wordpress plugins

The Hack Shattering Wordpress Security Plugins Mighty Duo

Wordpress Security Plugins To Harden And Secure Wordpress Websites


Let’s get familiar with the best of the best in Wordpress security. With that said, in addressing best Wordpress security best practices there are some lessons that are really tough to learn and ensuring that you’ve hardened Wordpress shouldn’t be one of them because it’s completely avoidable.

Now of course there aren’t any guarantees, but after you familiarize yourself with some top rated Wordpress security plugins you’ll be way ahead of many others that haven’t bothered to take the time to do what you’re doing right now.. and that’s learning about how to secure Wordpress from hack attacks.

The first Wordpress security plugin that I’m going to talk about is one of the big boys out there and it’s called the All In One Wordpress Security and Firewall.

In all confidence, I can assure you that this is one of the best Wordpress security plugins that you can find online right now.

This Wordpress security plugin boasts more than 500,000 active installations. It is very popular and for good reason as well.

One of the signature features of this security plugin is the security strength meter that you are shown on the dashboard. This strength meter gives you a security score of your Wordpress website. This feature alone elevates it to uniquely being labeled one of the best Wordpress security plugins available today to compliment it’s suite of other features.

Once you’ve installed it, you’ll see where you are in terms of the strength of your security. The website that I spoke of in my last Wordpress security post was at a score of 35 out of 480 according to the strength meter before I had taken any recommendations to improve the security of that Wordpress website through this plugin.

Needless to say, that site was in bad shape prior to installing the All In One Wordpress Security and Firewall plugin.

When you activate the plugin, you’ll see several items that you’ll need to address. Among those items include the following:

  • Dashboard

  • Settings

  • User accounts

  • User registration

  • File system security

  • WHOIS lookup

  • Blacklist manager

  • Firewall

  • Brute force

  • Spam prevention

  • Scanner

  • Maintenance

  • Miscellaneous

While I won’t go into everyone one of these settings, I will address a small selection of them. So with that said, let’s start with the dashboard.

AIO Wordpress Security And Firewall Strength Meter



As you can see, there are a number of different items that are on your Wordpress security dashboard from this plugin. The only thing that I didn’t show here was the logins from which user, date and IP address.

Nevertheless, there’s a lot of good information at a glance.

You’ll also notice that there were 4 tabs at the top next to the dashboard that include, system info, locked IP addresses, permanent block list and AIOWPS logs (the plugin log files).


The next area that I want to address is the settings tab. This covers as you can imagine general settings, the .htaccess file, wp-config.php file, the WP version info and an import/export section too.

What you can do in these sections is backup your .htaccess file and wp-config.php file.

It’s good Wordpress security practice to back these up just in case for any reason something may warrant the necessity for you to go back to your default files prior to any changes made by your Wordpress security plugins.

In the WP version info, this allows you to remove the information that would state in your websites tags which version of Wordpress you’re running.

This information can be used by hackers to take advantage of vulnerabilities in Wordpress especially if you’re running an older version. This feature in this Wordpress security plugin is an option that can remove that information for every page associated with your Wordpress website.

User Account

In the user account section (remember this default feature brought the hackers knocking on my door), this allows you to change your display name and nickname. These should be different than your username. There is also a password strength meter that gauges how strong your password is as well that you’ll find useful.

AIO Wordpress Security And Firewall Strong Password Meter


With that said, I used a tool to create a password several characters long incorporating different characters and symbols that is much stronger than what I was using prior to the implementation of this Wordpress security plugin.

Database Security

Another feature that I love about this Wordpress security plugin is the database security. If you weren’t already aware, your database is probably one of the most critical components of your Wordpress website because of all the sensitive information that it contains.

The database feature allows you to change the default prefix for your Wordpress database to one of your own choosing. This helps to improve your Wordpress security. I’ve also included a more indepth document from WPBeginner that addresses this.


