WordPress Knowledge Base

WordPress is an open source software and sometimes hackers may use security exploits to compromise your site. Therefore, we’ve created a few video tutorials to help you strengthening your WordPress security.

BulletProof Security Plugin

The first video is about BulletProof Security plugin configuration. This plugin is extremely important for protecting your website from brute force attack!

In particular, we also demonstrated how to whitelist IP address(es) so that only the people using the registered IP address(es) can access to the admin dashboard of your WordPress website. This can greatly reduce the chances of having brute force attacks. To do so, you will need to insert some simple codes (found from WordPress Codex page). Below is the code you need:

<Files wp-login.php>
# Block access to wp-admin.
order deny,allow
deny from all
# Add IP to Whitelist
allow from 111.222.333.444
</Files>

Please note that 111.222.333.444 represents your IP address. You will need to replace this with your own IP address when you customize your BulletProof settings.

After watching the first video, you will know where to put the above code and how to whitelist IP address for accessing to your admin panel.

Sucuri Security SiteCheck Malware Scanner

The second video tutorial is about Sucuri Security plugin.

Sucuri Security SiteCheck Malware Scanner checks your WordPress site for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc.

Captcha Plugin

The third video tutorial is about captcha plugin

This plugin significantly reduce the chances of spammers attacking your website by asking a math question when submitting a request to your website (e.g. visitors are asked “what’s the answer for 2+3” when leaving comment). The plugin can work on comment section as well as the login page.

Permalink.

WordPress features a powerful function called “Multisite”. Enabling multisite allows users to manage multiple WordPress websites from one WordPress installation. Each website in a network is independent, but the WordPress admin can modify the settings so that plugins and themes can be shared among the websites. When there are updates available for the shared theme and plugin, the site admin only needs to update the corresponding elements once instead of managing them individually. By disabling the network function, the site admin can isolate the plugins and themes access across all websites. To learn more the features and installation of WordPress Multisite, watch this video for full details.

Permalink.

WordPress is one of the most popular CMS platforms in today’s web design industry, largely because of the vast selection of available themes, free and commercial. But most often a theme is only a starting point – there is no such thing as a perfect theme – many website owners start with a great theme and tweak it to perfectly suit their needs.

Tweaking a WordPress theme often requires coding experience. But, with Page Builder plugin, you can create responsive column layouts using WordPress widgets. This plugin features the “drag-and-drop” interface so that it helps you precisely place the content wherever you want on your website. With Page Builder, you can simply customize your own WordPress theme.

To download the Page Builder Plugin, please visit our Featured Plugin page.

We’ve created a short video to demonstrate how quick and easy it is to create a WordPress web page using Page Builder. Enjoy

Permalink.

Making your website become more interactive is very essential to online success. To achieve such goal, you should consider adding a forum section to your website. Here are some benefits of having a forum on your website:

• Attract more traffic
• Forum readers tend to re-visit forums and regularly make posts.
• Comments and suggestions can help you improve the quality of your website content

With bbPress, you can easily add a forum to your WordPress website. bbPress is a WordPress plugin and you can find it from your dashboard. Simply search for bbPress under “Plugins > Add New” and it is available for you to download.

Creating Forums

Once the installation is completed, the “Forums” menu is added to the WordPress admin panel (see the image below).

To start off a new forum, simply hit “New Forum” and the steps are pretty much identically the same as how you make a post on your WordPress website.

Displaying Forums

Now that your forums are successfully created, you need to properly display these forums on the front end of your WordPress site. You can do so by creating a new WordPress page. Then give it a title (e.g. Forums, Community, Peer to Peer Support Forums, etc.). Most importantly, in the “Content” section, enter this shortcode:

Also, please make sure you turn off comments and trackbacks functions on this page. Once all these steps are made, publish this page. Go to “Appearance > Menus” section and add this page to your navigation menu.

Last but not least, make sure you go to “Settings” and click “General”. For “Membership”, choose “Anyone can register” so that your forum is open for new registrations.

