Check out each of them, linked below:
Check out each of them, linked below:
This is a guest post by Matt Hudson from La Lune Creative. He is a terrific graphic designer and has been building sites with ProPhoto and WordPress for many years. In fact, he designed https://pro.photo! He’s pretty passionate about simple site security measures so we asked him to write up a few tips for folks looking to improve their security without breaking the bank or adding heavy plugins.Keeping your WordPress site secure doesn’t have to be a hassle or even cost you anything. There are lots of paid services and plugins that can be employed for security, but here are 5 ways to keep your WordPress site secure without spending any money.
WordPress typically doesn’t allow you to pick “admin” as the default user name any longer; it depends on how it’s installed. The “admin” username is vulnerable for the fact that it’s easy to guess. At this stage, they only need to figure out your password to get into your website! The first step towards more security is to simply change out that username. ProPhoto has a tutorial on how to change your WordPress admin username.
Did you know that a more secure password can be more simple than a bunch of gibberish with numbers, symbols, and letters? If you do a Google search for “most secure password” you’ll find that several articles advocating a 4 word combination with spaces like
icecream dog bullet volvo . This is a very secure password, and is far more memorable.
We’ve helped a lot of clients over the years, and 98% of the time when we log into a client’s website it hasn’t been updated in some time. Falling behind on updates is probably one of the easiest ways to get your site hacked. WordPress does a pretty good job of letting you know it needs an update with an orange icon with numbers in it, indicating how many things you need to update.
If you’re finding that you have a lot of updates, and you feel like you’re doing it too frequently you’ll need to do some spring cleaning. Go into your WordPress install and delete all your unused plugins and themes. If you’re not using them, they’re not being updated, and if they’re not being updated then they are open to vulnerabilities. Did you know you can set up WordPress and plugins to automatically update?
Cleaning up your themes is a great idea. Realistically there is only a need for two in “Appearance > Themes” – the one you’re currently using, and one of the default WordPress themes (2018, or 2017, etc.). Obviously the active one should be there. The other one is there in case you need to manually update your other theme, which requires that activating another theme.
Another huge hack risk is the presence of outdated, unused WordPress installs left on your host. Typically these are from old blogs no longer in use, WordPress installations accidentally loaded in the wrong folder, or the remnant of a site move that was never removed. When they languish in an un-updated state, they become invitations for hacks. Be sure to login into your host’s control panel and make sure you don’t have any extra WordPress installs lying around.
It’s important to keep your site backed up in case something happens to it. There are several thousand plugins out there to help with backing up, and ProPhoto actually recommends one every time you install ProPhoto for the first time. Your host will likely also have a backup option, but most people don’t know that it’s not done automatically. With most hosts you’ll need to go in and setup your backups or you can ask your host to do it for you. No matter which option you choose, whether you go with a plugin or you’re using your host to do it, be sure to always have your site backed up and on a schedule. We have ours emailed to us weekly and backed up through our host daily. If you are using a plugin or some automated procedure, ask yourself, “Do I really know this is working?” If you can’t answer that with a resounding yes, then it’s time to investigate.
Use the Akismet plugin to it’s complete advantage. Akismet has been around for a long time (almost as long as WordPress) and it does it’s job extremely well without all the bloat from other plugins. It’s also usually pre-installed for you if you’re installing WordPress through your host. We only recommend that you turn on the setting that says “silently discard the worst and most pervasive spam so I never see it” option. Otherwise you’ll get a million notices that you have spam, and false positives will always be flagged and shown to you if it thinks it picks up a real comment so you’re totally safe to turn that option on.
You’ll also want to limit login attempts on your site. This prevents bots and malicious attackers from trying too many times to login to your WordPress site by blocking the IP address trying to login. A common one and one of the most popular ones is wp-login-lockdown. It’s not bloated, doesn’t have a ton of features, and it’s free. It only does what it’s supposed to and that’s all you need.
Google is now telling all websites that if you have any kind of form or areas where a user has to input information into your site, then you now MUST have your site on a secure connection. All hosts are now offering a free SSL certificate for your website. Google will also start favoring sites with the secure padlock in the browser bar over sites that do not have one as of October 2017. We offer services to set this up for you or you can contact your host and see if they can help you get this setup on your website. Or you can try setting it up yourself.
See? All it takes is five steps to keep your WordPress site secure. It doesn’t have to be hard or complicated, and you don’t necessarily need plugins that have a ton of features or bloatware. These basic steps will help keep your site nice and clean and worry free!
It’s that time of year for photographers. It’s cold outside, and there are fewer shoots to schedule. For most that means it’s time to work on business procedures, get some new gear, learn some new software and… work on the website. At ProPhoto we love winter; it’s our busiest season! Our sales numbers increase as people purchase ProPhoto and designs from our store to craft beautiful websites. We take great joy in seeing all these beautiful sites come to life. However, it’s also a time of gut-wrenching heartache as we help people discover that their hosting has expired and their website along with it. Hosting plans often start in the winter, that’s also the time with they expire.
As you work on your sites this winter, please avoid this disaster with the following two-pronged attack.
In the last week, I’ve had to be the bearer of bad news to at least three people. Your hosting expired. You’ve lost everything. Theres’s nothing I can do. For some it’s expired credit cards. Others don’t see a renewal reminder because of an old email address. Still others wrongly assume that we are their host. It’s a good idea to mark your calendar by your renewal date and set yourself a yearly reminder to pop in to your hosting control panel and make sure all your information is current. This is also a good time to see if you are on the fastest plan. Often, there is an upgrade or a different hosting plan that will increase site speed with little to no extra fees.
It blows my mind how many of our customers do not keep good backups. I know. It seems tedious. Probably just as many of us don’t have life insurance or a will (gulp!). There are lots of ways to backup your site. But whatever way you do it, you need two things – your website files and your database. Here are your basic options.
Don’t neglect either of these steps. Get them done and get piece of mind.