13 Tips to Protect Your Wordpress Blog
Wednesday, July 15, 2009
Unlike blogger blogspot, Wordpress is more susceptible to be hacked and securing it is the top priority. This article will outlines a lot of different ways to secure your wordpress blog from the installation to the thing you should be doing.
1. Hardening your Password
Don use simple password that anyone can guess it, use the hard one e.g combine the letter, number and special character at the same time, ensure you don use the password that has something related to your personal life.
2. Encrypt Your Login
Everytime you try to login to your wordpress admin CP, your password is sent unencrypted by default. If you intend to open your account on public place e.g cyber cafe, hacker can easily sniff out your login credential info by using some tools. The best way to protect this is to encrypt your login with the help from Chap Secure Login and Semisecure Login plugin. Both of this plugin has the same purpose but in different perspective. Chap Secure Login will hides and encrypt your password with md5 algorithm hash once you have login to your Admin CP. The login process itself is done with the help of Chap protocol. Semisecure Login will encrypt your login password by using a public key on client side then decrypts the password using the private key on the server side.
3. Hides and Protect Your Admin CP Page
It is a must that you should never let the 'spidey' from crawling your admin CP page. Use Robot Meta plugin to prevent spidey from indexing your admin CP and AskApache Password Protect to password protect wp-admin/ folder and login page. You can either set up HTTP Basic Authentication, or HTTP Digest Authentication for more secure login.
4. Always Updating The Latest Version of Wordpress and Plugin
Giving updates to the latest version will fixes the bugs and security vulnerabilities. The best ways for this is to install the latest Wordpress Automatic Upgrade Plugin and always keep your eyes on the latest version of your plugin
5. Perform Regular Security Scan
Install WP-Scanner Plugin will perform security check and regular scan of the security holes such as:
6. As Matt Cutts says, You should protect your wordpress installation. There are three ways that matt cutts defined about this including securing your /wp-admin/ directory, hides your wordpress plugin directory and subscribe to the WordPress Development blog
7. Stop The Brute Force Attack
Brute force is another attempt from hacker to crack your login password and credential info. But the guy from bad neighborhood has noticing this problem and create Login Lockdown plugin to records the IP address and timestamp of every failed WordPress login attempt. If they have detected more than a certain number of login attempts failed within a short period of time then it will disable the login function for all requests from that range. Another good plugin to have is Limit Login Attempts. This plugin will blocks a user for 20 minutes after he enters wrong password 4 times. But you should consider to have only 1 plugins for these matter. Choose the best that you think its suit to be installed
8. Stop The DDOS Attack
DDOS attack stands for distributed denial-of-service attack. What is this attack do is to send numerous ping request from thousand of client computer that were hijacked and forced to be their slave to attack a single target. This DDOS attack doesn't really affecting so much if its only come from one single IP address but what if from 30.000 IP address? You can stop DDOS attack by following few thingswget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh
More information to protect your site from DDOS attack
9. Remove The Wordpress Current version
This tips isn't really necessary but it will give a boost to your wordpress speed by not loading the current version. To do this manually, go to your Admin CP > Appearance > Editor and click on header.php and remove the following code[meta name=”generator” content=”WordPress ” />
Or you can simply modify it into something like[meta name=”generator” content=”Powered by WordPress” />
There's also a plugin named Replace WP version to 'lie' about the Wordpress version you're using at the moment or Secure WordPress to hides information regarding your wordpress version from non-administrator user and plugin directory from visitors by dropping a blank index.php file
10. Backup Your Database
You can easily backup your database from your hosting manager company but if you prefer by doing it in plugins then WP Database backup might be the best option to have. What the plus point of this plugin is that it will offers to daily e-mail you a backup of your database.
11. Stop The Fake Registration
For those who allowing their reader to sign up and commenting at your blog, these plugin might be a must to have as it can prevent fake registration by bots. It can add image verification or math test to registration process to ensure fake users/bot are not created. You can also install Role Manager plugin to define the capabilities for each user group and the ability to control what users can and cannot do in your blog. This is a good option if you have so many author on your blog and you want to limit their privileges.