Have fun setting up your forums. If you need any assistance, leave us a comment or contact us by visiting this page.

Permalink.

• WordPress Exploit Scanner – this plug-in will search through your website’s files and database tables and notifies you of any suspicious code. It also examines your active plugins for unusual filenames.
• TAC (Theme Authenticity Checker) – this plug-in searches the source files of installed themes on your blog for signs of malicious code.
• WordPress AntiVirus – this plug-in scans your theme directory to look for a WordPress permalink back door, which is a very malicious malware.

Permalink.

The reason why you choose WordPress to build your website is because it is easy to use and you do not need any HTML background knowledge to create your website. So, when your website is done and completed, you work very hard to create more posts and content everyday. Your website traffic picks up and it starts to grow. To enhance your readers browsing experiences, you start using more WordPress plugins so that your website can have a few extra features (i.e. Social Media Share button, different language translators, etc). However, you start to realize that the more plugins and posts you make, the longer load time your website experiences. What should you do now?

Nobody likes slow websites. Nobody likes to wait around for websites to load every minute. Your (potential) readers will leave your website when it does not load for 10 seconds which means it is very important to optimize the load time of your WordPress website. Therefore, we have prepared a list with 10 easy tips to speed up your website.

1. Caching Plugin

Caching plugin helps your website improve its load speed because the plugin caches every aspect of your website. As a result, this will significantly reduce the download time. Among the different caching plugins available online, we recommend W3 Total Cache because it is very simple to use (and it’s FREE)!

2. Optimizing Image

Image file sizes are much larger than text files. If your website is image-oriented, it will take a much longer time to load your website. There is a free plugin called WP-Smushlt which can automatically help you reduce the file sizes of your website but does not reduce the quality of the image. Definitely check this out!

3. Another Image-related plugin: LazyLoad

This plugin will not only speed up your website load time but will also help your website lower the bandwidth by loading less data for your viewers who do not scroll down your website. For example, if your website is vertically long and requires readers to scroll down in order to view your entire page, with LazyLoad, the images on the lower side on your website will NOT load until your readers scroll down.

4. Optimizing databases

There are three plugins that we would like to recommend for optimizing your WordPress databases. The first one is WP-Optimize. This plugin, as the name suggests, optimizes your database by reducing the overhead of spams, drafts, tables, etc. Second, you can also consider installing WP-DBManger to help you schedule dates for database optimization.

Last, Revision Control is another great tool that can help you optimize your database. This plugin enables you to set the numbers of revisions you make for each post. WordPress, by default, stores all of your drafts indefinitely. By installing this powerful plugin, your database will be very lightweight compared to other websites without this plugin.

5. Removing unused plugins

The title says it all. If there are plugins that you do not use, simply delete them. Give it a try! Your site will load faster for sure!

6. Optimizing your home page

Your home page is the most important part that requires a quick load speed among all of your other pages because this is where your readers normally enter first. Here are a few tips to optimize your home page

• – Show excerpts of your posts.
• – Set fewer number of posts displayed on your home page (we recommend 5 posts)
• – Set the Social Media Share plugins to only display on the actual post page instead of the home page.

Remember the key: less is MORE!!

7. Enabling hotlink protection

Hotlinking happens when external websites direct a link to the images on your websites making your server load increase. In cPanel, there is a function called “HotLink Protection”. Once you enable the protection, you can eliminate this form of “bandwidth theft”.

8. cPanel “Optimize Website” Feature

Another great feature of cPanel! There is a feature under “Software/Services” in cPanel which is called “Optimize Website”. By enabling this feature, cPanel tweaks the way Apache will handle requests and will compress content before sending it to the visitor’s browsers.

9. Making use of Google PageSpeed Insights

PageSpeed Insights, developed by Google, is a tool that analyzes the content of a web page and provides suggestions to make that page load faster. Check out their official page for full details.

