WordPress Security – File Permissions

File Permissions are set when WordPress is installed. If you did not carry out your own installation, you may want to check that the settings are right for your site.

Setting file permissions for certain files may have significant security implications for your site. It is worth taking a few minutes to check your settings and make sure they match your requirements.

In short, an install done by an experienced WP installer probably won’t need any file permissions tweaks. A self-install might need checking. Also note that shared servers will need different settings. Personally, my sites are on shared servers, as I imagine the majority of WP sites are.

Continue reading WordPress Security – File Permissions

WordPress Security – updates

Updates are the simplest way to reduce the risks to your wordpress site.

Set your WordPress version (core) to automatically update right from installation – it’s a no brainer. Of course, you may want to examine all the updates and make your own evaluation… assuming you have the time and expertise.

Not only that but regularly check your plugins and update them too, at least once a week if not daily. Having the latest versions means you are less vulnerable to the latest security issues. There is still no guarantee even if you update seconds after an update is available. However regular updating lowers your risk considerably.

Continue reading WordPress Security – updates

WordPress Security – WordPress Firewall

Having already recommended Loginizer to prevent ‘Bruteforce’ attacks, I now have another recommendation: ‘All in One WordPress Firewall’

wordpress firewall‘All in One WP Security & Firewall’ from Tips and Tricks HQ is a very popular and up-to-date WordPress Firewall plugin. This certainly meets our requirements as a ‘safe’ option. It has all the features of Loginizer when it comes to Bruteforce, but that’s not all. As the name suggests, this has firewall settings which are simple to use, but it’s features are many and various. Too many to go into here, so a certain amount of playing about with the settings is recommended. One nice feature is the dashboard which displays a gauge indicating how protected your site is. Under this are four buttons which you should click to set up your critical features. Each time you add a feature, your security rating goes up on the gauge.

Continue reading WordPress Security – WordPress Firewall

WordPress Security – .htaccess

Having introduced a series on Wordpress Security, the second post in the series looks at protecting WP-CONFIG and .HTACCESS files etc.

Apache uses the .htaccess file  to serve files from it’s root directory. If it is not protected properly, your site security is definitely at risk.

Making changes could potentially be a turn-off as ‘techy’ language is being used. The reality is that it is not difficult to take a few steps to minimise the risk to your site. In order to carry out the necessary changes, you will need to ‘write’ to your site files. This sounds ominous, but the good news is, if you don’t want to do this the nuts and bolts way, you can use a plugin..

Continue reading WordPress Security – .htaccess

WordPress Security

There are individuals who are ‘out there’ looking to hack into your WordPress site. WordPress Security is at risk not just occasionally, but on a daily basis.

We are acutely aware of security especially since the recent ‘ransomware’ super-hack. This attack appeared to affect multiple government organisations as well as individuals. If we learn nothing else from this, we need to realise that security should be second nature. This applies to wordpress security in the same way that it applies to our workstations and devices.

Continue reading WordPress Security

WordPress Redirect Plugin

redirect plugin

A redirect plugin can be really useful if you have re-built a site, are re-organising your site or have shifted from a HTML platform to a CMS.

I discovered today that an old link (a friend had kindly provided for me) actually pointed to a non-active page. This was because the link had ‘index.htm’ as part of the URL. The original site was built using Dreamweaver WYSIWYG which turns pages into HTML, so the link was valid until I switched to WordPress. The solution was simple and only took a few minutes, so I thought I’d quickly share it with you.

Continue reading WordPress Redirect Plugin

Slider WordPress plug-in

I manage a WP site which, in the past had the notorious ‘Revolution’ Slider plug-in – I say notorious because (before I was managing it!) the plug-in was exploited and the site was hacked through it.

The problem is now fixed, and I have started to look at how we might use the plug-in, and honestly have been really impressed with it and it’s many features. However, not only has the plug-in been exploited in the past, but its also a plug-in you have to pay for… So my task has been to look for the best free equivalent.

Continue reading Slider WordPress plug-in

Submission Contact Forms plug-ins for WordPress

contact form plug-in

I have built a few sites lately where I have needed to use some sort of submission or contact form – in the (HTML) past, this would have required a lot of code and a whole load of testing – with WordPress of course, it’s another plug-in… but which one?

There are dozens to choose from, and I am not saying my choices were inspired at all. I actually used a different contact form on each site, and am pleased to report my findings, both successful in their own way.

Continue reading Submission Contact Forms plug-ins for WordPress

Spell Check for WordPress plug-in

Well there I was updating a WordPress site when I realised there was no spell-check function in the page editor. When did this happen? a bit of research suggests that this functionality was removed in WordPress version 3.6.

It’s pretty important to do your best to make sure that your website is not full of spelling mistakes. I recently edited a site and found five spelling mistakes in the first page I looked at, in only about three paragraphs of text. My personal feeling is that you can get away with the odd error, but a proliferation of errors will put seeds of doubt into your visitors’ mind regarding the authenticity of your site and the validity of your products/services.

Continue reading Spell Check for WordPress plug-in