Security, Security, Security – You Can Never Have Too Much

Make sure you know about your own site's security policy.
Make sure you know about your own site’s security policy.

Security, you never realize how much you really should be thinking about it until your site is hacked. For business owners, let me caution you to not leave this most important aspect out of protecting your online presence to staff without some oversight.

Here’s what you as the business owner need to know about security.

  1. You need a back up and redundancy plan.
  2. You need to know what your webmaster is doing on security.
  3. You need to routinely monitor the Google Search Console for messages.
  4. Sometimes the Bing Search Console will notify you faster of a hack, so monitor there too.
  5. Look for weird URLs and strange activity in Google Analytics.
  6. Make sure you do regular back ups of your website files and keep several archives not just one.
  7. Back up your back up!
  8. If you use WordPress as the backbone for your site see below.
  9. Remain vigilant. If you have security plugins monitor the messages.

If you have WordPress…

I like WordFence as my security plugin. I am getting nice results and actionable message about access, updates to do to stay secure, and not too many messages that I get “security fatigue”.

I do use other plugins as well for WordPress. Below are the ones I will typically install for clients.

Login Lockdown
Locks out brute force attacks and bad passwords.

WordPress File Monitor
This plugin monitors the core files for changes and uploads.

Sucuri or WordFence
I have used this program but found that the number of messages was too overwhelming so at this time I am using WordFence instead. Just make sure you use something AND make sure to actually read the alerts!

If you need help with your website please feel free to visit ours and check out our services.

 

Why Pay When You Can Get Free!

Time is Money! When It Comes to Deleting Spam Comments
Time is Money! When It Comes to Deleting Spam Comments

Everyone likes a bargain! Sometimes however you’ll want to pay for an app or WordPress plugin that is really valuable, but why pay when you can get one that does the trick for free?

I deleted Askimet as my spam plugin in WordPress when they moved to pay to play and really tried to wring $5 a month out of their users after years of free service. I understand that everyone needs to make a buck, but in the world of WordPress what they offered was not unique.

I searched for spam filtering plugins. I found Cleantalk and tried it for the seven day free trial period. I liked the interface, but just did not feel that paying for it was worth it to me. Cleantalk bills $8 per year. Not a lot, but free is free.

Now I am trying out the free WordPress plugin Anti Spam Bee. This plugin appears free – well at least for now.

Before you buy of any plugin, make sure to try it out. I may be back with Cleantalk, but for now I am going free, free, free with the big yellow bee of Anti Spam Bee.

 

 

My Tips for Securing WordPress

My firm blogs for many clients and in the process we’re on blog sites more frequently than the blog owner. In some cases my team was the first to notify the client of a hack. Typically when a site is hacked, we cannot login to write or see the WordPress site when we go to gather links for a blog post.

To keep your WordPress blog or WordPress website from being hacked these are my tips for security.

1. Make sure you are using a secure password. Many times the client’s webmaster will send us our logins and the password is something like 123456. For security, I like passwords like this A&Ji3nGba*3!. Impossible to remember but really hard for a hacker to guess.

2. Secure your site from brute force login attempts. I like the WordPress plugin Login Lockdown. This plugin allows you to lock out intruders who are repeatedly trying to get in by blocking their IP address.

3. Monitor your core WordPress files. I really like this plugin. It monitors your core WordPress files and emails you when there have been changes and advises you what files have been changed. I cannot begin to tell you how easy this  makes fixing a hack attack by having an idea where to start.

4. Use an exploit monitor. I use the WordPress plugin called Exploit Scanner. We’ve found several deep hacks with roots in a parent website feeding into an on-domain blog this way. By scanning the WordPress files for explode and hidden elements we have been able to quickly identify a hack and work fast to remove it.

There is nothing worse for a website owner than to do a search for themselves on Google.com and find a note next to their site for users not to visit it due to malware or Google to turn off the links to their site.

These simple preventatives are what we suggest for every blog owner they are easy to install and require just  minimum of vigilance.

Working with WordPress Backbone Websites

I am in the process of finishing up and readying for launch a new website built on the back bone of WordPress. I have to say the website has turned out nice, but I wanted to share with you a few of my thoughts on using website built like this for search engine placement.

I think that if you want to save money on webmaster services, like the control of being able to add and update your content at will; a well designed website using WordPress has no comparison. But for people, like me, who are used to full and complete source code control for SEO purposes a website built with WordPress leaves much to be desired.

Professionals in my industry know that template based websites (and that is really what a WordPress built site is-  a custom template) do not allow you full source code control. Although the designers that have worked with me on building this site have really done a great job, there are instances when I wanted to name my uploaded images my own way; I wanted to custom design my site architecture and be able to change the names and structure easily if I needed to down the road; I wanted to add special design or style elements to my pages without having to create hacks to make the page work the way I wanted it to within the template constraints. In other words, there is an element of control, subtle though it may be, that is simply missing with a WordPress site versus a custom created, built from the source code up, website.

I guess with all new improvements to allow customers to control their own content there are trade offs, but I’m not sure that I want to lose that control for every customer.