Unsplash WP Plugin

Photo by: Ryan Mcguire

I am always on the lookout for new and interesting photos for use in websites, blog posts and to pass on to clients. There are several places you can get free photos to use, in fact here is a list of 30 of them, but finding the perfect photo, downloading and uploading it again in your WordPress website gets tiring. This is where the Unspash WP plugin comes in.

Installing the Unsplash WP Plugin gives you an easy way to find a great photo to add to your website and the plugin takes care of adding the photo to your local media library so you just have to click and select the photo you want. The image is automatically downloaded and you just need to insert the photo from your media library.

While the selection of photos from Unsplash is still limited the selection is constantly getting better and the ease of adding the photos to enhance your website is worth taking a look the the Unsplash WP plugin.

World Backup Day 2014

World Backup Day

Today, March 31st, is World Backup Day and I want to remind you to make sure you have a backup of your data. If you do already have a backup you need to make sure that backup is working and you can successfully restore data from your backup.

What should you be backing up?

Desktop and Laptop Computers
The most obvious answer of what you should be backing up is your desktop and laptop computers. You do your work on them, store your precious photos and home videos on them and they are all prone to hard drive failure or even virus threats like cyberlocker. You should have a local backup and one stored off site. There are many ways to create a local backup. Windows and Macs ship with backup software built in.

Off site backup can be easily done with cloud backup software like Backblaze, Carbonite, SpiderOak, and CrashPlan to name a few. Some software can even create and manage both your local and cloud backup at the same time. SpiderOak, CrashPlan, Zoolz and SOS Online Backup all come to mind. I can go one at length about them all, and do at Cloud Storage Buzz.

Your Smartphone and Tablet
Have you ever backed up your smartphone or tablet? For most people your smartphone has become your camera and video recorder. Backing up those photos and videos in the case you lose your device or it is destroyed is just as important as your desktop or laptop. There are many apps that will automatically copy your photos and videos from your smartphone or tablet to the cloud or your own computer. Some of my favourite apps to do this on both Android and iOS are Google+, Dropbox and Bittorrent Sync. If you already use a cloud backup service they might also offer an app that can backup your smartphone to your existing cloud backup. Carbonite and SOS Online Backup come to mind but there are others.

Your Website
Odds are if you read my blog or follow me on social media you probably have a website and obviously you need to make sure you have backup copies of your website files and databases. Many a great website has been taken offline for long periods of time because backups were not available. Depending on your website and your web host you might have several different options for backing up your website.

If your website is hosted on a web host that uses cPanel, it is pretty easy to manually login to your cPanel web hosting control panel and create a manual backup and download it. The downside of using the cPanel backup is it is a manual process that you need to remember to do. There are ways to automate your cPanel backup but that can get pretty complicated. Thankfully there are other easier options to backup your website.

One way is to sign up for Sucuri. Sucuri offers website malware monitoring and clean up. They are a a fantastic service that can help clean up your website in the event is has been compromised by malware. One of the additional services they offer is website backup. I have several clients that use Sucuri and it is an excellent service so far.

You can also take a look at Mover.io. They offer the ability to move files easily between cloud services. You can set it up to copy your website files and databases from your web host to your favourite cloud service. I have not done a great deal with them yet but the service does look promising.

Another way of making sure your website files and databases are protected are by signing up for a web host that does it automatically for you already. While I would recommend not relying solely on your web host backup it can be a great help if you need it. One of the web hosts I have been impressed with regarding backups is WPEngine. They make it easy to create backup points and to download them. Some hosts say they make backups but you do not have easy access to downloading them or restoring them.

If you use WordPress for your website there are also a number of plugins and other options available to regularly backup your database and files within WordPress. At the very least you can regularly export all of your content using the WordPress export tool.

