JTPratt Media Blog

Most website owners don’t have a disaster recovery plan in place at all. Most people think about “what could happen” until it happens. Have you ever heard the phrase “you don’t know what you’ve got ’til it’s gone?” Plan ahead – before it’s too late

When you’ve worked in both corporations and small businesses for extended periods of time – you get to see how both sides get things done. A small business owner doesn’t need to ask permission to do something – they just get it done. A corporation has slower wheels of progress, as things must be approved at all levels. Then again a small business owner that wears many hats only has time (and expertise) for so many things. A corporation (that is ISO certified) must have certain processes and procedures in place, with the right expertise assigned to them. Corporations that are ISO certified in various areas usually must have a “disaster recovery plan” in place, that is tested at best annually.

The bulk of webiste owners online are small to medium sized business owners. Most of them get some type of leads of sales from their websites, and have invested extensive time and money into them over time. If the website was completely lost tomorrow, they would lose time and money putting it back together – not to mention the sale and revenue lost.

As a website owner, here are some things you should know about disaster recovery:

Webhosts:

• Webhosting companies (even those that have backup) are not responsible for your data (read their terms and conditions
• Most webhosts with backups only keep the 1 revision of the data
• Most webhosts charge a fee to process a backu or restoration request
• Most webhosts keep backups at the same facility as the server (sometimes the same server)
• In the last several years multiple webhosts have lost thousands of websites data through failed hardware or other mishaps
• Never pay for extended terms on a webhost (annually, etc.), becase you should be “ready to move” at all times (just in case)

Backups

• Never rely on a webhost to backup your data
• Always have an “offsite backup” that can be used to restore your site on ANY webhost in case yours goes down, out of business, or has a DOS attack, etc.
• Use a service, plugin, or application that saves “versioned” backup and save 7-30 days worth of versions so you can move back to any point in time
• Restore your website in a test area to make sure your disaster recovery plan actually works
• Have a trusted WordPress developer you can call if you run into problems

About WordPress and Disaster Recovery

Most of our clients use WordPress to manage their websites (some don’t). One thing we always tell them is:

“WordPress is software. Software needs to be maintained just like Windows on a computer.”

WordPress has 3 areas that need updates on a regular basis:

1. WordPress itself
2. Themes
3. Plugins

WordPress, themes, and plugins are written by different developers. As updates come up – conflicts can arise, and things can (and do) break. If you don’t update you can leave security holes open (and hackers can exploit them and break in).

So for our WordPress clients, we also say to them that in addition to a disaster recovery plan, you need a separate (staging) area to upgrade and install (and test) upgrades and updates before putting them live. This is a very good way to routinely check and test that your disaster recover plan for your website is working.

If you need help with your website backup and disaster recovery plan, please view our WordPress security page for detailed information.

JTPratt Media is proud to announce the relase of Widget Logic Visual 1.4 in the official WordPress.org plugin repository today. We coded this plugin and entered it in the repository for Total Bounty Marketplace.

We’ve had the idea for this plugin for a very long time, and it was great to see Total Bounty sponsor development for it. The original widget logic plugin has been around a few years now, and once installed it supplies an input box at the bottom of every widget you have. Once you add PHP code for WP template conditional tags for each widget, you can restrict what pages or sections of your website the widget appears on for visitors. That plugin worked great – but if you weren’t a WordPress coder (or technical), just exactly how to make it work right could be outright confusing.

Widget Logic Visual works on the same concept – except you don’t need to know any coding at all – you just point and click where you want the widget to appear, simple as that. Now anyone with any level of WP experience can make widgets appear wherever they want without having to code their WordPress theme or hire a developer.

You can set as many or few rules as you’d like (for each widget). For instance, you could show a widget on just a single page, or on all pages. You could show on just one category or all categories. You can even add “exception” rules – like show on all pages “except” the homepage, etc.

Here’s a short video on how the plugin works:

Looking for WordPress development or coding work? Need a custom WordPress plugin created or customized? Just fill out the form in the footer with some basic details, and we’ll get back to you as soon as possible.

If you have a WordPress powered website with user signup or registration (for comments or a community) then those visitors will receive a welcome email (on signup). The email is 3 lines of text with only the username, password, and wp-login.php URL.

Nearly every website owner would like to have additional information in that signup email, and some would like to have a different (or no) login URL, because they have a login box exposed on the front end.

The trouble with this situation is, if you figure out how and where to make these changes in WordPress – you have to make them in WP core files. This means that (if you manage to make the changes) in the future when you upgrade WordPress (and it’s core files) your changes will be overwritten and you’ll have to make them again (and again, and again). It’s never a good practice to edit WordPress core files.

