WordPress plugins, what are WordPress plugins?

/0 Comments/in ,

There are more than 55,000 free WordPress plugins available on the official website of WordPress itself. There are also thousands of plugins developed that you can buy.

But what a plugin actually does is unknown to many. As are the differences between free and premium plugins. What impact does a plugin have on your WordPress website, can you use an unlimited number of plugins?

We are going to discuss it!

About free plugins

Plugins are offered for free on WordPress.org because it allows programmers and web agencies to advertise their business. Sometimes a free plugin is also offered because its creator is enthused and wants to share the plugin with the rest of the WordPress community.

A free plugin is no worse than a so-called Premium or Pro plugin that you have to pay for.

Especially if the plugin is offered on WordPress.org itself, you can trust the plugin. The plugin undergoes a number of tests before it is posted. If the plugin is found to be unsafe, or not updated it can be removed.

About premium plugins (Paid)

With a premium plugin, you pay either once or annually. Keep in mind that the annual payment may be required to receive the latest updates!!!

Many forget the annual payment, the plugin may possibly stop functioning because of this.

A paid plugin is no better or more secure than a free plugin. This is because the functioning and security depends on the team developing the plugin.

With a purchased plugin, you do theoretically get more customized support, but again this depends on the team creating the plugin.

The Envato market has many premium plugins.

Updating plugins is necessary

Why a plugin needs to be up-to-date:

  1. Code output changes, this is due to server updates to PHP
  2. The operation of the server changes, faster techniques and new security requirements
  3. Hackers sometimes find leaks in plugins which they exploit on a large scale
  4. Browsers change regularly, the CSS & HTML rules used change as a result
  5. New technologies require graphical adaptations in the code, think of the smartphones, smartwatches, large 4-8K monitors
  6. Operating systems handle code differently, so a plugin needs to be debugged regularly

The technique behind a plugin

A plugin is created in PHP, with the visual elements naturally written in HTML and CSS.
When a plugin wants to load dynamic code, it also loads jQUERY and uses JAVASCRIPT.

You use a plugin to add a functionality. A plugin can display the added feature in your website in a few ways:

  • Through a WordPress “function/hook.”
    For example, think of the function/hook that WordPress calls to the text of a page or post.
  • By adding code to the theme.
    The theme, especially the header & footer are displayed on every page and post.
  • By using a [shortcode]
    A Shortcode allows you to add the operation of the plugin between the text in pages and posts

A plugin can communicate with the WordPress database. A plugin actually has no limit when it comes to modifying the operation of your website. For this reason, plugins must be handled with care.
A plugin can make and break your website!

The safety of plugins

The safety and proper functioning of a plugin is not guaranteed. There is no “this plugin works well with all the plugins you already have – seal of approval”.

Therefore, it happens that a plugin causes security problems or errors.

Errors caused by a plugin
wordpress plugin lek beveiligingThere are several plugins that turn your website into 1 white page with an error message, simply by putting a ; . / , > in the wrong place can already break the website.

Security vulnerabilities caused by a plugin
There are hundreds of plugins registered on wpscan.com that have security problems. These are leaks that allow a hacker or script to extract data from your website, or add it to your website.
Needless to say, you don’t want your customer data and account details taken from the database… or spam to be displayed or sent through your website.

Conflicts between plugins
It usually goes well, but not all plugins can be used on the website at the same time. If different plugins load the jQuery library, 1 of the 2 may stop working. If 2 plugins edit a function of WordPress, they may overwrite or undo each other.

Usually it goes well
Plugins are usually fixed or updated, if there is a leak in them it is fixed. If there are conflicts between plugins, they are fixed. Especially if a plugin is used by thousands of websites.
Avoid problems by being sparing with the number of plugins you use.
And especially if they have the same function!

Why should you pay for a plugin?

We’ve discussed the premium plugins that require you to pay a certain amount once or annually to continue using them.

When is a plugin worth the money?

  1. When there is no free alternative
    We already discussed WordPress.org, and so are separate providers of plugins.
  2. When the desired feature is not affordable to code by a programmer
    You can also have a plugin custom coded, but that can sometimes cost more than buying an existing plugin.
  3. If you make money using the plugin
    Think of a plugin that generates quotes or a plugin that increases the turnover of your web shop. Plugins on which you depend heavily may cost a bit, especially if you get support when a problem arises.
  4. If the plugin keeps your website safe
    WordFence and iThemes are plugins you can download for free, but if you take a paid version… the so-called premium or pro version, they offer more features and more security. It’s better not to skimp on that.

