Build A WordPress Website

Using WordPress as a Content Management System and Blog

You are here: Home / Archives for Plugins

Plugins

Keeping WordPress Up To Date and Secure

Filed Under: WordPress CMS, WordPress Plugins

After you installed your new WordPress website you need to make sure you keep it up-to-date and optimized. An up-to-date WordPress website is better protected against hacking attempts and runs better with fewer errors.

Optimizing your WordPress website goes beyond keeping it up-to-date with the most recent version of the core files and plugins. You need to optimize your database as well and make sure your site loads fast.

Keeping WordPress Up to Date

– updates for core files: WordPress will inform you if there is a new version update once you log in to your dashboard. This can be an upgrade or, very important, a security update. Note: some minor security upgrades are now installed automatically.

– updates for plugins: WordPress plugin updates can add new functionality or bug fixes and sometimes also have security updates.

– update themes (aff): WordPress theme update is mostly focused on new layout options, getting responsive or extra layout functionality. Sometimes bug fixes and security patching.

– remove no longer used plugins and themes (aff): Don't leave possible security problems and clean up all plugins and themes you tried once and decided not to use any longer. WordPress will check these plugins and themes as well so save yourself some time and clean up!

Keeping WordPress Secure

Lock Your Site to Block WordPress Spam Comments

Keeping your WordPress site up-to-date is the first step.

Next step is to use a plugin that will shield your site from people who want to hack your site or fill it with spam comments.

One of the fastest ways to block those people is with the Shield security plugin.

Shield has an easy to use Dashboard that will show you which option you have configured for use.

Shield Security Dashboard - Build a Website with WordPress

Just follow the icons in Orange once you have installed and activated the plugin.

One of the most important options if the Firewall. The firewall will block a lot of hacking attempts.

In the configuration, I have the Firewall Blocking options all set to active except for the last two.

Firewall Options in Shield WordPress Plugin

And to be able to work in your Dashboard without any problems, you should use these options in the Whitelist part.

Firewall Whitelist in Shield for WordPress

The rest of the options in Shield are pretty easy to configure, so go ahead and run through them.

Have a special look at the Login protection where you can easily rename your login option to redirect wp-login.php! This one is a no-brainer as Shield makes it very easy without you needing to create special rules in your .htaccess file.

There are so many other nice options in this plugin that I will create a separate post for it to go through the complete plugin settings. But for now, make sure you block out the basics and see what other options you might want to use.

Affiliate Link Disclosures

20 Basic WordPress Plugins for Your WordPress Website

Filed Under: WordPress Plugins

A couple of years ago I wrote a list of 20 basic WordPress plugins and how you can install them on a new WordPress website in 5 minutes.

Here is a complete explanation of that list and what each plugin is used for.

The Basic WordPress Plugins List

BackWPup
This plugin can create a database back-up, back-up your files, optimize your database and store in somewhere in the cloud for you.

Contact form 7

Contact Form 7
Elementary plugin to create an email form for your contact page

Fancybox for WordPress
Shows media file in an overlay instead of separate pages, you can click through all linked images on a page

Flare
Social share plugin with great options to add more like Google+ and more

Google XML Sitemaps
Creates an XML sitemap file that makes sure that search engines now what to index. Make sure you make this file link is in your Google Webmaster Tools account.

Growmap Anti Spambot Plugin
Blocks all kinds of automated spam comments that can fill up an unprotected site with all kinds of bad unrelated comments.

Limit Login Attempts
Secure your WordPress site for hacking attempts by limiting the number of login attempts. Too many attempts will block access for a set time.

No Self Pings
Do not ping back to your own site if you link to previous posts. This plugin prevents trackback links to your own site.

nrelate Related Content
Great plugin for showing related content with thumbnails. Good option for getting visitors to read more on your website.

PS Automap Sitemap

PS Auto Sitemap
Can create a well-formatted sitemap page for your visitors. You can disable the link back to the developer, something that is harder to do with the Dagon Design sitemap plugin.

Quick Adsense
Not just for automatic placement of AdSense code on your page, you can also use it for affiliate links and even HTML coded text blocks. Also, it has a built-in Widgets function.

Revision Control
Limits the number of post revisions that will be stored in your database. This will help to keep your database running fast.

Simple Trackback Validation with Topsy Blocker
This plugin checks of trackback (backlinks) to your posts are valid and blocks them if they are spammy.

Subscribe To Comments
Keep your visitors updated on new comments or replies to their comment if they choose to get those updates.

W3 Total Cache
The speed of loading time is essential for both your visitors as for search engines. This caching plugin makes sure that the pages are presented fast. Needs some configuration for best performance.

Wordfence Security
Keeping your site secure and up-to-date is needed for every WordPress website. Wordfence will check your site for changed files, can compare files with the core WordPress plugin and theme repository and send you a notification if it finds problems.

WordPress Popular Posts
A good way to show you visitors that there are other well-perceived articles by showing the best ones in a sidebar widget.

