I was wondering this morning if Sharepoint was something I should learn how to use for developing websites…. I got my answer… basically no! Sharepoint is used for corporations etc that have a large IT staff and the funds for customization. The author then went on to say that WORDPRESS is an excellent platform and listed all of the companies that use it for their public facing websites… including… wait for it…. Microsoft, the owner of Sharepoint! So it’s always good to realize what you specialize in has been validated by major corporations 🙂 So I will Keep On Trucking!
One of my favourite Contact Form plugins for WordPress is Contact Form 7. It’s easy to use, easy to set up and only requires a copy/paste of code into any page or widget and it works. I have tried a few of the other forms and find they are more time consuming and difficult to set up. I usually delete the plugin and install Contact Form 7 instead. My tried and true form plugin.
This isn’t a step-by-step how to set up the contact form, there is really good documentation that goes along with it. What I would like to point out is that some email providers block all WordPress emails as spam and go directly to the junk folder. I even set up rules that allowed any email from the WordPress website to be routed to the inbox but to no avail.
In comes Flamingo Plugin to the rescue. This plugin will take a copy of the Contact form entered and submitted and stores it on your website in the dashboard. You can sign in, click Flamingo in the left hand menu and see a list of all contact forms sent out of the website. If you have Google Recaptcha installed on the Contact Form 7 plugin, it will separate real forms from what Google believes is Spam.
This is a handy backup for you if you miss checking your Spam folder.
Last night I watched a youTube video by Wordfence Security showing how quickly and easily hackers can login to your website through outdated versions of plugins. The security specialist, Chloe Chamberland showed how a hacker can use a search on Google called “Google Dorking” to search for any websites that use specific plugins such as BBPress. A list appeared that showed the version of the BBPress plugin. Using that, Chloe could see which website is using an outdated version of that plugin to gain access (already knowing the vulnerabiltity of the plugin and how to break in). Chloe showed how quickly she added a new user id to the wordpress admin asking for ‘subscriber’ access. Before she submitted it, she used a program to stop the code before executing and then added a script that changed her userid from subscriber to administrator. She then submitted the sign up form which created a new user account with administrator access, with full access to the entire website. All within 5 minutes.
So I have mentioned to many of my clients how important it is to run the updates regularly on your WordPress (and Joomla!) websites. I give instructions for those who wish to do it themselves and I also provide a service where i will go into the website, run a backup, run all of the updates and test the website afterwards to make sure none of the updates caused a problem with the website.
I recommend running updates bi-monthly at the bare minimum, monthly is better, weekly is the best.
Having added security is also very important to protecting your website. Over 1/3 of websites on the internet are built on WordPress. Hackers figure out where the loopholes are and very quickly can attach one or many sites for their own purposes.
Some hosting companies provide higher security with the hosting such as Siteground Hosting. It’s the number 1 recommended hosting company by WordPress.org. I have spoken to their technicians and have been advised that if the plugins are kept up to date, there is little room for hacking of their system. Other hosting companies offer added Security services. Godaddy offers Website Security Essentials which scans websites daily looking for malware and will clean up your site if they find it. If your website has been hacked, don’t despair, once you purchase the Website Security Essentials, you submit the website scan and submit a ticket to have the website cleaned. Within 6 hours your website is cleaned and back online. You can also purchase the pricier service of a Firewall which will block all hackers from accessing your website.
There are 2 free plugins you can install directly onto your WordPress website: Wordfence Security or All In One WP Security. I use both (not at the same time on the same website). Both offer a firewall, added login security, can be set up to run scans for outdated versions of plugins, will allow you to block IP addresses (All in One does this, it’s a premium feature on Wordfence Security), and a host of other security features. All in One WP Security also allows you to change the login URL.
The premium version of Wordfence Security will also clean a hacked website and then provide protection to your website for 1 year. If a known attack is hitting websites, they will provide an immediate update to protect against the hack. The free version will get the update after 30 days.
How to run updates through your WordPress Dashboard
Sign in to your WordPress Admin dashboard.
Run a backup of your website either through a plugin that allows you to roll back your website if you encounter a problem, or within your hosting account. Siteground Hosting cPanel offers Softaculous software to install WordPress applications. You can run a full database and file backup within Softaculous. Godaddy WordPress Hosting automatically runs a daily backup which you can restore in the hosting account.
