are likely to forget the most important one – the password for your WordPress website. What to do if you don’t remember the password? What if the password you know isn’t working? What if the email address for your account isn’t working? In this article, we will answer all these questions and show you how to recover the WordPress password.

There are many ways to reset passwords in WordPress. Methods differ depending on the access you have to your website. We will explain each method. Choose the method that best suits your access level.

Let’s get started.

Method 1: “Lost Your Password” Link 

The Fastest and the easiest way to recover your WordPress password is to use the “Lost Your Password” link on your WordPress login screen.

How To Recover WordPress Password

Click on the link, and you will go to the password reset screen. Here, you should enter the username or email address you have associated with your WordPress account. Once you do, you will receive a password reset link in your email.

How To Recover WordPress Password

You need to remember the email address associated with your WordPress website. 

What if you don’t remember the email address you use for WordPress login? Then you will have to use other methods. 

There is one trick you can use that can help you in such situations. You can create more than one user in your WordPress account. To do so, go to the WordPress Dashboard>>Users>>Add New. Here you will be able to add users. Now, create a new user with the user name and email address of your choice and give that user the administrator role. This way, you will have two login credentials that you can use to log in. This comes in handy when you can remember the other password.

Method 2: Accessing Website Through FTP

You can reset your WordPress password by connecting through FTP.

  1. First, log in to your website through FTP.
  2. Download the functions.php file of your active theme
  3. Edit this file by adding the following code after the first <?php line at the beginning of the file. 

wp_set_password( ‘password’, 1 );

Here you can enter the new password of your choice. 

4. upload this modified file to your site

5. Once you are able to log in to your website, edit this file and remove the code you just added. If you do not remove it, your password will change with every page load. 

Here are the best free FTP clients for Windows and Mac.

Method 3: Reset Password Using WP CLI

WP CLI is the command-line interface that you can use to manage your  WordPress installation. WP CLI, you can configure multisite installations without using a web browser. You can know more about WP CLI from the official website. Once you are able to use this tool, follow these steps to reset your password:

  1. Go to the /wordpress directory and type the following to see the list of all users:

$ wp user list

2. Select the user of your choice and update the password:

$ wp user update 1 –user_pass=$UP3RstrongP4$w0rd

Replace 1 with the user id. 

That’s it! You have successfully reset the password. 

Other Methods

There are a few other methods to reset the password. The ones we have discussed above are among the simplest ones. If none of them works for you, try other options. For example, if you have phpMyAdmin access to your WordPress database, you can reset the WordPress Password from phpMyAdmin.

In extreme conditions when none of these works and you have forgotten user name and password, you can use Emergency Password Reset Script. Find detailed information about this script here.

Losing your password, losing access to your site can be a nightmare. We understand your anxiety and the panic that results. Here at WPWarrior, we can help you in such an emergency situation. We offer all kinds of professional WordPress help. Do reach out if you have any problems or concerns with WordPress. We are here to help.

10 Types of Security Attacks Every Website Owner Should Know

10 Types of Security Attacks Every Website Owner Should Know

You got your website up and running. Congratulations on that! It is very likely that you learned a lot many things in this process – even if you didn’t do everything on your own. It is doesn’t hurt know about security issues as well. After all, security is an essential aspect of running your website. You cannot afford to neglect it. It is, therefore, beneficial if you educate yourself about it. In this article, we will explain a few security issues and what they mean.

Why Is Security important?

What do you do when you purchase a new car, a home, or even a new mobile phone? You take care of these assets so that they are protected. Taking care of their security means you invest money in insurance, adopt safety measures, and also change your behavior if it puts your assets at risk. Similarly, your website is the asset that you should actively protect. You will have to pay more for financial losses if your asset is attacked. Time and frustration have no fixed monetary value but they cost huge. Your best option is to save your website before it gets attacked. Website security is important in this regard.

Who will attack your website? For starters, there are millions of hackers storming the internet every day and millions of websites do get hacked. Your website doesn’t to be a popular one or old one to get attacked. Just launching your website is enough to attract hackers. There are several automated scripts that run across the internet looking for security vulnerabilities. If your site is having one, hackers can easily break into your website.

