Tag Archives: wordpress

WordPress Cleanup Checklist

Whether you’re a seasoned blogger or just getting your site off the ground and going crazy with uploads and creating content, it’s always a good idea to keep your WordPress site storage in check. “But I have unlimited disk space!” That is probably not the case, unfortunately! A server is just someone else’s computer with a finite amount of disk space. “But I don’t have the time!” Let’s clean some things up together, it will be easier than you think!

Please note: Before removing anything from your website, it’s always a good idea to have a recent backup available in case something important is deleted.

Subscriber and Membership List Purge

Every subscriber is an entry in your site’s database which can (slowly) take up space. Subscriber lists are something that you will want to be careful about going through though; it’s probably best to do this manually. However, this will become less of a daunting task to do over time if you keep up with going through your subscriber lists. The key here, however, is prevention so you won’t have to spend so much time cleaning up spam users. A simple preventative of spam signups is making sure all submission forms have a CAPTCHA that spam bots can’t abuse.

Our recommendation: Google Captcha (reCAPTCHA)

Those Years Old Pending Spam Comments

Like we discussed with maintaining subscriber lists, the key to maintaining comments is prevention. If you do not have some sort of CAPTCHA, spam bots will use and abuse your comments section. Leaving pending spam comments unchecked can be a cleanup nightmare. If you want to clean this manually, it’s best to tackle this process after your site’s peak hours. This can be a resource-intensive process as it involves deleting entries from your site’s database. Having preventative measures in place will save you so much headache and time in the future.

Our recommendation: Akismet Anti-Spam and WP Optimize

Unused and Redundant Media Files

By default, WordPress creates 4 versions of an image when you upload it to your media library. WordPress will resize that image into a thumbnail, medium, large, and full-size version. That’s 4 times the disk space used! If you haven’t been blogging too long, going through media manually shouldn’t take too much time.

Our recommendation: Media Cleaner

Post Revisions and Drafts That Let’s Face It, You’re Never Going to Finish

Hiding in your database are all the saved post revisions that were created while you were working on content. That WP Optimize plugin we recommended above will remove such saved revisions, but you can also change how many revisions are saved per post. Adding WP_POST_REVISIONS in your wp-config.php file like so:

define( ‘WP_POST_REVISIONS’, 3 );

will set a limit of how many revisions per post WordPress will keep at a time. In this example, we’re telling WordPress to only keep 3 revisions at once per post. Uneasy about adding this to your wp-config.php? We can help!

Speaking of sneaky disk space users, let’s clean those abandoned drafts up too! Another alternative to just deleting those drafts if you can’t seem to let them go is copying them to a document and transferring them to an external location such as Google Drive or Dropbox.

Unused Themes and Plugins

This is something that we cannot stress enough and if we’ve worked on your site you probably have gotten a reminder from us! Deleting those unused themes you’ve tested and didn’t like and plugins you weren’t sure about is such a good idea for multiple reasons. Those plugins and themes still have all those site files and database entries that take up disk space. Deactivated or not, would-be hackers and bots can still exploit deactivated themes and plugins. It’s a double whammy if you’ve never updated them either. Keeping what you actually use trimmed down removes that much more points of vulnerable access and keeps your site that much safer.

We do realize the irony in suggesting all these plugins when we tell you to delete unnecessary plugins! Once you’re done with your site cleanup, make note of what plugins you’ve used for future reference and remove them! They can always be reinstalled at a later date for cleanup.

As always, please do not hesitate to contact us if you have any questions or concerns or just want to chat!

Mindful WordPress Security Practices

Secure WordPress Practices

With WordPress, one of the easiest tasks to complete is to harden your site but it’s one of the most overlooked tasks! In this day in age with data breaches and hacks running rampant, it’s never too late to implement security practices on your website. While absolutely no site is 110%-without-a-doubt-no-way-in-hell-is-anyone-hacking-anything secure, there are many ways to minimize such risk. By not following any security practices or just “letting things go” you’re not only putting your site at risk, but you’re putting your audience at risk as well.

Quick Changes to Make Right Now

WordPress user practices

Please do not ever use the username of “admin” for your main administrative login. It is the WordPress default when creating a WordPress site, but it’s also the easiest to guess and easiest to start exploiting. Even if you use your email to log in to WordPress but still have your user created as “admin” you are still at a risk.

