WP Engine: The Best Managed WordPress Hosting

Choosing a hosting provider for your WordPress website is an important decision. In this article we will discuss some of the excellent features offered by WP Engine’s managed hosting service and why we recommend them to every client.

What is Managed WordPress Hosting?

Managed WordPress hosts specialize in hosting WordPress websites specifically and they offer special features like caching, staging for updates, easy backups and restores, and speed enhancements. They are generally helpful with WordPress issues, and they often have additional security features that other hosts don’t have. This is very different than traditional shared hosting where you simply rent storage on a server which may or may not be well designed to work with specific platforms or technology, and where you may feel left on your own if your site is hacked or you have a WordPress specific question.

When you should consider switching hosts:

When you start a new blog/website it’s normal not to think about things like server performance, traffic and security and often people looking for hosting only consider cost. You want to worry about the site’s appearance and what content to publish rather than the technical underpinnings of the server hosting your site, and that’s totally understandable. Often it is only after the site’s been up for sometime that issues with your server will begin to arise, and you may start to wonder about your choice of web hosing. Maybe your site slows down or you have down time, or goodness forbid your site gets hacked. Good quality managed WordPress hosting guards against these issues, and even though it tends to be a bit more expensive, it can save you a lot of hassle, and even money, in the long run.

Why is WP Engine the Best WordPress Hosting?

1. Designed for WordPress

WP Engine’s WordPress hosting is designed and optimized for WordPress websites specifically. They take care of every single piece of server optimization to ensure your website is living on the most fastest and best WordPress hosting platform possible.

2. The Best Customer & Technical Support

WP Engine’s technical team and customer support consist of WordPress developers and trained experts. The WP Engine support team is available 24/7 via phone, chat or support tickets. We can not emphasize enough how valuable it is to have a smart and knowledgable support team available for you (and your website) at any time. They are also extremely professional and friendly!

3. The Best Security

WP Engine takes security very seriously. They monitor server traffic 24/7 and are able to prevent malicious traffic and attacks. In addition to real time monitoring and finely tuned server security, all WP Engine plans include daily backups and 1-click restore points. With WP Engine you are only 1-click away from your site being restored to a prior state if anything goes wrong.

4. Speed!

The WP Engine architecture and caching system ensures your site will perform at optimal speed and their architecture is continuously improved to reduce site load time. Additionally WP Engine can make use of a Content Delivery Network (CDN) to distribute your site data across a global network of servers to reduce geographic distance between your site visitors and your website data if you server a global audience.

5. One-Click Staging Websites

We can not emphasize enough what a valuable tool the one-click staging feature is. We LOVE it! A staging website is basically a copy or clone of your live website. One of the reasons we love the staging environment is that it gives our clients are safe and easy place to try out core and plugin updates or plugin additions before changing things on their live websites. This way, clients can take control of their own updates while maintaining confidence that those updates will not break any functionality on their live website.

TLC with WP Engine ♥

Your website is very much like a living thing. It needs care and love and maintenance. You probably spent many thousands of dollars investing in your new website, and you want your users to enjoy a fast and reliable experience when they visit it, while you want to maintain it in as pain-free a way as possible. This is where WP Engine comes in.

In closing, it may seem like spending $29/month on hosting is a lot, and with plans starting at $29/month WP Engine is not a “cheap” hosting solution. But with all of the great features, performance and support that WP Engine can offer, we believe that it is an excellent value.

WP Engine

SSL and HTTPS – Everything You Need to Know

What is SSL?

SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser (e.g., Chrome, Safari, Internet Explorer); or a mail server and a mail client (e.g., Outlook).

Originally HTTPS was designed to allow for sensitive information to be safely exchanged over the internet, today it is a best practice for all websites.

