10 WordPress Security Tips for DIY Users
In my previous post we shown a comparison of security plugins. I am trying to post everything for DIY user of wordpress. So that you can learn wordpress security and you don’t need to hire a wordpress security expert and save your money. With that phase today we will discuss about 10 WordPress Security Tips for DIY users. So lets get started.
Top 10 WordPress Security Tips for DIY users:
- Change the Default “admin” username
- Disable File Editing
- Disable PHP File Execution
- Limit Login Attempts
- Change WordPress Database Prefix
- Password Protect WP-Admin and Login
- Disable Directory Indexing and Browsing
- Disable XML-RPC in WordPress
- Automatically log out Idle Users
- Add Security Questions to WordPress Login
Change the Default “admin” username
Once upon a time every webmaster used “admin” username for their dashboard. So it is easy to guess the username for a malicious hacker and harm your website. So, you need to change your default “admin” username. There is 3 ways to change WordPress Admin Username
- Manually change the default admin username in WordPress
- Via Plugin
- Using PHPmyAdmin
Manually change the default admin username in WordPress
This a very easy and effective method to change username in wordpress. To complete this method follow these steps:
- Log into your Dashboard. On the left-hand menu, hover to Users and choose Add New.
- Fill in all required information. You should give it a harder-to-remember username (that’s our purpose). In the Role drop-down menu, choose Administrator so that this new user has the right as an admin. Then hit Add New User.
- Hover to the top right of the page to log out.
- Now log in again to your Dashboard but by new user account.
- Choose to view All Users in Users section. Hover to the default admin and click on Delete.
- To save all the contents you have previously created with the old admin account, tick on Attribute all content to. And from the drop-down menu choose the new admin username.Finally, Confirm Deletion.
Disable File Editing in WordPress
WordPress has a default theme and plugin editor within it’s dashboard. If it is in wrong hand it could be dangerous. So you need to disable this feature of wordpress. To do this:
- Open up your wp-config.php file in a text editor.
- Anywhere above the line in that add the line
define( 'DISALLOW_FILE_EDIT', true );
- Save the file.Check your WordPress dashboard, you should no longer see (even on an Administrator account), the links at “Appearance > Editor” and “Plugins > Editor”.
Limit Login Attempts on WordPress
If you do not enable this your website can be hacked by brute force method. So you need to Limit Login Attempts on WordPress. There is several plugins what does this. You can find Best WordPress Security Plugins in this article.
Change WordPress Database Prefix
As you already know wordpress is a very secured and flexible content management system. Though you need a hard security for your website. So that no hacker can bypass your security. WordPress default table prefix is: “WP_” what is common. So you need to change this. There is two method for changing this:
- CHANGING THE DEFAULT DATABASE TABLE PREFIX BEFORE INSTALLING WORDPRESS
- CHANGING THE DEFAULT DATABASE TABLE PREFIX AFTER INSTALLING WORDPRESS
CHANGING THE DEFAULT DATABASE TABLE PREFIX BEFORE INSTALLING WORDPRESS
- Open your wp-config.php.
- find $table_prefix = ‘wp_’;.
- And replace the “wp_” with your own prefix. Such as: “wp1234_”.
- Hit save and continue to install
CHANGING THE DEFAULT DATABASE TABLE PREFIX AFTER INSTALLING WORDPRESS
Before you begin Create a backup of your wordpress website. Now proceed:
- Open your wp-config.php.
- find $table_prefix = ‘wp_’;.
- And replace the “wp_” with your own prefix. Such as: “wp1234_”.
- Hit save
- Open phpMyAdmin and select your desired Database.
- Now one way to do that is to rename each table manually.
- To make things faster, here’s a list of SQL commands that you can run to rename all 12 of the default WordPress tables:
RENAME table `wp_commentmeta` TO `wp_ a1b2c3d4_commentmeta`;
RENAME table `wp_comments` TO `wp_ a1b2c3d4_comments`;
RENAME table `wp_links` TO `wp_ a1b2c3d4_links`;
RENAME table `wp_options` TO `wp_ a1b2c3d4_options`;
RENAME table `wp_postmeta` TO `wp_ a1b2c3d4_postmeta`;
RENAME table `wp_posts` TO `wp_ a1b2c3d4_posts`;
RENAME table `wp_terms` TO `wp_ a1b2c3d4_terms`;
RENAME table `wp_termmeta` TO `wp_ a1b2c3d4_termmeta`;
RENAME table `wp_term_relationships` TO `wp_ a1b2c3d4_term_relationships`;
RENAME table `wp_term_taxonomy` TO `wp_ a1b2c3d4_term_taxonomy`;
RENAME table `wp_usermeta` TO `wp_ a1b2c3d4_usermeta`;
RENAME table `wp_users` TO `wp_ a1b2c3d4_users`;
- MODIFY THE OPTIONS TABLE
SELECT * FROM `wp_ a1b2c3d4_options` WHERE `option_name` LIKE '%wp_%'
- MODIFY THE USERMETA TABLE
SELECT * FROM `wp_ a1b2c3d4_usermeta` WHERE `meta_key` LIKE ‘%wp_%’
This will change prefix of your website.