Enter the SB Welcome Email Editor plugin. This plugin provides several features where you can:

• change the admin welcome email notification
• change the user welcome email notification
• you can send email ‘reminders’ to users using a template
• you can edit the email subject
• you can edit the email body
• you can edit the email ‘from’ address
• you can edit the email ‘reply to’ address
• you can send email as HTML or plain text
• you can add additional email headers

One of the main problems with WordPress and forms and sending outgoing email is that many webhosts, ISP’s, email providers all filter out incoming email without valid from or reply to field. Some webhosts (depending on how email is setup) will take your outgoing emails and make the reply to or from email “wordpress@domain.com” instead of the admin usersname (causing the email to go into spam folders for many people). In some cases spam filters will eat the email before it’s even received.

So with this plugin you have the ability to not only make your signup notification more user friendly – but also to ensure that more people receive it.

How to Send WordPress email via SMTP

Another consideration is changing the way that outgoing WordPress emails are sent. By default WordPress sends email out using PHP which (on Linux servers) goes out using “sendmail”. This is hosting server based outgoing email (not email server). Sending emails out this way is not always without it’s own issues, and a safer way to send out email (again ensuring that more people will receive it and it won’t be marked as “spam”) is to make WordPress outgoing emails use an actual email server and “SMTP”. You can even set it up to use SSL or TSL (secure) email ports and or / Gmail to send.

Here are two great current and updated plugins you can use to do that:

Configure SMTP

WP Mail SMTP

JTPratt Media does WordPress consulting, maintenance, and development, visit our services page for more information.

With more than 55 million WordPress powered websites online now, there are plenty of reasons people would want to import content from other website CMS (content management systems). The question for most people is – how do you do it?

Luckily enough there are all kinds of WordPress import tools and plugins online, many of which are freely available in the repository. We always search the WordPress repository first when looking for any solution since “there’s almost always somebody that had that problem before you”.

Here’s some plugins that might help you import content from other types of websites for migration WordPress:

Need to move your Tumblog from Tumblr to WordPress? Try the Tumblr Export for WordPress.

You might also like to try Tumblr Importer, written by Ott42 (core submitter to WordPress).

If you were using Posterous for your blog or website, you could use the

If you’re been using the Mambo CMS for your website, you could import the content to WordPress using the Mambo Importer plugin.

You could also try the Joomla / Mambo to WordPress Migrator:

Joomla Mambo WordPress migration import

If you’re using the older Joomla 1.5 version there’s always the Joomla 1.5 Importer.

Another (smaller) CMS that used for website management is “e107″, and there’s even a e107 to WordPress Importer.

Maybe you just have static website content, and no idea how to get that imported into WordPress. That’s fairly simple work with the HTML Import 2 Plugin:

If you’re using the Typo3 CMS system, you could use the Typo3 to WordPress importer.

For users that have a Movable Type webiste, you can use the Movable Type Backup Importer to get your content inside WordPress.

Maybe it’s images you need to import inside WordPress, and in that case you could use the Gallery2 Importer

There are other types of importers available too, such as the Delicious XML importer – which could be used to import all of your delicious bookmarks.

Also, if all you want to do is move a WordPress website from one location, server, domain, or sub-domain to another – consider using the XCloner backup and restoer plugin.

If you need help moving, migrating, backing up, or importing content into your WordPress website, please consider our Web Development Services.

How much is your website worth? $500? $5,000? $25,000? The real question is how much would your business be losing if your website was down?

When your website is down – you are losing money in potential sales and leads. Do you have a WordPress expert maintaining your website?

WordPress is the most popular website management tool in the world, running more than 75 million websites across the globe. WordPress is also software that needs to be maintained on a regular basis, and when you let regular updates pass you by – you’re exposing your business website to serious risk.

Can I do My Own WordPress Maintenance?

Even though this is a bit of a loaded question – the answer is yes, you can. It’s like asking, “Can I work on my own car?” Sure, you can – but do you have the time, money, and expertise to do so?

You can perform your own WordPress core updates, plugin updates, and theme updates (when available). The risk you take is – if something goes wrong, can you fix it? If you can’t, can your website be down for a period of time until you can get someone to fix it?

The answer for most people is, if you’re using your WordPress powered website for business, then (in most cases) you don’t have the time or expertise in house to maintain your own website.

What is a WordPress Maintenance Package?

When you hire someone to perform regular WordPress maintenance on your website you need someone who can update and upgrade themes, plugins, and core WordPress files on a regular basis. Best case scenario would be a competent WordPress developer to can fix conflicts or issues as they arise, as well as harden security, setup routine offsite backups, and a disaster recovery plan for your business website.