Here are the top four reasons why every new website being built today should be served over HTTPS:

  • SEO – Search engines have started to rank sites that are served over HTTPS higher than comparable HTTP sites
  • Trust & Security – HTTPS makes man-in-the-middle attacks much more difficult and establishes a level of trust with the server you are connecting to
  • Surveillance – The rise of government surveillance, both foreign and domestic
  • It’s easy! Setting up HTTPS is now generally easy to do and SSL certificates can now be purchased and installed for free

How SSL Works

The lack of encryption with http:// URLs makes it very unsafe to browse and interact with websites that contain sensitive information, like bank websites, shopping websites, or any website that you login to, and especially any website where you enter a credit card number.When you visit a website at an http:// URL, information is sent through the network (“over the wire”) unencrypted, and you have no guarantee that the server you are connecting to at the other end is actually the server you think it is.

The https:// protocol solves these problems by forcing the network packets to be encrypted and guaranteeing via a third-party that the server on the other end is the one and only valid server for that URL. HTTPS makes man-in-the-middle attacks far more difficult and establishes a level of trust with the server you are connecting to.

The Certificate Authority

The third-party that establishes this trust is the “Certificate Authority”. The Certificate Authority sells SSL certificates and creates the network “handshake” that happens when connecting to a website. This way you can be sure when browsing over HTTPS that the server you are connecting to is the server you are asking for, and that any network packets you pass back and forth will be encrypted.

How to Implement SSL

The process of purchasing and installing an SSL certificate is generally very simple, and many web hosts will both sell and install SSL certificates in one step. You can also purchase an SSL certificate yourself from a certificate authority like RapidSSL and then ask your host to install it for you.

Although SSL certificates can still be expensive when purchased through certain certificate authorities, a new initiative led by a group of the biggest internet companies in the world called Let’s Encrypt is promising to provide top notch SSL certificates for free. As of January 2016 this service is in public beta, but very soon it will be the go to place for acquiring free SSL certificates.

Standard vs. Wildcard SSL Certificates

The only decision a potential SSL certificate purchaser needs to make is whether to get a standard SSL certificate or a special SSL certificate called a wildcard certificate. Standard SSL certificates protect a single domain like mightyminnow.com but don’t protect subdomains like hello.mightyminnow.com, whereas wildcard certificates can protect one level deep into subdomains. If your domain name has any subdomains that you want to serve over HTTPS, you’ll want to purchase a wildcard certificate.

What Now?

If you want your website to be more secure, better trusted and better “liked” by Google – consider purchasing and configuring an SSL certificate.

Google’s Mobile-Friendly Search Algorithm

Mobile-Friendly Search ResultMobile internet usage continues to grow. In fact, global internet usage on mobile devices has surpassed desktop internet usage in 2014 according to ComScore. We at MIGHTYminnow have been early adopters of mobile-friendly standards, and currently ensure our client’s websites are developed to be responsive. A responsive website displays beautifully on devices of all sizes and offers no barrier for user interaction and engagement on mobile devices.

Since Google’s search results are always about relevance, it makes perfect sense that they would serve search results to mobile device users that are mobile-friendly. This is exactly what Google will begin doing on April 21st when Google launches their mobile search algorithm, which will consider mobile friendliness as a ranking factor. Currently Google’s mobile search results include a handy label next to mobile-friendly sites letting users know that these sites will display well on their device. The next step will actually favor mobile sites in the search results. This means that if your website is not mobile-friendly, mobile users will have a hard time finding your website through Google search on a mobile device.

To find out if you website is mobile-friendly, try Google’s Mobile-Friendly Test.

Need help making your website responsive? Have questions? Contact us!

Victory! The Net Neutrality Ruling

NetNeutralityHip, hip, hooray! The FCC has saved the day… or more precisely the internet. Today the FCC voted in favor of Net Neutrality which classifies access to broadband as a telecommunications service. Specifically, internet service providers have been classified as “common carriers” under Title II of the Communications Act of 1934, the same classification given to public utilities and telecommunications provers. Under this ruling all data on the internet will continue to be treated equally, thus preserving the data equality that has inspired and spawned endless services, applications and communication channels that are available today.

This is no more a plan to regulate the Internet than the First Amendment is a plan to regulate free speech. They both stand for the same concept.

– Tom Wheeler, FCC Chairman

For Love. Part Two.

This is the continuation of “For Love. Part One.