10. Good web hosting service company

A good web host can provide not only stable uptime and connection but also professional solutions and support when needed. At Doteasy, our in-house Customer Support agents are resourceful web technicians and experts. We can provide speedy solutions for WordPress and other website builder programs. It’s our goal to keep our customers up-to-date with the latest web hosting trends through our blog, our Scripts Library, and our how-to video tutorials on the YouTube channel.

Recently we launched the new state-of-the-art Solid State Drive (SSD) Hosting Service. This brand new hosting service utilizes web servers that are fitted with SSDs rather conventional hard disk drives. Typically, SSDs perform 30 times faster than HDDs. So, users can expect this hosting service to be much more responsive than traditional hosting services that run on HDDs. Database-driven websites such as WordPress and eCommerce websites can all be optimized with SSD Hosting plan. To learn more about our SSD Hosting plan, check out our feature page.

Lack of time to complete all these tips?

It takes a great amount of time to secure a website and maintain a quick load time. Therefore, we strongly recommend our customers to perform all of the above tips on your own. But, we understand that many of you do not have the time to do these tasks on your website. In this case, we can suggest to you our Managed Hosting plan which is an ideal solution for customers who need some extra help in maintaining their websites. Our Managed Hosting plan includes automated website backup as well as import, export, and optimization of your MySQL databases. To learn more, check out our Managed Hosting service feature page.

Permalink.

There are at least two elements that make WordPress become the most popular content management system: themes and plugins. With the vast selection of available themes to install, you can build your WordPress website almost instantly with professional outlooks. Once your WordPress website is set up, you can further enhance the functionality of your website by installing different plugins. You can turn your WordPress website to a personal blog, e-commerce online store, online portfolio, etc by installing different plugins.

Many online individuals use WordPress to create their blogs and make considerable profits. For example, there are many “mommy bloggers” who share their tips on babysitting and frugal living styles, technology savvy putting up their products reviews on the latest gadgets, and travel bloggers posting their memorable pictures for their trips. These kinds of blogs often record massive traffic records. Hence, many related businesses (e.g. supermarkets, tech companies, travel agencies, etc.) approach them to place advertisements or promotion campaigns through their websites. With different plugins, WordPress owners can easily customize their website for different functions.

Although you have a wide selection of plugins to choose from, choosing the right ones is definitely a difficult task. That’s why we would like to highlight 10 plugins can help WordPress bloggers to turn their websites into a “profit-seeking” blog.

Security

CAPTCHA – this plugin significantly reduce the chances of spammers attacking your website by asking a math question when submitting a request to your website (e.g. visitors are asked “what’s the answer for 2+3” when leaving comment). The plugin can work on comment section as well as the login page.

WP-CopyProtect – this plugin protects your blog posts by preventing others copy your content. What that means is if your visitor tries to select the texts on your website, right click the mouse button, and try to copy the words, the plugin will block the “right-click-copy” function.

Traffic and Website Performances

Google Analytics – this plugin is pretty much self-explanatory. Google Analytics is a website traffic statistic tool that tells you where your visitors come from and how they interact with your website. To track your website traffic, all you need to do is to sign up at account on Google Analytics, install this plugin, enter your Google Analytics ID on your WordPress dashboard. Without the plugin, you would have to copy and paste the Google Analytics tracking code into each of your website pages.

WassUp Real Time Stat – this plugin is an alternative of Google Analytics. With this plugin you can see a full stats traffic report on the WordPress dashboard and even the real-time visitor activity.

WP-Optimize – this plugin helps you optimize your WordPress databases by reducing the overhead of spams, drafts, tablet, etc. An optimized WordPress website gives you a faster load time, which is benefitial to SEO performance as well as enhancing user experiences.

Facebook/Promotion

FB share – this plugin lets readers easily share your blog post on their Facebook timeline. The more your reader shares your posts, the faster your blog can be spread out on Facebook. This plugin eventually helps you attract more new visitors.

