• Skip to main content

Beyond Blog Design

Do More Than Just Blog

  • HOME
  • BLOG
  • DESIGN
    • Free WordPress Consultation
    • TECH HELP
      • Plugin Check Up
      • WordPress Coaching
  • Social Media
  • About Us
  • Ask Us
  • Portfolio

Security

3 Easy Steps to Setup Akismet and Eliminate Comment Spam

June 10, 2015 By Jen Kehl

setup akismet

I just got back from an amazing blogging conference called Blog U.

I was there in the capacity of “Design Lab,” which?was a brilliant idea by the conference creators to offer?a help desk for bloggers. They could schedule a 20 minute session and discuss any questions they might have.

I have been humbled hearing the feedback from the conference, and I have benefitted as well. I received?a clearer understanding of how many different levels of WordPress knowledge bloggers actually have, it reinforced my “assume nothing” position.

I wanted everyone I spoke to, to understand that it doesn’t matter what level of understanding you have. You are awesome. And it is amazing that you want to know, and you can know! You are so much more than you give yourself credit for!!

I often accuse myself (people can do that you know) of giving my knowledge away for free. But it’s that “teach a man to fish” mentality. There are so many things a blogger can do for her/himself without paying someone, with a uniterrupted hour and a good tutorial, you’d be amazed at what you can accomplish. And if there’s a really big problem, then you can come to me.

For some people getting into the backend of WordPress can be intuitive work, and they just dive in. While other people are unsure what to do, and have heard enough horror stories to make them scared to touch anything. I hope by reading this blog, you?will learn that you don’t have to be worried. And if you have backups of all your work, you are always good to go!

While at BlogU I noticed more sites than I would have thought, without active Akismet accounts. ?Some of those sites had turned their comments off because they had so much comment spam.

Akismet is probably the most important plugin you can have. This is the single most effective plugin for blocking comment spam. It is so perfect, it comes pre-installed with Jetpack*.

[bctt tweet=”Akismet is probably the most important plugin you can have. Take the time to make sure it’s activated!”]

But it doesn’t come pre-setup. So I am going to help you set it up if you haven’t already.

This is what you will see if you haven’t activated your Akismet:

setup Akismet

 

 

Akismet is one of those plugins that is purposefully?setup to integrate nicely with Jetpack and WordPress. To that end, you can locate it by clicking on Jetpack>Akismet.

setup akismet

 

It will open up this page:

akismet setup

 

WordPress, as Jetpack, already knows who you are. You should continue your login using the email that pops up unless you have a very good reason not to.

When you click on this link you will go to Akismet’s setup page.

It will ask you what type of plan you would like, choose “Basic.” Now here, you are lead to believe that you have to pay for Akismet. There is a sliding scale, you may slide it to $0 if you choose.

However, because they created this amazing and wonderful plugin that you cannot live without and will save you hours of heartache and strife, how about giving them a $1.00?

Once you enter the amount?you will be given an API key.

Your Akismet should now be automatically active!

If for some reason it isn’t, all you need to do is go back to where you should have Akismet open in your dashboard (or go back to your dashboard and click Jetpack>Akismet) and enter the API key, click Use This Key, and you are good to go!

*If you don’t use Jetpack, you can install Akismet, by going to Plugins>Add Plugin, it will show up right there at the top of the list. Install it and activate it,?from now on you will find it in Settings>Akismet. And then follow the same directions!

As always, I am here to help! If you have any questions?don’t ever be afraid to ask!

 

[contact_button]

Filed Under: Plugins, Tutorials Tagged With: Akismet, Plugins, Security, Tutorial, WordPress

Optimization, Vulnerabilities, Hackers, Oh My! An Explanation of the Crazy WordPress Events of the Past Month

April 27, 2015 By Jen Kehl

wordpress vulnerabilities

The WordPress Twilight Zone…

It has been a really busy month?for WordPress and WordPress users. It’s enough to freak a person out.

But don’t. I know how out of control you can feel when you rely on technology to take care of itself, and it’s been doing a really good job of it until BAM it’s not.

 

You know that saying, “A little information is a dangerous thing?”

 

March 11th?the WordPress SEO by Yoast vulnerability.

The news spread fast, and regular blogging folks like you and me were really worried. So worried, in fact, that WordPress decided to push the update themselves. Which meant your WordPress SEO updated itself automatically before you even knew what was happening.

