WordPress Security Practices – Thwarting The Hackers
Here's a short video on WordPress security practices. It covers what you can do to improve the security of your WordPress website. We all know that hacking is on the increase and you risk losing your entire site in a hack.
But is there really anything you can do to prevent a hacking attack? Watch my short video and decide for yourself!
WordPress Security Practices
Here is a summary of the actions YOU can take today to improve the security of your WordPress site.
- Keep WordPress up to date
- Keep your plugins and theme updated
- Avoid brute force attacks
Once you've watched the video, it may be obvious what your next steps are. In that case, just get those things implemented today, and harden the security of your site.
On the other hand, it may be that you need a little advice on the best way to go for you and your site. As WordPress security can be a complex issue, I'm happy to help you out.
If you'd like a no-obligation chat about the security of your site and how it can be improved, contact me, Alun Richards, here: http://wptrainingnow.com/blog/contact
WordPress Security Best Practices – How To Thwart The Hackers
You hear people talking about WordPress security best practices - but what are WordPress security best practices? What do they involve, and can you implement them yourself?
You may of course be worried about people getting into your WordPress site. You should be! This article lets you know the ways hackers normally hack your website so you can safeguard against them.
Fortunately computer hacking is not really like you see in the movies. Hackers don't typically plug in a fancy computer and run a bunch of numbers. Usually the way people get into your website is through an out-dated version of WordPress, out-dated plugins or themes with vulnerabilities, and easy to guess usernames and passwords.
Did you know that Al Gore's blog has been hacked, CNN blogs have been hacked, and these all happened because they used older versions of WordPress. But as soon as these high profile blogs were hacked, the creators of WordPress released a newer version that prevented these kinds of attacks.
WordPress Security Best Practices
The good news is that having good protection against hacking is more about putting best practice procedures into place rather than spending a fortune with a security consultant. So what is my advice regarding WordPress security best practices?
1. Keep WordPress Up To Date
One of the biggest vulnerabilities, as we've just seen is with out of date copies of WordPress. That's why it's a very good idea just to keep your WordPress version up to date.
Usually when WordPress fix a problem, it's a small and obscure bug and you can upgrade the latest version in just one click. In your WordPress dashboard, go to the updates area and they will tell you either that WordPress is up to date, or that it needs an upgrade. Click that button and you are good to go.
Incidentally, WordPress is not especially vulnerable to hacking, it's just that as it powers about 25% of the websites worldwide, a lot of people know a lot about it. And hackers in particular, exploit the tiniest vulnerability again and again.
2. Keep Your Plugins Updated
It's no good having an up to date WordPress version if some of your plugins still contain those security holes. If you are really worried about it then do a few Google searches for the plugins you're using on your site and see if anyone has reported security holes or flaws with these plugins or themes.
A widely publicised security hole in the past was due to a WordPress plugin called Tim Thumb. This was a way to resize images in a theme so you could upload a picture or a logo to that theme. Unfortunately, the way that it resized that image allowed someone to gain access to the associated WordPress site.
If you happen to have one of those plugins or themes, all you had to do was do a quick search and update the latest version of that plugin or theme, that fixed the issue. Now on a very-very rare basis, some plugins are simply no longer updated, but if they aren't a Google search will tell you this, that you are using an insecure plugin that has no updates, and in that case it's a good idea to stop using it and find an alternative.
3. Avoid Brute Force Attacks
Even with the most up to date WordPress and most up to date plugins, most hackers gain access to your WordPress by simply guessing your username and password. Trying common usernames and passwords repeatedly is called a brute force attack. For example, by simply trying to login using the username Admin and password Admin, or username Admin and password Test.
So if you have an admin user called admin, we need to correct that. What you should do is delete that Admin user after setting up a user account using (say) your first and last name, and a password containing letters and numbers that no one will ever guess.
One of the security plugins I recommend is WordFence. This forces you to choose a hard to guess password and allows computers who have had repeated attempts at guessing your username and password to be locked out.
WordPress Security Best Practices Summary
In this article I've covered some of the easy ways that hackers use to get into WordPress - and how you can protect yourself against them. In short, keep your version of WordPress up to date, and keep your plugins and themes up to date too. Google the names of the plugins you're planning on using to make sure that there are no vulnerabilities in them. And above all use hard to guess usernames and passwords in WordPress.
