Email Address Encoder – a proper protection

Hello friends,

In this post I will present to you one very handy plugin that will help you protect your email addresses and mailto links from web-harvesting robots. This plugin is called Email Address Encoder.

Email Address Encoder - WordPress Plugin

What does Email Address Encoder do?

It will simply encode all of your publicly provided email addresses and mailto links into decimal and hexadecimal entities. Thus they will not be available for any nasty bots that will try to harvest them and provide them to spammers.

If you don’t have such a protection there is a risk of getting your email addresses added to email lists that can be used for several purposes. For example you may get spammed with all kinds of unwanted emails if the email list was sold to a various number of clients.

What is worse is that you can start receiving phishing messages or even messages containing all sorts of viruses. And as you know the crypto viruses are a “fad” amongst hackers nowadays. And they can be quite nasty as sometimes all of your precious data can be lost for good.

Will Email Address Encoder save me from spam permanently?

The answer to this question can be yes, but only if your email addresses and mailto links can be harvested from your website only.

And when the answer is no? Well if this information is present on another non-protected website or if someone who knows your email addresses decides to provide them to spammers.

So you have to be realistic about spam protection – if someone truly intends to spam you, there is a little chance to prevent this. However you can fight spam with a solid email anti-spam protection.

And as for Email Address Encoder – this wonderful plugin can be useful from preventing bots from getting closer to you addresses. And that is just another layer of anti-spam protection.

How does Email Address Encoder work?

By hooking into the WordPress filters and by searching for @ signs. In case such a sign is detected, the plugin will try to determine if this is an email address or a mailto link that is in plain text. If this is the case then the encoding operation begins and the email address will be protected from harvesting.

The developers of the plugin claim that the functionality provided by Email Address Encoder is faster than the built-in WordPress antispam function. Also in this case you get additional hexadecimal entities as an extra protection.

How to check if my email address is protected?

By simply viewing the source of the page where you are sure that the email address is provided. Try searching for it in plain text. If you don’t find it – you are protected!

How to achieve this protection?

By simply downloading, installing and activating Email Address Encoder. No additional settings are needed. But in case you are an experienced user and you want to filter specific parts of your website, then you can have a look at the tab: “How can I filter other parts of my site?” at the WordPress.org page of the plugin.

So there you have it, friends!

What do you think of Email Address Encoder? Will you give it a try? Share your thoughts in the comment section below. See you soon, friends!

Protect your WordPress images with Image Watermark

Hello friends,

Do you want to protect your uploaded images from theft? There are several ways to do this however one of the most popular ones is to add a watermark to them. This will not prohibit your visitors of downloading them, however the chances to use them on other websites will be highly reduced. The reason for this is because they will be popularizing your website by presenting your watermark and their visitors will know that the image is not genuine. So in other words they will have to be making free advertising for your own WordPress website on one hand and on the other – they will be confessing that they are using stolen images.

So in this post I will be presenting the plugin Image Watermark and its ability to protect your WordPress images.

What exactly is a watermark?

This is some text or image (or both) that is placed on another image. The idea is that the watermark will not prevent the users from seeing the content of the image it protects but it will make it almost impossible to steal it and modify it. The typical watermark is with reduced opacity or almost completely translucent. It is placed either in the center of the image and thus covering almost all of it or is situated in some of the image’s corners.

Another type of watermark is a non-translucent image which replaces some of the protected image’s content and is usually placed in the corners.

Bear in mind that the corner placement of the watermarks reduces the protection as the image can simply be cropped and it will no longer have a watermark. However this type of watermark protection ensures that your visitors will get a good-looking picture. So it’s up to you to decide.

How to use Image Watermark?

Download, install and activate the plugin. Then head to Settings in your WordPress admin panel. There you will get a new menu called Watermark. In it you have to adjust a few settings:

After you adjust these settings you have to save them.

Now you have to upload a new image to your WordPress media library. It will be protected with a watermark automatically! As for your previously uploaded images – simply head to the media library and manually apply the watermark to them.

