Install Wordfence in WordPress

/0 Comments/in

You can install Wordfence in three different ways:

  1. Via the plugin installer in your admin area: This method allows you to retrieve Wordfence from the reliable WordPress.org plugin database. In your admin area, go to “Plugins” and then “Add New.” Type “Wordfence” in the search field. Make sure you do NOT install the assistant version but the plugin called “Wordfence – Firewall & Malware scan.” Click on “Install Now,” and once the plugin is installed, click on “Activate.”
    wordfence installeren
  2. If the installation method described in the previous step doesn’t work, you can manually download Wordfence from WordPress.org and upload it in your admin area.
    wordfenceGo to “Plugins” in your admin area, then click on “Add New.” From there, select the “Upload” option and choose the downloaded zip file from your computer/mac. Click on “Upload/Install” and then “Activate.”
  3. If both methods mentioned above don’t work, you can manually upload the plugin to the server. For this, you’ll need server access and an FTP program. You can use a program like Filezilla. Upload the Wordfence plugin (unzipped using WinRAR or WinZip) to the wp-content/plugins directory. Once uploaded, go to the “Plugins” section in your admin area and click on “Activate” for the Wordfence plugin.
Always make sure to install Wordfence from WordPress.org and NOT from any other source. Do NOT search for Wordfence on Google to download it, as paid advertisements with malicious programs may appear at the top of the search results!

Is Wordfence enough to secure your Web site?

/0 Comments/in ,

Many people install Wordfence and then happily continue developing their websites. Voila! Security is taken care of, right?!

However, I still have a few tips if you want to properly secure your website. Here are some important steps to take:

  1. Review Wordfence settings: When you first install Wordfence, not all settings are configured optimally. This is because different servers or websites may not work well with certain restrictions. You need to manually review the settings to secure your website as effectively as possible.
  2. Use one security plugin, not three at once!: It’s important to use one reliable security plugin. Using multiple security plugins can lead to conflicts. They essentially perform similar functions, such as logging and blocking IPs and attacks. Multiple security plugins will interfere with each other.
  3. Ensure you have a complete data backup: Do you rely on your web host to handle backups? Well, not all web hosts provide complete backups (data + database), and some may only perform them weekly. There may also be storage limitations. Make sure you have the ability to choose backups from at least the past 3 days and have backups available for at least 2-3 weeks. At minimum! If your host doesn’t offer this, you can use a plugin like UpdraftPlus to configure backups. For example, set it to create backups once a day or every two days, with a retention policy of 10 backups and a minimum of 4 weeks. (Keep in mind that you’ll need sufficient server disk space or consider storing backups externally.)
  4. Update in a timely manner: No matter how good the security is, keep your theme, plugins, and WordPress itself up to date. Certain vulnerabilities can provide hackers with ample opportunities that security measures cannot counteract, risking the functioning of your website.
  5. Host one WordPress installation on a hosting package: It’s common for a test installation or an old blog to remain active. Hack scripts test your domain name for old installations to gain access to the server. Examples of folder names they search for include “old,” “new,” “blog,” “wp,” and “wordpress.” Additionally, WordPress sites can easily show up in search engines like Google, including old sites and test installations. So, don’t leave them unattended!
  6. Ensure you have a reliable web host: Some web hosts lag behind in maintenance or use outdated PHP versions. Hackers frequently discover vulnerabilities that require regular updates to server software. Make sure your host applies updates in a timely manner.
  7. Use a strong password: It goes without saying, use a strong password. But how often do people use passwords that are in the dictionary, like “fridge7” or the name of a pet? Even worse, some people use the same password to log in to multiple websites. Don’t do that! If a website, not even yours, gets compromised, those usernames and passwords will be exposed. Scripts will pick them up and attempt to use them on any website they can associate with the username. Use a long and unique password or consider using a password manager like LastPass or Dashlane.

A chain is only as strong as its weakest link, so make sure there are no weak links in the security of your website!

Wordfence expands their services with Wordfence Care & Wordfence Response

/0 Comments/in

![wordfence](https://wpbeveiligen.nl/wp-content/uploads/2022/02/worfence-uitbreiding.jpg)

Wordfence FREE is well-known, right? It’s the free security plugin from Wordfence, currently used on at least 4 million websites.

Then there’s Wordfence Premium, which currently costs $100 per year. Premium offers enhanced security with faster firewall/threat updates.

And now, Wordfence has introduced two additional services:

Wordfence Care

Installation and configuration of the Wordfence plugin, monitoring, and security issue resolution. These services are provided during office hours.

It currently costs $490 per year.

Wordfence Response

This is Wordfence Care, but with faster service within 1 hour, 365 days a year!

