WordPress Security – File Permissions

File Permissions are set when WordPress is installed. If you did not carry out your own installation, you may want to check that the settings are right for your site.

Setting file permissions for certain files may have significant security implications for your site. It is worth taking a few minutes to check your settings and make sure they match your requirements.

In short, an install done by an experienced WP installer probably won’t need any file permissions tweaks. A self-install might need checking. Also note that shared servers will need different settings. Personally, my sites are on shared servers, as I imagine the majority of WP sites are.

Continue reading WordPress Security – File Permissions

WordPress Security – updates

Updates are the simplest way to reduce the risks to your wordpress site.

Set your WordPress version (core) to automatically update right from installation – it’s a no brainer. Of course, you may want to examine all the updates and make your own evaluation… assuming you have the time and expertise.

Not only that but regularly check your plugins and update them too, at least once a week if not daily. Having the latest versions means you are less vulnerable to the latest security issues. There is still no guarantee even if you update seconds after an update is available. However regular updating lowers your risk considerably.

Continue reading WordPress Security – updates

WordPress Security – WordPress Firewall

Having already recommended Loginizer to prevent ‘Bruteforce’ attacks, I now have another recommendation: ‘All in One WordPress Firewall’

wordpress firewall‘All in One WP Security & Firewall’ from Tips and Tricks HQ is a very popular and up-to-date WordPress Firewall plugin. This certainly meets our requirements as a ‘safe’ option. It has all the features of Loginizer when it comes to Bruteforce, but that’s not all. As the name suggests, this has firewall settings which are simple to use, but it’s features are many and various. Too many to go into here, so a certain amount of playing about with the settings is recommended. One nice feature is the dashboard which displays a gauge indicating how protected your site is. Under this are four buttons which you should click to set up your critical features. Each time you add a feature, your security rating goes up on the gauge.

Continue reading WordPress Security – WordPress Firewall

WordPress Security – .htaccess

Having introduced a series on Wordpress Security, the second post in the series looks at protecting WP-CONFIG and .HTACCESS files etc.

Apache uses the .htaccess file  to serve files from it’s root directory. If it is not protected properly, your site security is definitely at risk.

Making changes could potentially be a turn-off as ‘techy’ language is being used. The reality is that it is not difficult to take a few steps to minimise the risk to your site. In order to carry out the necessary changes, you will need to ‘write’ to your site files. This sounds ominous, but the good news is, if you don’t want to do this the nuts and bolts way, you can use a plugin..

Continue reading WordPress Security – .htaccess

WordPress Security

There are individuals who are ‘out there’ looking to hack into your WordPress site. WordPress Security is at risk not just occasionally, but on a daily basis.

We are acutely aware of security especially since the recent ‘ransomware’ super-hack. This attack appeared to affect multiple government organisations as well as individuals. If we learn nothing else from this, we need to realise that security should be second nature. This applies to wordpress security in the same way that it applies to our workstations and devices.

Continue reading WordPress Security

WordPress Redirect Plugin

redirect plugin

A redirect plugin can be really useful if you have re-built a site, are re-organising your site or have shifted from a HTML platform to a CMS.

I discovered today that an old link (a friend had kindly provided for me) actually pointed to a non-active page. This was because the link had ‘index.htm’ as part of the URL. The original site was built using Dreamweaver WYSIWYG which turns pages into HTML, so the link was valid until I switched to WordPress. The solution was simple and only took a few minutes, so I thought I’d quickly share it with you.

Continue reading WordPress Redirect Plugin

Website Spider Simulator tool


Some content and links visible to your visitors on a web page may not actually be visible to the Search Engines, eg. Flash based content etc.. Part of your SEO research should include tools that will allow you to check that spiders see what they are supposed to see. I recently came across a tool which simulates a Search Engine by displaying the contents of a webpage exactly how a Search Engine spider would see it. It also displays the hyperlinks that will be followed (crawled) by a Search Engine when it visits the particular web page along with meta tags and description.

Continue reading Website Spider Simulator tool

Windows 10 – default programs

Another Windows 10 anomaly I have come across is that it has become unclear how to access default software preferences.

I remember years ago back in Windows 95 being frustrated because I had downloaded a trial program which had installed itself as the default program for images. When the trial ran out I could no longer open any images by clicking them in an explorer window because the default program was not responding. I spent months without a solution until I realised that you can ‘tell’ Windows which program to use by default (this was done simply in any explorer window – tools/folder options/file types). So where is this functionality in Widows 10?

Continue reading Windows 10 – default programs