A lot of people use WordPress and WordPress is hacked all the time. How do you prevent WordPress from being hacked? My top 4 things to do:
Great passwords that contain both upper and lower case letters, numbers and a symbol or two like underscores, dashes etc.
Keep WordPress up to date! Fortunately in 2014, WordPress can be set to auto update. Do it and save yourself headaches.
Don’t use plug-ins unless you absolutely have to. Do some research to be sure that they are safe and secure.
Delete any unused themes. WordPress comes installed with a few themes … delete them because they could be a place for hackers to drop in malicious PHP files.
I recently had an old WordPress based site hacked and though I had updated it to the latest version of WordPress, will still found a malicious PHP file in this folder:
… Yes, inside the images folder. That’s one example of where these bastards will stick their malicious code. Remember, they don’t want you to find it. We don’t know for sure but I am guessing they got in the file BEFORE I updated WordPress.
I have to tell you that over the years, the few times we’ve been hacked … it’s always been via WordPress.
We are really reconsidering our use of WordPress, since it can be such a liability. We are asking ourselves, how much does WordPress really bring to the table(?) and weighing that against the risks.
BTW, I am not picking on WordPress, all the major CMS’ out there (Drupal, Joomla) are major points of attack. The open nature of these products, makes them that much easier to hack than closed-sourced (code is not public) private software.
For our new projects, we are rolling out our own blog tool – with all the advanced PHP frameworks out there and given that our needs are fairly simple, it makes sense to us.
If you do end up using WordPress, be sure to follow the above steps.
Anyone who knows me knows that I am an advocate of WordPress, especially from the point of view of a web designer since so many small business websites use WordPress.
Not all is well in the world of WordPress
The sad thing is that with great popularity and ease of use, comes great evil – WordPress has had a plethora of security holes and can be the source of many of website headaches because of all the hacking that can likely be subject to. Here are some WordPress safety tips:
1. Keep WordPress up to date!
It seems that the WordPress nerds update this popular CMS every 2.6 seconds! Though annoying, these updates are made with good reason: to plug security holes and other bugs.
Thankfully, the in WordPress update feature (as of WordPress 3.x) works very well. You don’t have to go through the 10 step process anymore to update it – just click on the update button and WordPress takes care of it for you.
We just released a brand new WordPress training course that teaches you from scratch, how to create a custom WordPress theme. Some details:
In this series,Â the viewer is taken through the entire design and development process, starting with doing the design in Photoshop, then building an HTML/CSS template, and finally integrating that template into a fully functioning WordPress theme.
The author demonstrates a wide range of WordPress functionality, including WordPress search, menus, sidebars and widgets, and how to theme posts, pages, categories and archives. In addition, install and use a favorite WordPress plugin: the Advanced Custom Fields plugin.
This course is aimed at intermediate designers/programmers. To follow along, you are expected to have a basic understanding of Photoshop, HTML, CSS and PHP. The author demonstrates WordPress using a local install on a computer, meaning that web hosting isn’t required to follow along.
There once was a time (6 months ago) where updating WordPress was a real pain in the butt. Fortunately for us lazy nerds, those days are past us!
WordPress 3.5 Upgrade is Flawless!
We just upgraded a few of our WordPress based blogs (as you should!) and the one click upgrade worked for the for time for us. And in fact, it worked on many sites. So my congrats to the WP nerds for finally getting this right.
What is the difference between WordPress and Dreamweaver? â€¦This is a question that is popping up a lot … so I figure I should answer it.
First of all, though they look the same from the non-nerdâ€™s perspective, they are in fact very different from each other:
Dreamweaver is a web design program that you install on YOUR computer. WordPress is a content management system (basically a bunch of php pages) that you install on your web server â€“ not your home computer.
A website built with Dreamweaver can be uploaded to any web server. When you build a website with WordPress, the website and WordPress become one. You need to have WordPress running to run the website, because the website is dynamically being generated by the WordPress engine.
Dreamweaver is like a set of power tools, that can speed up the web design process. WordPress is like a Lego game, where all the pieces are already made, and all you have to do is snap them together.
â€¦ Finally, WordPress is free and Dreamweaver is a commercial product that cost hundreds of dollars.
Recently someone asked whether they should learn Dreamweaver OR whether should they jump into a CMS like Joomla or WordPress.
What is a CMS?
CMS is short for Content Management System, and are web based programs that you upload to the server and they provide word-processor like capabilities to your website – and much, much more.
To make an analogy: you can think of a CMS as being a restaurant buffet, where you have many prepared dishes to choose from, that you can use to create your meal. Where Dreamweaver is like an electric appliance, that helps you create a meal from scratch.
I was recently asked a question about the future of web design:
I have a short general query about the Future of Web Design: do you think that we are going towards a trend where, particularly with the use of Web environments like WordPress or Joomla, programming skills will be more and more oriented towards updating and customising plugins?
I have been a long time believer in this strategy of using a CMS as the basis of almost all your web design projects. I wrote about this back in 2010, talking about the ‘WordPress Web Designer‘.
I use WordPress for my web sites, but Drupal and Joomla can do a great job too. You just have to figure out which one suits you best.
For a more detailed discussion, watch my video below:
Every so often people ask about building a CMS (content management system) and so, I decided to included a snippet from an email I recently sent. One point I want to make clear; you can build a CMS using any server side programming language (PHP, Ruby, Java etc …) I just recommend PHP because I think that for most people out there, PHP makes sense.
From the email:
Before you can Build a CMS, you need to understand PHP basics … I would recommend either you get some of the basic PHP courses or you get our Complete Programmer package:
I am happy to announce yet another screencast tutorial for all you nerds out there: Build A Content Management System.
OK, not the most exciting title, but still an exciting course for those PHP nerds who want to go from PHP basics and get into building a full-fledged PHP application from scratch.
Learn how to build a content management system that provides a website all the tools needed to allow basic web users to manage the website content with ease. Over 6.5 hours of tutorials over 41 videos!
Here are some details about the video tutorial:
This course is aimed at intermediate level web developers, demonstrating how to build a basic PHP based content management system that uses object oriented programming techniques and implements the MVC pattern.