Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the pricing-table-by-supsystic domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/wpzaco/public_html/wp-includes/functions.php on line 6121
WordPress Tips – WPZA

Tag: WordPress Tips

  • Is your WordPress Password secure?

    Is your WordPress Password secure?

    Do you have a Secure WordPress Password?

     

     

    Having a secure WordPress password is the first step in securing your WordPress site. Some of us, me included fall into the trap of either choosing a very easy password to remember, or we still use the same password we used 20 years ago. Or, maybe even worse, choosing the same or similar passwords for all our logins: banking, Wi-Fi, network and our website.

     

    I was chatting to an old friend who took over my IT administration position well over 2 decades ago, and we both were using the same or very similar passwords based on an administrator login we used then, the scariest thing is we used this same password across multiple platforms so we were both at risk.

     

    But let’s get back to WordPress, regardless of what you may have read at its core, WordPress is very secure. Most problems arise from insecure or badly written themes and plugins, bad file or folder, security on the server or very easy passwords. I will be focusing on passwords for this blog entry.

     

    I have seen WordPress password like ‘12345678’, ‘password’, ‘login’ and many other very easy passwords. These are the passwords for sites that have been hacked and we have been asked to get them live again. So unless you are President Skroob of the Planet Drudia where ‘12345’ is an acceptable password. Just don’t do it.

     

     

    Creating a Secure WordPress Password

    WordPress has made it a lot easier with creating very complex passwords on the new installs, they follow the CLU rules: Complex, Long and Unique. But this same rule should apply to all the passwords you use.

     

    Example of Bad Passwords:

    • Qwerty1234
    • Splish-splash
    • 12345678
    • password

     

    Examples of good passwords:

    • hj78D*(ll88#ccvFgss7
    • Gqv56#@!hh8ggvs(ss
    • nLkksb65#s88gnss9hccv

     

    As you can see the long the better, it should contain uppercase, lowercase, numbers and symbols these types of passwords are almost impossible to hack. Also passwords should be changed regularly maybe once a month or even once a quarter. It is just so easy to become complacent about passwords.

     

    So if you think your password is a bit insecure go change it. You can go change your password or any user’s password in WordPress by going to theme menu on the left of the WordPress Desktop: Users -> All Users.

     

    Here you will see all the users that have access to your WordPress site. Open the user account and navigate down the page to the Account Management and click the Generate new password on new WordPress installs this password will be very long and complex on older installs you may have to enter one manually.

     

     

    Choose a Secure WordPress Password.

     

     

    Passwords are one of your first lines of defense against a hack and making them complex and changing them now can only help. It is also one of many tools you can use to protect your WordPress website.

  • Choosing the correct user name for WordPress

    Choosing the correct user name for WordPress

    Avoid using admin or administrator as your sites user name.

    When you install WordPress the default user name is admin, this is something you should try to avoid.

    Avoid using admin as your WordPress user name

    Most hackers try access your site via wp-admin or the wp-login.php page, and they know that the most common username out there is admin. They try a combination of passwords; this is commonly known as a brute force attack.

     

    But not only should you not use admin, best practice also dictates that the database User ID should also change, when you install WordPress it assigns the first login to the ID of 1. Hackers will also know this and will determine your login name via the User ID.

     

    What we try do when developing or installing a new WordPress website is:

    • We install WordPress using admin as the username (We will be deleting this later)
    • Once we have installed WordPress we add a new user, try something a bit more complex and obscure.
    • Then go back and delete the admin user, this also makes sure we are not using the user ID of 1.

     

    For an existing site you can basically follow the same procedure as above, but just make sure you transfer any post or pages, don’t worry WordPress will ask you.

     

    Limit Login Attempts

     

    With a brute force attack, hackers try multiple password combinations in a row to try and get the right combination of password. What you should try and do is ban users that have more than 5 incorrect passwords in a row.

     

    We ban a user for 10 minutes, if they have five incorrect logins in a row.

     

    Immediately ban IP address that user admin as username.

     

    So if there is no user on our WordPress install that uses admin, why not just ban anyone that tries to use admin as a user name. This I find is a nice quick way to stop a lot of unwanted access to your system.

     

    Some plugins we use to protect our sites.

     

    Follow all our tips and tricks for WordPress, our goal is to help you reduce the risk on your WordPress website, and following the tips will greatly reduce your sites exposure.

