I love working with WordPress, but it does need some maintenance now and again.  WordPress software, plugins and even themes need to be updated periodically. Keeping your software current helps to keep hackers out and your WordPress installation running smoothly.

That’s why I’ve started a quarterly update service.  What’s included?  Every three months I backup the site. Then I update the WordPress software, plugins and themes. It just takes 15 minutes to half an hour per WordPress installation.

Once in awhile a plugin and the new version of WordPress don’t get along.  If there are any compatibility issues,  I’ll spend up to an hour attempting to fix the problem.  That rarely happens and when it does I can fix most issues within the hour.

Sound interesting?  If so, contact me.

I was very excited to work on the Natural Graze website.  Not only do I enjoy working with businesses on their first websites, there was a personal reason as well.  I grew up in Montana.  During my childhood my brother and I helped Dad gather hay bales and load them into the back of a pickup truck.  The huge load of hay would then be stored in the barn and used to feed the horses in the winter.  Imagine my surprise at learning there was a way to feed them sprouted food instead!  It’s easier. Less expensive.  Healthier.  Who knew?

When you visit the site, note the slideshow at the bottom of the home page.  (The photo of the rabbits is my favorite.)  This site also features a built in blog.   And isn’t the design lovely?  I’m not being immodest at all by pointing that out.  The website design is by the talented Sara L. Chapman of Art Squad Graphics.

Be sure to contact me if you’re starting a new business and want a website.

I spent yesterday afternoon helping a customer who’s WordPress website was hacked.  She’d done everything right.  Her login was not admin.  She had a tough password.   The WordPress software was current.  Despite all these efforts her website was hacked.

The website owner emailed me later and asked, “What the heck is the matter with people?”  It’s a good question.  Hackers are oblivious to the heartache that they cause small business owners.

There is a silver lining though.  As I worked the issue I went, as I always do, to my friend Google.  With every new discovery I’d type in a symptom of the hack.  Password changed.  Website title changed.  404 page rewritten.  Eventually I found a forum post discussing a similar hack.  About a dozen people worked this issue five months ago.  They talked about where the hacked code was in the WordPress database and in the WordPress files.  They documented what worked and didn’t work.  They discussed possible causes.  All of their hard work saved me hours of time.  Because of their advice, I was better able to fix the problem.  And hopefully, with their help, I’ve managed to lock the hacker out.

Next week I’ll write more about the hack and what helped.  Maybe it will save someone else time and money.  In the meantime, I’m so grateful for the help of my fellow bloggers and developers. They remind me about all that’s right with people.

Yesterday (4/11/2013) hackers staged a massive online attack against websites that use WordPress.  It affected websites and website hosts around the globe.

Utilizing a computer network, the hackers attempted break into WordPress dashboards by cracking the login username and password.  This was made easier by the fact that for years the default WP username has been admin.

How do you know if your WordPress site was hacked?

I haven’t seen any definitive answers to that question.  However a good place to start is to log into your WordPress dashboard.  Click on Users in the left column.  In most cases you should just see your login.  If you see a user you don’t recognize, let me know.

The good news is that I’ve been working on this all day and guess how many hacked sites I’ve seen?  Zero.  I’ve got my fingers crossed that it’ll stay that way!

What can you do to keep the hackers out?

Make sure that your password is nice and strong.  We’re not going for user-friendly with this.  We want long and complicated.  (click here to see more information about selecting a password)

Keep your WordPress software and plugins updated.  I’ve started a quarterly update service.  Let me know if you’re interested in that.

If you’re using admin as a user name that should be changed.  This can be a little tricky so contact me if you need help.  If you want to do this yourself log into the dashboard and select Users.  You’ll want to add a new administrative user.  (Remember to make a strong password and a username that’s not easy to guess.)  Once that’s created you can change your old user to subscriber status.  The caveat here is that users must have distinct email addresses.  So if you only have one email address this won’t work.  Not to worry though, let me know and I can change your existing admin into something else by updating the database itself.

You can find more information about this issue on my Facebook page.

Yesterday there was an automated, global attack against WordPress installations.  The attack is against the log in page for WordPress installations.  An automated script is reaching and trying crack the password.  I haven’t yet heard about what the hackers do if they get into sites.

What can you do to keep your site safe?  One thing is to beef up your WordPress password.  Here’s a information about what makes a safe password.

Let me know if you need help updating your password or if you suspect your WordPress site has been hacked.

I just got off the phone with a customer who was trying to upgrade the Fast Secure Contact Form plugin to 3.1.8.2.  She has two WordPress installations and while the upgrade looked like it worked, there was a problem each time.

What happened with her site?  She’s using the plugin to make a contact form in every page of her site.  The broken update caused the pages to hang as they were trying to load.  About half the time the pages of her site wouldn’t load at all.   I reinstalled the plugin and now things are back to normal.

I do not recommend updating the plugin at this time.  Hopefully the people who make the plugin will fix this issue and release a new version.

Over the last few weeks I’ve been working on changing a Joomla site into a WordPress site.   The Joomla theme used on the website has a WordPress counterpart.  It uses the Gantry Framework. What is that, you ask? The Gantry Framework allows different pages to have different layouts, colors and sidebars.  It makes for a flexible website.

When you log into the theme’s control panel you’ll see that there are default settings.  Each new page that you make is going to follow the default look, colors and sidebars. That is, unless you use a custom style for the page.

I’ll leave the creation of custom styles (called custom overrides) for another day.  For today’s lesson, let’s assume that various custom styles have been set up.  To see them click on the down arrow on the right of the Default Settings button.  Once you’ve selected  one of the styles/overrides you’ll see a new menu that includes Assignments.

Click on the Assignments tab and you’ll see lists of pages, template types, menu items and posts.  Click on the box beside an item that you want to add to a custom style.  Click Add to Assigned and then the Save Changes button at the top of the page.

That’s all there is to it. You’ve just used the Gantry Framework to change the look and feel of a WordPress page.

I’ve been using the WP Mobile Detector plugin on WordPress sites for some time now.  It’s a nifty plugin that makes WordPress sites mobile friendly.   However their latest version has something they call “Mobile Ad Support.”  What they mean is that if you use the free version of their plugin, your site will show mobile ads on behalf of the plugin developers!

If you go to their website and really hunt for it you’ll find this statement, “It takes a lot of time and effort to develop and maintain this open source project. To sustain the project, the free version shows mobile ads on the mobile website.”

Here’s the thing, there’s nothing wrong with the plugin developers wanting to get something back for all their hard work as long as they’re up front about it.  Sadly, that’s not how this issue was handled.  The plugin should state plainly that the free version contains ads.  State it on the FAQ and include it in the product description.  Anything else appears dishonest and sneaky.

I looked at the professional version of the plugin.  While I’m sure it works great, there are two problems.  It’s a spendy, little thing at $50 per domain.  Secondly, there’s now a trust issue.  Today there are ads included in the plugin with no notice or announcement.  What are they going to do next?  Nope.  I’ll be looking for another plugin.

Today I’m working on a WordPress site that’s running a plugin that tracks all the 404 errors on the site.  A 404 error occurs when someone types in a website address that doesn’t work.  Maybe the page was taken down or maybe the URL changed.  That’s all pretty common.  However I was shocked when I saw what the plugin was recording.

There over 20 pages like this.  These aren’t people looking for website pages that are no longer there.  These are hacking systems trolling this website for vulnerabilities.  They’re looking for old WordPress plugins, old versions of PHP and who knows what else.

It’s important that you know this website was NOT hacked.  That’s the good news.  The bad news is that there are a lot of bad people out there on the web.