Blog

How to Make Your Own Homemade Hand Sanitiser

With the madness of panic buying that has been seen across the world, which started with the clearing of soap and hand sanitiser from shops and quickly led to the fighting over packs of toilet roll and dried pasta, some people have suggested making your own sanitiser.

Some public health officials have recommended against it on the grounds that the public “is unlikely to be able to get a formula correct at home”. 

However, if you’re left with the choice between that or nothing, making your own is likely better.

So from research, reliable sources state that you need sanitiser that is at least 60% alcohol. If health officials are concerned that an average Joe won’t get that right, perhaps it’s prudent to aim for a higher number…say 70-80%.

Ingredients for Homemade Hand Sanitiser

  • Rubbing alcohol
  • Aloe vera gel
  • Tea tree oil

The magic ingredient of hand sanitiser is alcohol, it will remove many bacteria and viruses from surfaces and it’s used to clean things like cuts and grazes, as well as paint brushes.

So, thanks to price gouging and profiteers prices of rubbing alcohol (or surgical spirit) have shot up on sites like Amazon. 

I’d ordered a 500ml bottle before the madness started, just to see if it was possible to make your own hand sanitiser. However, the seller didn’t ship it (either because they’d run out of stock, or because they wanted to keep their stock to sell at 10 times the price). Bottles that had previously cost around £3-5 are now selling for £30-60….which is just ridiculous.

So I sourced it from another site, and bought 2 litres instead. It arrived a few days later.

Using a high concentration of alcohol is necessary in making your own hand sanitiser. One of the best options is surgical spirit.

The other ingredients I used were aloe vera gel which I already had but you can buy from Boots or other similar shops and a few drops of tea tree oil which I picked up from Poundland.

Method for Making Hand Sanitiser at Home

Making hand sanitiser at home was quick and easy.

I used a 200ml bottle to make it, so you may need to change your quantities.

  1. Empty out 140ml of aloe Vera gel from the bottle (leaving 60ml in)
  2. Measure out 140ml of rubbing alcohol
  3. Pour the alcohol into the bottle with a funnel
  4. Add a few drops of tea tree oil
  5. Put the lid back on the bottle and shake until it’s mixed

And that’s it, it took not much longer than 5 minutes to do.

Note: I added a few drops of tea tree oil (just to make it smell nice, essential oils will not protect you from viruses). 

Cost of Homemade Hand Sanitiser

For this exercise I don’t think it has been cheaper to make hand sanitiser at home than it would have been to buy it from the shop.

This is mostly due to the increased cost of the rubbing alcohol. The shop I bought it from actually sold it at a reasonable price (£6ish for 2 litres), but it had £8.49 shipping because they usually sell in bulk.

A 200ml bottle of aloe vera gel is around £2.50 and the tea tree oil was £1. This brings the total cost to £18. 

A 50ml bottle of sanitiser can usually be bought for around 50p from Aldi, so there’s no saving here.

However, I have a lot more rubbing alcohol left which I can use for other things too.

In normal times, it may be slightly cheaper if you’re getting the rubbing alcohol for £3ish for 500ml. 

Does Homemade Hand Sanitiser Work?

Reliable sources claim that sanitiser needs to be 60% alcohol to work. Based on this, my recipe for making your own hand sanitiser should work.

My rubbing alcohol is around 99% alcohol and I mixed it with a ratio of 70% alcohol, 30% aloe vera gel. Therefore, the mixture should be 69.3% alcohol, so there’s lots of room to cover any margin of error.

Having tried it on my hands, it smells nice and seems to work just as well. It left my hands a bit wetter than off the shelf products, but I might just be using too much.

When health is concerned, cutting corners is not advised. However, with no other alternatives, this homemade hand sanitiser recipe may be the next best option.

That said, you should always wash your hands thoroughly with soap and water instead if that is available. 

Disclaimer: this was a recipe that we used but we accept no responsibility if you choose to follow it. This is only a guide for research purposes only. You should always complete a test patch before using any products.