  • Choosing the right WordPress plugins

    WordPress-Blue-Image

    The lovely thing about WordPress is the amount of plugins and themes that are available to extend your website. There are tens of thousands of plugins available from wordpress.org and this excludes plugins available all around the net.

    Some plugins are developed very well, using WordPress best practices. On the other hand there is also some very badly written plugins, that can easily bring down your website or even open it to malicious attack.

     

    Before selecting and installing a plugin:

     

    Backup your website

    Always backup your site before attempting to install a plugin regardless of where it comes from, its great reviews. A good backup procedure is critical to every aspect of WordPress. So if something go’s wrong you can easily roll back your site to a before the plugin was installed.

     

    When to install

    Don’t try and install your plugin at peak site user usage. If your site goes down try and limit your downtime, or errors for people trying to surf to your site. Traditionally Mondays is the worst day to try and install a plugin and Sunday the best.

     

    FTP Server Access

    Sometimes a plugin can completely take down a website, and the only way is to delete the plugin from the WordPress install. This generally can only be done via a file browser. Warning: Don’t try this is you do not have good website experience.

     

    How you should choose a plugin:

     

    Referrals and reviews

    Asking someone you trust in the industry about Plugins they may suggest for your website. Maybe they have experience with a certain plugin before installing. Why go through the headaches.

    Reviews are another way of gauging a plugin. For me it is the amount of people that have left a review on a plugin. A plugin with 2000 reviews with a start rating of 4, for me is better than a 5 star rating from 10 reviews.

     

    Checking the plugin stats

    • How many active installs of the plugin, I generally only choose plugins with 10,000 plus installs.
    • Is the plugin updated regularly, check the last updated date. Try and make sure it is not older than a year.
    • Is the plugin compatible with your version of WordPress.

     

    Support

    Check the support pages for the plugin. Try not looking at all the questions but check if they are being answered. This shows an active interest from the develop teamr.

     

    Screenshots

    I like screen shots for a plugin. I generally choose plugins that have detailed screen shots it gives me an indication of the quality of the plugin development.

     

    Research

    Try and compare similar plugins to the one you are interested in. Search Engines area great tools and there are many articles of users who have tried various different plugins and wrote up about their results.

    “Compare WordPress security Plugins”

    “What is the best WordPress Form Plugin”

     

    Testing

    Try the plugin on a more non-essential WordPress install and see if there are any issues. Learn any issues or tweaks on a site that is not essential to your business.

     

    What if I follow all the best practices and something goes wrong? Don’t panic if you have a backup or FTP access it is very easy to roll back to a previous state of the website. Any developer would be able to help if you get stuck very quickly.

     

    The most important things I have found in working with WordPress is to always have a recent backup and to do extensive research before installing any plugin.

  • WordPress Security Best Practices

    WordPress Security Best Practice

    Here are a few WordPress Security best practices that you can employ to protect your WordPress website from being compromised. This can come from malicious intent or something accidental while working on your site.

     

    1. Backup your site. Daily for sites that change a lot weekly for sites that don’t change often. Your hosting provider may already have solutions in place for this, or invest in a good backup WordPress Plugin.
    2. Always update Themes, Plugins and WordPress Core as so as updates become available.
    3. Delete unused plugins and themes, if you have a custom theme try and keep one of the standard WordPress themes. This is a fallback if your custom theme is compromised.
    4. Never use the default admin user name, try something different.
    5. Secure your wp-config.php and .htaccess file we recommend a permission level of 444.
    6. Create a unique difficult password. The more random the better, we employ a 16-character password using upper case, lower-case, numbers and symbols.
    7. Hide your WordPress version number in your presented files.
    8. Hide your username from prying eyes.
    9. Limit the login attempts. Banning users for 5 minutes after 3 failed login attempts is a great way to go.
    10. Disable file editing. The file editing built into WordPress Core is very powerful and very unforgiving; even if security is not a concern having this much power for a normal user is not advised.
    11. Install monitor software, we monitor login attempts, pages and post changed so we can trace any issue.
    12. Always use sftp rather that ftp to access your site. There should be options available from your service provider to do this.
    13. Invest in a decent security plugin.
    14. Choose a good hosting provider.
    15. Incase you forgot always backup this is always your first line of defense.

