Blog Ideas | Blogging Tips & SEO Blog Topics For Bloggers

Blog Topics From A Candid Blogger






D. Senu-Oke is the author of the following titles: Impact Website Traffic with Fiverr, Fiverr Social SEO - A "Painless" Strategy to SEO, Monetizing Means Something To You - Here Are 45 Ways To Do It Online, Embrace Mobile Space - 10 Little Secrets I'd Like To Share With You and Wordpress Dollars - Ten Easy Ways To Flex And Win on sale now on Amazon and on my E-books page.

Please join the mailing list on the "subscribe" page and stay tuned for future e-book releases, website news, engaging blog updates and posts on monetizing, SEO, mobile info, link building, traffic and other current industry related topics of interest.

Thank you for visiting the Candid Writer.

Filtering by Category: Wordpress Tips

Shellacking The Hacking A Wordpress Security Scoop 2017 2018

Wordpress security isn’t always the first thing that comes to mind when you think of the Wordpress platform is it ?

Let’s face it, Wordpress is pegged to be “the place” to start if you want to create a blog which means that there are different levels of knowledge that come to this platform as people begin to develop their blogs. That sounds pretty reasonable when you consider that of all the millions of blogs online that have been constructed.. nearly 25% of them exist through Wordpress.

Beyond that staggering fact.. there are the newbies, the intermediate crowd and the advanced Wordpress operators.

In reflecting on that for a moment.. which were you when you started a blog or even better yet, which are you now if you haven’t started a website just yet, but are still considering it ?

Secure Wordpress Security Hacker Protection


With that said, there is something very startling to me as I put together this post about Wordpress security. There are more than 60 million sites that use Wordpress yet there are only a few thousand searches on a monthly basis regarding the security of this platform.

Regardless of what the install stats may be, the search data still represents a huge disparity between those who operate a Wordpress website and those who want to understand hardening Wordpress to better secure it.

According to BBC News in a news post back in February 2017, one of the worst attacks in recent times for Wordpress affected more than a million pages including a massive 800,000 attacks in the same timeframe where this event occurred.

Security affects us all but how many of us intentionally think about that in the excitement of getting a domain name and using Wordpress as our CMS platform ? I can tell you that it’s not nearly as many as it should be.

It’s a scary thought to know that all the hard work you invest into putting together meaningful, substantive and helpful content can be taken away in an instant simply because the attention to implementing a Wordpress firewall or not possessing the knowledge of how to improve Wordpress security on your blog has not turned into actionable behavior by the respective owner.

And I’ve been guilty of it myself.

One of the websites that I own uses the Wordpress CMS platform and I did what most people do.

I got online and thought of a decent name for my domain and found a host and installed Wordpress. It was great.

I had my plan, I was up and running after making some tweaks once I accessed my Wordpress control panel and I started adding content right away.

I’d bet 10 to 1 that this is how most people get started with Wordpress.

Everything is in it’s neat little box ready to go for you and it’s plug & play. You don’t have to have any technical knowledge, you don’t have to know a thing about Wordpress because that’s the way it’s designed. It’s designed so that it’s easy. So easy in fact that anyone can start a blog on their platform and true to it’s name and mission, Wordpress lives up to that.

Beyond changing some minor things like how my posts would look, the theme, the look and feel of my dashboard and adding a couple plugins I didn’t do much more in the way of customization.

After more than a 100 posts, I started getting warnings and warnings from my hosting provider that there were multiple attacks being made on my Wordpress website.

Of course, I wasn’t sure what prompted this out of nowhere and I didn’t have a clue as to how I got so lucky as to warrant the attention of hackers ? (just being sarcastic folks).

However, what I came to quickly realize was that in terms of Wordpress security best practices, I was doing it all wrong and was literally raising red flags all over my website that said, hey ! hack me.. I’m vulnerable.

How To Improve Wordpress Security Lessons


Before this, as foolish as I feel about the admission, I really didn’t know anything about how to improve Wordpress security on my blog on the Wordpress platform. I hadn’t even heard of a Wordpress firewall before or had any familiarity with Wordpress security plugins either.

However, was there really a need for me to know ?