Your Google Services
An area many people over look when they think about backup is backing up your Google services. I use many of Google’s services and I would be lost without having access to my GMail, Calendar and Drive files. While I do have a local copy of all my Google Drive files, I don’t use a desktop email or calendar program so my only copies of my GMail and Calendar are with Google. Thankfully you can backup your Google services with other cloud services. Two I have used are Spanning and Spinbackup. Both are good. Spanning can also backup Saleforce (if your company uses that) while Spinbackup can backup your Google+ photos.

Backing Up Is Easy!

Backing up your data has gotten much easier over the years I have been using computers. The tedious task of creating a backup to floppy disks (remember those) are long gone. There is simply no reason not to setup an automatic backup of your data any more. You will be thankful that you did when your hard drive dies and you still have access to your photos of your kids first steps, or first school play. I have seen far to many people lose all of their files, photos, and important work data, please don’t become one of them.

BACKUP YOUR DATA!

Use CloudFlare Page Rules to Protect WordPress from Brute Force Attacks

I have talked about CloudFlare before and there are many reasons why you should use them, from helping to speed up your website to making it easy to monetize your website using Viglink. If none of those reasons convinced you why you should use CloudFlare perhaps this one reason alone will help convince you. You can use CloudFlare page rules to protect your WordPress powered website!

One of the great things CloudFlare has introduced is page rules. You can define a page rule to have different rules from the rest of your website. To help protect your WordPress website from a brute force attack, where usually an automated bot, hits your wp-login.php page again and again and again trying to get entry you can simply create a page rule in CloudFlare to protect the page. This can slow and often stop the brute force attack because the bots will either be stopped dead by the CloudFlare check or slow them down so much that it will take them much longer to actually try to login.

Free accounts with CloudFlare only get three page rules, and you will need two of them to protect your wp-login file. You might be able to get this down to one if you do some .htaccess redirects but to keep it simple lets stick with the two CloudFlare page rules. The two page rule URL patterns I have been using for the WordPress login page are:

example.com/wp-login.*
*.example.com/wp-login.*

You have to enter each one separately but it is much easier than trying to do this through .htaccess. The important part after you have added a page rule URL match is in your rules make sure you turn the Security and Browser Integrity to ON and set the Security Level to Help, I’m Under Attack.

cloudflare-page-rules

This will cause CloudFlare to closely inspect every visit to your wp-login.php page. This will also slow you down when you go to login to your website unless you whitelist your IP address with CloudFlare. Then you will bypass this and be sent straight to the login.

cloudflare-wp-login

This will not totally protect your WordPress website but it will provide an extra layer of protection from brute force attacks. It is still important to use strong passwords, keep your WordPress install up to date and you can try some plugins that limit the number of login attempts.

TinyPNG Plugins

Optimizing your WordPress site to be faster is good for your users, but it is also good for your search engine results. It is one of the things that is in your control. One of the best ways to optimize your PNG images is to use TinyPNG. Previously you had to manually use the site to optimize your PNG images and then upload them again to your server. Not a very friendly or easy way of doing things. Thankfully TinyPNG has now developed an API and there are several WordPress plugins that have been developed to take advantage of it.

For all of these plugins you need an API key from TinyPNG. You can get one for free at their developer page. You can use it free for up to 500 images a month but after that you need subscribe to one of their paid plans. For many bloggers 500 images a month is a lot but remember for every PNG image you upload WordPress makes several version all that need to be compressed and optimized.

Compress PNG for WP

Compress PNG for WP
This is my favorite TinyPNG plugin and the one that I have actually installed here on WP Paradise. The plugin integrates nicely with the existing media gallery in WordPress allowing you to automatically optimize all new PNG images that you upload and optimize existing PNG images on your WordPress website.

TinyPNG for WordPress

TinyPNG for WordPress
This might have been the first TinyPNG plugin added to the WordPress plugin repository. It provides you with an alternative to use TinyPNG. It does not integrate with the media gallery in WordPress, which could be good if you only use PNG’s occasionally and want to have control over what images are optimized or not.

