Create Strong Passwords With “Brute Force Protection”

Let’s make sure all users are using a strong password.

What’s all this about strong passwords? Well it’s not about people guessing your password, it’s about computers doing it.

Computers are fast, really fast, and guessing millions of passwords is pretty easy for them. The longer the password and the more types of characters in it, the more the computer has to guess. This is called a “Brute Force” attack, meaning the computer just tries everything until it gets it.

WordPress will now tell you how strong your password is. Here’s how:

– Login and go to “Edit my Profile” in the top-right menu.
You want something with 8 or more characters, including numbers and symbols. A pain, I know!

After setting up good passwords, installing Brute Force protection via a plugin of some kind will really help. There are different approaches, and they all slow the computers guessing way down.

WP Support HQ recommends one of the following plugins. Install and activate one, then make sure the brute force protection is on.

Anti-Malware Security and Brute-Force Firewall

This is our favorite. It works great, is easy to setup, and includes one of the best Malware removal engines we’ve used.

iThemes Security Pro

For even more security iThemes Security Pro is great. It has tons of options and may be overwhelming at first. Budget some time to read the documentation and understand the options as you are setting up the plugin.

Photo by christiaan_008

Help! I’m Getting a Bunch of Contact Form Spam

You just redesigned your site, or maybe just added a new contact form to your current site, and now you’re getting a bunch of non-sense emails. Contact form spam! A lot of people default to using a CAPTCHA to fight spam, those annoying puzzle image things you hate filling out. But there’s another way, a honeypot field!

A what?

A honeypot field is a form field that scripts don’t know they shouldn’t fill out, so they do, and in doing so reveal that they are in fact a script. The great thing is that actual users don’t see them and don’t have to do any extra work to contact you!

Let’s cover two of the more common form plugins, Contact Form 7 and Ninja Forms.

Contact Form 7

You’ll need another plugin for the honeypot field. Install and activate the Contact Form 7 Honeypot plugin.

Next, edit your contact form and add the honeypot short code. I usually add it next to one of the other fields and give it a name that sounds important, like age or recommendation.

[honeypot recommendation]

Save your form!

Ninja Forms

Make sure you’re plugin is updated. That’s it!

Ninja Forms includes a honey pot field on all forms now. If you have an Anti-Spam field setup, you can remove it from your form, unless you want extra protection from scripts.

This should be a nice balance of usability for your users and little spam for you!

Photo by freezelight

Best Plugins for Improving WordPress Speed

Faster-loading websites tend to provide a better user experience. With a platform as open-ended as WordPress, sites sometimes get bogged down, which leads to slow loading times and, worse—frustrated users. Not to worry, as the WP community is prepared to tackle this problem with a host of intuitive plugins to improve WordPress speed.

Make Use of Caching with W3 Total Cache

This plugin tends to fly under the radar, but it’s great for improving the overall speed of your WordPress site. It improves a website’s load time using caching, as well as offering the ability to store information on a cloud-based server. This decreases the load on your server and greatly reduces overall loading time, thus improving the user experience.

Get Rid of Broken Links with Broken Link Checker

Have you ever visited a website, only to leave a short time later because none of the navigation links work properly? Broken links not only slow your site down, they negatively affect the user experience to a huge extent. Your SEO suffers, your users suffer—it’s an all-around bad problem to have.

But who has time to manually click on every link within your website? Thankfully, you don’t have to. Broken Link checker is a simple tool that does exactly what its name implies.

Eliminate Digital Waste with WP Smush

This is an excellent plugin that improves your site’s performance by eliminating the kind of bulky hidden information that attaches itself to images and other site features. Pages will load faster, and images will remain high-res, but the useless junk information is left out. This is a great tool for improving site speed, and thus user experience.

Want to know more about WordPress? Feel free to contact us.

What To Do If Your WordPress Website Is Blank

website design photo

Nothing is more frustrating than pulling up your WordPress website to find a blank page. The first thing that comes to mind is that someone is hacking your website. However, a serious issue such as that isn’t always the case. Often times, a blank website is the result of a corrupted plugin that is currently active.

Sometimes plugins become problematic when they are incompatible with the latest release of WordPress. This is especially true if they are no longer supported by their developers. Free plugins tend to have the problem of losing support while premium plugins are continually updated for each new WordPress release.

You can pinpoint which plugin is the culprit through a process of elimination. You will need FTP access to your domain which you can get from your hosting provider. Once you are inside of your FTP account using a FTP client, you will need to find the /wp-content directory. Once inside this directory, you will find the /plugins directory.

Rename the /plugins directory first to determine if it is one of the plugins you have installed that is causing the issue. When you reload your website in your web browser and it appears as it normally would, then it is for sure one of the plugins causing the blank page.

Now you can rename your /plugins directory back to its original name. Go into this directory and you will see a listing of all of your plugins. Move each plugin folder out of the main plugins directory one at a time. Test your website after each one you have moved. Soon, you will discover which plugin is having the issue. Once you have found the troublesome plugin, you can leave it off of your website. If you feel compelled, you can contact the plugin’s developers and ask if a fix is in the works.

Don’t worry if reading all of the above is over your head. You can outsource your WordPress support issues to professionals who can troubleshoot problems for you.

Contact us today. We work with numerous WordPress installations and have a deep knowledge of the platform, including common and not-so-common issues.

4 Helpful Ways to Avoid WordPress Security Problems

lock photo
Photo by Erwss, peace&love

With any business website, there are certain things you want to prioritize, such as making sure the load times are quick and that the website is completely secure.

Following helpful ways to maximize WordPress security will help you avoid security-related problems.

Stick with Reputable Themes and Plugins

Although there are plenty of attractive themes and unique plugins out there to choose from, you should stick to only downloading ones that are highly reputable. In most cases, you will benefit from this in a variety of ways as these themes and plugins are generally the most updated and secure options.

