Tweaking Wordfence Settings For Troublesome Scans

Tweaking Wordfence Settings For Troublesome Scans

security

Recently I got notification that a site was temporarily disabled because it had malware on it. Now that the issue is resolved, I believe it to be a false positive and overreaction from the hosting company. It also came on the night that I met a cleanup expert who works for Wordfence, the popular WordPress security plug-in. That meeting came in handy as I noticed scans on some of my sites weren’t completing successfully. My new Wordfence contact helped me find the appropriate settings to allow scans to complete and I wanted to share them with you.

Web HostingEach of my own sites is hosted at SiteGround and some were recently migrated from other hosting. Even though the SiteGround hosting is far more robust than the previous hosting, I found that Wordfence scans on my sites were hanging up well before the scan was completed.

Let’s first look at the order of a Wordfence scan. Items go from left to right during a scan and the first three are only available for those with the premium version of Wordfence. My scans were hanging up in the middle of the File Changes stage and therefore never got to the Malware Scan. This was very frustrating as it left open the possibility for malware to go undetected.

Many of the things I needed to change were found on the Wordfence | All Options page. Once on that page, scroll down to the Scan Options section. While my sites were not set to do a High Sensitivity scan, it was recommended I not choose this option. All of the available General Options were checked, except for the last three. The boxes not checked are Scan files outside your WordPress installation, Scan images, binary and other files as if they were executable and Enable HIGH SENSITIVITY scanning.

In my own attempts to find a solution, I had tried a much higher Maximum execution time (100) based on a tutorial I’d read. My contact suggested setting this at 15. Probably the biggest thing changed was in the Advanced Scan Options. Each time a scan fails, the file on which it fails is added to the Exclude files list. Mine had grown fairly long and everything on that list was cleared. In it’s place, a few file types were added. While the file types can include malware, none can be executed directly so they are very low risk. The exact entry for those file types is listed below.

*.svg
*.jpg
*.png
*.zip
*.bak

Once these changes were made (and the Save Changes button clicked), the scan ran successfully. Knowing that any problems will be detected quickly helps a Web geek sleep much better at night. Should you have Wordfence scan problems, I hope these suggested changes will help you find a way to get the scan running successfully again.

Photo by unsplash-logoJames Pond

Tutorials to Build Your Business and Your Web Site

Tutorials to Build Your Business and Your Web Site

tutorial

In order for your business to be successful online, you need more than just a good Web site. We’ve gathered some tutorials that may help your business both on and offline.

Let’s start with three tutorials on services that may help your business. VoIP is one of our favorite technologies as we use it for all of our phone lines. While we don’t use the other two services, they may be of use to you.

Now for some tutorials about your Web site. Should you monetize it with subscriptions? If so, Facebook will have a way to do this soon. Have you copyrighted your site? How are your blog posts performing in search rankings? Details on each of these areas are found in the tutorials below.

Giving Olive Oil Site a Tasty Makeover

Giving Olive Oil Site a Tasty Makeover

ecommerce

Last summer a relative was visiting and we decided to go into the local olive oil store. It was an eye opening trip for me and I’m always looking for local businesses in need of a Web site. When I got back to the office, I gave their existing site a look and knew that I could be a big help to them. Below is a screenshot of the top part of their old home page.

One of the first things I typically do with a site is see how it works on a phone. This one didn’t work well at all as there was no navigation. It was about the fifth time I looked over the site that I realized it had a store and you had to click on the credit card icons to get to it. Plus, it just needed a design makeover.

Once we were done, the top of the home page had a new look and it works great on mobile. The very first elements are the phone number and email address. On a phone, a visitor can click the phone number and it will dial the store. Menus have a cleaner look and they translate well to a phone. While not shown on this screenshot, there are also featured products and a box for signing up for their mailing list.

Social media was barely visible on the old site with a somewhat hidden Facebook icon. The new site features prominent icons for Facebook, Instagram and Pinterest as well as recent posts embedded throughout the site.

Some visitors to the site and store will be very knowledgeable about olive oil. While I know it tastes good and has health benefits, I don’t know much more. That’s a perfect reason for the site to have a section labeled Learning Center. On the old site, it wasn’t very inviting and it was easy for me to overlook. Below is an example.

Everything was stuffed on a single page. We broke out each topic into an individual lesson and gave the page a more appealing look. Not shown in the screenshot below is the sidebar promoting other parts of the site or the navigation shown in the earlier shot.

Now visitors can easily see the title of each lesson and click on it to learn more. Now learning about olive oil is more appealing and can help direct visitors to products they can purchase.

One of the most popular types of site on the Web are recipes. The old site had some recipes though they weren’t presented in a way to draw in visitors. Below is a screenshot of the old site.

Just as with the learning center, all recipes were on a single page. We felt it important that each recipe be laid out similarly to the popular recipe sites. The main recipe page simply has links to each of the individual recipes as shown below.

When you click on one of the recipes, it takes you to a detail page. Having all of the distinct pages also gives search engines more content to rank so the site will be found more often. Below you can see how the recipe is laid out and we even included links for purchasing the products needed by the recipe.

