Wordpress Tips

The Hack Shattering Wordpress Security Plugins Mighty Duo

Wordpress Security Plugins To Harden And Secure Wordpress Websites


Let’s get familiar with the best of the best in Wordpress security. With that said, in addressing best Wordpress security best practices there are some lessons that are really tough to learn and ensuring that you’ve hardened Wordpress shouldn’t be one of them because it’s completely avoidable.

Now of course there aren’t any guarantees, but after you familiarize yourself with some top rated Wordpress security plugins you’ll be way ahead of many others that haven’t bothered to take the time to do what you’re doing right now.. and that’s learning about how to secure Wordpress from hack attacks.

The first Wordpress security plugin that I’m going to talk about is one of the big boys out there and it’s called the All In One Wordpress Security and Firewall.

In all confidence, I can assure you that this is one of the best Wordpress security plugins that you can find online right now.

This Wordpress security plugin boasts more than 500,000 active installations. It is very popular and for good reason as well.

One of the signature features of this security plugin is the security strength meter that you are shown on the dashboard. This strength meter gives you a security score of your Wordpress website. This feature alone elevates it to uniquely being labeled one of the best Wordpress security plugins available today to compliment it’s suite of other features.

Once you’ve installed it, you’ll see where you are in terms of the strength of your security. The website that I spoke of in my last Wordpress security post was at a score of 35 out of 480 according to the strength meter before I had taken any recommendations to improve the security of that Wordpress website through this plugin.

Needless to say, that site was in bad shape prior to installing the All In One Wordpress Security and Firewall plugin.

When you activate the plugin, you’ll see several items that you’ll need to address. Among those items include the following:

  • Dashboard

  • Settings

  • User accounts

  • User registration

  • File system security

  • WHOIS lookup

  • Blacklist manager

  • Firewall

  • Brute force

  • Spam prevention

  • Scanner

  • Maintenance

  • Miscellaneous

While I won’t go into everyone one of these settings, I will address a small selection of them. So with that said, let’s start with the dashboard.

AIO Wordpress Security And Firewall Strength Meter



As you can see, there are a number of different items that are on your Wordpress security dashboard from this plugin. The only thing that I didn’t show here was the logins from which user, date and IP address.

Nevertheless, there’s a lot of good information at a glance.

You’ll also notice that there were 4 tabs at the top next to the dashboard that include, system info, locked IP addresses, permanent block list and AIOWPS logs (the plugin log files).


The next area that I want to address is the settings tab. This covers as you can imagine general settings, the .htaccess file, wp-config.php file, the WP version info and an import/export section too.

What you can do in these sections is backup your .htaccess file and wp-config.php file.

It’s good Wordpress security practice to back these up just in case for any reason something may warrant the necessity for you to go back to your default files prior to any changes made by your Wordpress security plugins.

In the WP version info, this allows you to remove the information that would state in your websites tags which version of Wordpress you’re running.

This information can be used by hackers to take advantage of vulnerabilities in Wordpress especially if you’re running an older version. This feature in this Wordpress security plugin is an option that can remove that information for every page associated with your Wordpress website.

User Account

In the user account section (remember this default feature brought the hackers knocking on my door), this allows you to change your display name and nickname. These should be different than your username. There is also a password strength meter that gauges how strong your password is as well that you’ll find useful.

AIO Wordpress Security And Firewall Strong Password Meter


With that said, I used a tool to create a password several characters long incorporating different characters and symbols that is much stronger than what I was using prior to the implementation of this Wordpress security plugin.

Database Security

Another feature that I love about this Wordpress security plugin is the database security. If you weren’t already aware, your database is probably one of the most critical components of your Wordpress website because of all the sensitive information that it contains.

The database feature allows you to change the default prefix for your Wordpress database to one of your own choosing. This helps to improve your Wordpress security. I’ve also included a more indepth document from WPBeginner that addresses this.


The last thing that I want to address with this particular plugin is in regards to the firewall. Needless to say, this is absolutely necessary to aid in building up your Wordpress hacker protection.

There are basic and advanced firewall settings essentially providing single or double layers of protection. Additionally, you can enable protection to guard against any bots that are not a trusted Googlebot as well in addition to other notably good features in the firewall section.

While I haven’t gone into every feature of this all in one Wordpress security plugin, what I can tell you is that it’s a serious plugin in the goal of securing Wordpress more exhaustively than where you were when you ran the initial installation of this CMS platform.

