All Things WordPress Discussions

17810121330

Comments

  • bikegremlinbikegremlin ModeratorOG
    edited October 2020

    @yokowasis said:

    @bikegremlin said:

    @yokowasis said:
    What's the common entry point for wordpress hack ? is it compromised administrator user ?

    I see wordcamp user on most of my clients websites. I still don't know how they get in. I am pretty sure it's not ssh. Because I am using docker and ssh keys.

    as of right now, i am doing regular scan, and preventing new account to be created. But I still have no idea how they get in the first place.


    While we are at it, sometimes my customer asked me, if I can create some kind of admin panel (something like adminlte, and such). Well, it's easy for Wordpress, but it looks outdated for an admin panel. I still haven't figured out on how to make wp-admin, as beautiful as current-gen admin panel (adminlite, coreui, etc).

    As far as I know, sorted from the most, to the less common:

    1) Theme/plugin problem (security issue). Either for not updating, or for using poorly written ones.

    2) Poor user security habits/awareness. Clicking on an email and giving data away, or using admin/admin123 username/password combos.

    3) Hosting provider problem, poor server security.

    Back to this example.

    1. I make sure all of the websites only installing well known plugin / themes from wordpress.org and keep it updated.
    2. It's a strong password. Is it possible the bot, bruteforcing, using past breached username / password ?
    3. If, it's regarding https, I am sure almos nobody use plain http anymore these days.

    If it's not 3, i think it's number 2. I mean even if the password is complex, doesn't really matter if it's on some hacker's username / password database. Is there any such a case happened in the past ?

    Not really sure what the questions are (if they are questions). There are several ways to make good security (at any level, including the hosting server), and countless ways of making poor security. Some hosting providers get it right, others don't.

    Same goes for stuff that webmaster/customer does. This includes passwords used, usernames, plugins and themes...

    At the cost of repeating myself, if it's of any use - my 2c on WordPress security, and on domain/website security in general.

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • YmpkerYmpker OGContent Writer

    @yokowasis said:
    What's the common entry point for wordpress hack ? is it compromised administrator user ?

    I see wordcamp user on most of my clients websites. I still don't know how they get in. I am pretty sure it's not ssh. Because I am using docker and ssh keys.

    as of right now, i am doing regular scan, and preventing new account to be created. But I still have no idea how they get in the first place.


    While we are at it, sometimes my customer asked me, if I can create some kind of admin panel (something like adminlte, and such). Well, it's easy for Wordpress, but it looks outdated for an admin panel. I still haven't figured out on how to make wp-admin, as beautiful as current-gen admin panel (adminlite, coreui, etc).

    You could install the plugin wpsecurityninja (the free version) and scan your wp install against many vulnerabilities: https://de.wordpress.org/plugins/security-ninja/

    You can uninstall it after again, but may help hardening it. Their pro version has a cloud firewall included. You could allow admin login only from whitelisted IP Address. This could help, too.

  • vyasvyas OGRetired
    edited October 2020

    I use WP Security Ninja and it is good. But adding to @bikegremlin post (even repeating some points)
    Some are common sense, others may raise different issues.

    Check for any changes in the logs. There is a script or a plugin that logs last 100 entries or changes (free) or higher (paid). Set up rules to flag any suspicious files or activities.

    All in all, there is only so much one can do. Since the WP site is a sum of many moving parts, there still might be gaping holes. Some more critical than others.

    A couple of good reads

    https://support.cloudways.com/what-can-i-do-with-an-htaccess-file/

    https://www.wpbeginner.com/wordpress-security/

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer

    @vyas said:
    I use WP Security Ninja and it is good. But adding to @bikegremlin post (even repeating some points)
    Some are common sense, others may raise different issues.

    Check for any changes in the logs. There is a script or a plugin that logs last 100 entries or changes (free) or higher (paid). Set up rules to flag any suspicious files or activities.

    All in all, there is only so much one can do. Since the WP site is a sum of many moving parts, there still might be gaping holes. Some more critical than others.

    A couple of good reads

    https://support.cloudways.com/what-can-i-do-with-an-htaccess-file/

    https://www.wpbeginner.com/wordpress-security/

    Pro ir free version? :)

  • vyasvyas OGRetired

    Pro...5 site

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer

    @vyas said:
    Pro...5 site

    Lifetime/yearly? If yearly, do you get a discount on renewal?

  • vyasvyas OGRetired

    3 years (officially, 'lifetime')

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer
    edited October 2020

    @vyas said:
    3 years (officially, 'lifetime')

    Might get a lifetime, too. If I like the trial. Gonna see :P
    They have been around for 7 years, at least.

