How to make WordPress secure

Want to make WordPress secure? Then let’s harden it now! OK this is going to be a long article that I’ll add to as “best practice” changes with new releases.  For starters, let’s clear up what I’m trying to teach.  What we are doing here is limiting access by people who are trying to compromise your WordPress installation. And they are out there, believe me.

So first off, the easy stuff….

  1. Keep your WordPress and Plugins updated. You can lock down WP all you want but if you have a dodgy plugin you could be wide open to the world.
  2. Keep your server up to date. Vulnerabilities in older versions of php and various scripts mean that an attacker could get in outside of the WordPress installation.
  3. Shared hosting. I personally don’t use this as it can severely compromise security. Even if you do all the locking down possible, someone else may leave wide-open gaps on the server.  If you want reliable VPS hosting I recommend taking a look at  Servint dedicated and VPS hosting.
  4. Use a decent antivirus and antimalware on your own PC.  The largest amount of compromised servers come from password attacks and if you have malware on your PC that gets your FTP password then it’s ‘Game Over’. Use Kaspersky and MalwareBytes for a great solution.
  5. Choose strong passwords. Never underestimate how easy most passwords are to crack with a computer. Passwords such as “Password”, “abc123”, “Letmein” are crackable in minutes. Pets’ names, people’s names, car names are all easily guessable too. Consider putting non-alphabet characters in there too such as $ or !

 

WordPress file permissions

Now let’s move on to WordPress file permissions.  These are most people’s nightmare but it doesn’t have to be difficult.  All files should be owned by your account and writable only by you. For directories, if you use SuPHP on your server (and I recommend you do) they should all be 755. If not using SuPHP then follow these rules:

  • /wp-content/plugins/ These are the plugin files. All files should be writable only by your user account.
  • /wp-includes/ WordPress’s ‘logic’ files.  All files should be writable only by your user account.
  • /wp-content/themes/ Your theme files. If you want to use the built-in theme editor, all files need to be group writable. If not, all files can be writable just by your user account
  • /wp-admin/ This is the WordPress admin area. All files should be writable only by your user account.
  • /wp-content/ This is for your content which should be writable by everyone (owner/user, group, and public)

For other directories under /wp-content/ you should read the relevant plugin or theme documentation.  Err on the side of caution here though, locking down first and working backwards to release permissions where required.

For novices looking for a quick guide, if you are not using SuPHP then do this:

Set all directories to 755 and all files to 644.  If you are on a shared-server, set your wp-config.php to 750 so no other user will be able to read your database username and password!


From WordPress version 2.7, there has been the facility to automatically update the WordPress installation.  It is remarkably stable and well tested so I recommend this is used.  The great thing is that after the update, all files are set to 644 and all directories to 755  and writable by only the user.  They are still readable by everyone else, including the web server.

This now leads us on to ‘security by obscurity’. In other words, making the default stuff different so attackers spend more time at the first hurdle. Here are my top tips for quick and easy fixes.

  1. Stop showing the WP version you are currently running. Why? Well, if you are running an older WordPress version with a known vulnerability then you effectively display this to the world. There are numerous plugins to do this for you but you can simply add <?php remove_action('wp_head', 'wp_generator'); ?> to your theme’s function.php file. Note that there are other ways of finding out the version that a WP website uses but this works well to hide the obvious.
  2. Rename the admin account. I do this on a new install from within Fantastico but you can also create a new Administrative account from WordPress’s back end and delete the default admin account. You will get prompted to pass ownership of all the deleted user’s posts to the new Admin which is recommended.
  3. Change the WordPress database table prefix. A lot of the  WordPress-specific SQL injection attacks assume that the database table prefix is “wp_” , so changing this blocks many (but nit all) SQL-injection attacks.

Finally, 3 words I can’t stress the importance of……Backup, Backup and Backup.  Don’t hesitate to make this a priority. For a complete backup AND a brilliant way to clone your entire site check out the excellent WP-Twin WordPress Clone Software. This not only creates a FULL backup of WordPress’s database, but it backs up all other files and folders for you. It will enable you to move your installation across servers too, something most backup software won’t do. Most blogs can be completely cloned and backed up in a few minutes without any technical knowledge.