What isn’t shown in the screenshot is a slider that links to all other recipes so that visitors can easily navigate through all of them if they like.

Of course the ultimate goal of the site is to provide a way for visitors to purchase products. While the old site had a store, it wasn’t obvious to visitors. Once you got to the store, you were presented with links to some general categories as shown below.

Clicking on a category led to another page with products and more clicks were required to add a product to the shopping cart. This was a very inefficient process and their online sales weren’t living up to their potential. We truly integrated the store into the site as you already saw on the recipe page. Below is the main store page also showing the sidebar.

In addition to the main store page, we also have dedicated pages for each category of products. Some of the products are added directly to the shopping cart, while others have options to select. Below is a product page that allow you to select the gift bag and bow color.

Early in the project I was asked by the owner if I felt this would increase their sales by 10%. I smiled and said I would be very disappointed if we only saw a 10% increase. I’m fully expecting their online sales to double with the new site.

Want to see all the changes? Visit the Cave Creek Olive Oil site and pick up something tasty while you’re there! Want our help in designing a site for you or giving your site a makeover? Send us a note and tell us how we can help.

Importance of Open Web and Cleaning a Hacked Site

Importance of Open Web and Cleaning a Hacked Site

maintenance

WordCamp Phoenix was held a couple of weeks ago and it is great to spend two full days with other WordPress users of all levels. One of the speakers that always delivers great content is Aaron Campbell. His main job is working on the security of the core WordPress software and he has a real knack for explaining complex security issues in an easy-to-understand way.

His talk at the most recent WordCamp was titled “Why the Open Web Matters” and he gets his point across by talking about video games and tractors. Yes, tractors! You can watch the entire session on WordPress.tv or I have embedded it below.


Want to know more about why farmers are hacking their tractors? Read Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware. A followup documentary about the tractor hacking was recently released at Tractor Hacking: Watch Our Documentary About Farmers Fighting for the Right to Repair.

This is not a problem specific to tractors. It also affects the fastest production car ever made. The only way to maintain that car is with a specific Compaq computer from the early 90s. Read McLaren needs a 20-year-old Compaq laptop to maintain its F1 supercar for the details.

Cleaning Up a Hacked Site

While there are many things you can do to protect Web sites, the hackers won’t stop trying. If you don’t have good protection, the hackers are far more likely to succeed in hacking your site. Should your site get hacked, you’ll need to get it cleaned.

Sucuri is one of the leading providers of Web security and they have authored detailed steps for How to Clean a Hacked Website. There are separate instructions for WordPress, Joomla, Magento and Drupal sites.

We’d love to help protect your site so the likelihood of getting hacked is minimized. Please consider one of our WordPress Maintenance Plans. They are a small investment into keeping your site working hard for you!

Photo by unsplash-logoGozha Net

An Introduction to WordPress Security

An Introduction to WordPress Security

security

If you have a Web site, security is extremely important. The bad guys are trying to hack it, no matter how big your site. Having a few layers of security in place is an absolutely must.

RoboformJust over a week ago was WordCamp Phoenix and one of the speakers was Aaron Campbell who is one of the core developers for security in WordPress. He provided a lot of great information and he stressed that you absolutely must have strong passwords that are different on every single site. No matter how good your memory, you will never remember them all. I’ve always relied on Roboform as our method of creating and remembering passwords. I checked with Aaron and he said it is a great option.

Just a few days before that, I was at the GoDaddy Pro Summit and one of the speakers was Tony Perez of Sucuri. To say Tony is very animated when talking about security would be an understatement. I just felt more secure listening to him. Or did I feel more worried about security on my sites? Hmmm, I’ll need to think more about that. Sucuri provides a service to help you protect sites and is something you may want to consider for your sites.

Sucuri recently put out An Introduction to WordPress Security that provides an excellent step-by-step guide about a number of things you can do to make your sites more secure. For those who want help maintaining and security your site, please consider one of our WordPress Maintenance Plans.

10 Reasons Why It’s Worth Investing in Professional Web Site Development

10 Reasons Why It’s Worth Investing in Professional Web Site Development

ecommerce

Our friends at GoDaddy recently wrote a post titled 7 reasons why it’s worth investing in professional website development. I encourage you all to click the link and read the post as it contains some great information.

When I read it, I had my own thoughts on the reasons listed so I’ve taken the seven reasons from that post and have provided my answers below. Three other reasons came to mind as I thought about why I feel Unleashed is a great choice and they are included after the initial seven. As we focus solely on WordPress development, the solutions below are all based on WordPress.

1. Professionals can customize beyond templates

Elegant ThemeseEvery WordPress site has a theme (template) that determines the design and features of the site. Sure, there are a bunch of free themes available and some of them are OK. We’ve tried a lot of themes and found that there are many of them that are difficult and/or don’t work nearly as well as the demo.

Over time, we’ve developed a small number of themes that we use on most of the sites we build. We know how they work in depth and know that we can deliver a wide range of designs from them. There are also ways to extend our favorite themes to give them even more features and options.

