Better WP Security

It is surprising to see most of the WordPress website or blog owners do not know much about their weak security. In case of a crash or being hacked, they may lose all they have because they don’t have a timely periodical backup or disaster recovery plan.

For beginners or old timers, the WordPress plugin “Better WP Security” is a must for most websites.
Installation is easy: just from your Dashboard, go to Plugins and Click Add New and type in “Better WP Security” to search and install. Then under Settings on the left, you will find “Security” Menu and you may click Dashboard to set up and enable the basic security features. Be careful of what you are doing, if you are not sure, you may want to call a “WordPress” professional to help you test it on a sandbox and then do it on your production website, which you may not want to let it down one minute at the important moment. This plugin has a great feature to set up database backup and email it to your mailbox (if your database is not too big for your inbox. Otherwise, a zipped database file over 100mb may blow up your mailbox.)

Talking about WordPress Backup, you may want to install another great plugin called “Online Backup for WordPress”, which offer you to backup all your WordPress files along with database.  You can directly download the whole backup file after the backup is completed. In case of the crash or even when your website is gone, you may choose another web server and upload the files and recreate the database with the dump file and your web site will be up within 30 minutes.

Here’s some detailed description about Better WP Security:

#1 WORDPRESS SECURITY PLUGIN

Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.

With one-click activation for most features as well as advanced features for experienced users Better WP Security can help protect any site.

 

Some Plug-ins to Help Improve Security

Someone has been trying to hack WP89.com! How did I know?
I’ve installed a WP plug-in called “Limit Login Attempts” and got warning email messages 3 times with 10 days saying someone from some IP address trying to log in as “admin” but failed many time and was blocked for 24 hours.

Here’s what I found about the hacker’s IP.

If you search for “Last user attempted: admin IP was blocked for 24 hours“, you’ll know how often a hacker tries to hack with user name:admin. Unfortunately, WordPress’s default admin user name is “admin” and it doesn’t make it easy for you to rename it.

A quick and easy way I can think of is: 1)create a new user and set it as administrator 2)and then (carefully) remove the user “admin” This works fine if you didn’t created any posts and pages with the user “admin”.

One other thing to make hacking harder is to change “Nickname” in your admin user profile page yourdomain.com/../wp-admin/profile.php to someone popular but use a hard to guess user name. And then change the “Display name publicly as” to that Nickname.

One simple and important thing to improve security is to upgrade your WordPress as soon as a new version (usually includes security patches) comes out. Hackers hacked into one of my popular sites and one of my friend’s and embedded some “Viagra” sales contents to show up Google search results (it only shows the hacked contents to the search engine robots (especially to Google) but hide the content to regular visitors include site owners through a web browser so it is very hard to notice. More often, you will only notice after Google sends you a notice saying your site is removed from their index and won’t show up in their search research. If you have this problem, we can help you to solve it. Please contact us.

A New Feature of WordPress 3.2

Did you upgrade to WordPress 3.2.1? You should if you have just upgraded to WordPress 3.2.

Did you notice the new feature of WordPress 3.2 when you upgraded? What?
Now, it only updates the changed files rather than replaces all the files in your installation. What a bandwidth saver. Great job WordPress team!

Thank you.

Google’s Incorrect WordPress Upgrade Warning

When using Google’s Webmaster Tools, I saw a message to me, saying

Dear site owner or webmaster of http://mydomain.com/,

Your site appears to be running an older version of WordPress. Google recommends that you update to the latest release. Older or unpatched software may be vulnerable to hacking or malware that can hurt your users. To download the latest release, visit the WordPress download page.

If you have any additional questions about why you are receiving this message, Google has provided more background information in a blog post about this subject.

Best wishes,

Google Search Quality Team

I rushed to check my WordPress version, it is already WordPress 3.1.3, the latest official release.  And the Google message date is June 18th, 2011. I do appreciate Google’s effort in helping us to secure our sites, but this time, it is a false alarm. We just hope that they figure out what went wrong in their checking system.

I was guessing that it could be my caching system, but I check Google cached copy of my site on June 16th, 2011, the source code already reveals that we were using WordPress 3.1.3. This reminds me that we may need to hide the

meta name=”generator” content=”WordPress 3.1.3″

in our header.

Another thing I found is that I didn’t get the upgrade warming message for other three WordPress sites but my other one site got the same incorrect warming about the upgrade.

WordPress Theme Updates

Envisioned WordPress Theme Download | WordPress Themes – Free

Envisioned is a beautiful and powerful portfolio theme that enables you to easily create professional, multi-media galleries. Envisioned has the most powerful gallery features of any of our themes, allowing you to

Publish Date: 06/12/2011 1:57

http://www.newwordpresstheme.net/2011/06/wp-themes/internet/envisioned-wordpress-theme-download.html

WordPress – Nuance – Powerful Modern WordPress Theme – ThemeForest

Nuance is a theme that we've made with in mind to keep it simple and flexible as possible. Like our other themes, it contains the amazing Content Composer so you can create professional pages…

Publish Date: 06/12/2011 9:31

http://themeforest.net/item/nuance-powerful-modern-wordpress-theme/287250

WordPress – TouchSense – Multipurpose WordPress Theme – ThemeForest

TouchSense is a WordPress theme carefully designed and coded to fit any corporate website or a stylish blog. Lots of shortcodes, skins, galleries and even a custom image slider built specially for …

Publish Date: 06/09/2011 13:32

http://themeforest.net/item/touchsense-multipurpose-wordpress-theme/273403

Spirit-Stream WordPress Theme | TemplatePanic.com

Spirit-Stream WordPress Theme. Featuring modern jQuery Powered Sliding Gallery, and theme options page. Compatible for WordPress 3.1. Documentation about how to use this theme included in the zip file.

