Getting Started with WordPress

/0 Comments/in

If you’re just starting with WordPress, you can easily get lost in all the available information.

To keep it simple and avoid overwhelming you with more information, here’s a brief guide on where to start with your WordPress website.

Themes

You can download free themes from WordPress.org. For more extensive themes, you can purchase them from places like Themeforest.

What is a theme?

A theme is the styling or appearance of your website. It determines how your pages look, the top and bottom of your website, and the appearance of your sidebar.

Both the layout and colors are determined by a theme.

Plugins

You can download free plugins from WordPress.org.

What is a plugin?

A plugin is an add-on that you can “plug into” your website. The type of add-on depends on the plugin; for example, there are plugins for website translation, website security, displaying images, creating photo albums, and more.

Be careful, though, as plugins can slow down your website and may pose security risks. Don’t just install any plugin you come across.

Security

For the security of your WordPress website, whether big or small, it’s best to turn to WPbeveiligen.

With over 10 years of WordPress experience, hosting experience, and expertise in development, programming, and security, WPbeveiligen is the right choice.

Why is security necessary?

WordPress is open-source and freely available for everyone worldwide. As WordPress is a popular platform for building websites, many malicious hackers target its potential vulnerabilities and widespread use. When a hacker finds a vulnerability, they can infect thousands of websites with malware within hours. Malware is harmful to your website’s reputation, affecting both visitors and your ranking in Google.

You can secure WordPress by using a security plugin and configuring it properly, or you can let us secure your website for you.

Need more information or have questions?

The WordPress NL forum has many users with knowledge of WordPress who can help you with any questions.

Additionally, we have written a large number of articles to assist you. Visit our articles page for an overview of topics and the latest articles on WordPress.

 

Choosing a secure password

/0 Comments/in

If there’s anything that gives you a headache, it’s the different passwords for each website.

To add an extra factor, all sites have their own rules regarding password security.

Some common requirements we see:

  1. Using an uppercase letter (UppercaseLetters)
  2. Combining letters and numbers (eaad 8934)
  3. The password must contain symbols (*&$!)
  4. The password must not exceed 9 characters
  5. It must be longer than 11 characters…

Sigh…

Can you choose one password that is accepted on every website?

Having one password that works on all sites is not possible..
(And not safe, but that’s beside the point)

Why not?
Because there are many contradictions between sites, where one site requires more than 8 letters/numbers, and another site indicates an 8-character limit.

So, it is advisable to use 2-5 variations.

Creating a strong password

wordpress goed wachtwoord

With the following tip, you can come up with a strong password:

A phrase, for example:
2ENORMEnijlpaarden!
✔ letters
✔ numbers
✔ uppercase letter
✔ special character
(You will remember this one after 4 weeks 😉

It is important that you can remember it yourself. This works best with phrases that make sense to you.

80&$&()JKL is not easy to remember!

But 33nZ1n is!

Note that spaces are not allowed in a password, and the password must contain at least 8-10 characters (numbers or letters), which is a requirement that works on most sites.

So, in summary

For most sites, you’re good with 8-11 characters/numbers/uppercase letters.

Combine these for a strong password.

Do not write it down online or in your email, just write it on an old-fashioned piece of paper and keep it in a safe!

But NOT like this!

wordpress slecht wachtwoord

  1. No birthdates
  2. No first or last names
  3. No first name with 123 after it
  4. Don’t use your name spelled backward
  5. No aaa sss or qwerty123
  6. No dictionary words!!
  7. D0n’t r3pl4c3 l3tt3rs w1th numb3rs

Why not?

If your name, birthdate, or other info is in a profile, a hacking script will first use that information to generate and test your password.

Next, it will try standard keyboard combinations that many people use, such as qqq www -or- qwerty -or- 12345, etc.

Then, the script will use the dictionary from a txt file and try those words on a website to hack your account.

Finally, the script will replace your name with numbers.

