WordPress has become the most popular and user-friendly CMS available when compared to other content management platforms. However, its popularity does make it a target for hackers and spammers. Most people across the industry know how to secure a page but forget to focus on providing limited files and folder access too. Securing a page isn’t the only way to secure your website. If you are not limiting the access to files and folders your website will still be at risk. So let’s find out how one can secure their WordPress website by following these steps:

Block access to the WP-including folder
All Websites comprise of files and folders with different URLs. That means if one can get access to these URLs they can easily access your website. Accessing these would make it easy for the hackers to alter as well, but adding some additional code to the server configuration file would resolve the issue.

That way, if someone attempts access to these files, they would be redirected back out.

All you have to do is open .htaccess file and put a little code in it. The code will be as below:

Securing the wp-config.php

wp-config.php contains sensitive information about WP installation, including table prefix, secret keys and database access. Protecting wp-config.php will also beef up your wordpress security, one can protect this file by encrypting its content and denying access to it.

To protect your wp-config.php file, you will need to open the .htaccess file and paste the following code into it.

Protecting the .htaccess file

The .htaccess file plays a major role in securing the wp-config.php & wp-includes folder, so securing the .htaccess file is also equally as important as above two points.

Paste this code into the .htaccess file:

And with this simple code added to your .htaccess file would protect from the outside threat.

#Removing the file editor access

To do this, you need open up the wp-config.php file, then go to the end of the code and add the following one line code.

define(‘DISALLOW_FILE_EDIT’, true);

We all are aware of the phenomenal growth of eCommerce businesses in the past few years. The open source e-commerce plugin WooCommerce is popular among retail giants and is a free plugin in WordPress. Launched in 2011, thousands of businesses in the UK and throughout the World prefer this plugin over others options because of its reliability and long lasting support. Right from small to larger businesses, WooCommerce can be used to power all types of businesses. Here are some of the free extensions of WooCommerce you can use for your eCommerce requirements.

Google Analytics Integration Extension
Whether it is a simple website or an eCommerce store, everyone understands the value of the Google Analytics tool. It is easy to set it up on a simple WordPress website but when one has to integrate it to the commerce store it could be a challenge. WooCommerce offer the Google Analytics Integration Extension to help to fuse your Google Analytics Account into your online store. This facilty can easily track who buy from your store. Depending upon the statistics you can take the appropriate action for the improvements.

Jetpack
This is one of the most desirable extensions that WooCommerce provides from customising the theme to the security of your online store, it does it all. One needs to connect their self-hosted site to WordPress.com and then Jetpack will take care of everything else. It can provide site owners with glimpses of their traffic and stats in an easier way than GA.

Aftership
If one wants their customers to be able to track their order after shipment, Aftership can help track the order from source to destination. One needs to enter their tracking number and to see the entire movement of your order from source to destination with ease, and thus makes the shopping experience of your customers seamless. It provides real-time updates through UPS or any local carrier, paid plans provide this information through email as well.

AddShoppers
We all know that Social Media is the best way to promote a business and with the AddShoppers extension, one can easily share their products across social media. It shows ROI, clicks and more.

Product Details Customiser
If one wants to differentiate their online store then Product Details Customiser is the product for you. One can customise their product detail page and can take action to show/hide, images, details, related products, etc.

These are some WooCommerce extensions that WordPress provides and there are many others like these to help you to take your online store to new heights. Our team of web designers has years of experience working with WordPress and WooCommerce and can help your business to grow with a tailor made solution. If you are in Birmingham or Solihull and need an eCommerce solution for your business, phone us for a free no hassle meeting at your home or office!

In November Google announced that Safe browsing would protect us from social engineering attacks or in other words the deceptive tactics which can trick us to install unwanted software or revealing a user’s personal information – maybe a password, credit card or any other valuable information. Before sharing the announcement, we would love to explain few things about Social Engineering:

Understanding Social Engineering – Phishing and Deceptive Sites

Social engineering is basically a type of attack to the web user, by tricking them into doing something dangerous online. There are mainly two types of attack – Phishing and Deceptive. Phishing sites might trick users into revealing their personal information, and deceptive content such as an ad that might trick users into installing unwanted software.

Even if you don’t engage?
Yes, correct! You need to understand social engineering even if you don’t engage it because deceptive social engineering content may be included via images, resources embedded on the page, third-party components, or ads. Such deceptive content may trick site visitors into downloading unwanted software so when we talk about Google safe Browsing, it protects web users from these attacks by warning users on publisher pages that consistently display social engineering ads.

Additionally, hackers can take control of innocent sites and change the content of the site / add additional pages to the site, often with the intent of tricking visitors into parting with personal information such as credit card details.