     

    Above all else if something go’s wrong, don’t panic. If you have implemented the best practices, or got someone else to implement them, you can get your site back quickly.

     

    We include all of this in our WordPress Maintenance Contracts.

  • CSS just like Fairy Dust

    anomalous-maintenance-css
    Customising your WordPress Theme

    Bring on the CSS!

    About a year ago I was told that I was chosen to be the “CSS QUEEN” so I naturally went with this title and made css my thing.

    Our relationship is a happy one – though not understood by many. We are ok with this.

    What I love about wordpress is that it accepts my CSS addiction so nicely. I can customise a theme that is almost perfect and make it perfect with just a little CSS fairy dust sprinkled in.

    CSS is my magic wand, my interior decorator, my wardrobe stylist and my makeup artist. I am incomplete without her.

    If you are thinking of getting your business up on the net and think maybe WordPress is for you then please do contact us so we can find you a theme to best suit your needs and if not I can css it to make it want you want.

    [email protected] | [email protected]

    View Carolyn Groenewald's profile on LinkedIn

  • WordPress Security Tips: Basic Do’s & Don’ts

    Picture with password written on it

    These simple tips are intended to help the everyday user. Anybody that has ever had their site hacked knows that it is not fun and securing their site is so important. There are many more security measures to take, however these simple tips can get you started.

    Do:

    • Backup Site Regularly

    Install an appropriate plug-in to take regular backups of files and databases on your website. You do not want to risk losing your precious data on your website.

    • Upgrade Website Regularly

    You should routinely upgrade WordPress core. Also upgrade non-customized themes and plug-ins installed on your website. This is so important as software is bound to have bugs which makes your website susceptible to attacks. Regular updates would ensure you get cleaner versions of the code reducing the threat of an attack on your website.

    • Set Appropriate Permissions

    Set appropriate read and write permissions on the folders depending on your site requirements. Give access to folders on your website to users who can be trusted.

     

    Don’t:

    • Send Update Notifications to all Users

    Update notifications that are made available in the website’s dashboard should not be available to all users. While updating WordPress core, themes and plugins is essential it should be a well researched step. Unrestricted updates could mean disaster for your website – information lost and potentially site down.

    • Take Passwords Lightly

    Create unique strong passwords and change them frequently, this lessens the window of being attacked by hackers. If you use the same password for a very long time, you’re giving hackers more time to try and crack it. A good idea is to use a password generator such as : passwordsgenerator.net .

    • Allow File Edits in Dashboard

    Editing files in the dashboard is very dangerous – it essentially means making changes directly to your theme, which seems fine, however when it comes to updating your theme you will lose your changes. Users should not make changes to the code.

     

    Still sound daunting?

    If this still sounds a little out of your comfort zone and you would prefer to have it looked after by professionals that have many years of knowledge under their belt in doing just this, then please have a look at our maintenance plans and drop us a mail so we can assist you better.

    http://www.wpza.co.za

     

  • The white Screen of Death – WordPress

    WHITE-SCREEN

    If you have been using WordPress for a few years you have encountered this at least once. It is frustrating but does not mean all is lost.

    Sometimes it only affects the admin panel, sometimes only parts of it.

    Here are a few solutions should you encounter the dreaded white screen:

    First make sure you have sufficient backups

    Check you have not exhausted your memory limit. This could be caused by various issues like bad coding, incorrectly functioning plugins or issues with your web hosting server. Since you have yet to find the culprit you may have to spend some time doing a bit of troubleshooting.

    Try disabling plugins, one at a time ,to see if maybe the problem lies with an incompatible plugin that was uploaded. This has happened pretty often and is usually the issue.

    Go back to a default theme. It may be the theme that has caused the issue, you will then need to check your functions.php file for issues.

    If none of the above fixes it, then you should try to re-install a fresh copy of WordPress. While it is unlikely, but it is always possible that a core file may have been corrupted.
    Sometimes, you may have access to the back end, but the front-end of the site has white screen of death. This can happen because of a caching plugin. Simply empty your cache.

    If none of these tips help then it’s time to give us a call so we can investigate and get your site up and functioning again.

    [email protected] | [email protected]
    www.wpza.co.za

     

    View Carolyn Groenewald's profile on LinkedIn