Domain Leasing Specialists

Posts Tagged Security

MX Guarddog Anti-Spam and Anti-Virus Filtering Service

MX Guarddog Anti-Spam and Anti-Virus Filtering ServiceFollowing our announcement on the 29th March 2017 that we would be retiring CPanel BoxTrapper software from our servers we reviewed several other options and have been trialling the use of the MX Guarddog antispam.

Several of our clients have now moved across to this service, migrations have not only been smooth, without any technical issues, but more importantly we have not received any reports of missing emails during, or after the migration process.

The switchover to this service is almost instantaneous, clients do not need to alter any of their desktop, tablet or mobile device email settings. Propagation across the internet of the new MX records can take 24 – 48 hours therefore for a period of time following the migration some email will arrive via the original channels which may include spam, after two days this has generally ceased.

The service has resulted in an average of 82.75% of email being classified as Spam across the examined accounts throughout April 2017, saving ourselves and our clients much valued time in dealing with these unwelcome emails.

Viruses have been captured at the service end and emails blocked successfully.

DLS Spamflare Service

DLS Spamflare

We are pleased to announce that we have now established a White Label version of the software in concert with Mx GuardDog known as DLS Spamflare and our customer accounts whom have been trialling the service have now been migrated across to this bespoke service.

Quarantine Emails

DLS Spamflare Quarantine EmailOur clients by default receive twice daily email quarantine reports which detail email that is currently held in their quarantine queue that has been initially marked as potential spam.

Feedback has been that the quarantine emails are of great benefit, definite spam, from blacklisted IP addresses, incorrectly set up mail servers, invalid MX DNS records etc. are not reported within the quarantine email, only email that is ‘potentially spam’ is reported.

By simply clicking on the subject line of an email that is listed within the quarantine email allows the user to release the email or release the email and white list the sender.

We can alter the number of quarantine reports sent per day and the times that these are sent out by the service or even stop them completely.

The entire quarantine queue is retained for a minimum of 7 days but may be as long as 14 days dependant on your email volume.

Spam Aggression Settings

Feedback to date has been that that the aggression levels we have set by default are working, although the aggression levels can be reduced or increased by request.


Client’s contact lists can be uploaded to the service so as to automatically whitelist any emails received from their contacts, as well as the ability to whitelist a domain so that email from any address at the whitelisted domain will automatically be delivered.


Email addresses and email from a domain can also be blacklisted as required.

Want the DLS Anti-Spam and Ani-Virus Filtering Service?

We are now making this service available to all our clients, if you are interested in discussing the options open to you then please contact us for further details and pricing.

WordPress Sites – Security and Essential Plugins

It took us a long time to embrace the use of open source platforms but once we did we accepted that these were going to be the way forward, with the mass availability of themes at very little cost in reality it takes a lot to shy away from them and revert back to the use of basic HTML mark-up for a general day to day website.

WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. WordPress is both free and priceless at the same time.

More simply, WordPress is what you use when you want to work with your blogging software, not fight it.

As it is open source software it is regularly updated and is free, which of course is great news, but with that comes the associated problem that hackers have easy access to the software source code and this makes WordPress sites open to hacking on a regular basis.

In this blog post we will discuss the steps that we consider an absolute minimum must when installing and configuring your WordPress site so as to protect your website as much as possible from future hacking attempts that it will inevitably receive.

Similar advice applies really (although not specific to this post) for all other self-hosted software, shopping cart systems, survey systems etc.


WordPress Database is like a brain for your entire WordPress site because every single piece of information is stored in there thus making it a hacker’s favourite target. Spammers and hackers run automated codes for SQL injections and you will make it easier for the hackers to plan a mass attack by retaining the default database prefix ‘wp_’.

Therefore, when setting up the database make sure that you do not use the standard database prefix of “wp_”


The standard username for the Administrator with all the powers to change anything on your site is “admin”; never ever use this username or allow it to be registered as a user!

At the point of installation/set up use an administrator’s name that is very random and one that is not easy to guess by anyone. Only ever use this admin account for installation, set up and subsequent configuration of your WordPress site, never use it to make any posts or write any pages on your WordPress site.

Once your site is set up and configured set up another user account with roles/privileges as an Editor (Somebody who can publish and manage posts including the posts of other users) or an Author (Somebody who can publish and manage their own posts) We would suggest the role of Editor for the site owner/administrator and Author for other people you wish to have full access to make posts on your WordPress site – An Author cannot write or edit pages whilst an Editor can. You can read more about WordPress roles here.

When setting up the users always set the public Display Name to something other than the log in username.

Whilst we are talking about Usernames, it may be an idea for you to have a read through our article on Usernames and Passwords.


There are many thousands of different plugins available to do just about anything you can think of with a WordPress site, the majority of which are free to download and use, for those that charge for their plugin usually they have a ‘light’ version that will do the basics for you free of charge and thereafter you can purchase the enhanced version if you can see the added value given the purchase costs.

