• Skip to primary navigation
  • Skip to main content

Managed WordPress Security for Pennies a Day

Managed WordPress Security with Heart

MENUMENU
  • Why HackGuard.com? Why Choose HackGuard.com?
  • HackGuard.com WordPress Managed Services Rates WordPress Managed Services Rates
  • HackGuard.com Articles HackGuard Articles Library
    • Hack Guard Customer Testimonials
    • How to Change a WordPress User from Subscriber to Administrator Role
    • WordPress 4.9.3 – Going into the tunnel and never coming out…
    • How Do I Migrate WordPress to a Different Domain Name?
    • Community Blogging: A Short Guide
    • WordPress Troubleshooting and How to Fix WordPress Errors
    • Is My Web Host Secure? Maybe not…
    • How to remove the subdirectory name from your WordPress website address
    • How can I improve the performance of my WordPress website?
    • How can I improve the performance of my WordPress blog (Part 2)
    • Protecting WordPress Against Brute Force Attacks
    • How do I reset my WordPress password?
    • How To Clear Cron Jobs in WordPress
    • xmlrpc.php and Pingbacks and Denial of Service Attacks, Oh My!
    • Free Website Monitoring Services, well, mostly free...
    • How to choose a secure web hosting company for a WordPress website
    • WordPress 404 Page Setup - Do You Have Five Minutes?
    • Can mod_pagespeed Improve Page Load Speed (external link)?
    • Yoast WordPress SEO Settings and Recommendations
    • Is Your Mom Missing Her BUMM?

Call (619) 479-6637

How to Change a WordPress User from Subscriber to Administrator Role

A rare situation, but in those rare instances when your website has been hacked and your WordPress user account has been changed from the role of Administrator to something else entirely, it may be easiest to simply change your WordPress user account back to Administrator using phpMyAdmin.

To change your WordPress user account from Subscriber to Administrator, first log into your cPanel. Then click the “phpMyAdmin” button.

cPanel phpMyadmin

 

You’ll see your list of installed databases at left.

phpMyAdmin List of Databases

 

If you are not sure which database your WordPress installation is using, then use your cPanel -> “File Manger” to “Edit” the contents of your WordPress configuration file, wp-config.php file.

WordPress wp-config.php Databae Name (DB_NAME)

 

Back to phpMyAdmin. Click your database and scroll down until you find the ‘usermeta‘ table.

WordPress Database Usermeta Table

 

My goal here is to change the user lmadmin1 from Subscriber to Administrator.

Wordpress Users List Subscriber example

 

Doing so is fairly easy.
After clicking the ‘usermeta‘ table, all I need to do is scroll down within the table until lmadmin1 appears in the list.

 

Ten or so lines below the user lmadmin1, is the line ‘user_level‘

WordPress Database User Level and Capabilities

 

To switch my lmadmin1 user from the role of Subscriber to Administrator, I have to do two things:

  1. Change the value from 0 to 10 on the ‘user_level‘ line
  2. Replace the ‘capabilities‘ meta_key value text with ‘a:1:{s:13:"administrator";s:1:"1";}‘

 

The moment I type or paste in the text and hit the enter key I should be able to jump back into WordPress and log in with full Administrator privileges.

Changing WordPress Subscriber to Administrator within the database using phpMyadmin

 

It’s really that easy!

Wordpress Users List Administrator example

 

 

 

 

Filed Under: Call (619) 479-6637 Tagged With: cPanel, phpMyAdmin, WordPress change user role, WordPress security, WordPress user role

About the HackGuard.com WordPress Updates and Security Service

What Can A Fella Do For $5ish a Month?” (or $12.95 without a bulk discount)

I’m asked this question about our HackGuard.com WordPress updates and security service often enough that I feel the need to write a post I could link back too on the topic of, “What can you do for $5ish a month?”

Well, we can do quite a lot actually:

– Prevent hackers from hacking your website (or fix it quickly if they do).
– Monitor your website and help fix basic errors fast (often within an hour if they occur).
– Update your plugins for you and keep your WordPress installation up to date (checked many times a week).
– Manage daily backups of your website either locally or to a 3rd party service.
– Answer your questions by phone or email pretty much 24/7/365.
– And a great deal more, all for the price of a few cups of coffee per month—seriously!

So what’s the catch?

Well, there is no catch. You may cancel at any time, and we’ll do our best to meet all of your update needs with a smile.

What HackGuard.com does not do?

Well, at 15 to 40ish cents a day we have to accept a few reasonable limits.

We can’t do web design for you at 15 to 40ish cents a day.

And for this reason, we will not be able to update your WordPress themes, WooCommerce plugins, other eCommerce related plugins, or premium plugins like WPBakery Visual Composer, Revolution Slider or other commercial plugins (unless you have set up an auto-update option respectively).

