I am writing this post with a concern to security of WordPress blog and site. WordPress is a choice of everyone now a days for online blog and CMS. Small and Big site owners love WordPress. But Hackers and Crackers around the world are too in love with it They can clearly see the growing fame of the WordPress. They are seeing their future with wordpress and they are working very hard for it. It’s time to get ready for the war and make our home safe. Yes, Its very serious indeed, lots of hackers are trying to crack the WordPress. They are constantly thinking and writing scripts to hack WordPress sites and blog. So, if you are a blog owner, managing one or two WordPress site, developing, selling or doing anything with WordPress. Please keep reading it, this is very important.

We build approx 4-5 WordPress blogs and sites every month at MULTIDOTS. It is very important for us to make sure those sites are secure. Hence we have put this in a practice to pass a WordPress project from the following steps before it goes live. I thought I should share this check off list to protect a WordPress Blog or Site.

1. Latest Version Upgrade

Always keep your WordPress copy upgraded with latest version. There is lot development and fixes happening on WordPress development stream. It’s always advisable to keep your WordPress copy upgraded and latest. Please be careful while upgrading and always make a back of database before you upgrade. In some cases it may break your site due to a wrong upgrade. Always read the instructions carefully before you upgrade.

Upgrade Free  : Upgrade your WordPress Blog or Site FREE at MULTIDOTS. Yes! Our WordPress Expert team will upgrade your Blog or Site with ZERO cost. We will also take care of all the necessary backups and consideration for seamless upgrades. Keep reading hear – FREE WordPress Upgrade at MULTIDOTS.

2. Do Security Scan – Plugin

This very easy to use plugin will sort out some of the basic security issues with WordPress – it’ll scan your WordPress installation and will suggest the required changes that may be harmful for security reason.

Download.

3. Protect your plugin’s directories and files

Plugins are an easy way for a hacker to get access to your blog if they’ve got flaws in them.  They can find the plugins  you’re using by visiting  /wp-content/plugins/, and they’ll find all the plugins that you’re using. The solution? Put a blank index.html file in the wp-content/plugins/ folder.

4. Pick a good password

Common sense. Use a good password. Don’t use the same password that you use on every site, create something that is easily memorable, with a mix of UPPER and lower case and some numbers in there too. Change your password regularly too.

5. Change the admin user name

By default, the WordPress user name is admin. Lot’s of people don’t change it. Why should you change it? If a hacker has your username, he’s halfway there to getting into your site, he just has to guess your password. If the hacker has to guess your username as well, then that’s twice as much work to do. It’s super easy to migrate posts from one user to another, just create your new user and then delete the admin user. You’ll be given the option to migrate posts to another user.

6. Protect your WP-Config.php file

Your WP-Config.php contains your database name, database username and database password. It’s something to protect.

Just add the following code to your .htaccess file:

# protect wpconfig.php
 
order allow,deny from all

7. Use Secret Keys in your WP-Config File

In WordPress, the wp-config.php file is the file that stores the database information that WordPress needs to connect its circuit, so-to-speak. This file contains the name, address and password of the MySQL database that stores all of your user info, blog posts and other important content.

Using a secret key, you can make it even more difficult for someone to gain access to your account.

Go to https://api.wordpress.org/secret-key/1.1/ and copy the results into this section of your wp-config.php file if you haven’t already set up a secret key.

8. Hide your WordPress version

First off, go into your header.php file and remove the meta data. It will be look like this.

remove_action('wp_header', 'wp_generator');

9. Limit the number of times user can enter their password (wrongly)

The Login LockDown plugin will lock out users if they enter their password wrong too many times. You can choose how many times users can enter their password and also how long they’re locked out for via a neat options page.

Source – WP Plugin Directory

10. Limit WP-Admin access by IP

This isn’t something that I do personally, as I blog on a fair number of different computers, but if you’re just on the one, with a fixed IP, then this is a great hack for you: you can restrict access to the wp-admin directory with a spluginimple .htaccess hack:

order deny, allow allow from a.b.c.d. #your static ip deny from all

11. Know Your File Permissions

Often, hackers are able to gain access to your site because you’ve left files or folders with permissions that are simply too liberal.

Depending on how you have installed WordPress, or the default practices from your webhost, the permissions for files and folders on your WordPress install may not be appropriate.

The WordPress Codex has an outline of what permissions are acceptable. File and directory permissions can be changed either via an FTP client or within the administrative page from your web host.

This page details more about how file permissions work and how to change them using a number of different systems.

12. Login via SSL

If your host has an SSL certificate then you can use this great little plugin to login via SSL. The Admin SSL plugin “secures login page, admin area, posts, pages – whatever you want – using Private or Shared SSL.”

If you are a WordPress Developer or know any more tips to security please share them here.

I was looking for some themes or templates on WordPress that can be used as Portfolio. After a couple of search I found pretty interesting list. They all are dazzling. I thought, I should share these WordPress Portfolio Themes resources and collections here so someone like me can easily and quickly get to them. Enjoy!!

