Can't Speak Geek

Translating the Geek Speak in simpler terms

WordPress 101

The Importance of Staging

Anytime you work on your site, especially if you are working on the files, running updates, or adding new features, you should never do it on the live site first. Bad things can happen. You should always test on a staging or development site before making the changes live.  

Having a staging site is essential for testing updates, adding new plugins, or trying a new theme. It is like the “try it before you buy it” approach for your site. 

First, find out if your hosting company has the ability to provide you with a staging site. If so, that is great! I know Flywheel, Pantheon, and WP Engine have the option for at minimum one staging site per live site. Flywheel and WP Engine will give you one staging instance. Pantheon can give you up to 10 multi-dev instances. 

If your hosting company does not offer a staging site built within their system, never fear as there are other options you can use. They are simple or no configuration needed to get a staging site setup. 

Plugins like WP Staging can offer you a temporary staging site built within your install. It offers a easy, no-configuration way of having a temporary staging site. 

You can also setup a subdomain on your site to handle your staging needs in cPanel. You will go into your cPanel and find the Subdomains option. Name your new subdomain as staging (or whatever you would like). Then create a FTP account for your subdomain.  This will help you to keep your sites separate. You can then upload WordPress to the staging site. You can then use a migration plugin to make a copy of your live site to move to the staging. You can use something like All-In-One WP Migration or Duplicator to move the site. 

There are also local options you can use as well. Local instances go onto your computer and saved “locally”. One option is to use Desktop Server. Their paid version has Direct Deploy where you can push from your local instance to your live site. This is a great option for if you do not want to try to make the staging site on a cPanel.

Whichever you choose to do, it is always a great idea to test before you push live. Also remember to make a backup before running updates. Taking precautionary steps first, always ensures that if something breaks, it is not permanent. 

5 Things to Consider Before Opening Your Virtual Storefront

Opening an online shop is becoming a trend these days, and it’s not hard to see why. After all, the number of digital buyers is anticipated to grow to 2.14 billion by 2021

Fortunately, this means your potential online customer base is constantly growing. But it also means that your competition is growing too. If you don’t want to get left behind, you need to learn how to play the game in an online space. So here are five tips to help you start a successful virtual storefront.

1. Have a business plan that covers the online space

Before jumping into the online world, you need to have a proper business plan in place. Even if you’ve already drafted one for a brick-and-mortar location, you should re-plan, as the online atmosphere is drastically different. Plan how you’ll finance your online venture, choose the right product or service to sell, and set your business goals. 

If you have any big ideas or stretch goals for the future, get them down in writing too. It’ll make it easier for you to reference and reassess as your company grows.

2. Pick the right domain name

Once you’ve got a solid business plan, it’s time to find the right domain name. Here are three tips to keep in mind as you pick your URL:

  • Don’t overdo it. Long domains can be hard to follow, giving potential customers more room for error. Stick with clarity over cleverness.
  • Match it with your business name, if possible. This helps customers remember your site. If someone else has already registered your business name as a domain, consider adding your city name after it or a “the” in front of it as a differentiator—just don’t get too complex.
  • Choose a name that is easy to spell. Amazon is a good example. It’s easy to spell and easy to remember. Do the same thing with your online shop. Avoid numbers and hyphens, too, as they are difficult to remember and may lead to typos.

3. Find a hosting setup and address security

Plenty of services offer domain hosting, web hosting, a content management system, and e-commerce options all in one, while others cater to a more piecemeal approach. WordPress has two options (differentiated by a .com and a .org domain) to let you go the route you’re more comfortable with.

Whichever way you go, make sure your host has strong security and a good reputation, especially if customers will be entering sensitive data or financial information through your site. You should also take steps on your end to learn what you can do to secure your site against potential hacks.

4. Do some online market research

To succeed in online marketing, you must understand what your customers want. Do some digging into these three key marketing strategies:

  • SEO: Invest in Search Engine Optimization to boost your rankings in Google and help customers find your business site effectively.
  • Social media marketing: Get your business onto the social media platforms where your customer base is most likely to be.
  • PPC: Bid on relevant keywords to appear in the ads at the top of searches for those terms.

An investment into all three of these areas will help your storefront gain more traction with new customers, often for less than traditional advertising efforts.

5. Invest in reliable tech

When you move into the online space, make sure you can promptly and efficiently field any issues that arise, including updating your store offerings and handling customer service requests. To do that, you’ll need a reliable tech setup, including a computer, modem/router, and a solid internet plan.

