Category Archives: WordPress Tips

WordPress Security

WordPress Security

WordPress Security – Closing Those “Back Doors”

Some people consider the WordPress platform itself to be one big back door that provides access to hackers.  After all, it is Open Source with many people all over the world adding to it, improving it – and hacking it. The good news is that your WordPress website does not have to be added to the list of hacked sites, just because it’s a WordPress site.

While some hackers target WordPress, they do so for reasons that are important for all WordPress users to consider.

The very popularity of WordPress makes it attractive to hackers. Karol K, gathered the following information in his post, The Ultimate List of WordPress Statistics:

  • 50-60% is WordPress’ share of the global CMS market – making it the most popular CMS of them all. [8][2][15]
  • New York Observer, New York Post, TED, Thought Catalog, Williams, USA Today, CNN, Fortune.com, TIME.com, National Post, Spotify, TechCrunch, CBS Local, NBC all use WordPress. [32]
  • Around 15,886,000 websites on the entire web use WordPress. [15]

If it is so popular and hackers like it, then why are people – and major companies, still using it?  Well, it is a secure platform (as secure as anything can be on the internet) when it is setup with security in mind and when it is maintained.

Many people, small companies included, decide to build a WordPress website because it is”free”.  And so it is – if you know what you are doing or if you have someone who can help you. When “free” is the motivator, these websites are not often set up properly; the infamous “admin” username is an example (see below).  Once they are set up, the “backend” of the website is often not maintained and so out-of-date WordPress versions and plugins invite hackers.

Another consequence of trying to set up an almost free website is choosing a Web Host that has the cheapest hosting plan.  There are several things to consider when choosing a web host and although price is important, it should not be the determining factor.

So let’s talk about the many strategies used to slam that “back door” shut.

  1. Start with your Web Host
  2. Consider your Hosting Plan and your business needs
  3. Install WordPress manually (or if you have already installed it, update the security of your WordPress installation.  For example, use secure usernames and passwords – not easy to guess like:  “admin” or “administrator”.)
  4. Use Security Plugins
  5. Update Plugins and WordPress version vigilantly
  6. Maintain your site – including deleting themes and plugins that you no longer need
  7. Backup your site (files & database) regularly to restore it if it does get hacked.
  8. Keep an “ear to the ground” in the world of WordPress and WordPress Security

If these things are out of your level of expertise, maybe someone could help you apply these strategies to your website. If not, you may need to roll up your sleeves and learn about it yourself.  WordPress is an Open Source software and the international online community is very supportive.  There are very likely local meetups and organizations in your area dedicated to supporting WordPress users including those just starting.

If that just seems too daunting either on a technological level or time commitment, you may need to pay someone to maintain your site and keep it safe.  Although WordPress is free for some, it will not be free for all to maintain.  You might get lucky, and never be hacked.  However, you can decrease your chances of being hacked by using sound security strategies.

For more details on the strategies listed above, search the internet, join a WordPress group, or follow this topic thread in our  newsletter as we go through those strategies in more detail.

[2] http://w3techs.com/technologies/overview/content_management/all

[8] http://www.wpblogington.com/data/wordpress-2015.php

[15] http://trends.builtwith.com/cms

[32] https://vip.wordpress.com/clients/

WordCamp Vancouver 2015

WordPress WordCamp 2015

Newbie or Developer …. Attend WordPress WordCamp!

If you are a WordPress Developer, as a WordCamp attendee (or presenter) you are participating in (and therefore contributing to) the WordPress community. If you are new to WordPress and still trying to figure it out, you will learn in layers. Web Design knowledge and skills don’t come systematically to most learning WordPress. Many people are experimenting with the platform while building their own sites. This kind of learning tends to be erratic, solitary, and at times both rewarding: “Ha! That’s how you do it!” and frustrating: “Seriously? A Fatal Error!”

I just got home from another fabulous Vancouver WordCamp. By attending this annual event as well as the monthly WordPress Meetups, I keep my finger on what’s new in the WordPress world of web design & development. I can also get answers to my burning questions as well as share my successes and my not-so-shiny moments.

Talking, sharing and networking with others feeds your progress along the WordPress Continuum.  Even if the topic seems way over your head today, another day you are very likely to pull that vague understanding from the back of your brain to help you decide on a theme, plugin or method.  Or maybe you will just be reassured that you are actually on the right path to solving a problem.

Word Camp is all of these things for me.  This year again, the presenters were great! I particularly enjoyed Mandi Wise’s Presentation on Content-First Content Management.  Find out about the WordCamp in your area, take a deep breath, and SIGN UP!

Recommended Social Media Marketing Resources

Recommended Social Media Marketing Resources

There are some books that I recommend to those launching their businesses on the web. Usually those learning WordPress find themselves “on overload” at some point or another. It’s a good idea to take a break when that happens because your productivity plummets. Try switching gears and looking at some related marketing ideas. You will soon be able to add marketing and social media to your arsenal and apply it to your website. For some, it may be a matter of transferring the fun of Facebook to business, for others, it may be learning how to post on Facebook or another platform (Google+ anyone?). Whatever your level of social media literacy, experiment and learn!