  • vyasvyas OGRetired

    5 for 59.

    Thanked by (1)Ympker
  • YmpkerYmpker OGContent Writer

    @vyas said:
    5 for 59.

    That's a good deal. Was that on an appsumo (or similar) sale?

  • vyasvyas OGRetired

    Lol yes

    Thanked by (1)Ympker
  • cPanel says: "milk it!" :)

    "Example: You purchase WordPress Toolkit Deluxe license at $1 USD per account and
    your customer pays you a suggested amount of $5 USD."

    https://cpanel.net/wp-content/themes/cPbase/assets/downloads/wpt/cp-wpt-partner-guide.pdf

    One click cloning/staging look like cool options that can be both helpful, and nicely marketed.

    Thanked by (1)Ympker

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • YmpkerYmpker OGContent Writer

    @bikegremlin said:
    cPanel says: "milk it!" :)

    "Example: You purchase WordPress Toolkit Deluxe license at $1 USD per account and
    your customer pays you a suggested amount of $5 USD."

    https://cpanel.net/wp-content/themes/cPbase/assets/downloads/wpt/cp-wpt-partner-guide.pdf

    One click cloning/staging look like cool options that can be both helpful, and nicely marketed.

    Staging/cloning. Doesnt softaculous in cpanel have that alread?

  • @Ympker said:
    Staging/cloning. Doesnt softaculous in cpanel have that alread?

    Yep. Everything I can see in the WP Toolkit is already included in Softaculous. As most hosting providers are already use it can’t see this toolkit taking off.

    Thanked by (1)Ympker
  • bikegremlinbikegremlin ModeratorOG
    edited October 2020

    @LeonDynamic said:

    @Ympker said:
    Staging/cloning. Doesnt softaculous in cpanel have that alread?

    Yep. Everything I can see in the WP Toolkit is already included in Softaculous. As most hosting providers are already use it can’t see this toolkit taking off.

    This is a lot more expensive per server (charging at least 1 $ per account if I got it right).
    And it is offered by a company "adored" in the hosting business. :)

    Sort of reminds me of an offer I got from a mechanic, decades ago:
    "Do you want the original factory exhaust, or the cheaper knock-off that lasts a lot longer? ...I have to ask, you know..." :)

    Thanked by (1)Ympker

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • Softaculous - for WordPress website cloning, migration, staging...

    It's not too bad. Included in the price of most shared/reseller hosting providers (whether you like it, or not), and seems to be more convenient than doing it manually, or using a plugin (since most decent ones cost, plus pose a possible security problem - the fewer, the merrier).

    Thanked by (1)Ympker

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • YmpkerYmpker OGContent Writer

    @bikegremlin said:
    Softaculous - for WordPress website cloning, migration, staging...

    It's not too bad. Included in the price of most shared/reseller hosting providers (whether you like it, or not), and seems to be more convenient than doing it manually, or using a plugin (since most decent ones cost, plus pose a possible security problem - the fewer, the merrier).

    I used staging/cloning a lot. Pretty useful.

  • vyasvyas OGRetired
    edited November 2020

    Below are BF deals but most are WP specific.
    Some if the WP hosting offers are also mentioned. Posting them here as a screenshot, no links.
    I have not used any of these services, except generate press, but Keep reading about them in WP group on FB. More importantly, out of consideration for web hosts in LES who have been posting hosting offers for BF.

  • Unlimited websites (with up to 5000 subscribers) for 50 dolla's one-time payment?

    https://appsumo.com/mailpoet-black-friday-2020/

    Not sure how good their delivery is, though. Anyone tried MailPoet's SMTP service?

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • vyasvyas OGRetired
    edited November 2020

    @bikegremlin said:
    Unlimited websites (with up to 5000 subscribers) for 50 dolla's one-time payment?

    https://appsumo.com/mailpoet-black-friday-2020/

    Not sure how good their delivery is, though. Anyone tried MailPoet's SMTP service?

    along similar lines

    Edit: Following Bikegremlin's post below, I checekd the WP Themes directory:
    Sorry folks, taking this one out.
    https://wordpress.org/plugins/wp-email-delivery/

    (My miss, had this bookmarked a long time ago)

    Thanked by (1)bikegremlin
  • @vyas said:

    @bikegremlin said:
    Unlimited websites (with up to 5000 subscribers) for 50 dolla's one-time payment?

    https://appsumo.com/mailpoet-black-friday-2020/

    Not sure how good their delivery is, though. Anyone tried MailPoet's SMTP service?

    along similar lines

    https://www.wpemaildelivery.com

    Not even their front page links work properly. For crying out loud! :)