Good luck and hope this helps you to make WordPress secure.

 


Online backup and coupon code for 20% off Mozy

Mozy online backup discount coupon codeOnline backup just got a whole lot cheaper with the latest coupon code from Mozy.   Click the link below and type in the coupon code ENCRYPTION for 20% discount:

Mozy online backup coupon code

Note: Enter the code into the promotional code box at signup to get the full discount.

 

Other recent contenders for our recommended backup software:

Crash Plan


AVG antivirus free and paid editions – the differences

avgidsehOK, let’s look at what the differences are in the versions of AVG antivirus.  First off, the free version has EXACTLY THE SAME virus and spyware scanning detection and removal as its paid-for counterpart.  The difference lies in the added extras.  Here’s what you currently get with the free version:

  • Antivirus scanning as per the full version
  • Antispyware scanning as per the full version
  • Link scanner which checks for malicious webpages in search results
  • Resident shield, checking files on your PC as you access them

What you don’t get that the paid for AVG Antivirus gives you:

  • Online shield which protects against some online attacks
  • Phishing protection, checking for spoof websites
  • Anti rootkit protection (these are getting more common now and are a huge threat to your PC)
  • Game mode keeping you safer during gaming
  • Free technical support from AVG

And finally what the AVG Internet Security suite gives you over the other 2 above:

  • Spam protection
  • Advanced firewall
  • Identity protection

AVG will guide you towards the paid version when you try to download the installation program.  In fairness, this is how they make their money so they can’t be criticised for that.  The ‘trial’ version is simply a version of the full product which will expire after 30 days so if you are looking for a free solution then it’s not the one you want.  However, if you have already installed the trial version and wanted the free one, this can be swapped over easily as of version 9.0, read on…..

If you have installed the TRIAL version by accident (not the free version) then there is an easy way to convert it to the free version.  Go to your Start menu, click on All Programs and navigate to the AVG folder (this may be called AVG 9.0).  Click on it and then click on ‘Uninstall AVG’.  Follow the prompts as though you are going to uninstall then you should see a dialogue box saying that you can turn it into the free version.  Let the program do this and enable the Windows firewall when prompted (this is important as the free version has no firewall).

With paid antivirus and internet security packages you do get more bells and whistles, but for a good, stable, solid performing antivirus with built-in antispyware for zero money, AVG free really can’t be beaten.

For paid antivirus, we regularly run testing here at PCRMB towers, so check what is currently the cream of the antivirus crop and see how it compares against your current solution.


Get more space on Dropbox

Here’s a great way to get more space on Dropbox, the free secure online file storage service.

Recently, Dropbox offered an increase to customers who used the Camera Upload facility. This method takes advantage of their generous offer and allows you to use that free space to the maximum.

First, if you haven’t got this great free online storage tool then click here to download it with a free gift of extra storage from me!

Note down your current Dropbox allowance by left clicking once on the tray icon (eg 1GB% of 2.5GB used). Don’t skip this step.

Copy 2.5 GB or more of video files to a pen drive or external hard drive. Don’t try to just copy to a folder on your PC as this won’t work!  You can use photos (or even a combination of photos and videos) but lots of small files take much longer to upload. Try to avoid a single movie that is very large, eg 3.5GB as syncing this is often flaky. If you’re in a hurry, increase your syncing speed by right clicking the tray icon then Preferences > Bandwidth and select ‘Don’t limit’ on both upload and download speeds.

Switch off other Dropbox devices that sync, just use one PC.

Put the pen drive in, allow the Dropbox pop-up import box to show. If it doesn’t show, select it from the Windows autoplay box. Note: if autoplay is not enabled, click on Start > Windows > Type “autoplay” and click the Autoplay link in the panel above at the top. You should set “Import pictures and videos using Dropbox” in the following fields as shown:

Windows autoplay Dropbox

 

Once you see the Dropbox Camera Upload box, untick the ‘always do this’ box (IMPORTANT if you are not interested in always using the feature).
Import to your Camera Uploads folder in Dropbox.

