wordpress dozen: tips, tools and plugins by sue polinsky

WordPress Dozen: Tips, Tools and Plugins

Sue Polinsky, ConvergeSouth 2013

2013

Disclaimer

04/11/2023www.TechTriad.com

This presentation contains graphics, text and trademarks that are the property of their respective owners. No rights in this presentation are transferred.

Some of us are married to lawyers.

Get the PDF at techtriad.com/convergesouth/

Today’s Tips, Tricks & Tools


1. Install WP Securely

2. Use Custom Logins

3. Kill “admin”

4. Free themes

5. Child Themes

6. Remote Security

7. Frameworks

8. Plugins Rock

9. Plugin heaven

10. Plugin hell

11. Sell Safely

12. Backup

Code is poetry.

SECURITY OVERVIEW

04/11/2023www.TechTriad.comBrad Williams, WebDevStudios

BE SCARED!


BE VERY SCARED!


Guess where most malware sites originate!

LET’S GET TO IT


Items marked with a red star mean that if you are not an uber-geek, server geek, WordPress developer, or Unix-smart, hire someone who is.

Or lean on a friend.

Not all site owners can perform all the tips, tricks, and tools shown today.

1 - INSTALL WORDPRESS SECURELY


DO NOT… use one-click

WordPress installs use the 5-minute WP

install use the cheapest web

host you can find update from public wifi

(if you do, change your pass)

DO… update plugins &

themes update WordPress core ask a geek if you’re not

sure BACKUP first BACKUP routinely

2 - USE CUSTOM LOGIN LINKS


Custom login linkUsing http://yoursite.com/wp-login.php?So are the hackers.

Ask a geek to program a more secure URL for your login.

Also consider Better WP Security plugin (with several security options).

http://yoursite.com/wp-login.php

2 – USE STRONG PASSWORDS


Use a strong password.Mix letters, characters, and numbers.

BAD: “suerocks”BETTER: “$u3-r0ck$!”

(see how that looks like “suerocks”?)

Get three strong passwords and rotate them through all your logins!

3 – KILL “admin”


Demoting the admin user is good.

Deleting the admin user is much better.

1. Create a new account with a unique name.

2. Set it to administrator.3. Log out, log in with the

new account.4. Go to All Users and

delete the admin account.

How to delete admin

3 - TWO-FACTOR AUTHENTICATION


When logging in from an unfamiliar device, force a txt verification to your phone to authenticate your login.

Plugin: Consider Google Authenticator

Consider this security for Google & FB logins.

3 - USE A GOOD GREAT WEB HOST


You get what you pay for. Do you know?

1. How much you pay for hosting versus how much angst you’d be in if the site were lost or your server blacklisted?

2. How many of the host’s sites are blacklisted for malware?

3. What version of server software they use or how often they update it?

4. Who has access to account credentials?

4 – BEWARE FREE WORDPRESS THEMES


The Internet used to be free & we trusted downloads For-pay themes are called “Premium” If you have a business or important personal site:

BUY A THEME from a trusted source & update it DESIGN YOUR THEME in Photoshop and… HIRE A GOOD FRONT-END DEVELOPER to build it Make sure it’s RESPONSIVE (phones, tablets)

You get what you pay for.

4 - FREE THEMES CAN BE EVIL


Use trusted theme developers

Of the 10 sites reviewed:

1. Safe = 12. Iffy = 13. Avoid = 8

http://wpmu.org/why-you-should-never-search-for-free-wordpress-themes-in-google-or-anywhere-else/



4 –TRUSTED THEME DEVELOPERS


New WP themes have more features than most people can/will use.

New themes have complex features and example data

Buy a theme, install properly, and update.

Be wary of custom frameworks

ThemeForest.net

5 - USE A CHILD THEME


1. Buy a theme. Install it. Customize it.

2. Update the theme and lose all your customization.

THE SOLUTION IS A CHILD THEME Buy themes that work with child themes. Install the theme as a child theme. Update the parent when the theme is updated

(OBTW, are you checking for updates?) Customizing happens in the child theme. Better premium themes support child

themes.

6 – USE REMOTE SECURITY


There are services that monitor your WordPress site and check for link injections & other bad things.