Facebook open graph – this plugin automatically adds meta tags on the head section of your posts. If you share your blog post (with images) on your Facebook timeline, the Facebook post you made will display a thumbnail of the image shown on your blog post. Moreover, if your blog post contains a video link from YouTube or Vimeo, by sharing the blog post on your Facebook wall, this plugin enhances your wall posts by adding clickable videos embed for these two video sharing websites. You can see the sample by reading the “Description” section of this plugin on WordPress.org

Permalink.

In this video, we’ll demonstrate how to install WordPress plugins.

This is the demo WordPress website we built earlier!

http://www.DoteasyCafeteria.com/

Permalink.

With different plugins, WordPress owners can easily customize their website for different functions. From Google Translator, local weather report, ads manager, social media share button, to PayPal Checkout button, you can install numerous plugins to cater your needs in just a few clicks within your dashboard.

Permalink.

Sucuri, an online firm that offers website scanning, monitoring, and malware removal services, has recently found a serious security vulnerability in the MailPoet WordPress plugin. This plugin helps users create newsletters, post notifications and auto-responders and has a record of over 1.7 million downloads. Therefore, the impact is HUGE over the internet. The good news is that this vulnerability has been patched. If you run your WordPress website with this plugin, please update the plugin to 2.6.7 version ASAP.

What Exactly is the Problem?

The bug allows for any PHP file to be uploaded. What that means is the vulnerability can allow an attacker to use your website for phishing lures, sending SPAM, host malware, and much more. You can read the details about this security bug by visiting the Sucuri blog article.

Once again, update the plugin ASAP. In fact, you should always keep your WordPress version and all plugins up-to-date in order to keep your sites secured.

Permalink.

The online website scanning firm Sucuri has recently discovered a very dangerous vulnerability in the WPTouch Plugin for WordPress. This vulnerability allows attackers to upload files remotely to WordPress websites running this plugin with versions prior to 3.4.3. WPTouch Plugin has a record of over 5 million downloads. If your WordPress is running this plugin, please make sure to update the plugin immediately.

What Exactly is the Problem?

If your website has enabled the “Guest Registration Allowed” feature, a logged-in attacker can upload a backdoor (remote shell) inside your website’s directories and potentially take over your website. You can read the details about this security bug by visiting the Sucuri blog article.

Once again, update the plugin ASAP. In fact, you should always keep your WordPress version and all plugins up-to-date in order to keep your sites secured.

Permalink.

Sucuri, an online firm that offers website scanning, monitoring, and malware removal services, has recently found a serious security vulnerability in the Custom Contact Forms plugin. This plugin enables users to create customizable contact form on their WordPress websites and has a record of over 600,000 downloads. Therefore, the impact is pretty huge over the internet. The good news is that this vulnerability has been patched. If you run your WordPress website with this plugin, please update the plugin to 5.1.0.4 version ASAP.

What Exactly is the Problem?

The bug allows attackers to take control of the affected website without setting accounts beforehand. You can read the details about this security bug by visiting the Sucuri blog article.

Once again, update the plugin ASAP. In fact, you should always keep your WordPress version and all plugins up-to-date in order to keep your sites secured.

Permalink.

The Slider Revolution Premium plugin, one of the most downloaded slider plugins from the WordPress plugin marketplace Code Canyon, has been reported for a serious vulnerability found in it. This vulnerability is a type of Local File Inclusion (LFI) attack which allows attacker to access, review, and download a local file on the server. In particular, the attacker can download any file from the server and steal the database credentials. Consequently, the attacker can compromise the website through the database. You can read more about this vulnerability by visiting this page.

Update the plugin ASAP if you are currently using this on your WordPress website. In fact, you should always keep your WordPress version and all plugins up-to-date in order to keep your sites secured. And of course, perform a full site backup before you do any updates.

Permalink.

The WP eCommerce WordPress Plugin, with the record of over 2.9 million downloads, has been recently reported for a serious vulnerability found in it. The vulnerability can possibly lead to some users’ information leakage issues. If you have installed this plugin to your WordPress website, please update it to 3.8.14.4 version. And, make sure you perform a full site backup before updating the plugin.

