How To

How to add secret keys to WordPress

There are a lot of things that we can do to ensure that our WordPress blog is more secure.     One of the things that we can do is on installation of our new blog generate secret keys and insert them in our wp_config.php file.      This only takes a matter of minutes but adds a little more protection to the basic installation of  WordPress making your password harder to crack.

This short video will take you through the  process of adding your secret keys to WordPress.



Secret key generator

WP Twin

Backup Buddy


Blogging Plugins

Lock it up and keep ’em out

No-one wants their blog to be hacked but sadly these things can happen.

A new plugin has just been released a new WordPress security plugin that has a ton of features:

  • Enforces strong password policies
  • Monitors login attempts
  • Blocks IP addresses on failed login attempts
  • Gives you control to manually unblock IP addresses if required
  • Allows  you to forcibly log out all users immediately and require that they all change their passwords before logging back in (useful if hacker is logged in)
  • Allows you to  forcibly log out idle users after a predetermined period

Enforces Strong Password Policies

  • Define which types of characters must be used in passwords (this is to force you and your users to have better security)
  • Define the minimum required password length
  • Define how long a password is valid before it must be changed (great if you are outsourcing/freelancing work on your blog)
  • Prevent users from reusing the same passwords repeatedly
  • Prevent users from choosing common passwords from a database of more than 3100 common passwords

Emergency Lock Down

Login Lock provides an emergency “panic button” that, when used, immediately logs out all users, resets all user passwords to a random value, and sends each user an email message informing them that they must change their password before logging back in to your site.

Download this wordpress security plugin from the WordPress repository.

There are more things that you can do to secure your blog (see WP Lockdown) for more information on that.

internet marketing

7 Tips For Using WordPress For Internet Marketing

I use WordPress for all my internet marketing projects.   I couldn’t live without it.    It’s an essential tool for me.    Like most internet marketers I  have a number of different things that I do like:

  • create my own products
  • niche sites
  • autoblogging
  • etc

Everything I do uses different plugins, themes and configurations so here’s my 7 tips based on what I do to help you use WP with your internet marketing endeavours.

1.   Make it Manageable

You need to be organised.   Organisation saves you time hunting around for stuff that you could be marketing instead.   If your organised it also makes it easier to replace yourself (when you are ready) by getting an outsourcer to do your job.

The way that I get organised is as follows:

For each type of site that I create like Niche Sites for example I have a folder with the themes that I use, the plugins that I use and a little note on any special instructions.

I used to use WP Manager DX to create a blog for the site and create a profile for that particular type of site.   So, if I was building Niche Sites I would use my niche profile that I created and hit the button and my theme and plugins would  all be uploaded and the new site created.

Since I started outsourcing a lot of work that I used to do myself I decided to make that process even easier.

Now what I do is for each type of site I create a WP MU site and use domain mapping to map each domain to the blog that is created.    The advantage for me in moving these sites to the WP MU set up is saving the server space for small blogs and making the process of creating a new site just adding the domain.    This means that the type that my outsourcer would have spent installing the site, configuring the plugins is now just mapping the domain to the site.    It also means that when there are new versions of  WordPress or plugins my outsourcer doesn’t need to log in to multiple sites to update the system.   This saves a lot of time in the long run which can be better spent on the marketing side of things.

2.   Choose the Right Theme

I recommend you buy a selection of premium themes to use.    Yes, I mean a selection.    A selection of themes makes it easy to choose a specific theme for a specific type of site that you are creating.    If you use the same theme on every site that you create you are potentially leaving a footprint behind for the search engines and your competitors to copy you.  Mix it up  a bit.

I recommend a premium theme because

a) they are more professional looking
b) more versatile
c) support
d) better design
e) no unnecessary link backs to third party sites which can leak link juice and sometimes be a security issue

If you are not ready to buy a premium theme then find a free theme that is versatile, clean looking and has a minimum of links to other websites.    Check the WordPress forums to see if users are experiencing any problems with the theme and make sure it works with the current version of WordPress.

3.  Blog Basics

When you create a new site it can be really tempting to just start posting and popping in all your affiliate products straight away.    Instead of doing that spend a few minutes:

  • removing the links in the Blog Roll,
  • removing the first post,
  • checking your navigation and
  • ensuring that you have the Privacy settings turned on for search engine love
  • setting your permalink structure

If you have set your username as “Admin” go and create another User with admin  privileges for yourself and delete the old one.   “Admin” really is too simple for hackers to guess 🙂

4.  Plugins

Go easy on the plugins.    Yes, they are great and I love them to death but seriously most people don’t need the amount of plugins that they have installed on their blog.     Some plugins load every time your page is loaded this causes a slow down on your blog which is not very search engine friendly.

