This guide details the possible actions to combat unwanted content that may appear on your WordPress site when it is not sufficiently protected.

Introduction

• When your WordPress site is not sufficiently protected or monitored, spam bots take advantage of the comment system to post thousands of messages (obviously containing links to their fraudulent activities).
• Any form (contact, voting, booking, etc.) can also be exploited for malicious activities if nothing is done in advance to protect against it.
• This will affect your site (no one will leave a serious comment), the reputation of the domain name, your activities and the server itself to the point of saturating it and impacting other sites on the same space.
• It is therefore crucial to take care of your site's health and ensure its proper functioning throughout its lifespan.

Fighting unwanted comments

First, carefully follow the solutions proposed by the WordPress codex. You will learn, for example, that disabling the comment system via the WordPress dashboard only affects future posts; it is therefore important to follow one of the alternative methods proposed by WordPress for a more radical deactivation.

If you still want to collect comments, you can for example limit them to registered users (refer to the official help regarding the comments settings page) but you will then need to monitor registrations.

Fighting spam submissions

An effective protection against automated comments and the exploitation of any form on your site involves implementing a captcha, or its alternative, the honeypot (honey pot). You will thus close the door to bots (robots programmed to browse the Web and exploit its vulnerabilities).

Akismet, developed by Automattic, the company behind WordPress, receives good reviews but becomes paid for commercial use.

By installing WordPress on your Infomaniak site via the automatic installation system, you will find the WP Armour – Honeypot Anti Spam extension already activated, to protect in its free version all types of forms, such as those of WP Comments, WP Registration, BBPress Forum, Contact Form 7, Gravity Forms, Elementor Forms, Divi Theme Contact Form, WooCommerce Reviews Pro, etc.

If you want an alternative dedicated solely to the contact form Contact Form 7, add its protective Honeypot extension.

Another extension receives many favorable reviews: La Sentinelle antispam !

The role of the hoster

You can learn more about the mechanisms put in place by Infomaniak to combat this issue through the article and the FAQ about the tools available if you have a website.‍

This guide explains how to change the URL of your website from the Joomla app installed on your Web Hosting Infomaniak (only in the case where you have installed Joomla via the dedicated tools offered by Infomaniak).

Prerequisites

• The domain name you wish to use must first be added as an alias to the main domain on the relevant site.

Change the domain name of Joomla

To change the address of the site created with Joomla to another domain name that is already in the same Organization:

1. Click here to access your site management on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product:
   
3. Click on the action menu ⋮ located to the right of the relevant Web Application.
4. Click on Settings for the application:
   
5. Click on Edit to the right of the Joomla:
   
6. Under Site URL, select the desired web address from the dropdown menu:
   1. If you have not followed the prerequisites above, the desired domain will not appear even if it is registered within the same Organization.
   2. If you have added the domain as an alias for the site, the desired domain will appear and you will be able to select it to replace the previous domain.
7. Click on the Save button:
   

Domain “…preview.infomaniak.website”?

Among the URLs present in the dropdown menu, the preview URL allows you to access your Joomla site in case the site's domain name is not yet correctly configured to point to your app.

Change the address or location of Joomla

Prerequisites

• Create an FTP account (need help?).
• Connect via FTP (need help?).

To modify the Joomla installation if it was done in a subfolder…

… and if the latter is visible in the site address each time it is consulted…

… here is how to proceed:

1. On the FTP, move up to the root (in the target folder of the website) all the files of your Joomla currently installed in a subfolder (folder /primary in the example below):
   
2. Delete the now-empty subfolder.
3. Modify the .htaccess file located at the root of your Joomla directory.
4. Replace RewriteBase /primary with RewriteBase /:
   
5. Save the changes.
6. Do not uninstall the Joomla Web Application but simply stop using it and connect directly to the management interface of your Joomla via the URL /administrator:
   

This guide explains how to view the disk space of a web hosting Infomaniak and display the size of directories.