The other recommendation I will make for your Wordpress security is Wordfence.

This is by far one of the most popular Wordpress security plugins around. However, beyond it’s obvious popularity, it’s an effective security plugin as well. So there’s good reason for all the attention that it receives.

One feature not seen in other Wordpress security plugins is that if your site has been hacked, they have a site cleaning service that you can buy as seen below:

Wordpress Security Wordfence Site Cleaning Service


A cleaning also gets you a year of their premium subscription services as well.

Additionally, you’ll find that Wordfence protects against malware, spam backdoors, malicious code, automated bots, data mining bots, spam bots, code injectors and more.

Once you install Wordfence, one of the first things that you’ll notice on your dashboard is all the different features that are enabled.

Wordpress Security Wordfence Features Dashboard


Even with the free version, you’ll see that there’s quite a lot of protection. There’s a lot of protection not only for your individual connected Wordpress website but also from their protection for their network too.. just look at all the attacks that are prevented ! It definitely provides a high degree of confidence about their network overall.

Wordpress Security Wordfence Hacker Block Prevention


Another absolutely wonderful feature about Wordfence is their scanner. It works the same way that any internet protection software worth it’s salt would work.

There are updates every 30 days for the free version and updates in real time for the paid version. At face value there isn’t a huge discrepancy between the free and paid when you look at the threat defense feed, but there are definitely some premium options that you get that could certainly be worth it in the paid version that you don’t get as a free user.

With that said, another thing that I love about the scanner is that with respect to any issues that are found, Wordfence provides you fairly decent details about each issue giving you a level of awareness that you don’t typically get with other security packages helping you to decide from a more informed perspective whether you want to fix the issue or not.

Additionally, I think their firewall is a great compliment to the all in one security plugin (assuming you run both at the same time as I do).

You start out in learning mode so that Wordfence can “learn” your website. This helps the plugin to understand how to protect you to the fullest extent possible and this is probably how any security plugin “should work”.

Nevertheless, after a week of learning, what will happen is that the firewall automatically switches from learning mode to enable the firewall to go into full effect.

In terms of addressing Wordpress hacker protection, the learning mode is still effective but it’s effectiveness does increase once it has learned “how to protect your Wordpress website”. Learning how to improve Wordpress security for your website makes this a security plugin that stands apart from most in how it secures your CMS property.

There are many other options to configure with Wordfence but having these two plugin recommendations enabled on your website is sure to harden Wordpress far beyond the basic out of the box version when you start your Wordpress website.

Without question, there are many many more Wordpress security plugins that people may already be using, but I leave this post with these recommendations in full confidence that if you install, activate and use these security plugins that I’ve discussed here in this post today that you’ll be well protected on a very popular platform that gets targeted by hackers everyday.

Wordpress accounts for a quarter of all websites online and that makes it a valuable target for hackers. Wordpress security without any reservations when I say this… is a big deal and I hope that you’ll secure your hard work with the help of the knowledge you’ve gained here today.

Additionally, if you have any Wordpress security plugin recommendations I’d love you to leave a comment to this post or send me an email about your recommendations and experiences about what you’re currently using or have used yourself.

Thanks for reading. If you liked the post, please use the share buttons below.

#candidwriter #wordpress #security #plugins

Shellacking The Hacking A Wordpress Security Scoop

Wordpress security isn’t always the first thing that comes to mind when you think of the Wordpress platform is it ?

Let’s face it, Wordpress is pegged to be “the place” to start if you want to create a blog which means that there are different levels of knowledge that come to this platform as people begin to develop their blogs. That sounds pretty reasonable when you consider that of all the millions of blogs online that have been constructed.. nearly 25% of them exist through Wordpress.

Beyond that staggering fact.. there are the newbies, the intermediate crowd and the advanced Wordpress operators.

In reflecting on that for a moment.. which were you when you started a blog or even better yet, which are you now if you haven’t started a website just yet, but are still considering it ?

Secure Wordpress Security Hacker Protection


With that said, there is something very startling to me as I put together this post about Wordpress security. There are more than 60 million sites that use Wordpress yet there are only a few thousand searches on a monthly basis regarding the security of this platform.

Regardless of what the install stats may be, the search data still represents a huge disparity between those who operate a Wordpress website and those who want to understand hardening Wordpress to better secure it.