The Time(s)

First, I’ll tell you that all told, making a new, responsive, beautiful (if we do say so ourselves) website for Rocket Dog took over 200 hours. But I’m getting ahead of myself.

The Design: Adobe Flash & Photoshop

Some time ago, we received a great Flash animation for Rocket Dog that was created by a talented designer and animator named Justin Klein. Kathy Allbright, of Allbright Design, then took that animation and created some sketches of what she thought a new website for Rocket Dog might look like, where she included Justin’s great animation in the masthead. Then time passed. Quite a bit of time, honestly, because 200+ hours (of unbillable time) is difficult to find. Unless you make it a priority. A real, concrete, front-of-the-line priority. Which is what we did, this summer. We made making Rocket Dog Rescue a shiny new website into our top priority.

The Process

Choosing Technology

Platform: WordPress

wordpress logoAt MIGHTYminnow, we like to build websites with WordPress. We do this because our clients find WordPress websites easy to maintain and we find them fun and (relatively speaking) easy to build. For some things we think other CMS’s are appropriate (or even better), but for a nonprofit like Rocket Dog Rescue, WordPress is the perfect solution. Using custom post types and Toolset’s Types and Views Plugin, it is easy(ish) for us to build in a structure that makes it simple for RDR volunteers to add dogs and success stories, place or remove slides on the home page slide show, feature news items and especially promote the dogs they have saved (and are trying to place) and highlight the adoption events they hold every month.

Framework: Genesis (plus Cobalt Genesis Extender)

On top of WordPress, we like to add the Genesis Framework. Genesis is great because it has one, two and three column layouts built in to every theme, the home page is pretty easy to lay out (especially if you add Dynamik or Genesis Extender), and many of the base themes are already responsive.

Base Theme: Genesis, but Mobile First

Mobile First Child Theme for Genesis 2.0All that said, one of our preferences is to have our responsive themes use media queries in a “mobile first” way, and therefore to have phones and tablets only load the styles that are relevant to them, with the style sheet defining the universal rules (that apply to all screen resolutions) first, then working its way up to rules that are specific to larger displays. Simply put: we like our theme to load as quickly and efficiently as possible, especially on mobile devices. Genesis has a base child theme that is great, but we decided to rework it to be mobile first. Enter our new Genesis Mobile First Child Theme. This Genesis child theme is what we used as a basis for the Rocket Dog site, but we also made the reworked version available to our community online.

Wireframing / Designopment*

MIGHTYminnow usually follows an approach to website design and development that we call Discover * Develop * Design * Theme. In most cases we first build a website with a “brown paper wrapper” type look, holding off on colors and other design elements, and instead just focusing on getting all of the blocks in the right spots on the page. That’s step one. We then take this plain Jane website (all blocked out and signed off by the client) and we send it to a designer to create a look and feel using Photoshop. We find that giving the designer an actual website to design from makes their job easier and minimizes the number of revisions we need to make, since the layout and visual hierarchy of the page are already established. Even for responsive sites, we usually just ask our designers to submit a desktop design. We then use this base design to extrapolate mobile elements and modifications during our theming phase, working back-and-forth with the designer as needed to decide how the site will reflow on different devices and at different breakpoints.

homeWe followed this process to some extent with the Rocket Dog redesign, but because we were using pre-exisiting sketches from Allbright Design and because we were doing a lot of “design in browser” or “design in Live View of Dreamweaver” to style elements that were not present in the Photoshop comps, what would normally be an un-styled wireframe started to take on a design pretty early in the process. The one place we really “wireframed” before theming was on the home page, where we used Genesis Extender to lay out all of the boxes and then start feeding in the content so that we could determine how the design sketches should be adapted to the real world needs of the client. A lot of the design elements were created in tandem with the development, using a collaborative approach that allowed us to build the features and determine the design for them as we went.

The idea of designing as you go, especially as it relates to responsive breakpoints and media queries is an idea Ethan Marcotte jokingly called “designopment,” about which he says:

Our goal is to get beyond the pixel limitations of Photoshop, and begin building a design that can flex and grow inside a changing browser window, that can scale to different devices. So the development team quickly begins producing a responsive design: converting the fixed grid into a fluid one, discussing ways to flexibly handle different types of media, and then finally applying the media queries that adapt our design to different resolution ranges.