In the interest of full disclosure, the links below to Amazon are affiliate links, so I do get compensated. However, the price to you remains the same as if you had gone directly to Amazon. I am frequently asked, “But how do I get on the first page of Google?” Google Search  has reinvented itself several times and continues to do so.  The “recipe” for being on the first page has become more complicated. There is no getting around hard work to achieve this goal.

“But how do I get on the first page of Google?”

David Amerland explains how Google Search works in understandable terms. He uses realistic examples to illustrate how you can leverage the world of social media to build trust and connect with your potential customers and promote your brand in a meaningful way.

 

Vimeo or YouTube?

A Quick Comparison of Vimeo and YouTube:

You

Tube
Advantages Disadvantages
-free
-popular
-is used as a search engine
-is good for SEO (Search Engine Optimization)
-good to reach “the masses”
-easily “sharable”
-videos can go viral
-can set video access to “private” or “unlisted”
-lots of advertisements
-comments must be managed closely or turned off

Vimeo Free

Account
Advantages Disadvantages
-more control
-no advertising or only controlled advertising
-can limit sharing to a select group of people
-limited to 500 mb/week storage space
-limited to 1 HD upload/week
-limited to 10 video uploads/day
-videos do not distribute as easily and therefore are less likely to go viral

For Premium Video Services, including Vimeo, VideoPress, Viddler and BrightCove, consider…

Vimeo Pro

(Premium)
Advantages Disadvantages
-more control
-no advertising or only controlled advertising
-can limit sharing to a select group of people
-more storage space (up to 1000 GB/year)
-support
-cost (currently $199/year)
-videos do not distribute as easily and therefore are less likely to go viral

Continue reading

Adding Protected PDFs and Documents to WordPress – Or Should I?

Adding Protected PDFs and Documents to WordPress – Or Should I?

There might be a time when you want to add a PDF document or a regular Microsoft Word document to your WordPress site. You may not want this information available for download and want to allow Read-Only access from your site. Although PDF documents can be password protected and you can also restrict editing and printing of the PDF, there are times when neither of these options may be quite what you need.

Restricting or Password Protection

If you don’t mind viewers downloading your PDFs as long as they don’t print or change them, follow the steps in Thor Benson’s post. He also suggests a way to prevent visitors from seeing your PDF unless they have a password, but that would be very frustrating for most readers.

Content Protection

The only way to prevent the average visitor from downloading or copying your content, is to make a new post or page and either typing your content there or pasting it in from your original document. Then you will need to install a copy protection plugin such as the WP Content Copy Protection plugin. This will prevent visitors from right-clicking to copy text or images. I did say average visitor, because hacker-types have other means of accessing your content. However, using a copy protection plugin is the most reasonable method for preventing most unauthorized copying.

If you decide that you don’t mind if someone downloads your PDF after all, or that you will just password protect it, follow these steps to create a PDF and upload it.

How to Add a PDF:

1.  Prepare your document in Microsoft Word as follows:

  • Give it a Title that will be helpful to readers.
  • Make sure that it is as you want it to appear on the internet.
  • Do a last minute Spell Check.
  • Click File and then Save As.
  • Under the title box, there is a box that probably says, Save As typeWord Document.
  • Click the arrow in that box and select PDF (*.pdf). (It will save in the same location as your original Word document.)

2.  Open the WordPress post or page where you want it to appear and click your cursor in exactly that place.

3.  Click the Add Media button just above the Tool Bar.  This opens the Media Uploader and the Media Library.

4.  Click Upload Files to get them from your computer. (Nothing will happen if it was already selected when it was opened.)

5.  Click Select Files to browse your computer and select the PDF file.

6.  Click on the PDF file on your computer, then click Open.

7.  Type the title of your document in the Title box (on the right).

8.  Retype the title in the Alt Text box (on the right) and add the word link. For example, if my title was 2014 Catalogue, I would type 2014 Catalogue Link. This primarily provides information for visually impaired visitors; however, it also provides a helping hand for your Search Engine Optimization.  (If you are curious about Alt Text, check out this description by David Ball.)

7.  Next, in the Media Uploader, click the Insert into Post button.

8.  The file appears as a text link on your page or post.  When your readers click on this link, the document will open up in a new browser page with a download bar overlay near the bottom.*

*If you have password protected the PDF, a prompt will appear asking for the password instead of opening the document.

This blog is for those who want to . . . .

– create a WordPress blog from scratch
– learn how to work with a WordPress site someone else set up
– go further with their WordPress site (personalize and customize)
– ask questions
I use WordPress as a Web Designer.  Keeping up-to-date with the exciting world of WordPress is a non-stop occupation. You are welcome to join me on my journey as I move along the WordPress Continuum.
This blog covers WordPress.org.  If you are working with WordPress.com, please follow this link for more information: WordPress.com If you are not sure, learn about the difference between WordPress.com and WordPress.org.