The last thing that I want to address with this particular plugin is in regards to the firewall. Needless to say, this is absolutely necessary to aid in building up your Wordpress hacker protection.

There are basic and advanced firewall settings essentially providing single or double layers of protection. Additionally, you can enable protection to guard against any bots that are not a trusted Googlebot as well in addition to other notably good features in the firewall section.

While I haven’t gone into every feature of this all in one Wordpress security plugin, what I can tell you is that it’s a serious plugin in the goal of securing Wordpress more exhaustively than where you were when you ran the initial installation of this CMS platform.

The other recommendation I will make for your Wordpress security is Wordfence.

This is by far one of the most popular Wordpress security plugins around. However, beyond it’s obvious popularity, it’s an effective security plugin as well. So there’s good reason for all the attention that it receives.

One feature not seen in other Wordpress security plugins is that if your site has been hacked, they have a site cleaning service that you can buy as seen below:

Wordpress Security Wordfence Site Cleaning Service


A cleaning also gets you a year of their premium subscription services as well.

Additionally, you’ll find that Wordfence protects against malware, spam backdoors, malicious code, automated bots, data mining bots, spam bots, code injectors and more.

Once you install Wordfence, one of the first things that you’ll notice on your dashboard is all the different features that are enabled.

Wordpress Security Wordfence Features Dashboard


Even with the free version, you’ll see that there’s quite a lot of protection. There’s a lot of protection not only for your individual connected Wordpress website but also from their protection for their network too.. just look at all the attacks that are prevented ! It definitely provides a high degree of confidence about their network overall.

Wordpress Security Wordfence Hacker Block Prevention


Another absolutely wonderful feature about Wordfence is their scanner. It works the same way that any internet protection software worth it’s salt would work.

There are updates every 30 days for the free version and updates in real time for the paid version. At face value there isn’t a huge discrepancy between the free and paid when you look at the threat defense feed, but there are definitely some premium options that you get that could certainly be worth it in the paid version that you don’t get as a free user.

With that said, another thing that I love about the scanner is that with respect to any issues that are found, Wordfence provides you fairly decent details about each issue giving you a level of awareness that you don’t typically get with other security packages helping you to decide from a more informed perspective whether you want to fix the issue or not.

Additionally, I think their firewall is a great compliment to the all in one security plugin (assuming you run both at the same time as I do).

You start out in learning mode so that Wordfence can “learn” your website. This helps the plugin to understand how to protect you to the fullest extent possible and this is probably how any security plugin “should work”.

Nevertheless, after a week of learning, what will happen is that the firewall automatically switches from learning mode to enable the firewall to go into full effect.

In terms of addressing Wordpress hacker protection, the learning mode is still effective but it’s effectiveness does increase once it has learned “how to protect your Wordpress website”. Learning how to improve Wordpress security for your website makes this a security plugin that stands apart from most in how it secures your CMS property.

There are many other options to configure with Wordfence but having these two plugin recommendations enabled on your website is sure to harden Wordpress far beyond the basic out of the box version when you start your Wordpress website.

Without question, there are many many more Wordpress security plugins that people may already be using, but I leave this post with these recommendations in full confidence that if you install, activate and use these security plugins that I’ve discussed here in this post today that you’ll be well protected on a very popular platform that gets targeted by hackers everyday.

Wordpress accounts for a quarter of all websites online and that makes it a valuable target for hackers. Wordpress security without any reservations when I say this… is a big deal and I hope that you’ll secure your hard work with the help of the knowledge you’ve gained here today.

Additionally, if you have any Wordpress security plugin recommendations I’d love you to leave a comment to this post or send me an email about your recommendations and experiences about what you’re currently using or have used yourself.

Thanks for reading. If you liked the post, please use the share buttons below.

#candidwriter #wordpress #security #plugins

Shellacking The Hacking A Wordpress Security Scoop

Wordpress security isn’t always the first thing that comes to mind when you think of the Wordpress platform is it ?

