Released on August 1, the new version of WordPress is here! I got a preview when I attended WordCamp San Francisco July 26 & 27. Here’s a short video clip that gives an overview of what’s new:
Category Archives: Web Design Topics
Single Page website
I have partnered with Skyward Telegenics, a tech firm specializing in internet marketing tools. Together we are offering a one page website, live on the web in one week, with your custom domain name for the package price of $199.
WHAT YOU GET:
- Domain registration and hosting for one year
- A simple but effective one-page site with 3-4 sections containing basic information about your business
- Site will be optimized for desktop and mobile access (workable on phones and tablets)
- Site can be expanded to a full website with added functionality at any time by our in-house web design team
- (Optional) One high impact video on our innovative, secure video hosting platform for one of the sections (additional fee)
Take a look at the example website right now at: http://One.SkywardTG.com/
This package may be for you if you are a small business, not sure if you even NEED a website, and can’t afford to spend thousands of dollars to find out. It may be ALL you need, or you may discover you need more. Either way, Skyward TG and I can provide you with the expertise and marketing you need to keep your business in front of your customers!
WordPress, Attacks, Reactions
Recent news of a “brute force” attack on WordPress sites world wide left many scrambling to protect their sites. While I kept a close eye on the sites I manage (this one included!) none of those sites were significantly impacted. Yes, hundreds, and even thousands of attempts to gain access were made on some sites, and some websites were sluggish for users at times, but that seems to have been the extent of the attack on “my” sites! I am happy to report that none of the sites I manage were “hacked” and the attempts were limited to just that – attempts.
I’ve added the Limit Login Attempts plugin to my basic arsenal. While the Bad Behavior plugin blocks the attempts, and logs the numbers, IP addresses, and other information, it does not STOP the attempts. A site being overrun with login attempts will run sluggishly or be shut down by the server. Limit Login works to lock out an IP address after a set number of unsuccessful login attempts so no repeated attempts can be made, so it reduces the number of access attempts and lessens the traffic. I have installed this on all my sites and now include it as “standard”.
Just for your information, the following is a list of plugins that I typically install on websites as part of my standard setup:
- All in One SEO/WordPress SEO
- BackupBuddy/BackWPup
- Bad Behavior
- *Limit Login Attempts
- Spam Free WordPress
- Tailored Login
- wp-jquery-lightbox
* added as a result of the recent attacks, as recommended by several WP gurus
Other plugins may be (and most likely WILL be) added to accomplish specific goals on your site. The above listed plugins provide security and functions I feel are necessary on ANY website and I consider them “standard”.
Additional steps I have taken since the “attacks”:
- Implemented strong, randomly generated passwords for all my Administrator logins on WordPress sites
- Put my site on CloudFlare CDN to improve both security and efficiency of website performance – I will be adding client sites if this works as I expect
- More frequent site checks to ensure sites are functioning properly (twice or more weekly rather than just weekly)
It’s been an interesting month, and I have learned a few things, and made my site(s) and yours safer and more secure. And that’s a good thing!
Recent WordPress happenings
On April 11 I became aware of “brute force” login attempts on WordPress sites world-wide – I read of it on a few LinkedIn discussions, followed some of the links, and realized this was a major assault on WP sites. The focus of the attack was on sites that use “admin” as the username and easily guessed passwords for the password for the Administrator account(s). One of the first things I learned when working with WordPress is that you should NEVER use “admin” as a username and use SECURE passwords. I have never used “admin”, but have been inconsistent in using truly strong passwords.
I did a quick check of the multiple WP sites I manage (on Thursday afternoon/evening). They are on a variety of hosting services, including GoDaddy, which seemed to be one of the primary targets. Yes, there was evidence that the sites were under attack. My basic WP setup includes a plugin called Bad Behavior, and it was logging (in some cases) hundreds of attempts to log in to sites using “admin” and passwords such as 123456789, aaaaaa, a1b2c3b4, password, etc. But that’s all these were, attempts. In some cases, the sites had slowed to a crawl for visitors. None of the sites were “down”, just slow, and none of the sites were compromised.
I read voraciously to find out what else I could do to protect the sites, and one plugin was highly recommended – Limit Logins. It would lock out the IP someone attempting to login after 3 unsuccessful tries, and log the IP, thereby halting repeat attempts from that particular IP. I installed that plugin on sites also, on April 12-13. Reviewing the logs over the next few days, several of the sites have had IP’s locked, which means less spam traffic trying to log in, and site performance improvement in spite of the “attack”.
Not all, but several of the WP administrator accounts were inaccessible for a few hours on Friday morning, April 12, due to hosting providers blocking backend access to everyone. Access was restored by afternoon, and no sites actually went down.
