A last-minute addition to the schedule, on Thursday, April 8, 10 members attended a site clinic through Zoom. Two members volunteered their sites for review.
Draft versus Published Pages
First up was Grace, with It’s All In My Head. Grace’s site is a WordPress.com site and is still a work in progress. The first task was to set the home page. Rather than a home page, it was displaying a page not found error message. This was because it had been set to be a static page (as opposed to the latest posts), but the home page field was blank. Grace found the page she wanted in her drafts, published it, and then made it the Home page using the customize settings.
We were reminded to not aim for perfection – sometimes it’s more important to having something online than to have it perfect. Also, the internet is not written in stone, things can be changed after they’ve been published.
Next up was Monica, with Crypto News Today which is using the SuperMag theme. Her first question was around widgets. Widget options are theme-dependent. Selecting a widget area will highlight the widgets in use – the edit pencil icon will appear. They can be reordered by using the up and down arrows in the list.
Her second question involved updating the existing affiliate links to her own links (she recently purchased the site). The only suggestion there was to change each one manually, as there is no good way to automate this or do it in bulk.
Another question was on how to make the site secure with HTTPS. Typing HTTPS manually in front of the URL worked, which suggested that the site did have HTTPS enabled but it wasn’t forcing a redirect from HTTP to HTTPS.
Other members advised to contact their host for support with fixing this. In this case, it’s a free host, which was recommended against (the exception being WordPress.com and even then only for personal use, not business).
A question came up about how to edit menus and create submenus. There are two ways to get to menus: through Appearance>Customize or through Appearance>Menus. It’s a matter of personal preference, but Menus gives you more control.
Monica asked how to create a submenu. Similar to widgets, the placement availability is theme-dependent. To create a sub-menu, you can simply drag and drop a menu item so that it’s below the menu you want.
A question was asked in the chat about two-factor authentication. It’s not enabled in WordPress by default, however, there are plugins available if you want this level of security on your site.
Cloudflare, A Tangent
Some questions about Cloudlare and DNS attacks came up and this discussion went on for a while. Cloudflare essentially presents a proxy of your website, only allowing users into the “real” site once they’ve been verified as humans, not bots. This prevents bots from causing your site to be taken down by overloading the server.
Security plug-ins can be set up to minimize admin login attempts. One way to avoid such attacks is to avoid using “admin” as the admin account username. Cloudflare lets you take that a level higher using a page rule that requires users to prove their humanity before getting to the login page. The free account allows for only a few page rules, but the statistics provided will help you determine if the attacks are targeted or random, and what pages are affected.
As for legitimate SEO bots (that are used by SEO tools such as Ahrefs and SEM Rush), you can decide if you want to give them access to your server.
WordFence does something similar, but it stops the attack once it hits your site, whereas Cloudflare stops them before they get to the site itself.
WordFence is an option for security, and UpDraft for backups. The free versions are sufficient for most users. itheme security is a paid security plug-in. BackupBuddy is an iTheme plugin for backups that will also do migrations, as will UpDraft Plus. iTheme are a reputable developer.
WordFence Login Security is the bare-bones version that will only prevent unauthorized logins. You should use the full WordFence version.
You register on Cloudflare and they will tell you what servers to point to. You then go to your provider, and change the settings accordingly. Cloudflare instructions are quite detailed and easily followed.
Sometimes you just have to give your DNS control to someone else to ensure security.
Jetpack will sometimes tell site owners their site is offline, when in fact it isn’t. Jetpack can also setup their own admin user on your site without your knowledge. Many members agreed that their advice is not to use Jetpack.
Do not allow plug-ins to automatically update. Always backup your site before updating anything, and read the release notes. Wait a while before updating to a release that ends in zero. It’s best to update once a month, following a full backup. One exception is if an update is released to address a critical security update, you should do the update as soon as possible.
The order you should work in is to update plug-ins first, then the theme, then WordPress itself. Then test your site to ensure that everything is working as it should be. If something is broken, you can restore the backup then go through each update to determine which change caused the break. It helps if the themes and plug-ins you’re using are reputable.