How Can They Hack You? Let Me Count The Ways

flatlay blue desktop

Website Security Is Fluid

It’s definitely not just installing a plugin and then forgetting about it. It’s a constant battle to outwit those who would like to gain access to vulnerable information. There are different areas of your site that can be vulnerable if not secured.

Today, we’re going talk about those different areas and why and how you need to keep them locked uptight.

Insecure Webhosting –

WordPress sites are hosted on a web server. Some hosts do no properly secure their hosting platforms. This makes all websites hosted on their server vulnerable to hacking attempts.

Using those bargain web hosting companies who don’t have the assets to protect your property can really hurt you in the long run!

screenshot of hostgator web hosting pricing

Using Weak Passwords

You have different passwords for different parts of your site and all of them need to be kept secure. Below is a list of passwords that need to be checked and possibly changed.

  • Your WordPress Admin
  • Web Hosting Control Panel
  • FTP Accounts
  • MySQL Database used for your site.
  • Email Accounts are used for WordPress admin or hosting accounts.

WordPress login page

 

Unprotected Access To WordPress Admin (WP-ADMIN DIRECTORY)

This gives a user access to perform different actions on your site. It is the most commonly attached area of a WP site.

12 tips to secure your wp-admin section

Incorrect File Permissions

Are a set of rules used by your web server. These rules s help your server control access to files on your site. Incorrect rules can give a hacker access to write and change those rules. Here’s a great article on WP BEGINNER on how to change these!

changing your file permissions in WordPress

Not Updating WordPress

Each new version fixes bugs and security vulnerabilities. If you don’t update you leave those vulnerabilities.

screenshot of a wordpress update screen

Not Updating Plugins & Themes

Same as updating WordPress. Not updating plugins and themes is dangerous can leave your site weak.

screenshot of a wp plugin update page

Using Plain FTP Instead Of SFTP/SSH

You should always choose SFTP access instead of FTP it is much more secure.

The key difference between FTP vs SFTP is that SFTP uses a secure channel to transfer files while FTP doesn’t. With SFTP, your connection is always secured and the data that moves between your FTP client and your web server is encrypted.

Using “Admin” As A WordPress Username

Never use “ADMIN” you should always use something unique. Enough said!

Nulled Themes & Plugins

Never use plugins and themes from unreliable sources. Malicious code can be put into either that can give a hacker access.

HERE’S WHY:

  • You Don’t Know What Else Is in the Code
  • Developers Need Money To Continue Improving Their Products
  • You Won’t Get Any Support From The Developer
  • You Won’t Get Any Automatic Updates

Not Securing WordPress Configuration WP_Config .PHP File

Wp_config contains your database login credentials. To keep that from happening add this piece of code.

The WordPress wp-config. php file contains very sensitive information about your WordPress installation, such as the WordPress security keys and the WordPress database connection details. You certainly do not want the content of this file to fall in the wrong hands, so WordPress wp-config. Here is a great article on how to secure these important files.

Not Changing WP Table Prefix

Change the wp_ prefix. Here’s a link that will take you to a blog post that will explain how to do this if interested.

The most important part of my job is to make sure your website stays safe, secure and user friendly and I take that very personally. If you’d like to have one person to go to with all of your website issues then let’s talk! Schedule a free consultation today!

LET’S TALK!

 

40Shares

It’s Coming, Are You Ready For Google Web Core Vitals?

flat lay desktop

Google is making a major update to the way they rank websites.

 

It’s a new set of website performance metrics that will affect your SEO rankings

 

I’m sure you’ve seen that term floating around the internet. If it’s new to you, you may in for a big shock come May of this year when your rankings tank and your SEO plan go down the tubes!

 

You do have an SEO plan, don’t you?. If you don’t have a successful SEO plan in place I suggest subscribing and you will receive your very own SEO Strategy Planner for FREE!

 

Google uses 3 tests (Web Vitals)

  • Largest Content Paint (LCP)
  • First Input Delay (FID)
  • Cumulative Layout Shift (CLS)

LCP

This metric measures how quickly the main content becomes visible to the user.

This can be an image, article, or description, etc.

EX: You may have a fast load speed, but the larger content takes longer.

