PerceiveArt.com is a project started by Sonja Švec Španjol. It’s goal is to promote talented artists who did not get a proper chance to present their work to the world (due to political or whatever reasons).
Since this is a non-profit project, website budget for the development and maintenance over the years was limited. But the years caught up with the website and not everything was working as it should anymore. Sonja wanted to change that and to make sure that the risk of any potential problems appearing in the future is reduced to bare minimum.
We used multiple scanning tools alongside manual checkups of both server and PerceiveArt.com (WordPress installation). We found no security issues from the server side, while WordPress installation definitely had some room for improvements in security and stability areas alike.
The goal was to remove all the files and folders which were cluttering the server but were not needed anymore. Most noticeable were server core dumps which were taking close to 1GB of server’s disk space.
As we were told, the website gallery was causing many problems in the past and solving them included plugin updating and switching the website between multiple PHP versions. Although all of that was solved before we started the website analysis, the gallery was broken again.
This time the problem was in folder permissions which were preventing the gallery from reading (displaying) the uploaded images. After this problem was quickly solved, we re-checked the overall plugin integrity to make sure that this time it works for the long run.
Loading time of the website was reduced to 1.39 seconds from the initial 7.21 seconds. Also, number of requests per page was reduced from 179 to 141.
PerceiveArt website is using phpList as their newsletter subscription / sending system. The issue was, default behavior of phpList requires for the web browser to remain open while the sending process is in action.
The solution to this was easy, so called “Cron Job” was set up. Cron Job is used for scheduling tasks which will automatically run on server at some point in time or under some specific conditions. In this case, Cron Job takes over after the newsletter sending is initiated so that user can close the browser/phpList without newsletter sending being interrupted.
We also set up SMTP (simple mail transfer protocol) for the newsletter address to avoid PerceiveArt’s messages going to spam-boxes of their subscribers.
SSL Certificates are used for data encryption on user’s PC to website server relation. This way, chances of third parties intercepting data such as passwords and credit card data are reduced. But not only that, SSL Certificates are quickly becoming a standard and Google is giving SEO benefits to the websites which use SSL encryption. From July 2018 new versions of Google Chrome will mark websites without SSL Certificate as “not safe”.
We installed free “Let’s Encrypt” SSL Certificate on client’s server and made all the required optimizations for it on the website level.
Brute force attack could easily be translated into “password guessing” attack and it is probably the most used method of WordPress intrusion. I talked about this and some other attack methods in my article on “Why Websites Get Hacked“.
Both local and network brute-force protection are now enabled on the website. Aside from that, some other security features were implemented as well, such as auto-blocking of users trying to log in with “admin” and “administrator” usernames, limited number of password attempts per session, masking wp-admin login url etc.
PerceiveArt.com is now running better than ever and it’s owner can focus on helping talented artists while her website is a much more pleasant experience for all the visitors who want to see beautiful and inspiring art. 🙂
If you would like your WordPress to be clean & protected, fast loading and stable, don’t hesitate to contact us.