Just by doing this you are making your WordPress site harder to hack. And it may be that a hacker will turn his attention to a site that's easier to hack. If you'd like to know whether your WordPress site has vulnerabilities, just contact me for a no-obligation chat here: https://www.wptrainingnow.com/blog/contact/
Convert Prospects To Clients With Email Autoresponders
Do you want to convert prospects to clients with email autoresponders? Are you aware of the three biggest mistakes that website owners make with their email autoresponders? Ones that could be killing their prospecting efforts stone dead?
If you want to avoid the three email autoresponder mistakes that stop most people dead in their tracks read this immediately because the killer mistakes and what to do instead are inside this article.
Mistake No.1: Not Having a Follow-up Sequence
What is the mistake?
The mistake here is simply not having a follow-up sequence. What do I mean by that? A follow-up sequence is a sequence of emails that are automatically sent by your autoresponder in response to a new prospect signing up to your email list.
The trouble is so many people don’t have ANY follow-up sequence. They simply send the new prospect their free report and nothing more.
Why is it a mistake?
This is a huge mistake because you’re missing out on developing a relationship with someone who is clearly interested in your services. They have taken the time to subscribe to your list, and now you’re leaving them high and dry.
This is like turning away business by having a shop and keeping the front door locked. It’s madness!
What should you do instead?
Instead of leaving your new prospect alone with their new report, write a sequence of emails that they will receive over the next few days or so. It’s not terribly hard to do. So just write a few more emails and load them up in your autoresponder. You do the work once and you benefit from it for every prospect who signs on – automatically!
Mistake No.2: Not Developing The Relationship
What is the mistake?
The mistake here is to not develop the relationship with your prospect.
Why is it a mistake?
Consider your prospect’s outlook and situation. They are sufficiently interested in you to request your free report and sign up to your list. In the back of their mind, they want something, and maybe you can provide it. But – and this is crucial – no-one is going to buy your services unless they know what you are offering, it meets their needs and is cost-effective for them.
And they certainly are not going to do this with someone they don’t know.
What should you do instead?
You need to develop the ‘Know, Like and Trust’ in your prospect. That is, they need to know you and what you offer, they need to like you and they need to trust you.
But how exactly do you do that?
You can do that via your email sequence. If you design that sequence correctly, you can build that relationship very effectively. Your emails must allow people to get to know you and your services. So you do need to tell them a bit about the advantages of working with you, so they understand.
The emails should build this knowing, liking and trusting through what you share with them.
Mistake No.3: Not Considering What Your Prospect Really Wants
What is the mistake?
Let’s get back to basics for a minute. If you haven’t considered what your prospect actually wants, you’re unlikely to be able to supply it – unless you do it by accident.
Why is it a mistake?
Your prospect is only really going to be interested in what you supply if it’s something they want and need. So you’re not going to be able to develop a relationship with a prospect so they become a customer unless you know exactly what they want - and you’re able to supply that.
What should you do instead?
Be clear on what your best customers want – and hence what your prospects probably want. But don’t leave it to chance. Ask your customers regularly what they want.
You can do this with a simple phone call, or you can automate it online with a survey tool like SurveyMonkey.
Convert Prospects To Clients With Email Autoresponders
Now that you know the top three email autoresponder mistakes and how to avoid them, I'd like to invite you to take your next success steps with a free consultation. That way you can convert prospects to clients with email autoresponders
If you're an existing website owner who wants to build their email list and convert prospects to clients, I can help you by designing a custom email autoresponder sequence.
To contact me and arrange a complimentary 1:1 session click here to contact me: https://www.wptrainingnow.com/blog/contact/
How To Make WordPress Safe Without Any Plugins
I don't know about you, but when I was first securing my WordPress blog, and I was researching to see what others were doing to keep their blog safe, I found so much information that I was completely confused. And some of the information was in fact over the top or supersticious. People told me to rename this file, rename this folder and install these ten plugins. It seemed to be quite a bit of work and effort.
An easy way to keep WordPress safe is to use a few built-in tools. First of all, don't allow people to list the files in your folders, run a web host security scan and automatically backup your entire web hosting account.
By default, the latest version of WordPress is pretty darn secure. Anything that might have been added to any WordPress security plugins has been considered by the development team of WordPress. In the past, WordPress did have holes but now most of them are filled up.