Het aantal plugins in mijn website, wat is normaal?

Ik zie veel websites voorbij komen met 10, 20, 30 of zelfs 60 plugins!

Wat is verstandig, en wat is normaal?

  1. Een informatieve website
    Deze mag best 5 tot 10 plugins bevatten. Meer is overdaad voor het tonen van informatie en remt je website alleen maar af.
  2. Een actieve bedrijfswebsite
    Je hebt een offerteformulier, misschien nog een FAQ plugin, je gooit Google maps erin. Goed te begrijpen. Zo’n website kan gerust 10-15 plugins bevatten.
    Meer is niet aan te raden. De website wordt er trager van, meer berheerskosten, eventuele conflicten tussen plugins.
  3. Een webshop
    Je hebt WooCommerce en een aantal plugins om je webshop te automatiseren. Ik begrijp het, je wilt een Ajax Cart tonen en een Wishlist en een iDeal integratie hebben. Een aanbiedingen slider, de bijproducten tonen, een nieuwsbrief etc etc..
    Een webshop kan zomaar 15-20 plugins bevatten.
    Meer kan ook maar is niet aan te raden, vooral omdat de veiligheid van je webshop voorop staat.. en dat kun je steeds minder garanderen naar mate het aantal plugins toeneemt.
  4. Een bedrijfswebsite voor een gigantisch bedrijf
    De eigenaar van het bedrijf heeft wat wensen, de marketingafdeling wil wat kunnen meten, de webbouwer heeft enkele belangrijke plugins die het hem makkelijker maken de website op te zetten.
    Voor je het weet zitten er 20-30 plugins in de website.
    Dat kan, maar hou rekening met de nodige onderhoud. Het debuggen van plugins die onderling problemen veroorzaken. En als er veel bezoekers komen, optimaliseer de website dan.

Ja maar, ik heb 40, 50 of wel 65 plugins in de website zitten!

Ga dan eens goed ruimen! Verwijder de in-actieve plugins. Probeer dubbele plugins eruit te halen. Kijk eens of er geen lekke plugins in zitten (Gebruik de zoekbalk van wpscan).

 

The number of plugins in my website, what is normal?

I see many websites coming by with 10, 20, 30 or even 60 plugins!

What is sensible, and what is normal?

  1. An informative website
    It’s okay to have 5 to 10 plugins. More is overkill for displaying information and only slows down your website.
  2. An active business website
    You have a quote form, maybe another FAQ plugin, you throw in Google maps. Fair enough. Such a website can easily contain 10-15 plugins.
    More is not recommended. It makes the website slower, more storage costs, possible conflicts between plugins.
  3. A webshop
    You have WooCommerce and some plugins to automate your webshop. I understand, you want to show an Ajax Cart and have a Wishlist and an iDeal integration. An offers slider, show the side products, a newsletter etc etc..
    A webshop can contain just 15-20 plugins.
    More is also possible but not recommended, especially because the security of your shop is paramount… and you can guarantee that less and less as the number of plugins increases.
  4. A corporate website for a huge company
    The owner of the company has some wishes, the marketing department wants to be able to measure something, the web builder has some important plugins that make it easier for him to set up the website.
    Before you know it, there are 20-30 plugins in the website.
    That’s possible, but keep in mind the necessary maintenance. Debugging plugins that cause problems among themselves. And if there are a lot of visitors, optimize the website.

Yes but, I have 40, 50 or as many as 65 plugins in the website!

Then start cleaning up! Remove the inactive plugins. Try to take out duplicate plugins. Check for leaky plugins (Use wpscan’s search bar).

From 1 to 100 plugins in 12 seconds

Beforehand, the owner of a company usually does not know exactly what the website or web shop should be able to do. Or what a WordPress website can – and cannot – do by default.

Yes, the website must sell products or attract customers!
– Just like bol.com or Amazon.

We are spoiled with many webshops and websites that serve us very well. But there is months or years of automation in there. A large number of programmers. And a lot of money.

The rule is: the easier the website works for the user, the more automation is in it.