WP TinyPNG

WP TinyPNG
This plugin was released just a couple days ago and has a few more options than the other two TinyPNG plugins. It also integrates with the media gallery but has an option to keep the original file.

Optimizing your images goes a long way to speeding up your website for your visitors. These TinyPNG plugins make it even easy to make sure your PNG files are the smallest file size they can be. Take a look and let us all know what you think in the comments.

Web Hosting Recommendations

WordPress Hosting & Managed WordPress Hosting

It has been awhile since I talked about web hosting so I thought I would update everyone on what I am using and what web hosting I have been impressed with over the last year.

As many of you know I have and host many of my clients websites on my dedicated server through iWeb. I have been pleased with iWeb over the years and recently moved all of my clients sites from one dedicated server to a new one. The new dedicated server is faster and has considerably more memory than the old server. The net result of the move has been improved speed and response times for all of my clients websites that on are on that server. The best part for me, besides the extra speed, is the fact that the new server is actually cheaper than the server I had before!

Another web host I have been impressed with this year is WP Engine. I have one client that hosts on WP Engine and it has been a really good experience so far. If you have not heard about them they offer managed WordPress hosting. It is sort of like shared hosting but they take care of many of the little things that make running your own WordPress website a little easier.

A few things that really impress me about WP Engine is the speed of the service. On regular shared hosting you usually need to worry about setting up a caching plugin to help speed up your website and to lower the load on the shared CPU and memory. WP Engine takes care of all of that. No need to use a caching plugin. That is one whole section of managing a WordPress website taken off your hands so you can focus on the website and not managing the caching.

I am also really impressed with the ability to have a staging site on WP Engine. Testing new plugins and changes to a live website can end up taking the site down occasionally and for a site that you want up 24/7 is really not acceptable. I usually run testing versions of many of my clients websites but WP Engine makes it easy to do. Click a button it copies the live site to a staging site. Go login to the staging site, load the new plugin or make your changes, make sure it all works and then you can either copy the staging site over to live or go and make the changes to the live site knowing they will work.

That being said I do have one complaint about WP Engine, it can’t all be good right. Because it is managed WordPress hosting they have a list of plugins you cannot install. The caching plugins are not a problem but you will want to check their list of disallowed plugins before moving to them just in case you rely on one they don’t like. For the most part most WordPress sites should not have a problem.

If you run a WordPress website WP Engine is worth looking at. It costs a little more but they have impressed me so far.

If you are just starting your own website using WordPress or something else, I still have web hosting accounts with Hostgator and Dreamhost. Both accounts are shared accounts and they are still worth looking into. I host several of my own side projects on Hostgator and is has been very reliable for the price I pay. I host my personal blog over at Dreamhost and I have been happy with them as well. Both are shared hosts so they may not be the fastest in the world but if you are just getting started they are worth looking at.

Those have been my favorite web hosts for 2013. Finding a good web host is one of the biggest challenges you can face when getting your website online. You often get what you pay for in web hosting. If you are up to running your own dedicated server you will get more control over your web presence. If you don’t want that kind of headache or don’t want to fuss with lots of little things a managed host, like WP Engine is an excellent choice.

What are your favorite web hosts and why?

3 Easy Tools to Name the Theme

A common question from people as they are searching for a theme for their WordPress website is what theme is ____ website using? If you know HTML/CSS it is pretty easy to look at the code and determine what the theme is and where that website got it from. If you don’t know HTML/CSS here are three easy tools that you can use online to quickly discover more about that theme.

WordPress Theme Detector

WordPress Theme Detector
Enter the URL of the WordPress website you want to find out more about the theme and this website will give you the details about the theme and occasionally some details about additional plugins on the website. The details for the plugins was not always 100% accurate but the theme detection on the sites I tried was always pretty good.

What WordPress Theme Is That

What WordPress Theme Is That
Similar to the WordPress Theme Detector above visit the site, enter URL of a WordPress website and get the theme details. Pretty much the same type of details are returned.

