How To Secure Your WordPress Site

Reading Time: 4 minutes

WordPress is one of the most popular Content Management Systems on the Internet. Due to it’s popularity, it is also the target of many hackers.  We’re here to show you our top 5 recommendations on how to secure your WordPress site based on issues we’ve come across.

1. Keep WordPress Up to Date!

Our number one and top recommendation is to keep WordPress up to date! WordPress is a very active platform and updates come out regularly for it. The updates include many new features and changes in the backend, but also patch many bugs and exploits that the WordPress team finds. Just take a look at the releases and patch notes on https://wordpress.org/news/ sometime to get an idea of how much work gets put into finding and fixing these problems!

Being even just one or two versions behind can leave your site open to hackers that analyze the updates, create exploits, and go looking for outdated sites across the Internet. The longer a site isn’t updated, the more exploits and vulnerabilities are out there, and the increased likelihood that your site could be compromised.

The same rule applies to your Plugins and Themes, make sure those are all properly updated for the same reasons! Which brings us to item two on our list!

2. Review your Plugins and Themes!

WordPress is great because the plugins can quickly and easily give new features and customize your site very quickly, and themes can give your site a very professional appearance in a matter of seconds, but if they are not properly maintained, it could lead to problems down the road.

First, just remove any plugins and themes you don’t need. You could leave them disabled, but outright removing them is a safer option as the files wouldn’t be sitting on your server. Even if it’s disabled, it could still potentially be reached if an exploit can gain access to the files.

A side effect of removing the plugins is that it could actually speed up our site as well!

After removing any plugins and themes you don’t need, make sure to keep the ones you have left updated. WordPress can generally check for updates right in the admin area, but if you bought a plugin from a third party source, make sure to check with them for any updates. It would also be recommended to visit the website of each plugin and theme or even check reviews on other sites to make sure development is still active on it and that there are no known vulnerabilities.

3. Protect your logins!

Having your site publicly accessible out on the internet means customers and potential clients can access your site, but so can bots and people with malicious intentions! By default WordPress allows you to go to yourdomain.com/wp-login.php or yourdomain.com/wp-admin and should bring up a login page. If you try that on any of your sites and you get the login page, it’s highly recommended you use a plugin to hide where you go to log in.

WordPress does have some general security that blocks attempts after a few failed attempts, but if thousands of bots are all trying to log in and guess passwords, why even give them the chance to try? Make sure you use strong passwords, don’t use the same username and passwords in multiple locations, and go through your WordPress users to make sure they are all still valid. For example, if you gave a developer access years ago, maybe you don’t need that user sitting around there still.

4. Install protection plugins

I know I said to reduce your plugins earlier, but I would recommend having some plugins to block malicious connections, monitor suspicious activity, and scan site files for malware. We recommend iThemes Security, as it offers a lot of different features in just a single plugin, but you can look up what’s popular and read other reviews to help you decide on what would be the best fit with your site. For example, if you have a site where users can upload data, it would be a good idea to scan those files as they are being uploaded and block or at least report any that trigger warnings in a plugin that scans for viruses and malware.

Depending on how much protection you need, paid options would be recommended over free options to help increase the chances that newer exploits are blocked as well with more features and newer virus definitions.

5. Make sure you have good backups

Having good backups isn’t exactly a proactive step on how to protect your site, but it sure is a reactive step that can greatly help if the need arises. It’s a good idea for any business that relies on the data on their site. Think about all the orders, profiles, records, logs, and any other important information stored on your site, then imagine if something causes a problem and the whole site gets deleted, maybe a hard drive crash or malicious code is injected into it somewhere and causes the data to be lost. If you have no backups at all to restore from, then depending on the nature of your business this may be hundreds of work hours for a team to rebuild the site, lost revenue, lost customers, and would definitely be a major hit to your site’s reputation.

If you did have backups, depending on the frequency of the backups and how quickly the problem was noticed and rolled back, there may be little to no data loss, customers may not notice, and the site can quickly bounce back.

