, , , ,

Convert Any Static HTML site to a WordPress site

In the beginning (of the web) all websites were made with nothing but text and static HTML. Now though, over 20 years later, the web is a much different place. Web sites are much more complex. They provide richer and more enjoyable experiences for site creators and visitors alike.

Convert Any Static HTML site to a WordPress site

This is in large part thanks to open source projects like WordPress. Which, over the last ten years or so, has succeeded in its core mission to democratize online publishing (and a lot more in the process) so that anyone with a WordPress install and the right theme/plugins can have a modern website with advanced design and functionality. No coding–not even HTML!–required.

divi

This is Divi by yours truly, Elegant Themes. This is one of the most advanced WordPress themes on the market today. And it requires zero coding ability to use!

This is why to avoid WordPress users like myself, it’s almost hard to believe that in 2015 someone might still be operating a static HTML website instead of a WordPress website with a theme and plugins. But the fact is there are still a significant amount of active HTML only sites out there. (Or HTML with a bit of CSS.)

Granted, these site owners may have good reasons for not upgrading or converting. Maybe their site content never changes and the simple formatting and design already in place is serviceable? Or maybe it’s less of a hassle than worrying about keeping a WordPress site updated? Both are valid reasons (among others). Prime examples of, “Don’t fix what isn’t broken.”

However, I have a feeling that these might not be the primary reason some (perhaps many) haven’t made the leap. The most obvious one being that they simply don’t know how to convert their HTML site into a WordPress site. Especially without losing content or needing to do excessive formatting on a page by page basis.

Thankfully, as is often the case with WordPress, there are a number of ways to go about solving this problem. I’ve compiled some options below.

Your Options for Converting a Static HTML site to a WordPress site

How you choose to convert your static HTML site into a WordPress site will no doubt depend on your personal preference, desired time/monetary investment, and skill level with code. You will have to be the one to decide which is best for you, but with the summaries below you should be able to decide quickly and skip straight to the most relevant information in this post for your specific situation.

There are three main options:

1. Manually create a WordPress theme based on your current static HTML site.

This will require you to get into your code. You will have to access your current site directory via FTP and use your existing code as a starting point. From there you will need to create the necessary files for a WordPress theme and copy bits of code from the WordPress codex. This is fairly simple and straightforward if you have some experience with HTML, CSS, and a bit of PHP.

2. Install a pre-made theme and simply migrate your content.

This is probably the best option at the intersection of simplicity and value. Assuming you already have to host your current website, you will only need to spend money if you choose to purchase a premium theme. The plugin we will use for importing content is freely available in the official WordPress Plugin Repository.

3. Paying to have an HTML to WordPress conversion service re-create your site.

This is the easiest solution, as it doesn’t require you to do much of anything. However, it will not do much for familiarizing you with WordPress and the cost will vary depending on who you choose to hire. I won’t be covering this option in the sections below because if this is the route you are interested in, you can simply do a quick search for service providers and they will take care of the rest.

Preparing for HTML to WordPress Conversion

No matter which route you decide to take below, there are a few things you will want to do before diving in.

The first is choosing a hosting plan. You’ll want to look over the options that are out there and decide on a package that best fits your needs. Or perhaps you’d like to create a local WordPress installation instead? You can always migrate it to a hosting service later.

Once you’ve chosen, you will need to install WordPress and log into WP Admin. This is the point at which our two possible paths divide.

Manually Converting Your Static HTML Site to WordPress

If your goal is to not only get your content from your static HTML site into WordPress but also duplicate your current design, this means you will need to create your own custom theme. Thankfully, that is not as scary as it might sound at first. It only involves creating a few folders and files, a bit of copy and paste, and then uploading the result.

You’re going to need a code editor such as Sublime or Notepad++ and access to both your HTML site’s directory and your new WordPress install’s directory.

Step 1: Create a New Theme Folder and Necessary Files

On your desktop, create a new folder to hold your theme files. Name it whatever you’d like your theme to be named.

Next, create a few files (which all go in your new theme folder) in your code editor. Don’t do anything to them just yet. Just leave them open for further editing.