Simple as that!

So what do you think, friends? Will you use Image Watermark for your WordPress websites? Share your thoughts in the comment section below.

See you soon, friends!

*The image above is embedded from the WordPress.org page of the plugin.

Where to find pre-installed virtual machines for local WordPress testing under Virtualbox?

Hello friends,

If you remember our post about virtual machines running under Virtualbox then you are probably wondering if it is possible to find pre-installed solutions that you can import and start using for local WordPress tests.

The great news is that this is possible. In this post I will show you where you can find pre-installed virtual machines for local WordPress testing under Virtualbox.

If such solutions exist, should I use them instead of configuring an Ubuntu (or other) server under Virtualbox by myself?

In terms of local testing – yes. But if you are aiming to use them for other purposes, I’d advise to either start installing or configuring the server by yourself or at least to check the configuration of the pre-installed solution and improve it if necessary. For production servers, based on virtual machines, I’d advise to seek for assistance from an experienced system administrator. Let’s not forget to mention that there are far more advanced solutions than Virtualbox for this purpose (for example Open Stack).

The reason that I am giving you this advice is because the pre-installed solutions are meant to save you time and effort. This may be enough for local testing in most cases, however for other purposes these virtual machines might lack in security. Also even for local WordPress testing you may need to configure them additionally in order to make all of your plugins function correctly.

OK, where can I find these pre-installed virtual machines?

Some of the machines contain only a Linux distribution without any additional configuration. These machines are meant to remove the need to make a new installation and basic configuration. Once you download them and import them in Virtualbox you can install and configure LAMP so that you can run WordPress locally.

Such machines can be found from OSBoxes (click to visit). There you can find images for both Virtualbox and VMware. Select the distribution that you desire to use and then follow the instructions provided on the website. You will find out the username and the password that were created for the virtual machine.

Here is what you need to do in order to use the machine: Add a new virtual machine in Virtualbox. Select the appropriate distribution and then follow the wizard until you reach the section that asks you to either create a new virtual disk or to use an existing one. Simply point the VDI or VMDK file that you have downloaded from OSBoxes and complete the virtual machine configuration. Once you run it you will get a pre-installed Linux with graphical interface. For additional configurations you need to update the distribution and also install VirtualBox Guest Add-Ons. Then you need to install and configure LAMP.

Other solutions provide LAMP Stack in a pre-installed virtual machine. Once you import/add them in Virtualbox you need to follow additional steps and apply a few settings and then you will be able to configure your databases and run WordPress locally. Turnkey Linux provides such machine. You can download it from here.

Finally there are solutions that even contain WordPress within them and you can start adjusting the sample local site right away. Turnkey Linux has such a machine which can be downloaded from here.

Another option is to use a Bitnami virtual machine. You can grab one from here.

From this website you can download another pre-installed WordPress virtual machine.

So there you have it friends. Will you use pre-installed virtual machines or will you try to configure your own one? Share any thoughts on this topic in the comment section below. If you have any questions – we will be happy to assist you.

See you soon, friends!

How to secure WordPress content with passwords [Tutorial]

Hello friends,

In this tutorial I will show you how to secure any part of your WordPress content with passwords.

Before we begin, let’s take a moment to discuss why you would want to password protect your content in the first place.

In most cases this is not needed. In fact if you are aiming at generating high traffic to your WordPress website you’d want to have as much content as possible. You’d also want to have fresh content each week and most importantly you’d want your content to be accessible by users and bots.

However in some cases it is worth having some or all of the content hidden from the bots and the public. Here are some example situations:

How to secure WordPress content with passwords?

Option 1: The integrated password protection for WordPress:

This method will work on self-hosted sites as well as on wordpress.com blogs. Simply create a new post or a page. Then click on the “Edit” link next to Visibility and choose the  “Password protected” radio button. Then type your password and you are done! Bear in mind that additional steps are required to hide the password protected content entirely – i.e. from Homepage and Archives. Here is a guide on how to achieve this: Click here.

