News All the latest from Eicra Soft Ltd [eicra.com]

Announcements
Feb
18
Releasing of version 3.0.0
Posted by Eicra™ - Senior L3 Support Team on 18 February 2016 8:29 PM

Let me start by thanking all of you for continuing support. 

The Development of version 3.0.0 was begun with some assured targets. We were determined about our Product potential performance and we have accomplished at the crest of a summit with the best Eicra Products version 3.0.0. We are announcing that releasing of version 3.0.0 will be delayed for another 15 days due to some backend incompatibility problem from our end. We are delaying for the betterment of the products superiority.

From the prospect of the company, the software will provide a whole package which will be helpful for online users. A difference can be seen in the formation of a website, the template style, the layout design which will be available in version 3.0.0. It will also take care of the tough effort and eliminate the requirements for coding for clients.

The focus point was to create an overwhelming user experience, as well as the simplest way to use. Possibly, Version 3.0.0 is regarding a grand deal more than only a different FrontEnd. This is a massive configuration for our clients.

The early response from our customers has been as positive as we expected. Mark Thomas, from England, recently said, “Eicra Products are highly developing software for us. We have used it for years. It makes easy and comfortable to set up and we get everything in template wise. I desire to get the latest version with new features soon. I am waiting excitedly for version 3.0.0.”

In order to fulfill our promise to make our all products as excellent as you desire, we need 15 days more to confirm our product’s standard. We always try to bring up something new that makes you feel, you are on the zenith in your business. It will be presented before you with many great features. It could provide achievement only when it's accomplished effectively. Eicra Soft Limited is conceitedly announcing version 3.0.0 update very shortly in time.

Our software’s version 3.0.0 also proposes inconceivable potentials where the advanced technology used to modify and get better features in order to continue constant position at the top. As we declared, Version 3.0.0 is not far-off at this point, make ensure to observe about our entire site and other networking accounts.


About Version 3.0.0

Version 3.0.0 is the latest version which will be introduced soon. Our center of attention is on making product for the clients who wants to handle their business in a different way.  Version 3.0.0 is currently their latest version makes on various products. 


Read more »



Jul
9
WordPress Security Tips to Help securing your website.
Posted by Eicra™ - Senior Support Team on 09 July 2015 1:00 AM

WordPress is the most popular blogging and CMS system on the Internet which makes it a target for hackers. Having a WordPress site means that you have to take some extra efforts in order to protect your and your user's data.Here is a summary of the best practices for securing a WordPress, that will help you do that. It is important to mention that these measures don't guarantee a 100% protection against hacking attempts, mostly because a 100% secure website doesn't exist, but they will protect you against the majority of attacks.

 

Step 1)  Keep your WordPress site and plugins up-to-date

 

In most cases, WordPress blogs are compromised because their core files and/or plugin are outdated; outdated files are traceable and it’s an open invitation to hackers. Everything is working just fine, why should I touch plugins? The same reason you’d updating any other software — even more so with themes and plugins — because they don’t necessarily go through the same vetting and testing as WordPress core (unless you’re using StudioPress themes and plugins). 

 

Step 2)   Protect your WordPress Admin Area

It is important to restrict the access to your WordPress admin area only to people that actually need access to it. If your site does not support registration or front-end content creation, your visitors should not be able to access your /wp-admin/ folder or the wp-login.php file. The best you can do is to get our home IP address (you can use a site like whatismyip.com for that) and add these lines to the .htaccess file in your WordPress admin folder replacing xx.xxx.xxx.xxx with your IP address.

<Files wp-login.php>
order deny,allow
Deny from all
Allow from xx.xxx.xxx.xxx
</Files>

In case you want to allow access to multiple computers (like your office, home PC, laptop, etc.), simply add another Allow from xx.xxx.xxx.xxx statement on a new line.

If you want to be able to access your admin area from any IP address (for example, if you often rely on free Wi-Fi networks) restricting your admin area to a single IP address or to few IPs can be inconvenient. In such cases we recommend that you limit the number of incorrect login attempt to your site. This way you will protect your WordPress site from brute-force attacks and people trying to guess your password. For such purposes, you can use a nice little plugin called Limit login attempts.

 

Step 3) Never use “admin” as your username

 

Earlier this year, there was a spate of brute-force attacks launched at WordPress websites across the web, consisting of repeated login attempts using the username ‘admin’, combined with a bunch of common passwords.

If you use “admin” as your username, and your password isn’t strong enough (see #3), then your site is very vulnerable to a malicious attack. It’s strongly recommended that you change your username to something less obvious.

Until version 3.0, installing WordPress automatically created a user with “admin” as the username. This was updated in version 3.0 so you can now choose your own username. Many people still use “admin” as it’s become the standard, and it’s easy to remember. Some web hosts also use auto-install scripts that still set up an ‘admin’ username by default.

Fixing this is simply a case of creating a new administrator account for yourself using a different username, logging in as that new user and deleting the original “admin” account.

