How to Ensure Your WordPress Site Is Properly Secured

I would like to thank areuconnected.com for allowing this guest post on WordPress security. I’ve found to be an excellent source for information on web development, such as this article, Reasons Why WordPress Sites Are Better Than Traditional Sites.

WordPress is quickly taking over the internet as one of the most used and trusted content management systems (CMS). With so much versatility and freedom for users, it’s no surprise that it has been described as the most popular blogging platform on the web and is used by 23.3 percent of the top 10 million websites as of January 2015. But with so many of us relying on the software for commercial use, the online security threat to the platform is becoming an ever-growing, ever-changing risk.

However, by following a few basic steps, you can secure yourself from potential threats and continue blogging in peace.

Click To Tweet

Secure Yourself

As with any online security risk, it’s always best to start from square one. By ensuring full protection on the workstation you administrate from, you can substantially reduce the risk to your blog. There are plenty of simple steps you can take to create a first line of defense. Firstly, staying up to date with the latest versions of your operating systems, web browsers, and any other software, minimizes the risk of any security holes they contain being exploited. Similarly, regularly scanning your computer for malware and ensuring your firewall is set up correctly, which can be done by installing good anti-virus software, you can ensure your CMS isn’t at threat from an internal attack. Finally, protecting your personal internet connection from hackers can massively enhance your blogs security; using a VPN, which encrypts all of your online data from potential prying eyes, can do this.

Use a Secure Host

No matter how secure your personal computer and CMS is, your site can still be at significant risk if you aren’t careful about the host that you use. In fact, the majority of cases of WordPress sites being hacked are due to vulnerabilities in the server system that has caused the problems to arise. However, this can be easily resolved. By avoiding going for the cheapest option and asking the right questions, you can ensure your host does not pose a significant security threat to your site. When considering web host providers, always ask about their security policy; whilst some hosts offer regular malware scans, traffic monitoring, and other protection, some leave the security aspects completely up to you. Similarly, by finding a host that offers a Secure Sockets Layer (HTTPS), you can further guarantee protection for your site.

Stay Updated

Much like your personal computer, keeping your WordPress updated at all times can give you substantial protection from online threats. Once vulnerabilities in the system have been exposed, hackers can exploit them to gain access to your site. They tend to target older versions of the software where there are more known holes and, therefore, a higher chance of successfully breaking through. By frequently updating the system, you can minimise the risk and stay ahead of the hackers before they’ve had time to exploit weaknesses. Luckily, WordPress notifies you when a new system update is available, so you can always ensure you’re up to date and protected from newly discovered threats.

Improve Password Security

Having lots of complicated and varied passwords can seem like a massive hassle, especially when you have so much to remember in our lives anyway. However, the fact remains that complex passwords are a vital part of keeping your site safe and secure. Just as we apply intricate locking systems to our houses, a complicated passcode can be a significant protection from threat. There are lots of different tips for creating secure passwords. Using a variety of characters, making it longer than 8 digits, and avoiding using personal numbers such as birth dates make it very simple to give your site a higher level of security. There are also several apps that can safely stored and encrypt passwords, so you no longer have to worry about remembering them all. It’s a very easy security step to take, and one that can be incredibly worthwhile in the long run.

Be an Anonymous Admin

Threats from hackers come from everywhere and can target all parts of your site, but if a hacker can get into your admin panel, then they can very easily cause severe damage. The best way to protect yourself from this is to make you account as indistinguishable from other users as you can. Up until recently, WordPress automatically assigned the username “admin” to all administration accounts. Although there is now an option to update your username, many users choose not to. Unfortunately, this has prompted cyberattacks in which hackers have targeted accounts by using the “admin” username with combinations of regularly-used passwords. By creating an ambiguous name to log in with, you can fade into the background traffic of the site and avoid being specifically targeted. However, as WordPress automatically displays your username in the URL of the author archive pages, you also need to ensure you resolve this. This can be done by accessing your WordPress database and changing your username.