Add password protection to any WordPress post or page

Option 2: Secure only a portion of the content with passwords:

This method requires a plugin and this means that only self-hosted websites can benefit from it.

Begin by downloading, installing and activating the WordPress plugin Content Protector.

After you do this you will get a new section in your dashboard from where you can enter the plugin’s settings. You may add a message that informs users that part of the content is secured using a password. You may set the password and adjust various other settings as well.

Here are some of the Content Protector capabilities:

Next add shortcodes around the part of the content that you want to be secured using a password and publish it. You may also use the TinyMCE dialog menu in order to add shortcodes without making a mistake.

Option 3: Hide all content completely from non-registered users:

This can be achieved for self-hosted sites only. You need a plugin like WP Maintenance Mode. However I personally do not recommend this option. Use it only for maintenance modes only.

So what do you think, friends? Share any thoughts and questions in the comment form below.

See you soon!

Fight SPAM in WordPress with Antispam Bee

Hello friends,

Do you want to have spammy WordPress websites? No? I thought so! So the main question now is how to fight SPAM correctly? There are various ways of doing this. In this post I have chosen to review one of the popular plugins for that purpose.

Presenting Antispam Bee

Antispam Bee may be just the tool that will help you to fight SPAM for your WordPress website.

What is the risk of getting SPAM hits for WordPress?

From moderate to high (at least in my opinion). A non-protected WordPress website is a potential target for comment SPAM and trackback SPAM. That is why it is always a good idea to have a tool that can deal with these hits.

How does Antispam Bee help me fight SPAM for my WordPress website?

This wonderful plugin will be able to deal with the average SPAM – comments and trackbacks. Antispam Bee does this without the need to have captchas. Also this plugin is ad-free and also completely free of charge to use. What is more important is that it complies with the European data privacy standards. So you can be confident that you are getting a great solution that will aid you in your battle with SPAM. And it will do this effectively.

How to use Antispam Bee?

Download and install the plugin. Then activate it. After this you can adjust some settings in the WordPress admin panel.

What are the features of Antispam Bee?

This plugin can help with comment approval and if you have approved a comment for any commenter then they are listed as trusted. Also if your commenter has a Gravatar then they are also trusted.

Antispam Bee takes comment time into consideration. Therefore if too many comments are posted within a short amount of time then this is a sign for SPAM.

Having trouble with SPAM comments from various languages? Don’t worry anymore! Antispam Bee can be set to monitor for comments in certain language only. This ensures that only comments from your target audience can appear on your WordPress website. Speaking of this – the plugin can block or allow comments based on their geographical location. This means that you can choose which countries are considered as accepted and only comments from them will be shown.

Antispam Bee can treat BBCode as spam. This plugin can also validate the IP from which a comment is posted and block it in case of suspicion. Antispam Bee also uses regular expressions and can search in a local SPAM database for comments that have been previously marked as spammy. This can be matched against a public database as well in order to ensure protection.

Want to know if you are getting SPAM hits? Antispam Bee can notify you and your other admins by email. Want to delete SPAM comments after a couple of days automatically? Antispam Bee can be instructed to do this in your desired amount of days. You can also limit approval for only comments and pings. But beware that this instructs Antispam Bee to delete any other comment types automatically.

This plugin also selects SPAM indicators that will help it determine a comment as SPAM and delete it directly. You can set Antispam Bee for some optional features as well. For example you may want to exclude trackbacks and pingbacks from potential SPAM detection and you can also check comments on your archive pages (if you have enabled them).

Last but not least – Antispam Bee can provide detailed statistics in your WordPress dashboard.

What else do I need to know about using Antispam Bee?

This plugin may not be compatible with other comment solutions besides the default WordPress comment system.

Another important feature is that Antispam Bee does not contain any paid services or limitations.

For other information and questions please make sure that you have read the FAQ section of the WordPress.org page of the plugin.

So what do you think friends? Will you use Antispam Bee for your website? Share any thoughts and questions in the comment section below and spread the word about this post in social media.

Thank you and see you soon!