If you have posts published by the “admin” account, when you delete it, you can assign all the existing posts to your new user account.

 

Step 4) Strengthen up those passwords


According to this infographic, around 8% of hacked WordPress websites are down to weak passwords.

If your WordPress administrator password is anything like ‘myChildName’, ‘abc123’, or ‘password’ (all way more common than you might think!), you need to change it to something secure as soon as possible.

For a password that’s easy to remember but very hard to crack, I recommend coming up with a good password recipe.

If you’re feeling lazy, you can also use a password manager like LastPass to remember all your passwords for you. If you use this method, make sure your master password is nice and strong.

 

Step 5 ) Consider two-factor authentication

Enabling two-factor authentication for your WordPress website will significantly improve the security of your website. One of the easiest ways to do this is to use Clef to authenticate using your mobile phone.  Find Clef Two-Factor Authentication   or any other good plugin for two factor authentication. Clef is a free replacement for usernames and passwords that makes logging into your WordPress site easier and more secure.

 

Step 6 ) Ensure your computer is free of viruses and malware

If your computer is infected with virus or a malware software, a potential attacker can gain access yo your login details and make a valid login to your site bypassing all the measures you've taken before. This is why it is very important do have an up-to-date antivirus program and keep the overall security of all computers you use to access your WordPress site on a high level.

 

Step 7) Disable file editing via the dashboard


In a default WordPress installation, you can navigate to Appearance > Editor and edit any of your theme files right in the dashboard.

The trouble is, if a hacker managed to gain access to your admin panel, they could also edit your files that way, and execute whatever code they wanted to.

So it’s a good idea to disable this method of file editing, by adding the following to your wp-config.php file:

define( ‘DISALLOW_FILE_EDIT’, true );

 

Step 8)  Secure your WordPress through .htaccess  

.htacess is a configuration file that allows you to override your server’s global settings for the directory that it’s in, by limitting file access. There are several ways of making your WordPress secure (using WordPress best practices, security plugins, content delivery networks…) and configuring your .htaccess is just one of them, the one that belongs to the domain of prevention

WordPress best practices suggest you protect your wp-config.php file and you can do that by adding:

<files wp-config.php>
order allow,deny
deny from all
</files>

# Prevent any directory browsing:
Options All -Indexes

# Adding this to your .htaccess will prevent hotlinking from happening:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?YourDomain [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]


# Protect the .htaccess Itself

<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>



Protect /wp-content Directory

WordPress holds all your media files in here and they’re an asset you want search engines to crawl. But, “/wp-content” is a place where your themes and plugins reside, too. You don’t want to allow access to those sensitive .php files.

In order to work you need to create a separate .htaccess file (just use your FTP client and create a file with no name and give it an “.htaccess” extension) and put it in your /wp-content directory. This code will allow access to images, CSS, java-script and XML files, but deny it for any other type.

order deny,allow
deny from all
<files ~ ".(xml|css|jpe?g|png|gif|js)$">
allow from all
</files>

That’s it. Your WordPress website should be a lot safer place now. There’s just one last thing we should do and that’s protecting the .htaccess file(s).

 

Step 8)  Try to avoid free themes.

We’re confident in the quality and security of our free themes. As a general rule though, it’s better to avoid using free themes, if possible, especially if they aren’t built by a reputable developer.

The main reason for this is that free themes can often contain things like base64 encoding, which may be used to sneakily insert spam links into your site, or other malicious code that can cause all sorts of problems, as shown in this experiment, where 8 out of 10 sites reviewed offered free themes containing base64 code.

If you really need to use a free theme, you should only use those developed by trusted theme companies, or those available on the official WordPress.org theme repository.

Note: The same logic applies to plugins. Only use plugins that are listed on WordPress.org, or built by a well-established developer. 

 

Step 9)  Keep a backup

I can’t over emphasize the importance of making regular backups of your website. This is something that many people put off until it’s too late.

Even with the best security measures at your disposal, you never know when something unexpected could happen that might leave your site open to an attack.

If that happens you want to make sure all of your content is safely backed up, so that you can easily restore your site to its former glory.

The WordPress Codex tells you exactly how to backup your site, and if that seems like too much hard work, you can use a plugin such as WordPress Backup to Dropbox to schedule regular automatic backups.

 

10. Use security plugins

As well as all of the measures above, there are tons of plugins you can use to tighten your site’s security and reduce the likelihood of being hacked.

Here are a handful of popular options:

Further resources

To learn more about hardening your website’s security, please check out these two resources:

http://codex.wordpress.org/Hardening_WordPress

http://wp.tutsplus.com/tutorials/11-quick-tips-securing-your-wordpress-site

We also recommend Sucuri.net if you are unsure about this topic. Sucuri can help monitor your site, alert you of suspicious activity and even help clean up your site in the case of a malware attack.

Don’t panic!