Find the large folders of a Web hosting

To do this:

1. Log in to the server via SSH (need help?).

2. Run the following SSH command:

   ncdu

3. Navigate through the folder tree using the keyboard's arrow keys.
4. Exit with the key combination CTRL + C.

This guide explains how to change the URL of a site on which the Prestashop application is installed (manual installation on your side) but more generally, it also allows you to import a Prestashop site to Infomaniak if it was previously registered elsewhere with a different URL.

Preamble

• If you are using Prestashop installed via the Infomaniak Manager Apps, you can change the address very easily.
• Intended for version 1.7 of Prestashop, this guide requires technical knowledge and Infomaniak declines any responsibility in case of errors on the site.

Change the URL of an installed Prestashop

To do this:

1. Put your Prestashop into maintenance mode (go to Shop Settings then Maintenance).
2. Go to Shop Parameters > Traffic and SEO.
3. A little further down, modify the Shop URL section:
   1. under Shop Domain enter the new domain
   2. under SSL Domain enter the new domain
   3. the base path can be modified at your convenience but with caution
4. Click on Save.
5. Download the entire data Web + MySQL of your old Prestashop to your computer.
6. Re-import the downloaded MySQL data into a new database.
7. Update the parameters.php file (located in app/config/) by entering the information of the new database at the following lines:
   1. database_host
   2. database_name
   3. database_user
   4. database_password
8. Re-import the Web data into the directory of your new site (new URL).
9. Remove all the content from the cache folder except for the index.php file.
10. Remove the site from maintenance and test the entire site (links, images, cart, etc.).

Also, refer to this other guide.

This guide helps you protect the reputation of your domain name to maintain the trust of internet users and service providers towards your website or your company, this to facilitate more generally the proper functioning of your email.

The Web reputation

There are different types of reputation on the Internet, including personal reputation, company reputation and domain reputation.

Domain reputation is essentially a score that determines how mail systems decide what to allow into users' inboxes. Fundamentally, your domain's reputation is a measure of the health and legitimacy of your domain. This reputation can be influenced by the security of the email and website.

For example, a domain's reputation may decrease if…

• … the website visible at the domain address is hacked, leading to the mass sending of fraudulent emails,
• ... the domain's email is exploited for the involuntary sending of spam.

If your domain's reputation remains poor, your emails may be marked as spam and not reach their intended audience. This can harm email deliverability (refer to this other guide in English for more information).

Improve the domain reputation

By following these few tips, you can improve the reputation of your domain and, for example, boost all your email marketing efforts:

• Set up and check SPF, DKIM and DMARC records to help protect your domain against identity theft attacks.
• Check your domain's reputation with tools such as Google Postmaster Tools, Sender Score, Microsoft SNDS, McAfee or Talos Intelligence and identify potential issues.
• Send emails only to users who have chosen to subscribe!
• Get trusted links or backlinks…

Check out this other guide about RBL.

This guide explains how to find out the operating system version of the server for your Web Hosting.

Preamble

• Even if Debian or a package appears outdated, the displayed versions do not have vulnerabilities:
  • Infomaniak keeps them up to date through regular internal patches on all components and systems used.
  • The versions are chosen for their stability, then enhanced by security measures that classic tests do not detect.
• If you or your clients identify a vulnerability in an Infomaniak product, please submit a proof of concept. Although rare, these cases are handled quickly.
  • Data security is the user's responsibility: Infomaniak cannot be held accountable for poor management or use of access credentials.

What OS is on my site?

To find out the version:

1. Log in to the server via SSH (need help?).

2. Run the following command:

   lsb_release -a

3. You will get information of this type:

   Distributor ID: Debian
   Description: Debian GNU/Linux 7.9 (wheezy)
   Release: 7.9
   Codename: wheezy

This guide explains what spamtrap email addresses are.

Preamble

• A spamtrap, also known as a honeypot, is a tool used to detect and catch spammers.
• It is essentially an email address or a system that is created to attract unwanted messages, such as spam.