Ethan Marcotte

This is the approach that we took with the Rocket Dog Rescue redesign, and we think this approach works very well. We hope you agree, and we’d be happy to get feedback on our efforts (on behalf of the dogs). More about our process in part three of this post, coming soon…

« Part One

For Love. Part One.

We are a small company. MIGHTYminnow, small but strong. That’s sort of our unofficial tagline. And at our size, the bottom line is a real consideration. Rent, payroll, expenses… Estimates, calculations, hours, invoices… These mechanisms (which we sometimes find quite tedious, in all honesty) are necessary components of our day-to-day. They are the business counterparts to the creative and technical work we really love to do.

We love making websites. Especially websites that can be easily maintained and that work well on every device and at every size. But making websites takes time and expertise, and for the reasons mentioned above, this usually costs money. Done well, with proper time and care, with tailoring for devices and screen resolutions, it can cost a lot of money.

So here’s the big reveal. And we’re nervous to tell you this, but here goes.

Sometimes money isn’t our motivation. Sometimes we do things for love. (And by “things” I don’t mean sprinkling rose petals on the bedspread, I still mean making websites.) Sometimes we make websites, for love.

Enter Rocket Dog Rescue

rdr-logoMIGHTYminnow and Rocket Dog Rescue have had a long relationship. We haven’t been with them since the start, but we’ve been making them websites since 2007 and in web years (or dog years), that’s a long time. Like MIGHTYminnow, Rocket Dog has an unofficial tagline: for the love of a dog. That’s why they do what they do, and they make nary a dime doing it (in fact, we’re sure it costs them pretty dearly). Out of the depths of their giant hearts, they find the strength to get up every day and rescue – meaning save the lives of – dogs who are destined, by no fault of their own, to be euthanized. That’s huge, generous, and amazing. Rocket Dog saves, one after the other, abused, neglected and abandoned dogs, and to date their courageous and loving volunteers have saved over SIX THOUSAND DOGS. That’s truly inspiring.

It inspires us, and we feel that Rocket Dog deserves all the help it can get. We also believe that the dogs Rocket Dog is working to save *really* deserve all the help they can get. And one of the things that we feel could help Rocket Dog to save more dogs is to have a really great website where people can see the dogs that are up for adoption (or who need a foster home), read their stories, connect with their photos, and see all of the vital information about each dog. And we believe that this website should be beautiful, functional, mobile phone and tablet friendly and overall awesome.

So we made them one…

Part Two »

Bay Area Web Freelancers are SMART!

Last night we hosted the latest Bay Area Web Freelancers’ Meetup, where we shared tools of our trade. Everyone who had something to share just plugged into the projector and showed off the stuff they like. We already have better productivity, less eye strain, safer WordPress sites and an overall better outlook.

Below are the tools that were shared, and thanks to Luke McCormick for making the list!

Alfred

http://www.alfredapp.com/
Alfred is a productivity application for Mac OS X, which aims to save you time in searching your local computer and the web.

MacVim

https://code.google.com/p/macvim/
MacVim is the text editor Vim for Mac OS X.

Moom

http://manytricks.com/moom/
Tool to easily arrange windows on Mac using your keyboard

Bug Herd

http://www.bugherd.com/
Allows you to bug track by placing pins on your website where issues exist and assigning those issues to teammates

Trello

https://trello.com/
Collaborative organizing tool. Similar to Asana or Eventbrite?

Push Pin Planner

http://pushpinplanner.com/
For resource planning

helpful in managing the time allocation of a team

Blog Vault

http://blogvault.net/
Wordpress website backups

Web Flow

https://webflow.com/
New responsive web design tool no one has tried yet. Similar to Adobe Edge Reflow?

Node JS

http://nodejs.org/
For building scalable network applications in JavaScript.

Yeoman

http://yeoman.io/
Comprised of three tools for improving your productivity and satisfaction when building a web app: yo (the scaffolding tool), grunt (the build tool) and bower (for package management).

