Why WordPress Security is So Critical

As the popularity of WordPress sites grows so does the risk of data breaches and malicious spam affecting your site. From spam advertising to the direct access of private client information, WordPress websites are constantly becoming under attack. That being said I still feel that WordPress is one of, if not the most secure CMS available. The WordPress core is a solid framework and the team of developers that contribute to WordPress updates take security very seriously. Security patches are released in realtime as major threats become known. But WordPress security doesn’t end there. As website developers and site administrators we all need to do our part to make WordPress security a critical part of our daily workflow.

If you are an active reader of tech blogs or just follow general news headlines you have probably heard of the Panama Papers.  It is the largest data breach in journalists history, reaching close to 2.6 terabytes of data and over 11 million documents. The data breach has exposed high profile figures such as the Prime Minister of Iceland, Russian President Putin and British Prime Minister David Cameron with controversy.  The law firm Mossack Fonseca is at the center of the controversy. Their website, which runs on WordPress used an outdated version of the Revolution Slider plugin. This version of the plugin was vulnerable to attacks with the ability to grant a hacker command line access to the web server. What escalated the hack so quickly was that Mossack Fonseca was running WordPress on the same network as their email server when the breach occurred, exposing over 4.8 emails to hackers.  A plugin called SMTP was also used on the website to send email directly through WordPress.  Once an attacker had access to the WordPress backend, the wp-config.php file which contains the database credentials and then the WordPress database, they can see the mail server address and a username and password to sign-in and begin to send email.

To protect your WordPress installation it is very important that you update your plugins, themes and core when an update becomes available. You should also monitor updates for security fixes and give those the highest priority. You can find out if a WordPress plugin includes a security update by viewing the changes in the changelog. In this case the site owners did not update for quite some time. This inattention resulted in world leaders being toppled and the largest data breach to journalists in history.

Of equal or greater importance, is your hosting provider. While hosts offer security to a certain level, it’s important to understand where their responsibility ends and yours begins. Discuss security protocols, firewall protection and back-up services with your hosting provider before making any decision on services.

 

 

Staying Current with WordPress & Plugins Updates

WordPress has fast become the world’s most popular CMS and in doing so is taking security very seriously. WordPress’ days as just a blogging platform are long gone and it was now being used to power sites for organisations like government and media for which security is so critical. Whether you are a small business or large corporation, if your site is on WordPress it is critical to keep your WordPress core and plugins updated.

The top 5 reasons to keep WordPress updated are:

  • Security
  • Performance
  • Bug fixes
  • Compatibility
  • Features

One of the reasons that WordPress is increasingly becoming the target of security attacks is because it’s so big. A CMS that powers up to a quarter of the internet will doubtless attract the attention of anyone wanting to insert malicious code, take sites down or steal data.

Many times users are worried their site will break if they perform an update. Seravo.com has a nice solution for this. Based in Finland, Seravo has been performing tested auto-updates for the past three years for thousands of sites and created the WP Safe Updates plugin with the desire to remove the barrier of fear that often prevents users from updating their sites.

WP Safe Updates allows users to test plugin updates in a sandbox before applying them on a live site. After installing the plugin, you’ll see a new “test update” link with available updates on the plugins page.

This allows you to check out the frontend, admin, and any area of the site that the plugin affects. Once satisfied with the results of the update, you can exit the sandbox and proceed with confidence in updating the plugin on the live site.

This plugin is definitely worth taking a look at to help better management of updates.

What’s New in WordPress 4.3

WordPress 4.3 is the second major WordPress release this year. It has some great new features and fixes many issues. Here are some unique features to take a look at:

Menus in Customizer

Now with WordPress 4.3, you will be able to edit, create, and manage menus from the customizer. Go to Appearance – Customize and then click on the Menus tab.

WordPress 4.3 allows you to edit menus in customizer

New Site Icon Feature

You can now add your own favicon in WordPress from the admin area. This was always a manual effort but is much easier in 4.3.

Adding site icon in WordPress 4.3

Strong Passwords by Default

WordPress 4.3 will now suggest stronger passwords by default. This is a very good feature as WordPress grows in popularity.

When a user requests a password reset, they will see a stronger password already suggested in the password reset field.

New user interface favors stronger passwords in WordPress

While adding a new user, WordPress will send them a link to setup a password instead of sending them passwords in plain text.

Editor Enhancements

WordPress 4.3 comes with inline text shortcuts that automatically format text as you type. You don’t even need to touch editor buttons or reload the page. You will see your changes applied instantly in the editor.