That was awesome, only that “little information” made people even more sure it was a “huge problem” and I even heard people dissing WP SEO. Say it isn’t so!

Here’s how the vulnerability worked:

…an outside hacker can?t trigger this vulnerability itself because the flaw actually resides in the ‘admin/class-bulk-editor-list-table.php‘ file, which is authorized to be accessed by WordPress Admin, Editor or Author privileged users only.
Therefore, in order to successfully exploit this vulnerability, it is required to trigger the exploit from authorized users only. This can be achieved with the help of social engineering, where an attacker can trick authorized user to click on a specially crafted payload exploitable URL. (Hacker News)

 

In english? Basically the only person who could hack this vulnerability was someone who was already an Admin. Or someone who was tricked into letting someone be the Admin. And even so, no one would have had time. They found it so fast, it was as if it never happened.

April 20th A Dozen Vulnerable Plugins

You can pretty much bet you were using one of the plugins on this list: Jetpack, WordPress SEO, All-in-one SEO, Ninja Forms, Google Analytics, you name it, it was probably on the list.

This was another really weird thing….plugin developers use?information on WordPress code from what is called the WordPress Codex. If you have ever Googled a WordPress problem, and you wind up on a WordPress.org page, you are in the Codex.

The Codex is a great place if you understand code. It’s a scary place if you don’t.

Here’s the skinny. Code changes, which is a really good thing. Because the more code stays the same, the easier it is for hackers to figure out how to exploit it.

A few months back, the WordPress Codex was updated and changed a bit of code. The code fixed a possible open door. The problem was that developers were using copies of the Codex that still contained the old bit of code.

But.

A hacker would have to know about this vulnerability to use this vulnerability. But since WordPress was notified immediately, once again they pushed an update. Most of you had your plugins updated before you even realized what was going on.

April 27th Zero Day Vulnerability – WordPress

So, today. WordPress 4.2.1 was released to repair a vulnerability which allowed commentors to inject code that can take over a web server. Pretty scary. But the thing is, it’s WordPress’s job to keep you safe. And once again, they were on it.

In the course of the update, it also scanned for any malicious looking comments and removed those. So once again, you’re all good.

 

WordPress has got your back.

I’m a pretty big proponent of WordPress, as you have probably figured out. The truth is, as with computers, WordPress doesn’t make mistakes, users do. I know, harsh. Don’t throw anything at me *she says cowering* I’ve caused the white screen of death many times in my WordPress existence. Truth be told? It was never WordPress’s fault.

The people who work for Automattic (WordPress) are obsessed, really obsessed with WordPress. Many WordPress users are obsessed with WordPress and hang out in the WordPress forum just so if you have a question, they can answer it. For free. No one will ever let something slip in undetected because all day long they eat think and breathe WordPress.

WordPress vulnerabilities are going to happen. Hackers suck, and they aren’t going to stop trying to steal your stuff.

Don’t panic. I know it’s been crazy. But instead of thinking of the crazy as bad, think of the crazy as good. (That should be my motto.) The fact that it’s been one update after another means that everyone out there is looking out for YOU. Me too. I’m looking out for you too. Shoot me a line, day or night if you’ve got a question.

And don’t forget! If you have a backup plan and security you’re golden no matter what!!!

[bctt tweet=”You’ve entered the WordPress twilight zone! But don’t worry, they’ve got you covered.”]

Filed Under: Plugins, Technology, WordPress Tagged With: Backups, Plugins, Security, Self-Hosted, Tips, WordPress

3 Easy Steps To Secure Your Blog

April 16, 2015 By Jen Kehl

3 easy steps to secure your blog

One of my favorite jobs, is tweaking and fixing people’s blogs. I love to dig into the code, pick things apart, isolate the problem and then fix it.

I love it so much that sometimes I get lost in the looking and the researching and the fixing.

But one thing stops me cold every. single. time. I pop on someone’s blog and they have no security.

Look. I get it. You’re a small blog, or you think you are. You think no one would bother hacking you. You are dead wrong.

The best blogs to hack are the little ones, you know why? They have no security.

It’s no skin off your back to lock up your site, and I’m going to make it easy for you. How about instead of giving you choices I just tell you what I do?

I am already going to assume you have an airtight password, if you don’t please go read this post on how to create a Bulletproof Password.?And that you are keeping your plugins updated, if not, read this post about updating your plugins.

