There are cases that Whatsapp account being hacked. Whatsapp account is linked with phone number. If our sim card somehow terminated due to inactivity, provider can recycle the number and sell it to others. If the new user install Whatsapp, it instantly gain our account access.
It is better to add additional layer of security by setting two factor authentication. To set Whatsapp two factor authentication:
Open menu by clicking three dots button on top right corner.
WordPress’s security is good by default. But no system is safe. There are several steps that must be done to make WordPress secure:
After installed WordPress, wp-config.php permission is somewhat set to 666. This can be potentially dangerous as wp-config.php can be overwritten by hacker. You must change wp-config.php permission to 400. To change file permission easily using cPanel file manager:
Login to cPanel.
Click File Manager icon.
Click wp-config.php file. Click Permissions menu.
Check only Read on User colom. The result is 400.
XMLRPC is a Remote Procedure Call method that uses XML passed via HTTP as a transport. With it, a client can call methods with parameters on a remote server and get back structured data.
XMLRPC has been a part of WordPress since beginning. XMLRPC enable communication between WordPress and other applications. The code is stored in xmlrpc.php file in the root directory.
Since the REST API was integrated into WordPress, xmlrpc.php is no longer used. XMLRPC introduce security vulnerabilities. Hacker can do DDoS attack by sending large numbers of pingback. This could overload your server and make your site timeout. Each xmlrpc.php request send username and password. Hacker can send brute force attack. There is a chance they could eventually hit on the right one, giving them access to your site to insert, delete, or damage your site.
To disable xmlrpc.php, add following code in your .htaccess file:
Deny from all
Macro has helped human ever since. Macro do tedious repetitive task for human. Sometime human jobs are repetitive in same pattern. These jobs can be did by macro.
Macro initially made for games. Many gaming gears equiped with macro function. Macro also has other use for work. Macro can continuously do repetitive task in timely fashion. We can save time by using macro.
The proper way to turn off laptop is from Windows menu > Power > Shut down. This considered safer than pressing power button. Power button only used once for turning on laptop.
We can change power button to another more useful function. Screen is the most power consuming component of a laptop. By turning off screen when it is not in use, we can save power. Escpecially when running on battery, this will make battery last longer.
Step to set laptop power button to turn off screen:
Today I will share best practices to prevent virus on computer. We need to tweak some settings on Folder Options and Autoplay Settings. I will explain why it is important:
Show hidden files and folders. Virus is usually hidden so normal user won’t see them.
Show protected operating system files. Some virus maker will make their virus as operating system file so it is more difficult to distinguish.
Show extensions for known file types. Virus often trap user by disguise as other file type. Example: the virus icon is image, but actually it is an exe. Next time you see image.exe file, don’t click it.
Disable autoplay. Autoplay is common way virus inject into our computer. When virus contaminated flashdisk is plugged in, the virus is automatically run and infect our computer.
Have a broken mouse double click? Don’t throw it away yet. You can fix it. After repair, mouse will work again like a new mouse.
Under click button, there is a switch. Inside switch, there is a metal spring. Single click registered as double click caused by accumulated dust on metal contact area. Clean it by swiping screwdriver.
DMARC is Domain-based Message Authentication, Reporting & Conformance. DMARC is an email authentication, policy, and reporting protocol. DMARC builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.
DMARC is designed to fit into an organization’s existing inbound email authentication process. The way it works is to help email receivers determine if the purported message “aligns” with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the “non-aligned” messages.
At a high level, DMARC is designed to satisfy the following requirements:
It is possible to set a catch all email. Catch any email that is sent to an invalid email address for your domain.
While it seems a good idea to avoid potential customers mistyped our email and lead to sales loss, it’s a heaven for spammer. Because every random email email@example.com, firstname.lastname@example.org are valid. Resulting you will receive all spams in your inbox.
So it is the best to leave to default option: discard the email while your server processes it by SMTP time with an error message.