Hover over ‘Dashboard’ in the upper left, then click ‘Updates’ or at the top of the page there will be a circling arrow with a number that tells you how many updates are available. Click this to go to the updates page.
Select one plugin at a time and click Update. I always write down the plugin and the version so if I encounter a problem with the update, I know which version was working before the update. You do have to be careful running updates, if they were installed with your theme package, you should update your theme first, then update the plugins through the theme interface, otherwise it could cause a problem with the theme.
Some plugins will state their is an update available, but because it was packaged within a theme, the new update might not be available until it comes with a new version of the theme. The Bridge theme comes packaged with the WP Bakery plugin. This is a premium plugin and updates are only available within the Bridge theme update.
After plugins and themes are updated, test your website to make sure it is still functioning properly. If you encounter any problems, it might be best to contact your website designer or host to troubleshoot what went wrong and how to fix it. There are occasions where plugins have to be deactivated to figure out which one broke the website.
Another Way of Hacking Your Site
In the same Wordfence Security video, Chloe Chamberland, Security Specialist, showed how a hacker can use the Comments feature to gain full access to a website. She used a test website and added a seemingly harmless comment on a blog post. She had Scott Miller, another analyst sign in to the website and click a link she had included in her comment … something like ‘I really like your post, maybe you can like mine too’ with a link to another website. When Scott went to her website from his link, he clicked a button on the website which said ‘enter site’…. nothing visual happened. Let me reiterate nothing VISUAL happened. In the background when Scott clicked the link to Chloes’ fake website, he inadvertently ran a script which created a user account on his own website, Chloe now had full administrator access to Scott’s website. It was really scary to see how quickly it could be done. Thank goodness Chloe is on our side and uses her knowledge to protect us and update the Wordfence Security plugin to stop hackers from gaining access to your website. Chloe also showed how having Wordfence Security plugin installed on a website would prevent this hack and the first one I mentioned in the beginning of this post from even happening.
So a few final thoughts:
Run your updates regularly
install a firewall through your hosting company or install Wordfence Security or All in One WP Security and make sure the firewall is enabled
disable user registration on your website if you don’t need it
watch the following video for more info from the pros at Wordfence Security
Today I had someone email me how to help them achieve online presence with Google. After typing my answer I realized it was a great post that I could share with others!
Here was my response:
Have descriptive page titles. When designing a site and setting up SEO I always ask my clients “how would people search you?” for instance if you wanted a chiropractor in Collingwood then that is what you would type in google “chiropractor collingwood”. So if this is how people will find you, then you need to make sure all the page titles have this included in the title.
Narrow your selection. Don’t try to be the best across the province, narrow your location to a main town and surrounding area.
The more pages you have with excellent titles, the better you rank.
The page content has to match the titles… so if your page is about cutting wood… somewhere on the page you should mention that you cut wood.
Each page url needs to be descriptive: here is the url for one of my pages : https://wannawebdesign.com/services/modify-websites-collingwood-barrie/ see how the url is set up?
You need lots and lots of content. Good content.
Your content should be typed on the page… not in a jpg or pdf. Google can’t read jpgs.
Google does not use keywords anymore.
Add a Google presence: Google Business, add your address to Google Maps
Single page websites are not great for SEO. You only have 1 shot at google finding you, across the whole entire internet. You are competing with companies with multiple pages and very specific locations. Websites with structured SEO.
Google likes Blogs. So create a blog with posts that are relevant to your theme. If you play music weekly have weekly posts with where you are playing: “Live Jazz music this Friday night at XYZ Bar & Eaterie”. Update it regularly. Google likes current blogs.
Name your photos… don’t upload 1234.jpg. Change the name to reflect what you are promoting.
So this is the Cole’s Notes version of SEO. But if you follow these practices, you should be able to rank higher.
Many of my client’s websites have been showing an error in the admin dashboard stating “An automated WordPress update has failed to complete! Please notify the site administrator.”
I have done some research and it seems that this error is appearing after you have run the WordPress updates (any updates) and there is a new version of WordPress. I believe this error is being generated on any Godaddy WordPress hosting sites because Godaddy will automatically update the WordPress core files yet WordPress is trying to update itself.