    Thanked by (2)vyas Ympker

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • vyasvyas OGRetired

    Posting the link to Rankmath SEO Plugin
    https://rankmath.com/pricing/

  • @vyas said:
    Posting the link to Rankmath SEO Plugin
    https://rankmath.com/pricing/

    I know it's reddit, but I think it's worth looking into:
    https://www.reddit.com/r/Wordpress/comments/cyj8gr/yoast_seo_vs_rank_math_do_we_have_a_new_winner/

    Thanked by (1)vyas

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • vyasvyas OGRetired

    Neve theme has been updated.
    https://themeisle.com/blog/neve-2-9/

    We use it on a couple of sites. Pretty interesting and easy to configure and use!

  • vyasvyas OGRetired
    edited November 2020

    In the BF offer deal, @localhost asked the question:

    @vyas

    Thanks so much for sharing and compiling the thread. I have been looking for a good theme or page generator for WP... the 6 part blog post was helpful.

    With so many options, what would be your first choice... I am looking at a mix of single page sites and maybe couple of online store fronts... maybe even a domain listing market place...

    Divi seems good. Elementor also... so confused... any pointers? If you are ok we can discuss via DM.

    Thnx in advance

    Thanks @localhost and gald that you found it useful... also the post series!

    Theme and pagebuidler are two different beasts. OceanWP or GeneratePress are the former. Divi and Elementor are the latter. Themes do not need a pagebuilders, but pagebuilders do need a theme. Pagebuilders extend the features/ functions of the theme significantly.

    I would suggest you get a fast, clean theme (will less bloat) that supports Gutenburg. KadenceWP is another one.. All have BF deals going on for another day or two (atleast). I am more and more impressed with Blocksy WordPress theme these days.

    I bought GeneratePress btw.

    Spend a few months tinkering around with the theme- layouts, optimization for speed, security and most imp - content for your sites.
    The deals for pagebuilders keep coming. At worst, you can get a deal for pagebuilder next BF.

    I would suggest our resident WP experts @bikegremlin and @Ympker can chime in..

    Thanked by (1)Ympker
  • @vyas said:
    I would suggest our resident WP experts @bikegremlin and @Ympker can chime in..

    My 2c on how to choose a good WP theme. More in terms of criteria and what to look for (though I did offer two recommendations - ones which I've tested thoroughly, and often choose for my use).

    As for the page builders. Briefly: Elementor can work nicely, seems to have a future (continued maintenance), and has loads of on-line tutorials.
    One I plan looking more into is Brizy. Experienced devs I've talked with say it's fast and well written. But haven't given it a test, and not sure how well sold it is (if it isn't, maintenance could just stop after a while).

    And a note: use page builders if you must get some exotic look and layout - and don't have the knowledge, or won't spend the time needed to write a custom theme. Page builders do add another plugin - with all the cons of that (another potential security hole). Elementor doesn't seem to slow down the pages where it isn't used - at least from what I've tested. So you could use Elementor to make a "super-cool" landing page, and create the rest of the website using a theme of your choice and have those pages look a bit less flashy (but load faster). Elementor can also be optimized - but it does load a lot of stuff. Fast, good theme beats it (if used properly - you can always use super large, unoptimized images and load hundreds of elements to a single page, hampering performance).

    Thanked by (1)Ympker

    Detailed info about providers whose services I've used:
    BikeGremlin web-hosting reviews

  • vyasvyas OGRetired
    edited November 2020

    @bikegremlin said:

    @vyas said:
    I would suggest our resident WP experts @bikegremlin and @Ympker can chime in..

    My 2c on how to choose a good WP theme. More in terms of criteria and what to look for (though I did offer two recommendations - ones which I've tested thoroughly, and often choose for my use).

    As for the page builders. Briefly: Elementor can work nicely, seems to have a future (continued maintenance), and has loads of on-line tutorials.
    One I plan looking more into is Brizy. Experienced devs I've talked with say it's fast and well written. But haven't given it a test, and not sure how well sold it is (if it isn't, maintenance could just stop after a while).

    And a note: use page builders if you must get some exotic look and layout - and don't have the knowledge, or won't spend the time needed to write a custom theme. Page builders do add another plugin - with all the cons of that (another potential security hole). Elementor doesn't seem to slow down the pages where it isn't used - at least from what I've tested. So you could use Elementor to make a "super-cool" landing page, and create the rest of the website using a theme of your choice and have those pages look a bit less flashy (but load faster). Elementor can also be optimized - but it does load a lot of stuff. Fast, good theme beats it (if used properly - you can always use super large, unoptimized images and load hundreds of elements to a single page, hampering performance).