We perform routine maintenance on WordPress website for small businesses and corporations – from 1-100 websites which can include (but are not limited to):

-WordPress updates
-plugin and theme upgrades
-design updates
-adding additional functionality
-installing and configuring new plugin
-on-site SEO maintenance
-backup configuration and setup
-WordPress security and hardening
-spam protection
-database optimization
-caching and CDN solutions
-development and staging server setup
-landing page setup
-contact form setup
-mobile site setup for iOS, iphone, ipad, cell phones, Android
-multi-language or multilingual page / post setup
-google analytics, google webmaster tools, bing webmaster tools setup
-analytics and stats
-uptime monitoring and alerts
-custom post type setup
-custom theme template pages

Prices start from $49

For more details on how we can help you, please ask for a quote by filling out the inquiry form on our web development page.

If you have a WordPress powered website, then security should be of utmost importance. WordPress now powers more than 50 million websites, making it a target the same way hackers target Windows computers. You know you’re “mainstream” once you start becoming a (worthwhile) target. You can see that from the second announcement this year that thousands of WordPress websites were hacked.

I Own a WordPress Website, What Should I Do?

1. Stay Up to Date: The first thing you should do is always make sure that all your plugins are theme files are up to date. WordPress is software that needs to be maintained, the same as a computer. It if’s out of date – it’s vulnerable and hackers can get in. If you have a shared hosting account with multiple websites and hackers break into one, they can infect them all.

2. Use Common Sense with Passwords and Logins: Time and time again we find clients that have the same password on their website as every other account they own (Facebook, Twitter, Banking, etc.). Use a Strong Password that you can’t remember and change it every month – and make if different than all other accounts you have. Use an admin account with a unique login name (that isn’t ‘admin’).

3. Use Basic WordPress Security Plugins: There are a LOT of great free WP security plugins in the repository you can download and install in your website. You don’t have to be technical or a security expert to use them. We offer WordPress security and hardening services, but if you can’t afford to hire someone – using one of these free plugins is better protection than doing nothing at all.

What are the Best WordPress Security Plugins?

We have used Secure WordPress for a very long time – because it does very basic things that give you better security:

• deactivates error message on login page
• removes version of wordpress for non-admin on dashboard
• removes WP footprint from the HTML code of webpages
• removes WP update messages for non-admins
• removes version of WP from scripts and stylesheets
• protects against malicious URL attempts

Beyond that there are lots of things we do manually to make WP security better.

There are lots of other WordPress security plugins that do individual things, like lockdown your login or perform secure logins. There are also ones that are “firewalls” protecting against hacker attempts.

There is one newer WP security plugin that does more than most others called “Better WP Security“.

It performs the following security measures:

• remove the meta generator tag
• remove login error messages
• change login URL’s
• limit admin access to IP or range of IP addresses
• ban bots or specific hosts
• ability to completely turn off login for period of time
• remove update notifications
• strengthen .htaccess files
• enforce strong passwords for accounts
• detects attacks to your website
• rename the admin account
• changes your WP db table prefix
• supports forced SSL wp-admin login
• changes your wp-content path
• turn on or off file editing from wordpress admin

Previously all those things would only have been available through multiple plugins and manual work.

You can see in the image above what you see when you visit the plugin settings screen. It actually gives you color coded messages that tell you what is and isn’t secured within your website (and links to fix them).

Caveat Emptor WordPress User

These security plugins aren’t perfect, they don’t do everything. Some things are still done best manually, and sometimes using these plugins can conflict with other themes or plugins and cause things not to work (like forms, e-commerce shopping carts, download plugins, caching plugins). If you install one – be sure to read through the known issues and forums for that plugin and see if there are known issues with anything you have installed. Also, after you install – be sure to go through and test every single thing in your website to make sure it works (shopping cart, forms, downloads, image galleries, widgets, pages, posts, categories, tags, etc.). Always remember that if for some reason you lock yourself out of your own website (with a setting you tried), you can usually get back in by manually deleting the security plugin in FTP (and trying agagin).

Do you need help with WordPress security? Click here to learn more about our malware removal and WordPress security services.

Every WordPress website is initially built the same way. They all have a login page and there are two ways to get to it. If you’ve used WordPress for any length of time you probably already know that you can access the login screen for nearly any WordPress powered website by adding /wp-login.php or /wp-admin to the domain name. Both bring up the same login form. Anyone trying to break into your website would try those two URL’s first.

There are technical ways to “move your wp-admin login” to a new URL, but the easiest way is to just use a plugin. In the spirit of “there’s a plugin for that”, you might want to try Lockdown WP-Admin.

In the image above (click for full size) you’ll see how easy the plugin options are. Just check the box if you want to disable the logins to anyone that isn’t logged in. Also you can rename the login from wp-admin to anything you want. Make it /login or /logmein. This adds a bit of extra security to your WordPress powered website and makes it a little less “standard”.