 

SPEED TESTS TOOLS WILL GIVE YOU A HIGH SCHOOL BUT PROVIDING A POOR USER EXPERIENCE MAY BE WORSE.

These tests are meant to give you a clearer picture of your website’s performance.

 

FID

Measures the time it takes a user’s browser to actually be able to begin processing event handlers in response to a user’s interaction. 

Are you sensing a theme here?

This can be as contact form, comment, share button, opt-ins, etc.. How long does it take when they are able to click that link?

CLS

Measures the time it takes for a website to become visibly stable.

As a website loads, some elements take more time to load than others.

During this time, your website’s content may keep moving on the screen.

EX: A reader is reading a paragraph on a mobile phone and a video embedded loads above it, this makes the entire content move down.

Frustrating if a user is trying to accomplish an action such as adding a product to a cart.

These metrics should be

  • LCP     2.5 seconds
  • FID      <100 milliseconds
  • CLS     <.01

 

  • You can also access your Core Vitals report in your Google console. This allows you to see how many URLs need improvement, passed, or have a poor score.
  • You can also obtain this by using your Chrome browser by right-clicking on the page and choose Inspect Element, look at the top and you’ll see LIGHTHOUSE by clicking on the arrows where it says ELEMENT, CONSOLE SOURCE>> hit those arrows to see it. MUST BE IN THE INCOGNITO MODE FOR THIS TO WORK (in your Chrome Browser click those three dots and the very top right-hand side and click NEW INCOGNITO WINDOW.

Google has already announced that search algorithms update will include page experience as one of its ranking factors  5/21

HOW TO IMPROVE YOUR WEB CORE VITALS

  1. OPTIMIZE YOUR WEB HOSTING – Having good web hosting is becoming a necessity these days and the core web vitals are no different. This is an important part of your score. Bargain hosting is no longer adequate when you worried about rankings. Premium hosting can be a lifesaver. By providing security, SSLs and a CDN is the way that websites are being hosted these days. I HAVE THE ANSWER FOR THIS
  2. IMPROVE LCP SCORE – Optimize your images! Make sure that you are using a caching plugin if possible that includes image optimization. You can also use tools like Imagify, Smush, etc. (I recommend WP Rocket (make sure it’s compatible with your theme). Also, I find a lot that clients are using several of these thinking perhaps the more the better when in fact the opposite is true. I prefer to use caching in my premium web hosting instead of adding a weighty plugin. An example of LCP would be the featured image in a blog post. If it exceptionally large that could cause problems.
  3. IMPROVE FID –  Again a caching plugin will help with this. Changing the way you load your Javascript and CSS can also be a big help. Always, minify your CSS.
  4. IMPROVE CLS – Fix layout shifts. Make sure all of your images have size attributes. Right-click on inspect tool to check these. Cache plugin.
  5. ELIMINATE RENDER BLOCKING ELEMENTS (Elements that are slower to load). These are usually: Javascript & CSS that is added by plugins like Google Analytics, Facebook Pixel, etc.
  6. PROPERLY SIZE IMAGES IN WP – Wrong size images can cause issues on mobile devices.
  7. USE A CDN – I HAVE THE ANSWER FOR THIS. A CDN allows you to serve static content on your website from multiple servers around the globe which drastically decreases load times.
  8. IMAGES – When you upload an image to your WordPress media library three copies are automatically created. These sizes are THUMBNAILS, MEDIUM, LARGE. You can set these under SETTINGS>>MEDIA. If you put a “0” in that box it will skip that size if you aren’t using them. Also, if you’d like your thumbnails to be rectangular you could change the thumbnail size to something like WIDTH: 450px  HEIGHT: 200px. such as for food blogs.Larger images provide a clearer image but take up more storage space. Check the “Organize my uploads by month and year.

NEED MORE HELP WITH RENDER BLOCKING TEXT?

As I said, this is inserted by your plugins. If you’re using

  • WP Rocket uses the FILE OPTIMIZATION TAB.
  • Minify & combine your Javascript and CSS ** Make sure to check because this can cause some minor design changes.
  • Javascript deferred – Save mode for JQuery.

 

.WHY SHOULD YOU CARE?

A 1-second delay in page load time can lead to:

  • a 7% loss in conversions
  • 11% fewer pageviews
  • 16% decrease in customer satisfaction.

