Library

Protection

Secure Your WordPress Website

There are many things you can do to help secure a WordPress website. This list isn’t exhaustive, but it’s a good start. ūüôā

Easy Steps | Every Site Should Do These!

  1. Keep WordPress, themes, and plugins updated!
  2. Use strong passwords – long, unique, kind of random. For example, misspell a word in a phrase: I!rockz2MakeFire%maaybe isn’t a terrible password. (A password manager like KeePass is a brilliant help here!)
  3. Never use “admin” for an Administrator level username
  4. Guard those administrator level logins – don’t share them willy nilly.
  5. Install a security plugin.
    I use WP Defender by WPMU.
  6. Run backups on a schedule.
    I use Snapshot by WPMU.
  7. Do not leave the database named “wp_”. Change that “wp” to anything else. Example: “jinglebells_” (I usually pick something somewhat related to the website in question.)

Moderate Steps | Not a Bad Idea

  1. Setup and utilize 2-factor authentication
  2. SSL certification (required for e-commerce sites)
  3. Google reCaptcha on the login page (also used on other forms)
  4. Remove error messages on failed login attempts
  5. Disable Login Hints
  6. Limit login attempts
  7. Limit login length (log them out after a time)

Advanced Steps | Lock it Down!

  1. If no SSL certification, then encrypt the passwords on login
  2. Limit access by IP address (.htaccess file)
  3. Custom login page and wp-admin redirect
  4. Password protect wp-admin directory
  5. Limit dashboard access

Test Event Registration

I’m working on a little something-something, and needed to play with some forms and form features.

WordPress Posting to Facebook

I went on the hunt for a way to automatically post to a Facebook page (can’t do profiles anymore) from WordPress. I remember doing this before, and didn’t have it written down how I did it!

This top 10 comparison article caught my eye:

The WP Facebook Auto Publish plugin looks like a great free alternative to the King Poster plugin. I installed the free version on this website, but couldn’t get it to run with my current setup. I created the Facebook application, but it will not work with this plugin since I do not have SSL certification¬†for this site and I do not have a privacy policy in place. Both of these elements are required to get a new Facebook application off the development ground. So, that flopped.

I’m not prepared to pay for the King Poster plugin simply to test it out at this time. It definitely has potential though!

Sidebar:¬†I was a little bummed that the “Facebook Events Calendar For WordPress” plugin mentioned is no longer available. That would have been cool to try out.

Apart from this article, I found¬†Blog2Social, a free plugin for multiple platforms including Facebook. The setup for this app was much easier with a great UI for posting your blog articles. The automatic posting to Facebook comes with a subscription to one of their premium levels. The fact that their premium level offers the ability to schedule posts reminds me of CoSchedule, a plugin I’ve used in the past.

CoSchedule is a beast. It is also a premium plugin with no free version. There is a 14-day trial. Setup is incredibly easy. I remember also that managing the website and social media stuff from one place was amazing! You could do that from within WordPress or by logging into CoSchedule directly. For one user, you can get CoSchedule for $40/month. Other pricing options are available on their website.

Conclusion: Blog2Social is the way to go, with the premium options being very reasonable if those features are needed. CoSchedule is a fantastic option for and worth the additional cost if you have the budget for it.
Bonus: Both of these options offer way more than posting to Facebook.

If you know of another Facebook posting plugin I should try out, please let me know in the comments.

Facebook Changes Automatic Posting

I received a notice from WordPress that Facebook will no longer be supporting the automatic posting of web content to Facebook profiles. This does not affect anyone who has a Facebook page set up to receive automatic posts. You will still be able to automatically posting content to your pages.

“Starting August 1, 2018, third-party tools can no longer share posts automatically to Facebook Profiles. This includes Publicize, the WordPress.‚Äčcom tool that connects your site to major social media platforms (like Twitter, LinkedIn, and Facebook).”
-WordPress.com

What’s the difference between a page and a profile?

“A profile is a personal Facebook account where you can share [all kinds of stuff]. Pages are public profiles that let artists, public figures, businesses, brands, organizations and nonprofits connect with their fans or customers.” – Facebook.com

I’ve only just recently started my page on Facebook, and I haven’t gotten the automatic posting stuff going yet. It’s on my to-do list.

Facebook’s policy change has caused quite a fallout among the net community. It’s more than just WordPress, which is big enough! Providers¬†like¬†IFTTT and others are going through some overhauls to accommodate¬†the new normal. That’s the nature of change for you.

Protection

Protecting Images and Using Images in WordPress

Protection

The questions I get asked are:

  • How do I keep people from using my images?
  • Why can’t I save this image from this site?

