Contact Form 7 Plugin

One of my favourite Contact Form plugins for WordPress is Contact Form 7. It’s easy to use, easy to set up and only requires a copy/paste of code into any page or widget and it works. I have tried a few of the other forms and find they are more time consuming and difficult to set up. I usually delete the plugin and install Contact Form 7 instead. My tried and true form plugin.

This isn’t a step-by-step how to set up the contact form, there is really good documentation that goes along with it. What I would like to point out is that some email providers block all WordPress emails as spam and go directly to the junk folder. I even set up rules that allowed any email from the WordPress website to be routed to the inbox but to no avail.

In comes Flamingo Plugin to the rescue. This plugin will take a copy of the Contact form entered and submitted and stores it on your website in the dashboard. You can sign in, click Flamingo in the left hand menu and see a list of all contact forms sent out of the website. If you have Google Recaptcha installed on the Contact Form 7 plugin, it will separate real forms from what Google believes is Spam.

This is a handy backup for you if you miss checking your Spam folder.

WordPress Security: Keeping your website safe from hackers

Last night I watched a youTube video by Wordfence Security showing how quickly and easily hackers can login to your website through outdated versions of plugins.  The security specialist, Chloe Chamberland showed how a hacker can use a search on Google called “Google Dorking” to search for any websites that use specific plugins such as BBPress.  A list appeared that showed the version of the BBPress plugin. Using that, Chloe could see which website is using an outdated version of that plugin to gain access (already knowing the vulnerabiltity of the plugin and how to break in). Chloe showed how quickly she added a new user id to the wordpress admin asking for ‘subscriber’ access. Before she submitted it, she used a program to stop the code before executing and then added a script that changed her userid from subscriber to administrator. She then submitted the sign up form which created a new user account with administrator access, with full access to the entire website. All within 5 minutes.

So I have mentioned to many of my clients how important it is to run the updates regularly on your WordPress (and Joomla!) websites.  I give instructions for those who wish to do it themselves and I also provide a service where i will go into the website, run a backup, run all of the updates and test the website afterwards to make sure none of the updates caused a problem with the website.

I recommend running updates bi-monthly at the bare minimum, monthly is better, weekly is the best. 

Having added security is also very important to protecting your website. Over 1/3 of websites on the internet are built on WordPress. Hackers figure out where the loopholes are and very quickly can attach one or many sites for their own purposes.

Some hosting companies provide higher security with the hosting such as Siteground Hosting. It’s the number 1 recommended hosting company by WordPress.org. I have spoken to their technicians and have been advised that if the plugins are kept up to date, there is little room for hacking of their system. Other hosting companies offer added Security services. Godaddy offers Website Security Essentials which scans websites daily looking for malware and will clean up your site if they find it. If your website has been hacked, don’t despair, once you purchase the Website Security Essentials, you submit the website scan and submit a ticket to have the website cleaned. Within 6 hours your website is cleaned and back online. You can also purchase the pricier service of a Firewall which will block all hackers from accessing your website.

There are 2 free plugins you can install directly onto your WordPress website: Wordfence Security or All In One WP Security. I use both (not at the same time on the same website). Both offer a firewall, added login security, can be set up to run scans for outdated versions of plugins, will allow you to block IP addresses (All in One does this, it’s a premium feature on Wordfence Security), and a host of other security features. All in One WP Security also allows you to change the login URL.

The premium version of Wordfence Security will also clean a hacked website and then provide protection to your website for 1 year. If a known attack is hitting websites, they will provide an immediate update to protect against the hack. The free version will get the update after 30 days.

How to run updates through your WordPress Dashboard

  1. Sign in to your WordPress Admin dashboard.
  2. Run a backup of your website either through a plugin that allows you to roll back your website if you encounter a problem, or within your hosting account. Siteground Hosting cPanel offers Softaculous software to install WordPress applications. You can run a full database and file backup within Softaculous. Godaddy WordPress Hosting automatically runs a daily backup which you can restore in the hosting account.
  3. Hover over ‘Dashboard’ in the upper left, then click ‘Updates’ or at the top of the page there will be a circling arrow with a number that tells you how many updates are available. Click this to go to the updates page.
  4. Select one plugin at a time and click Update. I always write down the plugin and the version so if I encounter a problem with the update, I know which version was working before the update.  You do have to be careful running updates, if they were installed with your theme package, you should update your theme first, then update the plugins through the theme interface, otherwise it could cause a problem with the theme.
  5. Some plugins will state their is an update available, but because it was packaged within a theme, the new update might not be available until it comes with a new version of the theme. The Bridge theme comes packaged with the WP Bakery plugin. This is a premium plugin and updates are only available within the Bridge theme update.
  6. After plugins and themes are updated, test your website to make sure it is still functioning properly. If you encounter any problems, it might be best to contact your website designer or host to troubleshoot what went wrong and how to fix it.  There are occasions where plugins have to be deactivated to figure out which one broke the website.