Security Plugins

Finally, in addition to these steps, you can increase your online safety by using WordPress security plugins. There are many plugins available on the WordPress website that provide you with a wide variety of safety features, including scanning for malware, adding a firewall, and searching data for any potentially dubious code, as well as many which offer multiple security precautions. By using these alongside taking basic safety measures, you can protect your site from potential threats.

Administrating any website does not have to mean spending all your time worrying about security risks. WordPress is a highly regarded source that takes into account many elements of internet safety and allows users to focus on what really matters: producing and sharing great content. And by taking a few extra precautionary steps alongside this, you can rest assured that your site is protected and confidently create a website to be proud of.

This was contributed by Isa for Secure Thoughts, one of the best possible online sources for information regarding website security.

/0 Comments/by

Top 5 best wordpress SMTP plugin for your website

Recently I was in need for SMTP plugin to configure on my sites as my server admin decided to off php mail() function and advice to use SMTP method instead. I found there are some good plugins to use. Here I am listing 5 top free SMTP mail plugins, so you can quit searching and use any one of this without any doubt. 🙂

1. Easy WP SMTP

Easy WP SMTP allows you to configure and send all outgoing emails via a SMTP server. This will prevent your emails from going into the junk/spam folder of the recipients.

easy wp smtp

2. Easy SMTP Mail

Easy SMTP Mail can help you to send emails via SMTP instead of the PHP mail() function. This plugin reconfigure’s the wp_mail() function to send SMTP Mails. The Practical use of this plugins comes when theme have a contact page, which on submit, shows you the successful message, but, still admin did not receive any email, here comes this smtp plugin which will makes your contact form workable.

There are many settings that are easy to implement within it. From the general settings, you can add a “from email address” and a “from name”. This sets the email address through which you send mails, and your name can be displayed as per your settings in the recipient’s inbox.

You can also select your SMTP host, SMTP port and set SMTP authentication, with a view to further strengthening your security by adding username and password.

easy smtp mail

3. SAR Friendly SMTP

With this plugin, you can send emails through SMTP instead of PHP mail() function. You can add the settings page to your dashboard in order to configure and modify your settings. This plugin is very easy to use and install, offering very simple configuration options used for security. You can activate it simply from the “Plugins” menu in WordPress admin panel after the successful downloading and installation.

You can set “from name” & “form email” field optionally. Note: if smtp server/hostname field is left blank, then your wp_mail() function cannot be reconfigured.

In one word, this is a very nice plugin that caters all your security needs with the utmost efficiency in a very simple way.

sar-friendly-smtp

4. WP SMTP

WP SMTP can help you to send emails via SMTP instead of the PHP mail() function. It adds a settings page in your dashboard where you can configure the email settings.

The examples given on the settings page are of great help, with which you can utilize them by clicking the corresponding icon to view. You can even set “from” field and SMTP host. However, if this field is left blank, then your wp_mail() function cannot be reconfigured.

wp smtp

5. WP Mail Bank

WP Mail Bank – PHPMailer & SMTP Mailer is a plugin that reconfigure the PHPMailer and has advanced smtp settings options and making more enhanced.

This WordPress plugin lets you customize the email details that appear on emails sent from WordPress. With this plugin you can configure your SMTP email to use instead php mail(). You can customize both (from email & from name) fields with this plugin so your users are not confused. You can also set return-path email field.

wp mail bank

In my opinion above 5 plugins are best for SMTP mail for wordpress. What is your opinion?

[poll id=”2″]

Note: If you are selecting “Other”, please leave a comment with plugin name and why do you think this is the best.

/0 Comments/by

How To: Leverage Browser Caching in WordPress sites via .htaccess

[vc_row][vc_column][vc_column_text animation=”no_animation”]

What is browser caching?

Every time a browser loads a webpage it has to download all the web files to properly display the page. This includes all the HTML, CSS, javascript and images.

The point of using browser caching and expiry headers is to shrink the number of HTTP requests, which improves the performance for your returning visitors.

