Trying to combat Copyright infringement

Loosing site!

Losing control of Copyright and your site!

Not sure if the classic view on hacking is someone sitting in a dark room trying thousands of tricks and combinations to find a way to access your data. I do know that my copyright is at risk on a daily basis however. When I was with GoDaddy (for nearly 7 years) I had the most terrible time in this fight to combat copyright infringement, and the way they do it, which is to access my WordPress site.

Twice I was hacked in the GoDaddy server space, which left me once with a days work re-uploading my back-up, and the first time realising that the need for the back-up really only bites you in the ass when you have been hacked for the first time. So, I have learnt a few lessons, and so wanted to share some hoping it will help anyone reading this.

Any site is as secure as its weakest link. So, trying to make those weaknesses less attractive is the best plan. Why do I have to make so much effort in protecting my site, well it’s one of two reasons. First, they feel that my site may have some goodies to steal; in the form of images they can use, or even PayPal/credit card data stored (neither of this is true). All my artwork on the site is the smallest it can be, and is compressed aggressively, so that even the largest image is pretty distorted on close inspection. The second reason which I have heard is the simple fact that there are many hackers out there using sites like WordPress as a testing/learning ground. Yes, can you believe that!

Regardless of the reason, I had a recent incursion where some code was inserted in my site’s script. It wasn’t very malicious, but blanked off the front page. So, I thought it was time to tie all this down and make a real strong site, that I could feel confident with. It’s taken a little time and money, but I think at present it’ is the best it can be. This post is laying out the process I took to help others.

Small points of detail

Access through the obvious methods.

One of the usual things that many people forget, is the amount of open access they do give potential threats. Two of which are allowing anyone to register to the site, and the register link in the wp-admin pane. By default the option to allow anyone to register is on. So, the screen will have a register link next to the forgotten password link. This creates two issues; first, almost anyone who knows WordPress knows the wp-admin page. And if the is no strong barrier to protect registration then anyone can make an account with an easy password and then once they are in, then the back end is almost open to looking around, if you know what you are doing. I found an account on my backend Users section which I cannot remember making, and it was set to Admin, which typically I am the only one that can do this, as the main site admin. So, I learnt too late, as I believe this is the way they changed that file. At this point I deleted all user accounts, regardless of if they were valid or not.

Now I was the only one accessing the site, but the ability to get in easy was still there (more of that later). What I needed to do is was allow registering (needed for some of my functions), and also make it foolproof to stop unwanted attention. Here are some steps I have taken.

  1. There was a need to have a more controllable method to have registrations, so I opted for a plugin called; User Registration by WPEverest. Now the issue with this plugin, like I guess with all these plugins is the option to allow “anyone to register” needs to be ticked in the admin panel. What this does is it adds the ‘register’ link in the standard wp-admin file. So even though my registration form is controlled, and has the recaptcha added, many who know the WordPress set-up know of this wp-login page.
  2. Found a method that would redirect the visitor from the wp-login register link. This took a good 3 hours to research and the re was a lot of complicated coding variations, and as I was getting frustrated I stumbled over one that is very simple and can be pasted into the top of your themes function.php file (see after the bullet points)
  3. See up a site wide reCaptcha system that was using the v2 version of reCaptcha. For some reason v3 doesn’t work on my website.

The Redirect Code

Saving the frustration

So, the simple code basically recognises when someone clicks on your ‘register ‘ link in the wp-admin.php file and send them to the newly predefined form. So there is no way to actually fill in the simple unprotected form. The User Registration plugin also allows to have the setting for a strong password. this helps as the automated hacking attempts scan for accounts with simple password variations to gain access. The harder it is, the more difficult it is obviously, for these attempts to be successful. So, the code is this:

// Redirect Registration Page
function my_registration_page_redirect()
{
global $pagenow;
if ( ( strtolower($pagenow) == ‘wp-login.php’) && ( strtolower( $_GET[‘action’]) == ‘register’ ) ) {
wp_redirect( home_url(‘/registration_page_URL‘));
}
}
add_filter( ‘init’, ‘my_registration_page_redirect’ );

You can simply copy/paste this near the top of your functions.php file, before any includes appear. The only thing you need to change is the emboldened part and swap that out for your own URL link to your registration page. That simple!

Additional activations.

More to protect

This was the first step in the process in getting everything a tightened down as possible. I should point out at this stage I also left GoDaddy (there are not enough bad words I could say to describe their service and support), and I actually went to a local service, which had the same deal, but in the end was a faster service and more helpful. Their package also came with a free SSL certificate, and my reason to mention this. This SSL certificate can also add a layer of protection, as it encrypts any sent transactions via the website. Whether that is an order or even just a message in the contact page. It is a lot harder to snoop and retrieve data with this SSL certificate. I would fully recommend getting one.

Now, further to all this additional protection, I became aware of (BadBots to be exact). I knew of the ones used by search engines to scan your site for the SEO ranking and search archiving, but I slowly became aware that these are outnumbered by what are called BadBots. These bots trawl and scrap your site for any useable information, they look for vulnerabilities, they post spam content into your comments, and retrieve email links you have placed in your site. For me, the worst part is that they look for images to scrap and download! Yes! And this is where the copyright part of the problem started hitting me.