Yo

https://github.com/yeoman/yo
CLI tool for scaffolding out Yeoman projects.

Grunt

http://gruntjs.com/
An automated JavaScript task runner.

Bower

http://bower.io/
Package manager by Twitter.

Code Kit

https://incident57.com/codekit/
Steroids for (front end) web developers.

Phabricator

http://phabricator.org/
Bug tracker from Facebook. Includes code review, wiki and more.

WorkFlowy

https://workflowy.com/
Way to organize your brain into nested lists.

Sublime Text

http://www.sublimetext.com/
Sublime Text is a sophisticated text editor for code, markup and prose.

Emmet

http://emmet.io/
Sublime plugin to improve html/css workflow.

Sublime SFTP

http://wbond.net/sublime_packages/sftp
Adds direct SFTP access to Sublime.

Underscore.js

http://underscorejs.org/
A JavaScript utility library.

Lo-Dash

http://lodash.com/
A low level utility library delivering consistency, customization, performance, and extra features.

D3

http://d3js.org/
A JavaScript library for manipulating documents based on data using HTML, SVG and CSS.

JS Bin

http://jsbin.com/welcome/1/edit
JS Bin is a JavaScript, HTML and CSS playground.

JS Fiddle

http://jsfiddle.net/
JavaScript and CSS testing interface.

Bit Bucket

https://bitbucket.org/
Like Github, but private and free, from the Jira people.

Groundwork

http://groundwork.sidereel.com/
Responsive design framework.

Font Awesome

http://fontawesome.github.io/Fo…
Font-based icons.

Chrometa

https://app.chrometa.com
Automatically track of your time, especially billable time.

Flux

http://justgetflux.com/
Automatically adjust your computer’s brightness and color palette based on time of day to ease eye strain.

One Tab

https://chrome.google.com/websto…
Collect Chome tabs into a drop down menu to simplify your interface and save memory.

Org Mode

http://orgmode.org/
An Emacs add-in for keeping outlines of notes.

Linode

https://www.linode.com/
Xen VPS web hosting company.

Digital Ocean

https://www.digitalocean.com/
Scalable SSD cloud virtual servers.

Amazon Web Services

http://aws.amazon.com/
Scalable computing platform (hosting).

Why WordPress?

Sometimes MIGHTYminnow gets the question, “Why do you guys use WordPress?”

First, CMS (Content Management System) based websites are easier to maintain than “static” websites. WordPress is one choice of CMS and there are tons of other CMSs on the (open source) market. While no CMS is the perfect answer for every website, we find WordPress to be a great fit for most of our clients. The why is simple:

WordPress is easy for developers to use

In the old days, we used to write out in prose what content of the home page for a new website would be, and give that straight to a designer to draw. We used to create an outline of the pages in MS Word to show the site structure. We used to do sketches in OmniGraffle of what the various content blocks would be. In those good / bad old days, there were a lot of documents and a lot of extrapolation happening about how a site would be architected and how it would function. But now, with WordPress, it is just as easy (or more so) to do all of that planning work and architectural sketching by creating an actual, working website. We get a development website up and running at the earliest possible point we can in the website project process, so that everyone can see how it will be organized and what content will be included. From there, it is really easy to make changes in real time so that we can collaborate effortlessly with our clients on something that they can actually see and that feels like a website to them from the start. This process leads to better communication and *way* fewer design revisions later in in the process.

WordPress is Easy for clients / business owners to use

Our clients want to maintain their own websites. Since most of them write their own content, it makes sense for them just to add that content to their websites themselves. In the old days, we used to have to train our clients on complex web development software (over a course of *days*) in order for them to be able to make simple content changes. And then we had to worry because it was so much easier for things to go haywire. With WordPress, web editors don’t need days of training, nor do they have to be HTML experts to be able to update their websites. The visual editor within WordPress allows even computer novices to easily edit and change the content and images on their websites using a word processing approach that feels familiar. In other words, WordPress gives users the power to maintain their own websites without the ongoing (and unnecessary) expense of a web developer.