The exact models and plans you pick should depend on your budget and needs, but there are a few guidelines: The computer should have solid reviews and a support plan that will keep your device up and running. The modem/router should be advanced enough to handle up to whatever top speeds your internet plan can put out. And as for an internet provider, you’ll want to decide between a business or residential plan—the former offers benefits that the latter doesn’t, like a static IP address, better upload and download speeds, and more accessible customer service, but you may be fine with a residential plan if your operation is still small. 

Ready to Open Your Online Business?

Given how many consumers now do their shopping on the internet, having an online storefront is a great way to meet your buyers where they are. Just make sure you follow these five steps first—and you’ll be on your way to making sales and beating out competitors.

How to Keep your Website Secure from Hackers

Websites tend to be “If you build it, they will come”, but this also means hackers will want to come to check out your site as well. Is there anyway stop them from coming? There are simple steps in WordPress security and the first step is one of the most important actions to take. That is making the step to a proactive approach (instead of a reactive process) and to do it TODAY. Any website, even the simplest of test sites, and the site that does not get any traffic can be infected if not maintained properly.

The bulk of WordPress websites that are infected is typically due to out-of-date core, theme, or plugin files, use of insecure logins, or a brute force attack.  Mostly though it is due to not being updated regularly or logins. I have watched first hand a brute force attack on a test site that was not indexed by Google and had no visitors. However, while nothing is ever completely and utterly full proof, there are simple steps  to take to avoid the bad things that could happen. Let me share some simple steps anyone can take to keep their online presence safe and secure that require a little bit of time and no coding on your part.

Secure Passwords ALWAYS

A great password is the first line of defense to keep the unsavory people and bots out of your websites. When a bot comes to try to get into a WordPress dashboard, the first thing they try to use when logging in is “admin” and “password” as that combination is the most widely used login STILL. Changing it around to be “Pa$$w0rd” does not make it any more secure either. This is due to the fact it still reads as “password”. Names or anything that will still read as a legible words or phrases are the easiest and quickest hacked passwords.

Typically, all passwords should be at least 12 characters that are illegible, containing upper and lowercase letters, numbers, and special characters. The more characters in the password, the harder it is to break. If you want to test how secure your passwords are, check the How Secure Is My Password checker. This will show you how long it would take a computer bot to break your password. The checker told me that it would take a desktop PC about 377 billion years to crack one of my passwords. That is when you know you have a great password! 

Passwords should also be unique to that login and only one login. The more you use the same password, the greater opportunity that it could become found and used against you. Imagine if you used the same password on all logins. It would take a bot or a person less than 5 minutes to find out your email, website, banking, and all of your online information. No one wants that to happen. Again, always use secure and unique passwords. It is also advisable to use a password keeper like LastPass or 1Password to keep your passwords secure, but we will get to that later.

Security plugins can help!

There are many types of security plugins that do a full range of options. You can use more than one security plugin on your site as long as you do not have them set to do the same things. Here is a list of some great WordPress security plugins that are available. 

Jetpack – I use the multi-functional plugin Jetpack on all of my sites. They have a few features built in for security measures.

  • Monitor – Jetpack will notify you when your site goes down and when it comes back up again. Always be in the know when your customers can not access your website.
  • Protect – Protect used to be a stand alone plugin called BruteProtect. It was one of the highest used plugins to block out brute force attacks. Automattic acquired it last year and now has it built into Jetpack.
  • Manage – Jetpack’s Manage lets you update your plugins, themes, and core of all of your self hosted websites from one dashboard and gives you the opportunity to have automatic updates.

iThemes Security (formerly Better WP Security) – While iThemes Security is NOT a security firewall, it does give great benefits to securing a website without having to change any the code yourself. They do have a free and a Pro version. 

WordFence – While I do love WordFence’s scanner, I typically only have it downloaded to a site when I am double checking to make sure all malware has been deleted. If you feel like your site has been infected, WordFence can detect any WordPress file that has been changed from it’s original form.  If you do choose to use WordFence,  and you can enable all options, do not run it with iThemes Security, Jetpack’s Protect, or the Sucuri Security as they can cause conflict with each other. If you do choose to use WordFence with iThemes Security, only have the scanner active on WordFence. 

SiteLock – SiteLock WordPress Plugin provides complete website security management without leaving WordPress. Users can access their SiteLock Dashboard from within their WordPress back-end, allowing you to focus on what’s most important—your business, your passion, your word.