    I second bikegremlin's thoughts, with two points (and there is no right or wrong approach here- depends on what you aim to do with the site).

    a. brizy has had a share of blackouts, and issues during updates. So has elementor. So Caveat Emptor (almost sounds rhyming)

    b. A slight twist on bikegermlin's suggestion:
    use elementor (or any other page builder) to create the homepage/landing page, contact, about, etc.
    blog ideally set up on a subdomain. With only the theme, no pagebuilder.

    Some day we can have a conversion on the pros and cons creating static pages from pagebuilders to improve speeds, reduce security issues, etc. (duh! Why not use a html template instead?)


    on a separate note:
    @bikegremlin do you have the brizy - WP Plan? or the cloud version?
    Have you tried brizy + blocksy?

  • YmpkerYmpker OGContent Writer
    edited November 2020

    @vyas said:
    In the BF offer deal, @localhost asked the question:

    @vyas

    Thanks so much for sharing and compiling the thread. I have been looking for a good theme or page generator for WP... the 6 part blog post was helpful.

    With so many options, what would be your first choice... I am looking at a mix of single page sites and maybe couple of online store fronts... maybe even a domain listing market place...

    Divi seems good. Elementor also... so confused... any pointers? If you are ok we can discuss via DM.

    Thnx in advance

    Thanks @localhost and gald that you found it useful... also the post series!

    Theme and pagebuidler are two different beasts. OceanWP or GeneratePress are the former. Divi and Elementor are the latter. Themes do not need a pagebuilders, but pagebuilders do need a theme. Pagebuilders extend the features/ functions of the theme significantly.

    I would suggest you get a fast, clean theme (will less bloat) that supports Gutenburg. KadenceWP is another one.. All have BF deals going on for another day or two (atleast). I am more and more impressed with Blocksy WordPress theme these days.

    I bought GeneratePress btw.

    Spend a few months tinkering around with the theme- layouts, optimization for speed, security and most imp - content for your sites.
    The deals for pagebuilders keep coming. At worst, you can get a deal for pagebuilder next BF.

    I would suggest our resident WP experts @bikegremlin and @Ympker can chime in..

    Thanks for the mention. So let me chime in and recommend Divi here. Let's get it right off the bet, keeping Divi under 2-3 seconds load time is not always achievable easily but for all I know it is one of the most wholesome Themes/Pagebuilders fit to fill almost any place. The lifetime unlimited sites sub is unbeatable and if you don't like Divi as a theme you can still opt to use another and only use the Divi Builder Plugin. The freedom to choose whether you want to use the Divi Theme (AIO pack of premium Theme and Page Builder basically) , or another theme with the Divi (Page) Builder plugin leaves you lots of flexibility. Talking online shops, Divi has some nice Woocommerce module, too. Is there a feature in Divi you are missing? Chances are one of the MANY Divi third party extensions already offer this. There's also an official Divi marketplace now hosted on ElegantThemes to shop with confidence. Unfortunately, plugins there only get 1 year of Updates, so I recommend you check the website of the third party plugin and see if they offer any different plans like lifetime (they often do) :)

    One thing I can't stress enough - that many people forget - is Divi really shines with its' thorough Documentation on ElegantThemes, tons of community tutorials and stellar/fast Community Support. The Web literally is crowded by Divi installs and help is only a Divi FB group away. The market share and presence of Divi users and devs is just something else: https://trends.builtwith.com/framework/Divi

    @vyas and @bikegremlin also have valid points, so not saying this is the only way. Just mine :)

    I have to add, though, that the Blocksy theme @vyas mentioned is really dope and I hope the core will stay free.

    Thanked by (1)chocolateshirt
  • Thank you so much @vyas @bikegremlin and @Ympker

    This is lots of helpful information... I am going to bite Divi, I feel its a no-brainer.

    I am still trying to see if I should get GeneratePress/ Blocksy/ Kadence/ Brizy/ Elementor... May be I need to slow down and take a breath.....

    Thanked by (1)Ympker
  • vyasvyas OGRetired

    @localhost said:
    Thank you so much @vyas @bikegremlin and @Ympker

    This is lots of helpful information... I am going to bite Divi, I feel its a no-brainer.

    I am still trying to see if I should get GeneratePress/ Blocksy/ Kadence/ Brizy/ Elementor... May be I need to slow down and take a breath.....

    Some drama going on in WP forums about Kadence versus Blocksy.
    Founder of Blocksy claims Kadence stole their design. And an influencer called Adam P is promiting Kadence for a huge commission (not just aff)...

    GeneratePress is good. You might want to start with that

Sign In or Register to comment.