The first time someone visits your site, their browser will fetch all your images, css files, javascript files, etc. Normally that happens every time the same visitor comes back to your site.

With Expires headers you tell your website visitor’s browser that the files you stipulate are not changing until after a certain time, for example a month.

This means that the browser doesn\’t have to to re-fetch images, css, javascript etc every time your visitor comes back to your site.

Finding and Modifying .htaccess

You can access your .htaccess file through cPanel by clicking on the File Manager. When the popup box appears, click on the Web Root option and make sure that the “Show hidden files” option is checked. If you are using any FTP software, go to /public_html if the site hosted in root.

The code below tells browsers what to cache and how long to “remember” it. It should be added to the top of your .htaccess file.

Pasting in the Directives to Leverage Browser Caching

Open up your .htaccess file and paste in the following directives at the top of the file:[/vc_column_text][vc_column_text][/vc_column_text][vc_column_text]

Save the .htaccess file and then refresh your webpage.

How to set different caching times for different file types

You can see in the above code that there are time periods like “1 year” or “1 month”. These are related with file types, as an example the above code states that a .jpg file (image) should be cached for a year. If you want to change that and say you want them only cached for a month you would simply replace “1 year” with “1 month”. The values above are pretty optimized for most web pages and blogs build on top of wordpress.

Recommendations

  • Be aggressive with your caching for all static resources
  • Expiry at a minimum of one month (recommended: access plus 1 year)
  • Don\’t set your caching more than a year in advance!

You want to be cautious when enabling browser caching as if you set the parameters too long on certain files, users might not be getting the fresh version of your website after updates.

[/vc_column_text][vc_message color=”alert-warning” style=”rounded”]You want to be cautious when enabling browser caching as if you set the parameters too long on certain files, users might not be getting the fresh version of your website after updates.[/vc_message][/vc_column][/vc_row]

/0 Comments/by
,

Change and Update WordPress URLS in Phpmyadmin

Migrating a WordPress site to new url or domain, live or to a production/development server, new URL strings in the mySql database need to be changed and updated in various database tables.

This method is work when you like to move whole mysql database via phpmyadmin instead export/import all within wordpress admin. So you would copy/move all wordpress files/folder to new destination, set the correct ownership to those files and than start work on database.

Old url to New url change within phpmyadmin

  1. Export database from old server.
  2. Create a new blank database on New Server
  3. Import old database via phpmyadmin import wizard
  4. Use the code as below in sql query and change in your old and new URLs, no trailing slashes.

UPDATE wp_options SET option_value = replace(option_value, 'http://www.old.url', 'http://www.new.url') WHERE option_name = 'home' OR option_name = 'siteurl';
UPDATE wp_posts SET guid = replace(guid, 'http://www.old.url','http://www.new.url');
UPDATE wp_posts SET post_content = replace(post_content, 'http://www.old.url', 'http://www.new.url');
UPDATE wp_postmeta SET meta_value = replace(meta_value,'http://www.old.url','http://www.new.url');

replace old url to new url

Finally update wordpress config file to reflect the new database, “wp-config.php” should be in your web document root – change, database name, ursername, password and host values:

define('DB_NAME', ‘dbname');
/** MySQL database username */
define('DB_USER', 'username');
/** MySQL database password */ d
efine('DB_PASSWORD', 'password');
/** MySQL hostname */
define('DB_HOST', 'localhost');

Now everything should be fine.

/0 Comments/by
,

WordPress Plugins for Event Management

WordPress is a very useful tool for programmers, web designers and other people who are less familiar with creating websites. It’s becoming more and more popular due to its convenience and diversity of services.

If you have a WordPress website, this article is just for you. It can give you an idea of how to organize events with WordPress.

Event Management

Credit: http://farm5.staticflickr.com/4099/4919659112_b9f6b0df8f_o.png

If you have ever dealt with managing events, you surely know how time-consuming this can be. The to-do list is practically endless. It may include repeating schedules, events, multiple days and tracks, multiple organizations, multiple prices and payment methods, etc. This can become a real torture for anyone.

