Anyone who has had their site hacked or blacklisted knows how important it is to stay on top of WordPress Security.
Yes, you should use the lastest versions of WordPress core and for the most part the latest version of plugins. But of course incompatibilities arise so be careful when updating.
The #1 security measure I suggest is to remove “admin” user – many robots will assume you have a “admin” user and try to guess the password. By keeping this default user name you are giving away half of the username+password puzzle that is the barrier between your site getting hacked and your site staying safe.
Another concept is that some plugins change the way WordPress works so it’s more secure while others focus on malware scanning to see if anything has been hacked. Sucuri is a great plugin that scans for hacks – you can do the same free scan from their website. You can also pay them to actively scan and they will actually fix any issues that come up. Code Garage does backups as well as malware monitoring so that’s a good option to explore also.
Plugins that do many security tasks
- WordFence: This is a great new plugin I’m testing out that offers a complete solution for free with an optional paid upgrade that actively scans your site from the outside to make sure it has not been hacked. So it combines security edits with malware monitoring.
- Better WP Security: I’ve been using this one for a while and it’s great. It has a “one-click” feature that will harden a number of security features very quickly.
- A good handful of features: Secure WP
- WP Security Scan
Plugins that solve smaller pieces of the security puzzle
- Login LockDown an older simple plugin that works well but has not been updated recently. Getting the many emails it sent help me learn how many bots were randomly attacking my sites.
- Login Lock: like the above with with a few extra useful features like a button to force logout for anyone logged in. This plugin is no longer supported. another replacement option: Login Security Solution
- Limit Login Attempts: yup, another plugin with similar features.
- The name says it all: the Replace WP-Version plugin
- Updated SSL Plugin: forces ssl anywhere passwords are asked for
- Timthumb vulnerability scanner: does a bit more than just check for that one giant security issue…
WordPress Ecommerce folks at instinct.co.nz have a great checklist for how to secure WordPress
GoodSync is a utility that provides all the tools you need to keep your data safe and up-to-date. It works by synchronizing (and backing up) files such as MP3s, Office docs, photos, financial documents, between desktop HD/SSD, laptops, servers, and all manner of thumb/external drives.
GoodSync is very user-friendly—its’ got a geeky but usable UI and is full of functionality. If you need a too to backup your data to protect it from crashes or need to synchronize complex data on a network, this tool makes it simple to keep you data current and safe.
- Syncables 360
- Allway Sync
GoodSync for Mac
Works amoung Mac OS devices or between Macs and cloud services like Amazon S3 and Google Drive. Connect to other computers and devices by using GoodSync Connect , which finds other devices installed with GoodSync on the internet or over a local network in a peer-to-peer style. Performs syncs over a number of other networks, including (s)FTP and WebDAV. Or sync with clouds including Amazon S3, Amazon Cloud Service, Microsoft SkyDrive, Google Drive (Docs), MobileMe iDisk, and Windows Azure. You can also sync with mobile systems like WinMobile and BlackBerry devices.
Important notes about GoodSync for Mac
- Free version gives 3 or fewer jobs and 100 or less files and folders in each job.
- You need one license per computer
- You do not uninstall the old version of GoodSync before installing a new one unless you want to install into a different folder. The new version will keep the options and settings of the previous one.
- Any data stored in a file can be synchronized
GoodSync for Mac review and tips
Tip: It’s important to create a folder at the destination first. I wanted to synchronize a folder “C:\testfolder” to a second drive (F). When I just set Good Sync “C:\testfolder” as the source and point it to F (as root) I thought Good Sync would create the folder for me but that’s not what happens. You will get a message indicating the folder on F drive does not exist. If you tell it to go ahead and synchronize no files are copied.
Tip: The default is for Good Sync to only synchronize when you manually tell it to. You can change that under View – Options- Job name. You can tell it to synchronize automatically under a number of different schedules.
Bottom line: A great option for syncing data, a mature tool that can cover the bases for many use case scenarios.
I just soft-launched this new site. Their product is not available quite yet but will be sold on the site soon. It’s a new kind of cocktail mixer – but also used for non-alcoholic drinks like sodas. Based on a traditional “shrub” : It is prepared with an acidic fruit base pickled in vinegar and then sweetened with sugar and finally used as a mixer with spirits such as rum or vodka to make a rum-shrub or vodka-shrub.