This article on WPMU Dev is excellent. It covers:

  • Image copyrights and registrations
  • Disable right-clicking
  • Disable hotlinking
  • Metadata
  • Watermarks
  • Preventing access to media
  • Monitoring and Taking Action
  • WordPress Plugins

Usage

We go to these great lengths to protect our work, but are we equally vigilant about not using others’ work illegally? Be careful that you are!

It is important to note that any images used within PDF documents data shared online are subject to copyright laws too. I had one client dinged for an image in an internal & archived newsletter that wasn’t even publically available via the website anymore! It was still online, but it was via a¬†private link. It still counts! Just be careful – even with internal documents.

If you don’t have permission, please get it or don’t use the image/media.

One of the best resources for finding images to use online is via Google image search utilizing the Tools to narrow your search to those licensed for reuse. This is based on the Creative Commons (CC) licensing.

Conduct your search, and then click on the Tools button:

Tools for Google Image Search

Then, click on the Usage rights down menu:

Usage rights options on Google Image search

Finally, select the appropriate CC license:

Select CC License of images on Google Image search

In this case, I selected “labeled for reuse” – that’s commercial or non-commercial use. Since this is a business website, I cannot select non-commercial. If I were working with one of my non-profit clients, then I could select one of the non-commercial options.

There are other free and free-to-use resources for great imagery on your websites. There are, of course, great paid sources of imagery as well. I’ve worked with a handful of all these other options, but I keep going back to Google images for its simplicity.

With all of my websites and media, I strive to deal honestly with image sharing, use, and the like. Not only is it the right and lawful thing to do, but¬†in the long run, it’s easier and cheaper to honor copyright protections.

Money

How Much Does a Website Cost?

Well, what kind of website do you want?

That question leads us down the rabbit hole of design, desires, and dreams.

Here’s the thing:

You’re asking the wrong question.

You Need a Budget

The real question should be one of budget:

  • How much can you afford to spend on a website?
  • How much do you want to spend on a website?
  • What are your priorities?

I can hear you now: “Yeah, but what do people usually spend?”

Ok. I gotcha.

I can tell you that I’ve designed and produced a website for as little as $250 and as much as $8,000. Typically, I see a website go from “glimmer of your eye”¬†to “go live”¬†for around¬†$2,500.

That said, it really depends on what kind of website you are looking to get going.

Are we talking about a simple site with a few pages and a contact form? Are we talking about a blog? eCommerce? Are we talking about a complex site with forms, membership, blogs, multiple authors, social integrations, SEO to the max, daily site updates/changes, multiple end users having access, and a kitchen sink kind of website?

Websites come in many, many different flavors and each flavor has a different cost.

But wait! There’s more!

Is the website *done* when it launches? Is it ever?
I suggest to you that it is not.

When you decide on a budget for a new website (or redesign), there are two things you need to work out:

  1. Initial investment – this gets your project off the ground
  2. Maintenance cost Рthis is a ongoing allotment that goes into maintaining your website

Maintenance?! Can’t I just call it done and that be that?

Sure, you could just let it fly and never touch it again. It’s your website, and you can do that.

“Danger Will Robinson”
Without updates and proper backups, you are more vulnerable to being hacked and losing your investment or worse, customers!
Additionally, your website will get stale and irrelevant faster than you tend to sneeze after sniffing some pepper.

So, please factor maintenance into the cost of your site. Depending on your site’s flavor, this could be $8-50/month (or more).

Last Things

You’ll need to budget in the cost associated with domain registration, web hosting, and SSL certification. The costs here can range from $30-200/year depending on server/bandwidth and security needs.

Advertising your website is the final budget area to keep in mind. I should mention that this is one area where I do not work in. I can help make sure your site is up to SEO specs, and give you tips on getting good PR for your site. I cannot manage paid advertising spots for your website.

The Real Answer You’re Looking For

Answer all those budget questions, but stay flexible. Map out the site you are looking to build – you can do this on your own or I’m happy to consult with you on this. Once you have this map, we’ll both have a better idea of what flavor your website is. Then, we can set the budget and get to work.

Don’t worry over much about budgeting maintenance until closer to launch. It is then, we’ll have a better idea of what maintenance will be needed/recommended.

Building websites is a process, and¬†I’m just as mindful of budgets and money as y’all are.

Evernote

6 Ways Evernote Embraces Handwriting – Evernote Blog

At Evernote, we see the benefits of both the digital and analog spaces and we’ve spent a lot of time developing features that connect the two. You can tap notes directly into Evernote, but it‚Äôs also just as easy to snap a photo that instantly makes your handwritten words digitized and searchable.