Several plugin authors may ask you for a voluntary contribution to use the plugin and in our opinion, if you see a benefit from using the plugin then it would be only right if you expect free updates of the plugin and for it to compatible with all the latest versions of WordPress moving forward that you do make an appropriate donation. If no one did then the plugin author would eventually get fed up of updating it and you would need to replace it relatively quickly.

Below are a few plugins that we consider are almost an absolute necessity to assist you with the day to day management of your WordPress site and its security, by default all WordPress installations that we work with have as a minimum the following:-



Wordfence is the Leading Cyber Security solution for WordPress. It provides a Complete Anti-Virus and Firewall Package for your WordPress Website including Two Factor Authentication, a Firewall incorporating Machine Learning and Tools to help Recover from a Hack.

Wordfence Security is available free. Simply sign into your WordPress website, Go to Plugins > Add New > And search for ‘wordfence’.

The premium version includes enterprise WordPress Security features like Two Factor Authentication and Country Blocking, however, see below for the two factor Google Authenticator.

Google Authenticator

The Google Authenticator plugin for WordPress gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.

If you are security aware, you may already have the Google Authenticator app installed on your smartphone, using it for two-factor authentication on Gmail/Dropbox/Lastpass/Amazon etc.

The two-factor authentication requirement can be enabled on a per-user basis. You could enable it for your administrator account, but log in as usual with less privileged accounts.

If you need to maintain your blog using an Android/iPhone app, or any other software using the XMLRPC interface, you can enable the App password feature in this plugin, but please note that enabling the App password feature will make your blog less secure.

Google Authenticator is available free, simply sign into your WordPress website, Go to Plugins > Add New > And search for ‘Google Authenticator’ by Henrik Schack

Google Authenticator – Per User Prompt

The Google Authenticator plugin is a great way to add two-factor authentication to your site, but it does have one major drawback: it asks every user for the authentication token, regardless of whether they have 2FA enabled or not. This can be confusing for users, which prevents some administrators from using the plugin on multi-user sites.

This plugin modifies the way that Google Authenticator behaves so that only users who have it enabled are prompted for the token. If a user doesn’t have it enabled, then they’ll proceed directly to the Administration Panels; if they do have it enabled then they’ll be prompted to enter their 2FA code.

Google Authenticator – Per User Prompt is available free, simply sign into your WordPress website, Go to Plugins > Add New > And search for ‘Google Authenticator – Per User Prompt’ by Ian Dunn.

Backup Programs

When it comes to software installations then we can say no more other than backup, backup and backup – one day you will thank yourself for making the effort and this day and age offsite backup for many server software installations can be done for free!

BackupWPup Free

The backup plugin BackWPup Free can be used to save your complete installation including /wp-content/ and push them to an external Backup Service, like Dropbox, S3, FTP and many more, see list below. With a single backup .zip file you are able to easily restore an installation.

• Database Backup (needs mysqli)
• WordPress XML Export
• Generate a file with installed plugins
• Optimize Database
• Check and repair Database
• File backup
• Backups in zip, tar, tar.gz, tar.bz2 format (needs gz, bz2, ZipArchive)
• Store backup to directory
• Store backup to FTP server (needs ftp)
• Store backup to Dropbox (needs curl)
• Store backup to S3 services (needs curl)
• Store backup to Microsoft Azure (Blob) (needs PHP 5.3.2, curl)
• Store backup to RackSpaceCloud (needs PHP 5.3.2, curl)
• Store backup to SugarSync (needs curl)
• PRO: Store backup to Amazon Glacier (needs PHP 5.3.3, curl)
• PRO: Store backup to Google Drive (needs PHP 5.3.3, curl)
• Send logs and backups by email
• Multi-site support only as network admin
• Pro version and support available – BackWPup Pro

BackWPup Free is available free, simply sign into your WordPress website, Go to Plugins > Add New > And search for ‘BackWPup Free’ by Inpsyde GmbH.


Once you have installed BackupWpup Free you will need somewhere to save your backed up files, use a DropBox account, you can sign up for free at and get 2GB of storage absolutely free, that should be sufficient for several daily backups of your WordPress site.

Advanced Automatic Updates

Advanced Automatic Updates adds extra options to WordPress’ built-in Automatic Updates feature. On top of security updates, it also supports installing major releases, plugins, themes, or even regular SVN checkouts!

Advanced Automatic Updates is available free, simply sign into your WordPress website, Go to Plugins > Add New > And search for ‘Advanced Automatic Updates ‘by pento.

And Finally, a Small Plug…

If you have a WordPress site that you need assistance with, need hosting or need a new site then give us a shout! We would be delighted to assist you.

DLS Spamflare Anti-Spam and Anti-Virus Filtering Service

After successful trials of the MX Guarddog anti spam software by ourselves and several of our clients we are pleased to announce that we have now rolled out the DLS Spamflare Anti-Spam and Anti-Virus Filtering Service, which is a white label version of the MX Guarddog Anti-Spam and Anti-Virus Service. Further details can be read here.

By continuing to use the site, you agree to the use of cookies. More Information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.