Proactive WordPress Security Management for Pennies a Day

“Guarding against hackers it’s an art—not an automation”

security

Community Blogging: A Short Guide

Yesterday a client asked me this question about WordPress guest editing and publishing (a.k.a. community blogging):

+++++

Hi, Jim. Wondering if you had any knowledge or ideas on the following.

I’m interested to find out whether there exists some sort of WordPress plug-in that would allow our readers to input a story and art directly into our site, and submit it to be published on our site. Once we got an email notification, we could edit it and publish it.

My thinking is that our readers could do some of the work for us, thus improving our coverage AND making our news more timely and relevant. My cursory Google search didn’t really turn up anything.

Any thoughts or direction on that?

+++++

So today I put my thinking cap on. And wrote this article to better answer his question on how to handle guest or community publishing:

WordPress is nicely suited to allowing readers the ability to post new content and media. And like any publishing platform, your prospective writer must first have an account on your website in order to post or edit articles respectively.

 

1

First, let’s add an “Author” to WordPress

Out of the box, WordPress allows you to add potential authors to your website. See the “Add New User” area within your WordPress Dashboard. Once you set your writer up with the role of “Author” that person will be able to add or edit his or her media and articles.
Quick Edit Link

Maybe you have an article written and like to have a guest “Author” take over the editing of an article?
That’s easy! Within your list of “Posts”, use the Quick Edit option to assign the new “Author” to your article (picture at right).

About the “Author” role

An assigned “Author” will only be able to edit his or her articles and media.

  1. The good.
    An “Author” may only add or edit his or her article.
  2. The not so good.
    An “Author” may publish articles as he or she see’s fit, without restriction or editorial review.

In the example at right, I’ve set my “Author”, as username “archereditor1” to a single article. While the “Author” “archereditor1” may be able to view all posts or pages, he cannot edit any articles but his own.

 

1

But what if you would like to have finer control of the editorial process or simply prevent an “Author” from publishing?

There are a number of plugins available to do just that. Edit Flow, User Access Manager or Capability Manager Enhanced are solid options.

These WordPress plugins will help to ensure “Authors” are limited in regard to what they can do within your WordPress Dashboard.

* If you have some ambitious editor article writing goals, then I recommend checking out the Edit Flow plugin.

* If you wish to set up groups of writers and limit access to specific articles then User Access Manager should do the trick.

* If your goal is to allow a single “Author” the ability to write articles as he or she wishes, while retaining control of publishing, then Capability Manager Enhanced may work just fine.

 

Capability Manager Enhanced pluginWith Capability Manager Enhanced, first set up your “Author” as described above (#1).

After installing the plugin, click the “Users” link within your WordPress dashboard, and you’ll see below that a new link option, “Capabilities“.

 

At first, you may be overwhelmed by all of the boxes; reminiscent of the days when Mom forced you to go to Bingo! with her and your baby brother on Friday nights (such simpler times…). But I digress. It’s a lot less complicated than it looks at first glance.

Just follow the numbers:

Setting roles and capabilities

In #1 above, be sure to select “Author” then the Load button to start. Set other editing options as needed, then scroll down and click the Save button near the bottom of the page.

 

Submit for review onlyOnce saved, your budding “Author” may write to his or hers heart’s content but will not be able to publish!

Oh, and the bonus feature:
Recall the note above on using Quick Edit to assign a given “Author” to an article?

Well, once Capability Manager Enhanced is installed, you may likewise assign your post or page “Author” via an option drop-down menu near the bottom of the page or post. The option setting appears like the picture at right.Assign an Author

 

 

All done!

I do hope you’ve found this article describing how to limit WordPress “Author” article writing and publishing helpful.

If you have suggestions or additions to this WordPress publishing related article please be sure to email me anytime, jim at HackRepair.com

Enjoy!

 

Pro tip.
Like to further reduce your guess Author’s dashboard options, check out the Remove Dashboard Access plugin.

___
Editorial reviewers – Thank you! Elizabeth PampaloneChristina Hills, Joyce Walker

Is Your Mom Missing Her BUMM?

For most, website security is about as boring as watching paint dry. But you don’t have to be super smart to develop a reasonable website security plan.

My hope in this short website security article is to entertain and education you on how easy it can be to implement a basic website security plan for your website.

Do you have two minutes to learn whether your Mom is missing her BUMM?

 

BUMMer! You don't have a security plan?
BUMMer! You don’t have a security plan?

 

Let’s start with your BUMM

 

Backups

 

Updates

 

Maintenance

 

Monitor

 

 

Let’s face it, most of us are simply too overwhelmed with day to day “stuff” to worry about the “what ifs” of website security, including worrying about Mom’s blog…

So let’s fix your Mom up with a practical WordPress security plan.