Source: 6 Ways Evernote Embraces Handwriting – Evernote Blog

  1. Search handwriting
    I use this all the time. I also love that it searches inside PDF documents too.
  2. Evernote Moleskine notebooks
    I have one of these! It was worth it just for the quality journal and the year of Evernote premium. *I purchased mine long before their recent payment structure changes. I haven’t looked to see¬†how things are offered now.
  3. Evernote for Android
    This is literally my most used app. I use the document camera all the time to help reduce the paperwork pile. #1 on that list of paperwork is receipts!
  4. Jot Script Evernote Edition Stylus
    Never tried it. It looks like a slick stylus. My current stylus is challenged by the fact that it takes AAAA batteries. Those are hard to find! All the same, I prefer writing on paper than on my tablet.
  5. Post-it Note Camera
    This could be expanded to include “document camera” – it smart recognizes and does OCR on post-its, business cards, and other documents differently than “just pictures.”
  6. Penultimate
    I’ve never tried this because I do not have any iThings.
  7. LiveScribe Pen
    They didn’t list this one, but it is a tool I use in conjunction with Evernote all the time! I love this pen. It has one drawback in the latest version regarding the ink, but overall I still have huge love for this pen that allows me to write pen to paper and then export those pages to PDF in Evernote with the Livescribe app. Easy peasy!
Kids Cubed

Am I a Real Web Professional?

I was asked a version of this question not long ago, and then again a few days ago. I’m not offended, but¬†I did feel like this should be the first in my series of FAQ’s because it’s a fun one.

So, let’s start with the knowns.

# 1: I am real.

Check.

#2: I work with websites.

Check.

#3: I am a professional.

Weelllll…

I’m not entirely sure I’m all that professional. Nor am I sure that I want to be… or can be?

My first job is my kids. I’m a stay-at-home mother, homeschool educator, nurse, driver, cleaner-upper, tv-watching, Finding Nemo playing, Star Trekking, goofy gal. Did I mention I have 3 young kids?

Plus phone calls are pretty difficult around here. 3 kids are L-O-U-D! Plus they require what seems like constant correction for things that you’d think they wouldn’t need much guidance on.

What I mean to say is that when my clients call (and they all understand what they’ve signed up for), the conversation could very well go like this:

Me: Hi! What can I do for you?

Client: I was wondering if you could xyz my abc page?

Me: That should be — STOP LICKING THE TV! — I can do that. No worries.

#4: I make great websites.

Check.

TwineSocial – Lovely Plugin, But Gets Expensive Fast

TwineSocial¬†is a nifty plug-in and web service that pulls your social media posts into one “campaign” and shows them off in¬†one place. I decided to test this out with my Twitter and Instagram feeds on my new Social Media Hub page.

One thing that struck me as cool is that you can pull together a campaign based on hashtags.

You’ll have to set up an account with TwineSocial to use the plug-in. There’s a free plan that allows you 3 feeds. Careful tho! They start you off with a 30 day trial allowing 8 feeds. More than 3 feeds, and you’ll need to choose a plan, and it gets expensive fast! If you want more than 3 feeds, you’ll need to pay at least $129/month! eek

TwineSocial¬†is very pretty, and I like how it isn’t just window dressing. Clicking on the social blip in question, blows it up to additional details and the ability to share it out. The interface is very slick and efficient.

For my social hub, I did nothing beyond selecting a gallery. You can customize with choosing fonts, colors, and adding in your own CSS. It looks very customizable and versatile.

I like this plug-in, but I do not like the price tag should I ever need more than 3 feeds.

 

Google Captcha (reCAPTCHA) Plugin for Added WordPress Security

The Google Captcha (reCAPTCHA) plugin is one way to boost site security and reduce spam. It adds a very simple to use reCAPTCHA checkbox to all forms (or some forms as you see fit). Installation and setup is very easy, and the options are straight-forward. I especially like that you can add this feature to the login page and the comments forms. Plus, you can exclude logged in users by role Рeven custom roles!

Google reCAPTCHA Plugin Options

The premium options you can buy into are nice to have, but are not necessary to make the plug-in work like a champ on basic sites.

You can get the plugin on WordPress.org to install manually or search “Google reCAPTCHA” through your WordPress [Add New] plugin screen. The plugin is by BestWebSoft.

Update 6/27/16:
So, I’m not overly fond of the latest update. It includes an updated menu (BWS Panel) that is moved to the top complete with an over-large icon that messes up the flow of the admin¬†menu. The “improved” menu screen¬†would probably be great if I subscribed to their services and used other plugins, but I just want the one free-version for now. I don’t appreciate this particular type of in-your-face up-selling. If you don’t mind all of the extra baggage¬†and/or you intend to “go pro,” then this is still a great plugin to use. As of today, pro membership (access to all their plugins) is $40/month and $17.95/year for the one plugin.

A great-so-far alternative is the GNA Google reCAPTCHA.