What can hackers do? There is no limit to what a hacker can do once he has access to your website. They can steal all sorts of data that can include customer data, your financial information, and other credentials.

Apart from stealing, hackers take complete control of your website, leaving you completely powerless to do anything. There is a chance that you will lose all your data permanently. Think about all the hard work you put in. All of it can vanish in thin air once your website is hacked. 

Therefore, website security is very important. There are many ways your website can become vulnerable to security threats. You need to make sure that there are adequate measures in place to address such threats.

What are the types of attacks you should be aware of? Here are the top 10 security attacks explained. 

Let’s get started. 

  1. DDoS
  2. Brute Force Attack
  3. Malware
  4. Path Traversal
  5. File Upload Vulnerabilities
  6. Remote File Inclusion
  7. SQL Injection
  8. Password Attack
  9. Cross-Site Scripting
  10. Phishing

1. DDoS

DDoS stands for “Distributed Denial of Service” attack. The purpose of a DDoS attack is to make the target website inaccessible to users. A successful DDoS attack means the website under attack is no more available online. DDoS is a non-intrusive type of attack. Here, the goal is not to breach into the website but to attack it with multiple requests and take it offline or slow it down by flooding the network.

How is this attack carried out? For the sake of understanding, let’s a web server can handle 1k requests per minute. Hackers then send 5k-10k requests to the web server, which it obviously cannot handle. Another way is to send bogus requests. Either way, the website is then not available to legitimate users. As a result, the website is as good as offline since users can no longer access it. Hackers use compromised computers, systems, websites, and an army of zombie devices called ‘botnets’. These botnets attack the target website and take it down. They do these by overloading the system.

What are the effects of a successful DDoS attack? With DDoS attacks, hackers cannot steal the website data. The goal is to affect website traffic by making the website inaccessible. Once the DDoS attack is successful, there can be the following harmful consequences to your business that include but are not limited to the following:

  • The site will not be accessible by you or your visitors.
  • You will lose loyal web users during the attack.
  • Users will not be able to access any of the content on your website.
  • If you are having an online store or WooCommerce shop, you may lose a lot of money due to disrupted business.
  • If your website offers services of various kinds, there will be a disruption of services.
  • If you are a blogger, you will lose revenue from ads and content distribution.
  • The credibility of your website and in turn, your business is affected.
  • You need to hire security professionals to get back your site back online which adds additional expenditure.

You can take preventive measures against DDoS attacks. Communicate with a security expert to know what can be done to avoid this kind of attack. You can also reach out to us. Our team of experts can guide you.

2. Brute Force Attack

Brute Force literally means the use of force without using much intelligence. And these attacks are indeed like that. A brute force attack is like “guesswork”, where a lot of guessing of the right username and password combination takes place. Once the attacker has the right combination of username and password, he/she can access your website and all the data in it. It is very difficult to catch the perpetrator once he gains access to your website. The best time to stop such attacks is when it is in process.

How does this attack take place? The attacker takes the help of a bot (a computer, a piece of code, or artificial intelligence) and it then tries various credentials until it finds the right one. This process is similar to trying plenty of keys to the lock in the hope of eventually finding the one that fits. In a basic attack, the attacker uses a dictionary of common passwords and tries it on the targeted website. An 8 character alphanumeric password – capitals and lowercase letters, numbers, and special characters – can be cracked within two hours. You might be surprised then how easy it is to crack weak password – username combinations.

How to prevent brute force attacks?

There are a couple of ways you can strengthen your security against brute force attacks. Here are a few things you can try for yourself:

Have a longer password: More characters in a password make it hard to crack the password. Longer passwords take more time in brute force cracking.  

Make the password more complex: More options for each character also increase the time to brute force crack. Complex passwords are hard to crack

Limit login attempts: You can limit login attempts with the help of a plugin. Brute force attacks increment a counter of failed login attempts on most directory services – a good defense against brute force attacks is to lock out users after a few failed attempts, thus nullifying a brute force attack in progress.

