From saving log-in info to tracking customer preferences, cookies are the hidden key to an effective customer experience. In this article you can find info about cookies and sessions in WordPress.
Malware can affect the performance of your WordPress site and put your users in danger. Here is how to detect and remove malware, either manually or automatically, from your WordPress website.
WordPress is the most popular CMS platform out there. If you’re reading this article, you probably already use WordPress for your site, but it’s important to be mindful. Many users, especially beginners, make mistakes when they start managing a website. But many of these mistakes are easy to avoid, and if you read further, you’ll be able to fix mistakes before they harm your website. Let’s check out the list of the most common WordPress mistakes you should avoid
Ignoring website backups
A lot of website users think “It won’t happen to me,” but that’s wrong. One day you can find that your site was compromised and all data was lost. The server may crash or the site may be hacked. You’ll be so upset if you need to start everything from scratch. If you didn’t make a backup, that will be your only option.
When installing WordPress, you are provided with setup options. One of the options is to set a username for your account. By default the username is set as “admin”, but you should change it ASAP. The security of using “admin” as your username is weak and if you use a weak password as well your website will definitely be hacked. You should avoid using short and weak passwords. Your password must be long and consist of a letter, number, and symbol combination. Avoid using any common usernames, like “admin” or “administrator”.
You can also add two-factor authentication to your WordPress website. This article will give you more information about it.
Ignoring updates
There are regular updates for WordPress plugins and themes. When you install these updates, you’re getting new features and security improvements. Many users choose not to update as they are afraid their website will crash. If you are afraid of this too, you can run updates on a staging site and then proceed on a live site to see if everything runs smoothly. If you keep old versions, your website will be open for hackers. You should always update as soon as a new version is released, whether it’s for your WordPress sites, themes or plugins.
Forgetting to install a caching plugin
Deciding not to use a cache plugin is a bad idea. These plugins will help you speed up site loading and optimize your site. If your website loads too long, your visitors will probably close the page and move to another website.
There are a lot of great WordPress cache plugins out there and you’ll definitely see the benefits if you install one of them. If you are using the Jupiter X theme and want to optimize the site to speed up loading times, you can follow the instructions from this article.
Leaving images unoptimized
Using data-heavy images will slow down your website, causing it to take too long to load. So, before uploading images to your WordPress site, you need to optimize them. We already have the article “How to Optimize Your Images for SEO and Speed” where you’ll find detailed instructions on how you can optimize images to improve performance.
Adding Forms to your website without anti-spam validation
When creating a contact form on your website, it’s important to protect it from spam. If you don’t do it, one day you’ll wake up and find your mailbox full of spam. To prevent such issues, it’s recommended to use captcha for the contact form. You can read about custom contact forms in this article.
If you created a website with the Jupiter X theme, you can find how to enable captcha for Jupiter X Contact Form here .
Allowing spam in the comments
It’s a great idea to allow your visitors to leave comments under posts, but a mistake you may make is failing to moderate the comments and deactivating the Akismet plugin. If you approve spam comments, it will hurt your SEO.
The Akismet plugin is one of the best methods of protection. It will block blog comments and pingback spam. Keep it activated to filter out spam messages.
Using ugly plain permalinks
Permalink structure is very important in a WordPress website. Many website owners use a default URL structure like yourdomain.tld/?p=18. It’s bad practice to leave permalinks like this, since it’s bad for both SEO and for user experience.
Creating custom permalinks in WordPress is not difficult. To avoid this common WordPress mistake, log in to the WordPress dashboard, go to Settings > Permalinks and update your permalinks.
Forgetting to remove a default favicon
WordPress themes come with a default favicon. It is a mistake if you don’t remove it! Instead, it’s better to replace it with a favicon of your own, so your site looks professional. Usually a company logo is used as a favicon. It’s displayed in the tabs and bookmarks of a browser, and users will identify the site by its icon.