What Exactly is the Problem?

Malicious attackers could use this vulnerability to get access and modify private information in the site that uses this plugin. For example, the vulnerability allows a malicious attacker to export all the user names and other confidential information of anyone that has previously made a purchase through the plugin. Furthermore, the attacker could also run administrative-related tasks without being authenticated as the administrator of the affected website. To learn more about this vulnerability, you can click this link to visit Sucuri, the online firm that offers website scanning, monitoring, and malware removal services.

Permalink.

WP-Statistics WordPress Plugin is comprehensive plugin for your WordPress visitor statistics. Recently a vulnerability has been found in all versions 8.3 and lower.

Quote Sucuri:
“An attacker can use Stored Cross Site Scripting (XSS) and Reflected XSS attack vectors to force a victim’s browser to perform administrative actions on its behalf. Leveraging this vulnerability, one could create new administrator account[s], insert SEO spam in legitimate blog posts, and a number of other actions within the WordPress’s admin panel.”

If you are using version 8.3 or lower, please upgrade immediately to version 8.3.1 or higher. For further details on the issue, please visit this page.

As always, keeping your WordPress and Plugins updated is vital. So is having a complete backup of your site. For worry free backup service which starts at $1.50/mo, Doteasy Auto Site Backup is a great deal for a great service.

Permalink.

InfiniteWP allows users to manage unlimited number of WordPress sites from their own server. Recently a Vulnerability has been found in earlier verions of this plug-in.

Quote Sucuri:
“While doing a routine audit of our Website Firewall product, we discovered a vulnerability in the plugin that could be used by a malicious individual to 1) disable a users web site by putting it in maintenance mode and 2) allows the user to control the content of the maintenance page.”

If you are using a lower than version 1.3.8, please upgrade immediately to version 1.3.8 or higher. For further details on the issue, please visit this page.

As always, keeping your WordPress and Plugins updated is vital. So is having a complete backup of your site. For worry free backup service which starts at $1.50/mo, Doteasy Auto Site Backup is a great deal for a great service.

Permalink.

The popular WP Download Manager plugin, with the record of over 850,000 downloads, helps users better manage, track, and control file downloads from your WordPress website. The plugin has been recently reported with a vulnerability issue found in earlier version of this plugin.

The WordPress site running this plugin is susceptible to code execution. With this vulnerability, the attacker may inject a backdoor and change the important credentials, including admin accounts. For full details, please visit this article published by Sucrui.

For those WP Download Manager plugin users, please update the plugin to version 2.7.5 ASAP. Don’t forget to perform a full site backup before updating the plugin.

Permalink.

Congratulations, you’ve successfully installed WordPress! But what to do now? Not to fear! We’ve devised a list of the top 10 essential steps to take next. Let’s dive right in.

1) Modify the Title, Tagline and Time Zone

This is the first step to making your site just a little more personal. In your WordPress Admin Dashboard, go to Settings -> General. You can change the timezone in the General Settings area as well. Be sure to save when you make a change!

2) Customize the Permalink Structure

In Settings, select Permalink and choose a new structure. We recommend that you choose the “Post Name” option. Again, don’t forget to save! This will make your site name more Google-friendly.

3) Keep Spam Out

Fight against spam comments by installing an anti-spam plugin. We recommend Antispam Bee– it’s free and can be a great first defence against spam.

4) Speed Up your Load Time

There are many ways to do this.

• First, install a caching plugin to reduce downloading time. A good free one to use is W3 Total Cache.
• Optimize your images – look into installing WP-SmushIt to reduce file sizes while maintaining the image quality.
• Install plugins to optimize your databases. WP-Optimize is a great one to clean up your databases.

A fast loading site will keep your visitors happy- and we all love happy visitors.

5) Use Social Sharing Plugins

This tip might be an unexpected item on the list- but this step is essential now more than ever. Allow your content to be shared and actually read. Check out the Social Share Button

Yes, we did promise to give you the top 10 steps to take after installing WordPress! Find the next 5 in Part Two.