Example of a webshop
You create a standard webshop in WordPress with WooCommerce.
That’s a free plugin that turns your website into a webshop.
Then it can only show products!

Do you want a Wishlist? Then you need a Wishlist plugin.

Do you want customers to pay via Ideal? Then you’ll need a Mollie plugin.

Do you want to notify visitors who don’t checkout? Then you’ll need an Abandoned Cart plugin.

Do you want visitors to sign up for a newsletter? Then you need a newsletter plugin.

Do you want visitors to be able to submit a question or complaint? Then you need a contact form.

Do you want splashy pages? Then you need a page builder.

Want to rank in Google? Then you need an SEO plugin.

Want to serve customers internationally? Then you need a translation plugin.

– And so on and so forth!

In short:

Talk to your web builder in advance, list ALL you expect from the website or web shop. Don’t assume that everything is already in your website with 1-2 mouse clicks.

The power of WordPress

By default, WordPress already offers a large number of possibilities to customize the website to your liking. Without deploying a complete plugin for every customization.
Note: these additions are best deployed by a programmer – or someone with WordPress experience.

For example, try using:

Page Templates for specific pages
If you want 1 page to be different from the rest of your website, you can create a page template for it. You take a page, so to speak, and manually place the desired code in it.
Custom fields adding extra information with a fixed layout
WordPress gives you the ability to add custom fields to pages and posts. This allows you to give a fixed format to extra information you display in a page or post.
Child themes for layout changes
The programmer can deploy a child theme, which allows him to make small additions or modifications to the current theme without adding a lot of code through a plugin.
The Customizer for color and layout changes
Want to change some color, the width or height of an element? You can easily do that using CSS in the Customizer.
The functions.php of your theme
It is advisable to do this in the child theme as described in point 3, but the point is that there are thousands of code snippets on the internet that you can put in the fnuctions.php without having to deploy a new plugin for it.

Pro tip: Before you make any changes to your website or have a programmer do it for you… make a backup of the data and database first! Then you can restore that backup if an error occurs in your website.

You can make the backup via your hosting panel, Plesk or Directadmin. Assuming you have access to that.
Otherwise, there is of course a plugin for making backups: Updraftplus!

Elementor – is that still something?

/0 Comments/in , ,

Elementor is a so-called Page Builder. You create complete pages with it.

Yeah but, that’s what we have Gutenberg for, right? That comes standard in WordPress these days!
Well, Gutenberg came about in the 2020s, and elementor in 2016. You notice that tremendously, Elementor currently works even more pleasantly than the (meanwhile built into WordPress) Gutenberg editor.

Installing Elementor

You can simply find Elementor in the list of plugins from WordPress.org
Installing it is a piece of cake.

In your admin > Plugins > New plugins – Enter elementor in the search box. Click Install Now and then Activate.

elementor installeren

Using Elementor

Once activated, you can go to a page or post and start using the Elementor content builder.
– Click “Edit with Elementor” if the Elementor layout does not appear immediately.

elementor aanzetten

Drag and go!

If Elementor’s description is to be believed, it is a matter of dragging and dropping elements, modifying them and saving them.

elementor voorbeeld

Does elementor really work that easily? Um, YES!
This just works incredibly well and easily.
I have been using Elementor for no more than 10 minutes, and I get all the elements exactly the way I want them. Width, height, etc. Text in, image next to it. It works tremendously intuitively.

I’m a website nerd, keep in mind that you need to take some time to do it yourself if you don’t already have basic experience with page builders 🙂

Tip

If you want to put elements next to each other you first use a column.
It’s called an “inner Section” in Elementor.

columns in elementor

Conclusion – The elementor page builder, is it still something?

Yes, this works well. I must admit that I am positively surprised.

[press-graphic]I use this pagebuilder when a website requires a lot of customization, I’m used to this builder and can’t live without it. It’s just which one you started using first if you ask me[close-press-graphic].

If you have any tips or suggestions about the Elementor page builder – let me know in the comments below!

What is cloaking?

/0 Comments/in

Cloaking is a technique where you provide specific text/information to Google that is not in your website.

The visitor will not see that text/information. But Google will!

Cloaking, used by “professionals and SEO-ers”

cloaking slecht plan

This technique (false trick) was used by many SEO practitioners and web agencies in the 2000s+ to make a website rank higher in Google search results.

Obviously, this technique worked for a short period of time and then had mostly negative effects on your website’s results and reliability in Google.