12. Ban Those Spammer!
Bad Behavior and WP-Ban can suspend each IP that has been proven as a spammer. Bad Behavior checks the visitor’s IP to see if it’s a spammer or not. If the IP has been proven as malicious, it can block that IP from accessing your blog. While WP-Ban will display a custom ban message when the banned IP tries to visit you blog. You can also exclude certain IPs from being banned
13. Hardening Your Codes
You might wanna read this document from Wordpress that covers a few things to applies such as
Additional Tips: Read this article to learn how not to get hacked
Attention! To make the works, please replace [ with <
17 Best Tips and Plugins to Increase your Wordpress Speed
[html xmlns="http://www.w3.org/1999/xhtml" > [head profile="http://gmpg.org/xfn/11"> [meta http-equiv="Content-Type" content=" [?php bloginfo('html_type'); ?>; charset=[?php bloginfo('charset'); ?>" /> [html xmlns="http://www.w3.org/1999/xhtml" dir="ltr"> [head profile="http://gmpg.org/xfn/11"> [meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
I have been experiencing slowness with my wordpress blog. I don know whether to blame my web server or from wordpress cache. So i try to figure it out by finding a solutions and have these tips from many sites. These tips have been proven on helping me a lot to increase my site speed. However if this slowness situations continuously emerged, then i'll consider moving to a better host.
My intentions on creating this post was simply to help people improving their site speed into a lot of better, so here i'm going to explain from steps to steps, phase to phase on what you should be doing
Phase 1: Analyze Your Site Speed
We can't decide whether your site is really having problem with the speed until you're doing a test
1. You need to test your site speed with Website Speed Test from iWebTools. Do multiple test since the results can be inaccurate due to fluctuations in your internet connection speed.
2. Use Pingdom to get a detailed analysis of your site's loading time and performance.
3. Another Tools which i myself have been doing to determine my site speed is YSlow from Yahoo. It analyzes your web pages and tells you the reason why they are slowing down based on their rules for high performance web sites. You can also use YSlow directly from your Firefox by installing Firefox Addons
You can also see this presentation from Yahoo that covers their 14 best practices to optimize your site speed and 20 more best practices for faster web pages that were categorized from server, content, cookie, javascript, css, images, and mobile
Phase 2: Things to Consider In your Wordpress
There's the thing you need to consider with your Wordpress blog, including:
1. Always Update Your Wordpress Blog
Its important to always have the latest version in fact it is more critical. They usually have a lot of improvement from their previous version. The developer wont release it for fun, they are doing it to improve the code in way to make things better. This include your wordpress blog version and the plugins as well.
2. Remove The Unused Plugin
When you have decide to use templates and never had intentions to change it in short period of time, then remove the unused plugin. I know that there's a certain template which require you to install certain plugin however if you have so many template and each of those template require you to install different plugin and you did install those plugin but never activate it, so why you should keep the inactive one? There's also a list of plugins that you should not install
3. Optimize Your Image Files
When you decide to give screenshot image in your post and the image size is rather large then you should consider reducing the size a bit more. The image size can be compressed using The Following Application. Why does it matter? because each time you post picture, the more size and dimension your images has, the more the server will have it load and kills your server bandwidth speed.
4. Clean up your theme
According to Yoast.com and WPCandy, There's a code that needs to be cleaned including decreasing whitespace, using external scripts, using shorthand CSS, modifying header.php from
into something like
and you can also make your stylesheet URL's static, make your pingback URL static, make your feed URL's static, you can remove the blog's WordPress version, make your blog's name and tagline / description static
5. Do Not Upload Something Big
If you have any intentions to upload something really big like video, audio or uncompressed files such as RAR and ZIP, then you should consider not to upload it on your own server. Use File Hosting sites instead such as Megaupload, Rapidshare, Depositfiles, or if you intends to streaming your audio and video, use Imeem, YouTube, Veoh, etc
6. Compress Your Javascript - This online tools can compress and reduce file size by 60% as it removing and shortening the unnecessary script
7. Try to Validate your code at W3C ensuring that you don’t have any major errors that slowing down your page
8. Configuring Apache for Maximum Performance or Use phpMyAdmin to optimize your database by Log in to phpMyAdmin, select all the tables, and then click "repair" and "optimize."
Phase 3: Installing Wordpress Plugins
1. WP Cache and WP Super Cache - The best plugin that will make your blogs page load more faster than ever before
2. PHP Speedy - is a script that you can install on your web server to automatically speed up the download time of your web pages.
3. WordPress Plugin: Fix Database - This Plugins will check all the tables within your database and fix any error that were found. Once its done, it will optimize the tables. or simply use Optimize DB Plugins to optimize the table of your database
4. WP-DBManager allows you to manage your Wordpress database, optimize it, repair, backup, restore, delete backup, drop/empty tables and run selected queries.