Password Protect Your WordPress Admin (wp-admin) Directory
This can be done in two methods. Such as:
- Direct From Cpanel
- Manually with help of .htaccess
Create A Password Protected Directory Directly From cPanel
- Login to your cpanel
- Navigate to security section
- Click on Directory Password.
- Type your password and save.
Create A Password Protected Directory Manually
- Login to cpanel or ftp
- Create a file with dot (.) such as: “.wpadmin”.
This will create file under /home/<username>/public_html/wp-admin/.wpadmin location.
- Go to
http://www.htaccesstools.com/htpasswd-generator/
link. - Enter Username and Password
- You will see username and password combination like this:
wperrfix:$apr1$QX7hS6Zh$otGcsnk/LnjvzK3SGWnaC1
- Now open .wpadmin and paste the username and password combination.
- Now create a .htaccess file in wp-admin directory. And paste these lines in the .htaccess:
Disable Directory Indexing and Browsing
Some WordPress folders like wp-content or wp-includes contain sensitive data. As you know, the wp-content folder contains your themes, plugins and media uploads. Anyone can simply surf through those media files and hackers can find potential exploits. So that's why you need to disable directory indexing and Browsing. To do this:
- Open your .htaccess and Paste the line:
Options All -Indexes
Disable XML-RPC in WordPress
The XMLRPC allows remote connection to WordPress. So you need the xml-rpc for your wordpress website for so many advance works. But if you don’t need this you need to disable this. This can be done using a plugin or manually using .htaccess. I am showing you the .htaccess method. Cause it is manual and it is effective. You can find so many plugins but you won’t find .htaccess method. To do this add these lines into your .htaccess:
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from 123.123.123.123 </Files>
Automatically log out Idle Users In WordPress
You need to log out automatically idle users. Otherwise malicious users can use session hijacking and hack your website. To do this you need to add a plugin idle users logout plugin or you can use any of the best wordpress security plugins.
Add Security Questions to WordPress Login
- Install a plugin WP Security Question .
- Navigate to Settings » Security Questions
- Type your security questions and done.
- Check your wp-login.php page
Conclusion
This was a very long post. With this post you will understand and learn a lot of things about wordpress security. This will help if you are newbie to wordpress security or if you are a DIY(Do It Yourself) user. If you are not DIY user you can simply use our contact us and message us if you need any wordpress maintenance service or wordpress security service.
Best WordPress Security Plugins Review
If you are using WordPress you surely need for Security. WordPress Security is a vast area. In my Previous WordPress Security Post I have shown how to scan a WordPress website. Today I will provide you a review about WordPress security plugins. Like no one else. I will show you review with pros and cons. With detailed explanation how the plugins work. And much more.
Table of Contents
- Top WordPress Security Plugins
- Pros and Cons of Security Plugins
- Conclusion
Top WordPress Security Plugins
In this section we will see top wordpress security plugins what is ruling in the market. There is a lot of security plugins. Most of them are not suitable or good for your website. People often claim about security plugin. Here is some list of WordPress Security Plugins what is good and reviewed by us:
WordFence
WordFence is a one of the most popular WordPress security plugins. It continues checking your site for malware. It scans all the files of your WordPress core, theme and plugins. If it finds a malware then it will notify you. It is a free plugin.
Hide My WP
Hide My WP is well known for hiding wordpress url. It has features of: Hide WordPress wp-admin URL, Hide WordPress wp-login.php, Hide plugins name, Hide themes name, Hide style IDs and META IDs, Hide author by ID URL, Hide WordPress common paths like: wp-content, wp-includes, /plugins, /themes,upgrade.php also it Adds Firewall against SQL/Script injection.
