One of my favourite Contact Form plugins for WordPress is Contact Form 7. It’s easy to use, easy to set up and only requires a copy/paste of code into any page or widget and it works. I have tried a few of the other forms and find they are more time consuming and difficult to set up. I usually delete the plugin and install Contact Form 7 instead. My tried and true form plugin.
This isn’t a step-by-step how to set up the contact form, there is really good documentation that goes along with it. What I would like to point out is that some email providers block all WordPress emails as spam and go directly to the junk folder. I even set up rules that allowed any email from the WordPress website to be routed to the inbox but to no avail.
In comes Flamingo Plugin to the rescue. This plugin will take a copy of the Contact form entered and submitted and stores it on your website in the dashboard. You can sign in, click Flamingo in the left hand menu and see a list of all contact forms sent out of the website. If you have Google Recaptcha installed on the Contact Form 7 plugin, it will separate real forms from what Google believes is Spam.
This is a handy backup for you if you miss checking your Spam folder.
Just completed the website for Sturrock Construction.
Sturrock Construction is a professional excavating company based in Grey Highlands, serving Grey and Bruce County communities. They work commonly with local municipalities, residential and commercial sectors providing multiple excavation services such as trenching, grading, site preparation, backfilling, septic and sewer repair, and hydrovac excavation.
Last night I watched a youTube video by Wordfence Security showing how quickly and easily hackers can login to your website through outdated versions of plugins. The security specialist, Chloe Chamberland showed how a hacker can use a search on Google called “Google Dorking” to search for any websites that use specific plugins such as BBPress. A list appeared that showed the version of the BBPress plugin. Using that, Chloe could see which website is using an outdated version of that plugin to gain access (already knowing the vulnerabiltity of the plugin and how to break in). Chloe showed how quickly she added a new user id to the wordpress admin asking for ‘subscriber’ access. Before she submitted it, she used a program to stop the code before executing and then added a script that changed her userid from subscriber to administrator. She then submitted the sign up form which created a new user account with administrator access, with full access to the entire website. All within 5 minutes.
So I have mentioned to many of my clients how important it is to run the updates regularly on your WordPress (and Joomla!) websites. I give instructions for those who wish to do it themselves and I also provide a service where i will go into the website, run a backup, run all of the updates and test the website afterwards to make sure none of the updates caused a problem with the website.
I recommend running updates bi-monthly at the bare minimum, monthly is better, weekly is the best.
Having added security is also very important to protecting your website. Over 1/3 of websites on the internet are built on WordPress. Hackers figure out where the loopholes are and very quickly can attach one or many sites for their own purposes.
Some hosting companies provide higher security with the hosting such as Siteground Hosting. It’s the number 1 recommended hosting company by WordPress.org. I have spoken to their technicians and have been advised that if the plugins are kept up to date, there is little room for hacking of their system. Other hosting companies offer added Security services. Godaddy offers Website Security Essentials which scans websites daily looking for malware and will clean up your site if they find it. If your website has been hacked, don’t despair, once you purchase the Website Security Essentials, you submit the website scan and submit a ticket to have the website cleaned. Within 6 hours your website is cleaned and back online. You can also purchase the pricier service of a Firewall which will block all hackers from accessing your website.
There are 2 free plugins you can install directly onto your WordPress website: Wordfence Security or All In One WP Security. I use both (not at the same time on the same website). Both offer a firewall, added login security, can be set up to run scans for outdated versions of plugins, will allow you to block IP addresses (All in One does this, it’s a premium feature on Wordfence Security), and a host of other security features. All in One WP Security also allows you to change the login URL.
The premium version of Wordfence Security will also clean a hacked website and then provide protection to your website for 1 year. If a known attack is hitting websites, they will provide an immediate update to protect against the hack. The free version will get the update after 30 days.
How to run updates through your WordPress Dashboard
Sign in to your WordPress Admin dashboard.