Theme Sniffer

Theme Sniffer
This is a little different from the other two. It is a Chrome extension that you can install and get the theme details for WordPress and Joomla based websites. Pretty handy if you are looking up themes all the time and don’t want to visit another site to do it. Just click the button in Chrome and the information is returned.

Now you know how to look up what theme websites are using without having to learn HTML/CSS. Makes it easy if you come across a theme that you really like and would like to download or buy as well.

Upload Flash Files in Media Library

I learned something new today and I thought I would share. I discovered that it was no longer possible to upload Shockwave Flash files in the WordPress Media Library. Not that I have to upload flash files very often but I had a client that wanted to add a flash game in their website and could not for the life of them get it uploaded.

This change was apparently added in WordPress 3.6.1.

Additional security hardening:

Updated security restrictions around file uploads to mitigate the potential for cross-site scripting. The extensions .swf and .exe are no longer allowed by default, and .htm and .html are only allowed if the user has the ability to use unfiltered HTML

While I can understand the reasoning behind it, I still had to find a way to allow my client to upload their swf file. Well a little searching and a little tweaking here and there and I came up with the following snippet of code. I added it to their theme functions file and presto they could upload their swf file and everyone was happy again.

// Add SWF mime type to upload to media manager
function lgr_mime_types($mime_types){
	if (current_user_can('install_plugins')) {
		$mime_types['swf'] = 'application/x-shockwave-flash'; 
	}
    return $mime_types;
}
add_filter('upload_mimes', 'lgr_mime_types', 1, 1);

I could have done the code without the current_user_can check, but the clients site in question has multiple users and I only wanted people that had Administrator rights to be able to add swf files in case you were wondering what that check was for.

Seems to be working so far. Will want to move it into a site specific plugin in the future but for the next couple of days this will do nicely.

Control Automatic Updates in WordPress

One of the new features in the WordPress 3.7 is the ability for WordPress to be able to update itself. This has also been one of the more controversial features, but personally the new ability to had WordPress automatically update when a new security update is available is a fantastic idea. If you are not comfortable with WordPress auto updating you have a couple of choices to turn off auto updates.

If you are comfortable with editing the WordPress configuration file you can easily following the instructions at WPBeginner.com. Just a simple matter of editing your wp-config.php file and adding the following line:

define( 'AUTOMATIC_UPDATER_DISABLED', true );

If you do not want to mess with code, and lets face it most people don’t, you can check out the new plugin called Update Control. It looks like it gives you the control you would want to control your automatic update all without editing the wp-config.php file.

autoupdateoptions

Which method do you prefer?

WordPress 3.7 “Basie” Released

WordPress version 3.7 code named “Basie” in honor of Count Basie, is now available for download or update in your WordPress dashboard. If it is not yet showing as an update in your WordPress dashboard you can download a copy directly from WordPress to update or install.

This new WordPress release features some of the most important architectural updates they have made to date. Here are the highlights:

Updates while you sleep: With WordPress 3.7, you don’t have to lift a finger to apply maintenance and security updates. Most sites are now able to automatically apply these updates in the background. The update process also has been made even more reliable and secure, with dozens of new checks and safeguards.

Stronger password recommendations: Your password is your site’s first line of defense. It’s best to create passwords that are complex, long, and unique. To that end, the password meter has been updated in WordPress 3.7 to recognize common mistakes that can weaken your password: dates, names, keyboard patterns (123456789), and even pop culture references.

Better global support: Localized versions of WordPress will receive faster and more complete translations. WordPress 3.7 adds support for automatically installing the right language files and keeping them up to date, a boon for the many millions who use WordPress in a language other than English.

For developers there are lots of options around how to control the new updates feature, including allowing it to handle major upgrades as well as minor ones, more sophisticated date query support, and multisite improvements. As always, if you’re hungry for more dive into the Codex or browse the over 400 closed tickets on Trac.

via WordPress › Blog.