According to BBC News in a news post back in February 2017, one of the worst attacks in recent times for Wordpress affected more than a million pages including a massive 800,000 attacks in the same timeframe where this event occurred.

Security affects us all but how many of us intentionally think about that in the excitement of getting a domain name and using Wordpress as our CMS platform ? I can tell you that it’s not nearly as many as it should be.

It’s a scary thought to know that all the hard work you invest into putting together meaningful, substantive and helpful content can be taken away in an instant simply because the attention to implementing a Wordpress firewall or not possessing the knowledge of how to improve Wordpress security on your blog has not turned into actionable behavior by the respective owner.

And I’ve been guilty of it myself.

One of the websites that I own uses the Wordpress CMS platform and I did what most people do.

I got online and thought of a decent name for my domain and found a host and installed Wordpress. It was great.

I had my plan, I was up and running after making some tweaks once I accessed my Wordpress control panel and I started adding content right away.

I’d bet 10 to 1 that this is how most people get started with Wordpress.

Everything is in it’s neat little box ready to go for you and it’s plug & play. You don’t have to have any technical knowledge, you don’t have to know a thing about Wordpress because that’s the way it’s designed. It’s designed so that it’s easy. So easy in fact that anyone can start a blog on their platform and true to it’s name and mission, Wordpress lives up to that.

Beyond changing some minor things like how my posts would look, the theme, the look and feel of my dashboard and adding a couple plugins I didn’t do much more in the way of customization.

After more than a 100 posts, I started getting warnings and warnings from my hosting provider that there were multiple attacks being made on my Wordpress website.

Of course, I wasn’t sure what prompted this out of nowhere and I didn’t have a clue as to how I got so lucky as to warrant the attention of hackers ? (just being sarcastic folks).

However, what I came to quickly realize was that in terms of Wordpress security best practices, I was doing it all wrong and was literally raising red flags all over my website that said, hey ! hack me.. I’m vulnerable.

How To Improve Wordpress Security Lessons


Before this, as foolish as I feel about the admission, I really didn’t know anything about how to improve Wordpress security on my blog on the Wordpress platform. I hadn’t even heard of a Wordpress firewall before or had any familiarity with Wordpress security plugins either.

However, was there really a need for me to know ?

I already knew that Wordpress had it’s own basic security so I hadn’t put much thought into beefing it up beyond what it was already equipped with. I could venture to say arbitrarily that maybe 1/16th of Wordpress owners think.. hmmm… what do I need to do to harden Wordpress so I can keep hackers out. It’s just not a common thought that crosses most owners minds with respect to this particular CMS platform and I was surely no exception.

Needless to say I discovered that even beyond my own mistakes, there are definitive Wordpress security issues right out of the box that make you an easy target for hackers if you aren’t aware of what needs to be changed and what you need to do to send a definitive message of, hey.. messing with me is like trying to walk through a brick wall.. it’s not happening here !

I ended up getting attacked several times for several reasons:

  • username was in my url slug (Wordpress uses this as the author url slug by default)

  • no Wordpress firewall

  • no Wordpress security plugin

  • same names used across the site

  • no Wordpress security lockdown

  • no captcha system in place

  • too many settings left the same that were automatically set by Wordpress

  • no bruteforce protections

  • no spam protection

  • no malware protection

Considering everything I was missing that contributed to the constant attacks, it goes without saying that Wordpress security is a very big deal and I was in a heap of trouble if I didn’t do something about this quick.

As I mentioned in one of the bulletpoints above about the username being in my url, let me clarify that further as to why that was such a problem.

Here’s why this is so significant. Wordpress does publish the username in the author slug by default when you start to use the platform and for hackers this is golden.

Your username in your url slug gives hackers HALF of your login credentials. The only thing left for hackers to do from there is guess your password. This can be achieved by a brute force login attack which means they are just going to keep guessing your password until they guess correctly and eventually get access to your website and ultimately take it over.

Once I discovered I was getting attacked, I did some research and found some great tools (e.g. Wordpress security plugins) to put a dramatic halt to this nonsense.

You can read here about my top Wordpress security plugin recommendations to protect your blog from hack attacks.

For the website that I own that I referenced in this post, I went from a thin sheet of paper like protection to a deep brick wall of protection. It was very enlightening to know just how poor my protection was and what it takes to drastically improve it so that I could safeguard my content and hard work from the dangerous attacks from hackers.