Should you build a site yourself, you might choose a great theme and it’s possible you get a really bad one. When a bad theme is used to build a site, it can be very hard to switch to another theme at a later time.

2. The ROI is worth the initial cost

Let’s say you want a pizza for dinner tonight. It is simple to go to your favorite pizzeria and get a large pizza with a few toppings for $15-20. The alternative would be to make your own crust, either purchase or make sauce, get some cheese and the other toppings. Then add the time involved to take the raw ingredients and make the pizza. In the end, you could have a gourmet pizza or a complete dud and you will have spent a lot more money and time to get there.

Yes, a good Web site is an investment. If you work with a developer and provide the content required, it will save you money. Even if you built it yourself, you’d still need to come up with the content. What is your time worth? Expect that it can take you 3-5 times as many hours (minimum) to build a site as well as a good developer. In the end, will your creation be a masterpiece or a dud?

By using a pro, your site will be working for you sooner and will be designed to meet (or exceed) your goals. This brings a return to you sooner and that return will likely be much greater.

3. You can choose the right developer

No single developer is the right fit for every project and you’ll find many choices when looking for someone to build an awesome WordPress site. Clients sometimes judge only the cost and not what the developer can delivery. The goal is to have a site that best delivers on your goals while delivering a great return on investment.

We pride ourselves on being part of the GoDaddy Pro program as well as being a Google Partner. The online world changes every single day and we focus on educating ourselves on those changes so that we can deliver sites that follow all the latest standards. This also allows us to minimize the time and costs involved.

4. Managing your own content is still possible

At its heart, WordPress is a CMS (content management system). It is designed to allow multiple users to change content to varying degrees. Some clients only want minimal abilities to change a few words or photos. Other clients want full control of a site. Either option is possible and the abilities can even be changed at any time.

This also brings up the famous Spiderman quote “with great power comes great responsibility.” If a client has the ability to edit anything on the site, they also have the ability to accidentally create problems by clicking the wrong thing. We work with clients so they know how to complete the processes most important to them to minimize potential problems.

5. eCommerce functionality is doable

With a WordPress site, eCommerce functionality can be as simple as installing a plug-in. While it is technically quite easy, a good eCommerce site is much more complex. What types of products and/or services are you going to sell? What types of payments are you going to accept? Do you need to ship products? Are they downloadable? These are just some of the questions that need to be answered.

WP EasyCartWooCommerce is often mentioned as it is the most popular tool for adding eCommerce to WordPress. That does not mean it is the right answer for your site. We have found other tools that are better choices for our clients. Not only do we recommend these tools for clients, we use them on our own eCommerce sites so we know them inside and out.

6. Your site will be mobile-friendly and responsive

Google Mobile Sites CerticationWith nearly 2/3 of all Web traffic coming from mobile devices, it is an absolute must that your site works great on mobile devices. Visitors to your site could be on a computer screen that comes in nearly any size. Throw in the variety of tablets and mobile phones and there is just no single size anymore.

When we design a site, it is designed to be responsive. That means it adapts it to the screen of the device on which it is being viewed. Not only does it need to adapt to every screen, it needs to be usable on every screen. Your blog post must still look great on every screen. Visitors should be able to shop in your eCommerce store on every screen. Google created a certification test to make sure developers followed mobile best practices and all of our designers have passed the test.

7. Websites are constantly changing

One of the best parts about building a Web site on WordPress is that the platform itself is being regularly updated. We prefer to work with themes and plugins that are also regularly updated. First and foremost, this helps to keep your site secure. But these changes also support new and improved features.

Not only does the technology itself improve, we also focus on improving our skills and knowing that latest best practices in Web design. While you may choose not to have your site updated regularly, we’ll be ready to update it when you need it.

8. Keep all elements maintained and secure

It is thought that once a Web site is launched that all work is done for a long period of time. That just isn’t the case. It is not uncommon that some element of the site has an update almost every single day. If a client prefers, they can handle all of these updates. A far better value is to select a maintenance plan where all the updates are installed on sites for clients.

This keeps elements updated and keeps the site more secure as well. Additional layers of security are available for clients who want true peace of mind.

9. Your pages can be tested and optimized

If a user builds a site, will they test it on a variety of devices or do they decide it looks great on their own computer so it must be perfect? We want to test pages on computers, tablets and phones so that the user experience is consistently good.

Even when a site looks good on devices, it may not be optimized. Are images the right size in both dimensions and download size? Will the page perform well in search results? Can adjustments be made to make the site load as fast as possible? These are all tasks a pro will perform so that you get the best results from your site.

10. Resource for support after the site launches

When a site is first launched, it is only the beginning. Changes will inevitably be made. New content will be added. Quite possibly new features will be needed. Where is your time best spent? Is it becoming an expert on WordPress or working on your own business? Regardless of whether you are going to update the site or you want a developer to do it, we’re here to help.

We’d be happy to discuss your needs to see if we are the right developer for your project. Visit our Contact Us page or give us a call at 480-595-0065.

Featured image by Helloquence