A Quick Spring Clean to Make a Smartphone Last Longer

How and Why to Factory Reset Android to Make it Last Longer

Mobile phones are devices that have consumed our lives. Having now had a smartphone for a decade, I have come to realise that it is not just time and attention they consume, my phone is also a big consumer of money.

Originally, I’d bought iPhones, first the 3S, then the 4S, followed by the 5S. I was on two-year contracts, usually being offered an early upgrade a couple of months before the contract ended.

Once I reached the end of the iPhone 5S’ contract though, I had had enough.

The iPhone 6, although a different shape did not provide me with new features that I could justify the added cost. So I kept hold of the trusty iPhone 5S, doubling the previous lifespan to 4 years.

Shortly after the 4-year anniversary of my purchase though, it began to slow down and not hold its battery. It required charging multiple times a day to cope with my daily Google Maps powered commute and office music listening.

Making the Jump to Android from iPhone

Having already switched to a SIM only contract two years prior, I was debating whether to get a new iPhone or make the jump to Android. After speaking to a few people and a bit of Googling, I bit the bullet and made the switch.

I opted for the OnePlus 5T. This was a phone with an almost cult-like following. The brand had been a small, underdog start-up in an industry dominated by giants like Apple and Samsung. Although by the time the 5T was launched, OnePlus was a well-established brand.

Choosing Android Because it’s Cheaper

Nonetheless, the phone was fantastic. Fast, easy to use, and practical. Most importantly though, it was about half the price of the latest iPhone (which I think was the iPhone 8 at the time).

My calculation had been that the phone would need to last me at least 2 years to justify switching from Apple. It could not break, have a huge drop in performance, or see the battery life get sucked out of it like juice from a Capri Sun.

This shouldn’t have been a problem at all. I planned to keep it longer than 2 years, I was hoping for at least another 4.

Problem: Phone is Slowing Down Over Time

With 5 months to go before the magic 2-year date though…disaster. Not a sudden disaster like dropping it in a puddle or leaving it on a park bench.

A slow disaster. One that started with the battery draining slightly faster and then with it beginning to slow down. Opening an email in the Gmail app suddenly took several seconds, instead of being instant.

While that is certainly a first world problem, it made it difficult to use as it was hard to tell whether I had just not pressed a button or if it was thinking about completing the action.

I checked the RAM usage. Fine, the phone had 8GB in total and never went above 80% used. I cleared cache. I uninstalled apps. I deleted files I no longer needed. But to no avail.

After some Googling, I couldn’t find others that were having problems at the same time. This is always a good one to check in case a recent update is having the same effects on others. After hoping it wouldn’t come to this, I realised I would have to undertake factory reset.

The factory reset is relatively easy to do. It’s just that it is time consuming to install all your apps afterwards if they are not backed up and restored.

Thankfully OnePlus phones are fitted with an app called OnePlus Switch that does all the hard work for you. After running this, I reset the phone to factory settings.

How to Reset Your Android Phone to Factory Settings

Resetting your Android phone is quick and easy.

  1. Open your “Settings” app
  2. Scroll down and tap on “System”
  3. Tap “Reset Options”
  4. Tap “Erase all data (factory reset)”
  5. Decide whether you want to also “Erase internal storage” with the toggle button (WARNING: doing this will delete all of your photos, videos, etc)
  6. Tap “Reset Phone”

And that’s it. After waiting a while for it to be complete, the phone was fast again. Lightening fast. It looks like that magic 2 year mark should be a doddle and my financial gamble with Android will pay off.


Entrepreneur or Wantrepreneur – Which One Are You?

When I studied business at university, the business school was filled with three types of student.

The first was there because their parents, friends, teachers, or society had told them they needed to go to university to get on in life. They were there for a good time, and didn’t give too much of a thought for where to go next. 

The second type was studying a business degree because they saw it as a stepping stone to getting a career in a large organisation. They (mostly) studied hard and did what they needed to do to achieve their goals.