Another Way of Hacking Your Site

In the same Wordfence Security video, Chloe Chamberland, Security Specialist, showed how a hacker can use the Comments feature to gain full access to a website. She used a test website and added a seemingly harmless comment on a blog post.  She had Scott Miller, another analyst sign in to the website and click a link she had included in her comment … something like ‘I really like your post, maybe you can like mine too’ with a link to another website. When Scott went to her website from his link, he clicked a button on the website which said ‘enter site’…. nothing visual happened. Let me reiterate nothing VISUAL happened. In the background when Scott clicked the link to Chloes’ fake website, he inadvertently ran a script which created a user account on his own website, Chloe now had full administrator access to Scott’s website. It was really scary to see how quickly it could be done. Thank goodness Chloe is on our side and uses her knowledge to protect us and update the Wordfence Security plugin to stop hackers from gaining access to your website. Chloe also showed how having Wordfence Security plugin installed on a website would prevent this hack and the first one I mentioned in the beginning of this post from even happening.

So a few final thoughts:

  • Run your updates regularly
  • install a firewall through your hosting company or install Wordfence Security or All in One WP Security and make sure the firewall is enabled
  • disable user registration on your website if you don’t need it
  • watch the following video for more info from the pros at Wordfence Security

 

 

 

 

Coles Notes version of Boosting SEO

Search engine optimization collingwood

Today I had someone email me how to help them achieve online presence with Google. After typing my answer I realized it was a great post that I could share with others!
Here was my response:

  1. Have descriptive page titles. When designing a site and setting up SEO I always ask my clients “how would people search you?” for instance if you wanted a chiropractor in Collingwood then that is what you would type in google “chiropractor collingwood”. So if this is how people will find you, then you need to make sure all the page titles have this included in the title.
  2. Narrow your selection. Don’t try to be the best across the province, narrow your location to a main town and surrounding area.
  3. The more pages you have with excellent titles, the better you rank.
  4. The page content has to match the titles… so if your page is about cutting wood… somewhere on the page you should mention that you cut wood.
  5. Each page url needs to be descriptive: here is the url for one of my pages : https://wannawebdesign.com/services/modify-websites-collingwood-barrie/ see how the url is set up?
  6. You need lots and lots of content. Good content.
  7. Your content should be typed on the page… not in a jpg or pdf. Google can’t read jpgs.
  8. Google does not use keywords anymore.
  9. Add a Google presence: Google Business, add your address to Google Maps
  10. Single page websites are not great for SEO. You only have 1 shot at google finding you, across the whole entire internet. You are competing with companies with multiple pages and very specific locations. Websites with structured SEO.
  11. Google likes Blogs. So create a blog with posts that are relevant to your theme. If you play music weekly have weekly posts with where you are playing: “Live Jazz music this Friday night at XYZ Bar & Eaterie”. Update it regularly. Google likes current blogs.
  12. Name your photos… don’t upload 1234.jpg. Change the name to reflect what you are promoting.

So this is the Cole’s Notes version of SEO. But if you follow these practices, you should be able to rank higher.

If this seems overwhelming, contact me!

Cindy

An automated WordPress update has failed to complete!

Many of my client’s websites have been showing an error in the admin dashboard stating “An automated WordPress update has failed to complete! Please notify the site administrator.”

I have done some research and it seems that this error is appearing after you have run the WordPress updates (any updates) and there is a new version of WordPress.  I believe this error is being generated on any Godaddy WordPress hosting sites because Godaddy will automatically update the WordPress core files yet WordPress is trying to update itself.

Just be patient…. it takes a few days for Godaddy to process the updates across the WordPress Hosting servers. Once WordPress is updated the error will disappear.

9 Ways to Secure your WordPress Website

There is no quick way to secure your website from hackers. You need to be vigilant and use as many defences as you can. The following is a list of 9 ways to secure your website.

Use Latest Version of WordPress, Themes and Plugins

Regularly go into your WordPress dashboard and install the newest versions of all your plugins. It’s easy to do: just look at the top left corner, if you see a number with a semi-circle swirl it means there are that many number of updates available for your website. Click on this link and update each of the plugins, themes and WordPress to install the newest version.

WordpressSecurity-WannaWebDesign

Only install good WordPress Themes or Plugins

There are so many free WordPress themes and plugins out there but you have to be careful which ones you install on your website. Choose themes from a reputable theme developer or theme sales website.  One that I use regularly is Theme Forest.  Pick from the most popular theme or plugins to ensure they will be kept up to date. Also always check the date of the latest update.  If it’s over 6 months old, I tend to avoid it.  Look at the history as well, check how long it takes for problems to be corrected or questions to be answered. This will tell you if there is a team keeping up with the software.

Guard your Logins

Use strong usernames and passwords. Avoid usernames like ‘user’, ‘admin’, ‘root’ choose one that would be difficult to guess.  Passwords should be at least 8 – 10 characters long, should include upper and lower case letters, numeric and special characters.  Avoid using the user name in the password and avoid using the obvious like your name.  Also try to create different username/password combinations across the internet to avoid hackers finding out the one and using it across many accounts to hack all your information.

Use a reputable web service provider

Use a well established company with a strong reputation and good track record for security.  Providers that ensure a high rate of “uptime” and 24/7 support service are important.