All In One WP Security & Firewall
All in One WP security provides features like stopping brute force, USER ACCOUNTS SECURITY, USER REGISTRATION SECURITY, DATABASE SECURITY, FILE SYSTEM SECURITY, HTACCESS AND WP-CONFIG, PHP FILE BACKUP AND RESTORE, BLACKLIST FUNCTIONALITY, FIREWALL FUNCTIONALITY and much more.
Security Ninja
Security Ninja has features of brute-force attack on user accounts to test password strength, numerous installation parameters tests, File permissions, version hiding, 0-day exploits tests, debug and auto-update modes tests, database configuration tests, Apache and PHP related tests, WP options tests.
Sucuri Security
Sucuri security is a sister concerns plugin from Sucuri. It actually uses sucuri database and checks about malware and some features like Security Activity Auditing, File Integrity Monitoring, Remote Malware Scanning, Blacklist Monitoring, Effective Security Hardening, Post-Hack Security Actions and Security Notifications.
WordFence | Hide My WP | All In One WP Security | Security Ninja | Sucuri Security | |
---|---|---|---|---|---|
Malware Scanning | NO | Yes | NO | Yes | Yes |
Brute Force Attack | Yes | Yes | Yes | Yes | Yes |
SQL/Script injection | No | Yes | No | Yes | Yes |
Hiding URL | No | Yes | Yes | Yes | No |
BLACKLIST FUNCTIONALITY | Yes | Yes | Yes | Yes | Yes |
File permissions | No | Yes | Yes | Yes | No |
DB TEST | No | NO | NO | NO | NO |
Exploit Scan | No | Yes | No | Yes | No |
Conclusion
This is the best comparison so far within the security plugin. I hope this helps you a lot to understand which security plugin is best. If you need any WordPress Security Service feel free to contact us.
Professional WordPress Website Maintenance Yourself
WordPress is a very popular CMS. It has a lot of features, functionalities and facilities. It is easy to Maintenance WordPress Website. To Maintenance of WordPress you need to follow some steps regularly basis. Though if you are not a wordpress expert, you don’t know coding you can do maintenance of wordpress website. The list of WordPress Maintenance may be infinite but you will know what is necessary and why it is important.
TABLE OF CONTENTS
- Back Up WordPress Website
- Regularly Update WordPress Core, Your Theme, and Your Plugins
- Optimize Your Database
- Scan Your WordPress website for Secuirty
- Use a SEO plugin
- Maintaining Your Website Content
- Speed Optimization
Back Up WordPress Website
You need to backup of your WordPress Website regularly. It is so important to take back up of your wordpress website.
Why your backup is so important:
- Website Got hacked, You can restore from recent back up.
- Website got messed up, You can restore from recent back up.
- Website’s Data Deleted, You can restore from recent back up
To take back up check : How to do back up in WordPress
Secret Tips: If your Hosting is down or you cannot pay bill to the host that’s why website is down what will you do? You need to take back up of your website to your computer or free clouds such as: google drive, Dropbox or any other platform.
Regularly Update WordPress Core, Your Theme, and Your Plugins
The most mistake what a webmaster or website owner do is once his website is complete he doesn’t update the website. He just sits and linger forever without having to touch it. WordPress is under constant CMS. It provides daily bug fixing, daily new feature adding and daily security fixing. It means the code is updating constantly.
Not only wordpress core you need to update. You also need to update your plugins and themes as well.
Why you need your theme and plugins update:
- Because of security issues
- Because of Compatibility
- Up to date with latest technology
- Because of Website Speed.
- Because of maintaining Search engine Ranks.
Optimize Your Database
WordPress is a database driven content management system. You need to do database optimization. Cause over time your database can be bloated and full of extra junk. Such as:
- Post revisions: if you hit “Save Draft”, “Publish” or “Update” multiple times over the life of your site, a new revision is saved to the database. This adds up over time.
- Deleted posts.
- Unapproved or spam comments.
- Unused categories and tags.
If you want to optimize your wordpress database check this article: How to Optimize database in wordpress
Scan Your WordPress website for Secuirty
I previously mentioned several times about wordpress security. As you know WordPress is a under constant developing cms so it has a lot of security issues. To prevent malicious activities on your website you need to use a security plugin.
To scan your wordpress website for security check this article: How to completely scan a WordPress site
Use a SEO plugin
To keep track in search engine or maintaining search engine you need to use a SEO plugin. The plugin what will automatically complete your SEO work. Such as: sitemap building, webmaster connection, social media correction and etc.