5. CSS Compress WordPress plugin - This plugin simply automatically removes comments, new lines, tabs, and gzip compresses (GZIP) any CSS file called with ""
6. IFrameWidgets can stop slow loading JavaScript widgets from breaking your page.
Another Tips that you could follow
Attention! To make the works, please replace [ with <
Top 105 Tips, Hacks, Templates, and Plugins for Wordpress
I have been collecting so much good link that i found in certain blog, there are many good templates, hack and tips for wordpress but i couldn't state them all one by one so i decide to list them altogether here
Best Tips and Trick for Wordpress Blog
Best Hacks for Wordpress Blog
Best Plugins for Wordpress Blog
For Comments
For Contact Form:
For Blog Posts
For SEO
For Monetization
For Miscellaneous
Best Themes for Wordpress Blog
Top 18 Plugins and Hacks for Wordpress Comments Page
Wordpress has unique design comment form which 'encourage' readers to leave comment. Basically it allows reader to input their emails, name, and website and which is why many people are prefer to commenting in wordpress because it asks you more 'close' about your personal information. Nowadays, a lots of people out there were trying to improve and enhance their wordpress comment form into something innovative.
1. Alternating Colors for Comments Column
Having different colors for each column of your comment would be wonderful to have. Especially when you're interested to have multiple colors than 1 colors. There's 2 option that you could use, first from Tamba2.org and second from NetTuts
2. Colouring Single/Multiple Author Comment
When you decide to change your author comment color, then its time to use this hack, there are 2 hack, first from MattCutts Blog and second from WP Hacks Blog. I'm currently using tips from WP Hacks and you can see the result from my comment section here.
3. Comment Numbers
If you want to try something new and you decide to give the number for each comment you have, then you could try to use tips from WP Engineer or from Nettuts. Both are worth to try.
4. Displaying Recent Comments
Displaying Recents comments in your blog can gives the new visitor a new looks about what's the current topic that has being commented. In this case, you can choose between put the code manually or Install the plugins
5. Displaying How much Comments/Trackback
You may want to inform your visitor on how much is the comment/trackback that your blogs have. Well, this trick will tell you how. Basically you just need to find appropriate place in your blog and paste the code. Here's how you can display number of comment and trackback
6. Put Avatar On Your Comments - Gravatar/MyBlogLog/Twitter avatars
Avatar is an identity for author, not just for author but for the reader also. This features always available on every forums, social media and social networking site but how if we do commenting on blog?! Can we get our avatar as well? Gravatar is the place where you can make your avatar based on your registered emails. To display this on your blog comments, you need plugins or code. However, the latest WP 2.7+ version has this features by default, so i'm just giving additional advice in case you're still using old WP version. For Twitter avatar, you can grab it from WP Recipes Blog. For MyBlogLog Avatar, you can use WP Gravatar plugins. You can even create your own gravatar with just 5 minutes
7. Editing Comments
This hack allows the site author to edit your comment directly from your blog post pages. Its a good thing if you feel lazy to edit comment from your admin CP.
8. Paginated Comments
You have lots of comment like 100+ comment on single post and you decide to separate it by paginating them. There are 2 plugins to choose, first from Wordpress Plugins site and last from 2i2j Blogs. Personally i'm using plugin from 2i2j Blogs, Because its easy to modify and re-arrange
9. Editing Comments for Admin and Visitor
For visitor, when you leave comment and you notice about something like you want to add more text, fix the link, etc You can now allows your visitor to edit their comment by using this plugins. Basically the plugin uses AJAX function like the one i use in my threaded comment. However if the site admin moderates the comment then it is most likely that this hack will turned out to be meaningless
10. Notify Your Users About Incoming Comments
Do you want to notify your reader about new comments? then use the plugins from TxFx.net. This plugin will send reader a notification by email about new comments to which blog post they are commented.
11. Displaying The Most Commented
Your blog has a lot of comment but you don know which blog post are being commented the most. This Plugins will show you exactly how much comment on certain blog post. If you don like the looks of it then you could try to manually place this code
12. Separate Comments and Trackbacks
Trackback is the link created by other site owner that linking back to your blog post. Comment is a message made by you and your reader. By Default, comments and trackback are being displayed together into comments list. Its hard to determine which one is the comment and which one is trackback. But a little help from ProBlogDesign will teach you how.
13. Displaying The Allowed Tags
This hacks will not teach you to show the tags of your blog post instead it teaches you to show what is the tags that are allowed to put inside comment text area.
14. Remove The Nofollow Attributes from Comments
For those who wants to gives the 'credit' to the commenter, then this hack is a must-to-have. There are two plugins for this: DoFollow 4.0 and Nofollow Free.
