How to Handle a Hacked WordPress Install

WordPress is the most popular Content Management System in the world, and a significant percentage of the sites on the Internet use it. That popularity is well-deserved, but it also makes WordPress an irresistible target for hackers who want to spread malware.

How to Tell if Your Site’s been Hacked

Sometimes it is obvious that your site has been hacked. Occasionally hackers will simply redirect the site to a different server, so that visitors to your domain end up at a site infected by malware, a site displaying advertising the hacker can profit from, or a porn site. But often hackers add malware or spam links to a site which they want to remain undetected for as long as possible. Having a hacked site can infect your visitors with malware, and it will almost certainly result in a huge hit to your SERP rankings, or even blocking by search engines, so it’s important to be vigilant. There are a number of tools available to webmasters to determine whether a site is vulnerable and whether it has been hacked.

WP  Security Scan

The WP Security Scan extension won’t tell you whether your site has been hacked, but it will check for possible attack vectors and vulnerabilities, and offer suggestions for fixes. Of course, often the vulnerabilities will not be in WordPress itself, but in some other part of the software stack. The best way to ensure that there are no known exploits that hackers can use is to keep your software as up-to-date as possible.

Google’s Safe Browsing Diagnostic

Google has a service that enables webmasters to see whether they consider a site to be dangerous to visit. Copy the following URL into your browser address bar and replace the part following ‘?site=’ with your site’s URL.

http://www.google.com/safebrowsing/diagnostic?site=google.com/

Sucuri

Sucuri offers a free site scanning service that will catch major problems, and a paid for monitoring and cleanup service that can help if you are hacked.

Using these tools together can help you ensure that your site remains safe.

What Should You do If You’ve Been Hacked

Unless you are an experienced and expert developer or website administrator, cleaning a site with any level of confidence by yourself is almost impossible. Even if you think you have found all the malicious files and removed all the spam links, the files that make up WordPress itself may have been altered so that they reinfect a site after an attempted cleanup.

Contact your hosting provider and let them know you’ve been hacked. You might not be the only victim and the host provider’s sysadmins may already be taking action.

Securi, as mentioned above is an excellent tool, and it will attempt to auto-clean your WordPress installation. Should you choose not to use Securi, or hire a professional to clean your site, then the next best option is to delete the site and restore it from backups.

Hopefully, your site is hosted with a provider that offers a comprehensive backup service, in which case restoring the site to a previous version should be very simple. If not, we are going to assume that you have been making regular backups of your WordPress database.

Download a fresh install file from WordPress.org, to replace any files that may have been altered during the attack. Do not use the same passwords on the new install as you used on the hacked site.

After you have installed a fresh version of WordPress you can restore the WordPress database from a backup that you know to be clean.

Since you know that your site has been hacked once, and that there were vulnerabilities that malicious parties were able to exploit, if possible, it may be best to completely reinstall the server and restore from backups. At the least very scan the server with an anti-malware tool. If you are reasonably sure that the infection was limited to WordPress, then you should update all of your software to the most recent versions, to close vulnerabilities. If you’re using shared hosting your provider should take care of this for you.

If you haven’t been taking database backups, it may be possible that the WordPress database has not been breached, and that a fresh install of WordPress using the existing database is enough, but in that case be extra vigilant of alterations, follow the rest of the above advice, and start taking regular backups!


How to Tweak WordPress for Ecommerce

WordPress has become a favorite platform for many ecommerce sites: it’s easy to set up a sale button for an ebook or any other file in a matter of minutes. But while WordPress can be a decent ecommerce platform out of the box, there are ways to transform it into a great platform with some relatively simple tweaks.

Update Your WordPress — And Keep It Updated

The downside to using a well-known content management system for your site is that more people will be looking for security flaws to exploit. On the other hand, there are also more people working to resolve any security issues. Provided you keep your WordPress installation current, adding each new update as soon as it rolls out, there’s significantly less risk of something happening to your site. Considering that it only takes one malware issue to destroy any trust you’ve built with potential buyers — no one wants to run the risk of putting their payment information into a compromised site — keeping your site up to date and preventing potential security issues has to be a priority.