I have a quick rule of thumb when using plugins.    If it is way too hard for me to do something without a plugin I’ll use a plugin.   If it is just a matter of me popping in some code, or clicking a button then I’ll do it manually and save the plugin for another day.    So many things you do not need a plugin for but people use plugins for them all the time; for example; changing page order, excluding pages, adding optin form, adding google analytics.

Remember, the more things that you add to the site the more things that need to be updated, checked for compatibility and more potential security risks there are.

5.   Lock Up Your Blog

If you have spent time on your blog the last thing that you want to happen is to be hacked.     One way of hackers to access your site is exploiting  a security issue with a plugin.     Prevent  people seeing what plugins you are running by uploading an index.html file to your wp-content/plugins folder.   Now, there are other ways of doing this by changing your ht access file which will also prevent people browsing your wp-content folder but they are a little more advanced than this so I’ll save it for another day.

The next thing that you can do is use the secret key generator in WordPress and paste your secret key into your wp-config file.   The wp-config file contains your username and password so you need to make sure that this is hard to access.   Find out how to create a secret key and change your wp-config file here.

Check your file permissions on your server.   Your Directories should be set to 755 and files should be set to 644.    Your wp-config file should be set at 644.    Some plugins may require different security settings in order to work.   Always check the read me file before using the plugin and be wary of changing the permissions beyond 755.

Choose a strong username and password.   Hackers can guess your blog  name or “admin” any day of the week.   Choose something hard to guess for hackers but memorable for you.

Use wordpress security plugins on your blog.    This is such a big topic and there are such a lot of excellent plugins available for WordPress users that I’m going to do a separate post just on this issue.

6.  Back Up Your Blog Regularly

There are a number of ways that you can back up your blog.    You can use Cpanel and run a cron job to regularly back up your blog,  you can use plugins to back up your blog or you can use software to do this task.     If you are a user of Amazon S3 you can even use a plugin to back up your blog and send the backup to your Amazon S3 account.      There is really no excuse not to back up your blog when you consider the amount of options that are freely available.

If you have a back up and you lose your blog it is a simple matter to quickly restore it and be back in business.    If you don’t have a backup then get out the tissues and the chocolate because you are going to need it!     Often your web host may be able to restore your blog but that is not guaranteed.    The best thing is to be charge of your business and regularly do this.

When you are creating your back ups do not delete them all at once.

Here’s why

If you have a number of blogs you might get a chance to visit them each day, each week or each month – I know I don’t!    So, if you haven’t visited your blog regularly to see if all is well and it has been  hacked, injected with a virus or whatnot you may not know when that happened.    So, if you restore your latest back up you may just be restoring bad news on your blog.    By saving your backups you can work backwards and find the back up that is the original site that needs to be restored.

7.   Stop Tweaking

I say this all the time,  I probably sound like a bit of a broken record but it bears saying again.      Too many people spend time fiddling with their website, moving widgets, changing the theme layout and never progressing because they are never ‘finished”.   Really, this is just tweaking your site and a great looking site is still never going to make you a cent if you don’t do any of that internet marketing stuff 🙂   So, stop tweaking and start marketing.     I have a rule of thumb on sites as well.    If I can’t get the tweaks that I want to make done within half an hour they don’t happen.    Simple.     I’m not going to spend a ton of time tweaking a site that may never make any money.      If it makes money then I may go back and give it a tweak.    Just as a little aside,  the site that brings me in the most affiliate cash  per month has about two paragraphs of text on it and an affiliate banner, no widgets, no sidebars, nothing.   It took me less than 5 minutes to knock up as well.

WordPress News

Secure Your WordPress Blog

A lot of people are concerned about security for their WordPress blog with good reason.    A lot of effort and time as well as money can go into the creation of your website. 

Imagine how you would feel if you woke up one day and found that your site had been hacked?

Well, it’s not all doom and gloom there are things that YOU can do right now to improve the security of your WordPress site.

I don’t profess to be a WordPress security expert (although I do know a few things 🙂 ) so I interviewed a WordPress security expert,  Mark Edwards from WP Security  and picked his brains for over an hour and a half.    

You can listen to that interview by using the audio player



If you prefer, you can download the mp3 file

[S3FILE file=’wpqpubvids09/wpsecurity.mp3′]


Or, download the wav file (this is better quality)

[S3FILE file=’wpqpubvids09/wpsecurity.wav’]


I know some of you detest listening to stuff and would prefer to just scan through things so I’ve typed up a transcript of the audio as well.    Now, I will be honest I’m not a typist so there are probably typos and bits missed out.

[S3FILE file=’wpqpubvids09/transcript.pdf’]


I hope you enjoy the interview and you take action today to improve the security of your WordPress site.


All the best