 

graphic showing losses in dollars amount

 

 

 

 

1Shares

The Must-Have Guide To WordPress Website Maintenance That Every Entrepreneur & Blogger Needs In Their Arsenal

flatlay desktop in pink and seafoam green

“Why Should I Care About Website Maintenance?”

 

First, let’s look at the numbers:

 

  • 60 Million websites are created with WordPress.
  •  

  • 39% of the top 10 million websites use WordPress.
  •  

  • 500 + WordPress sites every single day are created.

 

Website maintenance addresses every single part of your website. and each part is just as important as the next. For the purposes of this post, I’m going to break it down into three sections.

  1. SECURITY
  2.  

  3. PERFORMANCE
  4.  

  5. HOW TO PROPERLY MAINTAIN YOUR SITE, PLUS A LITTLE EXTRA

 

HACKING:

 

  • 49% of hacked WordPress sites are caused by vulnerabilities on your hosting platform.
  •  

  • 52% of WordPress vulnerabilities come from plugins.
  •  

  • 44% of hacking was caused by outdated WordPress sites.

 

**INTERESTING FACT**:

 

In 2011, 18 million users were compromised due to a hack!

 

I. MAINTENANCE: HOSTING:

 

Let’s cover those:

 

Hosting platforms:

 

  1. Shared Hosting (GoDaddy, Bluehost, etc.) This is where your website shares a server with a bunch of other websites.
     

    1. Service overload is the #1 reason your site is slow, your getting site suspensions or 500 errors. Your website is sitting there with 200+ other websites. These packages run anywhere from $3-$5, but like with anything else you get what you pay for.
    2. Pay for extra features like necessary SSL certificates.
    3.  

  2.  

  3. DIY VPS
     

    1. More for developers & bootstrap startups. Can cause lots of problems if a mistake is made.
    2. Great if you’re smart, savvy, and need to save money.
    3.  

  4. Managed WordPress Hosting (Flywheel, WP Engine)
     

    1. Hosts handle all of the backend-related tasks plus offer support when you need it.
    2. Saves you time and hassle.
    3. $25 – $150 monthly for these plans (but they cover things like SSL’s that most shared hosting charges extra for.

 

II. MAINTENANCE: PHP ISSUES

 

PHP – PHP is an open-source server-side scripting & programming language that’s primarily used for web development.

  • The build of the core WordPress is written in PHP along with your themes & plugins.
  • Should be 7.0 or higher.
  • Faster speeds improved security.

BEWARE OF HOSTS OFFERING HHVM AS AN ALTERNATIVE TO PHP. HHVM IS NO LONGER A SUITABLE SOLUTION.

 

III. MAINTENANCE: THEMES

 

It’s very important to choose the right theme from the very beginning.

Every element in a theme has some impact on your overall speed!

THINGS TO CONSIDER WHEN CHOOSING A THEME:

  • Start with a fast, lightweight theme that is built with only the features that you need. OR
  • A more feature-rich theme but you can disable features that aren’t in use:

THINGS LIKE:

  1. Google fonts.
  2. Font Awesome
  3. Icons
  4. Sliders
  5. Galleries
  6. Videos
  7. Parallax Scripts

BEWARE OF PAGE BUILDERS AS THEY CAN INCREASE LOAD TIMES. YOU SHOULD BE ABLE TO TURN OFF.

 

IV. MAINTENANCE: PLUGINS

 

THINGS TO CONSIDER:

  • Too many can slow down your site.
  • Quality is as important as quantity.

MOST POPULAR:

  1. SEO By Yoast
  2. Akismet
  3. JetPack
  4. Wordfence
  5. Contact Form 7.

 

V. OTHER THINGS TO THINK ABOUT

 

Here is a list of settings and other tweaks you should or can make to your websites.