Shrub & Co elixirs add depth and complexity to your drinks with a clever combination of sweet and savory notes. Rescued from the obscurity of the colonial era and reimagined for today’s craft cocktail enthusiast, our shrubs enhance your favorite concoctions.
visit: Shrub & Co | Cocktail mixer
Here’s something that’s been bugging me for a long time.
Now, I know the folks at Apple work hard to make the small details shine. I’ve had a couple acquaintances who have been involved with great hardware design there over the years. I have heard stories about the wonderful keyboard design (the super fast keyboard that I’m typing on at the moment). I’ve heard about the great lengths engineers went to to sync the sleep pulsing light of the Mac monitor and the Mac tower years ago. And the “sleeping heartbeat” or “breathing” pulsing LED itself that is on many of the Apple products is a patent that took some skill to pull off (I think it is actually blinking really fast since LEDs don’t dim the way incandescent bulbs do). See “Breathing status LED indicator” patent that describes “The LED indicator is energized by pulse-width modulated electrical pulses” that my friend Jory Bell helped invent.
So why is this strange little UI element so backwards?
When Time Machine is operating the Finder window sidebar icon and the icon in the Mac menu bar spin in opposite directions. If that pulsing light makes the “sleepy ghost” in the machine feel alive then this detail makes the machine seem like the left hand does not know what the right hand is doing.
While I’m at it – here’s a fun old screenshot of debug mode in mobile Safari showing Apple’s own store and how it generated 2 errors. That’s all cleaned up now I see but when the Debug Console was first introduced it was fun to turn that tool on it’s maker.
Crafty Cart was a great free WPEC (WordPress e-Commerce plugin) theme that I customized for a couple sites. But the developers seem to have disappeared so I’ve moved on to other WordPress ecommerce starter themes like those from Storefront Themes.
What I like about Crafty Cart is the playful design. It also features:
- Simple product management options.
- Fun and simple way to browse categories.
- All the customizable power of the WordPress eCommerce system.
- Want to try it out? See download link below.
Crafty was useful as a starting theme – as I mentioned I used it twice. It had some issues with IE and had a number of CSS cleanups to go through but came out well in the end. Let me briefly show some of the e-Commerce customizations I made.
Meeks Design Handbags craft eCommerce
My customizations on this site include making the product list only show image and name without price or ‘buy now’. I designed the logo and the over all “I’m busy crafting” branding that matches the aesthetic of the fabrics used in the products. This project included business card and other print collateral. I trained my client to use the site and manage inventory, sales reports and other WordPress eCommerce features.
Sugar Petals cake decorations and food eCommerce
This project features a wholesale-only setup that only shows pricing to those that have applied and been approved for an account. The design started with their existing logo and created a new look that blended into their existing branding materials. I trained my client in how to accept new wholesale customers and manage a complex set of product and pricing tier options via the WordPress eCommerce coupons functionality.
Download Crafty Cart theme
Since it’s hard to find this theme online anymore, here’s a download link – this is the whole original theme but none of my customizations. This is still a great theme but one important feature that it is missing is a responsive design that makes it easier to purchase from a mobile device.
A great new payment option is Stripe – it is a Payment Gateway which means you can sell stuff online, take credit cards on your site yet avoid any recuring monthly fees. I have not used it but hope to try it soon. Has anyone out there used it with WordPress? WPEC is oftem set up with PayPal Payments Pro but that’s $30/month so not a great option for smaller scale merchants.
Here’s a great summary of services that more or less copy Square – they take payments on a mobile phone. Article courtesy of David Pogue’s blog. He also talks about Square’s in store payment system.
Intuit offers something called GoPayment, with a rather huge phone attachment and a complicated rate structure. It advertises a 2.7 percent rate, but the fine print reveals that you’ll pay 3.7 percent for reward cards, American Express and corporate cards.
A company called mPower is aimed at big companies that want the money to flow directly into their own accounts — not be deposited first into a holding account, as Square, Intuit and others do. PayAnywhere’s notable feature is that it takes the lowest cut of all: 2.69 percent.