Securing Wordpress secures your work and your livelihood. Understanding Wordpress hacker protection is probably the best thing that you can do for your website once you’ve become a Wordpress website owner.

My mistakes may be embarrassing, but the lesson learned was invaluable and hopefully it will also steer you in a direction to employ Wordpress hacker protection for your own Wordpress properties. As I mentioned before, you can read here about my Wordpress security plugin recommendations that I used and found to be extremely helpful in securing Wordpress in a way that I hadn’t thought was possible before.

Thanks for reading. If you liked the post, please use the share buttons below.

#candidwriter #wordpress #security

The Top Best Good Amazon Books To Read On Wordpress 2017 2018

Love To Read The Top Best Good Books On Wordpress


In blogging, books and (CMS) content management system platforms, there's a name that everyone knows and that is Wordpress. However regardless of how wildly popular Wordpress is, truly understanding what you're capable of achieving and doing within this platform is still a mystery for most.

While it's fair to say that you can be somewhat functional just installing Wordpress and figuring it out as you experiment with it, the reality is that there's a great deal more to learn from those that have additional insight to share on this valuable tool.

So let me ask you a few questions: 

Would you spend more time learning Wordpress if someone could break it down in the most simplest of terms for you ?

How would you feel about learning Wordpress if someone could take you from start to finish as if you were a beginner to fill in the learning gaps that you may have in regards to this blogging platform ?

How would you feel about not just being functional with Wordpress but actually mastering it ?

If any of those questions has left you re-evaluating where you currently are with Wordpress, that maybe there's another level you could reach if you had the right information, that there are strategies that you're missing out on simply because you haven't had access to the right methods or maybe at the end of the day, you've just been too inundated with other things to invest time into this platform... let me share with you some of the most popular information on Wordpress that you should take a peek at and explore for yourself that could be the difference maker in your Wordpress experience online.

However, before we get into the Wordpress top book selections you may also want to view my top book recommendations for Blogging books here when you're done reading this post or maybe even look for a stunning Wordpress theme to compliment your new knowledge on Wordpress too:

Top Books on Blogging

Wordpress Themes That Crush The Competition

With that said, here are my top book recommendations for the Wordpress content management system.

Top Wordpress Books To Read

(1) Teach Yourself Visually Wordpress

George Plumley is the author of this well read book. The author advises that you should not worry about trying to figure out all the things Wordpress can do, but to focus more on what your visitors need. Having developed websites for over 20 years and using Wordpress for a couple years shy of a decade, the author is passionately focused on helping people learn. His book is an extension of this passion. The author discloses that if you're a visual learner then this is the book for you. Reading this book will help you learn more than 150 Wordpress tasks through a visual approach and this unique method may just the engagement you need to explore Wordpress in a way that no one else does. LINK TO BOOK

(2) Wordpress In A Week Or Less

This book is written by Zac Cagaros and is a hit with a lot of people that were enthusiastic and interested in getting up to speed with Wordpress very quickly. With that said, if time is not your friend and you need something quick, meaningful, well presented and insightful, this book just might be exactly what you're looking for to learn the in's and out's of Wordpress. It is well reviewed and will provide an excellent overview of Wordpress in addition to equipping you with the skillset necessary to navigate Wordpress successfully. While it's not dubbed bonus material, you'll also receive necessary information that will help you take the next steps to a successful experience online with your website after you've learned this platform too which has been well received by many of it's book readers. LINK TO BOOK

(3) Wordpress: The Ultimate Beginners Guide

This book is Written by Andrew Johansen and is also highly rated. If you're someone that is seeking to better understand Wordpress fundamentals particularly if you're someone that is starting out and not necessarily familiar with the platform and need a strong foundation moving forward this book may be well suited for your needs. This book also addresses related topics that are connected to operating your website built off of this CMS (content management system) platform. LINK TO BOOK


Top Best Good Books To Read On Wordpress


(4) Wordpress To Go

Sarah McHarry is the author of this title and it comes with hundreds of reviews from people that have enjoyed the content within this book. If you're that person still trying to get over the hurdle of getting your website up and running, then this is going to be helpful for you. With that said, being on the fence about starting a blog is understandable but taking action is necessary to jumpstart the process and that's where this book can be an incredible resource. The material in this book provides helpful insight into learning how to work and navigate Wordpress even if you don't have any technical skills at all. LINK TO BOOK

