Wordpress Websites: Simple Modifications to Make Your Life Easier
Although Wordpress (or WP) continues to be the most popular platform for all types of websites, there are still a number of security issues that can put your web presence at risk. This affects small blogs and large business websites equally. Both types are common to be based off Wordpress (which, #WP being open-source software, is a good thing). With just a handful of tweaks, easy-to-follow measures and small modifications, the overall security of Wordpress can be greatly secured.
And we're not even talking "immediately install WordFence Security" or similar BS here!
The reasons for this being (1) this particular WP plugin can be very annoying (as one big part of its "security features" is simply limiting your number of login attemts; seriously, guys, 'that the best you can do?!) and (2) recent samples of malware found on our own servers indicate that an increasing number of attackers is specifically addressing and actively circumventing the WordFence Security plugins methods of securing a WP installation to force their way into WordFence-secured websites regardless. This is a real-life observation from my experience of running multiple WP installations across a number of servers.
Maybe the popularity and widespread use of the WordFence security WP-plugin has made this plugin itself "too big a target" by now to still offer anything like REAL security, and it might be time to look for alternatives.
That said, simply installing any such WP plugin is not at all the direction this article is going.
We are taking a more general approach here.
Wordpress , the popular WordPress CMS (or Content management System), is an enormously powerful tool for every small business, private individual running a Weblog, or even larger E-Commerce Websites.
Out of the box, WordPress is ready to be used for any of the above purposes — and then some.
This is a great thing. The CMS comes with the famous 5-minute installation feature, you basically just download the WP version you want (not necessarily always the latest but at least one of the more recent ones), punch in a few basic settings, and you’re good to go. A video showing this process as an easy-to-follow tutorial will be posted here soon. This will even help total newbies to be all set in no time!
The ease of installation is one of the reasons — if not the chief reason — for WordPress’ popularity all over the internet. WP websites make up a huge chunk of all Weblogs on the internet (between 40% to 70%, depending on how you count). WordPress’ ease of installation is a good thing — on one hand. It comes with a few disadvantages though, on the other.
For example, when a total Noob starts out with WordPress, all these nice “Get WordPress Now” helpers point to the very latest version of WordPress (that would be WP Ver5.7, as of this writing — and possibly 5.7.1 or so as soon as later this week). The “current” is usually the “best” version for most purposes, security-wise or when it comes to certain bugfixes or similar. As soon as you start adding something more specific for your purposes, maybe a special WP Plugin to do specific tasks, you may soon find out that not all the great Plugins there are will support the very latest of WordPress versions. It may well be, that your favourite (or most-needed) Plugin “only” supports WordPress’ previous version (which may have been top-of-the heap as recently as this morning but is kind of “old crap” in the afternoon).
Even worse, since WordPress 3.7 there is an “auto-update” feature activated by default. Pretty much as the name implies, this auto-update forces your website to automatically update to the latest version of WordPress once such a new version becomes available (maybe over lunchtime, in order to stick to the example above). This means that a somewhat modified or specialised website running some we–maintained and useful Plugin for specific extra tasks you may like or absolutely require for your purposes may or may not be incompatible — and, in more severe cases, possibly even causing your website to crash — from, well, lunchtime or whenever that next WP update happens to be. Not good.
Some plugins aren’t completely compatible with WordPress updates as soon as the updates come out.
So one of the more useful “modifications” you might want to make to your installation is disabling this somewhat questionable WP auto-update function. This is easy to do. It only requires adding one line of code as described below:
Go to your WordPress server.
Go to the subdirectory of …/yourwebsite/
Find the wp-config.php file”
Open the file in an editor
To completely disable all automatic updates (of any type), add the following line to your wp-config.php file:
define( 'AUTOMATIC_UPDATER_DISABLED', true );
This will save you from waking up one morning and finding that some auto-update has broken your installation.
Still, you may want to manually update to a fairly recent version in order to eliminate vulnerabilities or exploits that may come up over time as attackers try to find ways into websites. Once you know that a more recent version is not doing any harm to your configuration and Plugins used, do a manual update to a later version (or the latest one, if you are reasonably sure that it will work with your Plugins).
There are also Plugins of their own to more comfortably control WP updates in a Graphical environment. Disable Automatic Updater https://wordpress.org/plugins/wp-disable-automatic-updates/ and Update Control http://wordpress.org/plugins/update-control/ are two Plugins doing just that.
Another option would be getting the Downgrade-WP plugin. With this plugin, you can force your website to a specific (and carefully hand-picked) version that you have found to work with all your other required or favorite WP plugins, or one version you really like for any other reason. We do have "fav" versions like this all the time, usually the second one after a major update that has already been tested sufficiently and that the more important plugins have already caught up to.
These two simple methods will make it so much easier for any Wordpress website owner to have a really flawless operation and be able to focus on the content-side of their project. This is what Wordpress came to enable you, and this is what you should get from this powerful and very versatile platform.
Stay tuned or follow me here for more tips on Wordpress or website security improvements that have proven useful in real-life.