And then there’s the elephant that’s just barged into the room: PayPal. Its rate is a hair lower than Square’s 2.7 percent, and its reader is a triangle instead of a square. The reader is more stable than the Square when you swipe the card, but it’s relatively giant.
via As Pay-by-Phone Advances, Square Takes Another Leap – State of the Art – NYTimes.com.
Card readers for stripe:
- Innerfence makes it easy to accept face-to-face payments with your Stripe account.
- CardFlight enables you to easily accept in-person payments in your own mobile application.
I recently redesigned this site that I launched last year. It features hover-based “teasers” and a Netflix-inspired interface. It’s got a modular custom content type that will grow as they add more serials. You can submit your own writing via a Gravity form so you don’t have to be a WordPress expert to update the content.
SerialTeller is devoted to serials drawn from all areas of fiction ranging from science fiction and fantasy, to mysteries, thrillers, and romance. Serial fiction has been around for hundreds of years and has been the basis for some of the greatest works of literature known to man including those created by Charles Dickens and Sir Arthur Conan Doyle.
There is a new, lower-cost option coming for the WP e-Commerce Plugin. It launched in April 2012 and is called: “PayPal Payments Advanced” and it will soon be a great option for WordPress ecommerce.
Up till now you had to pay the full “PayPal Payments Pro” $30/month fee. But soon this new $5/month option will give you almost all the same features. WPEC does not support this new gateway yet but I think soon we will see more integration for “PayPal Payments Advanced”. There is an option to use PayPal’s API to set up a gateway now but there is a greater efficiency in waiting for the community to fully support ongoing maintenance of that gateway.
As far as I can tell now, “PayPal Payments Advanced” will not give the fully seamless experience that “pro” offers. PayPal will have some of its branding on the checkout page. Here’s the screenshot that PayPal provides in their API PDF.
If users choose to fill out this payment form they stay on the store site. If they click “pay with my PayPal account” the go off to paypal.com. So this is not as professional of a solution but it’s close and for smaller stores it will be a welcome choice.
“PayPal Payments Pro” also gives you Virtual Terminal but you can get that same functionality via Square Up for no monthly fee (and they don’t even charge a fixed fee beyond the 2.75% as long as a physical card is present although the forthcoming PayPal Here will do the same at 2.7%). I look forward to the day that Square offers an online payment gateway but no word on that yet.
PayPal Payments Pro vs Website Payments Pro
Now one thing to keep in mind is that the names of these PayPal accounts are very confusing. “Website Payments Pro” used to be the name and now it’s called “PayPal Payments Pro”. Not to be confused with the simpler (older) WPEC gateways “PayPal Express Checkout” and “PayPal Payments Standard”.
Here’s their explaination regarding the name change:
…we’ve dropped the word “website” from our U.S. product names. In the same way that Apple did when it dropped “computer” from its name in 2007 to represent its move beyond the Mac to a comprehensive consumer electronics company, this name change represents our move away from our online heritage to the future of PayPal and the multi-channel nature of payments in the new retail environment.
Note: Website Payments Pro includes Direct Payment, Express Checkout, and additional PayPal solutions and tools, such as Virtual Terminal, Fraud Management Filters, and reference transactions.
many of these plugins need your Flickr API to work. It will look something like this:
This is my favorite—very fully featured for the active Flickr user or just someone who wants to embed Flickr into WordPress. Displays Flickr photos as a gallery or a slideshow that is NOT the Flickr slideshow widget. Many other features: shortcodes, multiple galleries, sidebar widgets, various standard Flickr sizes and orientations.
simple but does not seem to show title. seems faster than the other one we were using. it is live now…
this is nice and simple but only shows the latest one. Or you can set it to show a few but it has limited sizes.
Awesome Flickr Gallery
this looks promising but i didn’t play with it yet. try it out and let me know.
Today I’m launching a new site to feature my fine art photography. It will give me a chance to focus this site on my WordPress website business and related graphic design work. I’ve got some more content to shift around so let’s just call this a soft launch – a secret between you and me.
Have a visit over at arisalomon.com.
Here’s my new logo for my photo work – these business cards arrive monday here at my hotel at the Fotofest conference.