The Expoit Scanner for WordPress

/0 Comments/in

An amazingly simple plugin with one purpose: to search for files that may contain code that doesn’t belong in WordPress.

You can find the plugin in the WordPress plugin library.

After installation and activation, the Exploit Scanner can be found under Tools.

As you can see in the image below, there aren’t many options. You have the option to disable “display: none,” which is common in certain themes.

You can also limit the scan to files that are not larger than 400 KB, and it is recommended to keep it that way. (although very occasionally, hackers may write very large files, in 99% of cases, scanning such large files is not necessary)

The third option you have is to limit the number of files scanned at once. It may be necessary to set this to a maximum of 100-150 if you have a hosting package with limited memory, and the pages freeze with a “memory error.”

Run the scan!!

wordpress exploit scanner

Once you have enabled the scan, it may take a few minutes.

After that, you will get a long list of files that contain Eval commands, a list of “hidden” CSS codes, and more.

Is the Exploit Scanner a one-click solution?

With one click, you can see which code may be potentially dangerous and where the files are located.
However, it is still necessary to have deep knowledge of WordPress, code, and hacker code to determine whether a piece of code belongs in your website or not.

In short, it’s a useful tool for webmasters.

Securing a WordPress Multisite

/0 Comments/in

Is securing a WordPress multisite different from securing a single WordPress site?

You have more data, which is self-explanatory, including more tables in one database. All the regular tables of a single site are duplicated for each site you add.

For example, if you have usual tables like wp_options, wp_posts, now you will have them with an additional prefix. For instance, wp1_options, wp1_posts, and so on, depending on the site number.

multisite in WordPress database

What happens at the server level when you set up a Multisite?

In the uploads folder, you will now have a “sites” folder with a corresponding number as in the database. For your first site, a folder named “1” will be created, where all the files uploaded by the users of that site will be stored.

WordPress multisites

A quick note, the wp-config file will get some additional lines when you start with a Multisite, including:
define(‘WP_ALLOW_MULTISITE’, true);
(So, don’t remove this!)

What happens with the users?

It’s important to mention that a user who signs up as a subscriber is automatically subscribed to all sites within your Multisite.

The admins of a site within the Multisite cannot install plugins or themes. This must be done by the so-called “Super Admin” of the Multisite.

Advantages of a Multisite

You have multiple websites, but fortunately, only one WordPress installation to update. You don’t have to go through each WordPress site individually. The same applies to the plugins; the plugins in the main folder are used, so you don’t need to go through all the plugins of each site.

Is a Multisite less secure than having 2-3-4 separate WordPress websites?

It entirely depends on how you handle the sites.

The risk with separate sites is that you might not update everything on time.
The downside of a Multisite is the problem that arises once attackers gain access to your database, as they can directly access the content of all sites.

When considering a Multisite, you should also take into account that it may face more database attacks, as it is linked to multiple websites.

The use of strong passwords, unique usernames, and up-to-date plugins are the key to securing any type of setup.

Facts & myths about securing WordPress

/0 Comments/in

There are many WordPress users, even website developers, and hosting companies who are not aware of the following:

Fact: Restoring an old backup is NOT a permanent solution for a hacked website

This may seem like a solution to many, as they often think that the hacked files are removed from the server. However, they are surprised when signs of the site being hacked reappear within 1-7 days. How is that possible?

Often, only the file responsible for spam or data transmission is removed, but the vulnerability still exists. This vulnerability could be an old version of WordPress, a theme, or a plugin.

What to do

After restoring the backup, you cannot sit back; that’s when the real work begins!

  1. Update/replace all plugins
  2. Update/replace WordPress
  3. Check for theme updates
  4. Secure the website
  5. Secure the server
  6. Change database and user passwords

Fact: Updating plugins does not solve the hack

When you click “update” in your WordPress plugin area, only the files are updated (at the time of writing), not the entire plugin.

plugin updaten wordpress

In short, hack files may still remain, and they are not removed.

