Wordpress – Iceberg Web Design https://www.icebergwebdesign.com Fri, 17 Dec 2021 17:43:25 +0000 en-US hourly 1 https://wordpress.org/?v=5.8.3 https://www.icebergwebdesign.com/wp-content/uploads/2019/03/cropped-iceberg-favicon-32x32.jpg Wordpress – Iceberg Web Design https://www.icebergwebdesign.com 32 32 Answering log4j Vulnerability Questions https://www.icebergwebdesign.com/2021/12/answering-log4j-vulnerability-questions/ Fri, 17 Dec 2021 17:35:21 +0000 https://www.icebergwebdesign.com/?p=16811 Is my Website Impacted By The log4j Vulnerability? You may have seen news about the recent log4j vulnerability issue that is currently circulating. We’re hoping to provide some short insight, and help you ensure that your website is safe and secure. log4j is a component for Java servlets. If your website is using WordPress, it […]

The post Answering log4j Vulnerability Questions appeared first on Iceberg Web Design.

]]>
Log4j Code

Is my Website Impacted By The log4j Vulnerability?

You may have seen news about the recent log4j vulnerability issue that is currently circulating. We’re hoping to provide some short insight, and help you ensure that your website is safe and secure.

log4j is a component for Java servlets. If your website is using WordPress, it is using PHP as its server side language (not Java). Most smaller WordPress websites themselves will not be affected by this vulnerability, however websites with third party integrations and plugins may be using software that relies on Java programming.

The best way to protect your website from any vulnerabilities is to ensure that your website software and all plugins are up-to-date. If you are concerned about this vulnerability, or future potential ones, our recommendation is to update your website software to the most recent, stable versions.

At Iceberg, we take security vulnerabilities very seriously, and have maintenance plans in place to ensure our customers websites remain secure.

If you need website help, or have questions about your website’s security, you can always contact our team online or give us a call at 763-350-8762.

The post Answering log4j Vulnerability Questions appeared first on Iceberg Web Design.

]]>
WordPress Features Including Blog Transfers, Custom Post Types, & Photo Galleries https://www.icebergwebdesign.com/2021/03/wordpress-features-including-blog-transfers-custom-post-types-photo-galleries/ Wed, 10 Mar 2021 15:00:17 +0000 https://www.icebergwebdesign.com/?p=15936 The website development industry uses a lot of specialized terminologies. So, unless you have a background in the web development industry, when you sit down to talk with a website developer about your future website, there will be some words used that you may not understand. There will be others you know but may want […]

The post WordPress Features Including Blog Transfers, Custom Post Types, & Photo Galleries appeared first on Iceberg Web Design.

]]>
The website development industry uses a lot of specialized terminologies. So, unless you have a background in the web development industry, when you sit down to talk with a website developer about your future website, there will be some words used that you may not understand. There will be others you know but may want more context as to how it affects your site. This is especially the case with features.

Website

Features are notable additions to a website that make it unique and useful to your visitors and your company. These features are also more challenging to design, so often, they add an extra charge to your bill. The good news is, they are usually well worth it!

In this article, we will look at 3 of the most basic features or add-ons to your site:

  •         Transfer of a WordPress Blog
  •         Custom Post Type
  •         Photo Galleries

Transfer of a WordPress Blog.

Often when clients come to us, they have an old site with many blog posts. All of these URLs are valuable for SEO. If we pull them off the web, any backlinks or bookmarks people may have saved will end up leading to a 404-error page, telling the user that the page can’t be found. This is an easy way to lose a potential customer, and your site’s SEO will take a significant hit.

To prevent this, we always recommend transferring your WordPress blog to your new site. Anything you don’t want to move over, we will redirect you to your new home page during the site’s development.

Custom Post Type

WordPress is an extensive content management system (CMS). WordPress content is arranged by post types and by default by:

  •         Post
  •         Page

Anytime you have content that isn’t a post or a page, you can create a custom post type. Perhaps you are selling something. The most popular custom post type is Woo Commerce products. A product page would be a custom post type.