Implement Captcha: Captcha is a common system to verify a human is a human on websites. Captcha or ReCaptcha can stop brute force attacks in progress.

Use multi-factor authentication: Multi-factor authentication adds a second layer of security to each login attempt that requires a human intervention, which can stop a brute force attack from success. There are many two-factor authentication plugins available in the WordPress plugin repository that you can use for your WordPress website.

There is no such thing as a full-proof password. With a brute force attack, any password can be cracked. The only question is how much time it takes to crack the password. You can certainly have a password that will take months to be cracked. Adopt adequate security measures for your website, and you should be fine from these attacks.

3. Malware

Malware is short for ‘malicious software’. Malware is a threat to your cybersecurity. Such software can be installed on your system without your knowledge. Malware is used to gain access to confidential data, credentials, financial information, customer data, and the website’s administrative privileges.

There are a few types of malware that you should know. 

Virus: Viruses can corrupt your system and make it inaccessible. A virus can also be used to steal information, create botnets, harm computers, networks, and systems, steal money, render advertisements, and more. A virus can copy itself and spread to other computers.

Worm: Worm is a common malware that takes advantage of security vulnerabilities. A Worm is a standalone program that replicates itself to infect other computers. Unlike a virus, a worm does not need human interaction to spread. Worms can delete files on a host system, encrypt data for a ransomware attack, steal information, delete files, and create botnets.

Trojan Horse: Trojan horse is a type of threat that takes place when a malicious code enters your system disguised as a normal, harmless file or program to trick you into downloading and installing malware. The moment you install a Trojan, cyber criminals can get access to your system. Once a cyber criminal has successful access to your website, he or she can steal data, install more malware, modify files, monitor user activity, destroy data, steal financial information, conduct denial of service (DoS) attacks on targeted web addresses, and more. 

Spyware: As the name suggests, this type of malware spies on you. It tracks your browsing, keystrokes, and other activities that occur on your website. This information can then be used against you. Spyware takes advantage of security vulnerabilities and can often come bundled with a trojan horse. 

Ransomware: These are one of the ugliest types of malware. Ransomware literally asks ransom from the victim. This type of malware holds your precious data and threatens to destroy it if the ransom is not paid. During ransomware attacks, access is restricted and many of the files are encrypted to bar access. The system restores to the original state only after the ransom is paid.

What can you do to prevent a malware attack? You need to continuously monitor your website and your system for malware. There are many security plugins for WordPress that provide malware scanning. Using antivirus software is also effective in detecting malware on your system.

4. Path Traversal

Path Traversal, also known as ‘Directory Traversal’, “directory climbing”, and “backtracking”, is an attack that attempts to access files and directories that are outside the web root folder. Such directories may include administrative directories such as ‘config’ or other crucial files.  With Path Traversal, the attacker can gain access to restricted directories and files. It is also possible to execute commands outside of the web server’s root directory when this type of attack is successful. 

The web server itself can have security vulnerabilities that can make it susceptible to path reversal attacks. You can web vulnerability scanner to check if your web server is vulnerable or not. 

5. File Upload Vulnerabilities

File upload vulnerability is a major problem commonly associated with web-based applications. This type of vulnerability allows the attacker to upload a file with malicious code that can be executed on the server. Ultimately, the attacker can access the system. For this, a simple PHP file that is uploaded to the server without any restrictions can suffice. Many times, websites do not validate the type of file being uploaded to their web server. Attackers take advantage of this negligence.

6. Remote File Inclusion

Remote File Inclusion or RFI, for short, is a tactic that exploits web applications that dynamically include external files or scripts. The attacker’s goal is to exploit such vulnerabilities to insert malware into your system and gain access to your website. Like other cyber attacks, Remote File Inclusion can result in information theft, website takeover, or compromised servers. A dedicated security solution is needed to mitigate such attacks. Many experts advise never to include files based on user input. This may not always be possible. Therefore, It is advisable that you have a security check of your website for vulnerabilities.