You can find out if your site has been identified as a distributor of social engineering content by checking the Security Issues report in the Search Console.

Now lets go back to the Google announcement. The fight against unwanted software and social engineering is just beginning and will improve the Google’s Safe Browsing protection. Google will warn the users when they visit the site so if your site is flagged for containing social engineering content all you have to do is take the following these steps:

1. Verify in Search Console-
Check that only you are the owner of the site in Search Console and no other suspicious owner has been added. Check the Security Issues report to see if your site is listed as engaging in social engineering.

2. Remove deceptive content
Ensure that none of your website pages contain deceptive content and if found, remove them immediately.

3. Find third-party resources
Ensure that any images, ads, or resources on your site’s pages are not deceptive. Note that ad networks may rotate the ads shown on your site’s pages, therefore, you may need to refresh a page few times to see any social engineering ads appear or not.

4. Request a review
After removing all social engineering content you can request a security review in the Security Issues report and then wait for 2-3 days.

On a recent blog Google announced that from April 18, 2016 we will be updating its smartphone user agent Googlebot crawler to Android from iPhone. Google said it should have no impact on websites but if one is worried they should check their website with the Fetch and Render Tool in the Search Console. Google explained that reason behind this update is it wants to understand the pages that use newer web technologies. Google also recommended everyone should use feature detection and progressive enhancement so that your site can be viewed properly by a wide range of users and browsers.

The current Googlebot smartphone user-agent looks like

and the upcoming Googlebot user-agent which we are going to see from April 18, 2016 will look like

The AMP stands for Accelerated Mobile Pages which is not only being supported by the Google search but also by various other platforms. A valid AMP HTML version can direct mobile users to the cached AMP and pages with invalid AMP will not be eligible for some Search features. Just like the search engine optimisation same can be done in the case of AMP and some combined optimisation techniques can help AMP pages to load fast.

1. Keep third party javascript out of the path

Third party javascript likes to use synchronous javascript loading. Let us give you an example:

“If you have three ads and each ad does three synchronous loads with one second latency then just for javascript loading it will take 12 seconds.”

Although AMP pages in sandboxed iframes allow the third party javascript by banning them and thus can be used there.

2. Allow only asynchronous scripts

We all know that javascript is an amazing thing and can modify every aspect of the page but at the same time it can cause multiple delays in page rendering. So to avoid the page rendering one should use the asynchronous javascript. A carefully designed javascript under the hood can avoid performance degradation.

3. Use inline and size-bound CSS

Although the inline style sheet has maximum size of 50kb but this size is big enough for well sophisticated pages. In AMP pages online inline CSS is allowed, so by removing one or more HTTP requests from critical rendering path and improve the performance.

4. Efficient font triggering

Page with few synchronous scripts and style sheets waits to download the page font, so AMP system declares zero HTTP requests until fonts start downloading. So by proper font triggering one can get the efficient performance.

5. Instant Page Loading

The preconnect API is used to ensure HTTP requests fastly as soon they are made. With this, a page can be rendered before the user explicitly states they’d like to navigate to it; the page might already be available by the time the user actually selects it, leading to instant loading.

When AMP document get prerendered for instant loading, resources that might use a lot of CPU (like third-party iframes) do not get downloaded.

Yes, it happens when we compare the Search Console data with other seo tools data. Many of our clients had asked us in past that why their Search Console data doesn’t match the data from the rest of the SEO tools that we use to analyse the website traffic, impressions and more? If you too have such queries, then you might get yours resolved here.  

1. The Search Console does additional data processing to handle duplicate content, spam etc.
2. Some of the tools that we use to analyse the seo data track the traffic only from javascript enabled users.
3. Every tool has its own keyword defining strategies. Let’s consider some of the examples here.
   1. When you talk about the keywords added in the Search Console, they are the most significant keywords that Google has found on your website.
   2. When looking at Google AdWords it displays the results that most users have searched for.
   3. When considering Google Analytics, it combines both the properties of Search Console and Adword paid keywords.
4. Analytics track visits for websites that use correct javascript code.
5. Websites which don’t have the javascript code will be tracked in Search Console via the search result or if Google crawls your website.
6. Sometimes the search analytics doesn’t show all the data to protect the users privacy, this ensures that no one can’t obtain sensitive information.
7. If you own multiple hosts for your domain (for example, www.koenigwebdesign.com and koenigwebdesign.com), you might see your click and impression counts drop for each host because of the clicks count confusion.

If you have queries regarding your traffic analysis reports then don’t hesitate to contact one of our digital marketing experts by emailing the office.

Let’s move together at a rapid pace to enable your business to reach its potential customers and better engage existing ones.