Wednesday, May 31, 2017

8 of the Best Plugins for Securing Your WordPress Site

How do you avoid getting hacked? Our last article detailed forty techniques for securing your WordPress site. This follow-up post is a quick reference of the best plugins that look after your security needs.

We’ve focused on highly-rated plugins that cover a range of security features, rather than one-trick-wonders. If your hosting provider doesn’t already have a comprehensive security solution (possibly including the use of these plugins), installing one would be a great first step in your security strategy.

Have we missed your favorite security plugin? Let us know in the comments.

1. WordFence

  • Cost: Free, Premium from $99/year
  • Active installs: 2+ million
  • Rating: 4.8 out of 5 stars (3,048 reviews)

Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and we even check if your website IP address is being used to Spamvertize.

WordFence includes these security features:

  • Firewall. WAF with automatically updated firewall rules that block common WordPress security threats.
  • Blocking features. Real-time blocking of known attackers and malicious networks and other security threats.
  • Login security. Two-factor authentication, enforced strong passwords, security to lock out brute force attacks.
  • Security scanning. Scans core files, themes and plugins for malware and backdoors, and checks for files that have been changed.
  • Monitoring. Monitors traffic in real time including bots and reverse DNS, monitors for DNS changes and disk space.

2. All In One WP Security & Firewall

  • Cost: Free
  • Active installs: 500,000+
  • Rating: 4.8 out of 5 stars (669 reviews)

A comrehensive, easy to use, stable and well supported security plugin… It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.

All In One WP Security & Firewall includes these security features:

  • User accounts security. Change the default admin username, check for user display names that are the same as usernames, password strength tool, stop user enumeration.
  • User login security. Login lockdown (brute force protection), log out inctive users, view failed login attempts, whitelist IP addresses, see who’s logged in, CAPTCHA.
  • User registration security. Enable manual approval, CAPTCHA, Honeypot.
  • Database security. Set the default WP prefix, schedule automatic backups.
  • File system security. Identify and fix insecure permissions, disable file editing from WP admin, monitor system logs.
  • htaccess and wp-config.php file backup and restore. Easily backup, restore and modify these important files.
  • Blacklist functionality. Ban users based on IP address or range, or by specifying user agents.
  • Firewall. Add firewall protection via htaccess, firewall rules that stop malicious scripts.
  • Brute force login and attack prevention. Cookie-based login prevention, CAPTCHA on login form, rename login form URL, Honeypot.
  • Whois lookup. Get full details of a suspicous host.
  • Security scanner. File change alerts, scan database tables for suspicious strings.
  • Comment spam security. Block IP addresses of spammers, add CAPTCHA to comment form.
  • Front-end text copy protection. Disables right click, text selection and the copy option.

3. iThemes Security

  • Cost: Free, Pro: 2 sites $80/year, 10 sites $100/year, unlimited sites $150/year, Gold $297 lifetime.
  • Previously called Better WP Security
  • Active installs: 800,000+
  • Rating: 4.7 out of 5 stars (3,812 reviews)

iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.

The free version gives you some protection, but the Pro version includes these security features:

  • Two-Factor Authentication. “Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you.”
  • WordPress Salts & Security Keys. “The iThemes Security plugin makes updating your WordPress keys and salts easy.”
  • Malware Scan Scheduling. “Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details.”
  • Password Security. “Generate strong passwords right from your profile screen.”
  • Password Expiration. “Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed).”
  • Google reCAPTCHA. “Protect your site against spammers.”
  • User Action Logging. “Track when users edit content, login or logout.”
  • Import/Export Settings. “Saves time setting up multiple WordPress sites.”
  • Dashboard Widget. “Manage important tasks such as user banning and system scans right from the WordPress dashboard.”
  • Online File Comparison. When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.
  • Temporary Privilege Escalation. “Give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.”
  • wp-cli Integration. “Manage your site’s security from the command line.”

Continue reading %8 of the Best Plugins for Securing Your WordPress Site%


by Adrian Try via SitePoint

6 Tips for Managing Your Site with cPanel

If you use shared hosting for your website, chances are good that you are managing your site with cPanel. The cPanel software is the prevalent administration panel for a significant number of hosting companies out there, but many people who use it don't stop to check out the features that it offers. With cPanel, depending on what your host offers and what your hosting package includes, you can manage domains that are attached to your account, email accounts, files and databases, and many other administrative tasks, all made easier with a single interface.