Over the weekend I continued to read and follow the news and monitor the websites under my control – the attack continues, as evidenced by the Bad Behavior logs and lockout stats on multiple sites.
During the first few days of this week I have taken two more steps to further secure my own computer and sites – LastPass and CloudFlare. If successful, I will be contacting clients and recommending actions.
LastPass is a random password generator that creates very strong, very secure passwords, and remembers them so you don’t have to. All you need is ONE password (the “last” password you’ll need to remember!) to access and activate LastPass and it does the rest. I’ve actually had it on my computer and started to use it on a couple of sites some time ago, but did not use it consistently. I am making a determined effort to get ALL my passwords secure and safe in LastPass. The Premium version syncs across your mobile devices (tablets and smartphones) and is only $12 a year (that’s $1 a month!!) http://lastpass.com
CloudFlare is a CDN (Content Delivery Network) that filters out bad traffic, and optimizes the delivery of your website to legitimate visitors. A simple DNS change routes visitors through CloudFlare’s network, with a significant improvement in performance and a decrease in spam and other attacks. Of interest – sites on CloudFlare were protected from the recent brute force attacks and have little to no “attempts” or lockouts. I added my business site today (April 17) and look forward to improved speed on the site and lower stats on Bad Behavior and Limit Logins. http://cloudflare.com
Security of any website, WordPress or otherwise, is an ongoing battle. Because WordPress is so widely used, it’s a frequent target for spammers and hackers, but there are steps you can take to make your WordPress installation unique, less susceptible to spam, and more difficult to “hack”. Using CloudFlare’s CDN adds a layer of protection to whatever steps you choose to implement in your WordPress installation.
I will be following up with each of my clients and providing a report on how sites were affected (or not affected) by this recent activity, and recommending steps to improve security. It’s “all in a day’s work”, but one part of my workday that could be eliminated and I would not miss it one bit.
Spring Cleaning
Yes, even websites need a good “cleaning” now and then! And spring is a perfect time to review your site for old, outdated, and possibly incorrect information, get it updated and correct, and add anything new that you or your business has going.
Take ten or fifteen minutes to go through your site page by page, making note of changes to the content that need to be made. Perhaps a new color scheme will perk things up, or current images to replace the ones that have been there for the last several months. Are your business hours still accurate? Have your services changed?
Let’s SPRING into action and get your site tuned up and ready for business!
Maintenance Agreement
Think of your website as a stage production – and the website itself as what the audience sees. A lot of things have to happen “behind the scenes” for the production to appear effortless.
Changing the content is only a small part (although the most visible) of site maintenance. Site backups, scanning for malicious code, and updating plugins and add ons to the most recent version are some of the routine maintenance chores that need to be done consistently to keep your site healthy.
Check out my Maintenance Packages and let’s get started!
Just *having a website* is not enough for 2013
The question to business owners a few years ago was “Do you have a website?” With the explosion of personal computers, and the advent of smartphones and tablets, internet access is no longer confined to your desk or office. In fact, there are not many places you CANNOT access the internet, and the coming generation feels the need to be connected 24/7. For businesses, simply *having a website* is not enough – you need a web PRESENCE, and a website is only the starting point of interaction with clients and potential customers.
Twitter, Facebook, Pinterest, YouTube, Foursquare, Yelp – these are just a few examples of the many social sharing sites that your business can use in conjunction with a website to “get the word out” about your business, events, sales, or other promotions. Some are better suited to one type of business over another; not all will fit your business model. Use the ones that drive more traffic to your site or to your door, and focus on making the most of them.
Two other options (that are not really options any longer):
1. Making your existing site responsive, or mobile-friendly for visitors viewing it on a mobile device like a phone or a tablet. Screen size limits what is seen first, ease of navigation is a big consideration, and links need to be easily accessed by “fat finger” imprecision rather than mouse cursor precision.
2. Consider a web application (separately hosted, promoted and delivered to phones and tablets via Google Play store or Apple store) designed specifically for mobile devices, distinct and separate from a traditional website.
Your business website is key, but is only part of the picture. It should serve as a jumping off point for the rest of your web presence!
WordPress Multi-site Adventures (cont’)
Part 2
I needed to have one of the three sites as the “main” site, the hosting URL, the base for the other sites. I exported that from my test network as a standalone site, then imported it to the client’s hosting account on GoDaddy all using BUB. Once it was working on it’s own URL as a standalone site, I began the process of making that site the base for the multi-site set up, again, following the codex instructions.