Really Simple SSL – the proper way to secure WordPress

Hello friends,

Nowadays SSL encryption is really important. The Shared Sockets Layer allows each connection between a website and a browser to remain private and integral. Thus the risk of having personal data stolen is highly reduced.

As you can see encryption is something that you need to consider in order to improve the user experience and security.

In this post I will present to you the plugin Really Simple SSL which is the proper way to secure WordPress with SSL.

Really Simple SSL - WordPress plugin

When will you need SSL for WordPress?

In most cases the answer will be – when using WordPress in order to create and maintain an e-commerce website. However I personally find this answer too limiting. That is why in my opinion a SSL encryption is needed each time user data is submitted to a website. For example a simple email contact form may allow the leaking of email addresses and other personal data if a hacker tries to mess with the insecure connection.

So I will try to answer the opposite question – when a SSL connection won’t be needed. And the answer is – for any website that does not require user data submission in any form.

And I’d like to have your attention on one very important fact – web browsers are favoring websites with SSL connection more and more. The same applies for search engines as well. For example Firefox 52 is the first release that warns users for insecure HTTP pages with login forms. And if a user is not trusting a website enough then this warning might result in leaving the website for good. So if you are aiming at creating a website with many registered users, you’d better consider securing it with a SSL certificate in order to attract new users and keep the current ones.

But SSL certificates are not cheap? What are my alternatives?

Let’s encrypt! This is an open-source solution that provides free certificates. Most reliable hosting companies are already providing this method of obtaining SSL certificate. With just a couple of clicks in your cPanel you will be able to install, remove and even renew your Let’s encrypt certificates.

If you are not sure whether your hosting company supports this method, simply ask them.

Of course there might be some situations in which a paid SSL certificate will be more suitable than Let’s encrypt. However for most WordPress websites this is the ideal way.

OK I have my certificate installed. How to enable it in WordPress?

With Really Simple SSL, of course! In order to achieve this you will need to download and install this plugin. Again you may prefer using WordPress.org or the plugin installer system in your dashboard. Once it is installed simply activate it. Then the plugin will ask you to enable SSL and with just one click the connection to your website is secured. Simple as that!

Of course Really Simple SSL will warn you that you need to configure Google Analytics to use https instead of http.

You can fix this by going to your account and select the website Property and under Property settings to select https. The same needs to be done for your View under View Settings.

The next step is to create a new property in Search Console for the https version of your website (don’t forget to re-submit your sitemaps). Integrate it with Google Analytics (under Property Settings). Last but not least – edit your robots.txt file and add https instead of http for the url of you sitemap (if you provide such information there, of course).

With this you are done and you can relax! But just remember that any embedded content from non-https websites will not be shown anymore on your own. This is a security measure from the modern browsers. So consider uploading this content to your own website (if applicable) in order to make it visible on the respective pages. Otherwise simply remove it.

What if I need more features from a solution like Really Simple SSL?

Then you should consider purchasing the pro version of this wonderful WordPress plugin. Find out more on the official WordPress.org page of Really Simple SSL.

So what do you think, friends? Will you give this plugin a try? Share any thoughts and questions in the comment form below. Don’t forget to share this post in social media as well.

See you soon!

Loginizer [Review]

Hello friends,

You may have noticed that WordPress security is an important topic here on TheCMSPlace. And this is not just something that we like to write about – it is really important. Why? Well because you may spend hours, days, weeks and even years maintaining your website and filling it with high quality content and one day you may find it destroyed due to a hack. And this is something that should not happen. That is why WordPress security should be a high-priority topic for any user and webmaster and you should always make backups.

In this post I am going to make a review on one plugin that helps improve the login security of WordPress. It is called Loginizer.

What does Loginizer do?

It protects against bruteforce attacks. They are aimed at trying different combinations of passwords until they figure out a correct combination and therefore provide the hacker (who launched them) access to your website. Now you may imagine what might happen if your admin account is revealed.