Well, here we will show you some tricks with plugins, features and themes of WordPress that can help you organize events more easily.

Now let’s have a look at the event-management system and what features and plugins you are going to need:

Events

Of course, if you are going to manage events with WordPress your event-management tool should support events.

Registrations

If you want to make events easy for you and other people, you should allow them to register for events on the website itself. This will attract more users. Another thing to take into account, the people who register on the site should be able to have access to the information they provide and the events they join.

Event taxonomies 

Using taxonomies will help keep events in good order. How is it done? By separating events from other content on the site by means of tags and categories.  This is very useful especially if most of the content on the site is not Web development based. So use separate taxonomies for the events you provide online.

Payment gateways

Providing payment gateways online is another great way to make your site a favourite place for many users. Not to mention, it makes it easier. If you are wondering what payment feature to choose for your site, make sure you pick up the one that accepts the highest number of payment methods.

Sponsors

Normally, big events have sponsors. The latter usually provide financial assistance and in return require that website owners place their company logos at different places on the site. Having a sponsors feature is just the thing you need in this case. With it you are going to be able to add logos, descriptions and names of the sponsors that contribute to your events.

Participating organizations

Just like sponsors, other participants in the various events you may be hosting are  companies. For this reason, you are going to need a plugin or feature that will help you attach organizations to events.

Multiple day events

Sometimes events last longer than a day and splitting them is a great way to organize things. That’s why you need a multiple day events feature that will help you out. Also, you should be able to control everything from an administration section.

Notification management

Two types of notifications may occur on a website: on-site notifications and email messages. On-site notifications appear to users when they have a problem registering or when they have successfully paid for a ticket, for example. It is very useful to have a plugin that will make it easier for you to manage notifications.

There is a number of other tools and features of WordPress that are not for free, however. If money is not a problem for you, you may also want to try Events Manager, Events Planner and Event Espresso. Otherwise, if you have a budget to stick to, have in mind the plugins and features mentioned above.

Author Bio: Rose Finchley loves to write about Internet. She currently works as a manager of http://www.perfectcleaning.org.uk  and she has a lot of experience to share with her readers.

/0 Comments/by

Reasons why WordPress sites are better than traditional sites

There are so many reasons that websites made in wordpress are far much better than the traditional websites. You do not have the need to send anything to your designer like if you want to design casino blog in wordpress then you do the changes in basic text or add new pages yourself and by doing this it will save your costing of money. You can change or add the content by accessing the net anywhere in the world  and there is not any requirement for software or fixing firewall settings and can give schedule to those posts to publish on your site on whatever day and time you want.

Reasons why WordPress sites are better than traditional sites

You can add number of page template format so that the visitors do not get confused and your frequent contribution will attract google and other search engines robots like magnets. The robots will search your entire site every day looking for new pages and content and index your pages within a few times.

When you are adding new content frequently it will increases the repeated visitor’s numbers. When people like what you contribute to the website they want to know when you add. That’s where RSS feeds come into play along with automated notices by email that new posts have been made.

You can automatically integrate your blog posts with social media sites like Twitter, facebook, LinkedIn instead of going to each login and make a post that you’ve just added something new to your website. Some tips are provided for safe and secure sites in wordpress.

WordPress blog allows you to add new pages in a few seconds and that page can be set to appear in navigation on every other page on your entire web site in the click of a button. You have not to do afford to spend that much time to make that many additions of content pages in such a short amount of time with a traditional Website and for passive promotion there are plugins in WordPress.

If you make some posts and get no comments at all and then all of a sudden you post such a topic that brings lots of comments. This is a highly valuable opportunity that you normally do not see with a traditional website. Blog posts can be automatically converted to RSS feeds and syndicated to blog directories and other peoples’ websites.

Adding the RSS feed to MSN is the fastest way to have your site indexed and it is common for even new sites to appear in MSN within 24 hours using this method.

/0 Comments/by