Sucuri Security – Sucuri has both a Firewall and an AntiVirus that can help block the bad guys and bots out of your website for good. Sucuri has the most widely used WordPress firewall in the industry. You can run the Sucuri CloudProxy Firewall with iThemes Security but get the list of the CloudProxy IP’s from Sucuri to put in your IP WhiteList in the iThemes Security settings.

Two-factor Authentication is a must!

Any login that you can have a two party authentication on, it is always advisable to use. There are different ways this can be set up. There can be a CAPTCHA, a Google Authorization code, or a simple math question to prove that you are a human. With some options now, you can have a choice of fingertip or facial recognition on mobile as well. If you choose to use any of these, make sure that each person accessing the dashboard has their own unique login. Shared logins can cause issues especially if using the Google Authorization code that is sent to a single cell phone.

  • iThemes Security Pro – Has multiple two-factor options including CAPTCHA. Google Authorization, and simple math.
  • Two-Factor – Works right out of the box.
  • Google Authenticator – Uses two-factor authentication by the Google Authenticator app for Android/iPhone/Blackberry.

Always update all the things!

The biggest reason malicious code gets into a website is due to a found vulnerability in code for a plugin, theme, or in an outdated core file. This is easily remedied by having your website on a regular update cycle. Some site agencies and owners will have a set day of the week to update their website, while others will update every time they login. There are plugins that can help keep your sites updated. Please make sure you are updating your site at least once per month. It is recommended to update sites once a week at minimal. We update our sites as soon as they come through however, we do test the updates on a staging server before updating the live site. 

Here are some options to help you run your site updates

  • Jetpack – Handle all of your Jetpack connected sites in one WordPress.com dashboard
  • ManageWP – A comprehensive dashboard for updating, backups, and security options. 
  • iThemes Sync – Sync up to 10 sites for free so there is one dashboard to update, run BackupBuddy, and unlock iThemes Security lockouts.
  • WP Staging – Gives you the ability to build a staging site to test updates on before updating your live site. 

Always have a backup

There is very little that is more important than having a backup system in place. As long as there is a full backup of the website including the database, you will never lose your website. No loss will ever be permanent. There are numerous ways to backup a website, some are automated, some are manual. It is up to you to decide which way you want to keep them. Do not leave it up to your hosting company unless you have direct access to the backups. If the backups are made with a plugin. always send your backups somewhere other than your server.

Here are site backup services that CSG recommends. 

  • Updraft Plus – They have a free and premium version to backup your website.
  • Jetpack’s Site Backups – Built into the popular Jetpack plugin
  • BlogVault – A premium backup service that has white-label options.
  • BackupBuddy – A premium backup plugin that integrates with iThemes Security and Sync.

Other tips that are equally important 

While these do not fit into their own category, they are just as important to remember and to follow.

  • Always use SFTP when using a file manager if it is available.
  • Using SSH or WP-CLI is even better!
  • Never, ever have your files and directories wide open at 777 or 666! That will leave them wide open and executable by everyone. Especially hackers!
  • Use a complex and unique username and password for your site’s database.
  • Use a password manager to keep track of your logins. Passwords should never be so easy that you remember them and you should never save them to your browser.  LastPass and 1Password are great tools that can be used on all popular browsers and on your mobile devices.
  • Do not EVER send passwords in an email. Attach them as a zipped text document. You can also use a sharing program like One Time Secret or Password Pusher.
  • Always have an antivirus on your machine to stop the automatic downloads from a malicious websites. Even if you are using a Mac, have an antivirus active on your machine. 
  • Use a VPN when using public WiFi. There are many good choices out there in every price rage. 

Following these simple steps can keep you and your online presence safe. Securing your site today will save you from having to pay to get your site cleaned tomorrow. If you find your site is hacked, Can’t Speak Geek can help you through cleaning a hacked website

Oh no! My WordPress site got hacked!

It is every single website owner’s worst nightmare to realize that their website has been hacked. Infected sites can wreak havoc for everyone and cause a lot of damage in its wrath. It is a very serious matter that should be tackled as soon as the infiltration has been discovered. However, the first thing to do at this moment, is take a slow, deep breath, and know that your website will be up and running clean once again. Listed below is my step-by-step guide for anyone with an infected WordPress website who is wondering what to do next. [Read more…] about Oh no! My WordPress site got hacked!

The Need For Maintenance

I get asked all the time “what is the big issue with maintenance? My site is online. Why should updating or backing up the site matter?”