Myth: Once secured, always secured

If only that were true. No matter how well you secure the website now, the plugins you currently use are tested by many hackers for possible exploits. If they find a vulnerability that bypasses WordPress rules, there is no security measure that can stop them. This is simply because a plugin has administrator rights, allowing it to write files in intended folders.

Myth: There is a known or hired hacker personally targeting my site

wordpress hacker

No, in 99% of cases, no one is specifically targeting your website. Unless you are Porsche, Nike, or royalty.

These are automated programs trying thousands of WordPress sites and entering those that are not properly secured or not up-to-date.

So, why was my WordPress website hacked?

Someone wrote a script a while ago that searches for WordPress websites and places advertisements using known vulnerabilities.

Fact: A hacker can manipulate the website regardless of server security measures

The hacker doesn’t need to upload or modify files on the server to hack the website.

Even if your entire server is blocked so that each file is only readable and not modifiable…

The hacker can give commands to existing files through vulnerable forms (XSS) or the navigation bar of your website. In this way, they can add information to the database, leaving your site open or adding unwanted texts & links to your website.

Myth: A more expensive hosting provider guarantees a safer website

You can think of it like a Ferrari dealer; no matter how well the car is developed and maintained, they have no control over how you drive it and cannot prevent accidents or theft.

Myth: Paid premium plugins are safer than free plugins

We often come across cases where paid plugins are hacked. These plugins are widely used and promoted on various websites, reaching a large audience.

Also, creators of paid plugins often have just as busy schedules, if not busier, than hobbyists creating plugins. This means that security updates may be delayed.

Myth: More registered members mean a higher risk of being hacked

Each additional member is an additional entry in the database, but members with the roles of subscriber, writer, or editor have specific rights and limitations that prevent them from accessing plugins or settings.

This is how to backup the MySql Database

/0 Comments/in

PhpMyAdmin is one of the most commonly used and well-known tools for managing your database.

PhpMyAdmin is available on 8 out of 10 hosting providers’ servers and can often be accessed via:

www.yourdomain.com/phpmyadmin

(Or they may have a different unique address for security reasons, which you usually receive in the first information email from the hosting provider)

Backing up the MySQL Database

Logging in directly to phpMyAdmin

If you have a link, a login screen will appear. Enter the database Username and password here.

 

After logging in, you will see many options, but fortunately, you only need to make a few choices to create a database backup.

  1. Select the database for which you want to create a backup
  2. Click on the “Export” tab, which is the fourth one from the top

Then click on “Start”!

Tabellen-exporteren-mysql

Your browser will then start downloading the database. It will be saved as an SQL file, which you can import again in the future if needed.

The SQL file can be quite large, and sometimes, importing it later can be difficult due to browser limitations. So, it’s best to compress the SQL into a ZIP file.

Or…

Exporting the backup as a ZIP file

When exporting, click on “Custom” (See example image above) and select “zipped” in the output options.

mysql als zip downloaden

Save your MySQL file in a location where you can easily find it later. It may be automatically saved to your Desktop or Downloads folder, but it’s better to save it in your documents folder with a name that includes the date and website.

Accessing phpMyAdmin through DirectAdmin

If you don’t have a direct link to phpMyAdmin but have DirectAdmin, follow the steps below to access phpMyAdmin.

mysql database inloggen

mysql aanklikken

 

Zo kun je een hele grote MySql database importeren

/0 Comments/in

Dealing with a large database, such as a WordPress website with hundreds of products or pages, can result in a database size of 10-50 up to even 600 MB.

Sometimes, you may need to restore your database backup or import it after switching hosting providers.

A database larger than 100 MB cannot be imported using PhpMyAdmin since it can only import files up to 9 MB through the browser.

wordpress database import

Step 1 – Download BIGdump

Bigdump is a script that you can download here.
(Or here if their site is not working)

Step 2 – Connect BIGdump to your database

You have just used the link to download the file, and you have extracted it to get a php file.