Let’s face it, Wordpress is pegged to be “the place” to start if you want to create a blog which means that there are different levels of knowledge that come to this platform as people begin to develop their blogs. That sounds pretty reasonable when you consider that of all the millions of blogs online that have been constructed.. nearly 25% of them exist through Wordpress.

Beyond that staggering fact.. there are the newbies, the intermediate crowd and the advanced Wordpress operators.

In reflecting on that for a moment.. which were you when you started a blog or even better yet, which are you now if you haven’t started a website just yet, but are still considering it ?

Secure Wordpress Security Hacker Protection


With that said, there is something very startling to me as I put together this post about Wordpress security. There are more than 60 million sites that use Wordpress yet there are only a few thousand searches on a monthly basis regarding the security of this platform.

Regardless of what the install stats may be, the search data still represents a huge disparity between those who operate a Wordpress website and those who want to understand hardening Wordpress to better secure it.

According to BBC News in a news post back in February 2017, one of the worst attacks in recent times for Wordpress affected more than a million pages including a massive 800,000 attacks in the same timeframe where this event occurred.

Security affects us all but how many of us intentionally think about that in the excitement of getting a domain name and using Wordpress as our CMS platform ? I can tell you that it’s not nearly as many as it should be.

It’s a scary thought to know that all the hard work you invest into putting together meaningful, substantive and helpful content can be taken away in an instant simply because the attention to implementing a Wordpress firewall or not possessing the knowledge of how to improve Wordpress security on your blog has not turned into actionable behavior by the respective owner.

And I’ve been guilty of it myself.

One of the websites that I own uses the Wordpress CMS platform and I did what most people do.

I got online and thought of a decent name for my domain and found a host and installed Wordpress. It was great.

I had my plan, I was up and running after making some tweaks once I accessed my Wordpress control panel and I started adding content right away.

I’d bet 10 to 1 that this is how most people get started with Wordpress.

Everything is in it’s neat little box ready to go for you and it’s plug & play. You don’t have to have any technical knowledge, you don’t have to know a thing about Wordpress because that’s the way it’s designed. It’s designed so that it’s easy. So easy in fact that anyone can start a blog on their platform and true to it’s name and mission, Wordpress lives up to that.

Beyond changing some minor things like how my posts would look, the theme, the look and feel of my dashboard and adding a couple plugins I didn’t do much more in the way of customization.

After more than a 100 posts, I started getting warnings and warnings from my hosting provider that there were multiple attacks being made on my Wordpress website.

Of course, I wasn’t sure what prompted this out of nowhere and I didn’t have a clue as to how I got so lucky as to warrant the attention of hackers ? (just being sarcastic folks).

However, what I came to quickly realize was that in terms of Wordpress security best practices, I was doing it all wrong and was literally raising red flags all over my website that said, hey ! hack me.. I’m vulnerable.

How To Improve Wordpress Security Lessons


Before this, as foolish as I feel about the admission, I really didn’t know anything about how to improve Wordpress security on my blog on the Wordpress platform. I hadn’t even heard of a Wordpress firewall before or had any familiarity with Wordpress security plugins either.

However, was there really a need for me to know ?

I already knew that Wordpress had it’s own basic security so I hadn’t put much thought into beefing it up beyond what it was already equipped with. I could venture to say arbitrarily that maybe 1/16th of Wordpress owners think.. hmmm… what do I need to do to harden Wordpress so I can keep hackers out. It’s just not a common thought that crosses most owners minds with respect to this particular CMS platform and I was surely no exception.

Needless to say I discovered that even beyond my own mistakes, there are definitive Wordpress security issues right out of the box that make you an easy target for hackers if you aren’t aware of what needs to be changed and what you need to do to send a definitive message of, hey.. messing with me is like trying to walk through a brick wall.. it’s not happening here !