Dropbox camera upload

Let the import finish, syncing starts immediately. Note this may take several hours or days depending on your connection speed! Watch your allowance go up to 3GB more than you had before (eg 4GB% of 5.5GB used).
Delete the files if you want to, but leave 1 in there. Rinse and repeat using the same pen drive for any other Dropbox accounts, family or friends. Rename a few files and swap one each time just in case. Now you have extra space and can use it whenever you want.

 

Dropbox free space FAQ

Why copy 2.5GB not 3GB of files to Dropbox?

This is because Dropbox currently give you 0.5GB for using the Camera Upload feature and 0.5GB for each further 0.5GB of files that you copy over.

What about Dropbox’s upload and download speed settings that I changed?

Change them to whatever you are comfortable with. If you have a slow connection then limit it to 50kB/s download and 10kB/s upload, otherwise don’t limit it.

Does this work on the iPad/iPhone?

Sure does. Download the iPad and iPhone app here. This link takes you directly to the App Store and allows you to download the free Dropbox app. Once installed, any future camera photos and videos will be seamlessly transferred to secure online storage. Dropbox is indispensable for the iPad and you can use it to upload files (including movies) to the iPad too, without iTunes!

 

Final thoughts

If your friends don’t have Dropbox then please point them to this article and get them to use my download link above to say thanks. Dropbox is a great tool and has been completely stable on my systems and client systems for many years.

 


Bootmgr is missing

Windows 7 BootMGR fix

If you get the error BootMGR is missing when trying to load a Windows based PC then you need to follow some logical steps to find the solution.

First and foremost, I would try a startup repair using the Windows installation CD/DVD.

How to Boot to the System Recovery Options in Windows 7

Insert the Windows 7 installation DVD or System Repair Disc into the DVD drive and restart the computer

Check to make sure that you set the BIOS to have the DVD drive listed first in the boot sequence

If prompted, press any key to boot from the Windows 7 installation DVD

Select your language preferences and click on Next. (See screeshot below).

Click on Repair your computer

Select which operating system you want to restore (your own Windows 7 should be listed) and then click on Next

NOTE: If Windows 7 is not listed here or it is blank, then it is ok to proceed. In this case, still click on “Next”

Select the system recovery option you want to do. Those listed are:

  • Startup Repair
  • System Restore
  • System Image Recovery
  • Windows Memory Diagnostic
  • Command Prompt

We want “Startup Repair”. Allow Windows to find the issue and restart the PC.


Do the above without a disk, using the manufacturer’s system recovery partition

If your computer has a system recovery partition then follow these instructions.

Start the PC and tap the F8 key on your keyboard about every half a second. You should see a boot menu, if not try to do this again.

Select the Advanced Boot Options screen (if you dual-boot) otherwise ignore this line.

Using the cursor keys (arrows), select “Repair your computer” then press Enter

Select your keyboard and language preferences then click on “Next”

Select your user name and type in your password, and then click on OK.

Select “Startup Repair”

Allow Windows to find the issue and restart the PC.

 

If you want to find out more about the system recovery options in Windows 7, take a look at this Microsoft article:
https://windows.microsoft.com/en-us/windows7/What-are-the-system-recovery-options-in-Windows-7

If this helped you to fix your PC then please click on one of the social buttons below to help others too.

 


GoDaddy 99 cent domains are back!

Godaddy cheap domain trickYes, GoDaddy 99 cent domains are back with this simple method and coupon code for December! It’s limited to 3 per account but does include existing GoDaddy account holders to purchase. I’ll show you below how to mix it up and get 6 domains for as low as $4.

At time of writing, 4USD = about 2.50GBP or 3.8AUD or 4.7 NZD or 3Euro

Start off by opening GoDaddy using this link (opens in a new window).

Sign up or login if you are already a customer.

First off, if you are from any country other than the US, set your primary currency to dollars. I’m outside the US but I keep it in this currency as it’s often where the better deals are.

Search for your 3 .com domains and add them to your basket.

Set all domains to 1 year duration using the dropdown menu.