7. SQL Injection

SQL injection is a common hacking technique. In this method, a malicious code is injected into your database using different techniques or methods. SQL databases include MySQL, Oracle, SQL Server, among others. Once the attackers get access to your database, they can modify, add, or delete data. It is also easier to gain access to the user credentials once SQL injection succeeds. In some cases, this type of attack can also be used to perform a denial of service (DoS) attack. The attackers can also get access to all the data on the database server. This can pose a significant risk of damage if there is financial data on your database server.

8. Password Attack

The name says it all. A password attack means an attack that is performed by using your password. This is the most common type of attack. The method by which password can be obtained may vary but the outcome is always the same: the attacker has your password and it can be used to gain access to your system and website. A password attack usually does not require malware. A brute force attack is also a method to find the password.

How can you prevent a password attack? Here are some tips that can help:

Secure Passwords: Keep your passwords safe and confidential.

Use Strong Password: Create a strong password by using a combination of characters that includes upper case letters, lower case letters, symbols, and numbers. 

Never repeat a password: Never use a password repeatedly. It means no two websites should have the same password. Use a different password for each place. Having a common password will help the attacker to breach into your other accounts as well. 

Don’t Use Common Passwords: Google ‘most commonly used passwords’ and do not use any variations of those as your password. 

Frequently Change Your Passwords: Do not keep the same password that you used months ago. Ideally, you should change your password every 30 days. Modern financial institutions make it mandatory to change passwords every 3 months. 

A password attack is a simple but effective type of security attack. Once the perpetrator succeeds in gaining access to your user account, all hell can break loose. You can lose your precious data and your website.

9. Cross-site Scripting

Cross-site Scripting is also referred to as an XSS attack. This is a type of injection attack (like SQL injection) where trusted sites are injected with malicious code. Malicious code is often sent in the form of a browser side script which is then delivered to the user at the other end. The browser has no way of verifying if the code is malicious as it comes from a trusted source. The malicious script can then access any cookies, session tokens, or other sensitive information retained by the browser. These attacks are most common with JavaScript but are also possible with are possible in VBScript, ActiveX, Flash, and even CSS.

10. Phishing

When you go fishing, you throw a bait to the fishes, and eventually one of them goes for it and you grab your fish. Phishing, although it sounds like fishing, is somewhat different. It is similar to fishing in that the attacker uses bait to lure users into submitting their information. The only difference is that the bait is a digital one, mostly in the form of a website that poses as an authentic and trusted one. Deception is the core of phishing attacks. These types of attacks often use emails as well. 

Most of phishing scams are related to bank emails. You receive an email that looks like from your bank. Once open the link you are taken to a fake portal where your credentials are asked. This way, the criminals get your information. Phishing is one of the most widespread cyber attacks. 

How to avoid phishing attacks?

Simply don’t open email links that ask you to enter your credentials. Never visit banks or financial websites from your email links. Make sure you have visited the authentic website. Careful browsing can prevent you from being a victim of phishing attacks. 

So this was our list of common security attacks you should be aware of. We hope this article added to your knowledge. If you are concerned with the security of your WordPress website, you can reach out to us. We would love to help. Leave us a comment if you have anything more to add.

Do This When Your WordPress Website Is Hacked

Do This When Your WordPress Website Is Hacked

Is your WordPress website hacked? Maybe you doubt it, or you are pretty sure that it is indeed hacked, in either of the cases you need to handle the situation calmly and rationally. This article explains what you should do when your website is hacked. We describe a step by step approach to get back your functioning site when all seems lost.

Step 1: Don’t Panic

Yes, you read it right. Don’t panic is the most crucial piece of wisdom you will find in this situation. Being worried is one thing, and having a panic attack is quite another. Panicking doesn’t help in any way. When your website is hacked, you need to make careful decisions and follow specific procedures. All of this is impossible without a calm mind. So first of all, calm yourself down. And do not panic.

Here are the things that might need your attention when you stay calm:

  • Assess the hack: Figure out the severity of the hack. Try to be specific about the impact on your website
  • What have you lost so far?
  • Who can you contact?
  • What information you have with you?

