Why WordPress is the Best Option for creating an Online Identity for your Business.
Initially released on the 27 May 2003, WordPress has turned out to be the most famous Content Management System (CMS) on the planet. Today, It is utilized by millions of websites that unleash new posts each and every second. Regardless of the measure of the web journal that is utilizing WordPress. This broadly utilized CMS has turned into the most loved CMS among organizations due to how effective of a tool it is. Exactly how effective is it? Look at the accompanying 7 reasons why your business should change to this CMS and you’ll see why.
1. It’s Free
Whether you’re a blogger or simply managing another online business website, this is the way that is 100 percent free. Best of all, as it’s 100% free you never need to stress over any concealed charges if your site turns out to be more prevalent than anticipated. On top of that, WordPress is open source software so you can enhance or change the source code to make the right site for your necessities.
WordPress coordinates with probably the most capable stages accessible to give your business that extra support. Need to dispatch an email with a big bunch? You can utilize online tools like Aweber or MailChimp. Need to get paid for a product or service? WordPress will work with the most mainstream installment of E-Commerce software on the planet.
3. Multi-Client Capacity
There’s a decent probability that you’ll need to depend on numerous individuals to keep your site up and running. It knows about this and has made it simple for you to allocate various roles for various people. Here is a rundown of these specific control areas – “Administrator, Editor, Author, Contributor and Subscriber”.
4. A Universal Platform
WordPress highlights a universal platform. The dashboard dependably has a striking resemblance – regardless of what you’re utilizing it for. You don’t have to contract specialists or invest energy attempting to make the best use of WordPress. Truth be told, anybody with some kind of general PHP, CSS and MySQL experience can utilize WordPress instantly.
5. WordPress Continues Showing Signs of Improvement.
Since WordPress procures only first-rate engineers, you can be sure that it is going to constantly be improved over the long haul. Additionally, in light of the fact that is open source, any designer, programmer or developer can upgrade the CMS so it can turn into the best CMS accessible.
6. Managing Becomes Easy
As said before, WordPress is well-versed with an implicit automatic updater for security purposes. Notwithstanding, it notifies you at whatever point there are upgrades for your themes and plugins. This makes dealing with your site incredibly simple since you’ll generally be able to cope with the latest updates and upgrades without assistance. This will keep your site protected, up to date and fresh.
7. Powerful Multimedia Features
The insertion of pictures, video or audio files is an incredible approach to upgrading the experience for your clients. Thankfully, WordPress makes it simple for you to embed images and audio files into any page or post you have created.
You may have seen the news about a Linux vulnerability branded ‘Dirty COW’, which affects many Linux servers.
Please see an overview of the vulnerability below and what you need to do.
Dirty COW, or CVE-2016-5195 to use it’s less sensationalist name, is a privilege escalation vulnerability in Linux from October 2016.
The obligatory branded vulnerability website can be found here, replete with logo, proof of concept and more detail on the underlying issue.
Describing what the vulnerability is, what it does and how it came about is better left to thse in the know, this page is aimed at people wanting to patch their way to safety.
The good news is that by the time you’re reading this, all the major linux distributions will have patches available for their various kernels, so it’s simply a matter or running an update through your package manager and restarting your server.
First things first though, let’s check if you’re actually vulnerable.
RedHat have provided a handy script for checking if you’re vulnerable or not. Carry out the following steps which logged into your server over SSH to check.
First, download the script from RedHat using wget:
Then run the script and see what it returns:
The output should be fairly self explanatory, but if you’re vulnerable it’ll look something like this:
Your kernel is 3.10.0-327.10.1.el7.x86_64 which IS vulnerable.
Red Hat recommends that you update your kernel. Alternatively, you can apply partial
mitigation described at https://access.redhat.com/security/vulnerabilities/2706661 .
If vulnerable, you should follow the next section to patch and fix the vulnerability.
If you’re on a Debian or Ubuntu based distribution, the redhat script won’t work, but you can find your kernel version with the following version:
This will return something like:
root@dev:~# uname -a
Linux dev 3.13.0-76-generic #120-Ubuntu SMP Mon Jan 18 15:59:10 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
If your kernel version is earlier (lower) than the following list, you’re vulnerable and should follow the next section to update your kernel to safe version.
4.8.0-26.28 for Ubuntu 16.10
4.4.0-45.66 for Ubuntu 16.04 LTS
3.13.0-100.147 for Ubuntu 14.04 LTS
3.2.0-113.155 for Ubuntu 12.04 LTS
3.16.36-1+deb8u2 for Debian 8
3.2.82-1 for Debian 7
4.7.8-1 for Debian unstable
As mentioned previously, there should be a patch available for your kernel version through your standard package manager now.
yum is the package manager at play here, so you can update the kernel with the following command:
yum update kernel
Alternatively, if you’d like to update all packages on your server, you can use:
After this has completed, you’ll need to reboot your server to load the new kernel:
With Debian based systems, your package manager is aptitude, but we’ll use apt-get here. Run the following to upgrade your packages:
apt-get update && apt-get dist-upgrade
As with CentOS, a reboot is needed to use this new kernel:
Since 08:00 this morning our site has been under a brute force attack that is continuing as I write this. This attack is hapening even though we obsucure our login which supports the fact you should always have more than one security measure in place on your WordPress Website. This is why we use WORDFENCE.
Thanks to WordFence our site is secure and the only thing happening is that the Hackers are going through a lot of IP addresses.
WordFence allows us to automatically block an IP if you are using a User Name that does not exist.
So far they have used up 264 IP addresses and counting, Sooner or later they will give up.
If you haven’t installed WordFence we highly recommend there free version available from WordPress.Org or the link above.
Last week, WordPress 4.6 beta two was made available for testing.
