Takeaways from April 2020 Meetup: Get Answers on Your WordPress Project

For our April 2020 meetup, we held our first virtual meetup.

Here are a few notes and highlights from our April 13, 2020 meetup, hosted by co-organizers Randy Walker and Deborah Edwards-Onoro.

Continue reading “Takeaways from April 2020 Meetup: Get Answers on Your WordPress Project”

Advertisement

Takeaways from April 2018 WordPress Show and Tell

Cleo Parker

For our April 2018 meetup, three of our members spoke about a WordPress site they worked on (their own or a client site), discussing how they built the site, challenges they faced, and successes.

Thanks to Cleo Parker, Jill Myllyoja, and Jim Luke for sharing their insights and experiences with their sites. We had a lively discussion with questions and suggestions for our presenters.

It was a great meetup! Thanks to everyone who attended.

Here are some of the resources and links mentioned during the meetup:

• WordPress 4.9.5 Security and Maintenance version has been released, update if you have disabled automatic background updates
• Justified Gallery: free responsive WordPress gallery offering image grid and lightbox, built with native WP gallery code
• The Canvas theme is no longer being sold, support will end Oct 24, 2018. You’ll want to to transition to another theme. GeneratePress is a free, responsive, lightweight theme you may want to consider.
• Upcoming event: April 11, 2018, Future of Information with Amy Webb (unfortunately, registration is now closed)
• Upcoming event: April 17, 2018, West Metro Detroit WordPress Meetup presents 9 Tips to Help you Safely Change Your WordPress Theme
• Job opportunity: Digital Specialist at College for Creative Studies in Detroit, Michigan
• Job opportunity: Graphic Designer at Sasche Construction in Detroit, Michigan
• Job opportunity: Web Developer (part-time or freelance) at tekwerx in Birmingham, Michigan
• Metro Detroit WordPress members can use the promo code to save 55% off hosting through our sponsor A2 Hosting
• Premium Toolset plugin that Jill Myllyoja used on the beach volleyball site
• Free Toolset plugin, with limited functionality
• PressBooks: easily create print and ebook editions of your book
• H5P: free and open-source content collaboration framework based on JavaScript

Stop by the Meetup site to check out the great photos that Dave Rotter took during the meetup.

Shoutout to A2 Hosting and Grand Circus for sponsoring our meetup, we are grateful for your support!

Takeaways from Fixing a Hacked Site

At last month’s Metro Detroit WordPress meetup, Seth Alling presented on hacked sites, discussing the causes and what you can do to prevent your site from being hacked.

Members shared some of their own stories of hacks as well as useful resources. It was a great discussion at the end of the talk; thanks to Seth for his presentation!

And thanks to new member Christine Zheng, we have a recap of Seth’s presentation. Here are Christine’s notes:

Fixing a Hacked Site

Hack Types

There are three common hacks:

• WordPress plugin hack
• Malware hack
• Themes hack

There are many causes of hacked sites, including:

• Poor hosting
• Bad or poorly coded plugin
• Out of date software, which can be targeted by malware
• Improper file permissions

To find the cause:

Step 1: Use Shell commands

List file with improper file permissions
find .–perm 777

List php files modified within last day
find .-name”.php” –mtime 1 -print

List general-template.php files with base64
Find.-name “general-template.php” – exec grep –H”base64”{}\;

List general-template.php files with base64 in text file
find.-name “general-template.php” –exec grep-H”base64{}\;”>hacked.txt

Step 2: Establish Your Game Plan

Don’t just dive in, figure out the best solution. For example, if your host doesn’t provide shell access, contact your web host customer support.

Step 3: Remove Hack and Change Passwords

Find out what is really causing the problem.

Manually fix:

• Take full back up if possible, of all files and the database
• Delete unwanted corrupted files and replace hacked files
• Search through pages and/or database for additional corruptions and remove
• Change password of admin users(and possibly users with other role as well)
• Test, test, test
• Take full backup when complete

Use the Force Plugin Updates plugin when you reactivate plugins.

Fix in bulk:

• Manually remove hack on 1 site
• Write script to do what you need
• Run script on one single site
• Test, test, test
• Run script across multiple sites
• Example scripts from Seth you can use on a host with cPanel (you’ll need root access to your server)

Step 3: Increase Security

• Make sure everything is upgraded
• Make sure backups are working; run a test first to insure
• Have a security plugin
• Use a password manager, LastPass, Dashlane
• Send passwords/logins with Onetime Secret, or keep info in a notebook or offline
• Do not sent the passwords via email – but message
• Use Two-factor authentication (2FA), Clef, Duo, Google Authenticator
• Remove unused sites
• Check file permissions-don’t set it to 777 permission
• Use strong passwords
• Consider changing WordPress structure, because most hackers are trying to hack in bulk
• Depending on your time, or if all else fails, hire security company (such as, Sucuri Security)

Summary

Be prepared for hack. Consider using the iThemes Security plugin. Another option is to set up Cloudflare security.

You may want to consider not turning on all the features, IP login. Whitelist log in IP.
When you’re adding a new plugin to a site, validate the plugin. Read reviews and check star rankings.

Check out the slides from Seth’s presentation.

Thanks to Larisa for taking and sharing photos from the meetup.

Additional Resources

• From the WordPress Codex, Hardening WordPress
• How to Clean a Hacked WordPress Site using Wordfence
• WordPress Security: An Introduction to Hardening WordPress
• Locking Down WordPress
• 28 Ways to Secure WordPress Website
• Basic Layout of a Word Press Git Repository