Google soon realized the trick and changed the algorithm and did double checks to see through the trick.

So how was cloaking used by “professionals and SEO-ers”?

Example: You have a web agency. Your website states that you create websites for 1500 to 2500 euros each. The page title is: professional websites from 1500 euro.

With cloaking you give Google false information.
The page title is then called, for example: The best and cheapest websites in the Netherlands!
And the description becomes, for example: Fast and cheap a good website? Professional and fast.

How does Google detect cloaking?

Google has several ways to detect tricks.
Periodically, special programs are run by Google to check website for hidden texts, cloaking, keyword spamming and the other 50+ tricks used by many.

When these tricks found in your website.

If the trick is discovered by Google the value of the domain, used to be called “Pagerank” will drop causing you to rank less high in Google’s search engine. From a 2nd, 3rd or 5th position on the first page of Google, you can just drop 10 positions, which means you will be in the 12th, 13th or 15th position. That’s the 2nd page that quite few people click on. You can lose so many website visitors because they simply don’t see you listed when they search for you or your services.

A lowering of the search position is the most favorable situation, if cloaking or other tricks are found to be used to deceive or rob visitors the website runs the risk of:

Being completely banned from search results

How cloaking is now used by hackers

Cloaking is the ideal way for hackers to get their own website in Google, on the back of your website!

Often cloaking is applied in 2 steps:

A redirect is made from your page to the hacker’s website, often to expensive (and sometimes illegal) products that the hacker – aka criminal – sells through a webshop.
The information for Google is modified, see example below:

Someone searches Google for v i a g r a, for example, or other e r o t i c products.
The searcher on Google sees a page appear with a great offer, but on your domain name.
When that person clicks on the search result, they are redirected to the hacker/criminal’s webshop. So there is another piece of malware involved besides cloaking, but if the hacker can cloak your website, he has usually also put a redirect through the Htacces, the database, or a link in your website.

But… if visitors are sent via your website to an unsavory website, then you will quickly notice!

No you don’t see that quickly, the hackers use different techniques to show you your own website and redirect other visitors.

Some examples:

a. One piece of code makes the redirection to the unsavory website not work when you are logged in.
b. Through a cookie or browser session, the redirection is only used 1 time.
In short, you see it 1 time and then never again. Usually you then think that you yourself clicked wrong the first time or that the problem is already solved.
But every new visitor does get redirected!
The rerouting trick is also not easily reported to you by your website visitors because they are reluctant to tell you that through your website they suddenly landed on an e r o t i c website….

Cloaking is a serious problem that is becoming increasingly common.

It damages your website’s reputation, but worst of all, you don’t realize it quickly.

Fortunately, there is 1 scanner that pays close attention to cloaking!
That is the scanner on this website: www.isithacked.com
Use the isithacked.com website if your revenue is decreasing, if your visitors report strange behavior on your website or if you notice that your website’s search results in Google show very different information.

PS: Chances are that Google is also going to warn you. But then you’re actually already too late….

How can you prevent cloaking?

You can prevent cloaking by not hiring cheap SEO-ers who make big promises for little money.

You can prevent cloaking by hackers by securing your website properly, or even better: have your WordPress website properly secured.

Good security is a profession, and intercepting cloaking and other tricks of hackers is even more so!

Report 2019 – Malware trends, tricks and techniques

/0 Comments/in ,

Sucuri has released an overview of the trends in hacks, hacking and malware over the past year. The overview counts 43 pages and is entirely in English.

But since we read through it anyway, we immediately share the various interesting points with you. In Dutch! We add our experiences, so you get a complete understanding.

Foreword: Without up-to-date knowledge no visibility into hackers & Malware

It is important to stay up-to-date in the ever-changing world of Malware.
Up-to-date knowledge ensures that you know what to look for.

2019 has shown that the techniques of hackers and the Malware they have developed are at an ever-increasing level. This is due to the capabilities of the Internet, but also because the loot is becoming more and more valuable. Websites are becoming more and more a part of our lives and income. WordPress as a platform is still growing.

Type hacks in 2019

Below are the trends in hacks, and especially the effects of hacks.

1 62% of hacks consist of SEO spam

wijzer

Links to web shops, link building or even flat advertising through banners in your website. This is what is most common: Ransomware – holding your website hostage to payment & defacing – modifying the style is much less common.