For this kind of SEO automated work I suggest Yoast Plugin.
Maintaining Your Website Content
Do you know what is the heart of a website? It is the content. You need to keep update your content on a regular basis. This will help you to keep rank on search engine. It will reduce the bounce rate. It will increase visitor and ultimately it will provide you a good amount of sales.
Speed Optimization
The most and important thing checking website’s speed on a regular basis. You need to check your website speed continuously. Around 73% internet users leave your website because of slow website.
In our Speed Optimization Blog you can find so many good amount of article where you learn speed optimization easily.
Wrap it up
I have provided you most important parts of wordpress maintenance. I hope you will do these tasks on your website and make your website better. If you don’t have much time to maintenance your wordpress website. Then feel free to Contact Us.
How to Fix the 403 Forbidden Error in WordPress
There is so many painful errors in wordpress. One of those is 403 Forbidden Error in WordPress. This error occurs when you have file permission settings are incorrect or your htaccess is corrupted or your plugins are acting weird. This is one of the painful error in wordpress. Your website was up and running everything is ok but suddenly showing 403 Forbidden Error. In this article we will see how to fix this.
Table of Contents
- What is 403 Forbidden Error in WordPress
- Ways to fix 403 Forbidden Error in WordPress
- Fixing 403 Forbidden Error by caused plugin
- Fixing 403 Forbidden Error by caused corrupted htaccess
- Fixing 403 Forbidden Error by incorrect file permission
- Conclusion
What is 403 Forbidden Error in WordPress
403 Forbidden Error shows when you don’t have permission to visit the directory. So it is very straight forward that 403 mostly occurs for incorrect file permission. You can see this error in several directories. Such as:
- 403 Forbidden – Access denied on wp-admin or WordPress login page.
- 403 Forbidden – during WordPress install.
- 403 Forbidden error when visiting any page on your WordPress site.
- 403 Forbidden error – when you click add post or add plugin or Themes.
Now you know what is 403 forbidden error is and where it could happen. Now lets talk about how to fix this error.
Ways To Fix 403 Forbidden Error in WordPress
Before you start doing any trouble shooting I recommend at first take backup of your website. Now the possible solutions for 403 forbidden errors in wordpress are:
- Troubleshooting Plugins
- Changing htaccess
- File Permission Checking
Let’s speak in details about these methods.
Fixing 403 Forbidden Error by caused plugin
Not every plugin is compatible with your WordPress website. In fact there is several plugins that doesn’t work when you put together with other plugins. To verify which plugin is causing 403 forbidden error on your site:
- Deactivate all plugins that are installed on your WordPress Site.
- Re-activate one of the plugins on your list.
- Visit the site to see if the 403 forbidden error is being displayed.
After deactivating all of your plugins and the 403 forbidden error is still showing, then the problem may not be plugin related. In this case you need to jump to the next section.
Fixing 403 Forbidden Error by caused corrupted htaccess
One of the main reason for 403 forbidden error is a corrupt .htaccess file in your WordPress site. Repairing this file is quite easy. To do this:
- Login your cpanel or FTP
- Navigate to file manager
- Locate the .htaccess file then download it and delete that.
- Now if you can visit your wordpress dashboard then go settings > permalinks >click save
It will generate a fresh htaccess and you will able to see your site without having 403 forbidden error.
If it doesn’t fix your 403 forbidden error then it is not htaccess related. Re-upload old htaccess and jump to the next section.
Fixing 403 Forbidden Error by incorrect file permission
File permission is one of the main reason for this 403 forbidden error. The folder permissions of any WordPress site should be set to 744 or 755. File permissions should be set to 644 or 640. If these numbers are set incorrectly it causes 403 forbidden Error.
To set file permission correctly you can contact with your hosting provider. Or by doing yourself follow these steps:
- Login to your cpanel or Ftp
- Right click on folders and set the permission to 744 or 755
- Right click on your files and set the permission to 644 or 640.
I think this will help. If above methods doesn’t work for you then you should contact with your host.
Conclusion
I think this post helped you to resolve 403 forbidden error in wordpress. If you need any help about WordPress Error Fixing feel free to comment here
How to Optimize Database in WordPress for Increasing Page Speed
In Speed Optimization another important part is optimize database. In WordPress there creates so many queries, post revisions and comments. So you have a lot of junks in your database. This junks effects on your wordpress website’s speed. So you need to optimize database. In this post I will walk-through with database optimization.