[bctt tweet=”Forget the choices. I’ll just tell you how to secure your #WordPress site?in?3 easy steps.”]

3 Easy Steps to Secure Your Blog

 

1) Install WordFence

Wordfence is the #1 free security plugin on WordPress and there is a reason for that.

You don’t have to understand anything to use it. Out of the box it will do its job.?But it doesn’t hurt to run through the tutorial and change a few settings. Just grab a cup of coffee or tea, plan to sit in front of the computer for 20 minutes and get her done.

The best thing is the Wordfence scan. WordFence automatically runs a scan of your site. It will find any malicious code or possible breaches. And when it does, guess what? It’s also going to tell you what to do about it. Can it be any easier?

 

2) Install Login Lockdown

Login Lockdown does just what you think. It locks someone out who tries to login too many times.

The #1 way hackers try to get in to your site is by running a program that adds /wp-admin to the end of a URL, when it happens upon a WordPress site it just starts hammering it with passwords until it gets in.

Login Lockdown says “You did not just try to login to this site 20 times, you are outta here!” I suggest changing the attempts to 5, unless you run a forum, because I’m pretty sure you won’t forget your password 20 times in a row.

 

3) Install a backup plugin.

Because when all else fails, you’re still okay if you have a backup.

If you’re going for free ones, may I suggest Updraft Plus Backup and Restoration?

I have noticed a lot of blogs are running WP DB Backup, in your plugin menu it will read WordPress Database Backup by Austin Matzko, please, please delete it and either use Updraft or the “real” WordPress Database Backup.?The one by Austin Matzko has not been updated in over two years and poses a HUGE security risk.

 

My advice? Don’t say I’ll do this later, do it now. If you know me, my broken record is my favorite hobby blog got hacked when it was getting 60 page views a day, it was teeny. In the end, it was pay thousands of dollars, or shut it down. I shut it down.

It’s better to never have to even have that conversation.

And remember, I am always around for a free 30 minutes, even if you want to use it to get some help installing these plugins.

There is also the Plugin Checkup that has saved a lot of bloggers quite a few headaches, I also throw in a page speed analysis with suggestions on how to fix it.

I’m always here, my mission is to help bloggers while staying in their budget. Let’s talk.

[contact_button]

 

Filed Under: Advice, Plugins, Tips and Hacks, Tutorials, WordPress Tagged With: Backups, Blogging, Plugins, Security, Tips, Tutorial, WordPress

Don’t Get Hacked, Update Your Plugins

March 16, 2015 By Jen Kehl

update your plugins

Last week we found out that WordPress SEO by Yoast had a security compromise. Messages were blasted out everywhere, Update Your Plugins! (Actually you should be okay, because the issue was so severe WordPress.org did a forced update for everyone.) But you still should update your plugins!

This brings up a very serious topic I have been talking to my clients about. Plugins are the easiest backdoor for a hacker to walk through. Although we would like to think that this was an isolated incident, the only reason it was blasted from high and low is because WordPress SEO is the #1 downloaded WordPress plugin.

Trust me, bloggers big and small get hacked everyday because of old code in a plugin.

I have worked with a lot of bloggers over the past few months who want some help with their blogs functionality, the first thing I always check is plugins. I have been amazed by the sheer amount of un-updated plugins, from both the bloggers end and the builders end.

Most?bloggers don’t realize that not updating plugins is a security risk. Their view is that?their site is too small to be hacked. But that’s not true, a hacker doesn’t care how big you are. What they want is your platform, it doesn’t matter how big it is.

[bctt tweet=”Update your plugins to keep your blog safe! #WordPress #Plugins”]

Here’s another thing you may not know.

A plugin is also vulnerable if the plugin author is not updating it.

I recently did a plugin check for a client and discovered two plugins that hadn’t been updated in over a year. That is a huge open door. Plugins are integrated into the code that WordPress is built on, if the author does?not update his?plugins, but your WordPress code is constantly being updated, then the code gets further and further from matching up.

Think of it as a zipper. The plugin is one side, and WordPress is the other. As long as both are up to date, the zipper is all zipped up. But if one of them is not updated the zipper starts opening and any Tom, Dick or Harry can climb in your hoodie.

Just remember, plugin authors are human and humans make mistakes, as was the case with WordPress SEO by Yoast. Humans can also decide they don’t want to do the same job anymore and abandon a plugin. It is your responsibility to stay on top of your plugins and WordPress updates.