Just be patient…. it takes a few days for Godaddy to process the updates across the WordPress Hosting servers. Once WordPress is updated the error will disappear.
There is no quick way to secure your website from hackers. You need to be vigilant and use as many defences as you can. The following is a list of 9 ways to secure your website.
Use Latest Version of WordPress, Themes and Plugins
Regularly go into your WordPress dashboard and install the newest versions of all your plugins. It’s easy to do: just look at the top left corner, if you see a number with a semi-circle swirl it means there are that many number of updates available for your website. Click on this link and update each of the plugins, themes and WordPress to install the newest version.
Only install good WordPress Themes or Plugins
There are so many free WordPress themes and plugins out there but you have to be careful which ones you install on your website. Choose themes from a reputable theme developer or theme sales website. One that I use regularly is Theme Forest. Pick from the most popular theme or plugins to ensure they will be kept up to date. Also always check the date of the latest update. If it’s over 6 months old, I tend to avoid it. Look at the history as well, check how long it takes for problems to be corrected or questions to be answered. This will tell you if there is a team keeping up with the software.
Guard your Logins
Use strong usernames and passwords. Avoid usernames like ‘user’, ‘admin’, ‘root’ choose one that would be difficult to guess. Passwords should be at least 8 – 10 characters long, should include upper and lower case letters, numeric and special characters. Avoid using the user name in the password and avoid using the obvious like your name. Also try to create different username/password combinations across the internet to avoid hackers finding out the one and using it across many accounts to hack all your information.
Use a reputable web service provider
Use a well established company with a strong reputation and good track record for security. Providers that ensure a high rate of “uptime” and 24/7 support service are important.
Two Factor Authentication
For added security you can install a plugin that uses 2 factors for login rather than just the username and password. This would make it much more difficult for hackers to guess the login and for the spambots (programs that search the web to try and sign in to websites repeatedly) to test your site. Here is a free plugin from the WordPress.
Purchase an SSL Certificate
SSL stand for Secure Socket Layer. This is added security for any customer or client that might type in personal information on your site. It adds encrypted information that hackers can’t “watch” while people enter information on your site. An SSL Certificate is relatively affordable (less than $100 for the year) and well worth it for the added security and peace of mind.
Use SFTP instead of FTP to access the server
This is for the developers who need access to the backend files of your website. Using SFTP (Secure File Transfer Protocol) adds extra security rather than signing in directly through FTP. Again it adds encrypted data to the uploads/downloads to protect your website from hackers “watching” your site.
Security Plugins
Install a security plugin on your website. iThemes Security plugin is a free security plugin. It has over 700,000 downloads, has been updated recently (3 weeks as of this writing) and as always is easily installed through the dashboard. Another plugin I have been using over the past few years is Wordfence Security. With over 1,000,000 installs this is a well-established security plugin. It monitors who visits your site, you can set it to block IP addresses. The paid version allows you to block countries. It also does scans of your website for any code that has been inserted in your files and sends out emails when new versions of plugins or themes are available.
Backup!
Make sure you take regular backups of your website. There are many free plugins that you can take daily/weekly or monthly backups of your website. Some are easier to install the backup if something does go wrong. Just a shout out to Godaddy: they offer WordPress Hosting packages that include daily backups of your entire website and keeps these backups for 30 days. With a simple click of a button, the website is restored to any of the past 30 days that you choose.
Have you ever been unhappy with your current web developer and decided to hire a new one, when to your dismay you find out you can’t have access to your website? That it is stored on that developers server along with their other websites and you can’t get access?
This is the one reason why you should always own your own domain name and hosting. You are in control and will always have access to your website, email, domain etc.
There will never be a reason for the hosting and domain to disappear (web developer retires), or for the rates to suddenly skyrocket! You will always be in control!
So when deciding where to purchase your domain make sure you find a reputable company, one that offers 24/7 phone service and one that guarantees over 95% up time on the server.
Choosing a colour scheme for your project can be a daunting task. Take advantage of online colour schemes such as the one at Color Scheme Designer. Enter your hexadecimal value and you can choose mono, complimentary, triad etc.
