WordPress Workshop


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Takes about 10-15 minutes sometimes, but more secure and reduced risk of invasion from hackers.If you host offers it, I recommend uploading the zip file & decompressing on the server versus unzipping and FTPing all the files, which takes considerably longer
  • For most web hosts, DB_HOST will be ‘localserver’. If your web host requires that you use something different, they usually indicate this in the MySQL database area Authentication Keys & Salts are used to encrypt the information in WP cookies. If you heard Justin Ryan’s presentation at Online Summit, he discussed how hackers can use your cookies to get into your site. Using the salts and keys can help prevent this. This can be done at any time, so even if this wasn’t done when your site was setup (such as if you used one-click install), you can add this layer of security. It will force all users to log in again, but shouldn’t cause any other problems. it is possible to change table prefixes after the initial install, but this can be hairy and should not be attempted without a good backup, some technical experience, some time to kill, and a bottle of wine if there are problems.
  • If you already have an admin account, there are 2 ways you can handle this – create a new administrator account (will have to use a different email address) and then log in with that and delete the admin account (or change it to subscriber) or use wp-optimize plugin to help you change the admin account name. This can also be done directly in the DB if you’re savvy with that stuff. Some advocate to remove the account but if it’s been successfully downgraded to Subscriber role, it shouldn’t cause any problems. Can be changed during manual setup, or with plugin (wp-security scan) //remove WP Generator tag -> remove_action('wp_head', 'wp_generator'); Password – according to Justin Ryan, DuckDuckBlue (Online Summit 2010), anything less than 12 characters can be cracked by average computer in less than 1 day, no supercomputer needed. Use a variety of upper- and lower-case letters, numbers and symbolsCan create .htaccess file with FTP program or File Manager. Used to control file access on Apache-based servers. WP requires LAMP plaftorm or compatible to run. File Permissions: Directories 755, Files 644. If on shared- server, wp-config should be 750. wp-config.php can be moved ONE directory up from install directory, which means it can be outside your public folder if WP is in root directory. Make sure you have regular backups of your database (all your content) and your files (theme, plugins, modifications, etc.)
  • SemiSecure Login Reimagined – not as good as SSL for logging in but better than nothing.UserLocker - This plugin locks user account after given number of incorrect login attempts.WP Security Scan – looks for common security issues, such as database errors, table prefixes, wp-generator meta tag, etc. This doesn’t have to be running all the time. Most of the time, I have it deactivated, and activate it once a month or so, or after installing new plugins, to make sure I’m still good.WordPress File Monitor –will alert you if any file is changed or added in your WP install directory. Can be a hassle with backup files, but worth it for the peace of mindAkismet comes automatically with WP, but requires a API key, which are free for personal use, and start at $5 month for non-personal sites. Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. Spam Karma blocks spammers by known IP addresses, and has good reviews but I’ve never personally used it. Disqus is a comment management plugin but since I installed it, I haven’t had an comment spam, so that works for me. SEO Ultimate is, as its name suggests, an SEO plugin. However, it has a 404 monitor module that I can use to see which files people/bots are trying to access, which can be a clue if someone is trying or has tried to hack my site. BTEV logs events for your site to help identify potential hacking episodes TAC checks for malicious code, links or javascript in your theme files. Great if you use a lot of free themes.
  • BackupBuddy is also useful for moving WP install from subfolder to root or to a new server
  • Plugins in repository have to pass spam/malicious code check when submitted, but nothing preventing from uploaded bad code on the next go-round, so use with cautionPaid & premium plugins are safer and usually more well maintained.
  • Podpress & PowerPress both give you FreeStatsPlayerID3 tagsAudio or VideoSupports many different file typesPodpress has a history of being neglected for a while, but I’ve read some strong reviews for both.Powerpress can also do hosting. It was developed as a replacement/upgrade of Podpress when it was abandoned in 2009. However, since then, development has started back up for PodPress.
  • Has limited stats, and does not include the nice checks that many email service providers do, such as Spam flags, and automatically including required information according to CAN-SPAM act.
  • WordPress Workshop

    1. 1. WordPress Workshop Terri Orlowski beyond the office
    2. 2. About Terri• Founded beyond the office in 2006• Specialize in WordPress, websites & email marketing templates• Certified Internet Webmaster• Internet Marketing Virtual Assistant• IVAA EthicsCheck Certification• @torlowski• facebook.com/beyondtheoffice
    3. 3. What is WordPress?• “WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time.” (from WordPress.org)• First released on May 27, 2003, by Matt Mullenweg as a fork of b2/cafelog. (Wikipedia)• As of 02/11, WP 3.0 had been downloaded over 32.5 million times.• WordPress is used by over 13% of the 1,000,000 biggest websites.