How a Spamtrap Address Works

A spamtrap address works by attracting spam and identifying the senders of unwanted mail. Here's how it can happen:

1. An email address is specifically created to act as a spam trap; it is generally configured so as not to receive legitimate communication.
2. The spamtrap address is hidden or obscured so that it is not visible to legitimate users, but only to spammers; this can be done by placing it on hidden web pages, in forums inaccessible to the public or by making it invisible to humans (for example by using white text on a white background).
3. Spammers use automated techniques to extract email addresses from various sources, such as websites, forums, social networks, or stolen address lists; during this process, they may inadvertently or intentionally include spamtraps in their lists.
4. When a spammer sends a message to a spamtrap address, it is captured and recorded; since the address is not used for legitimate communication, any mail received is considered unwanted.
5. When a spamtrap receives a spam, it triggers an alert for email service providers like Infomaniak; they can then identify the sender of the spam by examining the message headers or the information related to the source IP address.
6. Once a spammer is identified through a spamtrap, measures can be taken to block or filter their unwanted messages; Infomaniak can add the spammer's IP address to a blacklist, implement stricter anti-spam filters or take other steps to protect their users.

This guide explains how to access the configuration of a Infomaniak Web site to display technical information such as the PHP, Apache version or the activated PHP extensions and modules.

View the site's technical information

To access the website management:

1. Click here to access the management of your product on the Infomaniak Manager (need help?).
2. Click directly on the name assigned to the relevant product.
3. Click on the Manage button under Advanced Settings:
   
4. Review the website information under the General, PHP / Apache and PHP Extensions tabs:
   
5. Click on the back arrow in the left sidebar.
6. Click on Databases in the left sidebar to get the version of MySQL for the web hosting:
   

This guide explains how to securely transfer files between your machine and the server of the Web hosting using the SCP protocol (secure copy command).

Preamble

• To function, the SCP command requires:
  1. a source: a file/folder to transfer
  2. a destination: FTP server address for the transfer
• The data is automatically encrypted by SCP during the transfer.

Copy a local file to the server

Prerequisites

• To get the FTP server address:
  1. Click here to access the management of your product on the Infomaniak Manager (need help?).
  2. Click directly on the name assigned to the relevant product.
  3. Click on FTP / SSH in the left sidebar.
  4. The host server address is displayed at the top left:
     
• To get the destination folder path:
  1. Click here to access the management of your product on the Infomaniak Manager (need help?).
  2. Click directly on the name assigned to the relevant product.
  3. Click on More information (in the Information section):
     
  4. Copy the absolute path.
  5. Complete the absolute path with the desired destination folder.

Next, to copy a file from your machine, the command is as follows:

scp localmachine/path_to_the_file username@ftp_server_adress:/path_to_remote_directory

To copy an entire directory from your machine, you need to adjust the command as follows:

scp -r localmachine/path_to_the_file username@ftp_server_adress:/path_to_remote_directory

The entire folder will be transferred to your server.

To copy the contents of an entire directory from your machine, you need to adjust the command as follows:

scp -r localmachine/path_to_the_file/* username@ftp_server_adress:/path_to_remote_directory

This guide concerns MySQL on Infomaniak hosting and their compatibility with stored procedures.

Preamble

• “Stored procedures” & “stored routines” are not possible on Web Hosting.

Understanding stored procedures and routines

If stored procedures are essential to your project and you currently have a shared hosting plan, you might consider a VPS or dedicated server, where you will have more control and resources.

Stored procedures offer a powerful and efficient way to automate tasks and manage business logic at the database level, which can result in more performant and easier-to-maintain applications.

On Serveur Cloud, as soon as the user has administrator rights on the relevant MySQL database, they have the necessary permissions to execute SQL instructions, including the EXECUTE command, which is used to run existing stored procedures in the database.

He also has the required privileges to create new stored procedures. Creating a stored procedure typically involves using specific SQL syntax to define the instructions to be executed, followed by saving this definition in the database.