Suffice it to say, if there’s a chance we could destroy your website’s appearance or layout–we won’t. Those design level tasks are best managed by an experienced web designer.

Why can’t HackGuard.com update my premium plugins?

Most premium plugins are pay-to-play plugins, meaning that updates usually require access to the plugin developers website and require login using your account username/password. Some premium plugins even require payment for updates. That said, we are considering a 2nd tier of service to support premium plugins, but at this time we’ll need your help in updating these special types of plugins.

If you have any further questions, please feel free to call anytime, (619) 479-6637

Filed Under: Call (619) 479-6637 Tagged With: hackguard service, WordPress security, wordpress updates

WordPress 4.9.3 – Going into the tunnel and never coming out…

Going into the WordPress 4.9.3 version tunnel

In case you hadn’t heard, in early February 2018, WordPress did a double release of versions, from version 4.9.2 to 4.9.3, then 4.9.4 in a matter of two days.

For some WordPress websites, this led to a collision of versions, the end result being it broke the auto-update mechanism, leaving potentially millions of websites stuck on WordPress version 4.9.3; unable to auto-update to version 4.9.4.

WordPress auto-updates is an important built-in security feature.

Automated auto-updates help to protect your website against known vulnerabilities. Without a functioning auto-updates mechanism in place, a periodic visual review and update of your WordPress installations become even more important.

Below is a real-world example of the WordPress auto-update process failing on a client’s account.

As of February 9th, 2018, I found that 75% of a single client’s 150ish WordPress installations were apparently stranded on the WordPress version 4.9.3 train, with apparently no sign of ever coming out the other side (as 4.9.4).

The solution for this WordPress auto-updates problem?

Review and update your version of WordPress to 4.9.4 as soon as you are able.

 

How do I update WordPress?

Log into your WordPress, hover over the top left menu item, “Dashboard, click “Updates“, then “Update now.”

Alternately, for a small fee, I can help you update your version of WordPress safely.

I likewise provide a human managed WordPress service plan in case you are in need of ongoing WordPress updates and security management.

 

Happy Updating!

Jim

Filed Under: Call (619) 479-6637 Tagged With: auto-update, managed wordpress, wordpress 4.9.3, wordpress updates

How Do I Migrate WordPress to a Different Domain Name?

How Do I Migrate WordPress to a Different Domain Name?

Changing the domain name on an existing WordPress installation or staging a WordPress website at a different location may seem daunting at first. But it’s really quite easy to do. And I’ll show you how.

Use case #1:

You’ve purchased a number of domain names for your website. And you wish to assign another of your domain names as the main domain people see in the web browser location bar when they visit your website.

Use case #2:

Your client has asked you to update their existing theme but would prefer you not edit their live website. Staging the website in a subdirectory within the current hosting account will allow you to work with the existing theme in a safe environment.

Use case #3:

You would like to move your website to another web host, but test your website at the new host before pointing the domain name to the new hosting account.

 

 

Numero 1The process for making a backup of a WordPress website in preparation for a move to another hosting account or for staging purposes is rather straightforward.

Start by making a backup of your existing website files and database.

Backing up files and databases within cPanel is as simple as clicking Backup, then clicking two links:

  • Download a Home Directory Backup
  • then Download a MySQL Database Backup

 

Once you have a solid backup of files and database:

  1. Set up a staging subdomain within your web hosting account like staging.at-your-domain.com, or use a different domain name entirely.
    1. If you are installing your WordPress site within a subdirectory on a cPanel server, click the Addon Domains button.
    2. If you are installing your WordPress site into the main directory on a cPanel server, click the Aliases button, and you’ll be all set in two clicks.
  2. Then install WordPress into the new account or directory.
  3. Rename the wp-config.php file for now.
    We are doing this so that when you recover your site files you do not inadvertently overwrite the newly set up wp-config.php file.
  4. Upload and extract your backup of files within to your staging directory.
  5. Delete the wp-config.php file you just copied over from the live site and rename the wp-config.php file renamed in (3) above back to wp-config.php
  6. The how to import a database part of the process can be a bit tricky the first time around.
    1. Since you already have a working wp-config.php in place and a working database in place, use your FTP or your web host’s file editor to view the contents of your wp-config.php in order to obtain the database name.
    2. Log into your PHPMyAdmin. Click on the database name at left. This will display a list of tables. Check all tables, choose the Drop option, then Go to drop all the tables.*
      *All you are doing here is removing the existing database tables in preparation for import.
    3. And finally, click the Import option at the top, Choose File, select that database you downloaded to your computer earlier, then click Go.
  7. If all goes well with the import you will have completed the initial staging setup process.