If you need help, you can always ask. But for now, go login to your WordPress dashboard and update your plugins!

 

[contact_button]

Filed Under: Plugins, WordPress Tagged With: Plugins, Security, SEO, Tips

Create a Bulletproof Password

February 25, 2015 By Jen Kehl

bulletproof password

This week I’m going to do a mini-series on protecting your blog or website. I think the most obvious place to start is with a bulletproof password.

I participate in a lot of forums around the web. I would say the number one misconception I read is that small blogs and websites don’t need to worry about being hacked. Bloggers tend to?think you need to have a lot of traffic to attract hackers.

I learned first hand, that is not the case. One of the reasons I learned how to write code and build websites was because my site, Raised on the Radio, got hacked two years ago. I?was just beginning, and starting to gain a small following, I?had about 100-200 views a day, it was small but beginning to thrive. And then, within a week, everything fell apart. My site got blacklisted by Google and I had to shell out some serious money to clean it all up. In the end, I couldn’t save my site; so I moved it to WordPress.com and focused on my personal site and learning to code.

I learned a lot of valuable lessons that week that I will share in coming posts. Not the least of which was the importance of having a bulletproof password.

The Login

Even if you have a sucky password, you know that the best thing you could possibly do is have a strong password.

What you might not know is you should also NOT have the word Admin as your login. What? No one told you that? Well I’m telling you. If your login is Admin, or someone’s login is Admin, I suggest you change that now.

Just like www.pleasedonthackme.com/wp-admin is the most obvious login page, the most obvious login ID is Admin.

Password Basics

Here are the rules:

  • Your password MUST contain a number, a symbol, uppercase and a lowercase letters. (I will share my trick at the end)
  • Your password must NOT contain any pattern of numbers ie, 1234, 876, etc.
  • Your password must NOT contain any name or word you can find in the dictionary. Yup. Not one single?name or word.

Now for The Bulletproof Password

If you want to be safe, be a bot’s worst password nightmare.

I learned a password generating trick and I will share it with you. You will never forget your password, and a hacker will never figure it out, here’s how:

Make up a sentence that includes an address for someone you actually know (or yourself, your pets, your children): Frankie and Johnnie live at 312 Boogie Drive

Here’s your password: F&Jla312BD

Easy peasy:

  • The first letter of each word
  • If it is capitalized naturally it stays capitalized
  • If it is lowercase it stays lowercase
  • Turn your “and” into an &
  • Leave your numbers in tact.
  • Use any sentence you will always remember and you have a bullet proof password!

[bctt tweet=”If you want to be safe, be a hack bot’s worst nightmare! Create a bulletproof password for your site!”]

Let’s try another one, Steely Dan and The Eagles live at 412 Hotel California –

SD&TEla412HC

What do you think? Even my mom can do it, so I know you can too!

If you’re having any trouble with security or plugins, don’t forget to give me a holler for your free 30 minute consultation!

[contact_button]

Filed Under: Tips and Hacks, WordPress Tagged With: Blogging, passwords, Security, Tips, WordPress

8 WordPress Plugins Every Blogger Should Know About

January 19, 2015 By Jen Kehl

 

wordpress plugins

What is a plugin?

A plugin is a bunch of code, that, when added (plugged in) to your WordPress site, gives it?a ton of functionality it did not have before. The great thing about WordPress plugins, is that they take an already amazing site, that you created, and make it better without you having to know any code.

People are often concerned that there is a “too many plugins” threshold. The truth is, what matters is what plugins you have. This article by Austin Gunter over at WP Engine called, Plugins and Fast WordPress Sites – It’s Not the Number of Plugins, It’s the Quality?explains why you can be running 80 plugins and still have a safe, fast site!?So, whether you have 2 or 20 plugins (or 80!), these are WordPress plugins you should know about.

Screen Shot 2015-01-17 at 1.56.09 PM

Jetpack by WordPress

Jetpack is an amazing WordPress plugin built by the folks at Automattic (the people behind WordPress). The great thing about Jetpack is it offers you a ton of functions that used to only be available in individual plugins. Some notables are Social Media share buttons, blog follow widget, easy blog icon (favicon), custom CSS module, simple contact forms, related posts, even grammar and spell check and so so much more. Use Jetpack and only activate the modules you use.