I ended up getting attacked several times for several reasons:

  • username was in my url slug (Wordpress uses this as the author url slug by default)

  • no Wordpress firewall

  • no Wordpress security plugin

  • same names used across the site

  • no Wordpress security lockdown

  • no captcha system in place

  • too many settings left the same that were automatically set by Wordpress

  • no bruteforce protections

  • no spam protection

  • no malware protection

Considering everything I was missing that contributed to the constant attacks, it goes without saying that Wordpress security is a very big deal and I was in a heap of trouble if I didn’t do something about this quick.

As I mentioned in one of the bulletpoints above about the username being in my url, let me clarify that further as to why that was such a problem.

Here’s why this is so significant. Wordpress does publish the username in the author slug by default when you start to use the platform and for hackers this is golden.

Your username in your url slug gives hackers HALF of your login credentials. The only thing left for hackers to do from there is guess your password. This can be achieved by a brute force login attack which means they are just going to keep guessing your password until they guess correctly and eventually get access to your website and ultimately take it over.

Once I discovered I was getting attacked, I did some research and found some great tools (e.g. Wordpress security plugins) to put a dramatic halt to this nonsense.

You can read here about my top Wordpress security plugin recommendations to protect your blog from hack attacks.

For the website that I own that I referenced in this post, I went from a thin sheet of paper like protection to a deep brick wall of protection. It was very enlightening to know just how poor my protection was and what it takes to drastically improve it so that I could safeguard my content and hard work from the dangerous attacks from hackers.

Securing Wordpress secures your work and your livelihood. Understanding Wordpress hacker protection is probably the best thing that you can do for your website once you’ve become a Wordpress website owner.

My mistakes may be embarrassing, but the lesson learned was invaluable and hopefully it will also steer you in a direction to employ Wordpress hacker protection for your own Wordpress properties. As I mentioned before, you can read here about my Wordpress security plugin recommendations that I used and found to be extremely helpful in securing Wordpress in a way that I hadn’t thought was possible before.

Thanks for reading. If you liked the post, please use the share buttons below.

#candidwriter #wordpress #security

Google This Quick Start Blogging Content And Webmaster Tools Classroom

Blogging Webmaster Tools Google Classroom   Source

Blogging Webmaster Tools Google Classroom


Welcome to my Google classroom of sorts that will grow to be a resource for you in your blogging, content marketing, internet marketing and overall blog journey.

You'll find sections on tools, books and classes that will help you outperform your competition. Bear with me as I organize my classroom resources for you. The goal is that you'll find engaging content and meaningful instruction and tools here to meet your blogging needs regardless of what blogging niche you're in.

Without further adieu lets show you what this classroom has to offer. Be sure to check back often as this classroom resource continues to expand and grow.

Pick Your Area of Interest

Classes | Tools | Books | Affiliate Income | Wordpress


Ampd Up Blogging Webmaster Tools Google Classroom


Online Class: Drive Traffic To Your Blog & Get 1000 Subscribers Using Quora

Brief Description: Old methods may work but your ROI just isn't the same as using channels that are still considered young and new for traffic and growth. This course provides a new lens to grow your blog and your traffic.

Online Class: 25+ Ways To Promote Your Blog And Increase Website Traffic

Brief Description: Your blog is one of the most powerful ways to attract visitors to your site and to generate new leads for your business. It's also one of the fundamental components for Content Marketing. But building a blog isn't enough.

Online Class: Start An Online Business By Building A Wordpress Blog

Brief Description: This is an in depth overview of Wordpress. This course takes you through the nuts and bolts of Wordpress. Very good for someone getting started with the platform and even for the intermediate as it's more than enough for the beginner but has relevant information to offer in it's curriculum even for those that are more comfortable with Wordpress too.

Online Class: Infinite Idea Generation For Blogging And Content Creation

Brief Description: This is a course that will help you with your content generation days when you're stuck. A highly well reviewed course that will provide a different perspective and new blogging insight. It's time to turn the lightbulb on. 