(5) Professional Wordpress: Design And Development

This book has a few names associated with it that include Brad Williams, David Damstra and Hal Stern. Additionally, this is one of those essential books on Wordpress that you should most certainly have in your library. This book addresses everything from the basics to the advanced so there's a little something in here for everyone. This book continues to see updates from it's authors and is well suited for users with little to no information on this content management system, for those that are somewhat familiar with it and for those that are considered to be more advanced Wordpress users too. It is worth noting that this book is a popular book that has been favorably read by many and will help to strengthen and improve upon just about anyone's limited background on Wordpress. LINK TO BOOK

(6) Wordpress Web Design For Dummies

The author of this book is written by Lisa Sabin-Wilson and covers website creation in depth from the Wordpress perspective. Full of useful information especially for those that have self hosted versions of Wordpress downloaded from their official site (wordpress.org). With that said, if you're not operating with the self hosted version and are using the free version of Wordpress you'll have to click through to my next recommendation below. On another note, as for this book there are many helpful recommendations that are made by the author as well that you'll find helpful as you're learning Wordpress within the content that the author has developed in this book. LINK TO BOOK

(7) Wordpress For Dummies

This is yet another book written by Lisa Sabin-Wilson and this covers the free version of Wordpress in depth. With that said, don't be fooled by the title. This is a comprehensive powerhouse of information. So if you're a true beginner and some of the other books suggestions don't seem like a good fit, this is the one that you've been looking for. A true basic instructional guide for the classic beginner to Wordpress to help you kickstart your blog confidently. LINK TO BOOK

(8) Wordpress: The Missing Manual

Matthew MacDonald, the author of this book, has done a really nice job with the content in what he has written. With that said, he also has more than twelve other books to his name in his accomplishments in literary works. Aside from the author, within the content in this book, you'll find that there's information that will help to improve the basic users foundation and strengthen the intermediate to advanced Wordpress user too. This is the book that can meaningfully fill in the learning gaps of Wordpress for you. LINK TO BOOK

(9) Wordpress Made Super Simple

The author of this book is Jack Davies and this book comes with a near 5 star rating from customers that have read this book. Notably, Jack is knowledgeable about Wordpress, hence all of his insight on the platform that you'll find contained within his book. He's also co-authored other Wordpress books as well. He will set you on a path to learning and understanding this content management system that will help to leverage what you know or don't know about Wordpress in general already. LINK TO BOOK

While this selection may not be inundated with titles of books for days, the selection of books that I've highlighted in this post will provide you with information covering anything and everything you ever wanted to know about Wordpress from start to finish and there's something to meet everyone's needs regardless of how little you know about Wordpress or how advanced you've become.

Thanks for reading. If you liked the post, please use the share buttons below.

#candidwriter #wordpress #books

Disclosure: Affiliate links have been used in this post. Additional clarification can be found in our privacy policy.

Wordpress Admin Login Hack | Ethical Hacking Warning

So here's my quick thought, warning or piece of advice on ethical hacking before I get into the rest of this..

-- Just because you can doesn't mean you should --

Wordpress hack - stop ethical hacking


With that said, people put a lot of hard work into the development of their blogs and no one, and I mean no one should login and wreck all the hard work an individual has done to inform others through their own content and knowledge on their subject matter. So if you've been able to utilize this hack that I will speak of in this post, just don't.. and I say that on behalf of anyone that owns a blog.

Now for all those users that either love it or use the Wordpress platform, your blog might be in deep deep trouble. Have you ever heard of the All In One SEO plugin ? Chances are you have... it's been around for quite some time. This SEO plugin helps you address meta tags for your WP blog. It's easy to use and customizable and anyone who's anyone that wants to SEO their blog has probably tried this plugin or is still using it today.

Recently, a flaw has been found in this plugin that leaves your site pretty vulnerable to anyone other than you. This flaw allows a user to login to the wp-admin allowing non-admin users to modify the plugin, elevate non admin users privileges, add vicious coding to your administrative panels so, in short if you allow open registrations to your site YOU ARE AT RISK.

Alright, so now that I've told you the bad news, I know you're wondering, how do I fix this ?!? The fix is very easy.. just update the plugin "now" and that will patch the flaw and you can continue business as usual. Alternatively, you could just upgrade to a different SEO plugin and of course disable and remove the SEO All In One as well and that would fix things too.

Thanks for reading. If you liked the post, please use the share buttons below.

#candidwriter #wordpress #blog