Leaving test pages published
Sometimes you create test pages to test some elements or features on your site or leave sample pages that come with WordPress themes or plugins. You’re making a mistake if you are not deleting them. Such pages will be indexed by search engines and will be recognized as duplicate content or even spam and your SEO score will decrease. So, before publishing the site, make sure you have deleted demo content and test pages.
Wrapping up
WordPress is a great choice to manage your website. While it’s an easy and powerful tool, it’s also easy to make mistakes with it, especially if you’re a beginner. To avoid such mistakes, it’s better to pay attention to each step in this article. If you are aware of other common WordPress mistakes that are missing here, feel free to share them in the comments.
Authentication has a history as long as civilization. As populations grew, people needed ways to confirm their identity, whether via the use of seals, names, signs or force! Back in the day when computers were first being made, authentication was still a big concern. As it is with so many issues in our world, multiple solutions were developed to address this concern. Identity cards (such as ATM cards) and passwords became popular, so much so that they became the quintessential form of authentication. Later, in the internet era, passwords become so essential that it’s hard to believe there are other ways to authenticate. But are passwords secure enough?
Security and usability are two big concerns when it comes to authentication. When using the internet, you can’t show your passport or identity card to enter a website, right? So far, the most usable authentication method on the internet has been using a username and a password. The username is a public form of identification, while your password is something that only you should know. It seems perfect, right? But no, it is not perfect. Perfection is an illusion in online security. There are many issues with passwords. Many users may forget theirs. Many will use weak passwords. Many may even share their passwords with the others, further endangering their security. This is why the classic method of authentication via usernames and passwords is not sufficient to ensure our safety online.
But what can we do about it? Perhaps it’s time to say goodbye to old-fashioned passwords. In this article, we are going to review the top WordPress login authentication methods available in 2021. One thing that all authentication methods have in common is they allow the owner of a site or account to authenticate their identity. So, we are actually reviewing the processes that allow you to authenticate your identity.
OAuth is an authorization method that uses APIs to authorize you to use third party services on different platforms. The benefit of this is that it can be used to authenticate you as the “owner of a verified user account on that third party platform”. For example, you have a Google account, you use it everyday and you have your own authentication methods such as device confirmation or two factor authentication to access the account. When you want to use another service using oAuth, it will redirect you to your Google login page instead of the third party login page. When you log into your Google account, oAuth will create an access token which will be sent to that third party website, and that token then confirms your identity as a verified Google user. This way, you won’t have to store any password on the third party website.
Social login represents the oAuth method on the WordPress login page
This comes in handy when you are creating a community-based website. Users often don’t like registration forms. So, this form of authentication is one of the best ways to achieve both security and usability at the same time. Nextend Social Login and Register by Nextendweb is one of the most popular and easy-to-use plugins connecting users with popular social websites. However, you may need to customize your login page and fields, and you may even want to add additional steps to the registration process. In this case, Ultimate Member and its great Social Login add-on will come handy.
Ultimate Member social login extension
Popular plugins providing this method for your website include:
Since it requires an Apple account, a large number of people automatically cannot use this method. FaceID is a technology that was introduced by Apple to provide an easy and secure way to unlock Apple devices. It uses face recognition to authenticate users. Although many were initially concerned about the security risks of people using masks and printed faces, nowadays FaceID is seen as a reliable method of authentication. In Oct 2020, the official WordPress blog announced the PasswordLess WP project that uses the Webauthn.io method to authenticate using FaceID and a few other methods. Although face recognition authentication is not limited to this plugin, it can be considered as one of the top WordPress login authentication methods of 2021. Time will tell how popular it will be and if it has a future or not.
On their official WordPress plugin page the developers wrote:
“The Web Authentication API (also known as WebAuthn) is a specification written by the W3C and FIDO, with the participation of Google, Mozilla, Microsoft, Yubico, and others. The API allows servers to register and authenticate users using public-key cryptography instead of a password.”
There are other plugins that have been introduced recently that do the same job while offering additional features. Generally, the number of active installations for such plugins are few, but that doesn’t mean they don’t have a chance to grow. These methods are still new and need to be seen by the community to improve.
