Showing posts with label WordPress Guides. Show all posts
Showing posts with label WordPress Guides. Show all posts

March 2, 2014

Some Tips for Basic Secure Your WordPress

Some Tips for Basic Secure Your WordPress
You can easily found many people talk about WordPress security on internet, start with how choose recommended hosting, do some secure technique on your server and use some security plugins, the goal is prevent your site for being hack. In this article, I try to share what I know about basic secure your WordPress site, yup with this simply tips, I hope this can prevent your site basically.

And Some Tips for Basic Secure Your WordPress are:

1. Change your admin id rather than one (1), and also don't use admin as user-id for site administrator, you can do this by create a new user with admin privilege and delete the old one.

2. Use table_prefix rather than wp_

3. Replace your salt key inside wp-config.php with a new one from this link : https://api.wordpress.org/secret-key/1.1/salt/

4.  Create robots.txt file inside your document root, and copy this code below:

User-agent: *
Disallow: /cgi-bin/
Disallow: /wp-
Disallow: /wp-admin/
Disallow: /wp-includes/
Disallow: /wp-content/plugins/
Disallow: /wp-content/cache/
Disallow: /wp-content/themes/
Disallow: /xmlrpc.php
Disallow: /trackback/
Disallow: /feed/

Sitemap: Your Sitemap URL here.

5. Grant your database user with limited privileges, example:

grant select,insert,update,delete,create,drop  \
on db_name.* to 'dbuser'@'localhost' identified by 'password';

6. Use security plugin like Better WP Security, All in One WP Security & Firewall, Acunetix Secure WordPress, BulletProof Security  or other security plugin which your choose, this all plugin will create .htaccess file to secure your WordPress and do some file permission modification and also monitoring file change and 404 traffic.

7. Change WordPress Site URL, to do this, you can visit this link : http://codex.wordpress.org/Changing_The_Site_URL

8. Change all file and directory permission owner to local user, and left wp-content directory and sitemap file for apache user or www-data user, this step is optional, because I did it for my dedicated Linux server, you cannot do this on share hosting.

9. And important tips is always update to the latest WordPress core version and also always backup your latest document root and database.

I think that's it some tips for basic secure your WordPress from me, for you who need more advanced technique and more complete tips for getting WordPress secure, below is good resources to read:

http://codex.wordpress.org/Hardening_WordPress
http://wordpress.org/support/topic/website-repeatedly-hacked

Oh..., for last options you can make secure php using suhosin, some hosting providers use it, or add some configuration on php.ini, modify disable_functions section, see below code:

disable_functions = chgrp, show_source, phpinfo, exec, popen, pclose, php_eval,
safe_dir, root, ftok, posix_access, egy_perl, symlink, set_time_limit, ini_restore, shell_exec, passthru,
ini_alter, openlog, syslog, readlink, link, leak, escapeshellcmd, proc_close, proc_get_status, proc_nice,
proc_open, proc_terminate, pcntl_exec, wscript, apache_child_terminate, apache_setenv, define_syslog_variables,
escapeshellarg, escapeshellcmd, exec, fp, highlight_file, ini_get_all, inject_code, mysql_pconnect, php_uname,
phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, posix_getpwuid, posix_kill,
posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status,
proc_terminate, system, xmlrpc_entity_decode, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put,
ftp_raw, ftp_rawlist, dl, curl_exec, curl_init

You can adjust above disable_functions according what your needs.

Thanks and Regards,

WordPress 3.81 Check Update Not Running on Dashboard

As we all know WordPress core will updated regularly, and until this article I posting the version is 3.81, and to update it, you no need go to they site, because check update running automatically on WordPress Dashboard and show warning to update a new version, the message sounds like "WordPress 3.81 is available please update now", but how if WordPress 3.81check update not running on dashboard ? and that warning is gone or not available ?

I got this situation when log-in into one of my website running WordPress 3.8, inside dashboard, I can not find above warning and can not simply doing one click automatic update to upgrade core to 3.81 version, do some search with search engine is also not solve my problem, I am start thinking to do manual update.