So in order to prevent this from happening you need to take care of some things – first of all don’t use “admin” as a username for any admin account on your website. Second – use as complex passwords as possible. Third – add a protection like Loginizer.

How does Loginizer work?

By providing login attempts limitation for any IP. This means that if a bruteforce attack is launched from one IP the hacker may be able to guess your passwords only several times. Then this IP is blocked. You can also select IP addresses that you consider dangerous and add them to a blacklist using Loginizer. This means that any potential attack from them won’t even start since the access will be blocked in advance.

What about any IP addresses that are considered safe? You can whitelist them and Loginizer won’t be a problem. Make sure that your own IP is added to this list so that you can make sure that you will get access anytime you want to your own website.

That’s great! How to use Loginizer?

Begin by visiting the official WordPress.org page of the plugin. From there you can download it and the install it on your own website manually or you may search for Loginizer using the built-in WordPress plugin installer in your dashboard (admin section).

Then activate it and you will receive a new menu called Loginizer Security. It contains two sub-menus:

In the first sub-menu you may want to check the section where your File Permissions are displayed. Make sure that your permission scheme matches the suggested one by Loginizer. Check carefully your system information as well.

In the Brute Force sub-menu you have to adjust some settings:

Here you have to add your Blacklist and Whitelist IP addresses. You may also add ranges.

At the top of the Brute Force sub-menu you will see any failed login attempts in the past 24 hours. The information provided is the number of the attempt, the IP it came from, the date and hour of the attempt, count and lockout counts for this attempt.

You may also remove information from these logs or clear them at all.

Loginizer is great! How can improve my protection further?

You have 2 options:

And that’s all friends! What do you think about Loginizer? Share any thoughts, feedback, questions or problems in the comment section below. Don’t forget to spread the word about this post in social media as well. By doing this you will help other users like you to improve the security of their WordPress websites.

See you soon, friends!

Captcha by BestWebSoft

Hello friends,

Improving the security of your WordPress website is important. One way to achieve this is to avoid any potential spam content that may appear on it. For this purpose you need a solution that will just do its job as intended. A plugin that will protect any form on your website from spam entries.

Such solution exists! It is called Captcha by BestWebSoft and in this post I will present it to you.

What is Captcha by BestWebSoft?

This is a WordPress security plugin that uses math logic in order to prevent spammers to fill your website with spammy content. Each entry has to pass the captcha verification in order to appear on it.

Captcha by BestWebSoft also helps you for improving the security of any login & registration forms. But that’s not all! This marvelous plugin can also help you fight spam when it comes to password recovery and it can also be used in cooperation with some of the known contact form solutions that exist for WordPress.

How does Captcha by BestWebSoft work?

Well, it’s actually quite simple. When the plugin is installed and activated it starts showing up on your website (on your forms more specifically). Then when a user wants to add an entry they have to solve a math equation. If the result is correct, the content is approved for the specific form. If not – the spam is blocked and your website is protected. Simple, right?

How to use Captcha by BestWebSoft?

Begin by following the standard procedure of installing and activating a WordPress plugin. Do this by using the built-in installer (search for the plugin there) or download it from the official WordPress.org website. Then make sure that the plugin is installed and activate it.

Finally you need to head to BWS Panel -> Captcha. You can find this in your WordPress admin panel. Click on this menu and you will be presented with the available options for Captcha by BestWebSoft. Bear in mind that all of the steps that we will be looking at right now are related to the free version of the plugin. I will mention the benefits of upgrading to PRO later in this post.

Now when you are on the settings page you should be seeing 4 tabs. The first one is Settings and here you have different sub-menus that are related to different settings. Let’s start with the General Options. Here you are able to configure the math equation settings. Here you are also able to adjust the captcha position and create the error messages that will appear if the solution is wrong. On this sub-tab you are able to adjust some other important options as well.

Next is the options for the WordPress Login form and the Registration form. These two sub-tabs are similar in design and both can be extended using the PRO version.

Then you have the WordPress Password Reset form. It is also similar to the two ones above. There is a little difference for the options related to the Comments form (the next sub-tab). You are actually able to hide any captcha’s from the registered users if you consider them trustworthy.

