Call (619) 479-6637

About the HackGuard.com WordPress Updates and Security Service

What Can A Fella Do For $5ish a Month?” (or $12.95 without a bulk discount)

I’m asked this question about our HackGuard.com WordPress updates and security service often enough that I feel the need to write a post I could link back too on the topic of, “What can you do for $5ish a month?”

Well, we can do quite a lot actually:

– Prevent hackers from hacking your website (or fix it quickly if they do).
– Monitor your website and help fix basic errors fast (often within an hour if they occur).
– Update your plugins for you and keep your WordPress installation up to date (checked many times a week).
– Manage daily backups of your website either locally or to a 3rd party service.
– Answer your questions by phone or email pretty much 24/7/365.
– And a great deal more, all for the price of a few cups of coffee per month—seriously!

So what’s the catch?

Well, there is no catch. You may cancel at any time, and we’ll do our best to meet all of your update needs with a smile.

What HackGuard.com does not do?

Well, at 15 to 40ish cents a day we have to accept a few reasonable limits.

We can’t do web design for you at 15 to 40ish cents a day.

And for this reason, we will not be able to update your WordPress themes, WooCommerce plugins, other eCommerce related plugins, or premium plugins like WPBakery Visual Composer, Revolution Slider or other commercial plugins (unless you have set up an auto-update option respectively).

Suffice it to say, if there’s a chance we could destroy your website’s appearance or layout–we won’t. Those design level tasks are best managed by an experienced web designer.

Why can’t HackGuard.com update my premium plugins?

Most premium plugins are pay-to-play plugins, meaning that updates usually require access to the plugin developers website and require login using your account username/password. Some premium plugins even require payment for updates. That said, we are considering a 2nd tier of service to support premium plugins, but at this time we’ll need your help in updating these special types of plugins.

If you have any further questions, please feel free to call anytime, (619) 479-6637

WordPress 4.9.3 – Going into the tunnel and never coming out…

Going into the WordPress 4.9.3 version tunnel

In case you hadn’t heard, in early February 2018, WordPress did a double release of versions, from version 4.9.2 to 4.9.3, then 4.9.4 in a matter of two days.

For some WordPress websites, this led to a collision of versions, the end result being it broke the auto-update mechanism, leaving potentially millions of websites stuck on WordPress version 4.9.3; unable to auto-update to version 4.9.4.

WordPress auto-updates is an important built-in security feature.

Automated auto-updates help to protect your website against known vulnerabilities. Without a functioning auto-updates mechanism in place, a periodic visual review and update of your WordPress installations become even more important.

Below is a real-world example of the WordPress auto-update process failing on a client’s account.

As of February 9th, 2018, I found that 75% of a single client’s 150ish WordPress installations were apparently stranded on the WordPress version 4.9.3 train, with apparently no sign of ever coming out the other side (as 4.9.4).

The solution for this WordPress auto-updates problem?

Review and update your version of WordPress to 4.9.4 as soon as you are able.

How do I update WordPress?

Log into your WordPress, hover over the top left menu item, “Dashboard, click “Updates“, then “Update now.”

Alternately, for a small fee, I can help you update your version of WordPress safely.

I likewise provide a human managed WordPress service plan in case you are in need of ongoing WordPress updates and security management.

Happy Updating!

Jim

How Do I Migrate WordPress to a Different Domain Name?

Changing the domain name on an existing WordPress installation or staging a WordPress website at a different location may seem daunting at first. But it’s really quite easy to do. And I’ll show you how.

Use case #1:

You’ve purchased a number of domain names for your website. And you wish to assign another of your domain names as the main domain people see in the web browser location bar when they visit your website.

Use case #2:

Your client has asked you to update their existing theme but would prefer you not edit their live website. Staging the website in a subdirectory within the current hosting account will allow you to work with the existing theme in a safe environment.

Use case #3:

You would like to move your website to another web host, but test your website at the new host before pointing the domain name to the new hosting account.

