Build A WordPress Website

Using WordPress as a Content Management System and Blog

You are here: Home / Archives for wordpress

wordpress

Keeping WordPress Up To Date and Secure

Filed Under: WordPress CMS, WordPress Plugins

After you installed your new WordPress website you need to make sure you keep it up-to-date and optimized. An up-to-date WordPress website is better protected against hacking attempts and runs better with fewer errors.

Optimizing your WordPress website goes beyond keeping it up-to-date with the most recent version of the core files and plugins. You need to optimize your database as well and make sure your site loads fast.

Keeping WordPress Up to Date

– updates for core files: WordPress will inform you if there is a new version update once you log in to your dashboard. This can be an upgrade or, very important, a security update. Note: some minor security upgrades are now installed automatically.

– updates for plugins: WordPress plugin updates can add new functionality or bug fixes and sometimes also have security updates.

– update themes (aff): WordPress theme update is mostly focused on new layout options, getting responsive or extra layout functionality. Sometimes bug fixes and security patching.

– remove no longer used plugins and themes (aff): Don't leave possible security problems and clean up all plugins and themes you tried once and decided not to use any longer. WordPress will check these plugins and themes as well so save yourself some time and clean up!

Keeping WordPress Secure

Lock Your Site to Block WordPress Spam Comments

Keeping your WordPress site up-to-date is the first step.

Next step is to use a plugin that will shield your site from people who want to hack your site or fill it with spam comments.

One of the fastest ways to block those people is with the Shield security plugin.

Shield has an easy to use Dashboard that will show you which option you have configured for use.

Shield Security Dashboard - Build a Website with WordPress

Just follow the icons in Orange once you have installed and activated the plugin.

One of the most important options if the Firewall. The firewall will block a lot of hacking attempts.

In the configuration, I have the Firewall Blocking options all set to active except for the last two.

Firewall Options in Shield WordPress Plugin

And to be able to work in your Dashboard without any problems, you should use these options in the Whitelist part.

Firewall Whitelist in Shield for WordPress

The rest of the options in Shield are pretty easy to configure, so go ahead and run through them.

Have a special look at the Login protection where you can easily rename your login option to redirect wp-login.php! This one is a no-brainer as Shield makes it very easy without you needing to create special rules in your .htaccess file.

There are so many other nice options in this plugin that I will create a separate post for it to go through the complete plugin settings. But for now, make sure you block out the basics and see what other options you might want to use.

Affiliate Link Disclosures

How To Upgrade Old Version of WordPress

Filed Under: WordPress Setup

One thing I see in common with users who have a static WordPress website is that they don’t update and upgrade it on a regular base. Most of you don't know how to upgrade an old version of WordPress.

Note: Update means small changes like Security updates. Upgrade means that there are new functions and possibilities in the new version.

Now that you ended up with an older insecure version you need to upgrade before you can change it to a better and more mobile version. Most of the time that will also mean that your need to upgrade or change your WordPress Theme as well.

But before you can do the later, first let’s take care of the upgrades first.

So, how do you upgrade from an old version of WordPress? You cannot simply push the Update message if you are on a much older version!

That update function will only work between two consecutive versions like updating from version 3.9 to 4.1.x. It will not work if you need to upgrade from let’s say version 2.6 to version 4.1.1

The technical reason for this is that with each major WordPress version there are also changes made in the database structure. Skipping these upgrades will leave you with incompatible database fields.

That is why you need a step by step approach to make sure your database is also updated up to the latest version. That is not hard to do, but you need to follow the right sequence of updating.

If you skip one step your WordPress website won’t work anymore.

What Do You Need To Upgrade WordPress From an Older Version

There are a few things that you need to have in place before you start the upgrades.

Don’t worry! Upgrading from the previous version is not hard! It just takes a little time and effort.