How to Optimize Database in WordPress
Before we proceed to optimization of database. At first take backup of your wordpress website. Now to optimize database in wordpress can be done in two methods. Those are:
- With phpMyAdmin
- With Plugin
Optimize Database in WordPress With phpMyAdmin
There are so many ways you can run SQL queries on your database, if you have cPanel on your server the best and easiest option is phpMyAdmin.
At first login to your cpanel and navigate to Database section. Then phpMyAdmin
When you’re in phpMyAdmin, you’ll see your website’s databases listed on the left side. Click on the one you want to clean up and then click the “SQL” tab.
It means you selected your desired database what you want to optimize. Now we will run some queries on SQL tab. Before we proceed please note that my default table prefix wp_, so make sure you change the prefixes in the SQL commands below match the ones used by your database.
Delete Old Plugin and Post Data
Let’s start with deleting data from plugins you no longer have installed. Or the data you don’t need on your website. The wp_postmeta table also used for your post data, so when you run this query you’re hitting two birds with one stone.
DELETE FROM wp_postmeta WHERE meta_key = 'META-KEY-NAME';
Change the META-KEY-NAME with the value you want to clear.
Delete Post Revisions
When you publish your post after so many revisions it means you don’t need the revisions as well as the same rule for pages. So, when you don’t need these revisions you need to remove those otherwise it is taking space and slowing down your website. If you want to delete all of the post or revisions in your database, run this query:
DELETE a,b,c FROM wp_posts a LEFT JOIN wp_term_relationships b ON ( a.ID = b.object_id) LEFT JOIN wp_postmeta c ON ( a.ID = c.post_id ) LEFT JOIN wp_term_taxonomy d ON ( b.term_taxonomy_id = d.term_taxonomy_id) WHERE a.post_type = 'revision' AND d.taxonomy != 'link_category';
This removes all revisions without unintended data loss and accidentally deleting link relationships.
Delete Spam Comments
It is a problem from wordpress dashboard removing spam comments one by one. So you also can remove spam comments from database SQL query:
DELETE FROM wp_comments WHERE comment_approved = 'spam';
Delete Unapproved Comments
You also can remove unapproved comments through SQL query. That is:
DELETE from wp_comments WHERE comment_approved = '0';
Delete Unused Tags
This query will delete all tags that aren’t associated with any posts:
DELETE FROM wp_terms WHERE term_id IN (SELECT term_id FROM wp_term_taxonomy WHERE count = 0 ); DELETE FROM wp_term_taxonomy WHERE term_id not IN (SELECT term_id FROM wp_terms); DELETE FROM wp_term_relationships WHERE term_taxonomy_id not IN (SELECT term_taxonomy_id FROM wp_term_taxonomy);
Delete Old Shortcodes
As Old Plugin data, as old revisions you may also don’t need deprecated shortcodes. So to delete Old Shortcodes run this query:
UPDATE wp_post SET post_content = replace(post_content, '', '' ) ;
Make sure you chage ‘YOUR-SHORTCODE’ with your desired value.
Delete Pingbacks and Trackbacks
Now-a-days most of the people doesn’t use pingbacks and tracebacks. Though if you use then run this query to delete pingbacks and trackbacks:
DELETE FROM wp_comments WHERE comment_type = 'pingback'; DELETE FROM wp_comments WHERE comment_type = 'trackback';
Delete Transients
Transients is a system what temporarily store cached data in the database and a timeframe after which it will expire and be deleted. Sometimes some plugins transients took a lot of space so you need to remove them some time. To delete transients run this query:
DELETE FROM wp_options WHERE option_name LIKE ('%\_transient\_%');
Optimizing Tables
When you already logged in to phpMyAdmin then you also need to optimize tables. In phpMyAdmin, on the “Structure” tab and then click on the database you want to optimize. Then at the bottom of the list click “Check all”. In the dropbox box beside this option, select “Optimize table”.
phpMyAdmin will automatically optimize your tables.
Optimize Database In WordPress with Plugins
There are lots of plugins to optimize database in wordpress. But here I am showing you best two plugins. what is installed most of the website. Those are:
Wp-Optimize:
With more than 600,000 active installs, WP-Optimize is the most popular database optimization plugin for WordPress. It’s super easy to use, simply click “Run optimization” next to the clean up options you want to run.