More and more mobile devices these days come with a fingerprint scanner. It’s actually one of the most secure ways to authenticate ever invented! However, not everyone out there has the proper device to use it. The good thing about this option is that it can use any fingerprint scanner, including external fingerprint scanners that are not attached to any mobile device.
One of the concerns of using such methods is storing biometric information in a database. Well, you shouldn’t be worried at all. No biometric information will be stored on any of your websites . The device will confirm your identity, then it will send a token to the website and grant permission to log in. So, it won’t store any biometric data, such as your fingerprint, on the website.
Login with fingerprint on a WordPress website
Like the FaceID method, it also works with the newly introduced PasswordLess WP project. However since this method is a little bit older, it requires more plugins to function. Actually, some of the plugins are outdated and are no longer maintained. But here are the newly released plugins offering this login method:
Almost everyone has a cell phone these days. Not all cell phones are smart and have enough sensors and hardware to be used to protect our online security. However, if we consider the owner of a SIM card linked to an online account as the right person to confirm user identity, we can rely on SMS authentication. The method works like this:
While attempting to login or register on a website, you can simply input your phone number. The website will send you a confirmation code via SMS and you type the confirmation code into a box and, shazam! After confirming the code, you are authenticated as that phone number owner. This is a very reliable method, and is so popular these days that it has lots of free and premium plugins. It’s not something new, yet it can be considered one of the top 5 WordPress login authentication methods available in 2021. Every day, more and more websites opt for this method. Although many websites use this as a Two Factor Authentication method and an additional way to recover passwords, it’s also a secure substitute for old-fashioned passwords.
When it comes to SMS authentication, Digits is king. Digits is a premium WordPress plugin compatible with many community plugins. It makes it possible to override the default WordPress login and registration forms. You know, a lot of WordPress plugins use emails as core information, and because of that, they require users to register using an email address. Digits can provide a way so your users can register WITH or WITHOUT an email address, and that is awesome!
Digits login modal. The Email/Password method can be completely replaced by OTP method.
Be aware that using SMS authentication requires an SMS gateway, which may involve some expenses. But most of the time, it’s worth paying to gain more users. A lot of users don’t know how to use email (it’s a fact) but they probably have a cell phone and are capable of using SMS. Replacing emails with SMS as a way to authenticate users can be considered as a good strategy to gain more users. Digit has 145 active SMS gateways supported. Here are some other SMS login plugins for WordPress. Generally, it’s the most popular alternative for the current WordPress login platform.
We are actually using the device authentication in all the previous methods explained. But mighty mobile devices have more ways to amaze you with authentication. You might be familiar with the word OTP. OTP stands for One Time Password and is mostly used as an additional login field to provide more security. But what if you could guarantee that the OTP was secure enough on its own? Would it make a good replacement for permanent passwords? The answer would differ depending on the platform you are using, but most of the time it is a YES.
Similarly, I read about an authentication method that uses cryptocurrency wallets. Imagine using the security of a blockchain system for your WordPress. Although a lot of BlockChain token generators exist to secure your login, only a few are already integrated with WordPress. We’re likely just scratching the surface of the future of blockchain authentication methods. EthPress plugin uses the WalletConnect API to login via blockchain wallets. It only uses devices where the wallet apps are installed.
WalletConnect website provides an endpoint to login using wallet apps
To login with WalletConnect API, the plugin generates a token on the website, then it allows you to scan it using your wallet app. If the wallet app confirms your identity, it will send the confirmation to your website and your authentication will be approved. This is very secure, but again, not all people have a wallet app installed on their device.
If you search for “blockchain OTP generator,” you will see that it is still in development and has a long way to go.
There are dozens of OTP generator apps available to install on your device and provide a token for your login. Not all of them can be used on your WordPress website, but it’s worth checking their availability since they offer a secure way to log in. Google the term “OTP generator app” to see how many you can find. As mentioned above, OTPs are usually used to add more security to login pages, so you may consider them as an additional two-factor authentication method to your website. More details about this can be found in this article by my colleague Mac.