  • Style.css
  • Index.php
  • header.php
  • sidebar.php
  • footer.php

Step 2: Copy Existing CSS Into New Stylesheet

If you’re looking to duplicate a design, this probably means you have at least some CSS that you want to save. So the first file you’re going to want to edit is your Style.css file.

To begin, add the following to the top of your file.

/*
Theme Name: Replace with your Theme's name.
Theme URI: Your Theme's URI
Theme URI: Your Theme's URI
Description: A brief description.
Version: 1.0
Author: You
Author URI: Your website address.
*/

After this section simply paste your existing CSS below. Save and close the file.

Step 3: Separate Your Current HTML

Before we get into step three, let me give you a quick note on how WordPress works. WordPress uses PHP to call and retrieve pieces of data from its underlying database. Each file that we’re using in this little tutorial is designed to tell WordPress which part of your site content is to be displayed and where.

So when I say we are going to “chop up” your existing HTML, what we’re actually doing is simply cutting and pasting parts of your existing code into the different files we’ve just created, so that WordPress will know where to display them.

Here we go.

First, open your current site’s index.html file. Highlight everything from the top of the file to the opening div class=”main” tag. Copy and paste this section into your header.php file, save and close.

Second, go back to your index.html file. Highlight the aside class=”sidebar” element and everything inside it. Copy and paste this section into your sidebar.php file, save and close.

Third, in your index.html select everything after your sidebar and copy and paste it into your footer.php file, save and close.

Finally, in your index.html file, select everything that’s left (this should be the main content section) and paste it into your index.php file. Save, but do not close yet.

You can close your index.html file now however and move on to the final steps. Almost done!

Step 4: Finalize Your Index.php File

In order to finalize your new theme’s index.php file, you need to make sure it can call up the other section (besides the main content) that are housed in the other files you’ve created. Or in other words, put back together the elements we just “chopped up”.

At the very top of your index.php file, place the following line of PHP.

<?php get_header(); ?>

Then, at the very bottom of your index.php file, place these lines of PHP.

<?php get_sidebar(); ?>
<?php get_footer(); ?>

And finally, we have to add what’s called The Loop. This is the primary bit of PHP that WordPress uses to display your post content to visitors. So the final step in creating your new theme’s index.php file is adding the code below within the content section.

<?php if ( have_posts() ) : ?>
<?php while ( have_posts() ) : the_post(); ?>
  <div id="post-<?php the_ID(); ?>" <?php post_class(); ?>>
    <div class="post-header">
       <div class="date"><?php the_time( 'M j y' ); ?></div>
       <h2><a href="<?php the_permalink(); ?>" rel="bookmark" title="Permanent Link to <?php the_title_attribute(); ?>"><?php the_title(); ?></a></h2>
       <div class="author"><?php the_author(); ?></div>
    </div><!--end post header-->
    <div class="entry clear">
       <?php if ( function_exists( 'add_theme_support' ) ) the_post_thumbnail(); ?>
       <?php the_(); ?>
       <?php edit_post_link(); ?>
       <?php wp_link_pages(); ?> </div>
    <!--end entry-->
    <div class="post-footer">
       <div class="comments"><?php comments_popup_link( 'Leave a Comment', '1 Comment', '% Comments' ); ?></div>
    </div><!--end post footer-->
    </div><!--end post-->
<?php endwhile; /* rewind or continue if all posts have been fetched */ ?>
    <div class="navigation index">
       <div class="alignleft"><?php next_posts_link( 'Older Entries' ); ?></div>
       <div class="alignright"><?php previous_posts_link( 'Newer Entries' ); ?></div>
    </div><!--end navigation-->
<?php else : ?>
<?php endif; ?>

Save your index.php and close. Your theme is now finished! All that’s left is to upload it to your WordPress website.

Step 5: Upload Your New Theme

Now that you’ve created your theme files and have them all stored within your new theme folder, you’re going to need to access your new WordPress install’s directory.

Place your new theme folder inside /wp-content/themes/. Then navigate back to WP Admin > Appearance > Themes and your newly created theme should appear there. Go ahead and activate it!

All that’s left to do at this point is populate your new WordPress website with your old site’s content. Follow along with the section below (skipping over the part about using a pre-made theme) to see how that is done.

