Let’s begin by making an especially radical statement: 100% security is impossible to achieve with WordPress! Why? because it would be both impractical and all but impossible to maintain. Nevertheless, there are many steps you can take which will render your blog a great deal more secure than the vast majority or WordPress blogs currently online.

The most important step, is, appropriately enough, NOT to install WordPress using Fantastico! It’s unfortunate how, on forums etc., everyone posts saying use Fantastico, while I seldom read anyone explaining why this is actually such a bad foundation for a new WordPress blog.

Why? It’s simple: by default, a Fantastico installation sets “wp_” as the prefix for each WordPress table name. Knowing this, hackers find it especially easy to send malicious code targeting your wp_ based tables. It’s as if you’ve put a ‘welcome’ mat at the door for them. This knowledge makes it a doodle for them to change the appearance of your site, redirect your url to their site, plus a whole host of other nasty things.

But, virtually everyone reading this already has WordPress installed and running on their servers, so let’s move forward with how you can not only remove that ‘welcome’ mat from the door, but also install a burglar alarm.

Here is a link to the actual WordPress instructions for what they call a “Five Minute Install“.

Your Own Computer

To begin, you need to take a realistic look at your computer. Is it free from spyware, malware, and virus infections? I promise you, you can implement the tightest security on your blog, but if you have a keylogger lurking somewhere on your computer, it won’t do you an iota of good. Malicious keyloggers are very similar to viruses and trojans; they are used by hackers to violate user privacy. Keyloggers can take the form of software, or, on non-wireless keyboards, lurk between the keyboard’s plug and the computer’s keyboard. port. Spybot Search and Destroy will detect and remove most keyloggers. It is absolutely free to use, although users can make donations to its author Patrick M. Kolla

WordPress Updates

As with most software packages today, in order to address security issues, WordPress gets updated regularly, so, let me begin by reminding you of the importance to always stay updated with the latest version. Since version 2.7, WordPress has featured automatic updates, made available for you to install through your Dashboard, and although many purists will insist you do it manually, I disagree.

Provided you always make it a habit to perform a full backup first, there is nothing wrong with using the automatic update option, especially if it’s the difference between updating “now”, or leaving it “until you have some spare time”. But note my caveat: a full backup. Many backups do nothing more than backup the blog’s MySQL database and these are of little use to you in the event of a catastrophic loss. I use and highly recommend the WordPress Backup To Dropbox plugin.

Plugins and Theme

Similarly, always keep your plugins and theme updated to the latest version and delete any you are no longer using. Delete any plugins and themes you are no longer using.
NOTE: I always keep the default theme which installed with WordPress, just as a fallback in the event of any issues suddenly cropping up with your chosen theme.
Read the rest of this entry

That’s right—beginning immediately, all the WordPress blogs I install for clients (including the free option), will include a 17-part set of HD-quality, professionally-produced, tutorial videos run directly within the dashboard. These videos are meticulously scripted, narrated and edited and will be automatically updated to keep up with the latest release of WordPress.

This has to be an enormous advantage for anyone new to WordPress, or bloggers with limited experience. In the past, clients with questions have had to rely upon either phoning or emailing me for an answer, but now I’m certain these 17, polished and precise videos will show clients exactly how to use all the features of WordPress, increasing the value they get from their WordPress powered website.

What the 17 videos include:

1.  The Dashboard
2.  Create a New Post
3.  Edit an Existing Post
4.  Using Categories and Tags
5.  How to Create and Edit Pages
6.  How to Add Photos and Images
7.  How to Embed Video
8.  Using the Media Library
9.  Managing Comments
10.  How to Create Links
11.  Changing the Theme, Header, and Background
12.  Adding Widgets
13.  Building Custom Menus
14.  Installing Plugins
15.  Adding New Users
16.  Useful Tools
17.  Settings & Configuration

I see these videos as a huge upgrade to the level of service I’m providing for my clients, they are of the highest quality and will be continually kept updated so that they keep up with the WordPress content system.

Google+

Wordpress plugins have been a much-discussed topic since programmers first began writing them for WordPress.org blogs. Today, plugins come in all shapes and sizes, and their capabilities are virtually limitless. As a stand-alone function, WordPress is, in my opinion, an unparalleled CMS (content management system); extended with a few carefully chosen plugins, it will do almost anything you can imagine.

The problem arises when people begin randomly adding plugins to their WordPress blogs. All over the internet there are lists similar to:

• 10 best WordPress Plugins
• Best WordPress plugins
• 30 Powerful WordPress Plugins
• Ultimate collection of WordPress plugins

In most cases, apart from a handful of basics, many of these lists are nothing more than a reflection of their author’s personal opinion. The plugins he or she names are probably perfect for the structure of his or her WP blog, but are simply not necessary for the blogs run by an average reader.

A blogger can read just a handful of these lists, install all the plugins they recommend, and end up clogging up their blog with scores of plugins, 99 per cent of which are completely unnecessary.

Many are poorly written, inefficient, resource hogs, creating a slow site and heavy server loads. You could end up receiving a complaint from your service provider because you are hogging too many server resources. There is even a plugin called PluginHogDetector which will help you track down the CPU hogs. No, I’m not recommending you install it!

There are four basic “must-haves”:

1. Akismet: Literally used by millions, Akismet is the very best WordPress plugin to defend your blog from comment and trackback spam 24/7. You will be required to sign up for a free Akismet API key, and configure the plugin. Each time a new comment, trackback, or pingback is added to your blog, it’s first submitted to the Akismet web service which runs hundreds of tests on the comment, and returns a “pass” or “fail”. This means you won’t be wasting your time sorting and deleting spam comments from your blog.



2. BackupBuddy: A backup, restoration, and migration plugin; it’s the only one which fully backs up 100% of your WordPress site. It mystifies me how many bloggers only use DB backup which excludes backup of your files, plugins and settings, SEO settings, SEO data for every post, theme settings etc. BackupBuddy is much the best solution for backup and I have scheduled the settings to backup all my sites every day. You can also use BackupBuddy should you ever need to move your site to a new host.
3. WordPress Firewall 2: This plugin provides a layer of security to your site by investigating web requests to your blog and blocking the most obvious attacks. The types of attacks it blocks are as follows:
   • Directory Traversal
   • SQL Injection
   • WordPress specific SQL Injection
   • Executable File Upload
   • Field Truncation
   • Remote File Execution

   When a suspected attack occurs on your site, it is blocked it and you will be sent me an email detailing the specifics.
   

4. Login Lockdown: Login LockDown records the IP address and timestamp of every failed login attempt. If the plugin detects more than a certain number of attempts within a short period, from the same IP range, then the login function is disabled for all requests from that specific range. This helps to prevent “brute force” password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators have the option to release locked out IP ranges manually from the panel.
   Over and above these four plugins, it’s up to the individual blog owner to decide which additional plugins to use. Never install a plugin simply because so-and-so recommends it, because in all likelihood, you don’t need it.

Begin by running you blog with just the four critical plugins I’ve listed above installed. This way you have spamming, backup and security covered. Then, if you have some specific tasks you need to automate, by all means search for, and install plugins to cover them. Just use your discretion, install them one at a time and make sure there are no conflicts or issues with resources before installing another.

Google+

 

Become A Platinum Level Writer At Ezine Articles With Just Ten Submissions

I’ve just published a FREE PDF Guide on how YOU can become a Platinum Level Writer at Ezine Articles with just ten submissions. Hurry and get your FREE copy now!