But before do manual update, accidentally I click Plugins menu on my dashboard, see image below:

WordPress 3.81 Check Update Not Running on Dashboard

After click it, update warning for plugins show and only three update all about new plugins, but not for update core, so immediately click on top update warning, see image below (watch red arrow):

WordPress 3.81 Check Update Not Running - Click Plugins

In this step all my update check warning showing, and do easily one click update to new version of WordPress, and continued with plugins updated, so my problem is solved, see image below:

WordPress 3.81 Check Update Not Running - Update Show

For above situation, I got my personal opinion, because my site using non responsive theme, the update check warning not show automatically on my dashboard (it is not happen with my other webiste which using responsive theme).

So, if you use non responsive theme and have some situation with me, click Plugins menu first to get update check warning show on your WordPress dashboard, yup this is simply way to resolving it.

-- UPDATE  October 24th, 2015 --
This steps run for WordPress Version 3.8.1 and above

I hope this can be useful for someone whit same problem with me, thanks.

February 11, 2014

Fix WordPress Missing Required Field and Hcard Error

Fix WordPress Missing Required Field and Hcard Error
Richsnippet Preview is tool on Google webmaster which check your website structure data and display it like seacrh engine display your site on search results, but some times when test it, you will found some error warning, for blogger you can read fix microdata check error on Blogger, and this article will show you how about fix WordPress missing required field and hcard error.

Common error warning  show on WordPress site about stucture data check is:

Error: Missing required field "entry-title".
Error: Missing required field "updated".
Error: Missing required hCard "author".

A little different with Blogger, to fix above error on WordPress, you must search where it located on your website document file, because it depend on your active theme or template, by default you can search single.php on your theme directory, find and change code like below:

To fix required field entry-title error :

<h1 class="title"><?php the_title(); ?></h1>

change to:

<h1 class="entry-title"><?php the_title(); ?></h1>

Missing required field updated:

<span class="date"><?php the_time('j F,Y'); ?></span>

change to:

<span class="date updated"><?php the_time('j F,Y'); ?></span>

Missing hcard author:

<span class="theauthor"><?php the_author_posts_link(); ?></span>
   or
<span class="theauthor"><?php the_author(); ?></span>

change to:

<span class="vcard author">
<span class="fn"><?php the_author_posts_link(); ?></span>
</span>

   or

<span class="vcard author">
<span class="fn"><?php the_author(); ?></span>
</span>

If you use framework or other WordPress theme which not use single.php to show three things above, you must search and find what is relevant file which show that information, sometimes it in loop.php, or function.php or content.php in theme directory.

My experience with my WordPress theme is in content.php, content-single.php, content-page.php, and  found one warning about: mydomain/tag/my-tag, and fix it from tag.php file, so how about yours?, you must find relevant file before fix about this error warning.

After finished, check: http://www.google.com/webmasters/tools/richsnippets

Thanks to visit.

January 25, 2014

Create WordPress to Blogging For First Time

WordPress actually is an open source CMS (content management system) with wordpress.org domain as they communtiy, but there is another WordPress with wordpress.com domain which one of the most blogging service in the world, but wordpress.com not only serve free blogging service but also provide premium service for personal or business. Here will be show how to create WordPress to blogging for first time.

Before you register or sign-up, you must have an active email account that will be used to these requirement, so go grab one of free email account from yahoo or gmail. After you have one active email account go to WordPress home page address on http://wordpress.com, click Get Started button to sign-up, see image below:

create wordpress to blogging for first time

Now you will be prompt to choose username, password and domain which will use on the address for your blog, you must fill on required field to register. I see there are some differences in new sign-up on wordpress.com now, they offer paid domain and premium services in register box, a few days ago when I sign-up to them this option is not there, you can see with this image below:

create wordpress to blogging for first time  - register domain

As you can see, you can choose which plant you will use from the first time, once you done click Create Blog button and register process completed, now you can log-in to your dashboard and looking a blog which you create before, you can create more than one blog, see image below:

create wordpress to blogging for first time - posting article

In this position your blog is ready and you can start blogging with your first post, or if planned to do it  later, you can log-in back with your wordpress.com address that you created, the url is http://YOUR-BLOG.wordpress.com/wp-admin, see login form below:

create wordpress to blogging for first time - wp-login

That's it, happy blogging.