The third was a much smaller group of students who were studying business because they wanted to start their own business. University wasn’t so much about the certificate at the end, but about meeting people, networking, and finding opportunities beyond the lecture theatre.

I very much fell into the third group. I’d dabbled with different things from the time I started school, and carried out throughout my time at university. This was a time when entrepreneurs were starting to become “sexy”, and I remember hearing people compare them to the rockstars of old. Whether anyone has ever really considered it sexy or not, I’ll leave that to someone else to decide.

I wasn’t just exposed to students in my year though, through my involvement in various different groups and societies, I met several intakes into the business school. And these categorisations worked for every year group.

One thing that was common though, was the third type of student, whether it through lack of experience, egotism, or a corruption of modern life, had a tendency to show traits of wantrepreneurship.

I don’t necessarily exclude myself from this, I certainly did this to some degree as well. But others definitely talked about their “passion” a lot more than I did, while I spent more time looking at numbers.

The term wantrepreneur was coined around this time too, and it made me chuckle a lot at the time…it still does. But it’s also a useful term to know. If you’re looking to set up your own business to get some freedoms in life, then understanding what a wantrepreneur is can help you make sure you don’t become one.

What is a Wantrepreneur?

The word is literally the combination of “want” and “entrepreneur”. It means someone who wants (or even dreams) of becoming an entrepreneur, but often never actually does.

It’s a derogatory term that describes someone who wants the rewards of entrepreneurship, without having to do the work to achieve it. Someone who talks a lot, but does little. 

What is the Difference Between an Entrepreneur and a Wantrepreneur?

Here’s how to spot an wantrepreneur in the wild. For the record, I don’t consider myself either of these. 

1. Entrepreneurs work, while wantrepreneurs talk

I’ve alluded to this already, but wantrepreneurs spend a lot of time talking and don’t do much “doing”. Talking is necessary sometimes, you need to tell people about your product/service, but there’s little point bragging about non-existent achievements.

Entrepreneurs let their work do the talking. Wantrepreneurs just expel hot air to anyone who’ll listen. 

A sure fire sign that someone is a wantrepreneur is that they spend all their time trying to get capital for their business, instead of just bootstrapping it instead. When (if) they ever get that funding, they’ll spend it all and then move on to the next investor before someone eventually pulls the plug. 

2. Entrepreneurs love business, wantrepreneurs love products

Entrepreneurs love business. Not just their own business, but the concept of business. They’re excited by buying and selling, about building something, about solving problems, and about seeing their ideas come to fruition. 

Wantrepreneurs might talk about their “passion” for their business, but they aren’t prepared to do all the boring stuff that goes along with it. They love their idea, but don’t love the idea of spending all night trying to meet a client deadline. 

3. Entrepreneurs focus on their business, wantrepreneurs focus on their own image

Entrepreneurs have a single focus: the success of their business. It doesn’t matter to them how they succeed (within reason), it just matters that they do. They aren’t in it for the glory, they’re in it for the satisfaction (and the rewards that go with it). 

A wantrepreneur’s top priority is themself. Their image is more important than the success of the business. Being seen as a “CEO” and all they think that entails is their primary objective. The fact that they’re CEO of nothing doesn’t seem to have crossed their mind. 

4. Entrepreneurs fix, wantrepreneurs complain

If they hit a problem, an issue or a setback, entrepreneurs roll up their sleeves and set to work fixing whatever needs fixing. They understand that they are the ones in charge and therefore they are responsible for their own destiny.

Wantrepreneurs complain, it’s always someone else’s fault. They didn’t make a sale because the customer didn’t know what they were doing. They’ve missed a launch deadline because the supplier messed up. They haven’t hit their sales projections because the web designer didn’t build the site exactly how they wanted it.

For a wantrepreneur, it’s easier to make an excuse than to face the reality of their own shortcomings.