We highly recommend having multiple backups taken over a period of time. The more backups you have the more options you would have to restore from. Having only one daily backup could cause problems if an issue isn’t noticed until three days after it happens. Active sites may need continuous backups compared to a static site that maybe hasn’t changed in months.

Also storing your backups in different locations would help spread out the number of available backup copies. Like if a dedicated backup hard drive failed then you could still have remote backups saved on a different service that wouldn’t be affected. Think of it like not putting all your eggs in one basket! For more information on good backup practices, see Best Practices: Developing a BackUp Plan.

Hopefully, you gained something useful from this article! If you or a friend are in the market for a web host, feel free to talk to a Liquid Web tech by phone or in a chat 24 hours a day! Thanks for reading!

Resolving WooCommerce Plugin and Theme Issues

Reading Time: 3 minutes

What is WooCommerce?

WooCommerce is a WordPress based plugin used by many small to medium sized businesses for building, tracking and maintaining an easy to use e-commerce solution. Because WooCommerce is updated regularly with new releases, online sellers can add new and existing features frequently, along with resolving any known bugs or security vulnerabilities. WooCommerce is actively installed on over 4 million WordPress sites and is used to drive e-commerce sales on a significant number of websites.
Continue reading “Resolving WooCommerce Plugin and Theme Issues”

Rollback a Plugin or Theme Using WP-CLI

Reading Time: 2 minutes

WP-CLI makes it very easy to rollback plugins and themes as well as update plugins and themes on sites all from command line. This is useful if you see your site is broken by a newer version of the theme or plugin. In this article, we’ll be running through some valuable commands for rolling back your site.

If you need to rollback a plugin on a site to a previous version, you can find the previous version number from the development tab of the plugins listed on WordPress.org. To find the slug of the plugin, you will need to go to the WordPress.org plugins. In the case of Contact Form 7, the plugin slug is contact-form-7.

Note:
You can also find the plugin or theme slug by going to your WordPress files and typing in:
wp plugin list

wp theme list

Pre-flight

Rollback a Plugin to a Previous Version

If you need to test that the command is correct, you can always use the flag –dry-run at the end of the command:

wp plugin update contact-form-7 --version=5.0.5 --dry-run

In the following example, to rollback Contact Form 7, you can use this command:

wp plugin update contact-form-7 --version=5.0.5

 

Activate A Particular Version of a Plugin

If you need to install and activate a previous version of a plugin, run:

wp plugin install contact-form-7 --version=5.0.5 --activate --force

 

Update All Plugins

If the plugins you updated have been fixed and you now need to update all plugins, the example command is:

wp plugin update --all

Excluding A Plugin

If you want to update all plugins, but need to exclude a specific plugin (in this case WooCommerce), run command:

wp plugin update --all --exclude=woocommerce

 

Rollback a Theme to a Previous Version

If you did need to rollback a parent theme to a previous version, you could use this command example which would rollback the Storefront theme to version 2.4.0:

wp theme update storefront --version=2.4.0

 

Update Theme to Current Version Release

If you know wanted to update the Storefront theme on a site to the most current version, you could use this command example;

wp theme update storefront

 

Using a mix of these WP-CLI commands will enable you to easily rollback a plugin on your site, rollback a theme, or update all plugins. It will also update all plugins, but exclude a specific plugin from being updated.  Our Managed WordPress product comes with WP-CLI installed along with easy, automatic updates.  Check out how our Managed WordPress platform can streamline your work today!

How To Change Your cPanel Theme

Reading Time: 2 minutes
  1. This tutorial assumes you’ve already logged in to cPanel, and are starting on the home screen.cpanel-paperlantern-12-theme--01
  2. Now let’s learn how to change cPanel’s theme.cpanel-paperlantern-12-theme--02
  3. Click the “Switch Theme” dropdown box.cpanel-paperlantern-12-theme--03
  4. Changing your control panel style does not change any functionality, only the way it looks.cpanel-paperlantern-12-theme--04