Permalink.

After installing WordPress, you may find yourself wondering what you need to do next. This is the second part of our top 10 essential steps to take after installing WordPress. Find Part One here.

6) Arrange the Reading Settings

Want your latest posts to show up on your front page? Customize your page display to make it happen! Just go to the Settings area of your dashboard and choose the Reading settings.

7) Delete Unneeded Themes

If you’ve tried out a few different themes before settling on the one you’ve chosen, be sure to delete the unused ones. This will keep your site safer and lessen the chance of getting hacked. In the menu, find Appearance, then go to themes. Hover over the theme you want to delete, choose Theme Details, and delete the theme.

8) Beef Up Your Security

There are multiple ways to increase the security of your site. These are just a few ways to do it:

• Prevent against brute force attacks by installing a plugin. We recommend Lockdown WP Admin to hide the admin login page. Check out this video to see how to use this plugin to your advantage.
• Look into installing WordPress Exploit Scanner to keep you alert of any suspicious code in your file and database tables.
• We also recommend WordPress AntiVirus.

9) Install a SEO WordPress Plugin

You might have some amazing content on your site, but it would all be for naught if your posts never get a chance to be seen. Make your site SEO-friendly and optimize your posts for SEO with a plugin. We recommend WordPress SEO Plugin by Yoast.

10) Back It Up

You definitely don’t want to lose any of your website progress, so be sure to schedule some regular backups. Check out this video to learn how to manually backup your site in cPanel. If you don’t have the time to constantly backup your site, Doteasy also offers an automatic site backup service. It can be one less thing to worry about.

So that’s it, 10 essential steps to take after installing WordPress! Do you agree with our list? Let us know what you think.

Permalink.

Permalink.

A great number of WordPress plugins (including many popular plugins with over millions of downloads) have been reported with vulnerability issues due to the misuse of the add_query_arg() and remove_query_arg() functions. These plugins include:

•    Jetpack
•    WordPress SEO
•    Google Analytics by Yoast
•    All in One SEO Pack
•    Gravity Forms
•    UpdraftPlus
•    WP e-Commerce
•    WP Touch
•    Download Monitor
•    Related Posts for WordPress
•    My Calendar
•    P3 Profiler
•    Give
•    Broken Link Checker
•    Ninja Forms

As the problematic functions are very popular (functions used by developers to modify and add query strings to URLs within WordPress websites), there is a great chance that some other problematic plugins are not listed above. We strongly recommend that all WordPress users perform a full site backup and update the plugins ASAP. To learn more details about the vulnerability issues, please visit this blog article from Sucuri, the online website scanning firm.

Permalink.

A dangerous “Object Injection” vulnerability has been discovered in the WooCommerce plugin, which could allow an attacker to download any file on the vulnerable server. Attackers potentially downloading critical files which can result in a full site compromise.

If your WooCommerce “PayPal Identity Token” is set, you are most at risk.

Update Immediately

If you are using a version lower than 2.3.11, update the plugin as soon as possible. Remember to back up your site before updating your WordPress and Plugins. For a worry-free backup service, subscribe to Doteasy Auto Site Backup for just $1.50/month. For more info about this vulnerability, please read this article from Sucuri.

Permalink.

A Brute Force Attack is when a hacker tries many combinations of usernames and passwords until they succeed in guessing the right combination. Due to the fact that at any one time there may be many concurrent login attempts occurring on your site via malicious automated robots, this also has a negative impact on your website load time and performance. Therefore, we highly recommend WordPress users to install this comprehensive plugin, Lockdown WP Admin.

Lockdown WP Admin features hiding WordPress Admin (/wp-admin/) when a user isn’t logged in. If a user isn’t logged in and attempts to access WP Admin directly, the WordPress site will return a 404 error page. Users can can also rename the login URL. We’ve created this video to walk through the configuration steps for this plugin.

Permalink.