 

Let’s Build Your WordPress Security Plan Today

 

Backups

Do you have at least one backup of your website files and database saved this week? Backups are your numero uno first line of defense against accidental or not so accidental damage to your WordPress blog.

You may not be able to control every aspect of your WordPress versions, plugins, or scripting, but you can easily control your backups schedule. The added benefit of regular backups is the “I’m so smart!” feeling you’ll experience in the event a WordPress update goes unexpectedly sideways.

 A daily and a weekly backup is recommended.

 Recommendation: Set BackWPup, Updraft Plus or Backup Buddy to back up your site to Google Drive or Dropbox. 

Articles: How to Set Up Google Drive For Backing Up Your WordPress Blog

 

Updates

WordPress version updates and plugin updates are a regular occurrence. Don’t ignore these. And if you maintain regular backups you’ll find that even a tragically failed update can be recovered from without too much pain and suffering. Theme updates can be a bit more problematic, though very important as well.

 Set a reminder in your calendar to update your WordPress blog and all plugins monthly, or more often if you can manage it.

 Set your calendar to plan a theme update every six months (if one is available).

 Recommendation: Try Google Now Reminders (for reminders)

 

Maintenance

Website maintenance, the “oopsy” aspect of website security tends to be overlooked by most budding WordPress bloggers. Periodic maintenance includes deleting inactive themes and inactive plugins no longer needed; easy enough to reinstall later so why take a chance. And old test blogs, development or staging sites, and scripts should be deleted if not actively maintained as well.

Surprisingly, a good percentage of websites are compromised every day due to folks dutifully maintaining their primary blog, but forgetting to delete the old test site or blog they had installed years before. Old scripts are hacker magnets.

 Don’t like hackers? Make sure to delete those old or inactive scripts.

 

Monitor (inside and out)

Monitoring is way easier than you might think. Services like Uptime Robot, Changedetection.com, and even Google Alerts are free, easy to setup monitoring options.

Every computer OS has a range of free to low-cost software for monitoring websites and content as well. There are no lack of free monitoring options, so if your excuse is, “website monitoring costs too much,” well, I have a secret for you, some of the best website monitors cost nothing but the three to five minutes required to set them up.

The question I hear most often regarding monitoring, is, “What do I monitor?
That’s a fair question. Content is one and uptime is the other.

I use Changedetection.com and Google Alerts to monitor my own website for text changes and my brand respectively. Anytime my website address is newly listed within Google I’m sent an email (from Google Alerts). If my site is compromised, and some hacker peeps decides to brag about their conquest and Google indexes their rants, I’ll receive a notice same day. Yes, hackers I’m watching you!

As for uptime, Uptime Robot is fairly accurate. Downtime happens. Though frequent downtime may be as much your fault as your web hosters server. Hackers can easily overwhelm most websites via botnets; available at your local Dark Net shop for a million hits per penny ($0.01). If your site is offline more often than normal that may mean you are being attacked. And if you are being attacked and the last time you logged into your blog was, “I can’t seem to remember the last time I logged in…,” well, that could be a hint.

Did I log in from China yesterday?
Hmm, I must have been sleep walking…

Internal monitoring? Absolutely! Monitoring who logs in and when can be one of the best proactive steps you can take in monitoring the security of your blog.  See the plugins Stream and WP Security Audit Log plugins for more details.

Recommendation: Test drive Uptime Robot, Changedetection.com, Google Alerts and Stream. You’ll be glad you did.

Articles: Video: How to monitor your website for malicious content using Google Alerts, How Can I Monitor File Changes Within My Website?

 

Following the general security plan items outlined above may just save you hours of future frustration and heartache. So get your BUMM up and help yourself, not the hackers!

HackGuard.com | Managed WordPress Update ServiceAnd if you simply don’t have the time to maintain a secure website and can afford 30 cents a day, HackGuard.com just may be the answer you are looking for. Call (619) 479-6637 today.

 

 Please pass this article along to a friend, family, or clients.
The acronym B.U.M.M is free for use and not trademarked.
This review is 100% affiliate link free. Plugin authors were not asked to contribute to this review. No monies were paid to write this article.

 

Proactive WordPress Security Management for Pennies a Day™

© Copyright 2018 HackGuard.com™, HackRepair.com™,
The Hack Repair Guy™, Hack Repair Guy™
Copyright and Trademark Statement | Privacy Policy

Call HackRepair.com for website security help, (619) 479-6637.
Content Approved By Jim Walker, The Hack Repair Guy