SEO spam, placing links in your website is completely automated. In every post and page a link, within seconds with a script that uses a leak or in 47% of cases via a backdoor: A backdoor placed during a previous hack.

2 Technical support with fake company names

Another common problem. What happens is that you see a (fake) notification on a website that the computer is infected.

telefoonThe notification appears to come from Microsoft or some other reliable company, you are shown a phone number that will “help” you get your computer back in order. NEVER CALL!
Fixing your infected computer is obviously never going to happen, at worst it will actually make adjustments that will make you need their service as a “tech company” more often.

Now you’re thinking, I’m not falling for that!

But another might, someone who gets such a notification when they visit your website well known and trusted, they might fall for it. (It’s mostly the elderly who get fooled.)

Of course, you don’t want to be part of that, you don’t want that virus notification from a fake company displayed on your website. It comes at the expense of your good reputation, even if someone doesn’t fall for it … they’ll see it when they visit your website!

The SEO spam and the fake tech notification are both highly undesirable hacks that you want to PREVENT. (And not to take out afterwards only when you finally discover the false information).

3 Credit card data theft

Sucuri has removed 2300+ scripts from servers & websites last year that used to steal and forward credit card data.

creditcard veiligheidIt just might be your credit card information! As ingenious as a WooCommerce webshop can work, hackers are just as ingenious when they steal credit card information.
Don’t underestimate that if you have a WooCommerce webshop.

4 Cryptomining

There is a large decrease in the number of scripts that prompted the visitor’s computer to mine crypto coins.

crypto

1 reason is the change in exchange rates, the drop in value and the antivirus software of computers that dealt with this threat very seriously. Cryptomining in fact led to increased CPU usage and in this way led to additional (power) costs for the website visitor.

Brief summary:

The above methods are only 4 out of hundreds. These are the most commonly used, but that doesn’t mean you won’t encounter other tricks.
In particular, fishing and reselling account information often runs parallel to these tricks.

Keep your WordPress website up-to-date, secure and if you don’t have a site but have encountered these tricks: be aware that even the most trustworthy website can be hacked and thus provide false information. Make sure you have a good Antivirus for your computer, that will prevent many of the trojans trying to install themselves on your computer.

 

Wat is Country Blocking?

/0 Comments/in

Country Blocking allows you to block visitors from certain countries. Those countries can then not visit your website.

[Press server]99% of all visits from abroad are from bots, these are not real visitors… it costs the server a lot of capacity to process the requests from bots. That’s why I recommend blocking large countries, provided you are sure you don’t have customers or visitors sitting there of course.[close-press-server].

When do you use Country blocking?

If your target audience, i.e. your potential customers are all from the Netherlands, it is advisable to block other countries.

Example: Someone from India or Russia will not become a customer just like that. But the number of hackers and bots harassing your website or testing for WordPress leaks is huge in those big countries.

Technical: How does the Country blocker work?

The Country blocker works with a database of IP descendants equivalent to a country. When the visitor meets a certain IP address, he will receive a notification that the website is not accessible, or if you have set up a redirect, the visitor will be redirected.
Because the database of IP addresses must be updated regularly (dynamically) this will not be done via the Htacces but will be processed by the relevant security plugin (wordfence) when your website is requested.

What is the disadvantage of Country blocking?

  • If your target audience or one of your customers is located in one of the blocked countries, they will not be able to reach your website.
  • Country Blocking works based on the IP address of a visitor/attacker, many individuals use a VPN – Proxy allowing them to trick security by pretending to be from another country.
  • Some services (Crawlers, Cloud services, Backup & monitoring tools) run on servers in other countries. Therefore, those cannot access your website for good purposes.

Which security plugin offers Country Blocking?

  • WordFence
  • iThemes Security

My experience with Country Blocking

I have only used Country blocking 3 times in the past 10 years. That was because a certain hacker group had set its sights on a customer’s webshop. It was necessary to block that country and several surrounding countries. This was necessary not only to stop them but especially to stop the auto-bots that were flooding the server with requests.

Customize styling through WordPress’ CSS Customizer

/0 Comments/in , ,

What is WordPress’ CSS customizer?

The CSS customizer allows you to add CSS to your website.

What on earth is CSS!

CSS, Cascading Style Sheet … that name doesn’t really make it clear.
STYLING!