The process for making a backup of a WordPress website in preparation for a move to another hosting account or for staging purposes is rather straightforward.

Start by making a backup of your existing website files and database.

Backing up files and databases within cPanel is as simple as clicking Backup, then clicking two links:

Download a Home Directory Backup
then Download a MySQL Database Backup

Once you have a solid backup of files and database:

Set up a staging subdomain within your web hosting account like staging.at-your-domain.com, or use a different domain name entirely.
1. If you are installing your WordPress site within a subdirectory on a cPanel server, click the Addon Domains button.
2. If you are installing your WordPress site into the main directory on a cPanel server, click the Aliases button, and you’ll be all set in two clicks.
Then install WordPress into the new account or directory.
Rename the wp-config.php file for now.
We are doing this so that when you recover your site files you do not inadvertently overwrite the newly set up wp-config.php file.
Upload and extract your backup of files within to your staging directory.
Delete the wp-config.php file you just copied over from the live site and rename the wp-config.php file renamed in (3) above back to wp-config.php
The how to import a database part of the process can be a bit tricky the first time around.
1. Since you already have a working wp-config.php in place and a working database in place, use your FTP or your web host’s file editor to view the contents of your wp-config.php in order to obtain the database name.
2. Log into your PHPMyAdmin. Click on the database name at left. This will display a list of tables. Check all tables, choose the Drop option, then Go to drop all the tables.*
  *All you are doing here is removing the existing database tables in preparation for import.
3. And finally, click the Import option at the top, Choose File, select that database you downloaded to your computer earlier, then click Go.
If all goes well with the import you will have completed the initial staging setup process.

If you are setting up a development site using a domain name different than the original, just add these two lines in gray to the top of your wp-config.php.file (below the line “<?php”), example:*

<?php

define('WP_HOME',"http://{$_SERVER['SERVER_NAME']}/");
define('WP_SITEURL',"http://{$_SERVER['SERVER_NAME']}/");

* The WordPress.org website covers editing wp-config.php fairly nicely, in case you are interested in reviewing the technical bits.

Then visit your migrated website.
99% of the time the two lines of text above are all you need to do!

“So what’s this magic going on behind the scenes” you may ask?

Ok, I’ll let the rabbit out of the hat. The guts of your WordPress settings are maintained in the wp_options table. All this magical bit of gray text in #2 above does is override your siteurl settings in your database.
Presto magico!

Below is an example of the above how to migrate your WordPress website to a different domain name.

The original website with website address:
pharm.tvsecure.net

I copied the same website into a subdirectory of the same account for staging purposes, at:
/pharm-staging.tvsecure.net

and set the domain name pharm-staging.tvsecure.net to point to that subdirectory.

However, we had one obvious problem. Because the staging website was copied from pharm.tvsecure.net any attempt to visit pharm-staging.tvsecure.net resulted in an immediate redirect back to the original pharm.tvsecure.net domain.

Well, that’s annoying.
So, following step #2 above, I simply copy/pasted the two lines shown above into the top of my /pharm-staging.tvsecure.net/wp-config.php file, like this:

The result? When I go to pharm-staging.tvsecure.net the new website address pharm-staging.tvsecure.net I had staged earlier within the directory:
/pharm-staging.tvsecure.net appears nicely like this:

Well, that about covers the basics of migrating a WordPress website to a different domain name by copy/pasting two lines of text.

If you have suggestions or additions to this WordPress staging or migration related article please be sure to email me anytime, jim at HackRepair.com

Enjoy!

Community Blogging: A Short Guide

Yesterday a client asked me this question about WordPress guest editing and publishing (a.k.a. community blogging):

+++++

Hi, Jim. Wondering if you had any knowledge or ideas on the following.

I’m interested to find out whether there exists some sort of WordPress plug-in that would allow our readers to input a story and art directly into our site, and submit it to be published on our site. Once we got an email notification, we could edit it and publish it.

