More tips for hardening your WordPress site

If you’ve been following along, you’ve learned a thing or two over the past week and a half about securing your WordPress site by changing your username and password, installing some plugins and backing up your database.

It’s not rocket science, really, it’s just something many of us don’t take seriously…until it’s {insert dramatic “da-da-da-daaaaa”} too late.

Here are some more tips to keep your WordPress blog or website as secure as Alcatraz.

Now remember, all of my excellent advice does absolutely NO good unless your actual computers are secure. If you don’t have antivirus software that includes protection and detection of malware, spyware, and trojans, as well as Internet and email controls then you’re setting yourself up for hours, days, or even weeks of cleanup after an attack on your computer. That is, of course, if the attack didn’t completely wipe out your computer all together.

I’m pretty conscious about security and I have 3 computers at home, one of which is a laptop that I don’t use very often. It’s older, slow and I really only use it to check email or grab a recipe online when I’m away from my office or just piddling around the house.

One day a few weeks ago I opened my laptop and there was a message from Microsoft that I had been infected…or so I thought. Me being the expert at spotting suspicious messages, I quickly noticed that not only was the message not using proper English, something Microsoft would not dare let slip, but there was also a misspelled word. I wouldn’t have noticed any of this at first glance and I actually read it several times as it was hounding me to “click here” to download a fix. At that point I knew I had a virus.

Next thing I know this little virus or trojan or whatever it was kept opening Internet Explorer and trying to connect to something. I immediately disconnected it from the Internet and then began the cleanup process. See, I had let my antivirus software lapse on the laptop. Not because I just didn’t want to, but because I hardly ever use it and I just kept thinking I’ll take care of it next time. Well the little buggers got me before I got around to it.

Since then I have installed Trend Micro Internet Security Pro and it has far surpassed my expectations as far as any antivirus program I’ve used in the past. It has everything you need, protecting your computer, you from downloading infectious files online but it won’t even allow me to visit a url if that site has been flagged as suspicious, containing malware, spyware or is just plain bad.

Bonus is you don’t need a copy for every computer you own. You can install it on up to 3 computers which saves you money as well as headaches. I highly recommend.

Now go forth and protect yourself.

WordPress security plugins and why being backed up is a good thing.

So last week I talked about the enormous pain in the a*s you will be faced with if when your WordPress site gets hacked. Trust me when I tell you it’s not something you want to deal with. On Thursday I talked about the importance of starting out with an unguessable, unhackable username and password…something not enough of us take seriously.

You can catch up by reading that post about WordPress login security here. Today, though, I’m going to share a few of my favorite WP plugins with you that you can either snag yourself or ask your web developer to install for you.

Now, there are tons of plugins out there that claim to secure your site but I can only vouch for the ones I use on the blogs I manage for myself and my clients.

Best WordPress Security Plugins

WP Security Scan: Their site claims that this plugin, “Scans your WordPress installation for security vulnerabilities and suggests corrective actions. –passwords – file permissions – database security – version hiding – WordPress admin protection/security.”

WP Malwatch: According to their site, “WP Malwatch is a WordPress security plugin scanner designed to help alert you when hackers have been at work inside your blog.

Bad Neighborhood Login LockDown: From their website, “Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.

AntiVirus: This basically is a plugin which will provide antivirus protection for your blog.

As I mentioned, I’ve seen these plugins work and I recommend you install them…sooner rather than later.

Now another important thing to do whether or not you are worried about your blog being hacked is to do regular backups.

BACKUP BACKUP BACKUP. I can’t say it or stress it enough.

Even if your site, database or server gets hacked, if you have a good backup of your site files AND the database, at least you have a fighting chance of restoring everything with only some minor headaches.

My favorite backup plugin is WP EZ Backup. It allows you to backup archives of your site file as well as your database, all from your WordPress dashboard.

If you’re relying on your web hosting company to backup the files on your server, then you’re going to be very surprised when you actually have to contact them one day because:

  1. Unless your hosting company specifically tells you they do daily backups, which is highly unlikely with most hosts, then you are going to be limited with what they have. It might be weekly, monthly, or even longer intervals in which they perform backups on your server.
  2. You will probably have to pay a hefty amount for them to restore a backup.
  3. You just lost any custom changes you made to your site or blog since that backup point.
  4. There is no guarantee your site wasn’t infected at the time of that backup point.

You must make or schedule backups of your files regularly. Just as you should be doing with your computer, this is key to keeping your files safe, secure and up-to-date.

Database Backup

Backing up your database is even more important than backing up your files. Why? Because everything you enter into WordPress (i.e. pages, posts, comments, registered users, activated plugins, WordPress options, etc.) is stored in a database. If your database is lost, corrupted, or hacked into, you will lose all that information or spend the next few days or weeks cleaning it up.

Trust me. It’s not fun but you can avoid a major pain in the a*s by being backed up regularly. Errr…

Anyway. Tune in again on Thursday when I share some extra tips on securing your WordPress blog.

Be responsible – practice safe WordPress

A couple months ago, my life was swallowed up by hackers.

I was consumed by the meticulous clean-up of several hacked sites, all built on the WordPress platform, and incidentally, all of which are hosted by GoDaddy. Now, I won’t go into a tirade about GoDaddy because that is a blog post for another day and today’s post is the first in a series of how to secure your WordPress site or blog.