Using a Pre-Made WordPress Theme and Importing HTML Content

If the steps above seem too intensive or time-consuming to you then rest assured, there is another way. Instead of converting whatever design you happen to be working with right now into a WordPress theme, you can take advantage of any one of the thousands of themes available in the broader WordPress marketplace.

There are free themes and there are premium themes. Before deciding which is best for you, you may want to read upon which themes are designed to cater to your needs and browse by theme category here at Elegant Themes and elsewhere.

Once you’ve chosen a theme you like (and have its zipped file package downloaded) you’ll want to head back to WP Admin > Appearance > Themes > Add New and install/activate your new WordPress theme.

Once this is done, you will have a new WordPress website and theme–but little else. When you preview your site, it will be empty of content and probably look sort of boring. That’s ok because next, we are going to import your old site’s content.

In WP Admin go to Plugins > Add New and search for a plugin called HTML Import 2 by Stephanie Leary. Once this plugin is installed and activated, follow its handy user guide to import your entire directory of HTML pages. Complete with images!

After this, you will have all of your old content living on WordPress and formatted by your new theme. Or, if you created your own theme above, your site should pretty much look like it did before–just running on WordPress.

In Conclusion

If you’ve used this post as a guide for migrating your website onto WordPress then you’ve just joined one of the largest open source communities in the world. Welcome! It’s a fun place with lots of developers, designers, bloggers, DIYers, and more–all building, playing and creating with WordPress and WordPress themes/plugins.

If you’ve “caught the WordPress bug” the official WordPress.org website is chock full of useful themes, plugins, and other resources. If you’d like to further tweak your theme files, explore the Codex for seemingly endless tips, tricks, and variations.

And of course, we hope you’ll stick around to chat in the comments below and subscribe to more blog posts in the future.

, , , ,

Easy Way to Create Privacy Policy for Your Blog in Just Minutes

Most professional blogs have a privacy and disclosure policy. These policies can be very important to your blog, as they inform your readers about some of the more legal aspects of your website.

However, writing your own privacy policy or disclaimer can be extremely hard unless you’ve had years of law school or have extra cash to pay a high priced lawyer.

I’ve found two free websites that will take the place of your lawyer and help you create a privacy policy and disclaimer for your site.

Like a business, every blog should have a privacy policy that represents the legal aspects of the blog. If you are a blogger, you might have noticed that every professional blog has a privacy policy page.

A privacy policy page contains legal aspects of your blog, and it helps your readers to know about how the blog collects its data and how you monetize the blog.

If you want to monetize your blog with Google AdSense or Amazon Affiliates, you should know that both programs require a privacy policy page on your blog that discloses how you collect, use and store data from visitors and use cookies.

I’ve heard that a lot of people didn’t get AdSense approval because of not having a privacy policy. This is the same for other Ad Networks. And Amazon Affiliate Program also requires a privacy policy. So it’s crucial to have a privacy page for your blog.

There are many other advantages of having a privacy page for your blog. Some of them are:

  • Most online people like privacy as they are sharing personal info (Like Email) with you.
  • It helps your readers or users to know what you do with their data.
  • It is required by third-party websites and ad servers.
  • Having a privacy page represents that you respect the privacy.

Making or writing a privacy page is not an easy task if you want to do it by a lawyer. You have to pay some extra cash to your lawyer. But there’s a better and easy way. You can use Online Blog Privacy Policy Generator to make your privacy policy page.

In this post, I’ll show you how to create a privacy policy for the blog using FreePrivacyPolicy.com.

Note: If you are in a hurry and want to create a privacy policy for your website quickly, go to this website and provide your site information and advertising networks. Then click on “Generate Privacy Policy”.

However, if you have time, you should follow the below guide to creating a custom and effective privacy policy.

HOW TO CREATE PRIVACY POLICY FOR YOUR BLOG

FreePrivacyPolicy.com is the best online privacy policy generator, which helps over 500,000 sites to generate their privacy policy. To create a privacy policy, you have to give answers to some questions. It will help them to customize the policy according to your needs.

Now follow these simple steps.