Open the file bigdump.php with your favorite editor (even Notepad on Windows will do) and enter the database information where the data needs to go.

database gegevens

Save the file and place the bigdump.php file on the server of the website where you want to import the database.

Step 3 – Upload the large database to the server

Place the database, the SQL file, in the same folder as the BIGdump.php file. (You can use an FTP program like FileZilla)

Step 4 – Use the file

Next, go to the following URL in your browser:
www.yourwebsite.com/bigdump.php

IF you have entered the database information correctly, you will see this:
database importeren

And if you have done Step 3 correctly, you will also see this:Voorbeeld

This means that it has found a file that you can import!

Click on ‘Start import’ to import your large database!

If you encounter any errors on your screen, check the FAQ from the developer of BIGdump.

WordPress shows a white screen, now what?

/0 Comments/in

If problems occur with code from plugins, themes, or WordPress itself, you may not always see an error. Sometimes, you’ll only see a blank screen!

This can be incredibly frustrating as you won’t know what’s going wrong. However, there’s a reason why you only see a blank screen.

The empty page without an error is a security measure since detailed error information can be used by hackers and scripts to hack the website.

A blank screen on all pages or only in the Admin

It’s possible that your website still works on the front-end for visitors, but your admin panel shows a blank screen, preventing you from managing the website. Regardless of where it occurs, it’s a problem that needs to be resolved.

Does a white screen indicate that the website has been hacked?

Usually NOT. The most common causes of a white screen are conflicts between code in plugins.

Why do I have a blank screen without any apparent reason?

  1. A blank screen in WordPress can occur spontaneously when you have “automatic updates” enabled. At that moment, you may not be aware, but a lot happens in the code that can cause conflicts.
  2. Sometimes, you may see a white page when the hosting has a problem with the server, but this is very rare. In such cases, there is usually an “error 500”.
  3. Sometimes, a hacker injects code to render your admin panel unusable.

Resolving the blank screen issue

There are various ways to resolve it, and we will document some common problems and solutions here.

Displaying errors

Start by enabling the “display of errors”.

You can do this by opening the wp-config.php file with an editor/FTP program. In the wp-config.php file, you’ll find a line with the debug_mode that you need to set to true.

Often, this will immediately display one or more errors on the page, allowing you (with some Googling and puzzling) to understand what’s going wrong. The error often indicates which script the error occurs in and even on which line!

Ps: As programmers at WPbeveiligen, we often don’t need to Google to identify the problem; we can usually fix it immediately. So, choose convenience and assurance and send us a message.

Is the screen still blank after enabling error display?

Then, try the trial-and-error method through the options below.
Trial-and-error simply means eliminating possibilities that could be causing the issue until you find the problem.

Possibility #1: A blank screen due to plugins

Plugins may sometimes collide due to code, causing the website not to load. If you can still access your admin panel, try deactivating them one by one until you find the culprit.

If you cannot access your admin panel, you can do this via FTP by renaming them one by one, effectively deactivating them.

Possibility #2: A blank screen due to the theme

If your theme or template fails to load, you will see a blank screen on your website but your wp-admin will still work. Try temporarily using a different theme. If this resolves the issue, you can try placing a clean version of your used theme or have someone look at the code in your theme to fix it.

Possibility #3: A blank screen due to hacked code
hacker-wordpress-white-screen

Very rarely, a hack script may cause a collision or an error on your pages. Typically, hackers and hack scripts aim to work stealthily, so the spam script can operate for as long as possible before detection.

One technique used by hackers is to render the admin panel unusable with a blank screen, but they usually want to keep the front-end of your website intact.

However, an advertisement injection may cause issues, exposing their activities.

Tip: Restore from a backup

If your website regularly creates backups, you can restore it. This saves a lot of time searching and coding!

Get the problem resolved by us

We’ve been working with WordPress for years and can often fix a blank screen issue within 1 hour. The costs are not high, but the convenience is!

Click here and get the problem resolved now!

Using Contact Form 7

/0 Comments/in

What is Contact Form 7?