The next steps and how well it all works is quite dependent on the hosting provider, and your preference for subdomains or subfolders. I chose to use subdomains, so I had to create the subdomains on the primary URL. Then I had to set up the actual domain URL’s to point to the corresponding subdomain nameservers. It’s easy to get confused, and impatient waiting for the URL’s to resolve and propagate. I tried several configurations, in some cases not waiting long enough for things to resolve before trying something else (thinking it wasn’t working), and had to call GoDaddy to reset some things because I had too many requests in at the same time and nothing was working! Be sure to leave yourself plenty of time (days!) to get this all set up for a client.
I then took each of the other two sites, exported from my testing server as a single site using BUB, and imported into the multisite install, again using BackUpBuddy. I can’t say enough about how well BUB worked to move sites! A few link checks and minor changes were all I had to tweak – everything else imported and transferred to the new URL’s so smoothly…worth every penny!!
Here’s a quick screenshot of the Dashboard:
The end result is 3 distinct websites – and one WordPress install to manage all three. The sites are:
WordPress Multi-site Adventures
Part 1
Clients and their requests make this job a challenge every day! A few months ago I was approached by a (potential) client to create 3 websites, related but distinct, each with its own URL. The client also wanted ONE log in to manage all three sites. Thus began my adventure with WP Multi-site. I googled and read much, struggled much, and in the end it is all working, though not without some missteps along the way.
I began by setting up a domain as a testing ground for experimenting with multi-site. I installed WordPress in the root (prior to this, I had set up subfolders for each test site, and installed a separate instance of WP in each subfolder). I followed the codex instructions for setting it up as a “network” install. I chose to use sub-domains for the multiple sites, and proceeded to set up my 3 test websites. It all seemed to work pretty well, and may be the way I develop additional client test sites, since it only requires ONE WordPress install, and individual subsites are easily migrated to standalone sites, but I digress….
So, at this point I had three sites, three distinct URLs, with one (super) administrative log in, and I could edit each site individually from that same log in. All 3 sites shared a common theme and plug-ins, making updates simpler. And I could create admin and editor log-ins with access to only one site or to all sites. Once all the test sites were done to the client’s satisfaction, the REAL fun began – migrating (cloning, moving, whatever you want to term it) the whole setup to the client’s hosting, which happens to be GoDaddy. Not the ideal host for this type of setup, but now that I have it working properly on GoDaddy, I think I can get it set up anywhere!
The key to making the move (IMHO) is a plug-in from iThemes called BackUpBuddy. It’s not free, but worth every penny for the ease and simplicity of backing up and moving entire sites. There are deals on BackUpBuddy and other Developer tools throughout December. The multi-site version of BUB is in beta, and still has glitches, so I did not attempt to backup and migrate the entire network at once – I did it piece by piece. My next post will detail that process!
Picasso, Professionalism, and other thoughts
A friend recently shared an article with me, and the author stated:
Design looks easier than it is, and it’s more important than it looks.
Good design doesn’t just happen! And while building a website may appear effortless to someone who hasn’t attempted the process, those of us who make it our business know how much goes on behind the scenes.
An anecdote from that same article is worth sharing to illustrate the point –
Picasso is in a park when a woman approaches him and asks him to draw a portrait of her.
Picasso agrees and quickly sketches her.
After handing the sketch to her, she is pleased with the likeness and asks how much she owes him.
Picasso replies: “$5,000.”
The woman screams, “But it took you only five minutes.”
“No, madam, it took me all my life,” replies Picasso.
It may take 5 minutes to do your website update – but it takes years of experience to be able to do it in 5 minutes instead of 5 hours.
No one is an expert at everything, although some people seem to have a talent for quickly learning whatever they put their mind to. Sometimes you may have the time and inclination to learn how to repair an appliance, cook up a special meal, or build something. There are other times when you hire a professional to do the same thing in a much shorter time frame, and with enhancements that you wouldn’t (or couldn’t) have added because you don’t have the tools or experience.
Whether you hire the pro or do it yourself is a decision only you can make … choose wisely!
Have Fun with QR codes!
What are QR codes? I’m sure you’ve seen them on post cards or flyers in the mail, ads on TV, newspaper, or other print advertising, perhaps other places. It’s a small, square, pixelated box similar to the image on the right.
What this will do, when scanned with a smartphone app, is send me a text message that says you scanned the code. There’s much more you can do with QR codes. By placing a QR code on your business card, advertising flyer, newspaper ad, or elsewhere, you have provided anyone with a smartphone and a QR reader the ability to instantly connect with you, grab a coupon for your merchandise, read the latest news, see a video about your business, link to your website, even “Like” your Facebook page simply by scanning the code with their smartphone . . . there are many options!
Just start looking around you – I’ll bet you’ll see a few of these in some strategic locations. If you have a smartphone (BlackBerry, Android, iPhone) check out the QR Reader apps and start thinking of the possibilities!