Other examples would be:

  •         Book Reviews
  •         Movies (for a movie theater)
  •         Services

Anything. The main thing about a custom post type is that it will have customized fields to input data. Let’s look at the example of movies. You might have fields for:

  •         Movie Title
  •         Synopsis
  •         Starring
  •         Rating
  •         Showtimes
  •         A ticket buy button

This will create consistency in the appearance of the movie pages. Also, the movies will all be organized together on the backend of the site, making them easy to find.

Photo Galleries

Photo galleries are a great way to show off your services. If you own a construction or remodeling company, you can display pictures of the homes or businesses you have built or remodeled. If you are a Salon owner, you can show examples of your work, such as adding hairstyles, highlights, haircuts, etc.

We can use plugins to display your photos beautifully. Some plugins will integrate your photos with social media, such as Pinterest or Instagram.

Creating a website can be a complicated process. Our team of WordPress Experts does it every day, so you don’t have to. If you want a new website for your business, contact us today!

The post WordPress Features Including Blog Transfers, Custom Post Types, & Photo Galleries appeared first on Iceberg Web Design.

]]>
Why You Should Keep WordPress Plugins Updated https://www.icebergwebdesign.com/2021/03/why-you-should-keep-wordpress-plugins-updated/ Fri, 05 Mar 2021 17:40:41 +0000 https://www.icebergwebdesign.com/?p=15963 At times it can feel like your WordPress site is continually needing attention. Between plugins and themes, the updates come one after another. There is an excellent reason to stay on top of those updates—actually, there are three good reasons:         Improve Security         Fix Bugs       […]

The post Why You Should Keep WordPress Plugins Updated appeared first on Iceberg Web Design.

]]>
At times it can feel like your WordPress site is continually needing attention. Between plugins and themes, the updates come one after another. There is an excellent reason to stay on top of those updates—actually, there are three good reasons:

  •         Improve Security
  •         Fix Bugs
  •         Adding Features and Functionality

website hacker in sunglasses

Improve Security

The best way to improve your WordPress site’s security is to update your WordPress themes and plugins. While you are at it, remove any plugins that you don’t use to minimize the risk of a hacker exploiting them. There has an uptick in attacks on WordPress sites lately, so it’s a good idea to make it as challenging as possible for hackers to get into yours.

One Customer’s Story of Getting Hacked

We recently worked with a customer whose site got hacked. Thankfully, we found the issue the day it happened and removed all the malicious code. We then had to restore the site, update all security keys and reset all the account passwords, which was time-consuming and expensive for the customer. The plugins were all out of date, the WordPress core was two full versions behind current, so while it is impossible to know precisely how the breach happened, the most likely culprit was the WordPress core being so out of date.

Fix Bugs

Updating WordPress plugins and themes also fixes bugs and general conflicts between plugins. While some people become annoyed when they see it is time to update, again, they should feel good about the fact that the developer of the plugin or theme is doing their due diligence to release an update when they have found something that can adversely affect your website either now or in the future.

One Customer’s Story of a Buggy Plugin

A recent story Recently, a customer’s form stopped working because the ReCaptcha wouldn’t validate. The issue turned out to be a conflict with the Autoptimize plugin – which is used to make your site faster by optimizing CSS, JS, Images, Google fonts, and more. – Seems unrelated, right? But updating the plugin solved the ReCaptcha issue.

Adding Features and Functionality

Updating your WordPress Plugins isn’t just about security and squashing bugs. It’s also done to ensure you have the most up-to-date features and functionality available for your website. Developers work hard to create plugins. So reputable developers will release updates when they learn that there is an issue with the plugin they need to fix or improve. Sometimes they even make special requests.

WP Docs

We had used WP Docs on websites to organize forms for customers in the past and liked how it worked. It did lack one thing, however. It didn’t let you sort the documents by date. This was a feature that one of our customers wanted for their website, so our developer contacted the plugin author to see if they could help. They agreed it was a great idea and said they would include it with the next update. Sure enough, when version 1.7.3 was released, sorting the documents by date was part of the premium features.

Updating Your Plugins Is Easy

Why Should You Keep Your WordPress Plugins Updated? Because it can be made super easy! Iceberg Web Design customers can purchase quarterly or monthly maintenance packages and get all their plugins updated and their forms tested regularly by our website professionals. Contact us today to learn more!