5. Entrepreneurs are playing the long time, wantrepreneurs are impatient

Amazon founder, Jeff Bezos said that being an overnight success takes about 10 years. Entrepreneurs understand this. You can’t build a business overnight, it takes years of hard work to make a successful, sustainable business.

That doesn’t stop them, they just keep toiling away, day after day, getting the job done.

Wantrepreneurs don’t have time to wait 10 years. They need the success now because they’ve already told everyone that they are a successful business owner. They won’t stick it out much longer than a few months or a year, then they’ll move on to the next idea.

You’ll spot an wantrepreneur a mile away if they’ve talked about 5 different businesses in as many months. 


A guide on how to protect your Wordpress site

How to Protect Your Website Against Spammers and Hackers

I recently suffered some big attacks on a WordPress website that I manage, which forced us to really beef up our security measures. For anyone running their own websites, security is a really big concern. Below are the steps I used to stop the attack and protect it for next time. Fortunately, nothing bad happened as security was already set up at a decent level. This attack was more of a nuisance, but it could have ended up being much worse.

Below is a guide to protecting your WordPress site, based on the techniques I have deployed to protect mine. 

Why Should I Use WordPress?

WordPress is great for many reasons: it’s simple; easy to use; has plugins for just about anything; and of course, it’s free. Being open source has allowed it to be all of these things and has seen it become the most popular Content Management System on the internet.

Why Attack WordPress?

However, the open source nature and popularity also make it an attractive target for hackers. There are many reasons why a nefarious actor may wish to attack a WordPress site, but if you are under attack take some comfort in knowing that it is almost certainly nothing personal against you.

What Does a WordPress Attack Look Like?

An attack on WordPress can take on many forms, but these are typical symptoms to look at:

  • Lots of spam comments, or email notifications asking you to moderate comments
  • New content appearing on your site (in the form of blog posts or pages)
  • Files being uploaded to other areas of your site without you knowing
  • Google or another browser or search engine flagging your site as dangerous or malicious
  • Your website loading a lot slower than usual with no other obvious reason
  • Your web hosting being suspended or terminated
  • Your website showing an error like 503 server error

These may not always be because of an attack and there are also other symptoms, but if these things happen it should be one of the things you look for.

Let’s look at how to block the most common types of attack.

How to Stop Spam Comments on WordPress

Spam is one of the most common attacks to a WordPress site. Typically, spam comments are left by people hoping that they will be able to get a link back to their own website. While there may not be anything wrong with this in principle, the problem is that these links are typically to low quality, illegal, or dangerous websites.

Require Moderation of Comments in WordPress

There are some really simple ways to stop this type of attack. Firstly, requiring moderation of comments before they are approved can help to stop spam. However, this doesn’t always seem to dissuade the spammers, who are typically using software to automate their spamming. If you haven’t already enabled this, you may want to try it first. But you’ll likely need to try another step.

Use Akismet to Stop Spam Comments on Your WordPress Site

Akismet is an incredibly powerful WordPress plugin that has one purpose, the block spam comments from your website. It is now 15 years old and claims to block 7.5 million pieces of spam every hour! It has a free version for people who are not using their website for commercial purposes, and then a paid version that is £4 per website, per month.

It works by combining intelligence from all of the websites that use the plugin. This has helped to create a huge database of spam comments, allowing the plugin to silently delete the rubbish from your WordPress site before you even see it.

Fortunately, Akismet comes preinstalled with WordPress, you just need to activate it and then setup a subscription.

Turn Off Comments in WordPress

If all else has failed, you can just turn off comments altogether. This will work great for anyone who is not running a blog that wants or needs engagement, so business websites that are using their blog to showcase their products and no much else.

How to Stop Unauthorised Access to Your WordPress Site

WordPress has some really handy features for integrating into other software and for letting you manage your site from your phone. However, if you’re not planning to use these features, or are struggling with attacks, then here is a way to stop one of the most targeted parts of WordPress.

What is xmlrpc.php in WordPress?