15. Gives Innovatives Smiley Icon
Wordpress as default are displaying only the basic smiley icon, if you're bored with the current smiley icon, then try something innovative like giving Monkey Smiley Icon or Yahoo Messenger Smiley Icon
16. Give Star Rating to Your Comments
Usually when people are commenting, they sometimes can gives valuable information and if other reader feels that their comments deserved to get rated, then this plugin will help those reader to gives the 'credit'.
17. Comment Validation Hacks
The Best ways to fight against spammer is to gives them Turing number. It will asks your reader to calculate simple math such as num, minus. This hacks is probably a must for WP 2.7 user or other blogs who had good traffic site.
18. Threaded/Nested Comments
If you like to have debates with your reader, then using wordpress thread comment will enables you to do that. Its similar to Intense Debate but with AJAX function to make your comment post much faster and without requiring you to load the pages. It has also up to 3 level nested comment. Another hacks to nested comment up to 10 level is by using the hack from CD Harisson Blogs. There are 2 methods to try out:
Top 11 SEO Plugin for Wordpress
Lots of SEO technique are nowadays available for all blogger user to help them improves their site traffic and get rank better. Being as a wordpress user can get so many advantage not only from the technique itself but also from the widget which we known as plugin. Wordpress has so many plugin including SEO plugin to help you in getting your site noticed by the search engine user and increase your site rank as well.
1. All in One SEO Pack - This plugin allows you to set the basic SEO stuff for your blog. You can set the Home Title, Description, keyword, setting the format for post title, page title, tag title and many more
2. Optimal Title - Its a plugin that mirrors the function of wp_title() exactly, but moves its position to higher than before. This allows you to have your blog name tacked on to the end of the page title instead of having it appear first.
3. Redirection - This plugin helps you when you make a changes/upgrade to your blog but the changes itself has turn the permalink structure into something else. You don have to worry because this plugin will automatically redirect all the old link into the new one
4. SEO Smart Links - This plugin can automatically link keywords and phrases in your blog posts and comments with the corresponding posts, pages, categories and tags on your blog. Additionally SEO Smart Link can open external link in new windows and add the "nofollow" attributes which is helpful if you don wanna get banned from Google for advertising other people site in your blog
5. Robots Meta - This plugin will tell the search engine 'spidey' to crawl on certain pages/post. If you did happen to have duplicate content from other people site (which i highly don suggest you) or from your previous site then this plugin is a must-to-have. It has the option to put nofollow link such as comment IF someone put their site link with a href tags, also prevent the search engine from crawling your admin pages (including wp-admin, wp-login, etc)
6. SEO Friendly Images - Images also play an important role in your SEO world. So it’s very important if you tag them correctly to give a chance for search engine to crawl them. This plugin automatically adds alt and title attributes to all your images in all your posts.
7. SEO Slugs - When you have post title like “How To Rank Higher In Google” you'll have this permalink: ‘/how-to-rank-higher-in-google’ but what you really want for your permalink is to look like this: '/rank-higher-in-google' This plugin will help you to realize that by automatically removes stop words from the permalink, and helping you to rank better.
8. Google Positioner - This plugin allows you to set as many keyword for your site and once you set it, you can get the position of your website from your keywords. This handy plugin allows you to track the keywords you’re getting search for and it’s pointless if you only selecting a few keywords for your post and hoping that the rest will goes well.
9. Permalinks Moved Permanently - A common mistake made by bloggers is choosing the wrong permalink structure. When you start your blog you think you know which one of the permalink is the best, but as the time goes by, you decide to change it. The problem is that your traffic will come to a standstill until your site is fully reindexed by the search engine, and that could takes a month or even more. This plugin is similar to redirection but it much easier and better to permanently manage changes for permalink structure.
10. Nofollow Case by Case - By default, wordpress are setting the comment form into nofollow. This means that no PageRank (PR) is given by the link. This plugin simply removes the nofollow attribute as there are number of reasons you would want to give away the link juice. Many new blog use this method to get more exposure from search engine traffic
11. Google XML Sitemaps - XML Sitemaps is a feature to get indexed from search engine. It has an additional option to notify the Google, MSN, Yahoo, ask.com about new updates in your blog. It has also an advanced option to limit the number of post to appear in the sitemap.
Top 7 Best Contact Form Plugin for Wordpress
When you create website, you surely will need a places or media where you can have 'chat' with your reader. There are many option available including placing your IM (instant messenger) or email ID but one of the most effective ways to enable your visitor from sending you message is to create contact form. Below you'll see the 7 best contact form which i gathered from many resource.