  • Make sure you have a good back-up of you files and database, especially the wp-content folder! That folder contains your media, plugins and theme files.
  • All the major previous WordPress versions starting from the next version after your current version. So if your current version is WordPress 2.6 your first upgrade will be to WordPress 2.7.
    Older version of WordPress can be downloaded from https://wordpress.org/download/release-archive/
  • Access to your website via FTP or Cpanel file manager. You need to be able to upload files from previous WordPress versions
  • A program to unzip the files from the downloaded .zip or .tar files like WinZip or 7-zip.
    To upgrade from 2.6 to 4.1 you need to download all the major versions like 2.7, 2.8, 2.9, 3.0, etc. You don’t need the minor updates, so you can skip versions like 3.0.5, 3.0.6 etc.

Once you downloaded those version you need carry out a series of smaller upgrade steps to upgrade – eg: 2.6 -> 2.7 -> 2.9 -> 3.0 -> 3.1 -> etc.

To find out your current version, log into you WordPress Dashboard and look for the version under “Right Now” or “At a Glance”.
Identify WordPress Version 2-6

Identify WordPress Version 4-1-1
If you identified your current version you can download the upgrade versions you need to get to the latest WordPress version.

How To Upgrade Old Version of WordPress to Latest Version

Once you have all the previous requirements in place, let’s do a step-by-step upgrade.

First unzip the next version you need to upgrade to, in this case 2.7, unzip the files from wordpress-2.7.zip into a separate folder.

After you unzipped the files open your FTP program (I use Filezilla) and browse to the local folder where you unzipped the files and open the other screen to point to your WordPress installation folder or the hosting (aff) server.

FTP Upgrade for WordPress
Click to Enlarge

Select all files in the Local PC Folder (Ctrl+A for Windows) and upload the files to the server folder. Use the overwrite files option during the upload.
If the upload is completed open your WordPress Dashboard again by logging in via /wp-admin or wp-login.php as you would normally do.

You should see a notification that your WordPress database needs to be upgraded.

WordPress Database › Update

Wait until you see the message that the update is completed and then click Continue.

WordPress › Updated

Your Dashboard should now show that you are on the next version.

Repeat all the steps above of the FTP file uploads for each new version. After each version you need to log in again into you WordPress site to run the automatic database update.

Take the upgrades step by step updating version by version 2.6 -> 2.7 -> 2.8 -> etc until you are completely up-to-date.

Now that your WordPress version is up-to-date you can update all the plugins and themes (aff) via the automatic update function.

Want to prevent that you forget to upgrade next time? Install the plugin https://wordpress.org/plugins/wp-updates-notifier/

Set it to Daily, notification for Plugin and Themes (aff) updates and make sure to use the save and send a test email to check if that works with your hosting (aff) provider.

How To Downgrade WordPress to an Older Version

Why would you ever want to downgrade your WordPress version?

One of the reasons could be that you run into problems with the latest version of WordPress and some Plugins or Themes that are not upgraded yet and are incompatible with that latest version.

But it could also be needed if you skipped a version and updated from, as an example, version 2.9 to 4.1 and now you site is not functioning anymore.

Downgrading is just as easy as upgrading. First, you get the latest version you used the have from the release archive.

Then upload the old files via FTP like you did to upgrade, overwriting the newer files. Now log in again into your dashboard and confirm the Update WordPress Database option.

Click continue and check if you site is back on the previous version and working again. Once it’s up and running again you can upgrade using the correct steps.

Or wait until your incompatible plugins / themes are upgraded to the new version.

Affiliate Link Disclosures

7 Tips to Customize WordPress Twenty Eleven Theme

Filed Under: WordPress Themes

A lot of WordPress websites are built upon, and still use, the previous default WordPress Theme Twenty Eleven. I will show you 7 tips that you can use to customize the Twenty Eleven Theme.

The WordPress Twenty Eleven Theme

With most of the tips, you don't even need to know much about PHP coding, just how to install a special Twenty Eleven plugin.

Tip 1: Install WordPress Twenty Eleven Theme Extensions

Twenty Eleven Theme Extensions is the plugin you want as it can solve most of the problems people are facing with Twenty Eleven.

To install this plugin go to Plugins -> Add new -> Search Twenty Eleven Theme Extensions and select it from the list.