The first thing you should do is check your various folders. For example, your WordPress blog has folders, such as wp-content, wp-admin, wp-includes. So if you went to your site /wp-content in a web browser, what shows up? Does it list all the folders and files in that folder? And if so, all you have to do is upload a blank file named index.html into that folder to make sure that no one can view it.
What if you go to wp-content/plugins, can you view that folder? If so, upload that blank index.html file into that folder as well so people can't view what plugins you have. Because even if your current version of WordPress is up to date, if you are using an old plugin or a plugin with a security hole, someone can use that to get access.
Next, most web hosts in the cPanel area allow you to run a security scan and see if anyone has injected any bad code that may be used to grant an authorized access, send emails, or something like that.
Just run that web host security scan and see what comes up, and if anything comes up that looks out of the ordinary or you are not sure of, contact your web host and see what they think. And whether or not you find anything bad, automatically backup your whole account. In cPanel you can backup your entire web hosting account and save it to your hard drive so that even if something goes wrong at some point, at least you have a back up copy of everything that's there.
Those are three very simple things you can do to keep WordPress safe without plugins. Put a blank index.html file in your folders, run your web host security scan and backup your entire account.
The Three Biggest Mistakes Blog Owners Make With Their Blogs
Do you know the three biggest mistakes blog owners make with their blogs that kill their results stone dead? Do you know what impact these mistakes have on your business?
However, you may want to more traffic, visibility, leads and sales . You may want to avoid the blogging mistakes that stop most people dead in their tracks.
If that sounds about right, read this immediately because the mistakes and what to do instead are inside this article.
Mistake No. 1: They don't create enough content to make a difference
What is the mistake?
I see this all the time, regrettably. So many people have a great looking website with a blog. But there’s barely anything on their blog. No posts. Nothing to read.
Or even if there is content, it’s really sparse and out of date. It’s of no use to anyone!
Why is it a mistake?
If you don’t have sufficient published content, then there’s no reason for people to visit your blog. It’s all very well your theme looking good, your layout and banner is great, there are lots of pictures, but really and truly, your readers come back to you for your unique content.
What should you do instead?
Instead of leaving your blog languishing in limbo, it’s really not hard to create fresh content. Just get into the habit of writing blog posts. They don’t all have to be War and Peace! But if you get into the habit of sharing your tips and tricks and people find them valuable, they will come back for more.
Mistake No. 2: Believing they are not creative enough
What is the mistake?
The mistake here is for people to believe they are simply not creative enough. I see this one all the time, too.
Why is it a mistake?
This is a mistake because when people believe this, they close down any possibility of creating any content for their blog. And then when they don’t take any action, they reinforce this belief. So it just gets harder and harder to create content.
What should you do instead?
Instead of believing you are not creative enough, you should first of all bin that belief. It’s not helping you, it’s not relevant.
Now I’ll let you into a little secret.
Many of the so-called creative people I know are actually non-creative people who have a process they follow. As it’s a process, it’s a bit like a recipe. If you follow all the steps in order, you can guarantee the results. Anyone can do it.
They follow this process, and bang, it creates the output that people see as creative. The key is to have a reliable process to do this. I'm going to take you through this process on my online training.
Mistake No 3: Procrastinating by not deciding where to publish their content
What is the mistake?
The mistake here is to not take action. There are a variety of causes. Some people delay as they can’t decide where to publish. Should it be on eZineArticles? Another article site? Multiple article sites? Should it actually be an infographic published on Pinterest?
Why is it a mistake?
This is a mistake because all the time you’re delaying, you’re losing prospects to your competitors. People who have less skills and knowledge than you, but who are getting well known in your market as they take action.
What should you do instead?
Instead of worrying where to publish your content, you should just put it up on your blog. Get it up then optimise the content for the search engines. Then your content stands a chance of being found.
Once you’ve done that you can then look around for other places to publish it. But get it up on your blog first!
Your Next Steps
Now you're aware of the top three mistakes blog owners make and how to avoid them. So I'd like to invite you to take your next success steps with your free access to my ‘Content On Steroids’ Online Training.
If you're a blog owner who wants to make your blog come alive with your unique blog posts yet don't know how to start then my "Content On Steroids" training will help you to banish writer's block forever. The process I’ll show you generates unlimited ideas for killer content you can create in a flash. AND it guides you to create all the content you want - articles, blog posts, videos, presentations - you name it!