1. At first, go to FreePrivacyPolicy.com and click on “Free Privacy Policy” button.

Free-Privacy-Policy

2. On the next page, you need to give answers to some easy questions. After giving all answers, click on “Next” button.

Privacy-Policy-Questions-1

3. Then you need to provide answers about what kind of personal information you collect from your blog and what you do with the information. And click on “Next” button.

Privacy-Policy-Questions-2

4. The next step is very important if you collect credit card information. You will be asked about PCI complaint, Malware scans, and SSL certificate. All of these are important to protect credit card information. If you don’t collect credit card information, you can check on ‘No’ and give the reasons.

Then click “Next”.

Privacy-Policy-Questions-3

5. Then you will be asked whether you use cookies or not. If you check ‘Yes’, you need to answer why you use cookies.

6. Now you need to give information about third-party disclosure.

7. The next step is about Google AdSense. It’s a very important step if you monetize your blog with Google AdSense or want to be Google AdSense Publishers.

8. Then it will ask you to be compliant with CalOPPA. It means California Online Privacy Protection Act. If anyone from California visits the site, then the CalOPPA requires a privacy policy.

Once you are compliant with CalOPPA, it will ask if you specifically market to children under 13.

9. Then it will ask you to be compliant with the FTC’s Fair Information Practices.

10. On the next page, you need to provide your contact information to be compliant with CAN-SPAM. You also need to provide additions CAN-SPAM questions.

11. Now enter your name and email address. And it will take you to a Congratulations page. Go to the bottom of the page and click on “Continue” button.

If FreePrivacyPolicy offers anything, ignore this for now and click on the “No, Thanks” link. And click on “Continue” button again.

And finally, download the Free Privacy Policy.

privacypolicy

It’s a .htm file.

12. Copy the Privacy Policy text and go to your WordPress Dashboard.

Click on Pages > Add New. Give the Page title as “Privacy Policy” and paste the privacy policy text in the editor. Publish the page and add the page link to blog footer.

Conclusion

Hope this post helped you to create a Privacy Policy for your blog. If you found this post useful, help me by sharing this post on Facebook, Twitter, or Google+.

However, if you have any question regarding this, feel free to ask us via comment. Also, let us know if you’ve used any other Privacy Policy Generator tools.

, , , ,

SEO Tips That You Must Start Employing Today

Every individual owing a website desires to see their web page on top of Google’s search results. To achieve this, each person strives towards making panda and penguin happy by setting every on-page SEO element right. In return, they hope that Google acknowledges the efforts and their site is gifted with a promotion in ranks. It often happens that even after setting every on-page SEO element right your site does not rank as desired.

This is where the role of off-page SEO comes into play. Offline SEO strategies play a major role in promoting your site and in certain situations prove to be more vital than on-page SEO strategies. You must be thinking what is so important about off-page SEO. A greater insight will help you understand the strategy better.

SEO Tips That You Must Start Employing Today

Points to ponder on:-

Off-page SEO refers to activities you undertake outside the boundaries of your website which help your web page to get ranked higher in Google’s search results. Mentioned below are 11 easy steps which if followed will not only make the bird and the bear happy but also raise your SERP ratings by considerable levels.

1. Blogs:-      

One of the greatest ways to promote your website in today’s world – blogs are meant to be written. Posting blogs on your website at regular intervals will engage Google more as regular updates will indicate that your site is under constant maintenance and activity. As Google prefers active sites as to dormant ones, this will help to give you a surge in SERP ratings. Moreover, regular blog posts will give your visitors a reason to return to your site at regular intervals.

Blogs should preferably consist of unique contents such as tutorials, question-answer forums and trending video links to keep your visitors engaged. In addition to this, you should comment on other blogs same as your genre, participate in question-answer forums which give you a chance to post a link to your blog in their comment or answer section. If visitors find it relevant, your site traffic is sure to increase.

2. Social Bookmarking:-      

Penguin and Panda love popular bookmarking sites such as Reddit, Stumbleupon, etc. Posting your blog links in these websites can give you a ranking surge as a content of these websites is updated regularly. If your blog has valid content which is related to the information on this site, people could find it useful to click on your link giving you that raise in ranking.