 

  • Change your WordPress login. By this, I’m not talking about changing your username and password. In this instance, I’m talking about changing the /wp-admin/ to something else. Think about it almost every website uses this same login extension. By changing this you make it nearly impossible to sign in to your website because only you would know the new extension. You can use anything you want. This can be accomplished with a plugin.
  •  

  • Disable, remove or tweak your plugins. A simple setting can mean the difference between a slow website and fast website.
  •  

  • Disable Pingbacks from other sites, (Disable all both from you and from other sites).
  •  

  • Limit the number of posts in your feed. No more than 10 is best.
  •  

  • Caching is the most important and easiest way to speed up your website. BENEFITS: Your server uses fewer resources. Can easily reduce your page speed by over 33%!
  •  

  • Image Optimization can significantly impact your overall page speeds. More important than Javascript, CSS & Fonts. Images make up on average 34% of a web page’s overall weight. The trick is to find that delicate balance between load times and acceptable image quality.
  •  

  • Important to also consider when thinking about the images on your site is the format type of file. Compression can reduce your image size by as much as 5 times!
     

    • PNG – Higher quality images – larger file size
    • JPEG – Good quality and size.
    • Compression types for JPEG | LOSSY COMPRESSION MEANS: Eliminating some of the data (may come out pixelated). LOSSLESS COMPRESSION: Doesn’t decrease quality by removing unnecessary metadata. ** Choose one that compresses and optimizes images externally.
    • GIFS – Kill your website performance.
    • Delete the number of revisions in both drafts and updated versions. To limit the number of revisions you can use a plugin like Optimize Database & Delete Revisions plugin or you can add this code to your .php function files. define (‘WP_POST_REVISIONS, 10’); YOU CAN CHANGE THE NUMBER TO ANY AMOUNT YOU WANT. You can also disable revisions altogether.
    • Clean up your WP_OPTIONS TABLE & Autoloaded data.
      • Here you will find things like; Site URL, Home URL, admin email, default categories, posts per page, time format, etc.
      • Settings for plugins, themes, widgets (remove old deactivated).
      • Temporarily cached data.
      • 4 – Field columns:
        • option_id
        • option_name
        • option_value
        • option_autoload These you can change, but be careful.

 

MY MAINTENANCE ROUTINE:

 

  1. Create a clean backup of your site before making any changes whether it’s updating a theme or changing a plugin. EVERY. SINGLE. TIME. The sites I manage are backed up every single day.
  2.  

  3. Check sites for updates starting with WordPress, moving on to themes, and then plugins. Twice every month.
  4.  

  5. Optimize databases (I use the Optimize Database While Deleting Revisions or the WP-Optimize plugins to accomplish this. Most of the above settings above can be done here). Twice every month.
  6.  

  7. Scan for malware using Wordfence or another Security plugin of your choice. TIP: Make sure your hosting isn’t doing this already! Twice every month.
  8.  

  9. Check your site speed with GT Metrix. (free) I do this once a month.
  10.  

  11. Do a font-end visual check. Sometimes updates can make small changes to your site. It’s good to take a good look at this time. Check that email opt-in to make sure it’s working, social media buttons, or other important parts of your site. Twice monthly or after any changes.

 

IF YOU THINKING

“THERE’S NO WAY I HAVE TIME FOR ALL OF THIS”

I GET IT. LIFE IS CRAZY, BUSY THESE DAYS.

MONEY IS TIGHT 

YOUR PLATE IS JUST TOO FULL

THEN I HAVE THE ANSWER FOR YOU!

 

Not sure what kind of help you need?

 

I offer a FREE 30 MINUTE DISCOVERY CALL! 

 

I’ve worked with Rena on all kinds of techy type projects and I can say with full confidence that she is responsible, timely, affordable, knowledgeable willing to take initiative, able to learn on the fly, and has a knack for all those server maintenances and WordPress issues that flouncy designers don’t want to deal with. I would recommend her highly!

Julie Stoian

JulieStoian.com

GO CALL HER RIGHT NOW! SHE IS AWESOME!
She answers emails in a very TIMELY manner. She is quick and gets the job done even if she’s never done it before.

I find her a joy. There is always an email shot back to me to say job completed. Stop dragging your feet and sign up for her services. Money well spent!