Consider Sucuri.net Free or Pro Version of SUCURI.net Be alerted to malware/hacks Pro version = $90/year (1 site) Free version = checks WP core install,

find out where the last login came from, if site is hacked can change passes, keys.

6 – SECURITY AND FILE PERMISSIONS


*Set the file and folder permissions (or at least know what it means)

7 – FRAMEWORKS & FEATURES


New themes contain new standard features. Menu styles and shapes Fancy sliders (Revolution, Viewport) Shortcodes (learn or die!) Page snippets Custom post types New page templates Integration with online services Woocommerce or other ecommerce integration

Frameworks manage these features.

7 – CUSTOM FRAMEWORKS


Most custom frameworks are, well, custom.

Major WP updates mean you need to update your theme first (use a child theme!).

Some framework updates break older features.

Frameworks prevent you from switching to other themes easily.

Frameworks are core systems that make it easy to do fancy things.

7 – TWITTER BOOTSTRAP FRAMEWORK


7 – BOOTSTRAP CSS FRAMEWORK


Bootstrap is a free collection of tools for creating websites and web applications. A goal is to standardize some popular online tools.

Bootstrap is a popular mobile front-end framework Used by NASA and MSNBC sites

Bootstrap is Open Source (@GitHub.com) Encourages consistency across Internet tools You can buy Bootstrap-built premium themes but the

purpose is to build on its core framework Bootstrap also had a major upgrade recently that

cannot be applied to older Bootstrap sites

7 – FRAMEWORK FEATURES: SHORTCODES


Shortcodes are buttons you click to format on-screen cool tools.

The most common example is buttons. WordPress has built-in shortcodes

codex.wordpress.org/Shortcode Built-in WordPress shortcodes

[audio] [caption] [embed] [gallery] [video]

http://codex.wordpress.org/Shortcode

7 –EXAMPLE YOUTUBE SHORTCODES


http://en.support.wordpress.com/shortcodes/

http://en.support.wordpress.com/shortcodes/

7 – COMMON SHORTCODES


8 – PLUGINS ROCK WHEN THEY WORK


1. When was the plugin written?

2. When was the plugin last updated?

3. Does it work with the latest version of WP?

Jetpack by Automatic

Facebook

9 – COOL KIDS PLUGINS


Wordpress.org/plugins

9 – PLUGIN “HEAVEN” RULES


Use Trusted Plugins

Use Few Plugins

Update Plugins

Delete Plugins

Buy Plugins

10 – PLUGIN HELL


Free plugins eventually break your site.

Trusted

• How long have they been around?

Updates

• Last time plugin was updated?

Examples

• iThemes• Woo• Others

Sally builds a plugin you like & install. Sally goes on to other things. You update WordPress and can’t log into your site.

Welcome to Plugin Hell!

11 – SELL MORE SAFELY ONLINE


WooCommerce is becoming a popular WP ecommerce plugin and is integrated with many premium themes.

WooCommerce is audited by Sucuri. It’s free.

Pretty full ecommerce features & dozens of extras.

11 – ECOMMERCE OPTIONS


For a few items, consider Jotform + PayPaljotform.com (lots of new integrations)

iThemes - big splash with “Exchange” Simple Ecommerce using PayPal or Stripe (free or pro)ithemes.com/exchange/

Do you want to host ecommerce ON your site? A full-service WP store? Try Shopify. There are lots of ecommerce plugins. Choose wisely.

http://jotform.com/

12 - BACKUP. PERIOD.


Backup on a schedule. Send a copy of your backup to your cloud server.

Backup before making changes. Know what your hosting company backs up.

WordPress has parts & pieces. Know if they guarantee their backups.

If the server melts down, can they reinstall your site?

Cloud backup works with Dropbox, iCloud, Skydrive, Box.net and others.

12 – BACKUP PREMIUM TOOLS


Backup Buddy is a plugin for scheduled backups including backup to cloud. Not cheap, but what’s your site worth?

VaultPress High quality, trusted backup solution.

Find Me Online


Dr. Sue PolinskyPresident, TechTriad, Inc.Phone: 336-852-4321Email: [email protected]

Twitter: @suepolinsky, techtriad Facebook: facebook.com/suepolinsky Facebook: facebook.com/techtriad Google+: [email protected] LinkedIn: suepolinsky

wordpress dozen: tips, tools and plugins by sue polinsky

Technology