Once you figure these things out, it will be easier for you to take the next steps.
A rational mind is always better than an erratic one.

Step 2: Check the status of your Website

You figured that your website is hacked because you noticed something was wrong with it. Maybe some spammy links were crawling on your website, some piece of utility was malfunctioning, or the whole site was inaccessible. Whatever the case be, you should check the status of your
website thoroughly.
Here are the things to check:

  1. List out the things that don’t work on your site. Let’s call these casualties.
  2. Rate the severity of these casualties. Gather some data about the nature of these casualties. The more you observe your website, the more you will be able to find useful data about the hack.
  3. Find out the things that are working just fine despite the hack.
  4. Is your website accessible through different browsers?
  5. How is your website working on mobile devices?
  6. Check which plugins are working
  7. Note down the plugins which are active on your website
  8. Gather any information you find useful

Step 3: Contact your Web Host

Once you have all the information you could gather, it is time to contact your web host. You must tell your web host about the situation so that your host can take measures against the hack. Nobody likes a hacked website, and your web host will help you out with whatever way possible.

This is especially true with managed WordPress hosting like Nestify, where WordPress experts help you out when your WordPress website is hacked. Our team of experts professionally cleans out your website and gets rid of the hack. Your website is back, fully restored, and fully functioning.
Contact your web host.

Step 4: Hire a Professional

If your web host is unable to recover your website, then you should consider hiring a professional. There are security professionals who specialize in recovering hacked websites. You do need professional help. It’s time you should avail help that you need.
You can hire someone you know, or you can try online services. Just be sure you hire someone reliable.

Step 5: Restore a Backup

If you do not get a WordPress professional to help you recover your website, then you can try this step for yourself. You can restore a backup of your website.
You need a backup copy of your website for this. If you are using a backup plugin, you will find a recent backup that will serve the purpose.
Just delete your website and restore this backup.

Step 6: Remove Malware

You can use security plugins to remove malware from your website. You should opt for a premium plugin to remove the malware thoroughly.

Since your website is hacked, you must remove malware from it to have the functioning website as earlier. This is an essential step every professional WordPress expert performs in the case of a hacked website.

Step 7: Update Everything

Once you have removed malware from your website, it is time to update everything about your website.
Update the WordPress core to the latest.
Update your WordPress themes.
Ensure you have the latest versions for all the plugins you are using.
And most importantly, create a backup.
Updating will ensure protection against known security vulnerabilities. It takes you a step closer to security. You can also read about how to analyze the security aspects of WordPress plugins.

Step 8: Change User Permissions

You should check and change user permissions for your website. After your website is hacked, it is more than likely that user credentials are compromised. You need to reset or change the user permissions to ensure better control over your website.
You can change this through Dashboard>>Users and then select the user.

Step 9: Change Passwords

This should come as a no-brainer. The moment you know your website is hacked, the first thing you should remember that your old passwords are a security risk.

Change all your passwords. It is better to be safe than sorry. Change passwords of not just the linked accounts but also of those you think might be compromised because of the hack.

So these were the essential steps you would need to take when your website is hacked. It is important that you should seek professional help. Contact your web host, hire a professional, or at least use a security plugin to remove malware. If you are using a managed WordPress hosting like Nestify, then you need not follow any of these steps as our experts handle everything for you.

5 Things Your Audience Want To See From Your WordPress Store

5 Things Your Audience Want To See From Your WordPress Store

Online audiences are fickle and picky. You may have a brilliant business idea, with excellent branding and a clear target audience. However, if your website is missing a certain set of elements you risk marking yourself as somewhere undesirable to shop. To avoid being tarnished with that brush and make yourself as appealing as possible to first-time visitors, here are a couple of things you need to include in your WordPress store.

