Laws Hosting's Blog

Below is a list of the top 5 tips that most WordPress administrators do not do, but should:

1. Don’t use the admin account – The default user account that is created with every installation of WordPress is the admin account. Unfortunately the entire world knows this, including hackers, and can easily launch a dictionary attack on your website to try and guess your password. If a hacker already knows your username that’s half the battle. It’s highly recommended to delete or change the admin account username.

2. Move your wp-config.php file – Did you know since WordPress 2.6 you can move your wp-config.php file outside of your root WordPress directory? Most users don’t know this and the ones that do don’t do it. To do this simply move your wp-config.php file up one directory from your WordPress root. WordPress will automatically look for your config file there if it can’t find it in your root directory.

3. Change the WordPress table prefix – The WordPress table prefix is wp_ by default. You can change this prior to installing WordPress by changing the $table_prefix value in your wp-config.php file, we recommend an unique value such as rtyujikj_. If a hacker is able to exploit your website using SQL Injection, this will make it harder for them to guess your table names and quite possibly keep them from doing SQL Injection at all.

4. Use Secret Keys – This is probably the most followed security tip on the list, but still amazed at how many people don’t do this. A secret key is a hashing salt that is used against your password to make it even stronger. Secret keys are set in your wp-config.php file. Simply visit https://api.wordpress.org/secret-key/1.1 to have a set of randomly generated secret keys created for you. Copy the 4 secret keys to your wp-config.php file and save. You can add/change these keys at any time, the only thing that will happen is all current WordPress cookies will be invalidated and your users will have to log in again.

5. htaccess lockdown – This is actually my favorite tip from my presentation. Using a .htaccess file you can lockdown your wp-admin directory by IP address. This means only IP addresses you specify can access your admin dashboard URLs. This makes it impossible for anyone else to try and hack your WordPress backend. To do this simply create a file called .htaccess and add the following code to your file, replacing xxx.xxx.xxx.xxx with your IP address:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Access Control"
AuthType Basic
order deny,allow
deny from all
#IP address to Whitelist
allow from xxx.xxx.xxx.xxx

You can add more “allow from” lines so make sure to add any IP addresses you plan on accessing your site from (ie Home, Work, etc). Remember most ISP use dynamic IPs, so your IP address may change on reconnecting to your ISP. If you get locked out just update your .htaccess file or delete it all together. This obviously is not a good tip if you allow open registrations as you need to allow your users access to wp-admin.

So, how many of these tips do you follow regularly?

Content management systems (CMS) assist you in the creation and maintenance of web sites even if you have little previous training. Operating a content management system is about as elementary as managing an Operating System (OS), so if you’re self-assured in your ability to deal with your OS, then you should be skilled enough to construct and maintain your online business correctly utilizing a website CMS.

There are numerous CMS for sale in the internet marketplace at the moment, a handful of which are free. Even though each content management system offers you lots of the same features, there are some particularly notable dissimilarities between each CMS. The most obvious differences are typically found within the graphical user interface (GUI), in which most of your site’s administrative tasks can be executed. Ordinarily speaking, just about all site CMS try to provide a simplistic interface, as this tends to make the software a bit more convenient.

What Makes a Quality Content Management System?

The full value of a content management system cannot be seen in it’s root capacities, but somewhat in the ability to interact with plugins to enrich functionality. Without these addons most Content Management Systems would be essentially pointless when attempting to perform more innovative tasks. Aside from their compatibility with plugins, a quality Content management system ought to be effortless to use, as it is the interface you will be working with to control your web pages on a scheduled basis.

What Exactly Do Plugins Do?

In basic terms, plugins let you expand the functionality of the CMS without the need for extra expensive software or programming skills. There are literally hundreds, if not thousands of plugins available that can assist you in nearly every aspect of site management and improvement. Most plugins are free, and can be found by using the search function within the CMS itself. For example, WordPress provides an installation/search module that lets you find and install plugins within one fell swoop. Plugins can do everything from help you organize your site, to improve your search engine ranking. If you’re not currently utilizing plugins within your content management system then you are not receiving the full benefit of your CMS.

Can I Create My Own Plugins?

The reason why so many plugins exist is because people are creating new ones on a daily basis. You can create your own plugins, however, you would need some PHP programming experience. You could also hire a programmer to make the plugin for you, using a freelancing sites. There  are plenty of skilled programmers that are struggling to make a living and would love to help yo with your project for a very nominal fee. If you find that there is a task you would like to automate or improve within your CMS, first try doing a plugin search, as most tasks can be executed using plugins that have already been created. However if you find you need a plugin that is completely unique, then you could easily contract the help of several programmers simultaneously to expedite the plugin development process.