 

 

The post Why You Should Keep WordPress Plugins Updated appeared first on Iceberg Web Design.

]]>
Ways to Make Your Site Mobile-Friendly https://www.icebergwebdesign.com/2021/01/ways-to-make-your-site-mobile-friendly/ Tue, 26 Jan 2021 14:20:23 +0000 https://www.icebergwebdesign.com/?p=15843 More people access the web with mobile devices such as smartphones and tablets than desktop and laptop computers. Thus, Google requires websites to be mobile-friendly to show up in mobile search results. So, it is essential to have your site optimized for mobile. To find out whether Google sees your site as mobile-friendly, you can […]

The post Ways to Make Your Site Mobile-Friendly appeared first on Iceberg Web Design.

]]>
More people access the web with mobile devices such as smartphones and tablets than desktop and laptop computers. Thus, Google requires websites to be mobile-friendly to show up in mobile search results. So, it is essential to have your site optimized for mobile.

Elderly Couple On Mobile Devices

To find out whether Google sees your site as mobile-friendly, you can check your site with Google’s Mobile-Friendly Test tool. How did your site fare? If it did well, you are good to go! If it could use some improvements, read on!

Responsive and Adaptive Design

A mobile-friendly website starts with a responsive or adaptive WordPress theme. Responsive design means that as the screen narrows, so do the elements within the screen. This is ideal for smaller screen sizes such as smartphones.

Adaptive design is similar except that when the screen narrows to a specific predefined breakpoint, the elements will adapt. This works well for larger screen sizes. You can even see this at work on your desktop computer. Go to Iceberg Web Design’s home page and then slowly make the browser window smaller. As you do, you will see some changes take place. The menu changes, text, and images get smaller.

If your site is not responsive or adaptive, it was likely built before the responsive code frameworks came out. In that case, it will be easier to rebuild your site with the current code.  

Create a Mobile-Friendly Site from the Beginning.

It starts with the design of your site. It helps to keep in mind that your site will have to look good on a small screen. It isn’t just a shrunken version of the way your site looks on PC. Using a grid helps a lot with this. They make your design more balanced and appealing. They offer the ideal adaptable structure that works well for both a full-sized desktop and mobile design.

Make your content Mobile Friendly

Remove distractions on the page. This is clutter on the page that slows load time and makes it harder for users to get to the information they want to find. You can help users find what they need most by showing your most important information at the top of the page. Then, offer additional information when people ask for it.

Use large, standard fonts to make copy easy to read and buttons that are large and ideally at the bottom of the screen and opposite of the thumb.

Don’t just shrink the screen. Stack it.

When adapting a page for mobile, you may come across columns that become too narrow to be of any practical use. You should stack one on top of the other to create a more visually appealing, mobile-friendly page.

Adapt your images for Mobile

As your screen-size gets smaller, you will want to reduce the size of icons, images, and other visual elements. Play around with it a bit because you don’t want these design elements to become so small that they are useless.

Pay Attention to Your Navigation Menu

A full menu isn’t going to span your smartphone’s screen the way it does your desktop screen. It would be much too small to read. At Iceberg, we use something known as a “hamburger menu.” It’s different from the one at your favorite drive-thru. The hamburger menu compresses your menu into a vertical, tappable, drop-down menu.

Keep the Mobile User in Mind.

Desktop users are sitting at home or in their office. Mobile users are usually on the go. It’s essential to keep this in mind when designing your site. On desktop computers, it’s common to see a call to action asking the user to download something free such as an article (usually in exchange for their email address). On a mobile phone, that’s not practical. Sometimes changes must be made right down to the content. In this case, when the screen is a mobile configuration, the call-to-action can change to request “Get the Free Article.” You still request their email address, and the article gets sent to them so they can download or print it later at their convenience.

The post Ways to Make Your Site Mobile-Friendly appeared first on Iceberg Web Design.

]]>
WooCommerce: The Good, The Bad, And The Ugly https://www.icebergwebdesign.com/2017/05/woocommerce-good-bad-ugly/ Mon, 15 May 2017 13:23:04 +0000 http://dev2020.icebergwebdesign.com/?p=9684 If you decide to sell a product online, you have many options to choose from when looking for software to power your online store. The most popular website publishing platform today is WordPress. In fact, more than 25% of all websites today are powered by WordPress, with the closest competitors not even coming close. WordPress […]

The post WooCommerce: The Good, The Bad, And The Ugly appeared first on Iceberg Web Design.