Click on install and confirm that you want to install it. After installation make sure you click the active option.

You should now see an extra option under Appearance called Theme Extensions. We will go through the options in this post as most of the options  you want to change.

Twenty Eleven Theme Extensions Options

Tip 2:  Twenty Eleven Sidebar on All pages

If you look at the default layout of the Twenty Eleven theme you will see that the sidebar is only visible on the Home page.

But you want to have that sidebar on all pages, including posts. If you only want it on pages, you can select that option via the  Page Attributes in the right side menu of your edit screen.
Page Attribute Sidebar Template Option

Unfortunately, that means you have to do that on every page and you still wouldn't have the sidebar on posts. To change this, click the upper two options in the extensions plugin settings.

Twenty Eleven Sidebar on All Pages

 Tip 3:  Change the Header Image and Size on Twenty Eleven

The default header size for the Twenty Eleven Theme is 1000 width x 288 pixels in height.  Which is pretty high and takes a lot of space on your screen. You can easily change that with the extensions option Change the height of new images.
Twenty Eleven Theme Header Change

If you already have some headers installed, make sure you check the second option as well.

Better would be to create and upload new images in the right format or crop them upon upload.

You can upload new header images via Appearance -> Header -> Choose or Upload a new header file. Once you uploaded more than one header file you can switch the headers automatically by selecting the Random option.
Twenty Eleven Header Uploads and Selection

Note: Did you know you can set a special header for each post or page? Create a special header in the same size as the standard one (here it is now 1000 x 175 pixels) 1000 x 288 is the Twenty Eleven standard format.

Now go to the page or post you want that header to show up and select the option Featured Image, upload or select the header and update the page / post.
Featured Header Image Option

Tip 4:  Twenty Eleven Theme Change Menu Color and More

One of the most asked questions on Twenty Eleven is how to customize the Menu Color and other items like the link colors and text color. With the extensions plugin, you need to check the Custom Color option to get this done.

Twenty Eleven Custom Colors

Once you activate that option you get new selections in the Appearance -> Theme Options. You had a few options on that in the standard theme options, now you get a big list of things you can change.
Customize the colors on Twenty Eleven
For the menu color change look for Menu Background Color, Menu Highlight Color and if needed Menu Text Color.

You can select the colors from the button next to the color, or put in the hex (#de000a).  If you want color suggestions, check out http://www.colorhexa.com/ and http://www.colorcombos.com/

Tip 5: Remove Search from Twenty Eleven Top

As we have the last option in the extensions called Custom Style we can use that directly to remove / hide the Search Option in the top title area. Activate the Custom style option and place this code in it:

/* Search Form */
 #branding #searchform {
 display: none;
 }

So you should end up with this:
Twenty Eleven Remove Hide Search

Tip 6:  Remove / Hide Twenty Eleven Topmenu  Navigation

Some people don't like to have the Top Navigation menu below the header image and only want to use a custom menu in the sidebar.
Twenty Eeleven Main Navigation Menu

If you also want to remove that menu, then this simple trick is for you. First, create a custom menu, let's call it Blank. You leave that menu empty, so not even a Home link. Now set that Blank  as the primary navigation option and check your website, you should not see the navigation anymore.

Custom Blank Menu

Example, Twenty Eleven with smaller header and no main navigation bar.
Twenty Eeleven Main Navigation removed

Tip 7: Remove the Comment Function from Twenty Eleven Pages

On Twenty Eleven pages you can see that there is also the possibility to comment on that page.

If it's a real static page, like a contact form or a sitemap, you don't want people to comment on the content of that page.

I only want comments on my posts, not on pages. So the option to disable all comments is not an option. Instead, change the screen options display when you are in the edit screen for a page.

Start with the screen options tab (upper right corner)
WordPress screen display options
On that screen enable the Discussion option by checking it, this will display the Comments option below your main content edit screen.
D:Afbeeldingenitmentorwordpress-discussion-options.png
Uncheck both options and the comments form will be gone from your page. You need to do this on all current and new pages!