Bookmarking also helps to promote an author’s name to the world. If you have posted a link to your blog or website to Reddit and people there find it helpful and relevant to their needs, they are likely to share it more. This will help Google identify it as a genuine and relevant site which will help the site to get ranked higher through the process.

3. Acquire backlinks:-   

Acquire backlinks

I am sure, as a website owner, you would love to receive valid links to your site from trusted sources and so does Google. Receiving backlinks from higher ranked authentic sites will put your website in Google’s good books. If you are thinking how does it help? Well, web crawlers see that site as consisting of useful and relevant information. Useful content is always appreciated and awarded by Google.

But be careful as Penguin does not like spam links. Suppose your website represents clothes, while you receive a backlink from a blog post related to cars. Penguin identifies these as spams and would result in the de-ranking of your site. Therefore be sure to check you link surely.

4. Social Media Promotion:-      

Social Media Promotion

You are surely aware of all the major social networking sites such as Google+, Facebook, LinkedIn, Twitter, and Instagram. Then you should also be aware of how to use it to give a push to your site’s SERP ratings. If not, then have a read.

Sharing your website or blog in one of these social networking sites offer a chance of free promotion. Since Facebook and Twitter are considered to be the biggest online platforms today, sharing your work in these places is sure to attract more viewers than any other place.

5. Market Forums:-      

Forum marketing involves getting involved in communities related to your genre. You can participate in online forums discussing a particular topic relevant to your website or blog. As a return, you can post “Do follow” links to your website with a chance of increasing online traffic. This also helps search engines to find your site more easily.

With the help of marketing forums, you can make yourself known to everybody. Moreover, if your site has unique and valuable content, visitors are likely to share it on other platforms giving that all needed exposure.

6. Local Listing techniques:-      

Instead of targeting a global audience, local listings are an important technique you can apply if it goes with your website’s niche. This also enables Google to find your site easily. Local listing refers to an online profile that will contain your company name, phone number, location and the service it provides. You can do local listing by submitting your site to Google Maps, Yahoo local, Yellow Pages, and Google+ Local.

7. Guest Blogging:-      

Guest-Blogging

If you can put in a little more labor for the good of your site, then guest posting is a very effective way. All you need to do is write and post content on some other websites or blogs related to your genre. When visitors see your website name mentioned in several places on a trusted website, they will judge your site as a reliable source of information which in turn will help your website’s traffic.

So how is it done? As mentioned, writing content and publishing it on another website is only the first step. What follows is putting a link to your website, sharing it on social media and keep visiting to answer queries and comments. Guest posting will help you build relations with you readers and is an effective way to get yourself known to others.

8. Submit to search engines:-      

This is considered as an effective way of internet marketing to increase rankings of a website or webpage. You can directly submit your website to search engines such as Google, Yahoo or Bing. You can submit your website to two processes. Either you can submit one page at a time by using webmasters tools or you can submit your entire website. This is done by submitting the home page of your site to as many search engines as possible.

9. Directory Submission:-      

Listing your site in several directories or databases under concerned categories or subcategories is known as directory submission. Proper directory submission will enable you to get exposure, provide reliable backlinks and will help increase your blog’s overall earning. Chances are there, that you might also get paid post opportunities.

10. Ask:-      

Simply asking for a link is often quite beneficial what many of the bloggers forget to do. Suppose, your blog name has been mentioned in any article but without a link, you can simply ask that respective author to include a link to your blog. Moreover, you can also ask for a mention of your blog in return for a similar favor if both blogs are the same niche. Both bloggers gain equally and also helps up in building contacts.

11. Link Baiting:-      

The process by which you can get your visitors to share your website’s link is known as link baiting. The primary criteria of successful link baiting are creating quality and unique content. You should be able to make your readers believe that your site has that piece of information that is worth sharing.

In addition to this, do not forget to come up with engaging and attractive content which will compel a reader to click on your site. It must be kept in mind that one tactic is related to the other. Without quality content, an attractive link has no value. Similarly, in the absence of a catchy link, visitors are less likely to click on your site even if you have a catchy content written inside.

 SEO-Search-Engine-Optimisation

What are the benefits of using off-page SEO?

