What is xml-rpc ?

XML-RPC is a remote procedure call which allows anyone to interact with the portal remotely. To simplify these calls can be used to login to the portal without using standard login mechanism. Also It can be easily used to exploit the system as it allows to attempt multiple logins thereby giving hackers opportunity to repeatedly try various usernames and passwords.

Why hackers use xml-rpc ?

These calls are still used by a lot of useful software applications, hence disabling it completely can come in the way of many of the these useful applications.

Although there are various methods to handle it, one of it which is deployed in current systems is that if one login through xml-rpc fails, it will drop all subsequent logins silently.

xml-rpc & DDOS attack

Given the usefulness of xml-rpc, it can not be entirely sidelined hence it becomes easy to use it for DDOS attack.

How to check if xml-rpc is enabled on your portal ?

If your website is made with php, check if xmlrpc.php exists and it contains following entry

XML-RPC server accepts POST requests only

Two main loop holes

1.It can be used for D-DOS attack.

2.It can be used to try different user id and password.

What is your thought and experience on same. Do let me know in comment.

Do not forget to audit your portal for same.

Author: Rajnish K

About Author : 

Rajnishk is founder of studyobject.com , R&D Expert ,passionate for Web Stack. He can be reached at [email protected]m

The post How to prevent XML-RPC exploits appeared first on StudyObject.

Now if we look at no of downloads of Lightspeed cache versus others, I found a very interesting pattern. Lightspeed download counts are at 2 million and others like W3 Total Cache, WP Fastest Cache, WP-Optimize and all others remain at 1 million or below.

Why Caching

If we talk about caching, server side caching is the utmost important to speed up the websites. This job is done by caching plugins. The caching plugins can cache both static as well as dynamic files. Plugins caches the files at the webserver location and at the host where it is installed. It cannot cache the files at the nearest servicing location of the client.

Why CDN

Now CDN comes into play when static files needed to be cached and distributed across the world prior to servicing any client at the browser. The popular CDN provider like cloudflare does it with the reverse proxy method. With reverse proxy, it fetches the data from the web server for a first time request near the location and then keep a cache of files on the server at that location which it will serve when someone from that area tries to access the website. So this way it does not have to go to the original server to make a request. This functionality is called a reverse proxy. In this case cloudflare acts as proxy for the webserver. This works well for static content, but it can create problem for dynamic html files.

When to use Lightspeed Cache

Lightspeed has got few caveats to work properly, Lightspeed needs Lightspeed webserver, it does not work with other servers like apache, nginx or others. Recently they have introduced QUIC.cloud CDN which can be used for Lightspeed cache. This is especially useful for sites which works on apache, nginx etc. Now to make the server side caching work, the website will have to depend on external QUIC.cloud CDN. It remains extremely problematic to use multiple CDNs. If someone is already having cloudflare CDN and want to use Lightspeed cache, it is like almost switching to QUIC.cloud CDN.

When it comes to using both together, it could create few issues wrt additional configuration. I would not prefer to use both together. It is better to use a Cloudflare CDN with lightspeed cache when the host has Lightspeed server installed.

If you want to use best of both world, check more details below

When not to use Lightspeed Cache

If the web server is apache or any other than Lightspeed server, it is not advisable to use lightspeed cache as the server side caching is best done on the web server rather than on CDN like QUIC.cloud.

Please let me know your experience and thoughts on same.

Author: Rajnish K

About Author : 

Rajnishk is founder of studyobject.com , R&D Expert ,passionate for Web Stack. He can be reached at [email protected]m

The post LightSpeed Cache with CDN appeared first on StudyObject.

Let me explain the AMP. It’s full form is accelerated mobile pages. This concept was launched by google few years back to allow portals to load faster on mobile devices. We know that in recent times due to higher mobile devices usability, most of the tools and technologies were favoring mobile devices. Some of the companies like myntra, went to app only version. This was a mistake and people still loved the portal rather than downloading app and keeping on their phones. Soon they realized their mistake and Myntra had to bring back their desktop version.

With AMP the goal was to make portals load faster on mobile. There were two caveats

1.Portal will have minimal feature

2.Google will cache the data on their server.

There are implications of above caveats with respect to overall rank system of the portal. In most of the cases, the rankings of the portals were badly affected.

Reason ?

The rank impact was due to the fact that the system outside of the google will not able to know the actual traffic your website might be getting. Due to this reason they will indicate that the portal having amp will slide on the ranking.

Please let me know your experience and thoughts on same.

Author: Rajnish K

About Author : 

Rajnishk is founder of studyobject.com , R&D Expert ,passionate for Web Stack. He can be reached at [email protected]m

Please connect with him on Linkedin

The post Is AMP good for websites? appeared first on StudyObject.

• YouTube found that switching to WebP thumbnails resulted in 10% faster page loads.
• Facebook experienced a 25-35% File size savings for JPEGs and an 80% file size savings for PNGs when they switched to using WebP.

Webp is quickly becoming an alternative to JPEG,PNG & GIF. Another remarkable feature of Webp is that it allows you to set up the image quality from 0(worst) to 100(best). This feature is of utmost important as it allows you to play with quality versus file size.