It’s always a great idea to periodically go through registered users and audit users that have any dashboard access whatsoever such as other Administrators, Editors, and Authors. That administrative user you made for a plugin support developer a few years ago that’s never been used again? You should delete that user ASAP. Multiple users with dashboard access are just more points of entry for bad guys.

Minimum password strength and password change schedule

Consider setting a schedule for yourself and additional users to change their login passwords. Your password that you haven’t updated since your site’s inception in 2013? Take a few seconds to change that today! We have a wonderful article on password security practices when creating new passwords. Try and put more thought into your passwords, and never use anything easy to guess like names and important dates.

If you care about your site at all, keep it up to date!

When Black Chicken Host receives a client request to install a new WordPress site, we always make sure to enable automatic core WordPress updates per our Terms of Service. Most likely if you’ve migrated to us you will need to enable automatic WordPress updates.

https://codex.wordpress.org/Configuring_Automatic_Background_Updates

Any theme or plugin developer worth their salt will test theme and plugin updates for compatibility with multiple versions of WordPress. While it is still an excellent practice to backup your site (you can ask us for help, we don’t mind!)  before doing major updates, unless your own website developer or “IT person” went to town with poorly coding your site, hit that update button!

…and just delete unused themes and plugins

The more themes and plugins, the more points of entry. Added bonus: reduces disk space!

Hide author usernames

Using your WordPress username as your “published” name on posts and pages is just handing people half of your login on a silver platter. But there’s a simple fix! Under your user profile, set a nickname for your user and change the “Display name publicly as” option:

“Advanced” Practices:

Change wp-login.php

One of the most common reasons we see for elevated server load/slow sites is IP addresses trying to brute force their way into your WordPress login landing pages. Since WordPress has a default www.yoursite.com/wp-login.php site landing page, this makes it easy for would be hackers and troublemakers to try and force their way into your WordPress dashboard. If your WordPress login landing page is a different URL that makes more “work” for the bad guys to try and locate and can help keep you safe!

We do not recommend editing your core WordPress files via FTP or File Manager to change your wp-login.php file or theme files. This can go wrong so quickly for so many reasons. There is however a myriad of plugins that quickly and safely change the default login landing page for your WordPress dashboard, just give a quick search! We’ve seen a few of our clients use WPS Hide Login.

Please note that if you do change the login for your site and later require our assistance with your site that involves logging into your site, please give us a heads up on what your login URL is. That will save us all some time and back and forth!

Use .htaccess to limit wp-login.php altogether

Via your site’s .htaccess file, we can deny all requests to your WordPress login page except for specified IP addresses. This is usually a last resort method as most folks do not have static IP addresses from their ISPs. So once your IP address changes, you will be locked out of your WordPress login page until your new IP address is added to your .htaccess file. If you would like assistance setting up this directive in your .htaccess, please contact us for assistance.

A Final Piece of Advice

Keep any computers and devices that access your WordPress site and email updated! If there are viruses to hack your email accounts, there are viruses to gain access to any site that requires a login. Make sure your computer has anti-virus setup and regularly updated, don’t slack on that! It’s an absolute nightmare trying to clean up an infected computer (we speak from experience).

When you don’t take your own computer and site security seriously, you aren’t taking your reader’s or customer’s security seriously. Data breaches aren’t just the huge ones you hear on the news, they can happen to any site no matter how small.

As always, please do not hesitate to contact us if you have any questions or concerns or just want to chat!

BCH Managed WP Services FAQ

If you were part of our beta testing this past summer, you already know the wonders that is our BCH Managed WP Service. Let us help you manage those mundane WordPress tasks for you! From offsite backup management to extra security scans, let us worry about the nitty gritty so you can focus on content creation and interacting with visitors.

Here are some common questions regarding our BCH Managed WP Services but if you don’t see a specific answer here, let us know!

If we don’t use this plugin, will we not have backups of our site(s)?

We do take backups for disaster recovery, however, they should not be relied upon as a viable backup solution as they may not include everything from your site. Depending on how far back or what day you need to restore from, we may not have that specific day or timeframe available.