Publish Date: 06/06/2011 19:16

http://www.templatepanic.com/articles/spirit-stream-wordpress-theme

Do you wish that you can show your own portfolio nicely on your sites, check these out:

10 Most Incredible Premium WordPress Portfolio Themes

Want a theme for your portfolio website and wouldn't mind sparing a few bucks? Have a look at these Premium WordPress Portfolio Themes!

Publish Date: 06/12/2011 0:56

http://allyouneedislists.com/design/web-design/10-most-incredible-premium-wordpress-portfolio-themes/

WordPress + BuddyPress can hep you build great social network online community with great traffic. Web 2.0 is still the trend.

Make Your WordPress Theme Compatible with BuddyPress Using the

The BuddyPress Template Pack plugin has been downloaded over 85000 times since its release in February of 2010. In case you've never used it.

Publish Date: 05/30/2011 6:00

http://wpmu.org/make-your-wordpress-theme-compatible-with-buddypress-using-the-updated-bp-template-pack/

5 best buddypress themes with widget ready and plugin

Now a day's Buddypress is becoming more popular so, I am presenting a collection of 5 best buddypress theme which are widget-ready with drop-down menus, grid-based layout samples, plugin integration and shortcodes for your footer.

Publish Date: 03/20/2011 20:18

http://itinfoz.com/5-best-buddypress-themes/1190

WordPress for Dummies Download

WordPress for Dummies is a highly recommended book for WordPress beginners. Wouldn’t be nice if you can download and start reading it right away?

Yes, you can. Here’s a few options you have:

You may also download WordPress for Dummies Cheat-sheets here.

WordPress For Dummies, 4th Ed.

Being an senior Web developer, I still love Dummies books when I want to show my clients or students how easy to learn things with these books. Lisa Sabin-Wilson’s WordPress for Dummies are so great that people are expecting her new WordPress for Dummies 4th Edition to come on October 18, 2011. Previous editions of this guide have sold more than 85,000 copies, and interest in blogging continues to explode. If you don’t want to miss it, you can pre-order it now

softaculous vs fantastico

For WordPress users, beginners or advanced, they love the easy installation of WordPress, which may be completed from the hosting control panel, such as cPanel offered by Arvixe.

I had been enjoying the great web application installation services from Fantastico until I found Softaculous also available from the ControlPanel.

With Arvixe Hosting service, you can find both Softaculous and Fantastico are listed side by side in the “Software/Services” section:

softaculous fantastico side by side

softaculous fantastico side by side

Both Fantastico and Softaculous are great in offering quick installation of popular software (web application) with simple steps (Fantastico makes the installation into 3 steps while Softaculous requires only one, thus few clicks.): blog, cms, shopping carts (online stores), ERP, and educational Software. Both of them create the needed database and install the software automatically for you. However, it seems that with 200 auto installation scripts (premium license that Arvixe bought), Softaculous, the new comer, is winning more users. According to a Cpanel user forum poll, over 85% of users prefer Softaculous over Fantastico.

One of their users said

Softaculous is good forWHMCS and Magento users as well as hosting provider becasue both scripts are present in Softaculous and easy to install as compared to manual installation.

The e-commerce web applications from Fantastico only include three: “CubeCart, OS Commerce, and Zencart” while with the premium Softaculous that Arvixe hosting offer, you have 13 choices, including the above three and OpenCart, PrestaShop, phpShop, Magento, WHMCS, CubeCart, AccountLab Plus, PHP Point Of Sale, TheHostingTool, TomatoCart. (Even the free version of Softaculous has 10 more scripts than the paid version of Fantastico, which has only 50 scripts.)

For WordPress users,  the installation of WordPress offered by Softaculous are so up to date: see our WordPress news on WordPress 3.1.3. It makes Fantastico’s WordPress installation a bit outdated. One good thing about Softaculous WordPress Installation is that it offers you different language versions of WordPress, which is not found with Fantastico.

It seems that it takes a lot more efforts for Fantastico to catch up with Softaculous. Otherwise, Fantastico may lose more and more market to Softaculous.

I was frustrated a few times when the installation is missing for some popular Web application by the Fantastico auto installer. Way to go, Softaculous!

WordPress & HookPress

Mitcho created a great WordPress plugin and a video tutorial on WordPress.tv.

The great features of HookPress were well explained clearly by Mitcho, the HookPress author.

With HookPress on WordPress, you can

  • create Post webhooks
  • create push notification (it supports both actions…)
  • create filters

The bottom line is that you can extend WordPress without PHP

Here’s the video:

Mitcho is a MIT Linguistics PhD student. He has another “must-have” WordPress called “Yet Another Related Posts Plugin”, also popular among WordPress users. Way to go, Mitcho!

To install HookPress, just go to “Add New” Plugins menu in your backend (Dashboard), and search for “HookPress”, then you can have it automatically downloaded and installed with a couple of clicks. If your hosting server does not allow you to do that, you may go to http://wordpress.org/extend/plugins/hookpress/ to download and install it.

WordPress 3.1.3

A new WordPress version 3.1.3 , a minor upgrade, was released yesterday (5/25/2011). Great job WordPress team. Keep up the good work. Thank you!

WordPress 3.1.3 was released on May 25th, and on May 31, when I tried to have a new installation of WordPress with Softaculous ( free service offered with Arvixe Hosting ), WordPress version 3.1.3 was already available! Meanwhile Fantastico’s WordPress is still giving you online version 3.1 (Of course WordPress upgrade is easy with Arvixe Hosting server, but still that is extra clicks and some new WordPress users may not be aware of the necessity of upgrading to 3.1.3 in timely manner.

The bottom line is Softaculous WordPress auto installation is now more updated, easier and faster (one step compared to Fantastico three steps). Also it offers installation backup which Fantatico does not have.