However, the most important part is to avoid security breaches upon installation.

Be Diligent with Staying Updated

WordPress, along with theme and plugin developers constantly strive to provide a better and more secure product, which is exactly why you should stay updated with all of them. As soon as you see an update for one of them get released, make sure to install it to enjoy a greater level of website security.

Use Complicated Passwords

Creating a complex password for both WordPress and the attached email is essential. Although you might be able to create a rather in-depth password on your own, you should consider looking into software that creates, stores, and encrypts highly complex passwords to maximize security.

Put a Limitation on Login Attempts

Although it will not stop every instance of someone trying to hack your website, you can put an end to some attempts by putting a limitation on login attempts that come from a single IP address.

If you want to enjoy even greater website security, please contact us today.

3 Tips for improving WordPress security

No system is fully secure, WordPress included. No matter whether you’re running a website for your small business, a personal blog, or online resume and portfolio, ensuring your site is secure is extremely important. Here are three easy tips to follow to improve WordPress security:

Don’t use the default admin log-in credentials: This is a simple, but very often overlooked security flaw among amateur web masters. Almost every system uses “admin” as a default username. If your log-in credentials are the same as almost every other system out there, it’s very easy for just about anyone to get access to your system. You can change your administrator log-in credentials through your WordPress admin panel.

Back up your site regularly: If your site is compromised, having plenty of back ups ready allows you to get back on your feet much more easily. Imagine if you haven’t backed up at all and have to rebuild your site from scratch! Regular back ups are a major foundation to running your website in general – you should back up your site before making any major changes to your site.

Always use the most current version of WordPress, themes, and plug-ins: Just as hackers are constantly looking for weaknesses in WordPress and its plug-ins to exploit, the developers are developing patches for these exploits. Using an outdated version of WordPress, a WordPress theme, or plug-in leaves vulnerabilities in your system that can easily be exploited by a hacker.

If you need help with any of these, or need a professional to host and run your WordPress website, contact us!

4 Things to do Before WordPress Updates

Keeping on top of WordPress updates is extremely important, patching security holes, fixing bugs, and improving user experience. Before updating your WordPress installation, though, run through this quick checklist to make sure you got everything right.

Check WordPress Update Requirements: Make sure your web host has the most current versions of PHP and MySQL/SQL Server before updating. This is especially important if you’re your own webhost!

Don’t forget to check the official WordPress requirements page as well to make sure you aren’t missing anything.

Update Themes and Plug-ins: It normally takes a little time after a WordPress update is released before theme and plug-in developers release a version compatible with the new update. In some cases, you may have to wait a few days before your themes and plug-ins will be compatible. In worst case scenarios, a theme or plug-in you’ve used for a long time will not longer be supported and you will have to find a replacement that is compatible with the current WordPress update.

Back Up your Installation: This is the most important step! Always back up everything before making any major changes to your site. You can back up your database via your cPanel dashboard or PHPMyAdmin, and make sure you back up your themes and plug-ins as well. You can do this manually by exporting all content from your Dashboard, or you can use a specially designed back-up plug-in.

Deactivate your Caching Plug-in: If you have W3 Total Cache, Super Cache, or other caching plug-ins installed, deactivate them before starting your update. These plug-ins sometimes cache maintenance pages and interfere with the update process.

Be sure to check after your update if your caching plug-in is reactivated. Some plug-ins do this on their own, but others do not.

That’s It!

Now you’re ready to update WordPress. Make sure to double check that all your themes and plug-ins are working properly after the update, and reactivate any plug-ins you deactivated during the update process.

If you’d rather someone else handle your WordPress updates, security, hosting and backups, contact us today. We offer WordPress support plans starting from $15 per month.

WordPress – A Target for Viruses

According to a Forbes report, published in December, 2014, WordPress is now the most popular web page development and CMS system on the internet. WordPress is an open source system, available free, that makes creating a blog or webpage relatively simple. The system provides creation tools and a growing number of plug-ins that enable businesses to operate state of the art websites. There are at least 60 million websites created with WordPress. That is one in every six websites in the world.

Because the code for the software and the plug-ins are open source and because the program is so popular, the makers of malware have found it a valuable target. In particular, hackers have targeted the system of plug-ins that accompany the main program. According to Matt Johnson of the Threat Research Center for Threat Research Center for WhiteHat Security, plug-ins are “inherently more insecure and harder to keep up to date as opposed to WordPress core.” One particular plug-in called “RevSlider” seems to be particularly vulnerable to infection.

Recently, a piece of malware called “SoakSoak” became the latest malware menace to take advantage of these vulnerabilities. SoakSoak scans for websites with older editions of RevSlider, then changes its JavaScript swfobject.js file. This disrupts website functioning by directing users to a SoakSoak domain. The malware infects the website host and any user that enters the infected website. It is difficult to remove. As of mid-December, 2014, the circle of infection has now spread to over 100 thousand websites. In an attempt to curb the spread of infection, the Google search engine has recently blacklisted affected WordPress domains to keep users from finding those sites. This could mean serious losses for thousands of companies depending on their websites. If there is a concern about Google exclusion, experts advise that users check with the Google advice page to find out how to get off the blacklist.

Keeping WordPress sites up-to-date is the best protection against malware.

  • Ensure that the plug-ins used are all legal. Plug-ins downloaded from free sites can contain malware.
  • Maintain the plug-ins. Use only the most recent versions.
  • Make sure to back-up sites in a healthy state. If a site becomes infected, the best course may be to take the whole site down and re-install the back-up.

WP Support HQ offers programs of full WordPress support and backup. We take care of all the steps you need to keep your website running safely. If you are using WordPresscontact us.