First websites are not build them and forget them like many people think they are. Too often when a site is built by someone else, they forget to tell the site owner that there are certain things that need to happen once they turn the site over to the user. This can end in bad news for the site owner later down the road. Maintenance can take just a few minutes each month and can save you a lifetime of headache in the long run.

Backups are essential!

I tell clients and new users all the time “nothing is every permanent if you have a backup.” This should be learned back in the high school paper writing times and then carried with you for the rest of your life. Remember staying up late writing a paper and then closing down your machine without saving to find out the next morning the paper was gone? Imagine that happening when you are working on your website. Any time you are adding a new plugin, editing any of the files, or changing any functionality of the site, it is crucial to make a backup first. This is for when things break, you always have a backup to revert to. Plugins like BackWPUp, BlogVault, Jetpack, and Backup Buddy can help you to setup automatic updates of your site. Just remember to have them sent to a place other than your server for safe keeping. Most plugins have a cloud option or you can have them sent to a Dropbox account or AWS S3 storage canister.

Updates are crucial!

A major line of defense from hackers is updates. Security experts preach often about the necessity of updating a site. They are not wrong.

Updates are made for three reasons.

  1. The Release of New Features
  2. To Fix A Bug/Outdated code
  3. To Fix A Security Vulnerability.

Updating the core, plugin, and theme files when they come through will keep known vulnerabilities at bay. It is always best to update your site on a staging environment to test before making the live changes. If you do not have the option for a staging site, always run a backup before updating for if you need to revert the site back due to conflicts.

Remove any unused plugins and themes

It goes along with the old saying, “if you are not going to use it, get rid of it.” If there are plugins that are sitting in “deactivated” mode, it is best to delete them and then re-add them when you need to use them again. The WordPress Plugin Repository has a fantastic feature where you can save your most liked plugins as “favorites” in your profile. That way you never have to search for the ones you like to use.

As for themes, it is best practice to only keep the theme in use and the most recent WordPress default theme to use for conflict checks if needed. All the other plugins should be removed from your site.

Inspect your site regularly

You know your site better than anyone else. Take the time to look at the front end of your site to ensure that everything is working properly. Definitely do this after running updates on your site. Look for any console and visual errors on your site. Doing this regularly can close the gap from any issues on your site being noticed by your visitors before you know they are there.

Change Your Password

With all passwords, you should be changing them every 6 months to a year. Your password is your first defense at keeping unwanted people out of your site. You can see more of what Can’t Speak Geek thinks about passwords by reading Preaching About Passwords. Also, make sure your passwords are unique and not easily remembered. The harder to remember, the harder it is for password crackers to guess.

Keep up with the commenting

Spam comments can fill up a database very quickly these days. Using something like Akismet can keep unwanted comments off your site and out of your database. It is still good measure to check on your comments often and approve them to share the conversation on your blog posts.

Check your forms

Your forms are what can connect a first time visitor of your site into becoming a customer. If your forms are not working, then your leads from your forms will stop as well. We recommend making a test submission to your forms monthly to ensure they are working properly.

Test your e-Commerce portals

Every so often, we recommend monthly, run a test purchase through your site. The last thing you want is to find out you have lost sales due to your checkout not working. If you are testing your checkout on a regularly basis, you will know before your customers do if something is wrong and can fix it before you lose any sales.

Performance Testing

How is your site holding up? Make sure that it is not suddenly slowing down or performing horribly due to changes on your site. Google still looks at site speed as a very important piece of where you will be in their list. I suggest using Pingdom and GT Metrix for performance testing.

Put 404’s to rest along with Broken Links

If a user tries to go to a place on your site that does not exist, it will cause a 404 to happen. Now, 404 errors that happen because a reader accidentally mistyped an address are normal and nothing to be worried about, but when 404 errors happen due to a page that is no longer available can cause bad user experience and people to leave your site.

Broken links happen when you have links to outside sites that no longer work. We see this often when linking to other blog posts and/or YouTube videos.

It is a good measure to check on 404’s and broken links to ensure that all links work on your site. The plugin Broken Link Checker does. great job in taken care of both issues. If you need to make redirects for your site, I would recommend the plugin Redirection.

These basic maintenance steps are essential to keeping your site online and running properly. Site maintenance is key. In the event you would rather have someone else to take care of the maintenance of your site, there are companies that can help. Companies like WP Site Care, 13Core, and WP Buffs can help you with updates and backups so you don’t have to.

%d bloggers like this: