Posted on Leave a comment

Why Your WordPress Shouldn’t Be Online Without A Web Application Firewall (WAF)

Introduction:

If you are using WordPress as the platform for your website, you’ve already made a great choice. WordPress offers a user-friendly interface, excellent customization options, and an ever-growing community of developers and users. However, as the platform’s popularity continues to rise, so does its vulnerability to security threats. This is why implementing a Web Application Firewall (WAF) is an essential step to secure your WordPress site. In this post, we’ll discuss the importance of WAFs and how they help protect your site from malicious attacks.

1. What is a Web Application Firewall (WAF)?

A Web Application Firewall (WAF) is a security solution that monitors, filters, and blocks incoming traffic to your website based on a set of predefined rules. These rules are designed to protect your site from common web application attacks like SQL injection, cross-site scripting (XSS), and DDoS attacks, among others.

2. The Growing Threat Landscape

As the internet continues to evolve, the number of cyber threats is also increasing. Hackers are always searching for new ways to exploit vulnerabilities in websites and applications. WordPress, being one of the most popular content management systems, is a prime target for attackers. A WAF helps defend your site from these threats, ensuring that your data and user information remain secure.

3. Protecting Your Website and Users

A WAF doesn’t just protect your website; it also safeguards your users. If your site falls victim to a security breach, your users’ personal information may be compromised. By employing a WAF, you can reduce the risk of data breaches and maintain the trust of your audience.

4. Improved Performance and Site Speed

Some WAFs also offer features that optimize your website’s performance. By blocking malicious traffic, these WAFs reduce the server load and bandwidth consumption, resulting in a faster and more efficient website for your users.

5. Compliance with Industry Regulations

Depending on your industry, you may be required to comply with certain data security standards, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA). A WAF can help you achieve compliance by providing an additional layer of security to protect sensitive data.

6. Easy Integration with WordPress

Implementing a WAF with your WordPress site is simple, thanks to the numerous plugins and services available. Some popular options include Sucuri, Cloudflare, and Wordfence, which are all designed to seamlessly integrate with your WordPress site and offer real-time protection.

Conclusion:

In conclusion, a Web Application Firewall (WAF) is an essential security measure for every WordPress site. It protects your website from malicious attacks, keeps your users’ information safe, and helps maintain the overall performance and reliability of your site. Don’t put your WordPress site online without a WAF; it’s a crucial investment to ensure the success and security of your online presence.

Posted on 1 Comment

PHP Memory_Limit and Its Impact on WordPress Speed

Harness the Power of PHP Memory_Limit to Boost Your WordPress Performance

In today’s fast-paced digital world, having a swift and responsive website is crucial for user satisfaction and search engine optimization (SEO). One of the key aspects of WordPress performance is the PHP memory_limit setting. In this blog post, we’ll explore how PHP memory_limit affects your WordPress website speed, and what you can do to optimize it for better performance and SEO.

Section 1: Understanding PHP Memory_Limit

1.1 What is PHP Memory_Limit?

PHP memory_limit is a configuration setting that determines the maximum amount of memory a PHP script can consume. It is designed to prevent poorly written scripts from consuming excessive server resources and causing performance issues.

1.2 How PHP Memory_Limit Works with WordPress

WordPress is built using PHP, a popular scripting language used for web development. As such, the PHP memory_limit setting directly impacts the performance of your WordPress website. The more memory a WordPress site has access to, the faster it can process and execute scripts, leading to faster page load times and a better overall user experience.

Section 2: The Connection between PHP Memory_Limit and WordPress Speed

2.1 Why PHP Memory_Limit Matters

When a WordPress site has a low PHP memory_limit, it can cause slow page load times, errors, and even site crashes. By increasing the PHP memory_limit, you provide more resources for your site to work with, allowing it to process scripts more efficiently and improving site performance.

2.2 Signs Your WordPress Site Needs More Memory

Some indicators that your site could benefit from a higher PHP memory_limit include:

  • Slow page load times
  • Frequent “500 Internal Server Errors”
  • “Fatal Error: Allowed memory size exhausted” error messages

Section 3: How to Increase PHP Memory_Limit for Your WordPress Site

3.1 Check Your Current PHP Memory_Limit

Before you begin, it’s essential to know your current PHP memory_limit setting. You can do this by:

  1. Creating a phpinfo.php file in your WordPress root directory containing the following code: `<?php phpinfo(); ?>`
  2. Accessing the file through your browser (e.g., www.yourdomain.com/phpinfo.php)
  3. Locate the “memory_limit” value in the “Core” section

3.2 Ways to Increase PHP Memory_Limit

There are several methods to increase your PHP memory_limit:

  • Edit your php.ini file: Find the “memory_limit” line, increase the value, and save the changes. If you don’t have access to this file, contact your hosting provider.
  • Modify the .htaccess file: Add the following line to your .htaccess file in your WordPress root directory: `php_value memory_limit [NewValue]M`
  • Update your wp-config.php file: Add the following line to your wp-config.php file in your WordPress root directory: `define(‘WP_MEMORY_LIMIT’, ‘[NewValue]M’);`

Note: Replace [NewValue] with the desired memory limit value in megabytes (e.g., 256M).

4.1 Ideal PHP Memory_Limit Values

There is no one-size-fits-all solution for the ideal PHP memory_limit value, as it depends on factors such as your site’s complexity, traffic, and hosting environment. However, a general recommendation is to set the PHP memory_limit between 256M and 512M for optimal performance. If using things like Divi, Elementor Pro, or Beaver Builder your limit may want to be between 512M and 1024M with as high as 2048M depending on the additional plugins and size of the website.

Conclusion

In conclusion, optimizing your PHP memory_limit setting can significantly impact your WordPress site’s speed, performance, and overall user experience. By understanding how PHP memory_limit works, identifying signs that your site needs more memory, and implementing the appropriate adjustments, you can ensure a faster, more efficient, and more SEO-friendly website.

Posted on Leave a comment

Bait Spam Emails on the Rise

Bait Spam Emails on the Rise

Be on the look out for email messages that create a sense of urgency that you are going to lose something. They do this so you mind has a mini panic attack and all it takes is one second to no think clearer and you hand over your login details or make a payment to a fake website. 

Here is a good example, “Your domain abc.com WILL BE TERMINATED WITHING 24 HOURS” 

  1. Any company managing your domain registration will not type in ALL CAPS. It’s not professional. 
  2. In this example you can see the payment link is to a domainregister.ga, what and where on earth is a .GA from? A quick google search tells us that belongs to the country Gabon. An African country west of the Republic of the Congo.  ICANN WIKI  
Double check any website that wants you to give it money. 2020 was one of the worst years on record for hacking, scams, and fraud. I guess when you quarantine hackers they just have more time to think and plot. Be careful,  it’s a cold world out there, grab a coat. 
Posted on Leave a comment

Easy WP SMTP Plugin Zero-Day Vulnerability Found

Easy WP SMTP Exploit files

500,000+ Websites

Have this plugin currently installed and is currently being exploited by threat actors. 

The WordPress Easy WP SMTP plugin, which has 500,000+ active installations, fixed a zero-day vulnerability affecting version 1.4.2 and below that could allow an unauthenticated user to reset the admin password among other issues.

The Easy WP SMTP plugin has an optional debug log where it writes all email messages (headers and body) sent by the blog. It is located inside the plugin’s installation folder, “/wp-content/plugins/easy-wp-smtp/”. The log is a text file with a random name, e.g., 5fcdb91308506_debug_log.txt. The plugin’s folder doesn’t have any index.html file, hence on servers that have directory listing enabled, hackers can find and view the log:

easy wp smtp explaoit

Then, they perform the usual username enumeration scans to find the admin login name, for instance via the REST API:

Once they find the admin name all they need to do is request a password reset on the login screen and grab that email with the link to enter the new password. Boom they are in with Admin privileges.

A huge shoutout to The Ninja Technologies Network over at NinTechNet for finding this and notifying the developers to fix it before releasing the information.

WordPress Admin Password Reset
Posted on Leave a comment

Before Upgrading To WordPress 5.6 Do This So Your Site Doesn’t Break

5.6 Is Here But Will It Break Your Site?

Just in time for the holidays WordPress releases version 5.6 named “Simone” to the public. With it comes a few exciting new changes including the new Twenty Twenty One theme. The new theme seems to be following the trend of muted pastel colors that is growing rapidly in popularity. Along with this update is some upgrades to the block system in the Gutenberg editor and some other updates you can read here on the WordPress Site.  

different colors of twenty twenty one theme
Different presets for WordPress’s Twenty Twenty One theme

Before smashing that Update Button…

Just like with version 5.5 there are some jQuery updates in the version which was planned over three updates 5.5, 5.6 and 5.7. They have release a plugin to test your compatibility with 5.6 which you can install and run prior to making the major update.  The test plugin can be found here:  Test jQuery Updates Plugin.

With the update to WordPress 5.5, a migration tool known as jQuery-migrate was no longer enabled by default. This may lead to lacking functionality or unexpected behavior in some themes or plugins that run older code.

The Enable jQuery Migrate Helper plugin serves as a temporary solution, enabling the migration script for your site to give your plugin and theme authors some more time to update, and test, their code. With the update to WordPress 5.6, the included version of jQuery is also upgraded. This means that old code that previously caused warnings now may instead may cause errors or stop working entirely.

Twenty Twenty One Theme
Twenty Twenty One Theme

Not Sure If You Should Upgrade?

Not to worry, Help 4 WordPress has got your back. As experts in WordPress, we are here to help you. You might only need our help one time or you can have us on call 24 hours a day with one of our memberships. You can even choose us to host your WordPress site and then you will know it is optimized to run its fastest.

Posted on Leave a comment

How To Migrate WordPress from cPanel to a new cPanel

This guide will show you how to step-by-step migrate a WordPress website from your current cPanel to a different cPanel. There are many reasons why you would need to do this. You may have built the site for someone and need to migrate it to their own account. You could be moving from one hosting company to another. We will start off in the cPanel you are wanting to move your website out of. Let’s get started!

Step 1 Locate Your Current WordPress Files

We first need to make sure we are grabbing the correct files. An easy way is to locate the domains section and click on the Domains Icon. Once that loads up you will see all the domains attached to your cPanel and the Document Root the website files are located in. Simply click on the Document Root link and it will load in a new tab.

cPanel Domains Section
cPanel Domains List

Step 2 Identify Your Database Name

Now that we are in the folder that contains your website files we need to locate a file called “wp-config.php”. This file contains the name of the database your site is connected to. We want to grab a copy of the database but we have to know which one it is first. Please locate the file and right-click on it and select view. In my example below, you will see a line of text:
define( ‘DB_NAME’, ‘i6276752_wp4’ );

The database name my site is using is named: i6276752_wp4

Later we will download a copy of this. Save this information for later.

WordPress Files
WordPress Connection String

Step 3 Compress Your Files

We need to make sure hidden files are showing for this next step. In the File Manager, there is a settings button with a gear icon in the top right. Click on the gear and make sure to check the checkbox next to “Show hidden files.”

cPanel Hidden Files

Now we can click on “Select all” at the top of our screen and then click compress in the upper right of our screen. You can rename the file before completing this action. Remember to download this ZIP file.

Download a copy of your Database. cPanel > Backups (in files section). Select the Database name you identified earlier.

 

Step 4 Upload Your Files and Database

From the cPanel main screen. Find the software section and look for the “Select PHP Version” Icon.
1. This needs to match the PHP version you had on the other hosting plan. You can upgrade after you setup the website.
2. We want to increase max upload size in the options section.

 

cPanel > File Manager > go to folder ‘public_html’

Click on Upload button and drag your zip file and database file on to window. Leave the tab open and let file upload. Lets go back to cPanel main screen so we can restore the database.

cPanel Backup Wizard
MySQL restore on cPanel

Step 5 Add Database User and Connect to Database

Remember this information from step 1? We need to add the User and password and add the user to the database we want to use.

WordPress Connection String
cPanel User Privileges

Step 6 You’re Done

Posted on

Put Your Website On A Diet!

Are customers complaining about your website as being sluggish?

COVID-19 brings new challenges to the table. With the lockdowns, quarantine & surprise enrollment in homeschool, the internet has sustained a massive increase of people that would not normally be online. This has lead to massive congestion of internet traffic and frustrated end users.

How To Slim Down Your Homepage

Take a serious look at your homepage, the first page that loads when you go to your website. Review your entire page top to bottom. Look at all the information and mentally note pieces of information that are not absolutely needed to tell the customer what to do or where to go next. If your page is longer in length that two of your screen heights (top to bottom x2) We need to split your homepage into 2 parts. Part A and Part B.

Screen Height Example


  1. All that non-essential information needs to go on to Homepage B. (you will want to create a new page)
  2. Homepage A should have all the essential information needed for the customer to know what to do and where to go next.
  3. If there are any images you can remove, do so. If you have background videos playing I highly advise you to lose it for the time being.
  4. It is perfectly okay to have a note on Homepage A about how you have slimmed down your site and why.

Dear Customer, Our website looks a little different today. We are slimming down in order to ensure a site that loads quickly for you. The Internet has experienced heavy traffic and has slowed down since COVID-19 events started. Many people are home working online and students are video conferencing with teachers. The rest of our home page can be found by clicking this button over here. Thank you for your flexibilty.

Website being squeezed
Posted on Leave a comment

Updating Essential Add-ons for Elementor Just Borked My Site!

(Edited 10/19/2020)

So you updated Essential Add-ons for Elementor and your site just Borked (Broke) all which ways. CSS Slammed to the left side of the Page, One Module you used on half of the site is now just all over in the Template Box you put it in, or worse the whole site won’t load at all and you don’t have a backup. Well… You are in some luck as you have some things to try here. Never do we say things are over until we say they are, right! There’s always Help For WordPress on Help4WordPress.com too.

You will first want to go into your WordPress Dashboard and navigate like this WordPress Dashboard -> Essential Add-ons -> Tools -> JS Print Method ‘External File’ -> Save Settings. After this, I would suggest click Regenerate Assets just for good measure.

If that didn’t work then make sure you cleared the cache of your Content Delivery Network and also any Cache Plugins you have installed on the site. This will ensure all of the regenerating and clearing of internal files you did is cleared from their cache too. Most CDN’s will automatically grab your .js and .css files without any input from you to assist in making your site faster for users. It like most measures to assist in site speed have an inherent downside.

If all else fails then I am betting the people over at https://wpdeveloper.net/ will get you straightened out. If you have a Subscription Plan with https://help4wordpress.com though we will handle it for you and probably already know there is an issue. As we are on your site 24/7 monitoring and surfing through pages to see if errors occur.

*Disclaimer* The Help 4 Network and Help 4 WordPress Receive NO Referral or Paid Promotion for this post. We are just avid users and lovers of Elementor and the Various Plugins like Essential Add-ons for Elementor by WPDeveloper.net. Even when we hate it because it broke on us lol!

Posted on

Why are Web Hosts A Thing of WordPress Past

Lack of Help for WordPress

First off we are not saying the “Web Host” is going anywhere, just in the terms of WordPress their support or want to hear of, the end is vastly approaching. WordPress has always been a dirty word in the Web Hosting Industry as something No One EVERY wanted to support or even acknowledge they even knew about. With BLOGAID.NET sounding the alarm that yet another Web Host has thrown in the towel on WordPress Support and any Help for WordPress moving forward. I mean I doubt they are going cold turkey but who knows.

Also, the Help4 Network doesn’t have any of its assets inside of that network, but still. What are all of those users to do? Turn to random developers on the internet they have never heard of nor can get ahold of in the middle of the night? We are glad when people leave us reviews like THIS ONE that explain how great it is to be with a “Fully Managed WordPress Service” instead of just whoever they can find online or even the 4th cousin removed on your Great Uncle Vinnie’s side. Then you could always grab that college kid down the road who you think knows about websites because well he goes to college and has a newer phone than you.

The average time it takes to build a new website from the ground up is 7 – 60 days.

