Category WordPress

Like jazz pianist Bud Powell, the latest release of WordPress (4.2) adds a bit of impressionistic flair to the old standard melodies. Upgrades to the Press This app and added ability to embed external media make writing and publishing so seamless and smooth, it’s like having a self-playing jazz piano at your fingertips. Watch the promo vid here:

OK, maybe there aren’t that many reasons, but there is one that counts, and that is: Wordfence is the best security plugin for WordPress out there, period.  Here’s an excellent article on one of the ways Wordfence keeps our sites secure, titled “Remote Scanning vs Source Code Scanning“. Without getting too technical, source code scans cover everything that makes your site what it is, including images, while remote scans can only cover, by their nature, the end result your source code produces.  Here’s a great metaphor (and you know how we love metaphors) taken directly from the article:

“Imagine you ask someone to check your home for a rat infestation. They arrive at your house, but they don’t get out of their car. They’re parked on the other side of the street and they’re examining your front door, front garden, porch, the walls on the front of your home, parts of the basement windows that they can see. Once they don’t find anything they honk the horn, shout out the car window “Yo, your home is clean” and drive off. Doesn’t sound very effective does it?”

No, it does not! So, if you want to keep your WordPress site “rat-free”, you need Wordfence.  If you need help installing or using it, be sure to call us!

WordPress — our CMS of choice here at Diamond Mind Web Design — has just released the newest version of their core software, version 4.0, otherwise known as “Benny” (for jazz great Benny Goodman).  What does this mean for you? Not much if you’re a viewer-only of WP blogs and websites, but quite a bit if you are a user of same.

Like Benny Goodman’s sweet jazz, the new WordPress gives a much smoother experience for creating and posting.  New (and much needed) features like a visual plug-in browser, and the ability to view embedded media right in your post draft without the need to preview or publish, make for a much more seamless experience.

Watch the video if you are interested in further details about the new upgrade.  And if you’re interested in starting your own WordPress-based blog, or converting a non-content-manageable site over to WP, give us a shout!

Actually, I wanted to title this post: “Why You Should Never, Never, Never, Never, Never, Never, NEVER Use ‘admin’ As Your WordPress Username”…  but that might have been a bit long for SEO reasons. 🙂  However, it’s certainly not overkill when it comes to getting the message across.  So, why is this such a bad thing?

Let’s start with the fact that, in most cases, a new WordPress installation will set the default site administrator username to ‘admin’, and all that is required is to choose a password.  Now, it might be said that humans are inherently lazy, but it’s true that many folks will just leave that default name as is.  (We’ll leave the discussion of using ‘password’ as your password for another day!)  With so many administrator names set to ‘admin’, it’s an obvious place for a hacker to start… 50% of the equation has already been solved for him!  Now he only has to determine your password to have access to your entire site.

What’s more, most hack attempts are made by automated ‘bots’ set to try as many combinations of ‘admin’ + (a password) as possible, often hundreds per minute, in what’s known as a brute-force attempt to gain access.  Other hack attempts are made in person, by someone who has studied you and your site, looking for clues to help guess your password.  (Pet name, anyone?)  And make no mistake, these attempts are numerous and ongoing, 24/7/365.  As a random example, one of our WordPress sites received well over 3,000 ‘admin’ hack attempts in the last 30 days, with an average across our sites being at least in the hundreds.  So why give hackers that head start?

So, what to do if you ARE using ‘admin’ and need to change it to something else?  Follow these steps, EXACTLY, and oh by the way you should probably back your site up first, just in case.

1. Sign in as ‘admin’.
2. Head straight to the Users tab, and “Add New”.
3. Choose a hard-to-guess username, but don’t make it so difficult that you’ll forget it.
4. IMPORTANT: Set the new user’s role to “Administrator”.
5. You will need to use a different email address, as no two users can have the same one.  (Can be changed later.)
6. Choose a password that has upper and lower-case letters and numbers in it. Symbols are OK too. NEVER use the word ‘password’ in your password, even if it has a different case and includes numbers.  10 characters minimum!
7. Click “Add New User”.
8. Sign out as ‘admin’.
9. Sign in as the new user.
10. Delete your old ‘admin’ user, MAKING SURE you assign all posts/pages/comments to your new user.
11. Congratulations, you now have a more secure WordPress system!

What else can you do?  Ban your users from any variation of ‘admin/Admin/adm1n’ as username, enforce strong passwords, and always keep your WordPress software/themes/plugins up to date.  Install a quality security plugin (such as Wordfence) to help you enact all of these items. And make routine backups, as no software is ever 100% hacker-proof.