Per our terms of service, backups are the customer’s responsibility:

Courtesy Services for Customers
All services such as backup and cPanel are provided for the courtesy of the subscriber. It is the sole responsibility of the subscriber to maintain the subscriber’s own backup of any data. Black Chicken Host is not responsible for lost data or for lost data due to third-party software that is not maintained by Black Chicken Host staff (cPanel, Softaculous, WordPress, et cetera, are not associated with Black Chicken Host.).

With WordPress, there are many backup plugins that you can use to back up your site either locally on the server in your account or they can even be sent to a remote location like Dropbox, Google Drive, or other locations. If you are interested in using a different backup plugin/solution, you are definitely more than welcome to choose that option. While we wouldn’t be managing that plugin/solution, we can definitely assist with any questions you may have regarding it and get you pointed in the right direction.

What is the fee for these services?

The pricing of these services can be found on the BCH Managed Services product page.

Don’t forget to check the “Bundled Savings” category for occasional savings!

How many backups are retained?

Backups are stored for 90 days, so the answer to this depends on what backup schedule you choose. For example, if you choose daily backups, you will have 90 backups available. If you choose 4x daily backups, 360 restore points from the past 90 days will be available for restoration.

What if I need a backup restored?

Open a ticket and let us know! We’ll get the backup restoration started and let you know when it’s complete.

What does the security scan do?

The security scan checks for various malware and exploits, as well as to see if your domain is on any blacklists. If there is anything found, you can receive a notification.

What is updated with the updates service?

In short: everything. You can choose to update all or only some plugins or themes. The WordPress software itself is a yes or no. There is also a great feature that will roll back an update if an issue is detected.

How is this all performed?

We utilize a very small plugin that we can actually hide from your list of plugins in the administration area of your site. Out of sight, out of mind! Let us manage the software so you can create more content!

As always, let us know if you have any questions about our BCH Managed WP Service by emailing us at support@blackchickenhost.com.

Analytics Boot Camp Day 4: Technology

Howdy, Boot Camp Attendees –

Get this – we’re almost halfway through the Standard Reporting tab! Soon, you’ll be a total pro at Google Analytics (GA.)

Tonight’s installment covers the Technology, Social, and Mobile menus, which we find under Standard Reporting, Audience.

Continue reading

Boot Camp – Understanding Google Analytics

Well hello there, Google Analytics Boot Campees!

When you look at your Google Analytics Dashboard, does your heart sink, your eyes glaze over, your brain feel a little overwhelmed? We completely understand. There is a metric honkload of information presented, and not always in particularly intuitive ways. Too, we find much of Google’s Help section for Analytics pretty unhelpful for beginners.

That’s why we’re here!

Continue reading

Monetization Boot Camp Day 5: Advanced Topics & Wrap-Up

Howdy, and welcome to the final day of our Personal Blog Monetization Boot Camp!

We hope you’ve found the information we’ve present a useful starting point for earning income with your blog or website.

Today, we’re going to cover some advanced topics, balancing life with blogging, and summing everything up. If you’ve made it this far into the camp, we salute your attention span! There has been a lot of information presented this week.

Let’s dive right in, shall we?

Continue reading

Monetization Boot Camp Day 2: Affiliate Programs

Welcome back to Boot Camp, attendees!

Today’s topic: Affiliate Programs.

We’ll talk about finding programs, signing up, inserting links onto your blog, publicizing your unique URL, and more. While the financial results will vary from site to site, the underlying principles are the same.

Continue reading

New Feature – Free Premium CommentLuv!

Hi folks!

Just quick update to let you know of another super-cool bonus of hosting your WordPress site with Black Chicken Host: We now have an unlimited license for CommentLuv, one of the best-known comment-oriented traffic-drivers, and we’re offering it to our customers free of charge!

CommentLuv is a powerful social networking tool which picks up the last blog posts of a commenter, which encourages them to engage on your site more frequently.

Continue reading

WordPress Plugins – Pros and Cons

Many bloggers use WordPress (and we do, too!) which is a fantastic tool to use for an online presence. In addition to very nice built-in functionality, there is a robust community of developers who write add-on features for WP called “plugins.”

Plugins can do anything from add Facebook and G+ buttons to a page, to finding related posts for readers, to adding Google Analytics into all of your WP content. The list is long indeed, and they all seem wonderful at first glance.

However, adding too many plugins (or badly coded ones) to a site can cause troubles from long load times to outright failures – not all plugins play well together.

Continue reading