Contact Form 7 is a plugin for WordPress that allows you to create contact forms in various languages. You can create multiple contact forms per website and customize them with different fields. In addition to text fields, you can use date fields, dropdowns, acceptance checkboxes, radio buttons, and more.

How to use Contact Form 7?

First, download the Contact Form 7 plugin through your admin > plugins > new plugin.

After installing and activating Contact Form 7, you will see a new menu item called “Contact.”

Select “Add New”.

new contact form

Next, you can add a new contact form in the language of your choice. Let’s choose the default language, which is Dutch.

ScreenHunter_56 Jun. 02 21.12

After selecting the language, you will see buttons to generate new shortcodes for fields, dropdowns, radio buttons, etc.

contact form 7 new fields

This is the power of Contact Form 7. You can add new fields and create a wide variety of forms, from standard contact forms to forms allowing visitors to sign up or complete registrations based on different questions and options.

Shortcodes: Technical yet flexible

Contact Form 7 generates a form that looks a bit technical using the buttons. Despite the initial learning curve, it offers many possibilities.

shortcodes-contact-form-7

Explanation: On the left, you see the field label, such as “Your Name.” Below that is the shortcode [text * your-name]. “Text” indicates the type of field, in this case, a standard text field. You’ll also notice a * which indicates whether the field must be filled out. If left empty, the form will not be submitted, and a red line will appear around the field with an instruction to fill it out.

You can change the field layout; they are currently displayed in paragraphs, but you can place them in divs side by side, etc. The order does not affect the functionality of the form.

contact form

In the image above, you can see how such a field/shortcode is generated. (Please note, this has changed in the latest updates! You will still see the code that needs to go into the email, but it is less noticeable as it is no longer displayed prominently in the green box.)

You can set a default value, for example, @ or http://. This value will already be in the field, and users can add to or delete it. Clicking on the placeholder ensures that only a sample text is displayed, which disappears when the field is selected.

Formatting and information in the email

Every shortcode you add to the form must also appear in the “Mail” tab.

Only then will the information be included in the email sent. As shown in the image below, you can set the sending address, the email title, and use simple [text-1] shortcodes to display the information in the email in the desired order.

contact form 7 mail settings

Additional features for added convenience

There are some functions that make Contact Form 7 even more practical. One of them is the Mail “2” function, located towards the bottom in the settings. When you check this option, you can compose an email that is sent as a copy to the form submitter, for example.

additional mail

The security of Contact Form 7

One of the most important questions is, of course, how secure is Contact Form 7? When you see all the input fields, you might think of a possible XSS problem, an injection, as a programmer.

From our experience, we can say that Contact Form 7 is a good and stable plugin.

We have been using Contact Form 7 for various websites for over 5 years and have never encountered any issues with its functionality or security!

The plugin is regularly updated and has a solid foundation. We often use Contact Form 7 for clients when their current contact form sends spam, which can occur with contact forms included with a theme or poor-quality contact form plugins.

Wat gebeurt er bij het updaten van WordPress?

/0 Comments/in

Wij werken meer dan 14 jaar met WordPress, sinds het allereerste begin van WordPress. Wij vertellen je in dit artikel vanuit onze jarenlange ervaring wat er mis kan gaan tijdens het updaten van WordPress zodat jij weet waar je op moet letten tijdens het updaten van je WordPress website.

Of, als je jouw website zo snel mogelijk weer live wilt hebben: geef ons dan de opdracht om het op te lossen!

Wat gebeurt er bij het updaten van WordPress?

de expert voor het updaten van wordpress

Stap 1 – De backup

De backup: Idealiter wordt eerst een backup van de website gemaakt.
Dit is om gegevensverlies te voorkomen als er iets misgaat tijdens de update.

Veelgemaakte fout: Ervan uitgaan dat de webhoster dit doet, het is namelijk zo dat niet iedere webhoster dit doet, of vaak genoeg backups maakt. Soms is een backup 14 tot 30 dagen oud waardoor je nieuwste berichten, paginas of webshopbestellingen er niet in opgeslagen zijn.