Wrap up
At its core, authentication involves showing something, such as a token, to someone to prove that an account belongs to you. This process can be made more secure if you can be verified as the sole owner of that token. Registration fields are taking those “tokens” from you and login fields are there to check those “tokens” whenever you want to use a service. Based on this concept, many authentication methods are available, from the ones mentioned above and beyond. In this post, I wanted to share with you the top 5 WordPress login authentication methods available in 2021. You may also consider searching for the JWT login authentication method as well, as that is missing from our list but is worth checking out. Please share your comments and questions below in the comments.
subscribe
Subscribe to Artbees Themes Blog for the best WordPress tips and insights.
Nowadays, as the digital world is evolving like never before, creating a website and leaving it is simply not enough. When it comes to content management systems like WordPress, keeping up with routine tasks is vital. If you are running outdated software on your site, don’t have an optimized database or if you simply don’t care about security questions, sooner or later these maintenance tasks for your WordPress website will catch up to you. Fixing them down the line will be much harder and may even cost extra money.
A better approach is to use the simple tactic of running routine tasks or even automating them in order to streamline this process.
In this post, we’ll discuss the significance of maintenance tasks for your WordPress website and the most important runs to keep your site functioning optimally.
Updates – themes, WordPress, plugins
Plugins and themes are barebones of your site. Basically, your project mainly runs on themes and plugins. However, if you don’t update them, you might encounter serious issues with security or performance. Some users are hesitant about updating their themes and plugins as they think that the update will break the site and lead to some unwanted results. But this is the absolute wrong mindset to have. In this case, staging sites are the best option for those who want to test every update before running.WordPress has a system to manage automatic updates for themes and plugin, however, there are some cases when you might miss an update. Luckily, WordPress addressed this problem in its recent 5.5 update, which allows you to set automatic future updates for plugins and themes. To do this, all you have to do is go to the WordPress dashboard > Plugins and on the right side of the plugin list, set it to Automatic update:
The same thing can be said about the WordPress update – which is the most popular content management system as it backups more than one-third of the world’s websites – which always offers the most important performance and security updates.
The automatic WordPress update can be easily done by using the Easy Update Manager WordPress plugin, or you can manually set it in the wp-config.php file by adding this line of code:
define( 'WP_AUTO_UPDATE_CORE', true );
Now your WordPress core will update automatically without your input.
Maintaining your database
Maintaining your database is one of the most important maintenance tasks for your WordPress website. The more content you add to your site, the bigger your database becomes. Changes made to your site, post revisions, your site’s content, user settings, comments, and pretty much everything else is stored in the database.
As the database becomes bigger and heavier over time, it will slow down your site’s loading speed. Furthermore, the larger your backup, the more it might affect the uploading and downloading speed of your backups.
There are many methods to optimize a WordPress database. The WordPress plugin repository offers many plugins that you can use for a particular job. If you want to save time and use tools that have been tested by many users, you might want to consider using Wp-optimize. This plugin contains pretty much everything you need to optimize your database.
This plugin has more than 900,000 installs and was created from the same group as Updraftplus. Once you install and activate the plugin, visit the plugin’s main page and select how you want to optimize your database as seen below.
Please note that when working with a database, it’s always a must to create a backup before doing anything. Wp-optimize has this option on the right side of the Run all selected optimization button. Don’t forget that important step before proceeding.
The plugin also has image, cache and minification settings that you can use for different purposes.
Regular backups
Backing up your website is another important thing to consider to protect your site against any unexpected surprises. Whether you update your theme or WordPress, instal a new plugin or just optimize your database, you’ll need to create a database.
For this, you’ll also have some great options to choose from for backup plugins in WordPress. We went ahead with UpdraftPlus, which is one of the most popular and universal tools for this task:
Once you install and activate the plugin, go to the setup tab and setup the plugin to meet your goals.This plugin offers some amazing features like backing up and restoring the site from the Cloud or migrating from one server to another and etc.