]]>
E-Commerce: Selling Online?

If you decide to sell a product online, you have many options to choose from when looking for software to power your online store.

The most popular website publishing platform today is WordPress. In fact, more than 25% of all websites today are powered by WordPress, with the closest competitors not even coming close. WordPress is popular for a number of reasons. Our website development firm uses WordPress as our primary publishing platform for quite a few reasons:

  • WordPress is Open Source, meaning that the software is, ultimately, free and the license allows you to modify it as you need.
  • Because it is Open Source, WordPress is consistently being updated for features and security.
  • WordPress is fully expandable, with thousands of free and premium add-ons readily available.
  • WordPress is, by far, the most user-friendly website publishing platform for our customers, who don’t need to know HTML to update their website.

Given the global popularity of WordPress, it isn’t surprising that WooCommerce, a popular e-commerce add-on for WordPress, is the leading global e-commerce platform today.

What is WooCommerce?

WooCommerce: WordPress Shopping Cart

WoocCommerce is a free e-commerce add-on (plugin) that embeds directly into any WordPress website. This cool open source plugin is capable of selling any product straight from your website. When you install WooCommerce on your website, the entire basic online purchasing process is set up for you: product management, adjustable price points, shopping cart, and checkout process.

To add WooCommerce to your WordPress site, simply go to the Plugin section, perform a search for WooCommerce, and download and install. Once WooCommerce is activated, you will be able to edit all of the settings to configure your unique online store and begin selling.

WooCommerce: The Good

Many businesses turn to this popular plugin to implement what complicated coding would take several hours and heaps of money to create.

There are a lot of delightful features to the WooCommerce plugin, and it is difficult to create an exhaustive list of all of the great features WooCommerce includes out-of-the-box. Let’s take a look at some highlights:

  • Free: WooCommerce in its basic form doesn’t cost you a dime; many of its add-ons are also free.
  • Lots of Add-ons Available: A variety of free/paid add-ons means WooCommerce leaves no stone unturned. With multiple ways to pay and different types of orders, your customers can have the ability to shop online, create online bookings, or personalize their orders.
  • Easy to Use: This is a plug and play add-on. One installed you can simply enter your product information, add your PayPal account, and let it do its thing. It comes with every page template you need for checkout, so you don’t miss any steps in the buyer’s journey. WooCommerce even has an onboarding guide that walks you through the entire process.

From the customer’s vantage point, buying from a WooCommerce-powered website is incredibly smooth. Like any other online store you select your products, shipping, and payment methods. No need to contact the business directly, or go through any hoops – the entire online purchasing experience is streamlined.

  • Adjustable Shipping Rates and Taxes: WooCommerce allows adjustable shipping and tax costs. You enter a flat rate based on the location of your customers and chose if you want to include taxes. You can make some items ship for free and others cost or even base the shipping fee on how ‘bulky’ the item is.
  • Coupon Integration: Got a special? Easily set up online coupons for your customers!
  • Mobile Friendly: Everyone is browsing and buying via their phones these days, which is why it’s important your site is mobile friendly. Of course, your main website needs to be mobile-friendly as well, but WooCommerce is built to perform exceptionally well on mobile devices.
  • Order History, Order Status, Customer Accounts: Shoppers appreciate a website where they can fully manage their orders. WooCommerce makes this easy, with an integrated account section for your customers, and customizable e-mail templates to keep your customers updated about the status of their orders.

WooCommerce: The Bad

No plug-in is perfect; WooCommerce is no exception and has drawbacks you should weigh carefully against your business plan. Long term advantages of using WooCommerce should be as important as the short term—you want this add-on to grow with you, not hinder you. With that being said, there are some things that are not too attractive about WooCommerce.