 

Numero 2If you are setting up a development site using a domain name different than the original, just add these two lines in gray to the top of your wp-config.php.file (below the line “<?php”), example:*

<?php

define('WP_HOME',"http://{$_SERVER['SERVER_NAME']}/");
define('WP_SITEURL',"http://{$_SERVER['SERVER_NAME']}/");

* The WordPress.org website covers editing wp-config.php fairly nicely, in case you are interested in reviewing the technical bits.

 

Then visit your migrated website.
99% of the time the two lines of text above are all you need to do!


WordPress Magic
“So what’s this magic going on behind the scenes” you may ask?

Ok, I’ll let the rabbit out of the hat. The guts of your WordPress settings are maintained in the wp_options table. All this magical bit of gray text in #2 above does is override your siteurl settings in your database.
Presto magico!

 

 

Below is an example of the above how to migrate your WordPress website to a different domain name.

The original website with website address:
pharm.tvsecure.net

Website migration demo 1

 

I copied the same website into a subdirectory of the same account for staging purposes, at:
/pharm-staging.tvsecure.net

and set the domain name pharm-staging.tvsecure.net to point to that subdirectory.

However, we had one obvious problem. Because the staging website was copied from pharm.tvsecure.net any attempt to visit pharm-staging.tvsecure.net resulted in an immediate redirect back to the original pharm.tvsecure.net domain.

Well, that’s annoying.
So, following step #2 above, I simply copy/pasted the two lines shown above into the top of my /pharm-staging.tvsecure.net/wp-config.php file, like this:

wp-config.php example 1

 

The result? When I go to pharm-staging.tvsecure.net the new website address pharm-staging.tvsecure.net I had staged earlier within the directory:
/pharm-staging.tvsecure.net appears nicely like this:

Website migration demo 2

 

Well, that about covers the basics of migrating a WordPress website to a different domain name by copy/pasting two lines of text.

If you have suggestions or additions to this WordPress staging or migration related article please be sure to email me anytime, jim at HackRepair.com

Enjoy!

Filed Under: Call (619) 479-6637 Tagged With: migrating WordPress, staging, WordPress backup, WordPress staging, wp-config.php

Community Blogging: A Short Guide

Yesterday a client asked me this question about WordPress guest editing and publishing (a.k.a. community blogging):

+++++

Hi, Jim. Wondering if you had any knowledge or ideas on the following.

I’m interested to find out whether there exists some sort of WordPress plug-in that would allow our readers to input a story and art directly into our site, and submit it to be published on our site. Once we got an email notification, we could edit it and publish it.

My thinking is that our readers could do some of the work for us, thus improving our coverage AND making our news more timely and relevant. My cursory Google search didn’t really turn up anything.

Any thoughts or direction on that?

+++++

So today I put my thinking cap on. And wrote this article to better answer his question on how to handle guest or community publishing:

WordPress is nicely suited to allowing readers the ability to post new content and media. And like any publishing platform, your prospective writer must first have an account on your website in order to post or edit articles respectively.

 

1

First, let’s add an “Author” to WordPress

Out of the box, WordPress allows you to add potential authors to your website. See the “Add New User” area within your WordPress Dashboard. Once you set your writer up with the role of “Author” that person will be able to add or edit his or her media and articles.
Quick Edit Link

Maybe you have an article written and like to have a guest “Author” take over the editing of an article?
That’s easy! Within your list of “Posts”, use the Quick Edit option to assign the new “Author” to your article (picture at right).

About the “Author” role

An assigned “Author” will only be able to edit his or her articles and media.

  1. The good.
    An “Author” may only add or edit his or her article.
  2. The not so good.
    An “Author” may publish articles as he or she see’s fit, without restriction or editorial review.

In the example at right, I’ve set my “Author”, as username “archereditor1” to a single article. While the “Author” “archereditor1” may be able to view all posts or pages, he cannot edit any articles but his own.

 

1

But what if you would like to have finer control of the editorial process or simply prevent an “Author” from publishing?

There are a number of plugins available to do just that. Edit Flow, User Access Manager or Capability Manager Enhanced are solid options.

These WordPress plugins will help to ensure “Authors” are limited in regard to what they can do within your WordPress Dashboard.

* If you have some ambitious editor article writing goals, then I recommend checking out the Edit Flow plugin.

* If you wish to set up groups of writers and limit access to specific articles then User Access Manager should do the trick.

* If your goal is to allow a single “Author” the ability to write articles as he or she wishes, while retaining control of publishing, then Capability Manager Enhanced may work just fine.

 

Capability Manager Enhanced pluginWith Capability Manager Enhanced, first set up your “Author” as described above (#1).

After installing the plugin, click the “Users” link within your WordPress dashboard, and you’ll see below that a new link option, “Capabilities“.

 

At first, you may be overwhelmed by all of the boxes; reminiscent of the days when Mom forced you to go to Bingo! with her and your baby brother on Friday nights (such simpler times…). But I digress. It’s a lot less complicated than it looks at first glance.