You can also prevent security issues by carefully vetting any plugins or themes you add to your site. Even if you aren’t able to evaluate the code on a line-by-line basis, do some research into the problems others may have encountered with anything you’re considering adding to your site. Personally, I have a preference for using premium themes and plugins that are well-known for the simple reason that I’m more likely to have support available.

Set Up Clear Permalinks

Built into the core WordPress settings are options to manage your permalinks. Make sure that you’re using links that aren’t just a bunch of numbers or dates, especially if you’re going to be sharing direct links to your sales page online anywhere. Direct links look more trustworthy to buyers, and they also help eliminate problems when people retype a link into their browser. During a longer sales process, you may be surprised by how many times exactly that will happen. In fact, it can be a good idea to have an individual domain that goes directly to your sales page, particularly if you have a lot of other content on your site.

Make Your Shopping Cart, Payment Processor and Everything Else Match

Depending on the themes and plugins you might use to set up different ecommerce elements on your site, you can wind up with a site that sends people off to far-flung parts of the internet to complete the sale. Even if they stay on your site, pages can wind up looking very different.

With only a few exceptions, though, you can make sure that each step of the purchasing process looks identical. Most payment processors will, at least, allow you to add your own logo to the page, if not add CSS styles or other elements to make offsite pages look the same as those that are actually on your site. The more times you ask a buyer to trust an entirely different website (particularly in terms of visual cues) the more likely that buyer is to stop the purchase process and close the window. You need to prevent that as much as possible.


10 Most Common WordPress Plugins

The viability of WordPress (WP) as a blogging tool is non-existent without the existence of WordPress plugins. These are part of the features that enable bloggers to extend the abilities of their blogs beyond their base installs. Plugins are integral in the addition of widgets. They are also useful in undertaking SEO activities. Currently, WordPress boasts of 18,000 plugins in its database. The following are ten of the most popular WordPress plugins:

1) Contact Form 7

Contact Form 7 allows web developers and bloggers alike to manage numerous contact forms. They can also undertake a customization of WP’s mail contents and form. This is usually a flexible process that involves the use of simple markups. Contact Form 7 supports CAPTCHA, Akismet-based spam filtering and Ajax-oriented submitting.

2) Jetpack

This plugin uses the cloud power from WordPress.com to supercharge self-hosted WordPress sites. It boasts of numerous features that comprise email subscriptions for comments and blog posts. It also allows users to submit comments via social networks. Jetpack comes embedded with widgets that display the most current tweets while commenters can benefit from Hovercard popups via Gravatar.

3) WordPress SEO

The Yoast-made plugin allows bloggers to preview the appearance of their posts in search results. As such, they can adjust certain features of their posts to their liking. These include the title and meta descriptions. WordPress SEO also analyzes the post to check for availability of images, subheadings, meta descriptions and alt tags among others. This enables bloggers to add anything that they may have forgotten.

Its packages do not end there; WordPress SEO also creates XML sitemaps automatically before sending a notification to various search engines. Bloggers can also increase their SEO rankings. This is usually possible through the addition of links to RSS feeds.

4) WordPress Importer

Thanks to WordPress Importer, bloggers or web developers can transfer content from WP export files. Examples of such content include comments, authors, post metas and custom fields. It is also possible to import pages, custom posts, tags and categories.

[Continue Reading…]


Improving Performance of Your WordPress Site

In today’s world, many people make use of WordPress for hosting a successful and useful site. However, depending on WordPress is just the beginning. You need to build a site that will actually work for readers or you will not keep those readers for very long. One of the mistakes that many people make is creating a site that has low or poor performance. This happens simply because they are making wrong choices when they build their site. Have you noticed that your own WordPress site seems to be slow to load, frustrating, and just plain hard to use? If so, then you need to go through a few steps to improve the performance of it.