WordPress is extensible

WordPress uses a plugin architecture that allows for developers all over the world to create and publish new features and designs for anyone to use. Open source (read “free”) and premium (read “paid”) plugins and themes allow WordPress users to quickly and (in most cases) simply, expand the functionality of their websites. For instance, if you have a restaurant with live music and you would like to post the events you host on your site, there are plugins that easily allow you to add, manage and promote these events, provide event details, and even sell tickets. (We recommend Events Manager / Events Manager Pro, which we use for class registrations on this site!) And because this is a smart CMS, you can even set events to stop showing up after they have passed, thus lessening the number of things you have to remember to go in and update on an ongoing basis. As another example, if you are a photographer and would like to include galleries of your work on your website, there are plugins upon plugins that allow you to create beautiful and easy to navigate showcases for your work. (We recommend Nextgen gallery to start.) There are even themes that specialize in presenting portfolio pieces. There are plugins and themes that accomodate just about any type of website or feature you can imagine, and there are thousands (mostly free) to choose from.

WordPress free and open source

WordPress is an open source CMS. This means that the software is available to use for free, the code is public, and the contributors to the software do so (mostly) out of the goodness of their hearts. The creation and continuation of the software is a collaborative effort of a vast community, and it is actively enhanced, maintained, and made more secure by that community all the time. And because the core software (and most of the plugins and themes) cost nothing, you can build your own custom WordPress site for just the cost of web hosting and your domain name.

WordPress is SEO friendly

WordPress has many features that you can use to make your site more SEO friendly. Since WordPress makes it easy to expand your site by adding new pages and blog posts, most WordPress sites grow over time, which Search Engines like. Because most theme code is light and clean, pages tend to load quickly and be easy for Search Engines to understand. Because analytics tools like Google Analytics and Jetpack Stats integrate easily with WordPress, you can see how people are finding and interacting with your website and you can make changes based on this data to draw more visitors to your site (and to encourage more conversions). WordPress makes it easy to use keyword rich URLs, called “permalinks” that add archivable content to your site to give you a higher ranking in search engines. On top of all that, there are many plugins and methods to allow you to enhance your SEO through meta data and also to connect your site to social media to foster sharing and encourage visitors.

WordPress is well supported

WordPress is very popular – 53.8% of CMS based sites are built in WordPress (followed by Joomla at 9.2% and Drupal at 6.7%). Over 72 million sites around the world are built using WordPress, including this one. This includes popular companies like Mashable, The New York Times, UPS, CNN, and many more. 22 out of every 100 new domains created in the US are running WordPress. This popularity is not just in the US, as WordPress is has officially been translated into 40 different languages, with more being translated every day! All this love means that if you encounter any problems with your site, there are literally thousands upon thousands of qualified developers who can come to your aid, including us!

So, to recap, WordPress is awesome. We use it and so do a TON of other people. It is a sound technology choice for most websites – either theme based sites or custom designed sites – and there is a world of support available to WordPress website owners. You can use it for free, you can maintain your own site, and you can get up and running quickly. And if you need help getting startedfixing a problem, or making something beautiful, we can help. Feel free to reach out to us or sign up for a class.

(Statistics are from Yoast.)

Google changing smartphone search result rankings

Mm devicesGoogle announced yesterday that it has made changes to the rankings of smartphone search results. They will be looking as some common issues with “desktop” sites when visited on mobile. If your site fails or behaves irrelevantly or annoyingly on mobile, you are likely to be dinged.

They mentioned two very common mistakes and some suggestions on how to fix them:

Faulty Redirects

Some websites have a URL for someone looking at their site on a desktop and a separate URL for users on a smartphone (often called an m. or “em dot” site). When the desktop page redirects a person on a smartphone to a mobile (m. page) that does not exist, or that does not have the same content as the desktop page (like redirecting the user to the mobile home page), this can frustate the user. The solution to this would be to direct smartphone users to the equivalent mobile page, and if this page does not exist, show the desktop version.

Smartphone-only Errors

Sometimes content that works correctly on a desktop browser does not work the same way, or does not work at all on a mobile device. One of the most common examples of this is when content on your site requires Adobe Flash to work. If your site uses Flash, it will not work on any iPhone or any Android version 4.1 or higher.