WordPress SEO by Yoast

WordPress Seo
A most have plugin if you are serious about getting better rankings in search engines like Google, Bing, and Yahoo. Is also gives advice for on-page SEO improvements and keywords to use in your pages and articles.

WP Updates Notifier
Send you an email if your WordPress website is in need of core, plugins or theme updates. Very good for WordPress site owners that don't log in on a regular base. Helps to keep your site secure by getting the updates done on time.

WP-Optimize
Keeping your WordPress database optimized is a good thing and this plugin does that very well and is easy to use. You can also clean out old post revisions and spam comments.

Basic WordPress Plugins List

After you installed and sometimes configured these basic WordPress plugins you are set to go. Get a good theme for you site layout and start sharing your passion, products and or services by writing great content.

If you are running a WordPress website for a longer period of time you might have your own basic WordPress plugins list. If there is anything you are missing on this list, please let us all know in the comments below!

Secure Your WordPress Website with Wordfence

Filed Under: WordPress Plugins

Even though some people will tell you that WordPress is insecure, you should know that the core of WordPress is one of the most secure open source content management systems there is today.

Even the latest hack attempts were not targeted to the software itself. It was an attack by sending brute-force password hack attempts for default users names and weak passwords. So make sure you don't use admin as your administrator username and have a good strong password. If you want to learn more about those attacks, read WordPress Security Attacks and Solutions.

To secure your site there is one plugin that I highly recommend. It will check and monitor your WordPress website, it's called Wordfence.

Wordfence Security Plugin

Wordfence is free and you can get it for your WordPress security by following these steps:

  • Sign in to your WordPress website.
  • Go to your “Plugins” menu and click “Add New”.
  • Enter “Wordfence” in the search box.
  • Install Wordfence and set your options.

To set the Options, go to the Wordfence plugin options choice.

WordPress Security Options from Wordfence

In the settings screen you get large screen with a lot of options!

Start with the basics and set your email address and the option on How does Wordfence get IP's. Save the changes.

Wordfence Basic Options

Now lets see what else you need to set, most of the options can remain as offered by the standard installation.

There are only a few things that I change:

  • Disable the Life Traffic View options
  • Set Scan theme files and plugins files against repository to enabled
  • Enable the Firewall rules and set the block fake crawlers option to active
  • Under Other Options put in your own IP address to the Whitelist
  • I choose not to set the option to Participate in the Wordfence Security Network, but that is just my personal choice

Save all the options you have set, and run a first scan.

Working with WordPress Security Alerts

After the scan is complete you will get some WordPress security notifications, especially if you have the option active to scan plugin files against the repository.

Wordfence security alert notification

You have several options on how to proceed with this notification.

It depends on the severity of the problem and on what kind of file it is.

In this case I only check to See how the file has changed to make sure it is just a minor change, if that is the case I choose to Restore the original version of the file. Wordfence will then get the file from the repository and overwrite your current file.

Most of these kind of notifications will be around readme files, so no problem there. After the check, do the restore to prevent a new notification next time the scan runs.

Since I do run Dutch websites I also get errors on language settings, in that case I will choose to Ignore until the file changes.

Check out the options and see if you want to use by the options mentioned before and run a scan on your own site. You will see that Wordfence will monitor your site and scan it once a day (free version) and send you an notification if somethings changes.

I even got a Warning: * Your DNS records have changed notification today after my hosting (aff) company replaced some servers and had to change the IP addresses…

Wordfence Drawbacks

So this Wordfence plugin sounds great, but is there a down side to it?

Yes there is, but its minor. It has to do with the database tables it uses. As you can see they can grow pretty large.

wordfence database tables

Here are the same tables after optimization with the WP-Optimize Plugin.

Wordfence database tables optimized

Still pretty large right? I did not see any performance problems though and I do think that these tables will improve over time.

Nothing to worry about directly, but certainly something to look out for and do preventive maintenance on your database. You can also choose to not back-up these tables if you run into trouble with your back-up files.

Despite this drawback I do recommend your install, configure and use Wordfence to secure your WordPress website!

Affiliate Link Disclosures

Which Sidebar Widgets to Use in Your WordPress Site

Filed Under: WordPress Setup

One of the main ways for your visitor to navigate through your website is the Sidebar.

In the sidebar of your WordPress layout, you can place a lot of widgets.

However, what you really need in there are the things that will help your visitor to get a clear image about the topic your website is about.

Besides that it should show them how they can find what they are  looking for.

Basic Sidebar Widgets for WordPress

For me, there are some basic widgets that you should always use.

Registration option for Updates

In order to allow your visitor to keep informed about new postings is your first widget.
Whether you have a mailing list via MailChimp, Aweber or Feedburner that you want to build, you do have to get this option to give your visitor an easy working signup form.

A signup widget in your sidebar is the fastest and ever-present possibility.

Site Topics Selection

A custom menu widget containing the main categories of your website is also a must.

Such a menu gives your visitors the ability to see what your site is about and gives them instant access to your most important articles on a particular topic.