  • Doesn’t come with themes: WooCommerce’s look and feel is based on your current WordPress theme. This isn’t necessarily a bad thing, if your theme integrates with WooCommerce, and you enjoy tweaking and personalizing your site. However, it will take some time to set the store to your exact tastes. We set up the vast majority of our websites in WordPress and can help customize your WooCommerce installation to match the rest of your website.
  • It’s a Resource Hog: Generally, website hosting plans include specific upload space and resources. WooCommerce can eat up a lot of it so you may have to budget for a better hosting plan.
  • Plugins Slow Down Performance: Incorporating lot of WordPress plugins can slow down the performance of your site. WooCommerce is no different, especially as it takes up a lot of space and memory.
  • Prices Can Add Up: While WooCommerce includes a lot of features out-of-the-box, many store owners will find that they need to purchase premium plugins in order to achieve the e-commerce website their business needs. WooCommerce has released a number of premium (paid) extensions to improve store performance, and there are hundreds of other online market places and authors with premium WooCommerce extensions available.  E-commerce features such as allowing customers to book services, sign up for subscription products, or personalize their products with images or text fields will require the purchase of a premium plugin license. These licenses often run on a per-year subscription basis, and can cost anywhere from $29-$500 per year depending on the feature you need.

WooCommerce: The Ugly 

Coding may be necessary when working with WooCommerce

If you are trying to put together a website without support from a professional development company, WooCommerce may not be the best fit for you. There are many downsides to WooCommerce that are down right ugly – and may be a deal breaker for the average DIY business owner. If you are the type of person who prefers to build your own website, consider these downfalls to WooCommerce before you sink hundreds of hours into building your store.

  • Coding and Scripting Conflicts: While one of the great features of WooCommerce is the ability to customize it with plugins, more often than not two independent plugins written by different authors may clash, and create chaos on your website. This is because most premium WordPress plugins use script libraries to function, which may conflict with the script libraries other plugins are using.We have worked with customers who, for example, have a great website add-on (let’s say a Wish List) on their WooCommerce website, and later wished to add an AJAX sorting plugin. The two plugins conflicted with one another and the site had a host of issues, from PHP and jQuery warnings, to broken page layouts. Unless you are familiar with the languages that WordPress and WooCommerce plugins are written in (PHP, jQuery, Javascript, and MySQL), you won’t be able to troubleshoot scripting conflects. You can always hire a professional to assist, but this will come with a high price tag. It’s best to know what you’re getting into before you hit download.
  • Vulnerable to Hacking: WordPress is particularly subject to hacking, as is WooCommerce because they are open source (coding is easily available to everyone). If you use WordPress/WooCommerce we advice you have a reliable developer and hosting provider who can keep your website updated and is clued in to new security releases.

Is WooCommerce Right For Your Business?

WooCommerce is wonderfully user friendly, and great for online stores. But you must ensure you have the support and help of professionals alongside it if you want peace of mind.

At Iceberg Web Design, our experienced developers can create your WooCommerce store, while making sure that you don’t experience any of the bad or ugly features outlined above. We also offer secure, managed WooCommerce hosting, full support, and we guarantee security updates and virus mitigation should any issues arise.

The post WooCommerce: The Good, The Bad, And The Ugly appeared first on Iceberg Web Design.

]]>
Why WordPress? https://www.icebergwebdesign.com/2017/01/why-wordpress/ Wed, 11 Jan 2017 17:49:32 +0000 http://dev2020.icebergwebdesign.com/?p=8893 Choosing a Content Management System (CMS) can be a daunting task. Between Joomla, ModX, Ruby on Rails, Drupal, Concrete5, DotNetNuke, Umbraco, TinyCMS, and WordPress, among others, there are certainly plenty of options to choose from.   In this article we discuss why we build a vast majority of our websites in WordPress and what advantages it […]

The post Why WordPress? appeared first on Iceberg Web Design.

]]>
WordPress

Choosing a Content Management System (CMS) can be a daunting task. Between Joomla, ModX, Ruby on Rails, Drupal, Concrete5, DotNetNuke, Umbraco, TinyCMS, and WordPress, among others, there are certainly plenty of options to choose from.   In this article we discuss why we build a vast majority of our websites in WordPress and what advantages it has over other CMSs.