In this article, we'll walk through six tips for managing your site with cPanel, that you may or may not have seen in your own hosting adventures. Experienced users may already know about these items, but newer users, expecially those who haven't taken the time to really look through their cPanel interfaces, may not have seen these options. In fact, sometimes even experienced users can get bogged down in routine and forget some of the options available to them, so it's worth a look!

The first two items are not default features of cPanel, but rather available "cPanel Apps", meaning that some hosts may have them, some may not, and some may have more than one option. They're still mentioned here because of how common they are, and how incredibly useful.

Autoinstallers

cPanel Softaculous Auto Installer

Autoinstallers (such as Softaculous Auto Installer) are exactly what the name says. They provide a way to perform quick and painless installations of platforms that you may need in order to build a new website, such as WordPress, Joomla, Drupal, PrestaShop, forums platforms, and a variety of other content management systems, frameworks, and scripts. With a click or two you can have the platform you need installed on your new hosting and ready to go, rather than manually setting up databases, uploading files via FTP, and running through setup processes, troubleshooting issues as you go. It's a great feature that is sometimes overlooked, and saving time is something that even veteran site administrators can get behind!

SSL Certificates

cPanel Lets Encrypt

Another app that you may find in your cPanel is one that provides you with the ability to install an SSL certificate for your website, such as the LetsEncrypt cPanel app. If you're not very familiar with SSL certificates, and the growing need for every site to use HTTPS, you should take the time to learn about it. Many hosts, including SitePoint's partner, SiteGround, provide these certificates free, via the cPanel, for all, or at least some payment tiers, of their customers. And if you're using a CMS such as WordPress, here are some tips for getting set up with an SSL certificate

Securing your site with HTTPS will make it easy for all visitors to see that security is important to you, as any modern browser will indicate with a green lock when a site is HTTPS and secure. The growing pressure from Google and others to force all sites to become HTTPS only makes it more urgent, and that much greater of a feature that you can set one up right from your cPanel.

Continue reading %6 Tips for Managing Your Site with cPanel%


by Jeff Smith via SitePoint

#292: 11 Things I Learned Reading The Flexbox Spec

This Week's HTML, CSS and Browser Tech NewsRead this e-mail on the Web
FrontEnd Focus
Issue 292 — May 31, 2017
A run through some of the ‘good bits’ of the CSS Flexible Box Layout specification.
David Gilbertson

Scrolling opens a lot of doors to designers but isn’t without its drawbacks. Some tips on how to approach ‘long scroll’ experiences.
Nick Babich

Google will remove support for PNaCl early next year from “everywhere except inside Chrome Apps and Extensions” shifting their focus over to WebAssembly instead.
Brad Nelson

Red Gate
Get a full history in your source control system. See who made changes, what they did & why. See how.
Red Gate   Sponsor

In this session from Google I/O, Addy Osmani covers PWA best practices, patterns for efficiently loading websites and the latest tools for getting fast and staying fast.
Google Chrome Developers

TJ VanToll explains why, despite the ridicule CSS sometimes gets from the developer community, he still loves it for its flexibility, simplicity and power.
Telerik Developer Network

Slides and a thorough write up of a talk on accessibility within the context of responsive web design.
Scott Jehl

Browserlist provides information to tools like Autoprefixer and postcss-normalize (and more) to let you specify which browsers you want to target.
Chris Coyier

A look at why “writing your styles in JavaScript isn’t such a terrible idea after all”.
Mark Dalgleish

Simon Codrington illustrates some UI design ideas using CSS animation and gradients.
SitePoint

Jobs Supported by Hired.com

Can't find the right job? Want companies to apply to you? Try Hired.com.

