Secure all WordPress logins with HTTPS even if you don’t have your own SSL certificate

by Clifford Paulick August 23^rd, 2012 2 Responses

If you’re unable to install an SSL certificate on your web server or are just too cheap to buy your own ($10+ per year per website), you can still force all WordPress logins to use the secure HTTPS protocol.

Note: If you already have your own SSL certificate installed, all you need to do is use the FORCE_SSL_LOGIN wp-config.php constant. You don’t need this plugin.
How to setup the Https-SSL-free plugin

Install and activate the Https-SSL-free plugin.
Upon plugin activation, it will change your WordPress Site URL setting from http://example.com to https://example_com.1.com.ar and log you out.

Plugins

Plugin to keep track of other plugins removed from WordPress Plugin Directory

by Clifford Paulick August 21^st, 2012 Leave a comment

Here’s a quick security and site management tool.

Wouldn’t you like to know if one of your installed plugins is no longer in the WordPress Plugin Directory?

A new plugin, No Longer in Directory, does just that.

It ignores plugins from other sources, like WPMU DEV.

It simply lists the names of the installed plugins, whether active or not, that are no longer in the WP Plugin Directory, as shown below:

Why Do We Care?
As stated on the plugin’s Description page:
Plugins can be removed for the following reasons:

they are found to break the GPL
they are found to break the directory rules

Plugins

Verify Your WordPress Users with a Text Message

by Craig Grella August 17^th, 2012 2 Responses

SMS Verification plugin from wedevs is a new plugin which adds member and user verification through SMS text messaging. It’s a great plugin to add an extra level of security and user verification, which works well with blogs setup as member sites, and is particularly useful for forum runners who need another level of spam deterrent.

The plugin works by hiding content behind a shortcode that is activated when the plugin is installed and configured.

News

Security Alert: Is Your WordPress Site Hosting Blackhole Malware?

by Joe Foley August 16^th, 2012 3 Responses

According to security firm Sophos, a major malware campaign now underway is using insecure WordPress sites (not up-to-date secured sites) to install harmful software on the computers of unwitting visitors.

The campaign works like this:

An email is sent to a random person with the subject line, “Verify your order.”
In the email is a link to a malware-infected WordPress site. (These are legitimate sites that have been compromised.)
Clicking on the link takes the person to the infected site, and an attempt is made to install malware onto the visitor’s PC by using the Blackhole Exploit Kit.

Plugins

Cloak Your Links And Protect Your Revenue

by Matthew Tschoegl August 13^th, 2012 Leave a comment

There are really two irritants (well, there are many, but these are the ones I am looking at today) for the website owner who is linking to something from their site. If you are offering a paid download, it can be easy for others to use your link to gain access to your downloadable products. If you are part of an affiliate marketing program, it is easy for people to be scared off by an intimidating and unusual looking affiliate link. Either way, you are out of a sale through no fault of your own. The best way to avoid those outcomes is to cloak your links so that their real paths are harder to guess and less intimidating. There are two great plugins below that can help you to do just that and then some.

Plugins

WordPress 2-Step Verification plugin

by Clifford Paulick August 13^th, 2012 4 Responses

WordPress 2-Step Verification (WP2SV) is a fantastic new security plugin. (FYI: There’s another Google Authenticator plugin that allows app-specific passwords but doesn’t have email as a 2-factor authentication option, which I fancy.)

It uses Google’s 2-step authentication (video describing the concept is below) for your WordPress logins.

Initial Setup
Initial setup is easy. Go to Users -> 2-Step Verification and click the verification method you prefer (Android, iPhone, or BlackBerry and/or email).

After you’ve successfully added one, there will be a big button (you can’t miss it) to click to activate 2-factor authentication for this WordPress user.

Miscellaneous

Limit Access To The WordPress Login Screen To Specific IP Addresses

by James Dunn August 9^th, 2012 4 Responses

If you are concerned about someone trying to crack your WordPress login ID and password, then you definitely want to create a strong login ID and password. But, even with that, crackers will still try brute force attacks, dictionary attacks, and many other methods to try to crack the door on your WordPress website.

What Can You Do?
You can install a simple plugin such as Limit Login Attempts to lock them out after a defined number of failed attempts. And that works quite effectively – I use it for my clients.
Can More Be Done On The Login Side

Miscellaneous

Check Your WordPress Version Without Logging In To Your Admin Section

by James Dunn August 7^th, 2012 4 Responses

One of the easiest and most noted steps to securing your WordPress website is to keep the WordPress core updated to the latest version. But, whether you manage just a few WordPress websites or many, it can quickly become a daunting task to login to your Admin section and verify that you are running the latest version.

Isn’t there an easier way?

Why certainly!

If you use Chrome as your browser, there’s a very simple way to verify that information
Install the Chrome Meta Generator Version Check.

Miscellaneous

Get Notified By Text About Updates On Your WordPress Website

by James Dunn August 6^th, 2012 Leave a comment

Remembering to log in to your WordPress websites to check for and install the latest WordPress core update, theme updates, and plugins updates is the hardest thing for me to do.

I had set up an email reminder so that whenever a website needs an update I get a reminder email, but many times, I just put that off. I’ve found that I respond to texts with a greater sense of urgency.

I needed to get texts from my websites when I needed to take care of any updates.

Tutorials

Everything You Ever Needed to Know About WordPress Settings

by Craig Grella July 31^st, 2012 3 Responses

The settings panel is one of the most overlooked sections of a WordPress installation, and for good reason – WordPress works so well out of the box that you don’t need too much customization to get up and running quickly with your new site. But, with just a few simple tweaks to your WordPress settings panel, you can enhance your site’s look, make it easier for viewers to leave comments, and even enhance your site’s search engine optimization.