My thinking is that our readers could do some of the work for us, thus improving our coverage AND making our news more timely and relevant. My cursory Google search didn’t really turn up anything.

Any thoughts or direction on that?

+++++

So today I put my thinking cap on. And wrote this article to better answer his question on how to handle guest or community publishing:

WordPress is nicely suited to allowing readers the ability to post new content and media. And like any publishing platform, your prospective writer must first have an account on your website in order to post or edit articles respectively.

First, let’s add an “Author” to WordPress

Out of the box, WordPress allows you to add potential authors to your website. See the “Add New User” area within your WordPress Dashboard. Once you set your writer up with the role of “Author” that person will be able to add or edit his or her media and articles.

Maybe you have an article written and like to have a guest “Author” take over the editing of an article?
That’s easy! Within your list of “Posts”, use the Quick Edit option to assign the new “Author” to your article (picture at right).

About the “Author” role

An assigned “Author” will only be able to edit his or her articles and media.

The good.
An “Author” may only add or edit his or her article.
The not so good.
An “Author” may publish articles as he or she see’s fit, without restriction or editorial review.

In the example at right, I’ve set my “Author”, as username “archereditor1” to a single article. While the “Author” “archereditor1” may be able to view all posts or pages, he cannot edit any articles but his own.

But what if you would like to have finer control of the editorial process or simply prevent an “Author” from publishing?

There are a number of plugins available to do just that. Edit Flow, User Access Manager or Capability Manager Enhanced are solid options.

These WordPress plugins will help to ensure “Authors” are limited in regard to what they can do within your WordPress Dashboard.

* If you have some ambitious editor article writing goals, then I recommend checking out the Edit Flow plugin.

* If you wish to set up groups of writers and limit access to specific articles then User Access Manager should do the trick.

* If your goal is to allow a single “Author” the ability to write articles as he or she wishes, while retaining control of publishing, then Capability Manager Enhanced may work just fine.

With Capability Manager Enhanced, first set up your “Author” as described above (#1).

After installing the plugin, click the “Users” link within your WordPress dashboard, and you’ll see below that a new link option, “Capabilities“.

At first, you may be overwhelmed by all of the boxes; reminiscent of the days when Mom forced you to go to Bingo! with her and your baby brother on Friday nights (such simpler times…). But I digress. It’s a lot less complicated than it looks at first glance.

Just follow the numbers:

In #1 above, be sure to select “Author” then the Load button to start. Set other editing options as needed, then scroll down and click the Save button near the bottom of the page.

Once saved, your budding “Author” may write to his or hers heart’s content but will not be able to publish!

Oh, and the bonus feature:
Recall the note above on using Quick Edit to assign a given “Author” to an article?

Well, once Capability Manager Enhanced is installed, you may likewise assign your post or page “Author” via an option drop-down menu near the bottom of the page or post. The option setting appears like the picture at right.

All done!

I do hope you’ve found this article describing how to limit WordPress “Author” article writing and publishing helpful.

If you have suggestions or additions to this WordPress publishing related article please be sure to email me anytime, jim at HackRepair.com

Enjoy!

Pro tip.
Like to further reduce your guess Author’s dashboard options, check out the Remove Dashboard Access plugin.

___
Editorial reviewers – Thank you! Elizabeth Pampalone, Christina Hills, Joyce Walker

Is My Web Host Secure? Maybe not…

After running into a situation where a client’s web host was running years outdated software, I realized some of you might be operating under a false sense of security–about your security!

Many people believe that just because they set up their hosting account with a well-known shared hosting company that stuff magically updates on its own. This is far from the truth.

Same goes for folks who have their websites “self-installed” with cloud hosting providers. Suffice it to say, once “the installer” leaves the scene, the server software will not self-repair or auto-update itself…

Server management is much more involved, and requires greater expertise than just clicking a button to install Linux and WordPress. Server management is not generally automated, and if someone doesn’t handle it, you may find your “server” is years behind in updates–and then it’s already too late. – Mike D., TVCNet Server Admin.