Below each domain you see this:
YOURDOMAINNAME.INFO FREE with .COM or .CO^ – Add

Click the little ‘Add’ link for each one, this will add the free .info to your basket.

Verify your domains and that the corresponding .infos are all there, you should have 6 domains in total.

Now go to your Order Summary box on the right side of the page and add this special GoDaddy promotional coupon code:

LKSRTL99X

You should see that all 3 of your .coms have dropped to $0.99 (plus $0.18 tax) and that the .infos are completely free (with $0.18 sales tax). Something like this:

Godaddy 99 cent domain coupon code

 

Godaddy free info domain

 

At their current non-discounted prices (and GoDaddy are reasonable for their full-price domains) the basket would cost $82 for those 6 domains. Using this trick it comes down to a shade over $4.

That’s a $78 dollar saving, or 95% if you prefer!

Here’s what I have just ordered:

Godaddy 99 cent domains coupon deal

Yes that really is just over $4 for 6 domain names!!

 

Update: Working GoDaddy coupon codes for January 2013:

Enter code cjc295j1 for any domain at $2.95

Enter code gd3115c for any .info at $1.49

Enter code UNLOCKED for any .com at $1.17

Bookmark this page and check back for new codes before purchasing any domain!

 

Go straight to GoDaddy and register your domains now (link opens in new window).


Cheap freelance work on Friskk

Gigs for a fiverrIf you are looking for cheap freelance work then one site stands out above all others. Friskk has high quality services by freelancers from around the world. Starting from a ridiculously low $5 ( 3.17 GB Pounds at today’s exchange rates! ) Friskk users offer services in many different sectors.

Want a WordPress site cloning then moving to another server? $10

Want a new logo for your website, designed and built to a high standard? $15

See the PCRepairMan up top? He was designed and built using services found on Friskk.com.

Other cheap freelance work includes video intros, cheap website backlinks, zombie transformations to photos of your friends, singing birthday videos….sky’s the limit really.  Some of the imagination is incredible and for gift ideas this site is really top notch.  Each service offered is for a fixed price and these are called ‘gigs’. On completion of the gig you pay the service provider an agreed fee. You pay nothing to register, and no fees to the website. How cool is that?  If you want to sell a service then you would pay a small commission on the final sale price.  If you don’t see the service you need, then you can request a service using the instant suggestion box.

Cheap freelance work by professionals

Many of the users on Friskk are professionals in their field, looking to earn extra money with small projects. This means that they often finish the project in very good time and can deliver excellent results.

So have a look around, see what’s on offer and get something unique for less than the price of a Starbucks!    www.friskk.com

 

 


External 1TB hard drives at discount prices

Seagate external hard drive review

Seagate 1tb external hard drive review. You can get these 1 TeraByte (1TB) hard drives at incredible prices this month:

Seagate Expansions 1TB

This is a super slick USB2.0 drive that has good transfer rates and nice packaging.  It sits on rubber feet so suffers no vibration problems and looks good on any desk.  Easy ‘plug and go’ setup and Seagate reliability.  Highly recommended.

Best price on Seagate 1TB hard drive

Western Digital Elements 1TB

With USB 2.0 and 7200rpm this drive is very keenly priced.  The gloss case means it sits nicely on your desk, ready to backup your docs, photos etc.  Performance is pretty good and we only noticed a small hum when searching for and copying files.   Quiet, cool and comes with a 2 year warranty.  Currently on free delivery via Amazon.

Best price on Western Digital Elements hard drive


Remove all hyperlinks from a Word document

The procedure to remove all hyperlinks from a Word document is quite straightforward but a well-kept secret.

This annoying behaviour often happens when you copy and paste text from a website. There is a simple way to remove all hyperlinks from word file.

 

Remove all hyperlinks from a Word document at once:

Select all of your text by pressing Ctrl+A

Press Ctrl+Shift+F9

All hyperlinks will be removed at once and you should be left with plain un-linked text.

 

Another trick I use to remove hyperlinks (and any other formatting) is to paste the copied text into Notepad. Copy the text again and then paste it into anywhere you want (Word, WordPress etc).