Bonus Tip: Remove / Customize Proudly Powered by WordPress from Twenty Eleven Footer

In this case, we do need to work on a core file from the Twenty Eleven Theme, especially the file called footer.php

It would be better to do this on a Child Theme, but for this purpose, it will not be such a problem. You just need to make sure you do it again it there should come an update for the Twenty Eleven Theme.

Go to Appearance -> Editor -> Open the file Footer (footer.php)

Search for <div id="site-generator">

You need to replace the code between that code and the first </div> after that code. replace the code:

<?php do_action( 'twentyeleven_credits' ); ?>
<a href="<?php echo esc_url( __( 'http://wordpress.org/', 'twentyeleven' ) ); ?>" title="<?php esc_attr_e( 'Semantic Personal Publishing Platform', 'twentyeleven' ); ?>"><?php printf( __( 'Proudly powered by %s', 'twentyeleven' ), 'WordPress' ); ?></a>

With

<p>Copyright © - <?php echo date('Y'); ?><a href="http://www.example.com" rel="nofollow"> Special Example Link Website</a></p>

Change www.example.com with your own URL and the text for the link to fit your website. All done, you should see your own text in the footer and it should link back to your homepage.

Other Twenty Eleven Theme customizations?

Above are the most request changes for the WordPress Twenty Eleven theme. Did they work for you? Or do you have extra needs or idea's or suggestions?

Please let us know in the comments below!

Secure Your WordPress Website with Wordfence

Filed Under: WordPress Plugins

Even though some people will tell you that WordPress is insecure, you should know that the core of WordPress is one of the most secure open source content management systems there is today.

Even the latest hack attempts were not targeted to the software itself. It was an attack by sending brute-force password hack attempts for default users names and weak passwords. So make sure you don't use admin as your administrator username and have a good strong password. If you want to learn more about those attacks, read WordPress Security Attacks and Solutions.

To secure your site there is one plugin that I highly recommend. It will check and monitor your WordPress website, it's called Wordfence.

Wordfence Security Plugin

Wordfence is free and you can get it for your WordPress security by following these steps:

  • Sign in to your WordPress website.
  • Go to your “Plugins” menu and click “Add New”.
  • Enter “Wordfence” in the search box.
  • Install Wordfence and set your options.

To set the Options, go to the Wordfence plugin options choice.

WordPress Security Options from Wordfence

In the settings screen you get large screen with a lot of options!

Start with the basics and set your email address and the option on How does Wordfence get IP's. Save the changes.

Wordfence Basic Options

Now lets see what else you need to set, most of the options can remain as offered by the standard installation.

There are only a few things that I change:

  • Disable the Life Traffic View options
  • Set Scan theme files and plugins files against repository to enabled
  • Enable the Firewall rules and set the block fake crawlers option to active
  • Under Other Options put in your own IP address to the Whitelist
  • I choose not to set the option to Participate in the Wordfence Security Network, but that is just my personal choice

Save all the options you have set, and run a first scan.

Working with WordPress Security Alerts

After the scan is complete you will get some WordPress security notifications, especially if you have the option active to scan plugin files against the repository.

Wordfence security alert notification

You have several options on how to proceed with this notification.

It depends on the severity of the problem and on what kind of file it is.

In this case I only check to See how the file has changed to make sure it is just a minor change, if that is the case I choose to Restore the original version of the file. Wordfence will then get the file from the repository and overwrite your current file.

Most of these kind of notifications will be around readme files, so no problem there. After the check, do the restore to prevent a new notification next time the scan runs.

Since I do run Dutch websites I also get errors on language settings, in that case I will choose to Ignore until the file changes.

Check out the options and see if you want to use by the options mentioned before and run a scan on your own site. You will see that Wordfence will monitor your site and scan it once a day (free version) and send you an notification if somethings changes.

I even got a Warning: * Your DNS records have changed notification today after my hosting (aff) company replaced some servers and had to change the IP addresses…

Wordfence Drawbacks

So this Wordfence plugin sounds great, but is there a down side to it?