Click Here To Reserve Your FREE Online Training and Discover How: http://alunloves.it/content
Avoid WordPress Security Vulnerabilities – Quick And Easy Tips
Want to know how to avoid wordpress security vulnerabilities? Here's a quick security question for you. If you have a WordPress site and the username and password you use to gain access to it are Admin and Test (or password!, are you at risk for your website being taken over?
The answer is yes. What is said is you can have all security measures, all the fancy security plugins in place, but if your password is something that they can easily guess then you are leaving the door wide open.
That's why it's important to have a secure and hard to guess WordPress login and password. What can you do? Make sure your username is not the name Admin or Adminstrator, change that WordPress password regularly and use different passwords than you use for other WordPress or FTP sites.
Don't Use Admin As a Username
By default, when you set up WordPress it uses it with the username Admin, which means that when you login you type in the username Admin and some password. But this is giving the hackers half of the information they already need. If they already know that you are using this Admin, all they have left to guess is the password. And don't use something obvious like your first name, your first name and your last name or the title of the site.
But if your username is something meaningful to you but not obvious to strangers, now they don't know where to start with the username. And now potential intruders they are guessing about two different factors - your username and your password.
That's why even though WordPress, by default, sets your username as Admin, the first thing you should do is create a new user account and name it your first and last name, save it and then delete that original Admin account, that will cut down on a lot of automated attempts.
Change Your Password Regularly
Something else that is easy to do is change your WordPress password regularly. For example, once per month. This means that you are always thinking of some new thing to type, and some new password that someone might never guess, because you are changing it every month. You would be surprised at how many passwords consist of someone's name, child's name, or pet's name but if you are changing a password on a regular basis, adding in letters and numbers to it, now that's a password that no one will guess which means that no one will have access to your site other than you and the people you choose.
Finally, set different passwords than other WordPress blogs you own. Set a different password other than your email address or your FTP account. The problem with setting the same password for different accounts is if someone gets access to your WordPress site, now they have access to your website, your other WordPress sites, your email, your FTP, and so on. But if you use different passwords for WordPress, for email and for FTP that means if someone happens to gain access to your WordPress they don't have access to your other accounts.
WordPress Security Vulnerabilities Summary
In this article, we've looked at a number of common WordPress security vulnerabilities. We've seen that setting a secure WordPress login and password is easy. We've covered why you don't want to use Admin as your username, and the importance of changing your admin password regularly.
We saw how we must use different passwords for multiple WordPress blogs, for your email account and for your FTP account.
If you've read this article and want to know the next steps to keeping your WordPress website secure, why not request a chat about your security and perhaps how I can help you? Just fill in the form on http://wptrainingnow.com/blog/contact , and I'll be in touch.
The Three Mistakes People Inadvertently Make With Their Blogs
Do you know the three killer mistakes that people inadvertently make with their blogs? The mistakes that virtually guarantee they will not get attention, traffic and sales?
If you’re an aspiring WordPress blogger who wants to know how to make your blog attractive to your market, then read this article to take your WordPress blogging skills to the next level.
Mistake No.1 - Not Creating Any Content!
What Do I Mean By This?
This one's pretty obvious. I see so many people who have a website, then have let it stagnate. They have a blog and may even have a few articles. But they've not kept it updated. The last blog post is over a year ago. It's gone out of date. It's not attractive to people, and so people no longer visit.
Why Is This Important?
People value what you can do if you can explain what their problems are and how to get over them. Your ability to do this will determine how successful you are.
Your content is key. And the best place for your content is on your blog. So your biggest mistake - by far - is not regularly creating content that inspires, informs and educates people.
What To Do Instead
You need to evolve a way of regularly creating content that suits you. Regularly producing quality blog articles are one way to do this. This means creating useful content that is published at least weekly.
There are several ways of creating content as well as the traditional way of creating text articles typing them out. You can dictate them and get them transcribed. As you can (probably) talk at least five times as fast as you can type, this is a very time effective way of creating content. You can also use PLR as a very rapid means of creating content.
Mistake No.2 - Not SEOing The Content
What Do I Mean By This?
Search Engine Optimisation (SEO) is the process of optimising how you content appears to the major seach engines like Google and Bing. It involves ensuring that highly searched for terms - keyword strings - for your topic are found in the right places in your blog articles.