With HTML elements you display data in your website, and with CSS you style those elements.

So you want to make changes to the style of your website? Then you write a piece of CSS.

Why would I do that with the CSS Customizer?

The Customizer has color-coding that makes it easier to see if your code is written correctly. The Customizer also provides a LIVE preview view where you can see the changes immediately, so you can pre-view it before you Publish it.
You can instantly see if your CSS styling code is working!

The screenshot below shows a piece of CSS written in the Customizer.
You can see here the ID, Class and an H2 title element that I made red with the CSS for example.

customizer

Wanneer gebruik je de CSS Customizer van WordPress?

  1. Als je de vormgeving van je website snel wilt aanpassen
  2. Als je huidige thema geen beheerpaneel heeft waar je styling kunt aanpassen
  3. Als je geen Child thema wilt aanmaken
  4. Als je geen toegang hebt tot de styling & Serverbestanden

Let op!

When do you use WordPress’ CSS Customizer?

  1. If you want to quickly change the styling of your website
  2. If your current theme does not have an admin panel where you can customize styling
  3. If you do not want to create a Child theme
  4. If you do not have access to the styling & Server files

Notice!

To use WordPress’ CSS Customizer, it is important that you have experience with CSS.
CSS is the code language used to define the design, color and dimensions of a website.

The CSS you write in the Customizer will be loaded inline at the top of your website’s code. As a result, this CSS overrides the styling used by your theme.

You can also kill your website graphically with it, in which case it’s just a matter of deleting the written CSS, but keep in mind.

The benefits of the CSS Customizer

  • You immediately see what changes on the frontend of your website
  • The styling remains, even with theme updates
  • You don’t need to have server access or a code editor
  • The CSS code has clear code formatting in color
  • You can switch views: desktop, tablet and smartphone format
  • HTML styling with CSS in practice

I can see you thinking: HOW do I know WHAT to style!

In order to customize the HTML elements of your website with CSS, you obviously need to know what the elements are called. After all, you grab them by ID or CLASS name.

Therefore, open your website using an Element Inspector.
Most browsers (chrome, Firefox and more) have that option, you right-click on a particular part of your website and then choose Inspect Element – Sometimes you have to repeat this 2x to get a particular element.

Tip: You can of course open the Element Inspector in a different tab, or preferably on a different monitor because then you simply see more. After all, you only want to know the name of an element.

The screenshot below shows the CSS Customizer and the Element Inspector open on the far right.

element-inspector

Okay, you now know that there is a CSS Customizer in WordPress. You know that you can put CSS in there that you can use to customize the design of your website.

Now to write the CSS!
By now, of course, every programmer has long clicked away from this article and is happily adding CSS.

But I can’t write CSS!

Are you an enthusiastic website owner who has no idea how to write CSS?
Then you can commission us to modify a certain element with CSS. In fact, we write CSS as easily as the ABC.

Click here to put us to work*.
* please note, sometimes we are busy so we cannot provide the service. Security and recovery of hacked WordPress websites is our priority.

I want to learn how to write CSS

You can do that at w3schools.com
Currently there are free classes to learn CSS. (In english)
Click here to learn how to write CSS.

Saving changes in the CSS Customizer

Only when you click “Publish” – is the CSS saved in your website and displayed for new visitors! So don’t forget to press that button after writing CSS.

opslaan

What is a WordPress theme?

/0 Comments/in

A WordPress theme contains all the elements that are important for displaying texts, pages, posts and more.
Both the display of the elements and the design (color, size) are all controlled by the theme.

Is every WordPress theme the same?

Basically, every WordPress theme has a standard number of templates, basic design and various functions.
The colors, dimensions may differ, of course.

Free themes versus paid “premium” themes

There are free themes and the so-called paid “Premium” themes that offer more features or formatting for such things as portfolio pages, contact forms and more.

How do you get a WordPress theme?

WordPress offers a good number of approved themes that you can use for free. In addition, there are several themes for sale on the Internet, these often have additional elements that add value and thus can be sold for a certain amount of money.

Is a free theme worse than a paid theme?

No, the themes available for free on WordPress.org are very good. They are well structured and created by several good programmers.

What about the SEO?

The structure of themes is clear, 95% of all themes are suitable for Google.

How do I choose another theme?