Online Class: Ultimate Guide To Writing Viral Blog Posts

Brief Description: Not so good at English or writing in general ? Well it doesn't matter. If you've got passion to write and reach others, you can write better than you think. This course will fill in the gaps for you in your writing and will help you take your writing to the next level and add some viral sauce to it.

Back To Top


Cheat Sheet Blogging Webmaster Tools Google Classroom


Blogging Success Tool: Long Tail Pro

Chances are good that you've heard of this one. The reason why it's made it into this classroom is because in the keyword game, there is no other tool that finds long tail keywords with the success that Long Tail Pro does. I go into much more of what it can do in this review: LTP Review.

Blogging Success Tool: Meetedgar

Let's face facts.. MOST bloggers fail. Why ? Because no one ever hears their message. However, Meetedgar connects with your social media accounts and communicates your content as much as you want so that you're able to achieve greater reach to your audiences and in turn to theirs as well and that's why Meetedgar is a premiere blogging success tool.

Blogging Success Tool: SEMRush

Now there's nothing glamorous about research, but the better the research, the more success you are going to have. It's like data.. you can't dispute it. It is what it is. When you have more competitive research information than your competition, you will always have an unfair advantage. In its feature-set SEMrush provides you with keyword insight, backlinking insight, competitor insight. If you want to know something about a website, it's as simple as entering in the address. Want to know what keywords they rank for, their best performing pages, where they are getting links from ? SEMRush does that and more and that's why it's made it into this classroom as a success tool for you.

Blogging Success Tool: SumoMe

A suite of tools that bloggers haven't seen in one place ever before that is actually quite useful and lives up to the hype. Content and Google analytics, attractive lead generation / email capture pages, share tools, heat maps to discover where your visitors are spending the most time on a page and where they aren't. Sumome is a blogging success tool that is truly essential.

Blogging Success Tool: Grammarly

If you've been blogging for any amount of time, you have heard the phrase: Content is King. In writing content, your grammar can add to your credibility with your audience or diminish it too. Grammarly is just like having a professional proof reader right next to you 24 hours a day 7 days a week. It's in the top tier of grammar proofing resources online so of course, it's the kind of resource I want you to have as well. Additionally, I've done a thorough review of it as well that can be found here: Grammarly grammar checker review.

Back To Top


Best Books To Crush It Blogging Webmaster Tools Google Classroom


Sometimes it just helps to hear it from someone else. Their perspective can make all the difference in the world. Bloggers read other bloggers to tweak their strategies and to get better at their craft and while I certainly have my favorites there are also books that I think do a great job helping others to figure out the maze of blogging to achieve goals too. I've written posts on the best blog books to read where I provide a bit more clarification about each book, but I'll also list some of the titles here too for you.

  • Blog Inc
  • How To Start A Blog That People Will Read
  • Born To Blog
  • Secrets For Blogging Your Way To A Six Figure Income

Back To Top


Affiliate Income Blogging Webmaster Tools Google Classroom


There's always someone talking about making money online with blogging, including me. The truth is that "many" of these so called programs to generate affiliate income fall so short, they were never worth the curiosity in the first place. On the other hand, there are programs that exist that are indeed reputable, that are trustworthy, pay on time "everytime" and reward you well for promoting their products. Those are the ones that we're after and are worth the time in this classroom.

Sensational Affiliate Income: Amazon

Promoting through Amazon provides your customers with trust and credibility. First and foremost, your customer can buy with confidence and the bonus is that you're able to generate affiliate income from their purchases. Additionally, when your customer clicks through, even if a purchase is not made through your affiliate link anything purchased within 24 hours is still credited to your link. Amazon is a marketplace that is unlike no other due to it's sheer size and diversity of products that can accommodate nearly any blogging niche.