How long do you have to be offline in this economy?

Help for your WordPress can’t come soon enough. So the simple answer is “NO TIME”. You have ZERO TIME to be offline in this economy driven by the need to be fulfilled in the microsecond. Customers are on to the next website in under 10 seconds if your site isn’t fully loaded and less the 3-4 seconds if your site doesn’t start to load in a meaningful way. Meaning something to click on or worth looking at.

Users today want websites that engage them and get them on the next big thing they need and need it NOW! So that leaves you in a place where being offline even for 5 minutes can hurt and hurt bad. So why do I want to have a Web Hosting Provider that only hosts MY Website in one server in one room on the internet? Even if we are talking AWS we still have rebuild time. We still have yet even 1 User who could have spent that 1 million dollars ALL of US small business owners are looking for. Meaning we are still “SMALL BUSINESS OWNERS” and not 1 million dollars closer to retirement as most see themselves doing one day.

Help 4 WordPress employs “Load-Balancing Techniques” that others haven’t been employing and ensure YOUR WEBSITE isn’t just hosted on 1 Web Server, in 1 Room, of the Basement of 1 Building, with 3 -4 fiber connections at once with maybe 3-4 connections to that at most as well. You can see how the current thinking of “HOSTING SMALL-MEDIUM BUSINESSES” has stayed in the 1990s while the rest of technology has advanced.

The logic behind the “Self-Healing Hosting Network” is simple. Provide a Hosting Service that doesn’t rely on just one Hosting Provider to keep their hardware going…

We have taken 25+ Years of Networking, Computer Science, and just plain “GET IT DONE YESTERDAY” know-how and combined it into one company to create a balance of “Who knows what geek language that place just spoke but they are good” with “Those people are so friendly but couldn’t fix my website if I told them how” and brought you a team that will ensure your site is online all of the time once fully deployed to our “Self-Healing Hosting Network”. We can date ourselves, but We have been doing things since before there was YouTube and Google to help you find the information you need.

The way your site will operate is more like the way the larger enterprise sites operate. Meaning Customer A can visit your site and be routed to the Web Server C which is closest to them while Customers B & C are sent to Web Server A because that is closest to them. Wait what happens if to Customers B & C if Web Server A is offline or updating? Well, that’s why we have backups and failover built into everything we do. Web Server A is not just Web Server A. It is Web Server “A-1” which means if A-1 goes down A-2 jumps right in as its backup and so on. We can’t tell you for security purposes how many these can be as some packages and websites require us to help load this out pretty far depending on the size of the Web Site and the Amount of Traffic to it. So Help for WordPress in this situation can be very exhausting.

If I am a Small-Medium Business why do I want something that large?

Simply put. How else are you going to get there? How else are you going to sleep at night knowing your website is online and you have a team of geeks making sure you are staying ahead of the next technology issue inside of WordPress and figuring out how you will benefit from geeks who Help with WordPress? How else are you going to get less time on the phone figuring out who is at fault for fixing what on YOUR WEBSITE? Get more time running YOUR BUSINESS and less time on the PHONE with YOUR WEB HOSTING PROVIDER OR DEVELOPER OR SYSTEMS ADMINISTRATOR! Who has time for all of those calls and time to run your business? Why not pay one bill every month then let us pay all of the other bills with you just submitting tickets with us making it happen.

(Credit for Image) That feeling you get when you just say “Get it done.” and it gets done. Help4 WordPress is the Ultimate Help for WordPress there is.

Yes, you heard that right. One place and one call that has all of your Web Developers, Application Developers, Web Designs, Graphic Designers, System Administrators, and Security Pros in one place. No more 5 calls just to be told and figure out all along it was a problem with the first calls whatever you call it doohicky. Don’t waste yet another moment searching a million freelance websites and choose Help4 WordPress to be YOUR Help For WordPress moving forward. Trust the only company that treats even the Small Business as the Large Business so we can make your Business into that Large one tomorrow! Help4 WordPress.com

Your new I.T. Consultant, Web Developer, Hosting Consultant, Web Designer, Graphic Designer, Video Editor, and so much more in 1 Place!