This site has a very nice collection of extremely beautiful and unique WordPress Portfolio Themes. The collection is mixed – free and paid themes.

100 stuning WordPress Portfolio Themes

Portfolio Themes

Free Photo Portfolio Themes

Photo Blog Themes

Magnificent Portfolio Themes

Beautiful WordPress Portfolio Themes

WordPress has given a lot to the content publisher, website owner and blogger like me. There should not be a doubt what WordPress can’t do.  Blog, CMS, Shopping Carts, Social Networking, Portfolio and lot more are powered by WordPress. WordPress is used by over 300 of the 10,000 biggest websites. WordPress 3.0 had been downloaded over 12.5 million times. Wow! It shows the love we all have for WordPress.

Along with the it’s simple structure and easy Admin interface to manage content, WordPress enabled sites are very  SEO friendly. And there is lot available to do a good SEO on site powered by WordPress. I am dam sure that SEO is the darling of the web. Everyone wants to be on top of all the Search Engine Result and why not after all, its all about getting first in queue. But, it sounds complex and costly to get good rank and do SEO on site. SEO Companies and SEO consultant will take lots of money for this. Though, it must be genuine cost but what if we have some simple and cost effective way to do on site SEO on our WordPress site. WordPress Blogger and lovers like me don’t have big pocket to spend $$ for SEO but if something simple and affordable is available that’s a dream.

The last week, one of my client at MULTIDOTS came to me to study and inquire a WordPress SEO Plugin. I reviewed the plugin thoroughly. I was very impressed by what this WordPress SEO plugin offers. I purchased two copy of this plugin immediately- one for me and another for my client. We have setup the plugin and using it. I found it very easy and simple like a vanilla. I am sure there must be many other plugins and tips should be available for WordPress SEO but this one won my heart.

SEOPressor : WordPress SEO Plugin

That WordPress SEO Plugin is SEOPressor.  This WordPress SEO Plugin has been developed by Daniel Tan who himself is an SEO geek. The Plugin has a very nice admin interface to deal with the plugin. This WordPress SEO Plugin is paid but cost is quite tiny and worth. Try it, I am sure you love it!!

Get in touch to install this WordPress SEO Plugin on your WordPress site

If you are  interested to get this plugin up for your WordPress site but don’t want to waste your time then don’t hesitate to contact me on anil@multidots.in, I will setup up this WordPress SEO Plugin on your WordPress site and will guide on how to use with no additional cost. Only you have to pay me the cost of the plugin. If you have plugin already or want to buy it directly that too doesn’t matter. You can contact me I’ll guide.

I was hunting on the web for a nice GIF image that I can put while ajax request to server is on process. I found many good GIF images but then I thought it should be something matching with the theme of our project. Then, I thought I should create something from scratch. But, I was not aware of any of the quick tool that can create GIF animation image quickly and easily.  Suddenly, Narendra ( Our Web Engineer ) suggested me for a nice online tool which provides lots of templates for GIF loader animation image . It provides enough options to format the loader images to your choice of colors. Finally, I was able to create a GIF animation image in 2 minutes of time and something which I needed.

Thanks Narendra for sharing this information.

We have just finished a wonderful WordPress site at MULTIDOTS. Though it’s not been live yet. The learning or rather would say interesting part of that project is to use a custom fonts on menu. You must be thinking what is interesting in it? Allow me to describe it. Well, as per requirement we had to use a custom font on Menu Navigation for Post Title. The font was “Lettera” that we had to use on post titles. Now challenging part is here. As Post title could by anything almost dynamic. So, creating image for each title and then to use was not going to help. The font is also something which is rare on client machine. Here is the interesting part and something I have written this post for. To overcome this problem our client has suggested us to use Cufon - an online font embedding service. The WOW feature about this service is you can use almost any type of your unique font and style in your web application in case of dynamic text too. You can style any text in any font and it’s hassle free and quite easy too. There is no need to create images for each text. No need to even bother about whether fonts will be installed on viewers machine or not. Let me explain how easy it is

1. Load your browser Tab on – http://cufon.shoqolate.com/generate/
2. Upload the font you want to use in your website, project or page.
3. Choose different options as per your need.
4. At the end you will get a JavaScript for your font.
5. Save the file on your server and link that JS file on the page where you want to use your custom fonts. If you are going to use it on all the pages put it some where on header file or whatever is common for your site.
6. Also link this JS file in your script section – http://cufon.shoqolate.com/js/cufon-yui.js
7. That’s it you are done and ready to use. Just follow the instruction on this page on different way you can embed on your page – http://wiki.github.com/sorccu/cufon/usage

You can check out a live sample of what I am talking about. I have used Kety Berry font on sentence below. I am sure this font is not installed in your machine still you can read it better.

I love chocolate!

Pages ... 1 2 3 4