1. PXS Mail Form - This contact form has added new features i.e for sending CC (carbon copies), character set (charset) recognition from the blog’s settings for international usage, email address checking, CSS styles from the Administration Panels, referrer checks, multiple recipients from a drop down menu for multiple bloggers, and even sends a copy of the message to the sender, if desired.
Preview | Download
2. Enhanced Contact Form - this contact form were originally made by Ryan Duff’s but Joost DeValk has improved this contact form include the referring page on the site, original referrer, and other small details that can help you learn more about how the visitor accessed your blog.
Preview | Download
3. Accessible and Secure PHP Contact Form (Based on the PHP Contact Forms made by Mike Cherim) - this contact form is designed to be fully protected from spam email and offers a wide variety of features including styling from the Admin Panels with optional choices build in to style the contact form. It also featuring a multiple user version for a fee.
Preview| Download
4. Cforms has multiple theme which you can choose whatever you want. It uses AJAX, but degrades gracefully for non-AJAX/Javascript browsers. It has a lot of features which you can customize and has clean layout.
Preview| Download
5. SCF2 Contact Form - This simple contact form is more alike private message than just contact form. It uses the comments routine to filter and approve incoming messages. The advantage of using this is that they can be read directly from your admin panel and can be sent to multiple user. This plugin is support for spam protection when you have configure it
Preview| Download
6. WordPress Contact Form with Spam Protection - Another contact form plugin from Ryan Duff’s which has been modified by Doug. This plugin has feature to built a list drop-down of subjects and can add the security question
Preview| Download
7. WP-ContactForm Akismet Edition - The purpose of this plugin is to make it easy for newbie to create contact form for wordpress. If you have akismet plugin installed already, then all incoming message will be checked before they can be sent to you.
Sorry no preview | Download
Top 6 Reasons Why You Should Use Wordpress
As i stated earlier about what is the prons and cons of using Blogpsot and Wordpress, now we head down to The reasons why you should use Wordpress. There is strong reasons why you should use Wordpress instead blogspot
Wordpress has so many widgets available such as top commentators, popular posts, related posts, recent posts, recent comments and many more. Plugins in Wordpress seemed to be endless because there is always a new version for current plugins. For example if you are using related posts, in the next few days/ weeks, wordpress will inform you that there is new version of this widget, you can either update it or leave it. While in Blogger blogspot, you cannot find that widget not until you make it
Default : hxxp://yourdomain.com/?p=123
Day and name : hxxp://yourdomain.com/2008/12/31/sample-post/
Month and name : hxxp://yourdomain.com/2008/12/sample-post/
Numeric : hxxp://yourdomain.com/archives/123
and Custom Structure
I hope this article will encourage you to use Wordpress and be more expert in using PHP script
8 Steps to move your Blogger blog post into Wordpress
Wordpress as we know has so much useful plugins such as SEO plugins, comment plugins and so much more. Not only the plugins but also the keyword you can set, and it enables your blog to have more exposure from Google, Yahoo and all kind of Search Engine site. And which is why many people nowadays are using Wordpress.
So here i'm gonna briefly explain the steps to convert your blogger blogspot post into wordpress.
1. You need wordpress account, you can choose to host it or sign up at wordpress site. There are two ways to host your blog, first by asking someone to make it for you, second by using domain host such as GoDaddy
2. After you create a new account, sign in to access your wordpress admin page. And choose which one of the template that you want to use (Admin CP > Appearance), or you can search in Google, grab it, upload and set it as your template. If you can't upload it, then use One-Click Install plugins, or use FTP client such as FileZilla to upload it. If you're having problem with uploading file through Filezilla, then read this guide to upload through FileZilla or ask in their forum
3. Select your favorite widget to appear in your blog (Admin CP > Appearance > Widget)
4. You may want to edit your wordpress template and widget before you can read the next step because some of the theme and widget will require you to perform something, like deleting lines, adding new plugin, etc
5. Now go to your Import page (Admin CP > Tools > Import) Choose the 1st option to import all the blogger post into wordpress. Click Grant access and wait until the progress is done.
6. Afterward, check all the blog post, such as comment, post, author, see if there is any error. If there is any error in your article then you'll need to copy and paste from your blogger post. One more thing, if you have post that has several link pointing to certain of your blog post then you might wanna edit that one to your new wordpress blog post. BUT before you do that, please set your Permalink (Admin CP > Setting > Permalink> into Day and name.
7. After you have done all of this, please do not delete your old blogger account as it may affecting your wordpress blog post.
8. See your new blog, Enjoy :)