Security scan and logs
Security in WordPress is one of the most important aspects of site management. Keeping your WordPress, themes, and plugins up-to-date or having a good hosting is a must. But sometimes, event updated software is not enough to protect you from newly written malicious code.Hiding your security gaps is a massive question – so big in fact that it might require a different post entirely. Aside from the basic things such as changing the admin password, setting up two-factor authentication, disabling file editing, among others, it’s also vital to run a general security audit on your site. You might want to consider Wordfence, which is one of the most popular tools out here for this purpose:
Wordfence can run an audit and security scan of your site. If it detects any malicious code in your files, it’ll provide recommendations to further protect your site. Along with its security functions, Wordfence also can be used as a firewall.After installing and activating the plugin, the next thing you need to do is to run a scan of your site. You can do this by going to Wordfence menu > Scan:
Once the scan of your site is complete, you can then follow the instructions provided by Wordfence.
Checking broken links
As you add more content to your site, you are also adding more articles. You might notice that links in your older articles no longer work. The reasons for this vary such as the link or the URL was changed – or perhaps the website was taken down. The same thing might happen if you’ve added images from other sources. A scheduled inspection of broken links on your site is important, since they may affect user experience and it could hurt SEO ranking in general. But checking these links manually is time consuming, so it’s better to use a plugin for this. For this, we recommend using the Broken Link Checker plugin.
This plugin will monitor all broken and dead links on your site and inform you either by mail or in the dashboard.
Conclusion
This post is by no means a comprehensive list of tasks that you’ll need to maintain your online business. There are other important things you’ll need to keep track of such as image optimization, spam comments, abandoned themes or plugins, performance tests, SEO audits, among much more.
If you have any questions related to WordPress maintenance, let us know in the comments section below!
subscribe
Subscribe to Artbees Themes Blog for the best WordPress tips and insights.
Let’s consider for a moment a hot topic when it comes to the web: security. Poor security on WordPress websites could lead to secrets being exposed, reputations getting lost in the market and even a service getting shut down.
Yes, security is the most important thing on the web and, unfortunately, many users and even administrators don’t have enough know-how about this matter.
In this post, we’ll take a glance at WordPress security to become familiar with the most crucial things about securing a WordPress website.
As an immense open-source project, WordPress is the most well-known CMS (content management system). Based on statistics, WordPress powers 34% of websites on the internet and more than 60% of websites that use a known CMS use WordPress. This also makes it the most attractive platform for hackers as well. Indeed, if you find an important security hole in WordPress, you can affect 34% of the internet.
You may have heard about WordPress websites getting hacked, and the main question that comes to mind is: “Is WordPress secure enough?” In this post, we’ll address this question by reviewing some stats, layers of WordPress installation security and the performances of administrators. Read until the end to get a good idea of the state of WordPress security.
According to a report from Sucuri & GoDaddy, from a total of 25,466 infected sites in 2018, 90% of them used WordPress. The report reveals an increase in WordPress infections from 2017.
When looking at the most significant problems, you won’t find anything related to WordPress core security. Interestingly, common issues with WordPress security are not related to WordPress itself. What matters are the configuration, the usage and what administrators do.
We know that WordPress is an open-source project, meaning that everyone can see the codes and make some changes to them. On the one hand, this would seem to be an open-source CMS that could potentially cause more security problems because anyone can see the codes, discover a security bug and later use it to attack websites.
On the other hand, any individual can watch the status of a project’s security and report any possible security issue privately to the team. WordPress applies security patches immediately, and a new version becomes available to download as soon as possible. Each time a new version comes out, they mention how many security problems have been fixed in the changelog.
Based on the statistics, there is no common effect on websites due to WordPress core security problems. In other words, it works!
Layers of WordPress Security
We first need to wrap our heads about the fact that the security of a WordPress site is not only about WordPress itself. It depends on some other aspects such as themes and plugins, as well as some third-party tools like hosts and servers – and above all, site administrators.