Two Factor Authentication

For added security you can install a plugin that uses 2 factors for login rather than just the username and password. This would make it much more difficult for hackers to guess the login and for the spambots (programs that search the web to try and sign in to websites repeatedly) to test your site. Here is a free plugin from the WordPress.

Purchase an SSL Certificate

SSL stand for Secure Socket Layer. This is added security for any customer or client that might type in personal information on your site. It adds encrypted information that hackers can’t “watch” while people enter information on your site. An SSL Certificate is relatively affordable (less than $100 for the year) and well worth it for the added security and peace of mind.

Use SFTP instead of FTP to access the server

This is for the developers who need access to the backend files of your website. Using SFTP (Secure File Transfer Protocol) adds extra security rather than signing in directly through FTP.  Again it adds encrypted data to the uploads/downloads to protect your website from hackers “watching” your site.

Security Plugins

Install a security plugin on your website. iThemes Security plugin is a free security plugin. It has over 700,000 downloads, has been updated recently (3 weeks as of this writing) and as always is easily installed through the dashboard.  Another plugin I have been using over the past few years is Wordfence Security.  With over 1,000,000 installs this is a well-established security plugin.  It monitors who visits your site, you can set it to block IP addresses. The paid version allows you to block countries.  It also does scans of your website for any code that has been inserted in your files and sends out emails when new versions of plugins or themes are available.

Backup!

Make sure you take regular backups of your website. There are many free plugins that you can take daily/weekly or monthly backups of your website. Some are easier to install the backup if something does go wrong. Just a shout out to Godaddy: they offer WordPress Hosting packages that include daily backups of your entire website and keeps these backups for 30 days. With a simple click of a button, the website is restored to any of the past 30 days that you choose.

 

 

Largest Brute Force Attack on WordPress websites

Dear WordPress Publisher,

As of 11am eastern time this morning we are monitoring the largest distributed brute force attack on WordPress installations that we’ve seen to date. The real-time attack map on www.wordfence.com became so busy that we’ve had to throttle the amount of traffic we show down to 4% of actual traffic.

A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.

If you’re using the free or paid version of Wordfence you should have the option to “Participate in the real-time Wordfence security network” under ‘Other options‘ enabled. This will immediately block any attack originating from an IP address that has attacked other WordPress sites using Wordfence. This is an effective defense against this kind of attack.

We recommend that until this passes you monitor your WordPress websites closely for unusual activity including logins, account creation or changes to the public facing website.

If you found this alert helpful, please give us a 5 star rating on WordPress.org on the right of the page.

Mark Maunder
Wordfence Creator & Feedjit Inc. CEO.
PS: If you aren’t already a member you can subscribe to our WordPress Security and Product Updates mailing list here. You’re welcome to republish this email in part or in full provided you mention that the source is www.wordfence.com. If you would like to get Wordfence for your WordPress website, simply go to your “Plugin” menu, click “add new” and search for “wordfence”.

Blog Post Excerpts in Genesis Theme

Genesis Theme is already set up to allow you to either have Full Post Content in your blog, or Post Excerpts with Featured Image.

Simply go to your Genesis Theme Settings, scroll down to the Content Archives.

blog-archives

When you click ‘Display Post excerpts’ it then allows you to select ‘Include the Featured Image?’.  Select the appropriate size of featured image in the Image Size drop down (according to your theme specs) and select the post navigation technique.

Click save to update your changes.

Parent Menu with no Link

A very easy solution to have a parent menu item without a link in WordPress is to use the custom menu.

  1. Hover over Appearance and click Menus
  2. In the URL text box simply enter # (nothing else just the pound key)
  3. Enter the name of the Parent item in the Link Text box
  4. Click Add to Menu
  5. Move it into the correct position
  6. Add your sub-menu items below the new parent item
  7. Save your menu.

So simple and so much easier than creating a dummy Parent page.

Securing your WordPress Website

Many times businesses create a website and think ‘Great, I am done!’ but when you have a WordPress website you are never done!  As I stated in an earlier post (Keeping your CMS website up to date) you have to maintain your website.  There are people out there that make it their business to try and get into yours.

Luckily there are good people out there that create plugins to help protect your website.  2 crucial plugins are:

Limit Login Attempts

&

WordFence Security

Limit Login Attempts is a free plugin that limits the number of times someone tries to access the administrator portion of the website.  They will block an IP address (the physical address of the computer) for a specified amount of time after a specified number of attempts at trying to sign in.  An email will be sent to the administrators email address to inform them attempts have been made to access the backend.  It will also tell you the IP address of the user trying to gain access.

Which brings us to WordFence Security.  This plugin allows you to completely block an IP address from your website.  So when you find out someone has made multiple attempts to gain access you can then block that IP address.  WordFence will tell you where the IP address originates.

That is not all WordFence Security does, it also will scan your website and check to make sure you have the proper versions of all plugins and WordPress, plus check to make sure the core programs have not been modified from the original version.  If they have been modified and you know you haven’t made any changes, you can backout the changes.

2 very invaluable plugins that every WordPress website should have!