How To Secure Your WordPress Blog From Hackers

I really like the guys at Inmotion Hosting. Normally when your blog get puts a huge load on their server the host usually shuts you down. The then send you and email and tell you to fix the problem. On the weekend I was notified that Ez eSports Betting had suffered a brute force attack! Instead of the usual “Hey dude, your site is stressing out our server fix it or else” email the guys at Inmotion Hosting they temporarily disabled the login script.

Secure WordPressThis is so much better than taking your blog offline as you’re the only one affected. As for everyone else business goes on as usual. They also provided a link as to how you can prevent these type of attacks. As I wanted to make my WordPress blog as secure as possible I took their advice.

Secure WordPress From Devilish Hackers

As you can see I produced a step by step video as to how you can secure your WordPress blog from hackers. As some brute force attacks focus on your wp-admin and wp.login.php scripts the following fixes will require them to provide a username and password before they can have access to your wp-admin! This takes all the stress off the servers making for happy hosts, secure WordPress sites and disappointed hackers.

I give credit where credit is due so I’m going to link to the tutorial that helped me to secure my blogs. Now where there is nothing wrong with that tutorial there was a couple of points that I misunderstood which caused me some issues. My fault not theirs! So, I thought it a good idea to do my own version in the hope that other non techies can benefit from it.

Note, this will only work on self hosted WordPress blogs that have access to cPanel.

Secure WordPress Login Steps

Note, you should always make a backup of any file before you edit it.

  1.  Click on Password Protect Directories found under your security section of cPanel
  2. Select your document root and then click on go.
  3. Click on the wp-admin directory
  4. Check Password protect this directory, give it a name, then click save
  5. Click on Go Back
  6. Now select a strong username! I like to think of my username as an extension of my password. Not using your actual name or easy to guess words makes it that much harder for hackers to infiltrate your security
  7. You can use the password generator or invent your own difficult password. Use uppercase, lowercase, numerals and other characters to make your password as difficult as possible. My password always have more than 10 characters which I store in my password manager.
  8. Once you’ve entered your username and password you click Add/modify authorised user. If you now try to login to your wp.admin you will be prompted with a username and password screen.
  9. Now go back to cPanel and click on File Manager, Select the Document Root for your domain. Check Show Hidden Files (dotfiles), then click Go.
  10. Click on you wp-admin directory, highlight your .htacess file and click edit. Then add the following code to your .htaccess
    ErrorDocument 401 "Denied"
    ErrorDocument 403 "Denied"
    
    # Allow plugin access to admin-ajax.php around password protection
    <Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any
    </Files>
  11. Just in case you’re wp-admin doesn’t have an .htaccess here’s mine in it’s entirety.
    ErrorDocument 401 "Denied"
    ErrorDocument 403 "Denied"
    
    # Allow plugin access to admin-ajax.php around password protection
    <Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any
    </Files>
    
    AuthName "WPSecurity"
    AuthUserFile "/home/edit/.htpasswds/public_html/wp-admin/passwd"
    AuthType Basic
    require valid-user
    

    Note, where mine says edit you would put whatever is that part of your cPanel as highlighted in the video. Don’t forget to click on save once you’re done.

  12. OK, now from the left-hand directory listing, click on public_html. Right-click on your .htaccess file, then click on Edit.
  13. Now paste the following code to your .htaccess
    ErrorDocument 401 "Denied"
    ErrorDocument 403 "Denied"
    
    <FilesMatch "wp-login.php">
    AuthType Basic
    AuthName "Secure Area"
    AuthUserFile "/home/edit/.htpasswds/public_html/wp-admin/passwd"
    require valid-user
    </FilesMatch>

    Once again don’t forget to replace the ‘edit’ part of my code to reflect the information in your cPanel. When all is done click on save.

Your WordPress blog is now so much more secure than it was before you started this little exercise. Having said that there is one more bit of code that you add to make it even more bulletproofed. Once again Inmotion Hosting provided me with the solution to “limit WordPress admin login attempts by IP address, or referrer.”

As my IP is always changing I went for the “you can protect your WordPress site by only allowing login requests coming directly from your domain name. Simply replace example.com with your own domain name

Most brute force attacks rely on sending direct POST requests right to your wp-login.php script. So requiring a POST request to have your domain as the referrer can help weed out bots.”