This may all sound pretty intimidating, especially if you’re a beginner. I’d like to point out that it’s not intended to scare anyone, it’s just important to discuss the topic of security regularly, as we want to make sure you stay one step ahead of the hackers!

You don’t have to do everything on this list (although it certainly wouldn’t hurt). Even if you just remove the ‘admin’ username and start using stronger passwords, your site will be that little bit safer but not enough.

 

 


Read more »



Jun
6
Eicra Stands up against SPAM
Posted by Eicra™ - Senior Support Team on 06 June 2013 12:12 PM

Email spam, also known as junk email or unsolicited bulk email (UBE), is a subset of electronic spam involving nearly identical messages sent to numerous recipients by email. Clicking on links in spam email may send users to phishing web sites or sites that are hosting malware. Spam email may also include malware as scripts or other executable file attachments. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE (unsolicited commercial email). The opposite of "spam", email which one wants, is called "ham", usually when referring to a message's automated analysis (such as Bayesian filtering). 

Spam is one of the most annoying things about using the internet. Lots of people think that it's annoying but don't realize that it can actually be illegal. There are lots of people suggesting that spam is illegal but if it is, then why are there so many unsolicited messages still being sent? Is it that people simply don't care about these laws?

In 2003 the Can-Spam act was signed in the United States. This was an 80 page document which defined exactly what spam was and went as far as making spam illegal. Spam is actually illegal but many people are still receiving messages because people don't care about the laws, and also because not all of these messages are technically spam. The act sets up a list of guidelines which should be followed when sending emails. This includes not having misleading information in the header information.  If you are sending out a commercial email then you must by law include your postal address so that people can contact you if required.

By definition, spamming is illegal under the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (the "CAN-SPAM Act"). Spamming is the transmission of any unsolicited "electronic mail message the primary purpose of which is the commercial advertisement or promotion of a commercial product or service (including content on an Internet website operated for a commercial purpose)." (15 U.S.C. § 7702(2)(A).) The obligations of the Act apply to both the sender of the message and the person whose product, service, or web site is promoted by the message, both of whom are "senders" for purposes of the Act. 

If there is a pre-existing business relationship between the sender and the e-mail recipient, and the recipient has not opted out of receiving e-mail communications from the sender, e-mail communications from the sender to that e-mail recipient would not constitute illegal spam, but those messages must include notification to recipients of their ability to decline receiving future email messages from, and a reply e-mail address or other mechanism that recipients can use to decline receiving future email messages from, you or the advertiser. 

Unsolicited email

Spam is actually unsolicited email and this means that people are still allowed to send out junk email that you have requested. If you put your name on a mailing list then this doesn't count as spam. It's very easy to get added onto mailing lists and as a result you probably have lots of newsletters in your mailbox right now.
Whenever you sign up for anything on the internet there is a box to say whether or not you want to receive communication from them. If you agree then that company is allowed to send you emails. This is not spam because they have already asked permission to contact you. It's important that you read everything you do on the internet.

However, even these newsletters that you have requested must have opt-out links in them somewhere. These links are used to take your name off the mailing list so that you can stop receiving the email at any time. To be in compliance of the laws these links must appear in the emails and be accessible.

Consequences

Violations can result in enforcement action against you by the FTC or by ISPs. Remedies include injunctive relief, disgorgement of profits, and actual damages or statutory damages or fines of $250 per violation, whichever is greater, with each unlawful message to each recipient being a separate violation. Statutory damages can go as high as $2 million. Certain fraudulent activities and repeat offenses include the possibility of imprisonment for three to five years. 


Disclaimer: Please note that this answer does not constitute legal advice and should not be relied on, since each state has different laws, each situation is fact specific, and it is impossible to evaluate a legal problem without a comprehensive consultation and review of all the facts, documents, and/or other materials involved. This answer does not create an attorney-client relationship.

The Can-Spam act laid out a number of consequences for anyone found guilty of sending spam emails. This can even get you in prison in some cases. The act allows up to $11,000 in fines per email sent which should go a long way to stop the problem. The act is normally only used against the most notorious spammers although it can be enforced against anyone.

There is a database of all complaints available on the FTC website and you can also submit complaints there. Alternatively you can forward any spam received to spam@uce.gov 


Spam is one of the most annoying things on the internet and it's about time that we put an end to it.

Be Compliant with the CAN-SPAM Act

If you are sending “any electronic mail message, the primary purpose of which is the commercial advertisement or promotion of a commercial product or service,” then you must comply with the following 7 main requirements (or face above Consequences):

  1. Don’t use false or misleading header information
  2. Don’t use deceptive subject lines
  3. Identify the message as an ad
  4. Tell recipients where you’re located
  5. Tell recipients how to opt-out of receiving future email from you
  6. Honor opt-out requests promptly
  7. Monitor what others are doing on your behalf

If your email contains only transactional emails or relationship content, then you are exempt from these rules; however, you must still not include false or misleading routing information.


Read more »