If you are logged into your website, you can go to the “Appearance > themes” tab to choose new themes. (English: appearance > themes)

Pro Tip:

Once you’ve found a theme, delete the ones you’ve tried but aren’t going to use again. This is important so that the themes (especially the outdated ones) are not approachable by hackers.

Hiding the login page – iThemes Security

/0 Comments/in ,

By default, the WordPress login page is found on the “admin” page. That’s with every standard WordPress website worldwide. Every hacker and hackbot knows that … they can easily make attempts to log in through your login page that way.

It’s important to hide the default login page

Why you should hide the login page:

  1. Even if you have a great password that makes logging in “impossible” you will suffer if attempts are made to log in through that well-known login page. This is because mainly scripts use that page to fire thousands of attempts at it. They call it brute force attacks.
    Brute force attacks make your website slower! These are requests that are processed by your website, and behind it by the server, at the expense of loading speed for real visitors.
  2. Not everyone needs to know that your website is made with WordPress right?
    (I know, in the source code you can see it too but not everyone looks there)
  3. It says something about your website, for example I quickly know if a website is well secured or not when I visit the default login page. And hackers know that too.
    And if I find admin as a username there too… sigh! – But that’s something for another article ;)So the key is to make the login page inaccessible to the world!

[press-server]There are websites where the login page gets 5,000 “visitors” every day, spread over 24 hours… the IP addresses change constantly so the server will not block all the attacks. Even if it comes at the cost of server capacity. Hiding the login page is an important step against unwanted “visitors” (bots & scripts)[close-press-server].

iThemes Security has the ability to hide your login page

Ironically, that feature is also kind of hidden! In fact, you won’t encounter it during the default installation.
You can find this setting at Advanced > Hide backend.

There you can move the login page to a page with a unique name.

admin verbergen ithemes security

Remember that new page name well! That way you can always login to your website.

Also keep in mind that the regular login page is inaccessible from now on (until you are logged in), if you keep looking for it anyway the security plug-in may temporarily block your account.
Therefore, please also give the new admin address to administrators who regularly login to your website.

Cyber-attacks on your website, where do they come from? What is the target?

/0 Comments/in

Did you know that many WordPress websites are visited 3000x a day by bots? Where do these bots come from? And what is their purpose?

The guys at WordFence (source in English) see millions of attacks on websites come by, that’s because their security plug-in collects those from thousands of websites to keep the Firewall and protection of WordPress websites optimal.

This month they shared the top 5 countries where the most attacks on WordPress have come from in the past month.

  1. Australia
  2. Germany
  3. United States
  4. Ukraine
  5. Finland

These are currently not the standard countries where most cyber attacks used to come from, which was often China or Russia.

What does this say about the countries themselves? Not necessarily that more cyber criminals live here.

The number of cyber-attacks from a particular country depends on several factors

Consider:

  • Availability of servers.
    Attacks are done via servers, where the most powerful servers are located more can be achieved
  • The IP statuses of a country
    Good status is more reach
  • Unemployment
    More time and need for new (unfortunately illegal) income
  • The state of security
    A leak in certain software can provide access to many criminals
  • And sometimes a political situation
    Like a country where there is war, that is not only fought with weapons these days

What is THE PURPOSE of cyber-attacks?

Currently, WordFence reports that:

the (hackers, criminals) of the top five countries are all trying to access websites

Once you have access to the websites, a criminal can:

  • Share information with the world
  • Steal information
  • Make money from advertising, spam & black hat SEO
  • Make money selling access data
  • Make money using complex scamming methods based on the stolen information

Then, of course, the question: do cybercriminals just manage to not only attack a website but actually gain access to it?

Yes, there is always a percentage of the millions of websites that have a leak at the time an attack is made.

The attacks go on day-and-night, 24/7.
The moment your website contains a leak, a specific payload (script/set of code) will be unleashed on your website that will allow a cybercriminal to access your website.

For that reason, to the incessant flow of attacks it is necessary to use and otherwise install a good security plugin in your WordPress website.

This can be the free security plugin from WordFence, or the paid premium version offered by WordFence.

You can also use iThemes, which has a security plugin specifically for WordPress. Also a free version and a paid pro/premium version.

Want to make sure your website is up-to-date? Secure? Then let us secure your WordPress website. We have packages for small WordPress websites, WooCommerce webshops and for large WordPress websites!