Run a backup of your website either through a plugin that allows you to roll back your website if you encounter a problem, or within your hosting account. Siteground Hosting cPanel offers Softaculous software to install WordPress applications. You can run a full database and file backup within Softaculous. Godaddy WordPress Hosting automatically runs a daily backup which you can restore in the hosting account.
Hover over ‘Dashboard’ in the upper left, then click ‘Updates’ or at the top of the page there will be a circling arrow with a number that tells you how many updates are available. Click this to go to the updates page.
Select one plugin at a time and click Update. I always write down the plugin and the version so if I encounter a problem with the update, I know which version was working before the update. You do have to be careful running updates, if they were installed with your theme package, you should update your theme first, then update the plugins through the theme interface, otherwise it could cause a problem with the theme.
Some plugins will state their is an update available, but because it was packaged within a theme, the new update might not be available until it comes with a new version of the theme. The Bridge theme comes packaged with the WP Bakery plugin. This is a premium plugin and updates are only available within the Bridge theme update.
After plugins and themes are updated, test your website to make sure it is still functioning properly. If you encounter any problems, it might be best to contact your website designer or host to troubleshoot what went wrong and how to fix it. There are occasions where plugins have to be deactivated to figure out which one broke the website.
Another Way of Hacking Your Site
In the same Wordfence Security video, Chloe Chamberland, Security Specialist, showed how a hacker can use the Comments feature to gain full access to a website. She used a test website and added a seemingly harmless comment on a blog post. She had Scott Miller, another analyst sign in to the website and click a link she had included in her comment … something like ‘I really like your post, maybe you can like mine too’ with a link to another website. When Scott went to her website from his link, he clicked a button on the website which said ‘enter site’…. nothing visual happened. Let me reiterate nothing VISUAL happened. In the background when Scott clicked the link to Chloes’ fake website, he inadvertently ran a script which created a user account on his own website, Chloe now had full administrator access to Scott’s website. It was really scary to see how quickly it could be done. Thank goodness Chloe is on our side and uses her knowledge to protect us and update the Wordfence Security plugin to stop hackers from gaining access to your website. Chloe also showed how having Wordfence Security plugin installed on a website would prevent this hack and the first one I mentioned in the beginning of this post from even happening.
So a few final thoughts:
Run your updates regularly
install a firewall through your hosting company or install Wordfence Security or All in One WP Security and make sure the firewall is enabled
disable user registration on your website if you don’t need it
watch the following video for more info from the pros at Wordfence Security
Founded in 2015 by Dave and Crystal Jardine, our company’s dedication to timely service and quality workmanship continues to help Journey Electric grow in the South Georgian Bay area.
Every team member works diligently to ensure only top-quality services are provided to every client. Customer Satisfaction is our focus.
The goal of our company is to provide our clients with a one-stop-shop for all of their electrical needs. By providing commercial, residential, underground, maintenance and emergency services, our team has a comprehensive understanding of the electrical industry and current technology to help you with your project or product needs. Click to visit Journey Electric’s website.
Mary-Jo Land, Registered Psychotherapist specializes in supporting and enhancing attachment in children, bonding in parents and resolution of early losses, trauma and neglect in children.
Click to learn more about Mary-Jo, watch her informative videos or find out about her new book Caring Together: A guide for parents, foster parents and adoptive parents of children who are in care.
Shawn MacDonald’s Landscaping located in Collingwood was created as a separate building division in 2009 backed by over 20 years of hands on experience. The Collingwood office specializes in landscape design, construction, demolition and snow removal serving Collingwood, Wasaga and Tiny Beach, Singhampton, Creemore, The Blue Mountains and surrounding areas.
A truly witty man, Dan Needles has kept audiences entertained with his stories, columns, books and plays. He is an exceptional speaker and most famous for his play Letters from Wingfield Farms starring Ned Beattie. For more information visit the website of Dan Needles.