WP-Sweep:
When you install the plugin, go to “Tools > Sweep” to access the settings. The plugin has an intuitive interface that displays a report of how much unnecessary data is in your database. It’s divided into different sections for posts, comments, users, terms, options and optimizing tables.
When you click “Sweep” beside an entry, the plugin gets to work optimizing your database for that entry. If you want to sweep your whole database, just click “Sweep All” at the bottom of the page.
Wrapping Up !
I hope this article helps you optimize and speed up the performance of your database and WordPress site. If you need more speed optimization post check our blog.
How To Minify CSS and JS For Speed Optimization In WordPress
Who doesn’t want to speed up of his websites. To speed of websites I already told in my previous speed optimization series that Image holds 90% of the website data. What will be after image? You must asked this question in your mind. So, Now I am going to share you what will you do after Image Optimization. After Image optimization you need to minify your resources. Such as CSS, JS and HTML.
What is Minifying or Minification
Minification is the process of reducing sizes of your website contents like css, js and html to it’s optimum size.
It means removing white spaces, line breaks or some unnecessary codes from your styles and scripts.
This is so important and crucial for your website to increase page speed.
How to Minify CSS
At first you need to know your website’s current situation. To check that you can use several speed optimization tools but I recommend Google Page Speed Insights
Now let’s jump into the process for css minify. If you use Google Page Speed insights you can download minified css stylesheets from there. If you don’t use that or you want to do manually then follow:
- Go to Minifier.org
- Paste the css codes and click minify.
- Now copy your css and paste it from which stylesheets you copied css.
How to Minify JS
When you check status for your website and download optimized data from google page insights you will also get the minified js on there along with the css. But if you want to minify manually the js at first take backup. Then go as follows:
- Go to javascript-minifier.com
- Paste your JS codes and minify
- Then collect your minified js codes and place into your scripts.
Minify CSS, JS using Plugin
You can use several plugins for minifying CSS and JS. Here I list some of them:
Conclusion
Thank you for supporting me guys. I will share so many tips and tricks about speed optimization. If you need a good Speed optimization service you also can check our WordPress Speed Fix Service.
How to defer parsing of javascript without Plugin in WordPress
Loading of website truly depends on JavaScript. Cause if your js is not organized or not deferred you will see a very slower website. Speed is nowadays undoubtedly most important thing. There are a several reasons why you should defer parsing of JavaScript.
If you go to google and search how to defer or async javascript. You will get a lot of advice, suggestions or blog posts about this. Frankly saying none of these are working. That’s why I thought I should write the true methods for this.
What is Defer Loading or Parsing Javascript?
Defer loading or parsing JavaScript means loading the javascripts after loading content of your website. It means it won’t take a part to load the page or the critical rendering path.
By deferred parsing of javascript website won’t wait till javascript loads then content loads. At first it will show contents with css then javascript.
How To Defer Parsing Javascript in WordPress?
To do defer parsing javascript we need to ensure how many javascript we have in our themes and plugins. Then open your theme’s function.php and paste these lines of codes:
function defer_parsing_of_js ( $url ) {
if ( FALSE === strpos( $url, '.js' ) ) return $url;
if ( strpos( $url, 'jquery.js' ) ) return $url;
return "$url' defer ";
}
add_filter( 'clean_url', 'defer_parsing_of_js', 11, 1 );
This is the best solution for defer parsing javascript in wordpress. It works for me. Also it works for most of the sites what I did.
Other Solution to parse Javascript
There is no guarantee that the code above will work for your website. So that’s why I am providing another solution to you. Here is some few steps:
- Create a file named defer.js
- Now add your javascripts into your defer.js
- Save and upload to your theme folder.
- Now open your header.php and copy the codes from below and paste it before the closing header tag ( </head> )
<script type="text/javascript">
function downloadJSAtOnload() {
var element = document.createElement("script");
element.src = "defer.js";
document.body.appendChild(element);
}
if (window.addEventListener)
window.addEventListener("load", downloadJSAtOnload, false);
else if (window.attachEvent)
window.attachEvent("onload", downloadJSAtOnload);
else window.onload = downloadJSAtOnload;
</script>
Make sure the correct path for defer.js. For example :
/wp-content/themes/theme_name/defer.js
Defer Parsing Javascript Using Plugin
There is several plugins to defer parsing javascript. Such as:
WP Deferred JavaScript
This is a very good plugin to defer javascript on wordpress. All you have to do is just install and activate this plugin. It will automatically deferred javascript.