Elizabeth Kirkpatrick

TheVintageContessa.net

get the plan button
5Shares

Start 2021 With A Clean Slate By Organizing Your Website

There are several times a year when cleaning up and starting fresh seem to be at the top of everyone’s mind, but none more than a new year. This year, I think in particular, we want to start off 2021 on better footing and wipe 2020 completely off of the slate. This year as you see, I’ve taken that to a whole new level with the creation of Technology-Therapist.com. Formerly, The Blogging 911. As The Blogging 911, I was a web designer/maintainer/troubleshooter but it takes a lot more than a website to run a successful online business and I want to help with the whole picture from beginning to end.  My maintenance packages come in three different sizes depending on how much help you want or need. I hope you will check them out HERE! This year unlike any other we all need that fresh start don’t we? Last year was a shit show of the highest level and I for one am thrilled it is gone. One of the most important parts of running a successful business or blog is maintaining it and doing it in a way that doesn’t hurt your SEO strategy (you do have a plan don’t you? If not next week’s post is just for you!) or your analytics. There’s never a better time than a fresh new year!  The first thing I always do is study the numbers and ask myself several questions. What worked in 2020 & what didn’t. I track everything much like a company does inventory you should do the same thing. Some of the things I look at are:

  • Most successful post of 2020 & of all time.
  • Least successful post of 2020 & of all time.
  • Products that were the most successful.
  • Products there aren’t selling.
  • Which pages are getting the most attention?
  • Take stock of your sidebar, is it still relevant?
  • Do a site audit. Does your contact form work? Are your products set up correctly? Does your op-tin go to the right place?

Once you’ve taken stock of all of this study the numbers and see what was the most successful. Update those posts. Maybe add some new images, some newer data. This is very important for your SEO to keep your content relevant. It will also provide your readers with a better user experience. I’m going to use my The Diary of an Alzheimer’s Caregiver site as a case study so that you can get the full picture of what it means to clean up your website for 2021! A little background: This site was established in 2014 and posts new content weekly.  MOST SUCCESSFUL POSTS (TOP 5)

  1. Amazing Benefits of Massage For Alz Disease Patients.
  2. 6 Signs Of Dementia In Elderly Women
  3. Mom With Dementia – What To Gift Her On Mother’s Day
  4. 5 Tips For A Healthy Aging & A Active Lifestyle
  5. 6 Ways To Ease Your Parents’ Transition From Assisted Living To Memory Care

Make any updates to those posts. Add new graphics, check links, and update any research. LEAST SUCCESSFUL POSTS (TOP 5)

  1. Respite Care From Caregivers Is A Necessity.
  2. Why Should You Stay Physically Active As A Senior
  3. How To Survive Senior Caregiving.
  4. What It Looks Like To Be An Alzheimer’s Caregiver
  5. Keeping Our Seniors Safe From Scammers.

Since this isn’t an eCommerce product stats aren’t necessary. I also like to see what the numbers were the year before and compare them to this year to get a clear picture of how the site is doing. I have to admit I was surprised by the changes from 2019 to 2020. As you can see from the image below from one year to the next my pageviews increased by 67.84% (or 11,694). WEBSITE AUDIT SIDEBAR

  • Check your social media buttons to make sure they lead to the correct profile.
  • Check your search button to make sure it’s working.
  • Does your opt-in go to the right place?
  • Check any links

OTHER

  • Check to make sure that your copyright is up to date.
  • Check any links.
  • Check for widgets.
  • Check to make sure that your contact form is working properly and goes to the correct email address.

MENU

  • Check to make sure your menu makes sense.
  • Is easily navigated.
  • Provides the right information.

Read this post by Yoast about cleaning up your site structure. Does your site:

  • What’s my most important content according to my mission?
  • Is that the content my audience is looking for too? (What does the data say?)
  • Can my users find it in the menu or on the homepage?
  • If I look at my goals, is there anything essential missing on my site?
  • Do I have content in my menu or high up in the hierarchy that isn’t essential after all, or doesn’t perform well?

Once you’ve completed this you’ll have a better understanding of not only your website but also if you’re creating relevant content or maybe it needs a few tweaks. It will become clear through the data what it is your readers want from you & the best way for you to provide that information. CONCLUSION While this is a great way to start off 2021 on the right foot it’s also not a one & done process. It’s a strategy or plan that is a constant work in progress. Next week, we’re going to work on updating or deleting! That’s always the big question, isn’t it? Have more questions? Let me know in the comments below or head over to the Technology-Therapist Facebook page & ask your questions there!

3Shares