Social proof

Customers trust the opinion of other shoppers more than anything else. If you want to try and convince first-time visitors to shop with you, you need to harness the power of the social proof phenomenon. Social proof can take many forms, but customer reviews are the most common and effective. Every time someone shops with your store, you should send an automated email asking them to leave a review. You can manage these through your own internal review service, but it’s much more convincing to use a trusted review website such as Trustpilot. Once you’ve accumulated enough reviews to give yourself an impressive positive score, you should present it prominently on your website, throughout major landing pages and as part of your branding. Another convincing form of social proof audiences will look out for is testimony from customers and businesses you’ve worked with. Ask some customers to write about their experience on top of giving a star rating. You can cherrypick the best to complement your overall score. When you work with a recognized brand or business ask them to write something about your business that you can post on the website. Mixing these two kinds of social proof helps you to cover the bases of all types of customers who will visit your website.

Team profiles

Customers love to know there’s a human face behind the website they’re shopping with. Websites with little personality may get some customers, but they’ll very rarely convert them into loyal shoppers who have a vested interest in the brand. Profiling your team and giving a peek behind the scenes are two great ways of giving your audience a greater idea of who you are and make for easy content marketing ideas that will bring your website to life. Your team is no doubt full of interesting people with different backgrounds. Harness that idea by uploading Q&A videos with them that tell their story and gives audiences greater insight into who is helping them through the customer service or curating the website. Think about traditional customer service, the kind you’d get in a local store. When you step inside you have a friendly face greeting you, giving you product advice and serving with a smile. This is harder to achieve online. Chatbots may be getting more sophisticated, but being able to put a face to the name is priceless. Content-based around your team is an essential step to doing that.

Video

The internet wants video content more than anything else. Just like the introduction of television saw it dominate the media landscape, users today are swarming the web for as much video content as they can possibly find. 55% of internet users will watch at least one online video every day. They’re a serious draw. If your website is lacking in video content it will make it difficult for you to keep users onboard. There are lots of opportunities you may not even initially think of to place video content throughout your website. You don’t need to invest in a big video project series that you also roll out across social media. You can simply shoot little videos of your packaging and delivery process to give your users a clearer idea of the process they’re buying into. Likewise, you can use video to complement your product pages. Static product pages with a bit of copy and some generic stock images don’t tell new visitors much about the product or allow you to bring any sense of your own brand personality into the sale process. By shooting some videos for key products you can give a clearer picture as to their benefits.

Security

Nothing is a bigger turnoff to new customers visiting your website for the first time than a clear lack of security. If it looks like you haven’t made the effort to make your website secure or the customer has an inkling you’re a scam website, they will vacate as soon as they can.
There are a couple of key security measures you need to hit no matter what creative design ideas you have for your website. First of all your website needs an SSL certificate. This is a digital certificate that makes it clear to your visitors that the data transmitted between them and your store is safe and secured. These are relatively simple to add to your WordPress website. Even if you don’t have a very techy audience, these are so familiar that it has become second nature to look for them. You also need to make sure your payment gateway is secure. This is the point in the buying process where the shopper will be most attentive to security concerns and cautious of any possible issues. This service authorizes and processes payments, so make sure it’s secure and obvious to the customers.

Social media activity

Not strictly on your website, but something the average user will want to see your brand doing. Social media interaction is an essential brand-building activity that gives your business more personality and helps establishes you with new audiences. A consistent stream of social media content is a great way to tell new audiences that you are a real business with genuine, creative people behind it. In many ways, it’s an amalgamation of everything we’ve talked about so far. It’s a place to show your creativity with content and assure you’re a safe place to shop with. For many people checking social media is an essential part of the buying process, so treat it as equal with your website. Your website should be present across multiple channels, allowing you to show off as many different facets of your content and marketing strategy. If possible, work this feed into your website. This kind of integration can be a signal to first-time visitors that you are active and have a responsive community behind you. While there is no ‘right’ way to do a WordPress store, there are definitely certain conventions beginning to emerge that any store looking to succeed needs to follow. These are just a few, there is always a lot more you can do. As always, remember to add a sprinkling of your own personality across everything you do on your website.


Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in /storage/v1/wpwarrior/public_html/wp-includes/functions.php on line 5373

Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in /storage/v1/wpwarrior/public_html/wp-includes/functions.php on line 5373