Sunday, October 13, 2013

WordPress Security

WordPress is a target for hackers and crackers and they employ a number of methods, including attacking plugins and themes.  However your basic WordPress installation is increasingly a target for botnets and brute force attacks.

100's of compromised machines will hit your WordPress installation's login page to try various username and password combinations.

This can cause issues beyond the obvious one of your site being compromised.  The shear multitude of hits can drive bandwidth use as well as server load issues.

A popular and apparently effective plugin for this is Lockdown WP Admin.  It has a number of settings, one of which I feel is very effective in that you can change the URL for your Login page and admin directories...
http://seanfisher.co/lockdown-wp-admin/
http://wordpress.org/plugins/lockdown-wp-admin/

Other notable security plugins I believe are effective are:
 WP Super cache:  http://wordpress.org/plugins/wp-super-cache/
BruteProtect :  http://wordpress.org/plugins/bruteprotect/

Another often mentioned plugin, and one I consider essential is: 
Limit Login Attempts:  http://devel.kostdoktorn.se/limit-login-attempts

It is also imperative that all WordPress sites be updated routinely with any updates for WordPress itself as well as theme and plugin updates.  You should check your WordPress dashboard at least once a week for any updates...

We would appreciate any other suggestions WordPress users may have.

-Bob

Moving/Migrating WordPress

I have recently found myself developing a number of WordPress sites and usually the process starts with a Development site (a subdirectory of either the web site where the WordPress install is intended for or on another site subdirectory).  Either way WordPress must be moved once development is completed, and that process has been tedious at best...  Until...

I thought I would search for posts relating to moving/migrating a WordPress site, for a better method than I last used, and I stumbled across this site, http://weavertheme.com.  I happen to be using Weaver II as the theme for this site however the method to move WordPress should work with any theme.

The bellow steps are based on this post, the big part of this is a new Plugin WP MIgrate DB
http://weavertheme.com/migrate-your-site-to-new-domain-name-or-new-server/

  • Step 1:  Make a backup of your WordPress install and database for your Development site (just in case)
  • Step 2: Install WP on new server or final location, make sure the version matches your Development site, in this case 3.6.1 was the current version.
  • Step 3: Make sure the new Install works and you can login.
  • Step 4: Delete the wp-content directory on the New site
  • Step 5: Download the complete wp-content directory from your Development site
  • Step 6: Upload the wp-content directory you downloaded from the Dev site to the New site
  • Step 8: Run WP MIgrate DB on the Devolpment site and save the sql file it generates on your computer
  • Step 9: Using phpMyAdmin Drop all content from New Site Data base. 
Select the database name used for the new site. Select the Structure view of the database, click the Check All option at the bottom, and finally from the “With Selected” dropdown pick “Drop”. Then Press Go
  • Step 10: Using phpMyAdmin again use the Import function and Import the sql file created from WP MIgrate DB
  • Step 11:  Then Open New Site it should work under the new Domain name and/or location.
When you use  WP MIgrate DB you will enter the New Information and the generated Database SQL file will be all set fir the New Domain and/or Location.

Click on Migrate DB and you will see.

I hope this helps those of you that need to move a WordPress installation...

Thanks to the Weaver II folks and I personally recommend the Weaver II WordPress theme, super modifiable and more choices than i can shake a stick at ;)

-Bob