Tag wordpress

It’s always nice to wake up and find one of your clients featured in an article on the front page of the local newspaper. (In a non-criminal fashion, of course!) In this case, our latest client, Missouri Sun Solar, was one of the businesses spotlighted in an excellent article by Thomas Gounley of the News-Leader, titled “Why Solar Power Is Finally Having Its Moment In The Sun.”

We took on this project in collaboration with our friends at High Tide Communications. The project entailed turning an existing static website into a customer-manageable WordPress installation, while keeping the look of the site as close to the original as possible, as well as moving the whole thing to a new web host. We also needed to ensure the new site communicated captured leads to the client’s CRM.

Here’s a screenshot of part of the new homepage — improved from the original, in our opinion 🙂 — and the best part is that the client loved their new site so much, they immediately hired us to do a second, similar project! So thanks to Mar’Ellen and Melissa at High Tide, and Jason at Missouri Sun Solar — it was a great collaboration.  Or, as they say in Firefly, shiny!

Like jazz pianist Bud Powell, the latest release of WordPress (4.2) adds a bit of impressionistic flair to the old standard melodies. Upgrades to the Press This app and added ability to embed external media make writing and publishing so seamless and smooth, it’s like having a self-playing jazz piano at your fingertips. Watch the promo vid here:

OK, maybe there aren’t that many reasons, but there is one that counts, and that is: Wordfence is the best security plugin for WordPress out there, period.  Here’s an excellent article on one of the ways Wordfence keeps our sites secure, titled “Remote Scanning vs Source Code Scanning“. Without getting too technical, source code scans cover everything that makes your site what it is, including images, while remote scans can only cover, by their nature, the end result your source code produces.  Here’s a great metaphor (and you know how we love metaphors) taken directly from the article:

“Imagine you ask someone to check your home for a rat infestation. They arrive at your house, but they don’t get out of their car. They’re parked on the other side of the street and they’re examining your front door, front garden, porch, the walls on the front of your home, parts of the basement windows that they can see. Once they don’t find anything they honk the horn, shout out the car window “Yo, your home is clean” and drive off. Doesn’t sound very effective does it?”

No, it does not! So, if you want to keep your WordPress site “rat-free”, you need Wordfence.  If you need help installing or using it, be sure to call us!

WordPress — our CMS of choice here at Diamond Mind Web Design — has just released the newest version of their core software, version 4.0, otherwise known as “Benny” (for jazz great Benny Goodman).  What does this mean for you? Not much if you’re a viewer-only of WP blogs and websites, but quite a bit if you are a user of same.

Like Benny Goodman’s sweet jazz, the new WordPress gives a much smoother experience for creating and posting.  New (and much needed) features like a visual plug-in browser, and the ability to view embedded media right in your post draft without the need to preview or publish, make for a much more seamless experience.

Watch the video if you are interested in further details about the new upgrade.  And if you’re interested in starting your own WordPress-based blog, or converting a non-content-manageable site over to WP, give us a shout!

One of the largest distributed brute force attacks on WordPress installations ever seen is currently going on, as reported by Mark Maunder of Wordfence Security on his blog. You can read the full post here. The attempts at hacking are running 30 times more frequently than average.

A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly sending login attempts. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.

If you have a WordPress-based site, I highly recommend that you pay close attention to it until these brute force attempts have waned.  If you suspect that you’ve been hacked, and need help recovering, you can always contact us here at Diamond Mind Web Design.

Actually, I wanted to title this post: “Why You Should Never, Never, Never, Never, Never, Never, NEVER Use ‘admin’ As Your WordPress Username”…  but that might have been a bit long for SEO reasons. 🙂  However, it’s certainly not overkill when it comes to getting the message across.  So, why is this such a bad thing?

Let’s start with the fact that, in most cases, a new WordPress installation will set the default site administrator username to ‘admin’, and all that is required is to choose a password.  Now, it might be said that humans are inherently lazy, but it’s true that many folks will just leave that default name as is.  (We’ll leave the discussion of using ‘password’ as your password for another day!)  With so many administrator names set to ‘admin’, it’s an obvious place for a hacker to start… 50% of the equation has already been solved for him!  Now he only has to determine your password to have access to your entire site.

What’s more, most hack attempts are made by automated ‘bots’ set to try as many combinations of ‘admin’ + (a password) as possible, often hundreds per minute, in what’s known as a brute-force attempt to gain access.  Other hack attempts are made in person, by someone who has studied you and your site, looking for clues to help guess your password.  (Pet name, anyone?)  And make no mistake, these attempts are numerous and ongoing, 24/7/365.  As a random example, one of our WordPress sites received well over 3,000 ‘admin’ hack attempts in the last 30 days, with an average across our sites being at least in the hundreds.  So why give hackers that head start?

So, what to do if you ARE using ‘admin’ and need to change it to something else?  Follow these steps, EXACTLY, and oh by the way you should probably back your site up first, just in case.

1. Sign in as ‘admin’.
2. Head straight to the Users tab, and “Add New”.
3. Choose a hard-to-guess username, but don’t make it so difficult that you’ll forget it.
4. IMPORTANT: Set the new user’s role to “Administrator”.
5. You will need to use a different email address, as no two users can have the same one.  (Can be changed later.)
6. Choose a password that has upper and lower-case letters and numbers in it. Symbols are OK too. NEVER use the word ‘password’ in your password, even if it has a different case and includes numbers.  10 characters minimum!
7. Click “Add New User”.
8. Sign out as ‘admin’.
9. Sign in as the new user.
10. Delete your old ‘admin’ user, MAKING SURE you assign all posts/pages/comments to your new user.
11. Congratulations, you now have a more secure WordPress system!

What else can you do?  Ban your users from any variation of ‘admin/Admin/adm1n’ as username, enforce strong passwords, and always keep your WordPress software/themes/plugins up to date.  Install a quality security plugin (such as Wordfence) to help you enact all of these items. And make routine backups, as no software is ever 100% hacker-proof.