Here is the code to add to your .htaccess, the one you’re just finished editing.

ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"

<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Secure Area"
AuthUserFile "/home/edit/.htpasswds/public_html/wp-admin/passwd"
require valid-user
</FilesMatch>

# WordPress Security

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?example.com [NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ - [F]
</IfModule>

# End WordPress Security

The new code is the one between the #Wordpress Security tags. Just make sure you replace example.com with you’re own domain.
That’s it! Your WP blog is now a lot securer than it was. I’ve even deleted my “limit login attempts” plugin as it’s no longer needed removing some of the strain placed on my server.

I hope you’ve found this post useful. If so why not share it around. :smoke_tb:

Digiprove sealCopyright secured by Digiprove © 2015

Changing The Category Header On Your WordPress Blog

Do you remember the post I did on Changing The Headers On Your WordPress Pages? I was thinking the other day about how cool it would be to have different category headers for my blogs. Well, now that I’ve updated to FlexSqueeze2 I’m able to change the headers on my categories as well! How cool is that?  :drunk_tb:

Why Change Your Category Header?

Why changer your category headers? I’m so glad you asked.  :tongue_laugh_ee:  To me the most important reason for changing the image of your category headers is it shows your readers right from the start what each category is all about. They don’t say a picture is worth a thousand words for nothing you know.

Category header Victoria-Sports-Jokes-mobile

Then there is also the added SEO benefit. You get this by giving your header the appropriate SEO related (by using your keywords) name. Another reason I like is it makes my blog stand out from the rest by being different.

Apparently there is a plugin that does this but my blogs are already plugin top-heavy.

Anyway I’ve produced a video that shows just how easy it is to have different category headers. Just follow the easy steps listed below.

Steps To Having Different Category Headers

  1. First you have to design your header. I used The Logo Creator to make mine. It’s best to keep to the same dimensions as your original header.
  2. Next you upload it to you images directory.
  3. Then you go to the category section of your WordPress blog, (found in posts / categories) and click the edit button of the category that you want to have a new category header. When there look in the url for the ‘ID’ number and copy it down.
  4. Next go to your FlexSqueeze options and click on Custom CSS Settings. Once there you paste the following code.

    .category-29 #header {background-image: url(http://ezesportsbetting.com/images/Victoria-Sports-Jokes.PNG);}

    Note the ID in red and the url to your image in blue!

  5.  Next we paste the following code to remove the blogs title and tag line.

    .category-29 #titlelogo {display:none}

Once again note the category id in red.

I’ve also changed the category header on my Hot Sports Babes category. In time I hope to change all the category headers.

How To Change The Category Headers Of A WordPress Blog

That’s pretty well it. Once that is done you simply clear any cache plugin and you’re good to go.

Stay tuned for some of the other unique features being enjoyed by all FlexSqueeze2 owners.

Digiprove sealCopyright secured by Digiprove © 2015

How To Fix Rich Snippets

Ever since Google introduced its rich snippets, webmaster and bloggers alike have been tearing their hair out trying to make their sites compliant. I know, because I’ve seen how many people are Googling rich snippets, hoping that Google can solve the problem that they started in the first place. Unfortunately it seems a lot of them aren’t finding a solution to their problem.

At least this post will fix rich snippets for Flexsqueeze owners. So why all the fuss?

According to Google….

 

Adding structured data to pages on your site helps Google’s algorithms understand their content and index them better. The structured data gathered from your site can be used to improve the page’s search entry, for example, to generate rich snippets, which provide an improved page summary in our search results. There are several ways that you can add structured data to your web pages: by adding markup to your pages, using Data Highlighter, or using Google’s Merchant Center.

Even though Google tries to help us by giving examples, because of all the different themes and platforms out there these examples just seem to drive us batty. Why is it working for everyone else and not for us?

I’ve never worried about it until I started my Sports Betting blog. I want that blog to do really well and that means, as much as it pains me, I have to do all I can to please Google. That meant getting the ‘rich snippets’ to appear correctly on all my pages. It was simple enough to get the ‘authorship’ part to work so that my image appears in the search engines.

rich snippets

All I had to do for that was to add the following code….

<a rel=”author” href=”https://plus.google.com/105130553592815175528″>About Peter Pelliccia</a>

…. into the ‘footer script’ part of Flexsqueeze theme options found in the Analytics/Javascript/Favicon menu.