Sensational Affiliate Income: Shareasale

Another affiliate marketplace powerhouse that is diverse and friendly to even the most novice of bloggers. I wrote a very in depth review of Shareasale, otherwise known as SAS. Higher commissions, whether you're talking about fixed dollar amounts or percentages without having to sell high priced items, but doesn't have the diversity of Amazon, however, then again.. who does ? There are benefits to being a member of each of these marketplaces.

Sensational Affiliate Income: Peerfly

Peerfly is known as a cost per action network. This provides a different kind of flexibility that you don't see with Amazon or Shareasale. Once you get access to their massive library of offers, you can provide free samples to your audience and generate commissions from that or even generate revenue simply from a visitor entering their email address that provides the advertiser a genuine customer lead. Cost per action has been hailed to be an easier way to make money online and works extremely well for some niches and not so well for others, but testing the offers with your audience is the key to success. This is my complete Peerfly review.

Back To Top


Wordpress Plugins And Themes Blogging Webmaster Tools Google Classroom


Remarkable Wordpress Themes: Studiopress

This may as well be the industry standard for elegant themes for Wordpress. The reality is that Studiopress themes are customizeable, beautiful, eye catching and provides that polished look to your Wordpress website. If you're serious about blogging with Wordpress, Studiopress helps you establish that look of professionalism and authenticity.

Remarkable Wordpress PLugins: Ban Hammer

When you're trying to build an email list and you should definitely be trying to build one, fake email addresses can inflate your subscriber list numbers. Often times fake email addresses are used to get a free product that is offered by blogs and other websites. Using the Ban Hammer plugin helps to put a stop to that. Not very commonly known but it remains a remarkable plugin that is a true gem and a must have for Wordpress blogs.

Remarkable Wordpress PLugins: Optinmonster

This is the definitive exit intent plugin for Wordpress. When your visitors leave your website, this plugin can send your exiting visitors to other pages on "your" website, to your subscriber list or other designated calls to action that you fully customize. Even the most notable companies and bloggers use Optinmonster. Quite frankly, if you're competition is using it, you should be too, but I will say this much about Optinmonster, it converts very well and once you use it, you won't know how you blogged before without it.

Thanks for visiting my successful blogging and tools classroom. These are tools that I use to operate this blog and I know that you'll find them useful too.

If you liked the post, please use the share buttons below.

#candidwriter #blog #class

Back To Top

Wordpress Admin Login Hack | Ethical Hacking Warning

So here's my quick thought, warning or piece of advice on ethical hacking before I get into the rest of this..

-- Just because you can doesn't mean you should --

Wordpress hack - stop ethical hacking


With that said, people put a lot of hard work into the development of their blogs and no one, and I mean no one should login and wreck all the hard work an individual has done to inform others through their own content and knowledge on their subject matter. So if you've been able to utilize this hack that I will speak of in this post, just don't.. and I say that on behalf of anyone that owns a blog.

Now for all those users that either love it or use the Wordpress platform, your blog might be in deep deep trouble. Have you ever heard of the All In One SEO plugin ? Chances are you have... it's been around for quite some time. This SEO plugin helps you address meta tags for your WP blog. It's easy to use and customizable and anyone who's anyone that wants to SEO their blog has probably tried this plugin or is still using it today.

Recently, a flaw has been found in this plugin that leaves your site pretty vulnerable to anyone other than you. This flaw allows a user to login to the wp-admin allowing non-admin users to modify the plugin, elevate non admin users privileges, add vicious coding to your administrative panels so, in short if you allow open registrations to your site YOU ARE AT RISK.

Alright, so now that I've told you the bad news, I know you're wondering, how do I fix this ?!? The fix is very easy.. just update the plugin "now" and that will patch the flaw and you can continue business as usual. Alternatively, you could just upgrade to a different SEO plugin and of course disable and remove the SEO All In One as well and that would fix things too.

Thanks for reading. If you liked the post, please use the share buttons below.

#candidwriter #wordpress #blog