This system is called XML – RPC (XML Remote Procedure Call), and WordPress handles it through a file called xmlrpc.php. XML-RPC allows two applications to talk to each other, and in WordPress it allows you to control it from other apps. This tool is so powerful it can also be used for attacking your WordPress site.

What does an XML-RPC Attack Look Like in WordPress?

An XML-RPC attack can be used to brute force the administrator user accounts. The protocol can be used to send thousands of attacks in a very short period of time. This is much more efficient for them than trying to login using the normal WordPress login page (wp-login.php), as they are able to try hundreds of different passwords with just a handful of HTTP requests.

This will not show up as much in your connection logs but will put a lot of strain on your database and cause it to intermittently show error messages. As well as your site running slowly, you may see these errors as a result of an XML-RPC attack.

  1. “Error establishing database connection” when trying to access the site (permanent or intermittent).
  2. “Out of memory” appearing in the web console.
  3. “Cannot open the file no such file/directory” appearing in the web server’s error log.
  4. “POST /xmlrpc.php HTTP/1.0” appearing in the web server’s error log.

During the peak of an attack that targeted one of my sites, XML-RPC attacks were hitting more than 5,000 attempts in a single day. 24 hours after implementing some of the security measures listed below, this was the number of attacks the software had blocked.

What Are the Other Risks of XML-RPC Attacks?

Obviously, your site going offline is going to cause you a lot of headaches and perhaps some lost revenue. However, if you’re using a service like Amazon Web Services to host your site, you will also be paying for resources that you really don’t want. Therefore, it’s important to get an XML-RPC attack stopped as quickly as possible.

How to Disable xmlrpc.php in WordPress

The XML-RPC feature can be disabled directly in WordPress. However, you may wish to go one step further though, and completely block access to the xmlrpc.php file. This will be most effective if you don’t use any software that makes use of the protocol, but you may even decide that disabling it in the short term may help to make the attack go away quicker.

You can disable access to xmlrpc.php on your own server by using the .htaccess file. Simply paste in the following:

# Block access to the xmlrpc.php file in WordPress

<Files xmlrpc.php>

order deny,allow

deny from all

</Files>

# END xmlrpc.php blocking

You can go one step further though. By using Cloudflare, you can completely stop these requests from hitting your server, protecting you from the load on the server. To do this, you first need a Cloudflare account. If you don’t have one, this guide will explain more.

Once you’re up and running with Cloudflare, you can block access to anyone trying to use the xmlrpc.php file by clicking:

Firewall > Firewall Rules > Create a Firewall rule

When you’re here, type in a “Rule name”, then select “URI Full” in “Field”, “equals” and type this into “Value”:

https://YOURDOMAIN.COM/xmlrpc.php (where YOURDOMAIN.com is replaced with your own domain name)

Click “Or” and select the same values and then enter this into “Value”

http://YOURDOMAIN.COM/xmlrpc.php

This blocks the HTTP and HTTPS versions of the request. Be careful to make sure that you use (or don’t use) www. In your domain name, depending on whether or not your WordPress site uses it.

Then click “Deploy”.

Verify this has worked by trying to visit the page yourself. If it gives you a message saying: “Error 1020 – Access Denied”, then you know it has worked.

Form the Firewall Rules page you can then see how many attacks your rule has blocked in the last 24 hours. As you can see below, the xmlrpc.php file can be a very popular way of attacking a WordPress installation.

How to Block Attempts to Hack Your WordPress Site Through WP-Login.php

The other way to log in to a WordPress site is through the normal login page that you would use. Because WordPress is such a popular CMS, it is easy for hackers to find the login page. One of the easiest tricks to stop this is to move the login page to somewhere else, meaning anyone trying to access wp-login.php will be shown a 404 error.

You can do this manually, but its cleaner and easier to do it with a plugin. One of the best and highest rated plugins to use is called WPS Hide Login. Once installed and activated, you can change the login URL quickly from the XXXX page.

Just remember to save the new URL. If you don’t you will find it very difficult to log in again.