Editor text patterns in WordPress 4.3

  • Using * or – will start an unordered list.
  • Using 1. will start an ordered list.
  • Using # will transform into h1. ## for h2, ### for h3 and so on.
  • Using > will transform into blockquote.

You can see the complete list of shortcuts by clicking on the help icon in the visual editor.

Inline shortcuts added to post editor in WordPress 4.3

Comments Off for Pages in WordPress

Pages in WordPress are supposed to be static non-chronological content. See our guide on the difference between WordPress posts vs pages. This means that in most usage scenarios you don’t need to turn on comments for pages. However, WordPress have had comments enabled for pages by default. Users had to manually turn off comments for their pages in WordPress.

WordPress 4.3 fixes this issue and after updating to 4.3, any new page you create will have comments disabled by default.

Comments will be turned off for Pages by default

Improved List Views

There are many improvements for the admin area on mobile devices. The goal of this improvements is to provide a better and consistent user experience on smaller screens.

The list views for WordPress posts, comments, and media are improved to look better on mobile devices. You can find extra information for each item in the tables by clicking on the arrow next to them.

Comment lists in WordPress 4.2 and 4.3

Reference: http://www.wpbeginner.com/

What to expect in WordPress 4.0

WordPress 4.0 is right around the corner, with an expected rollout towards the end of August. After downloading the Beta version I am impressed with not only the layout changes but the further optimization of the WordPress core. For discussion purposes, lets take a look at the features that will most impact our clients who manage their own site content through the WordPress CMS.

1. New Media Library

The new Media Grid will be the most noticeable change for clients.  This new design will allow you to view your media library files, including images and videos in a grid view. The new interface is a  modern approach to viewing your images, those hard to view thumbnails are a thing of the past in 4.0. We now have a  faster way to view and manage your media files. When you click on a  file a pop-up window will one where file information can be edited.

2.Creating & Updating Blog Posts

There are several changes to the post editor that will make writing and editing your blog posts a little easier. The menu bar in the editor will now stick to the top as a user writes a post. A cool feature now is that the editor will re-size itself as you write. The scroll bar in post editor is also gone. This was rather annoying, particularly on mobile devices. The new editor providing a much better writing experience. Video embeds have vastly improved as well. Users will be able to see the actual embed in the post editor when they paste a URL from supported site, such as YouTube.

3. Plugins

For those clients that manage their own plugins the experience has been greatly improved in WordPress 4.0. Similar to the media view, plugin search results are now displayed in a grid. It’s much easier to quickly scan through plugins and read descriptions.

Since we are still in the Beta version I would anticipate additional features and certainly bug fixes to be implemented over the next month. Once you get started with WordPress 4.0 feel free to send us a note on your thoughts and any questions.

The SEO Benefits of WordPress

Now a days every other person is addicted to internet. It is being used on smart phones, tablets, computers etc. Ever wonder why?  It has to do with variety of information brimmed there. Everybody has their interests and every one wants to learn more and more being it random knowledge or on specific topic. This makes internet free flowing source of information accessible by anyone.

WHAT IS WordPress?

WordPress.com is a blog service provider which provides you with free space to write blog. People provide information on topics they want you to learn. The blogger has an opportunity to elaborate his thinking and facts and convey his information or message to his readers. WordPress is a elegant way to do this. It is a open source project started in 2003 for blogging purpose, but with time it beautifully evolved as full content management system. Through WordPress.org you can download the core software and create your own website. Entire websites are built on WordPress including elaborate photo gallery websites and eCommerce websites. The popularity of this open source software is booming! WordPress currently runs more than 66 million websites. Some of those sites include CNN, TechCrunch and Forbes.

SEO BENEFITS OF WordPress

SEO( search engine optimization) is very good for WordPress, thanks to it’s SEO friendly URL structure. It is strictly made upon following the search engine guidelines which makes it easier to be picked up by search engines.

Permalink customization: A permalink defines how your URL looks. You can alter the structure of permalink according to your liking and add keywords according to every post you make. Thus making it easier for search engines to index WordPress sites.

Highly customizable: WordPress themes are highly customizable. Many people are not aware, but search engines, such as Google, takes page loading speed into consideration while indexing. WordPress themes are not only customizable but allow for changes to the core and theme codes to loads faster making them competing for better rank in SEO.