Limit the Plugins

It may be your first reaction to choose a wide variety of plugins to a site simply because they can be useful, eye catching, and fun. However, as with anything else, too much of a good thing can be bad. When you use too many plugins, then you can actually slow your site down to the point that it can be slow loading and difficult to load. In order to improve the performance of your WordPress site, be sure that you are limiting your plugins on each of the pages. Some of the plugin options that can be major culprits in a slow site would include the following:

  • Heavy JavaScript features
  • Requiring HTML to resize images instead of resizing them by hand
  • Placing JavaScript in the site header

Choose the Right Theme

One of the best ways to build a WordPress site that is high performing, fast loading, and easy to use is to choose from Premium WordPress templates that are designed to be streamlined. These themes are designed specifically for both performance and attractiveness of the site. Choose a theme that will help you limit the chances for performance busting features from the very beginning.

Use Google

Google offers a content delivery network that can work with the JQuery library. This means that if users find your site through Google, their computer will most likely already have that JQuery information on their computer. This leads to a faster loading site. If you want your site to be high performance, then choose to use JQuery that comes from the Google content library.

WordPress is a very handy tool for website creation when you use it wisely. By taking the right steps and avoiding the right things, then you will be able to build a site that is higher in performance.


The Pros and Cons of Managed WordPress Hosting

Have you considered Managed WordPress hosting? Managed WordPress hosting is becoming an increasingly popular option among many professional WordPress bloggers and top webmasters these days as these services will often take care of all the technical aspects of WordPress for you, allowing you to focus on creating and sharing great content. As an added bonus, these companies will also typically answer your technical questions, make sure your WordPress content loads quickly, and install your WordPress theme and plugin updates.  Examples of popular managed WordPress hosting companies include WPEngine, ZippyKid, Page.ly, and Synthesis. These top companies provide similar services and features but all offer a few extras to try to seperate them from the pack.

So, is a managed WordPress hosting service for you? Deciding whether or not to sign up for one of these services will likely come down to your personal needs.  If your website/blog attracts a lot of traffic and you use WordPress frequently, managed hosting could be an attractive option. On the other hand, if you’re just a casual blogger who just wants the basics from WordPress, managed hosting might be an unnecessary expense. Before you start paying for this type of hosting, it’s good to keep in mind that companies like ZippyKid and Synthesis can make your life as a WordPress user easier, but they’re not perfect solutions for everyone.

Here are some of the pros and cons of managed WordPress Hosting:

Pros

  1. Your site and content will load faster. People are a lot more likely to leave your site or spend less time on it if it loads slowly.
  2. You’ll have someone to turn to when technical issues arise. Trying to call one of the big hosting giants like HostGator or GoDaddy when you’re having WordPress problems won’t get you anywhere. The tech support people at big hosting companies don’t know anything about WordPress. You’re paying managed WordPress hosting companies to know the ins and outs of the popular content management system. So, you get the kind of support you need from companies like WPEngine and ZippyKid.
  3. Your content and confidential information will be more secure. Managed WordPress hosting means you don’t have to worry as much about malware, vulnerabilities, and other security issues. It also means that your data is backed up regularly to ensure you don’t lose any of it, even if something crashes or a security issue arises.
  4. You don’t have to spend as much time learning about WordPress. Many WordPress users spend hundreds of hours every year researching WordPress how-to guides and taking free WordPress classes to become better at using the content management system. Since managed WordPress companies take care of all the technical stuff, you don’t have to waste any of your precious time learning how to install a new theme or get a new plugin to work.

Cons

  1. Managed WordPress hosting is costly. It generally ranges in price from about $30 a month to a few hundred dollars a month, depending on how many WordPress installs you need managed. If you’re a perpetually broke college student who blogs for fun, managed WordPress hosting probably isn’t for you.
  2. You have less control. If someone else is managing all the technical aspects of your WordPress accounts, you don’t decide what gets updated and changed to improve efficiency. Someone else does. If you like to be in control, managed WordPress hosting might not be the best fit.
  3. You have to pay extra when one of your posts goes viral. Most basic managed WordPress hosting packages, the ones that cost you around $30 a month, only allow a certain number of visitors to your site each month before they charge you extra. Usually the number of visitors allowed is around 25,000. If 1.3 million visitors check out your site one month, you have to fork over quite a bit of extra money to the hosting company. You could avoid this by paying for a more expensive package that allows more visitors per month, but that would just end up costing you more too.

Overall, if you can justify the price of managed WordPress hosting, there’s definitely good reason to look into it, especially if you want to make your life as a WordPress user simpler.