Click here to learn more about our WordPress Services

WordCamp Detroit 2011 will be held at the Detroit Renaissance Center on November 12th, and 13th. The annual event celebrates the open source software “WordPress” that now runs more than 50 million websites. If you’re a web developer, designer, business owner, or website owner that uses WordPress – attending the event would not only help promote the software that runs your website, you’ll be meeting with and networking with WordPress enthusiasts from all over the state of Michigan!

If you don’t already have your ticket, please visit the website before they’re all sold out:

WordCamp Detroit 2011 website

10 speakers will give presentations on various technical and non-technical WordPress subjects, it doesn’t matter what your level of experience, there will be something for everyone! This event only comes once per year, so make sure you get to be a part of it. There are tickets still available (at the moment) get yours before they’re gone.

JTPratt Media is proud to be on the WordCamp Detroit organizing committee for 2011 – helping to spread the word of WordPress!

When your website is “indexed” by search crawlers and spiders – they visit your homepage, and follow all the links to determine how many web pages you have (and if they should be indexed). This is a very hap-hazard and tedious way to index web pages, so a new standard was developed 4-5 years ago called the “XML sitemap”. XML is a programming language, and an XML sitemap is a list of pages in your website, their importance, and the last modified date. Using the XML sitemap a search crawler can not only determine how many web pages you have (and their location), it quickly knows which ones were updated last.

For static websites, you can create your own XML sitemap by using a few online like this one:
XML-Sitemaps.com

Then, place the file (sitemap.xml) in the root of your website, like this:

http://www.website.com/sitemap.xml

If you have a WordPress powered website, all you have to do is install the very popular Google XML Sitemaps plugins.

Next you need to signup with the 3 major search engine webmaster control panels:
http://www.bing.com/toolbox/webmasters/
http://siteexplorer.search.yahoo.com/
http://www.google.com/webmasters/

A lot of people ask us, “why register with Yahoo when all their search results now come from Bing (through the Microsoft partnership)?”. The answer is, because Yahoo says as long as registration is available – use it until integration with Bing is complete (and there is no date as yet).

Once you have an account at all 3 search engines you’ll be asked to “verify” (that you own) your website by placing either a meta tag in HTML code, or a webpage in the root of your website. Once your site is verified, you can “submit” the URL of your sitemap to each search engine – so their crawler knows where it is. In addition, each search engine has (different) statistics that you can view regarding the indexing of your website – including success, failure, and any problems or error messages.i

You’d be surprised how much better your indexing and search traffic can be once you take the simple step of registering with the big 3 search engines!

You might also be interested in our SEO Services.

You may have heard recently that Facebook is now bigger than Google. Nobody would have predicted this just a few years ago. Nobody would have predicted in 1998 that Google would wipe out nearly every single one of the 30 existing (and very popular) search engines that we used a little more than a decade ago.

Let’s look at some stats from around the web over the last 6 months.

• Google makes 14X more revenue per impression as Facebook (Oct 2010 stats)
• Facebook has 7% of all Internet traffic (same stats)
• 99% of Google’s profits come from text ads
• Facebook now has more pageviews than Google
• People spend more time on Facebook than Google
• Facebook is earning DOUBLE the revenues Google reported when it went public

In 2008 Facebook had revenue of $275 million.
In 2009 Facebook had revenue of $635 million.
2010 Facebook revenue is said to be $2 billion.

My key takeaway from the Oct 2010 Techcrunch article How Facebook Can Become Bigger in Five Years Than Google is Today was that:

Google gets it’s revenue from advertising.
Facebook gets it’s revenue from advetising AND commerce.

Oh – and wait…”brand advertising” is a $600 billion market. And Facebook is a much better place to do that type of advertising, where people are “socially”.

What really made me think of all this (again) was today when I read that you can now rent movies on Facebook. This is what I predict to be the beginning of big things to come. Let’s think about a Google a minute. There was a time when they said they wouldn’t be getting into operating sytems. Or cell phones. Or social media. Or a lot of the things they do now. And yet, they’re doing them all. Android phones are dominating the market, and Google’s web browser gains market share every day.

The point is, when I wrote on my blog last night the post “Is Google Asking YOU to block bad results I indicated that people once used Google because they were better than EVERYTHING else online. But now they are so big, that they can’t even control their own search results (and their asking the users to help police them). The comes a point when a company’s so big that they aren’t nimble anymore – and someone with new ideas and better functionality can knock them down in just a year or two. Like Firefox did the Netscape and IE. And how I predict Facebook will crush Google in just a few years.

Today you’re watching movies on Facebook, but I predict within 1-2 years they will launch a search product. And possibly enhance their ad platform to be like Adwords / Adsense. If that happens – it’s on! Facebook is poised like the Karate Kid and his crane kick – to knock Google right in the head. Only time will tell if they will be successful or not – but they’re in a pretty good position.