WordPress Core Security
We briefly reviewed WordPress core security in the previous paragraph and mentioned that WordPress patches any security problems immediately. But, what will happen if you don’t upgrade your WordPress installation with the latest version? Then, you’re an excellent target for hackers.
Detecting the version of WordPress is not hard to do. Even if you use plugins and codes to hide which version of WordPress your site is using, there’s no guarantee that hackers won’t be able to detect the version of your WordPress. And after that, there’s a list of security problems (which are fixed in the latest version) that you won’t have access to it unless you upgrade WordPress. With a list of potential security holes in your site, the chances of being hacked increase. Therefore, it’s better to constantly keep your WordPress site up to date.
Security of Themes & Plugins
Unknown Sources
Most WordPress sites get hacked because of their backdoors. So, if you download a theme or plugin from an unknown source or a site that provides a nulled version of premium themes, you are at risk. It’s all too easy to inject some codes into the package and provide a zip package to download. Unfortunately, some users are not aware of this and, for that, administrators are responsible.
Non-updated Themes or Plugins
Similar to WordPress core, you should keep plugins or themes up to date because they are even more vulnerable. Sometimes it takes time to patch a security problem. If you read the fascinating facts surrounding the Panama Papers hack on Wordfence’s site, you may never forget to update your themes and plugins with the latest version.
Host, Server and WordPress Installation Configuration
Sometimes, a website gets hacked in shared hosting. After hacking a website, the hacker may penetrate the host and then access other websites on that server.
Consequently, it’s crucial to host your website in a known and secure host provider. And it’s better to configure the hosts accurately. There are many factors to consider while configuring a server for a WordPress installation. As a quick checklist, you should be aware of the firewall, backup system, SSL and SFTP, automatic security checks, malicious activity detector, email security, and file permission. We’ll take a deep dive into these matters in a later blog post.
Moreover, it’s necessary to be aware of configuring the installation. Changing default database table prefixes, using a strong password and not using “admin” as the username can decrease the chances of your website getting hacked. Following these simple steps can help you to avoid any possible security problems on your website. We’ll also describe in detail WordPress configuration problems in another blog post.
Administration
As mentioned previously, admin is one of the biggest problems and the main reason why websites get hacked. As we can gather from the statistics, the most prevalent problem is website administrators and webmasters. Unfortunately, not enough attention has been paid to this matter.
The security of a website is highly dependent on the performance of webmasters. They can simply allow hackers in by setting an easy-to-guess password or username like “admin” and “12345678.” Sometimes, webmasters aren’t informed about security patches or small updates, and it can put the website at risk. An administrator should be cautious about user roles and permissions when a website is open for new user registration.
Many of these precautions are easy to take when using a security plugin. We’ll have a blog post about WordPress security plugins that will include a review of the most popular ones.
As a result, it’s easy to say that the WordPress core is highly secure. The community will take care of WordPress security, and if you want to use it for your new project, it’s better to take some time to learn more about common security problems, find a good host provider and correct configuration.
subscribe
Subscribe to Artbees Themes Blog for the best WordPress tips and insights.
WordPress is undoubtedly one of the most popular content management systems and widely used by amateurs with zero coding experience and professional programmers alike. Contrary to the myth that WordPress is not secure, it is actually as secure as any other site on the web.
The popularity of WordPress makes it attractive to website hackers. With 25% of all websites running on WordPress, hackers find thrifty ways to take away your visitors, SEO rankings, and server resources.
After all the hard work and dedication that a website requires, the last thing you want is to log in and find that it’s been hacked. If this is the case – don’t panic! Even with security measures in place, malware infections in WordPress can unfortunately happen.
Some users just download premium themes for free. There are even some website designers who buy a premium theme with a single license, but then use them multiple times for various client websites.
Due to high demand, we’ve extended our summer sale, which means the Jupiter X WP theme is still just $29. But act fast, as this sale could end at any moment—head to the Envato store now to claim your savings!