    4. 4. .com vs. .orgWordPress.com WordPress.org• Free • Free (to download)• Custom Domain ($) • Custom domain ($)• Free hosting (limited) • Requires Hosting ($)• Limited Themes • Unlimited Themes• Limited Plugins • Unlimited Plugins• Automatic backups and • Responsible for your own upgrades backups & upgrades• Hosted across • Your-choice hosting* servers, can handle traffic
    5. 5. How to Install WordPress?
    6. 6. One-click installation• Quick & Easy install available from most web hosts  Not all hosts use Fantastico, but most offer some one-click installation option• Good option for non-techies• Not as secure as manual installation• Takes about 3-5 minutes
    7. 7. “Famous 5 Minute Install”• Some technical experience required• Download latest version from WordPress.org• Create MySQL Database & User• Edit wp-config-sample.php• Rename to wp-config.php• Upload WordPress files (FTP or File Manager)• Go to site to activate install script *may take longer than 5 minutes depending on your computer speed and Internet connection
    8. 8. wp-config.php• DB_NAME (line 19)• DB_USER (line 22)• DB_PASSWORD (line 25)• DB_HOST (line 28)• Authentication Unique Keys & Salts (lines 45 - 52) – https://api.wordpress.org/secret-key/1.1/salt/• Table Prefix (line 63)
    9. 9. WordPress Security• Remove or neuter the • Security Plugins admin account • Be choosy about• Non-default table prefix theme & plugin• Hide version & sources Generator meta tag • File permissions• Regular Updates • Move wp-config.php• Strong Password • Good Host• .htaccess in /wp-admin • Regular Backups
    10. 10. Plugins - Security• Semisecure Login Reimagined• User Locker• WP Security Scan• WP Optimize – use to rename admin account & remove post revisions to decrease db size• WordPress File Monitor• Akismet (Bad Behaviour, Spam Karma, Disqus)• SEO Ultimate – (404 monitor)• Bluetrait Event Viewer (BTEV)• Theme Authenticity Checker (TAC)
    11. 11. Plugins - Backup• WP DB Backup• WordPress Backup by BTE• Backup Buddy ($)
    12. 12. Plugins – Other Useful Stuff• Gravity Forms ($)• Google XML Sitemaps• Sexy Bookmarks• WordPress Editorial Calendar• WP Google Analytics• WPtouch (free or $)• All in One Webmaster (free or $)• Broken Link Checker• Simple URLs
    13. 13. Plugins• Where to find plugins? – http://wordpress.org/extend/plugins – IVAANet (ask for recommendations)• What are your favorite plugins?
    14. 14. What about themes?• StudioPress• ithemes• WooThemes• ElegantThemes• Frameworks – Thesis – Genesis – Headway• wordpress.org/extend/themes (free, use with caution)
    15. 15. WordPress for Podcasting• Simple – link to an audio file from a post• Podpress plugin• PowerPress by blubrry.com
    16. 16. WordPress for Newsletter• WordPress/Feedburner – Add a new category (ie Newsletter) – Exclude this category from Category list – Exclude regular blog posts from newsletter category – Create new feed in Feedburner for your category – Enable email subscriptions in Feedburner for that feed – Get code from Feedburner for subscription & put it in a widget – Enable full text feeds in WordPress Settings – Publish post in newsletter category and let Feedburner take care of the rest
    17. 17. WordPress for Newsletter• Use RSS feed option with your favorite mail service (MailChimp, Aweber)• Get code for signup box and put it in a widget, page or post on your site – MailChimp List Subscribe Form plugin – Gravity Forms Pro add-on plugin for MailChimp – Aweber Web Form Plugin
    18. 18. WordPress for Newsletter• ALO EasyMail Newsletter – Track/manage subscribers in WordPress – Can send to additional email addresses – Merge tags available for subscriber names, post titles, excerpts, etc. – Can create HTML or plain-text email messages – Scheduled sending – Reports and stats
    19. 19. How do you use WordPress?• Website • Invoicing• Blog • Newsletter• Video Blog • Photo Blog• Podcast • Business Directory• News Site • Contact Manager• Membership Site • Online Job Portal• Social Networking Site • Online Classifieds• Project Management • FAQ Portal• E-commerce • Ticket System• Forums • Wiki• Article Directory • Digg Clone
    20. 20. • Questions?• Comments?• Tips?• Suggestions?
    21. 21. Thank you! WordPress WorkshopTerri Orlowski, beyond the office terri@beyondtheoffice.com @torlowskifacebook.com/beyondtheofficebeyondtheoffice.com/summit11