WP Minder

Security

Friday Link Wrapup – SSL, Podcasting, the 403 Forbidden Error

by Leave a Comment

This week’s WordPress and web marketing links.

I’ve been getting a lot of questions recently from clients about SSL and HTTPS. More and more of them are choosing to make the move to a more secure website, but it can be hard for some clients to understand the ins and outs even though they get why it’s better to have that padlock in the address bar. Here’s a good guide to why SSL is so important now – from encryption to SEO to overall credibility. Hint: if you have an ecommerce store, you absolutely need to be using SSL right now. If you have questions, contact me.

Ever thought about doing a podcast? It’s a very viable alternative to blogging. Over 21% of Americans over 12 have listened to one or more podcasts in the last month, and WordPress makes it easy to set up a podcasting site. Here’s a review of some of the best podcasting plugins for WordPress.

Finally, here’s a little issue I had to deal with for a client just yesterday… Learn what to do when you see that irritating 403 Forbidden error in your WordPress site.

Friday Link Wrapup – WordPress Security, Blogging Ideas

by Leave a Comment

This week’s WordPress and web marketing links.

Here’s some great advice from our preferred host, WP Engine, on how to secure your WordPress site. While there’s absolutely no way to make a site 100% secure, taking as many cues as you can from this list will help dramatically reduce the risk of hacking. These are the same measures we take when we audit our WP Minder clients annually.

If you need more (a lot more) WordPress security info, here’s the Ultimate Guide from wpmudev.

And finally… Blogging can be hard. Coming up with new things to write about for your customers – when it seems you have very little to draw on – can be frustrating. Here’s post on how to write a number of strong articles when it feels like you have only  a single, weak little idea.

Friday Link Wrapup – WordPress Statistics, CMS Woes, Booking Plugins, Security Quiz

by Leave a Comment

This week’s WordPress and web marketing links.

The big giant list of fun and useful WordPress statistics.

No, a CMS like WordPress is not a magical silver bullet that will make all your content problems go ‘poof.’ Learn more about how to overcome them.

If you need to take appointment requests from clients, here are a group of booking plugins for WordPress that might help.

Finally – think you know all about WordPress security? Take this quiz and see (and yes, I got a perfect score).

A Quick Look at the Security Settings for Sucuri Firewall for the Non-Geek

by Leave a Comment

A lot of my clients opt to use the excellent Sucuri Web Application Firewall (WAF) with their Small Business, Business or Premium Plans. Just yesterday I had a new client request we set up a call to talk about the security options before turning on the firewall on his account. I think that’s an excellent idea (one most clients don’t inquire about) and as a result, I’m writing this post to help me get the details into an easy-to-understand format.

So here we go… first, the Sucuri WAF acts like a barrier between your site visitors and your website. It has two modes – High and Paranoid. What Sucuri says about High:

It will enable all our default security checks to prevent SQL injections, Cross site scripting, RFI, LFI, security scanners and a myriad of attacks from ever reaching your site. It will also enable our Virtual patching so if you are ever using an outdated software, it can’t be used to hack your site.

‘Paranoid’ does all that and also prevents anyone from POSTing anything to your site (it’s also called ‘lockdown mode’ ).

Some of the advanced options are a bit confusing, so here’s an attempt at simplification…

  • Restrict the admin panel to whitelisted IP addresses – this is great if you’re not running a membership or ecommerce site where you allow visitors to sign up and login. Basically, you supply a list of IP addresses for legitimate backend users. You can get a URL that will instantly add the user’s IP address to the whitelist (distribute this with care).
  • XMLRPC, Comments and Trackbacks blocked – if you don’t allow comments or use an external comment system like Disqus, turn this on. It will block any comment attempts.
  • Stop upload of PHP or executable content – as long as you don’t allow uploads of scripts or code, turn this on. It will block those attempting to load scripts on your site.
  • Enable Emergency DDoS protection – if your site’s experiencing a DDoS attack you can turn this on temporarily, it prevents anyone not using Javascript from reaching your site.
  • Block anonymous proxies and the top three attack countries (China, Russia and Turkey) – if your logs show repeated visits from these three countries, turn this on (unless of course you sell to or are in these countries). Visitors from them can see all content but can’t create an account or login.

Other things you can do with WAF security settings:

  • Protect individual pages with a password or 2-factor authentication (like mobile phone authentication).
  • Block visitors from specific countries. You can allow them to view content but not login or post, or can prevent them from seeing the site at all.

All WP Minder Plans except the Starter Plan include Sucuri Antivirus for malware scanning and the option to use Sucuri WAF. To learn more about what WAF does, check out this page.

And for an honest review of Sucuri and its services included WAF, take a look here. I really like Sucuri, I use them myself for my own sites and feel very good about offering it to clients as an integral part of my WordPress maintenance services.

Friday Link Wrapup – Permalinks, Gym Themes, WordPress SEO, Security

by Leave a Comment

This week’s WordPress and web marketing links.

Is the permalink structure you set up when you first launched your WordPress site not working out as well as you’d like? You’d like to change it, but are worried about what it could do to your search engine rankings?  Don’t worry – while it can be a bit involved, here’s a guide to changing permalinks without permanently damaging your SEO.

If you’re running a gym or are a personal trainer needing a new site, here are 25 commercial WordPress fitness and gym themes that might inspire you. As always, be careful when buying a commercial theme – you will get far more features than most businesses ever need, and using theme-based sliders, layout tools and other features can really hurt you when you decide to switch themes or get a custom theme.

Here’s a quick little introduction to the major areas to consider when doing SEO for WordPress. For something more comprehensive, Yoast’s recently updated WordPress SEO Tutorial is hard to beat!

And finally… here’s a report on the 5 biggest WordPress security challenges. Still #1 (since the last report 4 years ago) is the website owner. WordPress is so easy to use, security often doesn’t get the serious consideration it deserves. If you’re not sure about your site’s security, check out WP Minder’s plans – we include an annual security audit for every site, plus Sucuri monitoring 24/7 for most plans.

Friday Link Wrapup – Sliders, Yoast SEO, Security

by Leave a Comment

This week’s WordPress and web marketing links.

Love them or hate them, sliders just aren’t going away. If you’re looking for a slider plugin for WordPress, here’s a fairly new plugin worth checking out: Smart Slider 3. There’s a free version as well as a commercial version with Premium features. For more info, here’s an in-depth review about Smart Slider. From the stellar reviews it sounds like an awesome tool and I’ll be giving it a try myself.

Here is a big, thorough guide for setting up and using Yoast SEO, one of the premier SEO plugins for WordPress.

If you’re concerned about site security and are a DIY type, here are 10 simple tips for securing your WordPress site. Note: you will need to get into the core files and theme to implement all of these.

And finally – yes, I realize it’s June 2016, but this post still has a lot of valuable info. Learn how to do an overhaul of your WordPress site – or maybe put this on the calendar for December!

This site uses cookies to enhance your experience. By continuing you agree to the use of cookies. View privacy information.