The GD extension is common among others to do the conversion job .Image below lists the conversion methods from file types like GIF,JPEG,PNG to Webp.

You can read more about conversion methods here

How to Use Webp

If you are using a popular platform like WordPress, there is an excellent plugin which does the job. The plugin converts other image types to Webp using above conversion method.

If you want to read more about Webp CLI commands, tools please refer here

How to detect if you website is using all Webp Images

Run the Lighthouse Performance Audit (Lighthouse-> Options-> Performance) and look for the results of the Serve images in next-gen formats audit. Lighthouse will list any images that are not being served in WebP.

Interested to save more space and increase website loading time ! Please do chat/connect with us !

Author: Rajnish K

About Author : 

Rajnishk is founder of studyobject.com , R&D Expert ,passionate for Web Stack. He can be reached at [email protected]m

The post What is Webp appeared first on StudyObject.

Lately CWV has become a talking point on the social media. The reason is obvious as it is going to impact the entire web. The winner and loser will be decided based on CWV score of portals. It is clear that the majority of web portals are still exploring the way to deal with this new criteria. The tech shift is considerable given that the technology change needed to pass CWV criteria is unknown.

Many of the open source web technology is finding it difficult to deal with it. Many news publications, blogs and others are still exploring the affordable way to deal with it. It will certainly bring advantage to new web technology landscape like react/angular.

AMP vs CWV Reasoning

There is another set of technology shift which google had released couple of years back where there was a need for portals to support AMP (Accelerated Mobile Pages). Although AMP was not the criteria for search ranking , indirectly it helped to get higher speed on mobile devices. This technological shift was brought in due to the sudden explosion of mobile traffic and mobile first strategy. Another reason to bring it was to compensate for the competitiveness of Facebook Instant Articles. Now if we compare Facebook Instant article with AMP, both are standing at the same place. Both technology got limited success. Both AMP and CWV have been brought in for better speed and user experience.

AMP Failed ?

Although AMP got a good initial response and is still doing great. However, everyone did not board the AMP train. The main reason behind the AMP marginal success was that Google used to store the content of portals on its own server. Although AMP has improved a lot but still it has got issues in dealing with lot of existing UX/UI of portals as AMP is designed to prefer a mobile display, it loads the bare minimum on mobile from Google server as fast it can.

How to score high in CWV test

Every website is designed in a different way and with a different set of technology. One can do the portal assessment at Page Insight. There are various other tools for measuring your website elements available freely. To start inspect each element and look at the particular element like .css , .js and other files shown by the tool.

There is another way to score high in CWV , although it will only work for mobile devices but If your portal is AMP compliant , it scores higher on CWV test.

If you are looking for complete set of auditing and CWV compliant solution of your portal , please reach us.

Your thoughts are important ! Please comment !

Author: Rajnish K

About Author : 

Rajnishk is founder of studyobject.com , R&D Expert ,passionate for Web Stack. He can be reached at [email protected]m

The post How to become No 1 on Google | AMP to CWV appeared first on StudyObject.

Stories has been trending everywhere ! It’s new cool way to showcase your posts, pictures & videos.

How to Create Stories for Your Website

With this feature, it is possible to set up the web stories quickly. I explain step by step process of creating web stories on your website in the following video.

Web Stories can also be embedded in your blog post as shown above. It can also be added to the home page of the website very easily.

The post How to create Web Stories for your Website | Blogs |Studyobject appeared first on StudyObject.

We always try to get to the root cause of the problem before looking for the solution. To know why your email is going to spam folder and know more what it has to do with your domain reputation, please check our article here.

Let’s solve the problem

1.Google Post Master Tools Entry

For the domain email functionality , Google postmaster entry is a must and domain should be verified in post master tools.

Add domain in Google postmaster tools and verify. After adding, they generate a record. This record must be added to the DNS.

Below is the snapshot of how the domain looks after verification.

2. Check if your domain or system ip is blacklisted for spamming.

There are several online tools for it, check your domain on blacklist checker.

There can be a case where your domain is not on blacklist but the System ip on which you are working has been marked as blacklisted, you must check ip blacklisting for your system ip.

The tool will list the reputation black list maintained across the world. If any of the list is shown in red you must appeal to respective blacklist groups (ex- BarracudaCentral and many others).

You can also check blacklist of domain or ip check at mxtools

3.Get you DMAIC, SPF & DKIM from Email Server provider & create the entry in DNS.

If these entries are not available, you can generate these at Dmarcly .

Once these values are generated, enter with your DNS provider.

Problem Solved !

Caution : It may take some time(2-4 weeks) to get off the blacklist and cache update across various reputation system.

The post Why is my email going to spam ? Solved ! appeared first on StudyObject.

We will discuss the technical solution which will ensure that your email never goes to spam folder of your targeted customers. To understand the technical terms like DMARC, SPF & DKIM, please refer to our article here.

1.Check your domain reputation

Once you get to know your domain reputation , you might have got an idea on why emails might be getting into the spam folder.