Async JavaScript
Async Javasript defers or async javascript to wordpress what loads via wp_enqueue_script function. You don’t need to anything to configure to use this. All you have to do just install and activate this plugin. Rest of the things it will take care.
Conclusion
Hope this tutorial about defer parsing javascript helps you.
If you need any further help about wordpress speed fix service please use our contact form.
How To Do WordPress Database Backup
Many of the webmaster claim they cannot do wordpress database backup. I thought I should write about wordpress database backup. This post will divided into two section one is Manually another is Automatic. So wrap it up and start!
Why you do wordpress database backup
If your website got hacked or you are having plugin error after updating or any conflicting issues then most of the time you cannot access wp-admin. In that case you need to upload your backup.
In other words as you cannot access your wp-admin, so you need a manual backup. Cause you cannot install a backup plugin and backup wordpress.
So, You need backup manually or automatic. Cause nobody knows when your site will causes problem.
WordPress Database Backup Manually Using phpMyAdmin
I think you already know what is PHPMYADMIN. I don’t think I need to explain that. At first collect your Database name, User Name and Password from your wp-config.php
Now from cpanel go to Database then click PHPMYADMIN
Click on your Database > Export.
Now export screen will appear. Then click on go and your Database will be downloaded as SQL format.
WordPress Database Backup Automatically
If you are using good hosting company like bluehost, siteground etc. they has options for automatic backup in their panel. You can scheduled back up from the hosting panel.
If your hosting company doesn’t provide you a backup system. Then you have to use a plugin for automatic backup of wordpress. Here I am listing some plugins for backup:
-
UpdraftPlus WordPress Backup Plugin: It allows you to create complete backup of your WordPress site and store it on the cloud or download to your computer. Or you can save your backups to Dropbox, Google Drive, S3, Rackspace, FTP, SFTP, email, and several other cloud storage services.
-
BackWPup – WordPress Backup Plugin:It is extremely easy to use and allows you to schedule automatic backups according to your site’s update frequency. You also can save your backups to cloud or PC with this plugin.
-
Duplicator – WordPress Migration Plugin: This is the popular plugin for WordPress Backup. Also you can do migration with this plugin.
Wrapping it up!
That’s all, we hope this article helped you learn how to do WordPress database backup. If you are having error in wordpress check our WordPress Error Fix Category.
How to completely scan a WordPress site
Most of the wordpress security plugins are fraud. Yes! fraud, cause they doesn’t update you about the vulnerability. WordPress plugins only does ip blocking, wp-admin url changing, log checking and nothing. Seriously dude this is your wordpress site you earn money from it or you showcase your portfolio. So it is better that you know the ugly truth of wordpress security scan.
About 90% blog around internet provides the wrong information about security checkup of your wordpress site.
Most of the blogs checklist for wordpress security I collected from internet are:
- Password Checking.
- You cannot keep admin username.
- WordPress Salt checking.
- Theme’s malware.
- Plugin Malware.
- and nothing.
Check this things using a plugin and you are done. Most of the bloggers says that. There is nothing about exploits, zero days or any other ways.
A wordpress website security scan means what are the gateways or vulnerabilities or possible ways wordpress site can be hacked. Then checking if any possible malwares.
What are the methods for wordpress hacking:
- Theme’s exploit checking.
- Plugin’s exploit checking.
- Using WpScan to scan entire wordpress website.
- Using reverse IP to check server then symlink or server root.
Theme’s Exploit Checking: If you are using any popular theme like avada, bridge, newspaper etc etc. Then you can search exploit for your website in Exploit-DB or WpVulnDB. Trust me 90% of the popular theme is vulnerable or they keep their Remote code.
Plugin’s exploit checking: Same as Theme exploit search your plugins vulnerability in Exploit-DB or WpVulnDB. In my experience 96% plugins are vulnerable. There is a saying “Everything is hackable.”
WpScan: If you are not using a popular theme or you are using a custom plugin then use WPScan to scan your wordpress website for vulnerability. Here is user guide for WPScan
Using reverse IP to check server then symlink or server root: This is total black hat hacking. For security reasons I won’t show you the methods for exploit but I will tell you the procedure. So that you can search on google and learn for those stuff. At first you need to know you server’s IP address then go to bing and use bing dork for finding SQL injection / LFI / RFI / Image Upload / File upload vulnerabilities inside of the server, then shell upload >> Server root or Symlink and Bang!