Stap 2 – download van de update

Downloaden van Update: WordPress downloadt de nieuwste versie van de software.

Voorkomende fout: Er is niet voldoende ruimte om de update te downloaden en WordPress wordt zo niet ge-update. Let hierop omdat een verouderde WordPress website mogelijk zwakheden bevat waar hackbots en hackers gebruik van kunnen maken.

Stap 3 – Uitschakelen van de site

Uitschakelen van de Site: Tijdelijk wordt de site in onderhoudsmodus gezet. Bezoekers zien een bericht dat de site wordt bijgewerkt.

Voorkomende fout: Het under construction-bestand dat de onderhoudsmodus toont blijft na de update staan.

Stap 4 – De installatie

De installatie: De nieuwe versie van WordPress of de plugin wordt geïnstalleerd. Dit omvat het uitpakken van bestanden en het vervangen van oude bestanden door nieuwe.

Voorkomende fout: De schrijfrechten staan niet goed waardoor de nieuwe bestanden niet geplaatst kunnen worden.

Stap 5 – Database update

Database Update: Soms zijn er updates nodig voor de WordPress-database. WordPress voert deze automatisch uit.

Zeldzame fout: Heel soms werkt de database niet mee, dan loopt de database update vast, maar dat komt gelukkig vrij weinig voor. Wat wel vaak voorkomt is dat je even op de database update knop moet drukken wanneer je in wilt loggen in je admin. Wat geen probleem is, je kunt daar gewoon op klikken. Ook als niet-beheerder.

Stap 6 – Heractiveren van de site

Heractiveren van de Site: Na de update wordt de site uit de onderhoudsmodus gehaald en weer normaal toegankelijk voor bezoekers.

Voorkomende fout: Het under construction-bestand dat de onderhoudsmodus toont blijft na de update staan, sommige bestanden zijn niet goed geupdate en er ontstaan errors. Van simpele errors die je kunt verhelpen door WordPress opnieuw te uploaden tot tijdelijke error 500’s wanneer de server er niet meer uitkomt.

Het kan ook voorkomen dat je browser enorm cached, dan zie je de error of update pagina’s terwijl je website wel succesvol geupdate is.

Stap 7 – De controle

De controle: Het is aan te raden na de update de site te controleren op eventuele problemen of fouten. Dit omvat het controleren van de functionaliteit en het uiterlijk van de site.

Soms werken plugins of thema’s niet meer samen met de nieuwste update van WordPress. Soms vallen daardoor functies uit, of krijg je errors die je moet verhelpen door de plugins ook bij te werken.

Het komt voor dat je door de WordPress update niet meer in je admin kunt komen, dan moet je de update van de plugins, het thema of WordPress (maar net welke de error veroorzaakt) handmatig doorvoeren op de server.

Wij kunnen dit ook voor je doen, gemiddeld zijn we daar een half uurtje tot uur mee bezig. Het hangt er natuurlijk vanaf hoeveel plugins je hebt en of je al weet waardoor het verkeerd gaat.

Neem contact met ons op voor het verhelpen van je probleem.

Let op het risico van automatisch updaten!

Automatische WordPress updates die niet succesvol afgerond worden kunnen je website onbereikbaar maken voor bezoekers, waar je soms pas na dagen achter komt.
Wij raden daarom soms aan om handmatig te updaten

Updaten van WordPress, zelf doen of uitbesteden?

wordpress update uitbestedenAls je een belangrijke bedrijfswebsite hebt, en zeker bij een webshop, met WordPress en WooCommerce, is het aan te raden om je website door ons te laten updaten.

Wij maken backups, updaten je website en controleren of alles nog werkt

Al voor 25 euro per maand.

  • Backups naar een externe data-kluis
  • Beveiliging
  • Monitoring
  • Error hulp

Laat je website updaten & beveiligen