Correcting these problems can mean the difference between your site being shown on page 1 of a mobile search result or being shown on page 4. If you’d like to make sure your site looks great on mobile devices, we can help! We also offer classes on improving your SEO and search engine rankings, where you will hear the tips and tricks to attracting more visitors and potential customers to your site. We will also soon be holding a “responsive design / development” class, so you can banish those m. sites forever in favor of having one site the works well on all devices. As ours does. 😀

WordPress sites under attack. Please read.

There is a very bad and very brutal attack happening right now to WordPress based websites. Please read about this here: http://arstechnica.com/security/2013/04/huge-attack-on-wordpress-sites-could-spawn-never-before-seen-super-botnet/

This is a very serious issue and it requires taking action to safeguard your WordPress sites. We highly recommend you take the steps below. Please consider ALL of the websites you have – some of you may have one WordPress site, and some may have many. These steps should be taken for all sites.
1 – Install and activate the “Limit Login Attempts” plugin. This will keep malicious bots from trying repeatedly to access your site by trying password after password.
  • Go to your dashboard
  • Go to plugins > add new > search for “limit login attempts”
  • install and activate this plugin
  • Go to settings > limit login attempts
  • Check the settings. Either leave the defaults or change as desired.
2 – Make sure your WordPress username is not “admin”. To do this, log in to your dashboard, go to users, and look through the usernames for the default username “admin”. If it is, this will need to be changed.
To change the username:
  • Go to your dashboard
  • Go to plugins > add new > search for “admin username changer”
  • Install and activate this plugin
  • Go to the left hand navigation of the dashboard. Toward the top, it should say “Admin username”. If you click on that, you can change the admin username to something other than “admin”.
  • Once you have changed the username, you can go back to plugins and deactivate this plugin as it is no longer needed. Please note you will use your new username in place of “admin” to log in.
3 – Make sure your passwords are STRONG, and change any weak WordPress passwords. Please do this for ALL of the users that contribute to your site.
  • Make the password at least eight characters long.
    A longer password means it’s harder for someone to guess. 12 or 16 characters is even better.
  • Use a mix of upper and lower-case letters.
    Passwords are case-sensitive, so alternate your caps occasionally throughout the password to increase its strength.
  • Throw in some numbers—especially in the middle.
    Numbers at the beginning or end of a password are easier to guess or crack than those stuck right in the middle.
3 – Consider signing up for Vaultpress
You can use http://vaultpress.com/ to safegaurd your site and allow you to restore your site easily if something happens to it. Adding it is pretty straightforward and their help is pretty helpful though there are sometimes delays. This is not free. There is a fee per site, per month. We believe this is worth the expense as rebuilding your site will be more costly and painful than setting this up and paying for it. If there are things in the setup you do not know the answers to, like your FTP username and password, contact your hosting company. Vaultpress requires that you have a wordpress.com username and password – this is different than your dashboard username and password – and you may need to set up a fresh wordpress.com account. That username and password will be important, so be sure to keep track of it.
4 – If you don’t set up VaultPress, at least back up your database (if you don’t already know this is happening). This is not as good as using a service like Vaultpress that backs up your whole site. This method just backs up the *content* and the settings, not the images and the look of the site.
  • Go to your dashboard
  • Go to plugins > add new > search for “wp-db-backup”
  • Install and activate this plugin
  • Go to tools > backup
  • Check all of the tables in the database and download a copy of the database to your hard drive so your site backs up now
  • Then, under “Scheduled Backup”, set the site up to email you a copy of your database at a set interval (depending on the frequency with which you change the content).

NOTE: The scheduled backups don’t work on all hosting and don’t work if your site is too huge, so after backing up to your hard drive and setting the schedule, you will want set a note in your calendar to see if the scheduled backups come in. If they do not, log back in periodically and download a backup of your own.

There is another plugin referenced in the article noted above called “Better WP Security” that requires more advanced setup. If you feel comfortable to install and configure it, you can, but it allows you to change very technical settings that could easily break your site. Do this with caution.