Before your eyes start to glaze over because you don’t want to deal with this type of thing or because you’re smarter than the rest of us and you think you already have it all under control, I’m telling you, you NEED to read this post. Don’t you want to know you did everything you could to prevent your site from being hacked? Cause take it from me…clean-up sucks.

Know how much time I spent cleaning up those hacked sites for new-to-me clients I mentioned earlier?

8-10 HOURS EACH! Imagine having to shell out that kind of moolah to pay someone like me, who works on an hourly basis, and who knows what they’re doing, to clean up your site after it’s been hacked. It’s much cheaper for you to read this post. But if you’re going to stop reading here, though, at the very least Bookmark this post or put my contact information in your address book because one day you are going to need it!

Secure your WordPress Administrative Login

Your login is as good a place as any to get started. If you’re still using that same old password you’ve been using since 1992 (you know who you are), or if you’re still using the standard ‘admin’ username and ‘password’ password, it’s time to wake up! You couldn’t possibly be more vulnerable.

Change your username and change your password to NON-dictionary words. Don’t use your blog’s name as your login either – it’s too easy for those Internet hackers who apparently have nothing better to do all day but to wreak havoc on us poor, unfortunate, unsuspecting souls.

Your password should be at least 8 characters including uppercase, lowercase, symbols, and numbers. I know, I know. How are you supposed to remember stuff like that? Simple. Get a password manager. I personally love RoboForm Pro and they even have Robo2Go if you bounce around from computer to computer. Or you can use an old-school notebook and write them down! P.S. You can download these programs directly by clicking these links: RoboForm or Robo2Go

A big problem with passwords is many people use the same one for all their five million online access accounts and that is bad (again, you know who you are). If someone hacks your computer and guesses your password, it’s their lucky day! You’ve just given them access to your entire life.

I know it’s hard to keep up with all those passwords for your five million accounts but you have to do this.

Remember, your password NEEDS to be 8-10 characters, contain letters AND numbers, and preferably at least one symbol such as ! & % @ $ or #. Remember to mix upper and lower case letters, too.

Check back next Tuesday and I’ll share my favorite WordPress Plugins to help keep your site as secure as possible. In the meantime, go change your login information. Please!

A good website takes time. AND a plan.

It’s true what they say, guys, failing to plan really is planning to fail…and that includes the development of your website.

I can’t tell you how many people have come to me over the years asking for a website (yesterday) without having any idea of what they want.

It usually goes something like this:

Client: I need a website, I want to launch this month and I hope you can help because you’re the greatest website designer in the entire universe.

Me: That’s a tight deadline but flattery will get you everywhere, so I might be able to help. I have a website analysis form I’ll need you to fill out first. Have you given some thought to what you want in a website?  Do you want to maintain it yourself or will someone else be maintaining it for you? Will it be WordPress or a static site?

Silence. Crickets chirping. Tumbleweeds.

Client: Well, I just want a basic 5 page website with a contact form.

Me: OH, why didn’t you say so. If that’s all you want, I’ll have something to you next week.

No, not really. Could you sense the sarcasm there?

In all seriousness, most people have absolutely no idea how much thought goes into building a website. Planning is SO critical in ensuring a successful outcome and it’s almost a guarantee that you end up with a website you love (unless you choose Signature Worx which is a 100% guarantee that you end up with a website you love ;) ).

A well-planned site will suit your needs and grow with you as you grow.

I’ll be thrilled to help you with your website but I’ll be super thrilled if you know something other than you just need a website.

It will be even better if you know what you would like your navigation will look like, what pages you need, and how you want people to take action. You get bonus points if you have your content all ready and if you know your keywords. Of course if you’re one of those people who would rather have a root canal because it takes you 16 hours to write a paragraph and it still doesn’t sound perfect, our fabulous copywriter has you covered

Sounds like work on your end, I know. But here’s a big fat WARNING. If you hire a website designer and they do not take you through some sort of planning process, run as fast as your little legs can carry you in the opposite direction. Know why? Because any professional website designer will require some sort of analysis and planning before they get started and if you aren’t asked any questions about what you’re looking for, you probably won’t get what you want. Makes sense, right?

Now don’t worry. When you get in touch with me for your website needs, I’m NOT going to intimidate the heck out of you. I don’t expect you to know as much about building websites as I do, that’s not your job. If you don’t understand CMS, WordPress or HTML, I’ll explain as much (or as little) as you want.

The most important takeaway for you here is that there is a lot of work that goes into planning a website and if you go to your designer the day before you want your site launched, without having done any preliminary legwork, you will be out of luck. Or you’ll get a crappy website that looks like a dog’s breakfast. And that, guys, is a guarantee!

January Signature Specials – Its a Signature Celebration! Plus BOGO Sale

Signature Specials Newsletter sampleHappy New Year! This month is our anniversary and to celebrate we have several special offers to help you get your business identity, branding, and all those time consuming tasks off your plate for a great start to 2010.

What’s included in this month’s Signature Specials?

Check out the full version of this newsletter online, complete with promotional codes and active links today!

Better yet, subscribe to our Signature Specials newsletter here.

Next Page →