Built-in RSS Feeds: WordPress has a built-in Really Simple Syndication (RSS) feed support. This is prime for SEO because this will allow your content to go to a feed directory with a link coming back to your WordPress site. When you publish a post on WordPress, it will get syndicated to other feed directories, where other readers can subscribe to your feeds and they will be get a notification whenever you post a new content.

Clean codes: Having clean codes is crucially important for SEO. If codes are clean, blogs will be displayed neatly and will consume less resources on servers. It will result in faster loading of pages. It will not only please the user but will also make the work of search engine bots a lot easier.

Facility of using tags: WordPress provides you with facility of using tags. Even hyperlinks and images have meta-tags in them. It not only gives a bonus navigation option but also help search engine bots for indexing your posts in a relevant manner.

These are the top reasons why number of WordPress users are increasing day by day. Its simple, effective and very SEO friendly.

The 540 List of Awesome WordPress Plugins

One of the greatest aspects of building a website on WordPress is the ability to integrate plugins to perform specific functions. Plugins extend the capabilities of your website and allow it to do things that would otherwise take hours and hours of serious coding.  There are a variety of different plugins for WordPress, literally thousands, so there is a good chance there is a plugins for just about every type of site enhancement you can think of.

Below is our list of Awesome Plugins for WordPress. Awesome is a subjective word, since some WordPress users may argue there is a better plugin in a particular category.. which very well may be true.  However, since developing custom themes and modifying existing client themes I have come to find these particular plugins never fail, are easy to implement for the most part and have good dev support.

Security

Wordfence Security
Wordfence is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.

Better WP Security
The easiest, most effective way to secure WordPress.  Improve the security of any WordPress site in seconds. Includes several useful options, such as locking out users after multiple attempts and easy backups.

Akismet
This is one of the most widely used plugins to check your comments to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.
* You will need an Akismet API key. Keys are free for personal blogs, with paid subscriptions available for businesses and commercial sites.

 

Forms

Contact Form 7
A widely used form builder plugin that can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on. We use Contact Form 7 in most of our WordPress site builds.

Fast Secure Contact Form
Easily create and add forms to WordPress. Fields are easy to add, remove, and re-order. The contact form will let the user send emails to a site’s admin, and also send a meeting request to talk over phone or video.

 

Statistics

Google Analytics Dashboard for WP
The king of site analytics! The Google Analytics Dashboard will display analytics data and statistics inside your WordPress Dashboard. Track your WordPress site easily and with lots of metadata: views per author & category, automatic tracking of outbound clicks and page views.

 

SEO

All in One SEO Pack
All in One SEO Pack is a WordPress SEO plugin to automatically optimize your WordPress blog for Search Engines such as Google.  You can set custom title and keyword attributed per page or post.

WordPress SEO by Yoast
This WordPress SEO plugin goes beyond basic SEO functions and automatically optimizing and inserting the meta tags and link elements that Google and other search engines like so much.

 

Photo Management

NextGEN Gallery
One of the most popular WordPress plugins of all time, It provides a powerful engine for uploading and managing galleries of images, with the ability to batch upload, import meta data, add/delete/rearrange/sort images, edit thumbnails and group galleries into albums. It also provides two front-end display styles (slideshows and thumbnail galleries), both of which come with a wide array of options for controlling size, style, timing, transitions, controls, lightbox effects, and more.

Gallery
This plugin makes it possible to implement as many galleries as you want into your website. You can add multiple pictures and description for each gallery, show them all at one page, view each one separately.

 

Sharing

Socilable
It’s a banner that reminds your readers to spread the word. You can select and customize several features, such as text, color, and length in order to ensure your readers and their friends a great social experience.

Social Count Plus
Keeps a really nice tally of all your Twitter followers, Facebook fans, YouTube subscribers, Google Plus page followers, Instagram followers and more.

Share Buttons by AddThis
Help drive traffic to your site by helping visitors share, bookmark and email your content to over 330 services.

 

Must Haves

W3 Total Cache
A very fast caching engine for WordPress that improves the user experience of your site by increasing server performance, reducing the download times and providing transparent content delivery network (CDN) integration.

Google XML Sitemaps
This plugin will generate a special XML sitemap which will help search engines like Google, Bing, Yahoo and Ask.com to better index your blog. With a sitemap, it’s much easier for the crawlers to see the complete structure of your site and retrieve it more efficiently.

WP-DB-Backup
WP-DB-Backup allows you to easily to backup your core WordPress database tables. You may also backup other tables in the same database.

 

If you have a favorite plugin let us know and post in our comments.