The importance of keeping WP up-to-date

Malware Bytes reports of a non-trivial uptick in compromised WordPress sites.

During the past few days, our crawlers have been catching a larger-than-usual number of WordPress sites being hijacked. One of the most visible client-side payloads we see are redirections to tech support scam pages. Digging deeper, we found that this is part of a series of attacks that have compromised thousands of WordPress sites since early September. … The sites that are affected are running the WordPress CMS and often using outdated plugins.

Keeping WordPress up-to-date is essential, as is running a good security plugin. We recommend Wordfence. If you need help locking down your WordPress installation or keeping it up-to-date, contact us. We offer monitoring and updates services for as little as $35 per month.


Top 4 WordPress plugins

Every web site project will use plugins to compliment the core functionality of WordPress. These are our Top 4.

  1. Yoast SEO
    Yoast SEO is the No. 1 Wordpress plugin for search engine optimization. Along with a properly coded WordPress theme, it is a cornerstone in the foundation of your WordPress site (assuming you want customers to find you, that is). The Yoast SEO plugin also makes it easy to effectively share your web site on Facebook, Twitter and other social media platforms. It generates site maps, hooks into Google Web master tools, and provides other essential features that every web site needs
  2. BackUpWordPress
    Does exactly what it says, with the option to schedule backups for only files, only the database, or a combination thereof.
  3. Wordfence
    The leading security plugin on the market, with over 22 million downloads
  4. Smush Image Compression and Optimization
    Widely known as WP Smush It — or sometimes just Smush It or Smush — this plugin from WPMU Dev optimizes images as you upload them to WordPress. And since bloated images are the leading cause of slow web sites, this is one plugin you can’t afford to live without

There are many other plugins that we use widely, but these are part of every project no matter the scale or scope.

Learning WordPress: 4 links to jump-start your education

Ready to learn WordPress? Two of the many great things about the platform is that one, it is extremely well-documented, and two, there is a thriving ecosystem that supports it. Jump on these 4 links to get moving.

New To WordPress – Where to Start

If you’re just diving into WordPress, knowing where to begin is no easy question to answer. Are you going to be a user or a developer? Both? This page from the official WordPress manual is the perfect place to start.

How to Learn WordPress: 7-Day Challenge

This 7-day plan from WPMU will get you up and running inside a week. Topics include:

  • setting up your first WordPress site
  • choosing the right theme
  • an introduction to plugins
  • strategies for backing up (hint: it’s important)

How to Learn WordPress for Free in a Week (or Less)

A shorter version of the above with lots of great links, such as posts vs pages and categories vs tags. The 7-day plan above is far more thorough, but this one from WP Beginner will get you up and running faster.

Get Going Fast: A Checklist

This quick-start guide from skips the background info and gets straight to it. You’ll be online with your own site by the end of the day.


Setting up a WordPress site

Setting up a Wordpress site isn’t difficult, but there are a lot of steps. As something of an early Christmas present, iThemes has put together an extensive checklist breaking the process down into 7 easy-to-follow sections.

  • Basic WordPress Development
  • WordPress Security
  • WordPress Backup
  • WordPress SEO
  • General WordPress
  • WordPress Launch
  • WordPress Maintenance

There are 88 items in all. Under the security section, iThemes recommends its own plugin. As we’ve written before, we would offer different advice. But otherwise, their list is terrific.


SEO jump start

Looking to get a quick jump on search engine optimisation for your WordPress web site? WPMUDEV offers a simple four-point strategy:

  • Keyword optimization
  • Proper title tags and meta descriptions
  • Generous internal link building
  • Comprehensive up-to-date sitemaps

Number 3 is commonly overlooked, but it should be one of the easiest to master. MOZ breaks it down, and Search Engine Watch explains why internal link building is critical to any SEO strategy.

WordPress security (revisited)

A few months ago I wrote about WordPress security. In that post I mentioned a couple of plugins that we use here at K4 Media: iThemes Security and Securi Security. While both are fine plugins, and configured correctly they should protect your site from hacks, it can be challenging to get the settings right. Very challenging, we found out.

Case in point — one of our sites running both plugins got hacked.

It wasn’t a bad hack, mind. And we caught it almost immediately. Still, having your web site hacked is bad. It rattles the confidence of your customers. Plus, cleanup is time-consuming, and the threat of re-infection is nerve-racking. As a result of the compromise, we reached out to one of our most trusted tech partners, Sydney E-Commerce. After a bit of head scratching and code re-evaluation, we are moving away from the two-plugin approach outlined previously. That security stance will be replaced by the WordPress security plugin Wordfence. Wordfence seems far easier to configure, and the reporting and monitoring is far better, which leads to a greater degree of confidence in the abilities of the plugin. Plus, it’s only one plugin, which makes management far easier.

As always, web site security is a never-ending battle. Constant vigilance is necessary. So is change.

P.S. For a great introduction to keeping your site secure, read WordPress Security: The Ultimate 32-Step Checklist.

OPCC extends condolences to the family of Kem Ley


11 July 2016

PHNOM PENH – The Overseas Press Club of Cambodia (OPCC) offers our deepest condolences to the family of Kem Ley. He was a friend to journalists and our community feels his loss along with his family and Cambodian civil society.

We urge a thorough and independent investigation into the circumstances surrounding his death and the general rise of violence and repressive acts that appear politically motivated.

Kem Ley was a respected political commentator and Cambodia has lost an important political voice. We’re extremely concerned that this killing will have a quietening effect on freedom of speech nationwide which is crucial ahead of next year’s commune elections.

The Board.