You can get the following advantages by using off-page SEO strategy the correct way:-

  • More traffic:
    As your page ranks higher, your website gets more visitors, followers and social media shares. This is a never ending process where the only criterion is to create good content and regularly update your website.
  • Online Branding:
    If your website manages to please Google through its offline SEO strategies, you will be rewarded for your hard work with online branding facilities from larger companies. In other words, large e-commerce sites will want to hire your page for advertising their products. This, in turn, increases not only your page value but generate that extra income.

Final words:

Therefore, it can be seen that not only online SEO’s, but off-line SEO strategies are very important as well. A survey from trusted sources has shown that people spend 70% of their time maintaining on-page SEO and the remaining 30% goes to off page SEO. Experts recommend a more balanced approach to make your site more SEO friendly. You must remember Google loves pages better optimized for SEO and that is what everyone is striving for today.

 

, ,

The Ultimate WordPress Security Guide – Step by Step (2017)

WordPress security is a topic of enormous significance for each site proprietor. Every week, Google blacklists around 20,000 sites for malware and around 50,000 for phishing. On the off chance that you are not kidding about your site, then you have to focus on the WordPress security best practices. In this guide, we will share all the top WordPress security tips to help you ensure your site against programmers and malware.

While WordPress core software is very secure, and it’s audited regularly by hundreds of developers, there is a lot that can be done to harden your WordPress website.

At WPBeginner, we believe that security is not just about risk elimination. It’s also about risk reduction. As a website owner, there’s a lot that you can do to improve your WordPress security (even if you’re not tech savvy).

We have a number of actionable steps that you can take to improve your WordPress security.

To make it easy, we have created a table of content to help you easily navigate through our ultimate WordPress security guide.

Ready? Let’s get started.


Why is Website Security Important?

A hacked WordPress site can cause serious damage to your business revenue and reputation. Hackers can steal user information, passwords, install malicious software, and can even distribute malware to your users.

Worst, you may find yourself paying ransomware to hackers just to regain access to your website.

The Ultimate WordPress Security Guide – Step by Step (2017)

In March 2016, Google reported that more than 50 million website users have been warned about a website they’re visiting may contain malware or steal information.

Furthermore, Google blacklists around 20,000 websites for malware and around 50,000 for phishing each week.

If your website is a business, then you need to pay extra attention to your WordPress security.

Similar to how it’s the business owners responsibility to protect their physical store building, as an online business owner it is your responsibility to protect your business website.

Keeping WordPress Updated

Wp updates

WordPress is an open source software which is regularly maintained and updated. By default, WordPress automatically installs minor updates. For major releases, you need to manually initiate the update.

WordPress also comes with thousands of plugins and themes that you can install on your website. These plugins and themes are maintained by third-party developers which regularly release updates as well.

These WordPress updates are crucial for the security and stability of your WordPress site. You need to make sure that your WordPress core, plugins, and theme are up to date.

Strong Passwords and User Permissions

strong passwords

The most common WordPress hacking attempts use stolen passwords. You can make that difficult by using stronger passwords that are unique for your website. Not just for WordPress admin area, but also for FTP accounts, database, WordPress hosting account, and your professional email address.

The Role of WordPress Hosting

Your WordPress hosting service plays the most important role in the security of your WordPress site. A good shared hosting provider like Bluehost or HostGator take the extra measures to protect their servers against common threats.

However, on shared hosting, you share the server resources with many other customers. This opens the risk of cross-site contamination where a hacker can use a neighboring site to attack your website.

Using a managed WordPress hosting service provides a more secure platform for your website. Managed WordPress hosting companies offer automatic backups, automatic WordPress updates, and more advanced security configurations to protect your website

WordPress Security in Easy Steps (No Coding)

We know that improving WordPress security can be a terrifying thought for beginners. Especially if you’re not techy. Guess what – you’re not alone.

We have helped thousands of WordPress users in hardening their WordPress security.

We will show you how you can improve your WordPress security with just a few clicks (no coding required).

If you can point-and-click, you can do this!

Install a WordPress Backup Solution

backup

Backups are your first defense against any WordPress attack. Remember, nothing is 100% secure. If government websites can be hacked, then so can yours.