 

Keep Up to Date on the Latest Technology

One main reason WordPress has kept its market share over the years is the constant improvement of the application. Regular updates to WordPress have added more features that allow users to include all types of content. From Fortune 500 companies, to government institutions, e-commerce businesses and membership websites, many organizations have found WordPress a perfect fit.  At this time there are 48,225 plugins for WordPress, allowing nearly endless options for users. Getting these plugins to communicate properly with your website and each other typically calls for hiring a company who works regularly with WordPress and has extensive knowledge of it’s framework, to ensure design and functionality are implemented flawlessly.

Grow Your Market Share

We use WordPress for a majority of our projects because most of our customers are looking to have a high ranking on Google and the other major search engines. WordPress allows us to use best practices for Search Engine Optimization (SEO), that makes it easier for us to rank our customers website. With the exposure of a being found easily on Google, we can help businesses generate a high return on their investment with their web presence. Our main goal is to solve the business needs for our customers and the SEO functionality of WordPress allows us to accomplish this by optimizing their content to rank on Google.

Don’t Let the Hackers Win

In this day and age cyber security is a top concern of any business that relies on their website to perform. Hackers are continuously trying to find loopholes to break into WordPress websites. Not to worry though, Iceberg Web Design has you covered. With regular updates being released, we stay on top of making sure that your website is updated, working correctly and protected from viscous hackers. These updates are very effective in keeping your website safe as long as you are paying attention to their release. This is why it is important to hire a professional team that works on a daily basis with WordPress and its updates to prevent hackers from disrupting your business.

Content is King in This Jungle

There is a saying “content is king” and this rings true for any successful website. To support this mantra, WordPress allows us to integrate different types of multimedia within our customers website. Then having the ability to train our clients to be able to update multimedia such as video, audio and text allows them to make changes themselves or hire us for a nominal fee. The importance of having good content that keeps your website visitors interested in what you have to offer and the information that surrounds your products or services. This is key to a healthy website that produces positive results.

Achieve Results

The ability of WordPress websites to be able to capture information from a visitor that wants to take action and talk with someone is a great feature. Building out your sales funnel is not only important for a business as a whole, but also the ability to incorporate it into your website to capture potential customers information. There are plugins that allow you to export information into email campaigns and incorporate retargeting to stay visible. Being able to incorporate contact forms, squeeze pages and your companies contact info in a creative way that spurs a “call to action” is one of the reasons why we choose WordPress so often.  Consumers want to be able to easily find the content they are looking for, reach out if they want to learn more about your goods and services and often times make purchases directly online. We find that the customizability of WordPress allows us to solve our customer’s business solutions on a daily basis.  This is why we choose WordPress for 95% of the websites we develop at our Minneapolis website development firm.

 

 

The post Why WordPress? appeared first on Iceberg Web Design.

]]>
WordPress 3.9 Release https://www.icebergwebdesign.com/2014/04/wordpress-3-9-release/ Wed, 16 Apr 2014 19:33:07 +0000 http://dev2020.icebergwebdesign.com/?p=3815 Just 4 months after the major upgrade with WordPress 3.8, a new version has already been released. We are testing the software on our own website and on a few client sites. We will be upgrading sites on our hosting servers to the newest version over the next week, once we determine that the release […]

The post WordPress 3.9 Release appeared first on Iceberg Web Design.

]]>
Just 4 months after the major upgrade with WordPress 3.8, a new version has already been released.

We are testing the software on our own website and on a few client sites. We will be upgrading sites on our hosting servers to the newest version over the next week, once we determine that the release is stable and works well with our core themes. If you’re in a rush to try out the new features, let us know and we’ll put your website on the top of the list!

The WordPress 3.9 upgrade adds quite a few improvements to content and media editing. Some of the exciting new features include:

Improved Visual Editing

editor

The updated WordPress visual editor has faster speed, accessibility, and better support for mobile devices. In this age where so much online traffic comes from mobile devices, now you have the power to manage your own website from your phone or tablet with more ease.

The visual editor has also been improved to make copying and pasting between programs (such as Microsoft Word or e-mail) easier. The improvements allow for you to copy and paste without cleaning up messy formatting and styles.

Image Editing in the Visual Editor

image

Now you can size images to the correct size directly in the visual editor, with a quick drag of the mouse. For people who frequently post content with pictures that need resizing, this will cut down a lot of time choosing the percentage at which to display your image. (In fact, we used this feature when writing this very blog post!)