For this, you’ll pay $950 per year.

Conclusion

Good or bad: It’s great that they are offering these services now. For large companies already using Wordfence, this can be an interesting addition.

In terms of pricing: It’s not cheap, but it’s also not unaffordable for a medium-to-large company.

Let us know in the comments if you use Wordfence and if you’re considering using Wordfence Care or Response services!

iThemes 7.1 update brings back the import – export feature

/0 Comments/in

iThemes has brought back the import and export of settings that disappeared in the major 7.0 update!

![ithemes import export](https://wpbeveiligen.nl/wp-content/uploads/2022/02/import-export.jpg)

This is great news if you have multiple websites that you want to secure. There are quite a few settings to go through, so having the ability to import and export them is very helpful.

And it must be said, they have done a good job with it! You can now specify exactly which settings you want to export. This way, you can choose to include or exclude things like logs or blocked IP addresses.

![ithemes export settings](https://wpbeveiligen.nl/wp-content/uploads/2022/02/export-settings.jpg)

Poof – gone!

The disappearance of the export function (which is now thankfully back) is a typical iThemes move. In their haste to release a new feature, related functions that don’t cooperate are often temporarily deactivated or (in the past) even commented out in the code.

Either way, it’s great that it was temporary and that it’s now back and functioning well.

Upgrade WordPress or wait and see? Here’s the answer!

/0 Comments/in

WordPress updating can be a challenge! That’s true for most WordPress website owners. Many people hesitate and postpone updating their WordPress websites month after month, and eventually even for a year or longer. We understand why.

The fear of changes to the website design, concerns about non-functioning plugins, or the cost and effort of updating.

However, it’s crucial to set aside these concerns and regularly update your WordPress website. Read on to learn why it’s better to update WordPress and its plugins every 2 months or even monthly.

Updating WordPress prevents bigger problems!

updating WordPress is necessary to prevent the risk of hacks
You can (not) endlessly postpone updating WordPress. By regularly updating your WordPress website, you prevent bots from exploiting weak plugins and creating malware, backdoors, SEO spam, and unwanted administrators on your website.

Removing and undoing malware and hacks can be expensive and time-consuming. That’s why it’s important to update your WordPress website regularly and prevent these issues.

Yes, there can be issues with updating your WordPress website…

[inn-2v3e]Unfortunately, updating your WordPress website can sometimes cause problems.

You’re absolutely right about that.

Perhaps you’ve experienced it yourself while updating your WordPress website or some plugins… or your theme.

Buuuut…[sluit-inn]
[inn-1v3e]website update error[sluit-inn]

The risks of not updating your WordPress website are much greater!

Research on wpscan.com reveals that there are many old plugin versions and themes with security vulnerabilities. Ignoring updates leaves your WordPress website open to these unnecessary vulnerabilities!

But how can you update WordPress, plugins, and themes without issues?

PRO TIP: Updating WordPress? FIRST create a free backup with UpdraftPlus for WordPress!

UpdraftPlus allows you to create a free backup of your WordPress website before performing updates. If something goes wrong, you can restore the plugins, theme, or database individually to their previous state before performing the update.

Some of the key features of UpdraftPlus that are currently available for free:

  • Backup creation
  • Ability to restore the theme
  • Ability to restore plugins
  • Ability to restore the database

Download and install UpdraftPlus for free!

After creating a backup, you can proceed with the updates with greater confidence.
Are you still very cautious? Are you still postponing the updates?

But updating my WordPress website is still scary!

PRO TIP 2: LET a professional update and maintain your WordPress website</

Link spam – what is it?

/0 Comments/in

Link spam, you may have never heard of it, and that’s a good thing! It’s a technique that hackers and online criminals use to make money at the expense of a website’s reputation.

How does it work?

A hacker, or in most cases, a script, discovers that you are using an outdated or risky plugin on your WordPress website that allows them to manipulate the database.

When this vulnerability exists, a hacker or script will execute a payload.

In simple terms, the hacker injects a series of links and articles into your database.

Within seconds, your website will no longer display the desired pages and information that you carefully created, but instead show the information that the hacker wants to display.

Google will index this information, and from that point on, your website will be used as a reference for products that I don’t even want to mention.

The hacker earns money by selling those products.

Meanwhile, the reputation of your website on Google is being destroyed.

Sooner or later, your website will be flagged as 18+ content or spam.

example links in Google

Preventing link spam

  1. Keep your website up to date.
  2. Install and configure a security plugin.
  3. Regularly check the status of your website on Google.

I understand that you may not have time for all of this.

Good news! I do this full-time for WordPress websites.
Monitoring reputation, checking for hacks, keeping everything up to date, and implementing preventive security measures.