Backups allow you to quickly restore your WordPress site in case something bad was to happen.

There are many free and paid WordPress backup plugins that you can use. The most important thing you need to know when it comes to backups is that you must regularly save full-site backups to a remote location (not your hosting account).

7 Best WordPress Backup Plugins Compared (Pros and Cons)

  1. BackupBuddy
  2. UpdraftPlus
  3. BackWPUp
  4. BackUpWordPress
  5. Duplicator
  6. WP-DB-Backup
  7. VaultPress (with Jetpack)

We recommend storing it on a cloud service like Amazon, Dropbox, or private clouds like Stash.

Based on how frequently you update your website, the ideal setting might be either once a day or real-time backups.

Thankfully this can be easily done by using plugins like VaultPress or BackupBuddy. They are both reliable and most importantly easy to use (no coding needed).

Best WordPress Security Plugin

After backups, the next thing we need to do is set up an auditing and monitoring system that keeps track of everything that happens on your website.

This includes file integrity monitoring, failed login attempts, malware scanning, etc.

Thankfully, this can be all taken care by the best free WordPress security plugin, Sucuri Scanner.

You need to install and activate the free Sucuri Security plugin.

Upon activation, you need to go to the Sucuri menu in your WordPress admin.

sucuriadminmenu

The first thing you will be asked to do is Generate a free API key. This enables audit logging, integrity checking, email alerts, and other important features.sucurifreeapi

The next thing, you need to do is to click on the Hardening tab from the Sucuri Menu. Go through every option and click on the “Harden” button.sucuriharden

These options help you lock down the key areas that hackers often use in their attacks. The only hardening option that’s a paid upgrade is the Web Application Firewall which we will explain in the next step, so skip it for now.

We have also covered a lot of these “Hardening” options later in this article for those who want to do it without using a plugin or the ones that require additional steps such as “Database Prefix change” or “Changing the Admin Username”.

After the hardening part, most default settings of this plugin are good and doesn’t need changing. The only thing we recommend customizing is the Email Alerts.

The default alert settings can clutter your inbox with emails. We recommend receiving alerts for key actions like changes in plugins, new user registration, etc. You can configure the alerts by going to Sucuri Settings » Alerts.

Enable Web Application Firewall (WAF)

The easiest way to protect your website and be confident about your WordPress security is by using a web application firewall (WAF). The firewall blocks all malicious traffic before it even reaches your website.

This WordPress security plugin is very powerful, so browse through all the tabs and settings to see all that it does such as Malware scanning, Audit logs, Failed Login Attempt tracking, etc.

sucuriwaf

We use and recommend Sucuri as the best web-application firewall for WordPress. You can read about how Sucuri helped us block 450,000 WordPress attacks in a month.

sucuriattackblockchart

The best part about Sucuri’s firewall is that it also comes with a malware cleanup and blacklist removal guarantee. Basically, if you were to be hacked under their watch, they guarantee that they will fix your website (no matter how many pages you have).

This is a pretty strong warranty because repairing hacked websites is expensive. Security experts normally charge $250 per hour. Whereas you can get the entire Sucuri security stack for $199 per year.

WordPress Security for DIY Users

If you do everything that we have mentioned thus far, then you’re in a pretty good shape.

But as always, there’s more that you can do to harden your WordPress security.

Some of these steps may require coding knowledge.

Change the Default “admin” username

In the old days, the default WordPress admin username was “admin”. Since usernames make up half of login credentials, this made it easier for hackers to do brute-force attacks.

Thankfully, WordPress has since changed this and now requires you to select a custom username at the time of installing WordPress.

However, some 1-click WordPress installers still set the default admin username to “admin”. If you notice that to be the case, then it’s probably a good idea to switch your web hosting.

Since WordPress doesn’t allow you to change usernames by default, there are three methods you can use to change the username.

  1. Create a new admin username and delete the old one.
  2. Use the Username Changer plugin
  3. Update username from phpMyAdmin

Note: We’re talking about the username called “admin”, not the administrator role.

Disable File Editing

WordPress comes with a built-in code editor which allows you to edit your theme and plugin files right from your WordPress admin area. In the wrong hands, this feature can be a security risk which is why we recommend turning it off.