Drag and Drop Images directly to the Media Editor

drop

Another feature we’re testing with this blog post: now you can drag photos from your computer directly to the visual editor to upload them. No need to click the “Add Media” – dragging a photo or music file directly to a post will open up the media uploader automatically.

Preview Gallery Images in the Visual Editor

gallery

 

Perhaps our favorite update: standard WordPress Galleries are now displayed in the visual editor as a full preview of all of the images in your gallery.

Built in Audio and Video Playlist Support

music

Now you can add simple audio and video playlists to your website pages or blog posts to showcase your music and video clips.

 

 

The post WordPress 3.9 Release appeared first on Iceberg Web Design.

]]>
Secure your WordPress Installation: How to prevent hacking attempts before they even start https://www.icebergwebdesign.com/2014/04/secure-wordpress-installation/ Wed, 02 Apr 2014 14:57:09 +0000 http://dev2020.icebergwebdesign.com/?p=3745 Iceberg Web Design takes website hacking very seriously, which is why we do all that we can to protect our customers’ websites from being exploited. From the use of security plugins to common sense practices when setting up your website, keeping the software updated, and strong security measures on our hosting servers, we are doing as much as we can to prevent hacking attempts before they even start.

The post Secure your WordPress Installation: How to prevent hacking attempts before they even start appeared first on Iceberg Web Design.

]]>
8 Tips for Keeping your WordPress Installation Secure

Lock Down your WordPress InstallationIf you recently ordered a Content Management Website Development package from Iceberg, chances are your website is powered by the popular Open Source Content Management System, WordPress.

We have been working with WordPress since our business was started in 2005. We have followed the software’s progress as it moved from a blogging platform into a very powerful content management system that is behind some of the most popular websites on the Internet. As of August 2013, WordPress is used by more than 18.9% of the top 10 million websites online.

Unfortunately, as the software’s popularity has risen, so have attempts to exploit – or hack – the software. In this digital age, unfortunately hacked websites a commonplace. Your own website may have even been hacked at one point.

Iceberg Web Design takes website hacking very seriously, which is why we do all that we can to protect our customers’ websites from being exploited. Though WordPress itself has many security features built in, there are a number of things that you can do to strengthen the admin side of your website even more.

We utilize a number of additional security measures when we develop WordPress websites. From the use of security plugins to common sense practices when setting up your website, keeping the software updated, and strong security measures on our hosting servers, we are doing as much as we can to prevent hacking attempts before they even begin.

Following are 8 security steps that we take to ensure that our customers’ WordPress websites do not fall victim to hacking attempts.

#1: Don’t Use “admin” as Your Login ID

When WordPress was first released, it came with a pre-defined Admin username of – you guessed it – “admin”.

The biggest mistake when setting up a WordPress website: using admin as the username

Many hackers use software that continually tries to log in using one username and hundreds or thousands of password combinations. The most common username used for WordPress hacking attempts is “admin.”

#2: Use A Strong Password

I can recall more than 4 cases over the last 10 years when we helped clean a hacked website because the website owner was using the username and password combination: admin/password.

I don’t think I need to go into detail about how important it is that you choose a strong password for your WordPress login – or all online accounts you have. The more difficult your password is to guess, the more difficult it will be for hackers to gain access to your website. Use a combination of capital and lowercase letters, punctuation marks, and numbers.

If you’re having problems coming up with a password, here is a link to a random password generator you can use (we recommend choosing at least 12 characters for a very strong password!)

#3: Keep the software updated

As soon as software is released, hackers are working around the clock to find a way to exploit it. In turn, the software developers are working to secure the software and prevent hackers.

Every new release of WordPress contains fixes and patches that address vulernabilies that hackers may find. If you keep your website and plugins running on outdated software for too long, you are running the risk of being exploited.

Keep WordPress Updated

As part of Iceberg’s monthly website hosting service, we update all WordPress websites we develop as soon as we determine the most recent release is stable and compatible with our themes and plugins.

#4: Limit Login Attempts

Have you ever forgotten the password for your e-mail or online bank account, only to try logging in 20 times and eventually be met by a screen telling you that you’ve attempted to log in too many times, and the account is temporarily locked?