Let me proactively secure your website and prevent trouble!

 

Hacked before you’ve even logged in yourself!

/0 Comments/in

That your website is vulnerable when you are highly visible on Google, and that more plugins increase the risk of being hacked, we know. But being hacked even before you have logged in yourself?

That happened to several websites that didn’t complete the installation quickly enough.

How is that possible?!

During a new WordPress installation, the first step is to choose a username and password. You would think that no one can interfere with a new installation. The domain name has sometimes just been registered… no one knows about it yet.

But that’s not the case. The Letsencrypt service used to request free SSL certificates has leaked information, allowing hackers and scripts to identify newly registered domain names and websites.

1, 2, 3 malware

Hackers immediately took advantage of this and if the installation was not completed quickly enough, they filled in a username and password using a script.

They installed a file manager (plugin)

And they uploaded their own malware.

Good practices

It’s a good practice to complete an installation right away, not just the part where you choose a username and password, but also by installing and configuring a security plugin.

If you don’t have the time or the knowledge to secure your website, let us take care of it!
Request a package in time, and we will be ready to secure your new website immediately.
Secure your WordPress website.

Source: [Security.nl](https://www.security.nl/posting/750062/Let%E2%80%99s+Encrypt-logs+vermoedelijk+gebruikt+voor+infecteren+WordPress-installaties?channel=rss)

CSS4 – When can we expect it?

/0 Comments/in

I also fell for it and looked it up, when is CSS4 coming?

It turns out that it will never come, CSS3 has mainly become “a thing” because it has been widely discussed as the new revolution in the CSS world.

CSS3 is an adaptation of CSS2, with many individual adjustments. But because they were so successful, many people talked about it as a completely renewed and improved CSS.

Some features of CSS3 were:

  1. border-radius – Finally, nice rounded corners without the need for a PNG image
  2. gradients – Color gradients without having to create images
  3. animations and transitions  – Previously, jQuery had to be used for this
  4. transforms – Easy rotation or distortion
  5. box-shadow – Add shadows to elements

Because the new CSS adjustments and innovations were significant improvements for certain problems, such as rendering on different devices, and because some cool features were added, CSS3 became a thing in itself.

CSS3 mainly brought financial benefits to programmers and website builders, as they could persuade their clients to “get on board” with the technology.

If in the future there is talk of CSS4 or CSS5, it will mainly be a term used by programmers who might give the new updates a distinct name.

Don’t expect it to be released officially!

Source: [CSS-Tricks.com](https://css-tricks.com/css4/)

WooCommerce gets its own tables in the database

/0 Comments/in

We all know WooCommerce as the miraculous plugin that turns WordPress into a full-fledged online store.

WooCommerce (created by Automatic, just like WordPress) heavily relies on the WordPress structure, especially in the database.
In the past years, products have simply been stored as Custom Posts in the post and postmeta tables of the database, where pages and posts are also stored!

This has been working well for years, allowing you to build and run even the largest online stores without issues.

However, there has been a request from many developers, plugin builders, and even regular users to store WooCommerce data in separate tables in the database.

Why move WooCommerce data to separate tables?

  • It provides better organization in the database, making modifications easier to handle.
  • It becomes easier to create backups of the online store and restore them without including unnecessary information.
  • It has the potential to make the website, particularly product loading and information retrieval, faster.

The online store in dedicated tables – a significant change!

This is a major modification, and the WooCommerce developers are aware of it.
There are hundreds, if not thousands, of plugins that rely on the current structure.
Think of filters, coupons, descriptions, images, and more!

For this reason, transitioning to specific tables will be OPTIONAL in the initial phase. If your online store is not ready, you don’t have to make the switch just yet.

What’s the timeline for the new tables?

They plan to start with orders first. The goal is to have them in their own table by the third quarter of 2022.
Remember: the transition is initially optional, according to the WooCommerce developers.
Other elements of the online store will follow in subsequent steps.

Source: [Developer.woocommerce.com](https://developer.woocommerce.com/2022/01/17/the-plan-for-the-woocommerce-custom-order-table/)

Don’t lose your visitors!

/0 Comments/in

When writing posts in WordPress and including links to other websites, it’s important to always check the “Open in new tab” option while creating the link. Otherwise, the linked page will open in the same browser tab, causing visitors to navigate away from your website.

Never let visitors leave your site when redirecting!

The “Open Links in New Tab” plugin makes it easy for you! After installing and navigating to Settings > Links in new tab, you can select the option to open ALL external links in a new tab. From then on, you won’t have to manually check this option for each link.

Convenient, isn’t it?

By keeping visitors on your website for longer and preventing them from losing your site when they click on a link, you enhance the user experience.

open in new tab