File editing

You can easily do this by adding the following code in your wp-config.php file.

// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );

Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.

Disable PHP File Execution in Certain WordPress Directories

Another way to harden your WordPress security is by disabling PHP file execution in directories where it’s not needed such as /wp-content/uploads/.

You can do this by opening a text editor like Notepad and paste this code:

<Files *.php>
deny from all
</Files>

Next, you need to save this file as .htaccess and upload it to /wp-content/uploads/ folders on your website using an FTP client.

Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.

Limit Login Attempts

By default, WordPress allows users to try to log in as many time as they want. This leaves your WordPress site vulnerable to brute force attacks. Hackers try to crack passwords by trying to log in with different combinations.

This can be easily fixed by limiting the failed login attempts a user can make. If you’re using the web application firewall mentioned earlier, then this is automatically taken care of.

However, if you don’t have the firewall setup, then proceed with the steps below.

First, you need to install and activate the Login LockDown plugin.

Upon activation, visit Settings » Login LockDown page to setup the plugin.

loginlockdown

Change WordPress Database Prefix

By default, WordPress uses wp_ as the prefix for all tables in your WordPress database. If your WordPress site is using the default database prefix, then it makes it easier for hackers to guess what your table name is. This is why we recommend changing it.

Note: This can break your site if it’s not done properly. Only proceed, if you feel comfortable with your coding skills.

Password Protect WordPress Admin and Login Page

passwordprotected

Normally, hackers can request your wp-admin folder and login page without any restriction. This allows hackers to try their hacking tricks or run DDoS attacks.

You can add additional password protection on a server side which will effectively block those requests.

Add Security Questions to WordPress Login Screen

loginsecquest

Adding a security question to your WordPress login screen makes it even harder for someone to get unauthorized access.

You can add security questions by installing the WP Security Questions plugin. Upon activation, you need to visit Settings » Security Questions page to configure the plugin settings.

Fixing a Hacked WordPress Site

Many WordPress users don’t realize the importance of backups and website security until their website is hacked.

Cleaning up a WordPress site can be very difficult and time-consuming. Our first advice would be to let a professional take care of it.

Hackers install backdoors on affected sites, and if these backdoors are not fixed properly, then your website will likely get hacked again.

Allowing a professional security company like Sucuri to fix your website will ensure that your site is safe to use again. It will also protect you against any future attacks.

,

Beat Security Measures For Your WordPress Website

With frequent instances of WordPress sites getting hacked and the CMS long history of security exploits, it has become difficult for organizations and individuals to trust the CMS for their website. But proper measures can actually render strong security to a website built upon the seemingly insecure platform. Here, follows a list of some of the important security measures for a WordPress website:

Use A Strong Password

Choose to employ a unique and strong login password for the admin panel of your website. Make sure your password is of an appropriate length and is a mixture of special characters, alphabets, and numerals. Additionally, you can check the strength of your password by using an online tool.

Beat Security Measures For Your WordPress Website

Beat Security Plugins For Your WordPress Website

By employing suitable security plugins in your WordPress website, you can scan your website and hosting for potential threats and malware, remove them, block attacks and add security layers. An example of a popular security plugin is the WordPress Fence plugin, which has features such as website scan for malware and malicious code, blocking brute force attacks, and scanning website hosting.

Beat-security-services

Here to download Security Plug-ins. That is free. 

Update WordPress Version, Plugins & Theme

83% of hacked WordPress blogs do not use an updated version, 23% of hacked WordPress blogs get hacked due to vulnerable plugins, and 29% of WordPress hacking instances have happened due to vulnerable themes. Looking at the data, it is important that one employs updated versions of WordPress plugins, themes and the platform itself. Moreover, since the platform notifies about available updates through its admin dashboard, keeping your site components updated is not a difficult task.

Perform Regular Back-Ups

Our digital world sees new kinds of threats every day and it is very much possible that despite adopting the best security measures, your site gets hacked. So always keep copies of your website databases, content, images, and other website content. It will help you restore your website easily.

With the implementation of the above-mentioned measures, you can keep your WordPress website secure to a great extent.