How to Block Access to WP-Login.php for WordPress

One you have changed the URL to log in, you can use the same approach in Cloudflare to block access to the old wp-login.php. Once you’ve applied the test, be sure to test that it’s working by trying to visit https://YOURDOMAIN.com/wp-login.php and http://YOURDOMAIN.com/wp-login.php. If you get the 1020 Access Denied error, then you’re all set.

Why You Should Never Have “admin” as Your Username

From monitoring the attacks on a WordPress site I manage, I noticed that there seemed to be a list of favourite generic accounts that hackers were trying to exploit. None of these accounts existed on this website, so they were not able to get in. However, if you have any of these usernames, you should consider created a new account and removing the old one.

Make Sure You Have a Strong Password

You will get told all the time that you must have a secure password that cannot be easily guessed. Most websites now require your password to be at least 8 characters long and contain numbers, uppercase letters, lowercase letters, and symbols. You should definitely make sure this is also the case for WordPress.

Also remember never to re-use your passwords elsewhere. If you struggle to remember lots of passwords, consider using a password manager like LastPass. This is a service that I have been using for well over 5 years, and I don’t know what I would do without it.

Also register yourself on HaveIBeenPwned.com. This will tell you if any of your usernames, email address, or passwords have ever been (or are in the future) compromised in a data leak.

How to Use Two-Factor Security on WordPress

Another great way of protecting your WordPress user accounts from being hacked is to use two-factor authentication (2FCA). You will find two-factor security on many services now, including sites like Facebook, Twitter, Google, and Amazon.

There are many plugins you can use to protect your WordPress website with two-factor authentication, however one of the best options is to install WordFence.

WordFence all-round security plugin for WordPress, featuring a firewall, login protection, and more. Once you install and activate it WordFence, you can turn on two-factor authentication in just a few easy steps.

Advanced users can also use WordFence to block login attempts from people who guess incorrect usernames or fail to reset the password of too many accounts.

How to Close Security Loopholes in WordPress

Software can always end up with bugs and weak points that can be exploited by hackers. That is why your computer will regularly ask you to run updates. WordPress is no different.

So, to keep your WordPress website protected from hackers you should always run the updates when it recommends it. These updates will provide security patches that will close known loopholes, as well as provide performance improvements and new features. You should do this for WordPress itself, as well as themes and plugins.

Other Tips for Securing Your WordPress Site

There are always more things you can do to keep yourself protected. Once you reach a certain level you will likely need to hire someone to take care of things for you, particularly things at a server level outside of WordPress.

This is what I have done, although I can make changes directly to the server, I would rather pay for someone who is an expert to do it. The risk can be too high if I make a mistake.

However, there are also some more tweaks you can make to WordPress to increase security, these include:

  • Remove any plugins that you don’t use
  • Install JetPack – this is slightly controversial as it can be a bit bloaty, however it does include some useful security features
  • Don’t use pirated (nulled) themes or plugins
  • Block access to wp-config.php using the same method listed above
  • Disable file editing of files by adding define(‘DISALLOW_FILE_EDIT’, true); to your wp-config.php file
  • Use encryption by installing an SSL certificate
  • Change the database prefix (WordPress calls everything wp_ by default) – it’s easier to do this when you first set up WordPress, but it can be done afterwards with plugins like WP-DBManager
  • Regularly backup your site so you can revert back in the event of an attack
  • Remove your WordPress version number either through code, or with a plugin

Success in Blocking WordPress Attacks

After implementing these steps, I managed to reduce the amount of attempts at attacking the site down to just a few dozen each day. This happened very quickly too, as the nefarious people quickly moved on to someone else.

48 hours out, attacks via XML-RPC or wp-login have gone from more than 5,000 to just over 3,000.

72 hours out, attacks are less than 2,000. As you can see, I have refined the rules slightly based on logs in Cloudflare.

A few days later and most attempts have stopped, people have decided not to waste their time.