Why Is This Important?
I'm going to assume there's a call for your content, otherwise this section is a waste of time. So I'm assuming there is a demand - that people are crying out for your unique content. There is? Good. You now have to ensure that your content gets into the hands of the people who need it.
What To Do Instead
This means having your content easily found by the search engines. This involves undertaking Search Engine Optimisation (SEO) on your content. You may elect to outsource this task, or you may undertake it yourself.
What? I hear you say? Do my own SEO? Yes, and with the new SEO plugins available, this is easier than ever before.
Mistake No.3 - Not Having Marketing Structures in Place
What Do I Mean By This?
Some people have great content and it's even indexed by the search engines, but then miss out on getting their motivated readers to take the next step.
Why Is This Important?
This is the most costly mistake, as all the work you've done in creating content and carrying out SEO is wasted! Think about why you created the content in the first place. Yes, it may have been to inform, educate or amuse, but ideally it should be a stepping stone to getting more business.
What To Do Instead
You need to have a compelling call to action, and your motivated readers but be able to see and read this call to action. It must be in line with your blog article and must take them further.
Your call to action may be to book on an online training, to opt into an email list on a landing page or perhaps to buy your book. It must be a specific action that is in line with your article, and one that builds your business. This may be via getting more prospect leads or getting income from products or services you provide.
Summary of WordPress Blogging Mistakes
As you reflect on these mistakes - not creating content, not SEOing the content, not having marketing structures in place - consider which, if any, of these mistakes you are making. And now that you know the top three WordPress blogging mistakes, I’d like to invite you to take your next success steps with free instant access to my free “Blogging For Profit Online Training.”
If you’re a WordPress site owner who wants to make your blog the go-to site in your market, then my free “Blogging For Profit Online Training” will do that. I will show you how to get over these three killer mistakes quicker than you may believe. Join me.
Click Here now to reserve your place: http://alunloves.it/blogging
Reduce WordPress Hacking With Three WordPress Plugins
How can you reduce WordPress hacking with three WordPress plugins?
Let's be frank - hacking of websites is on the increase. And every website owner needs to take steps to prevent hacking. Is these a solution to this? Read on to discover the steps you can take ...
Install these three simple plugins to WordPress to minimise the risk of hacking and intrusion. It's never fun for someone to get access to your WordPress blog, but unfortunately it happens every day. Every day hackers delete, deface or simply take over websites. You can avoid all that by installing the Login Lockdown plugin, the HTTPS for WordPress plugin and the WP-Security plugin.
Login Lockdown
Login Lockdown is a plugin that blocks access to your blog if someone enters the wrong password too many times. This is a common technique for hackers to get entry to your WordPress blog. They simply try many common passwords over and over until something works. So Login Lockdown will block access to someone after a certain number of failed passwords. It's a very simple plugin and it makes sense for you to install it to make sure that any intruder is now locked out.
Https For WordPress
You should also consider HTTPS for WordPress. HTTPS or SSL encrypts everything that gets sent to and from your WordPress site, including your username and password.
Normally your username and password is broadcast out in the open. That means if you use any kind of public wifi anyone else on that wifi can install a simple plugin and capture every password you type into WordPress. That is really not good.
To guard against this, you can either not use unsecured wifi or you can use this HTTPS plugin. This will force you to use HTTPS when logging into your WordPress dashboard, therefore protecting your password from prying eyes. Note that you will also have to have your hoster install an SSL certificate, which may involve some cost to you.
WP-Security
And finally, the WP-Security plugin installs right into WordPress and scans all your folders for many security vulnerabilities. It checks it for any weak points, any holes, out of date plugins and gives you a very easy to follow list of things that you must do in order to keep WordPress secure.
Obviously, I can't guarantee you will be 100 percent hack proof, but you need to at least take these basic steps to keep yourself safe.
Summary: Reduce WordPress Hacking With Three WordPress Plugins
These three plugins will get you on your way to having a secure WordPress blog. Install Login Lockdown to lock out anyone after a certain number of failed attempts, install HTTPS for WordPress to make sure that any time you login to your dashboard it moves you over into SSL, and WP-Security scan your folders.
There are many other useful plugins that you can install to improve your security. But beware - some will clash with others. To have a no-obligation chat about improving the security of your WordPress site, contact me here.