 

akismet WordPress plugin

Akismet

Akismet is the single most effective spam reducing plugin. On my personal blog Akismet catches 500 spam messages a day.

 

Screen Shot 2015-01-17 at 5.49.20 PM

WordPress SEO by Yoast

WordPress SEO by Yoast has surpassed all other plugins as the definitive SEO plugin. As a matter of fact, this plugin also eliminates the need to have a plugin that generates XML sitemaps because it generates new ones every time you write a new post and submits them for you!
One of the best features of this plugin is that it has a simple red light, green light system alerting you when you’re SEO is not good. You scroll to the bottom of your page and can see a live page analysis. Just click on the Page Analysis tab and get an explanation of how to improve the SEO on your post.

 

wordpress plugin w3 total cache

W3 Total Cache

W3 Total Cache?What is cache? Caching is when your data is stored in a way that is easier for your site to access then to go to your server and request it. It makes your site run much faster with fewer errors. It is really important for page load time. All hosts recommend you use one, most recommend you use this one.

 

wordfence wordpress plugins

Wordfence Security

As far as free security goes, Wordfence Security is probably the best. With over 4 million downloads and an almost perfect rating of 4.9 you can’t go wrong. If you choose to go with Wordfence, you won’t need a caching plugin – Wordfence takes care of that. It has a firewall that blocks common forms of?attacks and has a unique way of blocking known attacks. If any other WordPress site is being attacked it blocks that same attack on every site that uses it, simultaneously!

 

simple social icon plugin

Simple Social Icons

It doesn’t get any easier than Simple Social Icons, this plugin allows you to drop clean-looking social icons into any widget. And you can customize the color and size.

 

 

better click to tweet plugin

Better Click to Tweet

Better Click to Tweet?is a plugin that everyone who wants more twitter shares needs. It places a little twitter icon in your tool bar, so while you are creating a page or post, you just click the icon and a window pops up. Enter your tweet and it shows up as a nice bit of pop out text in your post. It makes it really easy for your readers to click on it to tweet your personalized tweet.

 

Social Media Sharing Plugin

When I originally wrote this post, #8 was Shareaholic. Since then, I have had to fix more sites with that plugin than any other. And so, it lost it’s spot. In my quest to find a replacement, I have come up with these options.

You can use the built in functionality of Jetpack.? If you don’t want floating buttons in your sidebar, Jetpack is a great choice that is guaranteed not to effect how your site functions.

SumoMe?This comes with a HUGE caveat. I have never used SumoMe. That being said I have tons of clients who use it, and no one has ever needed me to fix their site. So that’s saying a lot.

Social Warfare premium plugin.?This plugin is going to get it’s own post soon. It is by far the most amazing social media plugin I have ever used. I have been using it on the blog I publish, Break the Parenting Mold, and it is so amazing that I can’t imagine how I ever lived without it. Here are some functions:

  • Choose specific Facebook Images, titles and descriptions. (I know you can do that with Yoast, but wait)
  • Choose specific PINTEREST Images and DESCRIPTIONS! Yes I am yelling. This way when someone clicks Pin, the image YOU want is pulled, it doesn’t even have to be in your post!! And it pulls YOUR description which you can load with SEO. This plugin has increased our Pinterest traffic!
  • Click to Tweet (this would eliminate your need for click to tweet) and you can choose from multiple styles.
  • Customizable sharing buttons.
  • Many sharing platforms not available everywhere.
  • Customizable counts. For instance, if you don’t want people to see a post has only been shared twice, you tell the plugin, only show share counts after x amount of shares.

Yes that link is an affiliate link, but I would NEVER recommend something I didn’t love. The customer service is very responsive, since it is a new plugin there have been a few hiccups, but they have fixed them very fast. I have been thrilled with the amount of customization I can do, and attribute our rapid growth in part to that plugin.

My Thoughts

In my opinion, WordPress plugins are part of what makes WordPress fun. Plugins are the tools you need to make your blog do the things you always wished it could do! Read the post I mentioned above, get over your fear of plugins and start looking at how plugins can make your blog more unique.

 

 

[bctt tweet=”8 #WordPress plugins you need. From SEO to Social Media and Security, this has you covered. #plugins #SEO”]

 

Filed Under: Blog Design, WordPress Tagged With: Plugins, Security, SEO, Social Media, WordPress

 

Loading Comments...