A similar security measure works for your WordPress installation. There are a number of plugins that will do this, but the one we use most frequently is called “Limit Login Attempts.”

Limit WordPress Login Attempts

This plugin gives uses a set number (default is 4) of attempts to log into the WordPress admin screen. If a user fails to login in after 4 attempts, access to the Admin page is disabled for a set period of time. The plugin checks the IP address of the user attempting to log in, and can be set to ban a computer or IP address completely if the number of failed login attempts becomes excessive.

#5: Get Login Notifications

Another option to keep hacking attempts at bay is to be notified instantly by e-mail whenever someone attempts to log into your website.

The WP Security Login Notification can keep an eye on your website and let you know exactly when people are accessing – and trying to access – the admin side. Every time someone tries to log into the back end, you will receive an notification e-mail that includes the time, IP address, and username that was attempted. You’ll also be notified whether the login attempt was successful or failed.

For websites with a lot of login traffic (e-commerce websites, for example) this may not be the best option. If you have orders coming in frequently, or customers accessing their accounts, you’ll end up receiving a mass number of e-mails every time a customer logs in. However, for websites with only a few users this plugin is also a great way to keep track of how often your users are logging in to manage content on your website.

If you install a login notification plugin like this one and notice that your website is still receiving multiple failed logins per day, it may be time to consider hardening the WordPress installation with .htaccess protection (the next step).

#6: Use .htaccess Protection on the wp-login.php File

You can add some extra protection to your website by placing a server-level password on your wp-login.php file. Unless you are familiar with password encryption and advanced website editing, this is typically something that you will want to contact your website hosting provider about.

.htaccess protection will add a pop-up box login, which is required before a user even hits the standard WordPress admin login page. This is the strongest level of protection you can place on your WordPress installation: it prevents hacking attempts before they even start. Robots and automated computers scanning the web for insecure WordPress installations will give up on trying to hack your website as soon as they hit the admin file.

htaccess protection on a WordPress Installation

Unfortunately, this strong WordPress protection is not suitable for every website. E-commerce websites, for example, need to allow their customers to access many of the Admin files in order to check out and manage their account. In this case, preventing access to the admin file would also be locking out legitimate customers. Fortunately, utilizing a number of the other options outlined here will still drastically reduce your chances of being exploited.

Iceberg Web Design places this .htaccess protection on all WordPress websites we develop that do not have public customer logins.

#7: Make Daily Backups

One of the features of Iceberg Web Design’s hosting service is that we perform daily backups of all website files, databases, and e-mail accounts. In the unfortunate event that your website has been exploited, we have the ability to quickly revert the site to a pre-hacked version.

There are WordPress Backup Plugins that you can download and install on your own website. However, we recommend also checking with your hosting provider to see if they provide server-level backup services for your site.

#8: Use a Reliable Website Hosting Provider

Choosing a secure, reputable website hosting provider is your first step in insuring that your website remains hack-free. A huge percentage of exploited WordPress websites are in part because of hosting vulnerabilities.

There are many choices when it comes to website hosting service, and it can be easy to lean towards the company that offers the cheapest solution. Don’t simply choose the cheapest website hosting service you can find – make sure you do your research to find out who is behind the service. “Mega” hosting providers can sell their services for cheap because they have hundreds of thousands of websites on their servers. However, this value hosting can lead to security vulnerabilities in the future.

Iceberg Web Design’s website hosting servers are located at the SAVVIS Datacenter in Boston – one of the most secure datacenters in the world. We also have introduced an additional security measure on our hosting servers to prevent WordPress from being hacked. If our servers detect more than 20 unsuccessful login attempts in 15 minutes, the Admin page of your WordPress installation will automatically be locked for 20 minutes. This will encourage the hackers to move on.

Hosting Server Brute Force Protection

Questions?

Please feel free to contact us if you have any additional questions or concerns about your WordPress installation. We work hard to ensure that our customers’ websites remain free of exploits, and strive to do all that we can do protect them.

If you have any other great tips for securing WordPress websites, please leave them in the comments below!

The post Secure your WordPress Installation: How to prevent hacking attempts before they even start appeared first on Iceberg Web Design.

]]>