The problem was, even though everything else was working fine I was getting the following errors. 

Error: Missing required field “entry-title”.

Error: Missing required field “updated”.

Error: Missing required hCard “author”.

It took me ages to fix them all but now that I have I want to share it with all the other Flexsqueeze owners who may be having problems with their rich snippets.

How To Fix Rich Snippets On Flexsqueeze

In the WordPress Dashboard go to Appearance and then click on editor at the bottom of the selection. The first file we want to edit is the Single Post (single.php). Find the following bit of code….

<h1><?php the_title(); ?></h1>
				<?php if (get_option('flex_metadata_show') == "yes") { ?>
				<div class="postMeta">
					<div class="postdate">
						<?php the_time('l, F jS, Y') ?>
						at
						<?php the_time() ?>
						&nbsp;
						<?php edit_post_link('Edit'); ?>
					</div>

 

We need to change that to;

<h1 class="title single-title entry-title"><?php the_title(); ?></h1>
				<?php if (get_option('flex_metadata_show') == "yes") { ?>
				<div class="postMeta">
					<div class="postdate date updated">
						<?php the_time('l, F jS, Y') ?>
						at
						<?php the_time() ?>
 by
<span class="vcard author"><span class="fn"><?php the_author(); ?></span></span>
						&nbsp;
						<?php edit_post_link('Edit'); ?>
					</div>

We will also need resolve this issue in the by fixing the Archives (archive.php).We need to change the following code. 

<h2><a title="Permanent Link to <?php the_title(); ?>" href="<?php the_permalink() ?>" rel="bookmark"><?php the_title(); ?></a></h2>
				<div class="postMeta">
        <?php if (get_option('flex_metadata_show') == "yes") { ?>
          <div class="postdate">
            <?php the_time('l, F jS, Y') ?>
            at
            <?php the_time() ?>
            &nbsp;
            <?php edit_post_link('Edit'); ?>
          </div>

so it looks like the following.

<h2><a title="Permanent Link to <?php the_title(); ?>" href="<?php the_permalink() ?>" rel="bookmark" class="title single-title entry-title"><?php the_title(); ?></a></h2>
				<div class="postMeta">
        <?php if (get_option('flex_metadata_show') == "yes") { ?>
          <div class="postdate date updated">
            <?php the_time('l, F jS, Y') ?>
            at
            <?php the_time() ?>
 by
<span class="vcard author"><span class="fn"><?php the_author(); ?></span></span>
            &nbsp;
            <?php edit_post_link('Edit'); ?>
          </div> 

Finally we have to change the code that’s found in the Main Index Template (index.php)

<h2><a title="Permanent Link to <?php the_title(); ?>" href="<?php the_permalink() ?>" rel="bookmark"><?php the_title(); ?></a></h2>
        
        <div class="postMeta">
        <?php if (get_option('flex_metadata_show') == "yes") { ?>
          <div class="postdate">
            <?php the_time('l, F jS, Y') ?>
            at
            <?php the_time() ?>
            &nbsp;
            <?php edit_post_link('Edit'); ?>
          </div>

We need to adjust that bit of code so that it looks like this.

<h2><a title="Permanent Link to <?php the_title(); ?>" href="<?php the_permalink() ?>" rel="bookmark" class="title single-title entry-title"><?php the_title(); ?></a></h2>
        <div class="postMeta">
        <?php if (get_option('flex_metadata_show') == "yes") { ?>
          <div class="postdate date updated">
            <?php the_time('l, F jS, Y') ?>
            at
            <?php the_time() ?>
 by
<span class="vcard author"><span class="fn"><?php the_author(); ?></span></span>
            &nbsp;
            <?php edit_post_link('Edit'); ?>
          </div>

 

I’ve actually produced a video which you can see below. This video shows step by step how to edit each file so that you also can become rich snippet compliant. It’s also kind of nice to see your photo in the search engines. Naturally all of this will be in vain unless you have a Google + profile. The following link will show you what Google requires from you.

WordPress Tutorial How To Fix Rich Snippets

I hope this post helped you and if it did don’t forget to share with your mates.

Digiprove sealCopyright secured by Digiprove © 2014

About Peter Pelliccia"