These are the methods for wordpress website hacking. So you have to check first if your wordpress site is hackable or not.
Now move on to the Malware Part.
Malware Scanning
In this section I will speak about how to scan if there is any existing malware or not. So to do that we may need third-party websites or manual checking. Below I am describing more
Manually Malware Checking
It is a hard method but it is effective. It is time consuming but you can ensure that you removed by yourself. For manual malware checking use this checklist:
- Check your .htaccess file.
- Check every JS files and look for encrypted JS or regex codes and remove those lines of codes.
- Check every PHP files and look for encrypted PHP codes and remove those malicious codes
This is so time consuming that’s why a lot of people uses tools.
Malware Checking By Automated Tools
Use these tools for scanning malware
These are the methods for malware scanning. If you seen this work is complex or hard you can check our WordPress Security Services
In serious word no one speaks straight forward like me. I usually show every methods. Whereas most of the people wants that you go and buy their services, though I want that too but I don’t want that I keep knowledge inside of myself I want to spread the knowledge. Thank You!
Why Image optimization is important for SEO
Most of the website has graphics. Without graphics you cannot create a website. But graphics can slow down your website. Trust us, a slower website is hated by Google. Latest SEO algorithm of google is focused on website’s speed. If your website speed is good then your website will rank better. If it doesn’t then you won’t get any good rank. Today we will see how image optimization affects in your page speed and SEO.
What is Image Optimization
Image optimization is about decreasing the file size of images as much as possible without losing quality , so that your website loads faster. It’s also about image SEO. What is, getting your product images or Blog post images and decorative images to rank on Google and other image search engines.
Why you need Image Optimization
According to HTTP Archive, as of October 2018, images make up on average 63% of a total webpage’s weight. So when you want to optimize your website’s speed first you must consider about your web images what you used in your website. It is more important than other scripts, fonts, stylesheets or server response time.
The main reasons for image optimizations are:
- Happier visitors because slow load times frustrate users. 40% of visitors click the back button if a site takes longer than three seconds to load.
- Better search engine rankings because site speed is a ranking factor.
- Higher conversion rates, which means more money in your pocket.
- Creating backups will be faster.
- Smaller image file sizes use less bandwidth.
- Requires less storage space on your server .
How To do Image Optimization
To begin image optimization you need to check your website’s current speed. To do that:
- Go to Google page insights.
- Check your website speed and optimize image section.
Now, you have to follow these steps to perform image optimization:
- Resize your Images.
- Compress your Images.
- Enable Caching for your website.
Resizing your Images:
In WordPress themes shows images on a certain max width. It means if you upload images beyond that dimensions maximum width it will slower your website. So at first you need to resize images. Otherwise it will slower your website.
So what dimension you want to use? It completely depends on your theme. How much pixel you set in your max-width css in your theme you only know this. So Resize your images as per as max-width and max-height.
How to Resize Images:
To resizing images you can simply use photoshop or any photo editor. If you want to use online tools I would recommend BIRME – Bulk Image Resizing Made Easy 2.0 . Choose Auto-height so that the tool doesn’t crop your images during the resizing process.
If you are using WordPress you can simply use a plugin. I recommend Imsanity.
Compressing Images:
After resizing images next part is compressing images. Compressing image can be done in two methods:
- Lossless Compression. Reduces a little file sizes without any loss in quality.
- Lossy Compression. Reduces a lot of file sizes, but at the expense of some quality.
To do any kind of compression go to Kraken and compress your images for your website.
How to Compress Images in WordPress:
In wordpress you can use several plugins such as:
Enable Caching for your website:
If you are not using wordpress then you can open you .htaccess and paste these code for browser caching:
EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg “access 1 year”
ExpiresByType image/jpeg “access 1 year”
ExpiresByType image/gif “access 1 year”
ExpiresByType image/png “access 1 year”
ExpiresByType text/css “access 1 month”
ExpiresByType text/html “access 1 month”
ExpiresByType application/pdf “access 1 month”
ExpiresByType text/x-javascript “access 1 month”
ExpiresByType application/x-shockwave-flash “access 1 month”
ExpiresByType image/x-icon “access 1 year”
ExpiresDefault “access 1 month”
</IfModule>
## EXPIRES CACHING ##
If you are using wordpress then you can use any good cache plugin such as:
Conclusion
Now go back to Google page insights and check your website. Now your website load faster? I think the answer is yes 🙂
If you need further help about speed optimization please ping me on our contact us page.