Latest Articles or Recent Posts

I almost always use this to show that there are regular updates. If you build a static website, then replace this recent article widget with a custom menu widget linking to your main pages.

Another option that could replace the Recent Posts widget is a Widget with your most Popular Posts. There is a special plugin that gives you that ability http://wordpress.org/extend/plugins/wordpress-popular-posts/

Above widgets are the basics for about 95% of every WordPress site I do, perhaps you can take advantage of it.

Make sure in any case that you don't show the following widgets in your sidebar, they just use space you need for better things.

  • Meta widget – You know yourself how you can log in.
  • Date based archives with month selection: This list can get very long if you have been blogging for a longer period of time. People are not looking at the article date but for a certain topic.

Social Media Widget

Not everyone has an extensive online social life, so it depends on your own situation if you want it. It will get increasingly important to get high rankings in search engines.

A good social media widget can provide you with many new followers on Twitter, get Facebook likes, Google+ connections and more.

Site Dependent Sidebar Widgets

Other sidebar widgets you can think of, depending on the purpose of your site, are special text widgets like an About the Writer (Biography) widget.

In such a text widget, you can use HTML code to show an image or link to a special about or action page.

You can place an Ad widget to earn some money with your website.  You can use a plugin to help out like http://wordpress.org/extend/plugins/ad-squares-widget/ or http://wordpress.org/extend/plugins/ad-codez-widget/. Both will give you an opportunity to rotate banner codes.

A special call to action widget that is specifically crafted towards the main goal of your site. Like the direct link widget on my Dutch website www.wphandleiding.nl with an image to guide visitors directly to the download page.

A Call to Action Sidebar Widgets

Tag Cloud Widget usage depends on the fact how well you have created tags on your site; you do have the main navigation categories. Tags can provide good extra navigation options.

Last but not least you should consider a search widget. It depends on your theme lay-out if you need one in your Sidebar. Most of your visitors will be used to look for a search option in the upper-right corner of your site.

This is a selection of sidebar widgets and reasons why I use them. And what about you, what widgets do you always show in your sidebar and why?

How to Secure Your WordPress Website – The Basics

Filed Under: WordPress Setup

In my book review WordPress 3 for Business Bloggers I told you that I missed one piece of content, which was options to secure your WordPress website, and that I would give you some tips on how to secure your WordPress website.

WordPress is a very popular Content Management System and as such is always under attack by hackers and crackers.

Most of the hack attempts are not focused on WordPress core security holes but rather plugin or theme security weaknesses.

Basics on how to Secure Your WordPress Website

WordPress security starts with the installation of your website and these steps can help:

  • choose a good web host
  • create a cryptic database and database username for your MySql database
  • create a highly secure password
  • don't use the standard wp_ prefix for ou tables
  • don't use the standard Admin user name but create a more difficult username and matching secure password

After installation use the permalinks option to create a .htaccess file in the root of your website.

Once the installation is done you can remove the following files:

  • wp-config-sample.php
  • readme.html (contains information on what version of WordPress you are running)
  • wp-admin/install.php
  • wp-admin/install-helper.php

Secure your files by changing the permissions on:

.htaccess to 404 (or 604)

wp-header.php tot 400 (or 600)

if possible move your wp-config.php file one folder up and set the security to 400 or 600 if your hosting (aff) company won't allow 400.

Secure Your WordPress Website Plugin Options

There are four plugins I always install on my WordPress websites:

WordPress Firewall 2 monitors web request to your website and blocks obvious attacks.

File Monitor Plus this plugin will send you an email if a file has changed on your website and which file(s) are changed.

WP Security Scan will let you know if you already are under attack and will give you extra tips and aids to block some standard attacks.

Login Lockdown looks at login attempts that fail from a certain IP address and shuts down login functionality for a certain amount of time for that address preventing further brute force attacks.

All of the above measures have helped me to secure my WordPress websites from attacks on several occasions.

Secure Your WordPress Website

WordPress 3 Cookbook

I also got a chance to read WordPress 3 Cookbook, a fun concept that gives you “recipes” that you can use on your own WordPress website.

Here is a short overview of the chapters in this fine book:

Chapter 1: The WordPress Cook's Tools
Chapter 2: Installing and Customizing Themes (aff)
Chapter 3: Working with Plugins and Widgets
Chapter 4: Customizing Content Display
Chapter 5: Building Interactivity and Community
Chapter 6: Implementing Online Sales and Advertising
Chapter 7: Making an SEO Friendly Site
Chapter 8: Enhancing Usability and Accessibility
Chapter 9: Managing Maintenance and Improving Security

And yes this one has a chapter on security :-) but the rest of the book is also a very good read and gives you over 100 short practical articles that you can use.

I really enjoyed reading and implementing several of the recipes on my own WordPress websites and I really suggest you take a look at the WordPress 3 Cookbook
as it has some nice pearls in it … but that said you need to be aware that you should have a code editor and FTP program. I recommend PSpad and FileZilla

Affiliate Link Disclosures