In Brief

Page Scroll Animations Made Easy with the AOS Library tutorial
Gajendar Singh

On-Scroll Morphing Background Shapes tutorial
A decorative website background effect where SVG shapes are morphing and transforming on scroll. Powered by anime.js and scrollMonitor.js.
Mary Lou

Full Page Background Video Styles tutorial
Tips and approaches for using videos as backgrounds.
The Media Temple Blog

Making Custom Properties (CSS Variables) More Dynamic tutorial
Dan Wilson

Accurately Checking for CSS Grid Support in Microsoft Edge tutorial
Greg Whitworth

The CSS Fractional Unit (fr) In Approachable, Plain Language tutorial
Ohans Emmanuel

How to Create Perfectly Centered Text With Flexbox tutorial
Craig Campbell

👞🕷 [Free until June 26] Squash Common JavaScript Bugs Course 
Join Todd Gardner's course on Debugging and Fixing Common JavaScript Errors. You’ll be armed to squash bugs for good.
Frontend Masters  Sponsor

Chrome Won opinion
”..it’s safe to say that Chrome is eating the browser market, and everyone else except Safari is getting obliterated.”
Andreas Gal

What is the Future of Front End Web Development? opinion
Chris Coyier

HTML5: Where The Core Web Technology Is Headed Now opinion
Paul Krill

Muuri: Create Responsive, Sortable, Filterable and Draggable Grid Layouts tools
A JavaScript powered layout tool. Demo here.
Haltu

Flexbox Cheatsheet: Click to Copy Flexbox Properties to Your Clipboard tools
Valery Liubimov

Firefox Screenshots: A New In-Beta Web Screenshot Tool tools
Mozilla

$20 Free Credit on a new account. 
Linux cloud hosting starting at 1GB of RAM for $5/mo. Use promo code HTML520 and get $20 credit.
linode  Sponsor

VideoContext: Experimental HTML5+WebGL Video Composition and Rendering API code
BBC

Elongated/Extruded CSS Text Shadows code
Mixfont

Progress Nav: An Example of Page Navigation That Shows Progress demo
CodePen

HN PWA: Hacker News Clients as Progressive Web Apps demo
Along the lines of TodoMVC, these are example PWAs built with different frameworks.
HNPWA

Curated by Peter Cooper and Chris Brandrick and published by Cooperpress.

Stop getting FrontEnd Focus : Change email address : Read this issue on the Web

Cooper Press Ltd. Office 30, Lincoln Way, Louth, LN11 0LS, UK


by via FrontEnd Focus

Feel

Feel

Awesome One Page portfolio for Australian digital agency, Feel. The Single Page site features an intro floating astronaut against a moving universe background. As you scroll down you enter the earths atmosphere with an impressive moving WebGl cloud animation.

by Rob Hope via One Page Love

How Can I Use WordPress for eCommerce?

So, you love WordPress, and want to launch an eCommerce site. You can do just about anything with WordPress. Should it be used for eCommerce, or is it better to use something designed from top to bottom for online shopping, like Magenta, Prestashop or OpenCart?

There are a wide range of eCommerce solutions out there, both hosted and self-hosted that are worth considering. But by adding an eCommerce plugin to WordPress, you get the same range of online shopping features, plus the familiarity and power of WordPress.

For most people, there are two WordPress eCommerce solutions I recommend. Many people would agree with me, since they’re two of the most popular options out there, powering half of the world’s online stores. They’re different, and appeal to different people—and one of them will likely appeal to you.

But they’re not the only options. If your needs are a little different, or you don’t like to follow the crowd, or you prefer to research all the options before making a choice, I’ve included a list of other alternatives.

So, which WordPress eCommerce solution is for you? Read on to find out.

Continue reading %How Can I Use WordPress for eCommerce?%


by Adrian Try via SitePoint

Why Prototyping with Adobe XD is the Most-Complete Design Solution

Prototyping with Adobe XD

Even though Adobe XD is still relatively new, the reception has been terrific. So I thought we’d do a quick-but-fun tutorial that illustrates how designing and prototyping with Adobe XD is wonderfully rolled into a single tool, without making the app feel too bulky. In fact, Adobe XD is pretty minimal and it's really easy to use once you know how.

Not too long ago, I compared Adobe XD vs. Sketch. While Sketch is still a brilliant choice for designing user interfaces, Adobe XD came off as the clear winner for those switching from other Adobe apps such as Photoshop or Fireworks.

With Sketch you’ll need to install extensions and quite possibly subscribe to third-party services to add any prototyping functionality, whereas Adobe XD offers these tools natively.

Plus, if you already have an Adobe Creative Cloud subscription, then you'll already have the entire feature-set of XD at your disposal! Design + prototyping + feedback all rolled into a single app, what more could you ask for?

It’s also available for Windows now!

