wordpress Archives - Brewed to Perfection

Is Your WordPress Username ‘admin’?

by Dark Roast Design | Feb 23, 2017 | wordpress

I was having lunch with a friend of mine, who manages a kitchy shop that sells wine ephemera. Totes, and bottle openers and novelty vine racks. It’s called something cute like, ‘Pinot’. She told me that the boss was asking her to do some minor updates to what she refered to as ‘a wreck of a website’. It was made with wordpress, many years ago, and wasn’t properly maintained.

She said something like, ‘It can’t possibly be secure, I’m surprised it hasn’t been hacked already.’

I asked, “Why, is the password ‘pinot123′?’

Her jaw dropped, and I asked another question, “Is your wordpress username, ‘admin’?”

Admin is the kind of the default administrator username for wordpress. Some of the newer quick install programs make you choose something else, but not all of them do. Using ‘admin’ as your username just makes it that much easier for someone to worm their way into the back end of your site. So, choose another username.

My friend then asked me to give her a few other tips to make her site more secure. Here are some that you should be able to do in less than an hour.

Use a unique username for your Administrator Account. We discussed this above. Having an ‘Admin’ username floating around is asking for trouble
Use a different username for your blogging. The account I used to write this blog, ‘Dark Roast Design’, is an editor account. If people hack into the site using this username, they still won’t have admin access. Nobody needs to know what your Admin username is, except for you.
Add The Ithemes Security Plugin. This will give you all sorts of ability to protect and monitor your site. Not the least of which is the ability to blacklist users who try to log in using the ‘admin’ password. I do actually get several email notifications daily about this very thing. It’s happening.
Add the wSecure Lite plugin. This plugin will allow you to hide your login page. Most wordpress pages use /wp-admin as their login page. Try adding it to this homepage. You get redirected to the homepage. wSecure adds a custom string, which only you will know.
Backup, Backup, Backup. This will help to reduce your risk, but you aren’t bulletproof. I’m actually concerned that posting this article will be seen as a challenge, and I know that this site, and no site, really, is 100% secure, all the time. To this end, you’ll want to make regular back ups of your site. Some hosting companies will do that for you on a regular basis, and some wont. A good, easy solution is to use the ‘All in One WP Migration’ plugin, and export your site regularly. If anything happens, you can then import your backup, and your site will be as good as new.

I wish you good luck with all of this, and a happy, and healthy site. Of course, if you would like help with any of this, or want to consult about your site on any level, please feel free to reach out.

Is One WordPress Plugin Ruining Your Business?

by Dark Roast Design | May 21, 2016 | wordpress

Sometimes, when we’re new to building wordpress sites, we can get a little overzealous when it comes to plugins. There is an enormous collection of free software out there, and we want it. We want all of it. We aren’t even sure what we are going to do with it, but we know we need it. We don’t realize that making our site too heavy, and too slow to actually be a good tool for us to grow our business. Too much dead weight can effectively slow down our website to the point where it is totally unusable, and a liability.

I was recently hired to do a redesign. Her main priority was that her site was not mobile responsive, and she needed it to be. She was also concerned that it was loading very slowly. Her site was out of date, and clearly hadn’t been cared for or maintained in quite some time.

The wordpress software itself was version 4.4, and 11 of the 36 installed plugins also needed to be updated. Yes, 36.

When I see something like this, the first thing I do is run the Plugin Performance Profiler, or P3. This plugin scans all of your plugins, and among other things, tells you which plugins are having the greatest effect on load time. You can then start make informed decisions, weighing the pros and cons of certain pieces of software.

Scanning the site was eye opening. There was one plugin that was responsible for 60% of the page load time, and 11 queries. It was a plugin for custom sidebars, which is great, because we certainly weren’t going to need that in the redesign. Looking a little deeper, it turns out that the current website wasn’t even using it. There were no extra custom sidebars on the site at all. Her website was slow to the point of being broken, and for no reason whatsoever. All because someone thought that it might be cool to have custom sidebars, maybe sometime in the future.

We deleted the plugin, and page load time was fractionalized. I’ve included before and after screenshots, so you can take a loot. I’ve also included a picture of the p3 scan of this site. I don’t have any plugins loaded except for the ones that the developer included with the theme, Yoast SEO, and Jetpack. The theme is simple, and light, and does everything I need it to. You’ll see that Jetpack registers as loading very slowly, but it’s not a true measurement, Jetpack and P3 don’t exactly communicate perfectly. But that is a topic for another blog.

Anyhow, the site wasn’t done there. There was lots more work to do. But I wanted you to see the effect one plugin can potentially have. It doesn’t have to be this way. Use the P3 plugin to see what’s what. Or call me, I’ll do an audit of your site.

Thanks!

Before

After

Dark Roast Design Scan