The next sub-tab is related to the Contact Form from the same developer team. If you install and activate it you will be able to adjust some options so that you could benefit from both plugins.

Below you have several sub-tabs that are locked in the FREE version. So before heading to the next available tab you should click on “Save Changes”.

Next is Packages but it is also locked in the FREE version. So head to the Whitelist tab in order to add a list of IP addresses that will prevent the captcha to be shown when visiting the site from them. Please, consider adding only IP addresses that you are 100% sure that are safe.

The next tab is called Custom code and here you can do what its name suggest – custom CSS and PHP code. This is a section for advanced users only so I suggest using it only if you know exactly what you want to achieve by doing so.

So this is all that you get from the free version of Captcha by BestWebSoft. It should be more than enough for most of the websites but just in case you want to get the real power of this wonderful plugin you can click on the blue button named “Go PRO” and upgrade.

In the PRO version of Captcha by BestWebSoft you will get:

And that’s it friends. Now it’s up to you. Please share any questions and feedback in the comment section below and if you like Captcha by BestWebSoft consider giving it a higher rating on WordPress.org.

In the mean time you can also watch these two great videos:

The first one presents Captcha by BestWebSoft in a brief way so that you can see what you are going to get:

The second is about the installation process of the plugin:

See you soon friends and don’t forget to share this post is social media as well.

Wordfence Security – the proper way to defend WordPress

Hello friends,

WordPress is great – there is no doubt about that. It is open source and there are many developers that are spending hours in order to make it even better. WordPress is free as in freedom and it also is used by a great amount of users worldwide.

However all of these are also its weakness. A lot of people are also trying to hack every WordPress installation that exists. There are different types of attacks and each of them may either bring your website down or cause it to act unusual or both.

In either way this is not a pleasant situation. That is why you need a great solution that will ensure that you have the proper protection for your WordPress website. Such solution is Wordfence Security and in this post I will present it to you.

Behold – the most downloaded WordPress security plugin with over 2 thousand 5 star reviews and more than 1 million installations currently active. This is Wordfence!

This plugin is extremely comprehensive. It combines all of the needed components that deliver stable protection for your website. You get a firewall, malware scanner, options to block, monitor live traffic, great security options for your logins and so on.

Wordfence Security is able to detect different threats because it is powered by the Threat Defense Feed which is constantly updated. Because of that you will be able to prevent your website from getting hacked by utilizing the web application firewall. Also each scan is able to notify you on time when WordPress is about to be compromised. The live traffic option that Wordfence Security provides will allow you to get real-time information about the traffic that comes to your website as well as any hack attempts that may exist.

And since we are really speaking of complete protection, you have to know that there are many other tools that are created for this plugin so that it will protect your WordPress website with all of its power.

Do you want to know what is best about Wordfence Security? It is 100% free and it is also an open source product. And if you are in need of even better security options you can always rely on the premium API key that you can purchase in order to get them. This can be extremely useful if your corporate website is running on WordPress and you need to make sure that everything is 100% safe (or at least almost 100%).

Wordfence Security is also extremely well documented. You will be able to read the official documentation on docs.wordfence.com. If you want to find out more about this awesome plugin, you can always check the support portal of Wordfence Security. You can reach it on this link: support.wordfence.com. What is also great about this plugin is that it has a large community on WordPress.org. You can use the forums there in order to discuss different issues or to get more information. On the support portal you will be able to receive premium support as well. There is a special ticket system created for all premium users.

Let’s summarize what you will get by just installing and activating Wordfence Security:

How to use Wordfence Security?

Use the WordPress plugin installer or download it from WordPress.org. Then activate it and adjust its settings. Then you are good to go.

I want to learn more about Wordfence Security?

Visit the links, provided in this post. Additionally you may want to check this wonderful video:

That’s it friends! What do you think about Wordfence Security? Have you tried it or will you do this now? Share any questions, thoughts and other feedback in the comment section below.

See you soon, friends!