Just follow the numbers:

Setting roles and capabilities

In #1 above, be sure to select “Author” then the Load button to start. Set other editing options as needed, then scroll down and click the Save button near the bottom of the page.

 

Submit for review onlyOnce saved, your budding “Author” may write to his or hers heart’s content but will not be able to publish!

Oh, and the bonus feature:
Recall the note above on using Quick Edit to assign a given “Author” to an article?

Well, once Capability Manager Enhanced is installed, you may likewise assign your post or page “Author” via an option drop-down menu near the bottom of the page or post. The option setting appears like the picture at right.Assign an Author

 

 

All done!

I do hope you’ve found this article describing how to limit WordPress “Author” article writing and publishing helpful.

If you have suggestions or additions to this WordPress publishing related article please be sure to email me anytime, jim at HackRepair.com

Enjoy!

 

Pro tip.
Like to further reduce your guess Author’s dashboard options, check out the Remove Dashboard Access plugin.

___
Editorial reviewers – Thank you! Elizabeth Pampalone, Christina Hills, Joyce Walker

Filed Under: Call (619) 479-6637 Tagged With: article editing, Author, editing user role, guest author publishing, Publishing, security, User Role limiting, wordpress, WordPress publishing

Is My Web Host Secure? Maybe not…

Web server security is not automatedAfter running into a situation where a client’s web host was running years outdated software, I realized some of you might be operating under a false sense of security–about your security!

Many people believe that just because they set up their hosting account with a well-known shared hosting company that stuff magically updates on its own. This is far from the truth.

Same goes for folks who have their websites “self-installed” with cloud hosting providers. Suffice it to say, once “the installer” leaves the scene, the server software will not self-repair or auto-update itself…

  Server management is much more involved, and requires greater expertise than just clicking a button to install Linux and WordPress. Server management is not generally automated, and if someone doesn’t handle it, you may find your “server” is years behind in updates–and then it’s already too late. – Mike D., TVCNet Server Admin.

 

IMHO, A quality shared host presents “security” as their core feature. And security requires constant vigilance (using both human eyes and hands, 24/7). Web servers are not self-managed devices. And for this reason, many websites are hacked due to the above lack of hands-on management. Seriously, web hosting is a complex business.

Bottomline, if you don’t have a salaried server administrator on staff, it’s your responsibility to periodically check what’s been installed by your host both PHP and web server software wise. And it’s your responsibility to keep your host on their toes and demand currency of software, updates, and service responsiveness.

If your web host can’t handle the responsibility of maintaining regular updates, it’s a rather easy process nowadays to just move on to one that “gets it”. The top three hosting companies, with whom I’ve worked extensively, make customer website security an absolute top priority. These companies are TVC.Net, SimpleHelix, or AceNet

So complain with your wallet – it’s the secure thing to do.

 

How do I check the server software versions running at my web host?

The easiest method is to upload a one line PHP script to your hosting account and then view the script through your web browser. For this article, we’ll focus on the PHP version number.

How to create a PHP info script:*

  • Create a blank text file on your computer.
  • Name it something like serverinfo-x.php
    *Try not to name your script to something easily guessed at, like “phpinfo.php”
  • Add line of text and save:
    <?php phpinfo(); ?>
  • Upload the file to the same directory as your home page.
  • Then view your PHP information at:
    https://your-domain.com/serverinfo-x.php
Need help setting your site up for an SSL certificate (httpS://)?
I can help you with that today for a small one time fee.

 

Once you have the file open in your browser, look for the PHP version line, top of page.

PHP Version shown in PHP info file

  • You should be running  PHP version 5.6 or above.


On a cPanel server
, once you log in, look for a section on right or left named Server Information. An example below, with the two most important bits highlighted:

Web hosting account server infoNote the Apache version shown above (click to enlarge).

  • You should be running  Apache version 2.0 or above. 

 

If you are running WordPress, the WP System Information plugin may provide the same web server software installed information as well.

 

So that about covers the basics in regard to what you should check server software versions wise. A web host running outdated software can be as great a security risk as running a years old version of WordPress, Joomla or other content management system.

Jim Walker, The Hack Repair GuyIf  you need help or further explanation please feel free to call or chat with me anytime.

 

Filed Under: Call (619) 479-6637 Tagged With: apache, PHP, phpinfo, server security, server software, website software

  • Go to page 1
  • Go to page 2
  • Go to page 3
  • Go to page 4
  • Go to Next Page »
Proactive WordPress Security Management for Pennies a Day™

© Copyright 2019 HackGuard.com™, HackRepair.com™,
The Hack Repair Guy™, Hack Repair Guy™
Copyright and Trademark Statement | Privacy Policy

Call HackRepair.com for website security help, (619) 479-6637.
Content Approved By Jim Walker, The Hack Repair Guy