Here is our domain reputation ,

You can check your domain reputation here. Depending on various factors domain reputation is calculated. Make sure to keep your website clean from spam, malware and viruses. Please do not indulge in excessive marketing emails.

2. Send email from official domain based email to [email protected]

For example, to test our case, we sent an email from [email protected] to [email protected], they will deliver a report to your email.

Report mainly consists of 3 parameters of measurements.

1.DMARC

2.DKIM

3.SPF

3.Make Sure All 3 (DMARC, SPF & DKIM) are shown in green as shown in the above image.

If any of the above are not shown green, make an entry of it with your DNS provider. Once you update these fields in DNS, repeat step 2. It should turn green as soon as missing details are updated.

It may be the case that even after making all parameters green, emails are landing in the spam folder.

Do check out video on “why my emails going to spam folder”

Please wait for couple of weeks to see if the issue is resolved ! Good luck !

Please comment if you are still facing issue.

The post Email going to Spam Folder ? Simplest Working Solution | Secret of Email Marketing appeared first on StudyObject.

Understanding the Limitations

If you are using gmail as your email marketing provider, there are several limitations on sending emails via it, check the link if looking to know more about it. If you violate any of these limitations there are several actions. There is a good article on it , check here.

You can use domain based marketing. We will discuss about the technicalities of running email marketing campaigns. If you follow and understand these steps your marketing emails will not land into the spam folder of your targeted customers.

Keep a Check on the Domain Reputation

It is important to keep an eye on your domain reputation.

For example, if [email protected] sends email from the same server and same IP address as [email protected], the behaviour of those two domains will be tracked separately for that IP address. Subsequent mail sent from the same IP address from abcd.com will be compared to the history for abcd.com only, and will not be affected by behaviour from abcd2.com.

Most of the websites which are using shared hosting may suffer on domain reputation, if any of the other websites hosted on same server has got bad reputation. Check your domain reputation here.

Please note that If there is insufficient observed data for a domain, the domain reputation will be averaged with the overall IP reputation.

How to debug the issue of email going to spam folder

To get the full report of spam issue send an email to [email protected], you will receive an email with full report, mainly related to 3 parameters DMARC, SPF and DKIM.

Let’s understand these important terms to fix the spam issue

What is DMARC ?( Read More)

DMARC, stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

What is SPF ? (Read More)

Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. SPF alone, though, is limited only to detect a forged sender claimed in the envelope of the email which is used when the mail gets bounced. Only in combination with DMARC can it be used to detect the forging of the visible sender in emails (email spoofing), a technique often used in phishingand email spam.

SPF allows the receiving mail server to check during mail delivery that a mail claiming to come from a specific domain is submitted by an IP address authorised by that domain’s administrators. The list of authorized sending hosts and IP addresses for a domain is published in the DNS records for that domain.

What iS DKIM ? ( Read More )

DomainKeys Identified Mail (DKIM) is an email authentication method designed to detect forged sender addresses in emails (email spoofing), a technique often used in phishing and email spam.

DKIM allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The recipient system can verify this by looking up the sender’s public key published in the DNS. A valid signature also guarantees that some parts of the email (possibly including attachments) have not been modified since the signature was affixed. Usually, DKIM signatures are not visible to end-users, and are affixed or verified by the infrastructure rather than the message’s authors and recipients.

Role of SPF & DKIM

With SPF facility, email senders define the IP addresses which are allowed to send mail for a particular domain. With DKIM facility, a digital signature is added to the message which verifies that an email message was not forged or altered.

If you want to compare why spf and dkim are needed, give it a read here.

For a Business it is better to have both SPF & DKIM.

What is DMARC ? ( Read More)

The DMARC Record Lookup / DMARC Check is a diagnostic tool that will parse the DMARC Record for the queried domain name, display the DMARC Record, and run a series of diagnostic checks against the record. Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a mechanism for policy distribution by which an organization that is the originator of an email can communicate domain-level policies and preferences for message validation, disposition, and reporting.

DMARC Records standardize how mail originators associate and authenticate domain identifiers with messages, handle message policies using those identifiers, and report about mail using those identifiers. According to DMARC mechanism of policy distribution, it enables the strict handling of email messages that fail authentication checks, such as SPF and/or DKIM. If neither of those authentication methods passes, DMARC tells the receiver how to handle the message, such as junk it (quarantine) or reject the message entirely.

Do not miss on the solution to fix the spam problem in our next article here.

The post Is Your Marketing Email going to the Spam Folder ?| End of Marketing | Solution appeared first on StudyObject.

We have a team of experts working on end to end solution . We provide Linux based hosting for our clients at most affordable prices. Our web Design workflow is simple and scalable. We use PHP & mysql for all the projects.

Following are our free offerings

1.Free theme*

2.Free e-commerce payment setup

3.6 month free support

We also provide standalone free Audit report for high performance and high traffic website

We have featured on biggest meetup event online.

Please talk to us  

WhatsApp us or give a call at    +919916957797 or     + 917892694513

The post Website Design Company in Bangalore | StudyObject appeared first on StudyObject.