IMHO, A quality shared host presents “security” as their core feature. And security requires constant vigilance (using both human eyes and hands, 24/7). Web servers are not self-managed devices. And for this reason, many websites are hacked due to the above lack of hands-on management. Seriously, web hosting is a complex business.

Bottomline, if you don’t have a salaried server administrator on staff, it’s your responsibility to periodically check what’s been installed by your host both PHP and web server software wise. And it’s your responsibility to keep your host on their toes and demand currency of software, updates, and service responsiveness.

If your web host can’t handle the responsibility of maintaining regular updates, it’s a rather easy process nowadays to just move on to one that “gets it”. The top three hosting companies, with whom I’ve worked extensively, make customer website security an absolute top priority. These companies are TVC.Net, SimpleHelix, or AceNet

So complain with your wallet – it’s the secure thing to do.

How do I check the server software versions running at my web host?

The easiest method is to upload a one line PHP script to your hosting account and then view the script through your web browser. For this article, we’ll focus on the PHP version number.

How to create a PHP info script:*

Create a blank text file on your computer.
Name it something like serverinfo-x.php
*Try not to name your script to something easily guessed at, like “phpinfo.php”
Add line of text and save:
```
<?php phpinfo(); ?>
```
Upload the file to the same directory as your home page.
Then view your PHP information at:
https://your-domain.com/serverinfo-x.php

Need help setting your site up for an SSL certificate (httpS://)?
I can help you with that today for a small one time fee.

Once you have the file open in your browser, look for the PHP version line, top of page.

You should be running PHP version 5.6 or above.

On a cPanel server, once you log in, look for a section on right or left named Server Information. An example below, with the two most important bits highlighted:

Note the Apache version shown above (click to enlarge).

You should be running Apache version 2.0 or above.

If you are running WordPress, the WP System Information plugin may provide the same web server software installed information as well.

So that about covers the basics in regard to what you should check server software versions wise. A web host running outdated software can be as great a security risk as running a years old version of WordPress, Joomla or other content management system.

If you need help or further explanation please feel free to call or chat with me anytime.

How to remove the subdirectory name from your WordPress website address

In this example of subdirectory redirection, we’ll be using .htaccess to properly redirect a website address such that both the website and WordPress dashboard load without the subdirectory name.

Our domain for this example will be “your-domain-name.com”

Within the public directory, often named public_html or html, you should see the following settings for a standard WordPress permalinks setup:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

The above works perfectly fine when your main domain name is located at the top of your public directory–not so well if your site is located in a subdirectory like “blog”

To enable your website to function properly within your blog subdirectory, but without showing the blog subdirectory name, we actually need to change three different files, shown in the picture at right:

The first file we’ll edit is the .htaccess file (contents shown above), to:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?your-domain-name.com$
RewriteCond %{REQUEST_URI} !^/blog/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /blog/$1
RewriteCond %{HTTP_HOST} ^(www.)?your-domain-name.com$
RewriteRule ^(/)?$ /blog/index.php [L] 
</IfModule>

The second will be the index.php file, from:

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp-blog-header.php' );

to:

/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/blog/wp-blog-header.php' );

And lastly, open the blog directory, then edit the .htaccess file within to:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>

# END WordPress

Updating these three files, as shown above, will accomplish two goals:

Display your website in the web browser location bar as the domain name only and not show the trailing subdirectory /blog

And allow you to access your WordPress dashboard as simply www.your-domain-name.com/wp-admin/ instead of www.your-domain-name.com/blog/wp-admin/

I hope you’ve found this short tutorial on how to set up a WordPress site within a subdirectory without displaying the subdirectory within Google search or the WordPress dashboard helpful.

If you have further questions please feel free to leave your comments or questions below.

Enjoy!