The release update won’t be available till August 16th. Until then, you’ll be able to a take a look at a website, by downloading the beta to a test site and begin fooling around.
The team is also searching for everyone’s feedback before the release, therefore check that you browse and take a look at everything. For those that don’t wish to download the beta, there’s plenty to be excited concerning the next release.
Here are some of our favourite options in 4.6.
Shiny Updates are unbelievably exciting as they allow for much simpler updating and downloading. Once you wish to update, merely hit the button and you’re done. It eliminates the page redirect and pop-ups and makes everything easier and very straight-forward.
Native Fonts In Admin
In 3.8, the native font was modified to Open Sans. This wasn’t everyone’s favorite choice for several reasons together with that it had to be loaded from Google Fonts. 4.6 removes this issue by utilising it’s own fonts.
Improvements To Editor
The editor itself got a refresh with a much improved disaster recovery mode. Currently, the save method seldom detects once a save has been unsuccessful, resulting in the loss of your info. The update now shows a “There could be a newer autosave” message therefore you’re positive you’re writing the right post.
4.6 also will also acknowledge when URL’s are broken as you’re writing them.
Don’t worry there also are plenty of updates for the Devs.
There is currently a brand new library availble for PHP markup language requests. It will support parallel requests where you can only create one at a time.
This patch can save you a lot of time.
Pre-instantiated Widgets Registration
As of 2.8, the method for widgets wasn’t straightforward. in line with the announcement, “Since WP_Widget was introduced in 2.8 the register_widget() and unregister_widget() functions needed the class name (string) of a WP_Widget subclass to be provided.”
That method is modified in 4.6. because the announcement says:
Widgets will currently be instantiated and registered with constructor dependency injection.
New widget varieties can now be added dynamically, like adding a Recent Posts widget for every post type, per #35990.
Customizer arthropod genus
One of the most recent additions is Customizer apis that are for setting validation and notifications. in line with the announcement.
All changed settings are valid up-front before any of them are saved.
If any setting is invalid, the Customizer save request is rejected: a save therefore becomes transactional with all the settings left dirty to try saving once more. (The Customizer transactions proposal is closely associated with setting validation here.)
Validation error messages are shown to the user, prompting them to repair their mistake and try once more.
A new WordPress update is often exciting. Take a look at out the beta and send some feedback to create it the most efficient release one yet.
Make sure you check that you update on August 16th.
Note: Some of these security options require FTP access.
1.) User 1 – When you install WordPress your 1st Administrator account is User 1.
When you 1st login to your new wordpress install immediatley create a second Administrator Account, this will become your main Admin.
Then logout of your site and log back in with your new 2nd Administrator Account. Go to Users and delete the User 1.
This removes the risk of a potential hacker being able to obtain the user name of user 1.
2.) Remove Installer – Login to your FTP, First make sure you have removed the “wp-config-sample.php” file and the “Read Me” file then
go to wp_admin folder and delete the two files, “Install.php” and “Install-helper.php”.
This removes the ability to restart the install process.
3.) htaccess file – Add the following code snippets to your htaccess file above “# BEGIN WordPress”
## This denies all web access to your wp-config file, error_logs, php.ini, and htaccess/htpasswds files and folders.
Deny from all
## This closes the xmlrpc Issue which a hacker can use.
deny from all
## PREVENT HOTLINKING – Hotlinking is stealing your websites images by just using the image URL.
SetEnvIfNoCase Referer “^http://YOUR-Domain.com/” good
SetEnvIfNoCase Referer “^$” good
Deny from all
Allow from env=good
ErrorDocument 403 http://www.google.com/intl/en_ALL/images/logo.gif
ErrorDocument 403 /images/you_bad_hotlinker.gif
## cache images and flash content for one month
Header set Cache-Control “max-age=2592000”
Header set Cache-Control “max-age=604800”
## cache html and htm files for one day
Header set Cache-Control “max-age=43200”
4.) wp-config file – First if in your FTP access you have access above the Public Folder move the wp-config.php to here.
If you do not have access then section 3 has already put in protection. Then add the following code snippets to your wp-config.php
You can copy and paste these as they are
/** The Database Memory Limit for the Site */
define( ‘WP_MEMORY_LIMIT’, ’64M’ );
/** Stop plugin and theme editor in admin */
/** Stop producing more than 5 revisions of any page or post */
define( ‘WP_POST_REVISIONS’, 5);
Then create new SALT Keys and Paste as shown in the image below.
New SALT Keys are available here – https://api.wordpress.org/secret-key/1.1/salt/
5.) Lock folders – All your folder permissions should be set as secure as possible.
All directories should be 755 or 750.
All files should be 644 or 640. Exception: wp-config.php should be 440 or 400 to prevent other users on the server from reading it.
No directories should ever be given 777, even upload directories.
Since the php process is running as the owner of the files, it gets the owners permissions and can write to even a 755 directory.
Mode Str Perms Explanation
0477 -r–rwxrwx owner has read only (4), other and group has rwx (7)
0677 -rw-rwxrwx owner has rw only(6), other and group has rwx (7)
0444 -r–r–r– all have read only (4)
0666 -rw-rw-rw- all have rw only (6)
0400 -r——– owner has read only(4), group and others have no permission(0)
0600 -rw——- owner has rw only, group and others have no permission
0470 -r–rwx— owner has read only, group has rwx, others have no permission
0407 -r—–rwx owner has read only, other has rwx, group has no permission
0670 -rw-rwx— owner has rw only, group has rwx, others have no permission
0607 -rw—-rwx owner has rw only, group has no permission and others have rwx
If for any Reason you cannot find your .htaccess file – http://www.wpbeginner.com/beginners-guide/why-you-cant-find-htaccess-file-on-your-wordpress-site/