Since I started WordPress I have added Wordfence to my site. This is a pretty robust firewall system that stops attacks, malicious login attempts and such. I full recommend it. However, what I have now seemed to have discovered (maybe something lacking in the free version), is that they don’t stop all the Bots! Now there is a ‘nofollow’ option that can be added to your php.ini or htaccess file that can stop robots, but if you are not a coder and feel wary then it’s probably something to avoid. So, I sought out a plugin version that would do much the same. It is also worth pointing out, you need to have certain robots scanning your site (like Google) so you can’t just blindly block them all.

I found a plugin called “Stop Bad Bots“, and within minutes of activating I was shocked to the amount of hits I was getting on my site from BadBots. I have had the plugin installed on my site for little over a week now, and look at these numbers!

It should be also pointed out that one method to make sure your site is safe, is to run the latest PHP, update your theme and also all plugins when available. Wordfence actually has a email service that tells you when updates are available. In addition to all this and to close on the pre-copyright part of the post, I installed some malware scanner plugins. The most notable one and most recommended is Quttera Web Malware Scanner. It needs almost regular daily updates, but seems to work well. these updates are to update all the threat signatures. So, that concludes the first part. I hope that helps people with normal sites who want to protect them a little further. Next, as I am an artist with artworks on my site, I needed to find a way to curb the rampant misuse of the internet, and users belief that all images online are free!

Online art is NOT free!

Battling the many bad ways to protect your art

This would be a very long post if I were to talk about my views and disappointment with the copyright system. Even if you go to the lengths of having your work officially registered there is still no guarantee that the art won’t be used illegally. This is something I have a lot of experience with, as I have it done to me all the time. The first experience I was aware of was the blog post for Abduzeedo; The first one was showing my animal art illustrations, and the second showing my caricatures. These posts where spread around the web like wildfire, and I have counted over 40+ duplications. Now, I am pretty sure this is the main source of my art image theft , as basically the ones I find used, counterfeited and misused all seem to appear on this page.

If you look closely at the image quality, it’s not great! However, this is not what counterfeiter are looking for. They are simply looking for whole, un-watermarked images that are big enough to slap on phone cases, tee shirts, etc. The mentality these days is that if people who buy things of places like Alibaba, who willing pay rock bottom dollar for it, won’t complain about the quality or ask for a refund. So the image quality is not an issue. They will steal (scrap) anything they can find.

I can’t do much about other sites use of my imagery, but when it comes to my own site I can try and protect it as much as I can. Now, that said, nothing is 100% foolproof. Experts will know how to circumnavigate around these protection mechanisms, put in place. But this is basically the steps I did.

  1. I have added a image compression plugin to do an aggressive pass on all my uploaded images. This is very helpful in site maintenance as well, as it reduces the load time and also saves server space for the many images I have in my store. The plugin I use to achieve this is called Imagify. It gives you 25mb of free space to crunch your images every month, or you can buy plans. What I found, which was very useful, was they do one-off plans as well. So to avoid big costs, I opted to get the $9,99, that covers 1Gb of space or 10,000 images. I have done this twice now, and it retains the information of what you have used. It can save upto 70% of the space used on the original. The good part is it makes the images pretty uneatable if you want to enlarge them or use them effectively.
  2. When I add a complete piece of work I add a watermark. You can see here as an example. This can help somewhat, but with the technology as it is, it can’t prevent the most knowledgable removing it. The best approach, I have read, is to make a watermark a little like Getty Images one. This has proven in tests to be the most difficult to erase. I use an application to apply my watermarks, and the app is available on both Mac and PC. It is made by a company called Plum Amazing and is called iWatermark. The company have even created a version for iOS use on mobile devices.
  3. This was all OK, but one of my main concerns and a bane in my life is the knowledge that people can simply right-click or draw-and-drop images off a site. Most of all, they can do a screenshot or try printing the page and extracting it that way. I did a lot of research over the years trying to find a solution, and then whilst looking for a WordPress solution, my prayers were answered. I discovered this plugin that basically is the most robust deterrent to stealing content off your site. The plugin is called WP Content Copy Protection & No Right Click (premium) by wp-buy. There is a small charge of $29 for the premium version, but it is a price worth paying. What this amazing plugin does is protect almost all or any content you choose from being copied. This can protect text, images, even links for having the right-click treatment. If you don’t believe me, have a try on my site. The also good part is that it can stop (I think PC only) the print screen option and the Ctl+P Print option from working.

This has satisfied my needs, as I can feel a little better that my site , even though not 100% protected, is a little safer from several attack methods and thieves. I hope this guide has helped you a little in the need for your own protection requirements. Leave comments or send questions if you want to know more. The next post in this series, will be about the ways I have improved my site to aid in my commercial aspect of selling my art.

If interested in having an art piece done you can visit my Fiverr Pro account here, or like any of my caricature or animal art, please visit my online store for details. And also join my newsletter to get more information on a monthly basis.