Let's dive right into Adobe XD by designing and prototyping two screens in a mobile app.

Note: the examples used in this tutorial are based on the free Cactaceae UI kit for Adobe XD.

Prototyping with Adobe XD: Low-Fidelity Wireframes

Adobe XD makes it super-easy to quickly mockup a low-fidelity wireframe. Being able to design low-fidelity wireframes quickly means that we can make huge strides towards to creating a layout that offers a terrific user experience, while not having to worry about the visuals too much (at first). Let's illustrate our first idea so that we can receive feedback from our teammates ASAP — ideas develop faster when there are more brains on deck.

Everybody has a design workflow that works for them — when designing low-fidelity wireframes I have a strict rule of using only text and shapes (unless absolutely necessary). What’s the use of designing icons, sourcing images and defining styles for a layout that we might not move forward with? Here are the vital keyboard shortcuts that you’ll need right now.

  • Select Tool (V)
  • Rectangle (R)
  • Ellipse (E)
  • Line (L)
  • Text (T)
  • Artboard (A)

Lets mock-up an idea.

Start by creating an artboard (A) and selecting the “Android Mobile” artboard from the inspector on the right-hand side.

Creating an artboard in Adobe XD

Now, using the toolbar on the left-hand side, or the keyboard shortcuts mentioned above, draw some shapes on the canvas to construct your layout. If it adds further clarity, or if there’s any space unaccounted for that makes the layout look confusing, then add maybe one or two images that depict what that space will be used for, as I've done below.

Very basic icons are fine too, as long as you aren’t wasting copious amounts of time illustrating them. Remember, our aim here is to validate our idea with feedback, only after that should we allocate more time to making it look appealing.

Low-fidelity prototying with Adobe XD

If you’re interested to see how rapid iteration compares with Sketch, check out my comparative overview.

Prototyping Interactions and User Flows

We now have our rough idea mocked up. It’s time to demonstrate how these two screens might link up — how would the user flow from one screen to the next? I mean, that’s what user interfaces are all about, right? Helping the user from A to B?

Switch to the “Prototype” workspace using the tab in the top-left corner. You’ll notice that this workspace doesn’t differ too much from the Design workspace; the main difference that there is no inspector, and when we select objects on the canvas, we’re given the opportunity to link the tap target to another artboard instead of styling them (hence why no inspector).

Switching to the Prototype workspace

If you’re following along with my example, select the “Explore now” button, where you’ll notice that a blue, draggable handle appears on the right-side side of it. Drag this handle into the neighbouring artboard. Awesome, you’ve created a user flow!

Prototyping user flows in Adobe XD

In a very short moment we’ll learn how to test this user flow in a real device, but for now, let's specify the type of transition that the user will experience and how long the animation will last for.

When you drop the handle into the target artboard, a modal will appear. You'll see the following settings:

  • Target: we already specified the target
  • Transition: the effect that occurs when the user flows from one screen to the next (“None” is the default option for websites, whereas “Slide Left/Right” is pretty standard for native mobile apps)
  • Easing: the acceleration of which the animation occurs (ease-out animations for example will be faster at the beginning, then slow down as the animation comes to a halt)
  • Duration: how long it takes the animation to complete

Check out my article on easings and animations if you’re interested to know more about them!

In our case, choose “Slide Left” for the Transition setting and leave the other settings with their default option.

Sharing Prototypes and Gathering Feedback

When you’re ready to share your wireframe and receive some feedback, hit the share icon in the very top-right corner of the Prototype workspace window, then click “Create Link”.

Sharing prototypes with teammates

Next, share this link with your teammates, who will then be able to view the mockup in their browser, make comments on it, and even use their mouse to click through the prototype like a real user.

Generating design feedback in Adobe XD

Desktop Preview vs. Device Preview

“Do I have to create a share link to test the prototype?”.

Of course not! You can test the prototype to make sure that all of the screens are linked up properly at any time — simply hit the “Desktop Preview” icon (the play icon) and click away. If it's just you, Desktop Preview is more than ideal.

Continue reading %Why Prototyping with Adobe XD is the Most-Complete Design Solution%


by Daniel Schwarz via SitePoint

Earthluck International

Earthluck International

Minimal One Pager for good whitespace for management consultancy, Earthluck International. Nice touch with the random mountain header image on page load.

by Rob Hope via One Page Love