I already knew that Wordpress had it’s own basic security so I hadn’t put much thought into beefing it up beyond what it was already equipped with. I could venture to say arbitrarily that maybe 1/16th of Wordpress owners think.. hmmm… what do I need to do to harden Wordpress so I can keep hackers out. It’s just not a common thought that crosses most owners minds with respect to this particular CMS platform and I was surely no exception.

Needless to say I discovered that even beyond my own mistakes, there are definitive Wordpress security issues right out of the box that make you an easy target for hackers if you aren’t aware of what needs to be changed and what you need to do to send a definitive message of, hey.. messing with me is like trying to walk through a brick wall.. it’s not happening here !

I ended up getting attacked several times for several reasons:

  • username was in my url slug (Wordpress uses this as the author url slug by default)
  • no Wordpress firewall
  • no Wordpress security plugin
  • same names used across the site
  • no Wordpress security lockdown
  • no captcha system in place
  • too many settings left the same that were automatically set by Wordpress
  • no bruteforce protections
  • no spam protection
  • no malware protection

Considering everything I was missing that contributed to the constant attacks, it goes without saying that Wordpress security is a very big deal and I was in a heap of trouble if I didn’t do something about this quick.

As I mentioned in one of the bulletpoints above about the username being in my url, let me clarify that further as to why that was such a problem.

Here’s why this is so significant. Wordpress does publish the username in the author slug by default when you start to use the platform and for hackers this is golden.

Your username in your url slug gives hackers HALF of your login credentials. The only thing left for hackers to do from there is guess your password. This can be achieved by a brute force login attack which means they are just going to keep guessing your password until they guess correctly and eventually get access to your website and ultimately take it over.

Once I discovered I was getting attacked, I did some research and found some great tools (e.g. Wordpress security plugins) to put a dramatic halt to this nonsense.

You can read here about my top Wordpress security plugin recommendations to protect your blog from hack attacks.

For the website that I own that I referenced in this post, I went from a thin sheet of paper like protection to a deep brick wall of protection. It was very enlightening to know just how poor my protection was and what it takes to drastically improve it so that I could safeguard my content and hard work from the dangerous attacks from hackers.

Securing Wordpress secures your work and your livelihood. Understanding Wordpress hacker protection is probably the best thing that you can do for your website once you’ve become a Wordpress website owner.

My mistakes may be embarrassing, but the lesson learned was invaluable and hopefully it will also steer you in a direction to employ Wordpress hacker protection for your own Wordpress properties. As I mentioned before, you can read here about my Wordpress security plugin recommendations that I used and found to be extremely helpful in securing Wordpress in a way that I hadn’t thought was possible before.

Thanks for reading. If you liked the post, please use the share buttons below.

#candidwriter #wordpress #security

Wordpress Admin Login Hack | Ethical Hacking Warning

So here's my quick thought, warning or piece of advice on ethical hacking before I get into the rest of this..

-- Just because you can doesn't mean you should --

Wordpress hack - stop ethical hacking


With that said, people put a lot of hard work into the development of their blogs and no one, and I mean no one should login and wreck all the hard work an individual has done to inform others through their own content and knowledge on their subject matter. So if you've been able to utilize this hack that I will speak of in this post, just don't.. and I say that on behalf of anyone that owns a blog.

Now for all those users that either love it or use the Wordpress platform, your blog might be in deep deep trouble. Have you ever heard of the All In One SEO plugin ? Chances are you have... it's been around for quite some time. This SEO plugin helps you address meta tags for your WP blog. It's easy to use and customizable and anyone who's anyone that wants to SEO their blog has probably tried this plugin or is still using it today.

Recently, a flaw has been found in this plugin that leaves your site pretty vulnerable to anyone other than you. This flaw allows a user to login to the wp-admin allowing non-admin users to modify the plugin, elevate non admin users privileges, add vicious coding to your administrative panels so, in short if you allow open registrations to your site YOU ARE AT RISK.

Alright, so now that I've told you the bad news, I know you're wondering, how do I fix this ?!? The fix is very easy.. just update the plugin "now" and that will patch the flaw and you can continue business as usual. Alternatively, you could just upgrade to a different SEO plugin and of course disable and remove the SEO All In One as well and that would fix things too.

Thanks for reading. If you liked the post, please use the share buttons below.

#candidwriter #wordpress #blog

The Candid Writer