Yes there is, but its minor. It has to do with the database tables it uses. As you can see they can grow pretty large.

wordfence database tables

Here are the same tables after optimization with the WP-Optimize Plugin.

Wordfence database tables optimized

Still pretty large right? I did not see any performance problems though and I do think that these tables will improve over time.

Nothing to worry about directly, but certainly something to look out for and do preventive maintenance on your database. You can also choose to not back-up these tables if you run into trouble with your back-up files.

Despite this drawback I do recommend your install, configure and use Wordfence to secure your WordPress website!

Affiliate Link Disclosures

Block WordPress Comment Spam

Filed Under: WordPress Plugins

There is one things that most new WordPress users want to do after few days: Block WordPress Comment Spam 

You will understand after your site has been running for a couple of days.

Comment spam is a black-hat tactic to getting back-links to a website. Most of those fake comments are done via spam-bots (small programs) that inject comments into the comment field of your blog articles. Others are done by outsourcing this back-linking to cheap foreign countries like India or The Philippines.

The worst kind are comments are those that send you or your visitors to mall-ware sites.

Lock Your Site to Block WordPress Comment Spam

Ways to Filter WordPress Comment Spam

There are a few ways to get rid of those pesky spam comments.

Uncheck the option that people can leave comments on your blog, very effective but not really visitor friendly. Go to Settings -> Discussion -> Uncheck all first three options.

Install Anti-Spam plugins to check if its a known spam comment so that the comment is put in the Spam reaction queue.

Install a anti spam bots plugin, that will block the comment bot and prevent the comment from coming into your WordPress system.

Set some rules in the Discussion section to make sure those WordPress spam comments are moderated before they hit your visitor facing site. Is always good to moderate your comments. One tip: Trust nothing, check and double check.

Set the option that people need to register before they can comment, however this will drive off some legit visitors that want to comment as well.

An important sign of a WordPress comment spam is to check if the comment is really on topic and will have good value for you or other visitors.

If not? Delete it. No sure? Copy the comment and search it in Google between quotes. If it shows the extract term on several hits, delete it.

Anti-Spam Plugins for WordPress

The number one plugin used for fighting off comment spam is Akismet.

Akismet is installed with any new WordPress site by default. After activation you need to register for an API Key at http://akismet.com

Please make sure you read their Terms of Services so you can make a good choice on what plan you should pick.

If you only use Akismet on a personal non-business blog with under 20.000 visitors per month you can select the personal plan and slide the price slider to 0.

Note: This plugin costs $5 a month (per site) if you make any money from your site, such as through an affiliate link, ad, or paid service.

After you activate the Akismet plugin you follow the notification and put in your key.

Akismet Key Input Screen

Cookies for Comments

The cookies for comments plugin will first set a cookie on a random URL that is then checked when a comment is posted. If the cookie is missing the comment is marked as spam.

If its a spambot that tries to place a cookie, it will fail as they won't accept that cookie.

You can find the plugin here http://wordpress.org/extend/plugins/cookies-for-comments/

Growmap Anti Spambot Plugin

This plugin is my favorite. It blocks spambots by adding a client side generated checkbox asking the comment author to confirm that they are not a spammer. (Like you see on this website)

A check is made that the checkbox has been checked before the comment is submitted so there's no chance that a comment will be lost if it's being submitted by legitimate human user.

Given your visitor the option to just tick a checkbox is much more user friendly than a Chapta (which are sometimes very hard to read) or do some calculation.

You can find the plugin here http://wordpress.org/extend/plugins/growmap-anti-spambot-plugin/

After you installed and activated the plugin go to Settings -> G.A.S.P to verify that the basic options are set or you want to change some text. You can configure extra checks like the number of links in a comment or the number of words in the commenters name field.

Combining Anti Spam Plugins

For me a combination of Cookies for Comments and Growmap Anti Spambot Plugin has reduced the number of spam comments to almost zero, maybe two or three manual spam comments, but that's it.

Giving me more time to build sites and write articles on my own sites.

So how about you? Does your website still gets loads of spam comments?