A quick way to see info on your SSL cert (even some hosts use it to show customer’s info). Specfically, go to
https://www.sslshopper.com/ssl-checker.html#hostname=YOURDOMAINNAMEHERE
Just a handy trick to have up your sleeve. Cheers!
When Right Click is Disabled (WTF, amirite?!?!?)
If you’re like me (mouth-breather, loves yo-yo’s and warm potato salad) any visit to an interesting site usually includes casually right-clicking to inspect the element or view the source. I like to see if I can guess just from looking if it’s a WordPress site. (I’m right about 80% of the time!) I came across one yesterday that disallowed it; specifically they blocked it using javascript.
Couple of methods to get around this:
- Ctrl + Shift + i opens the console (this is the easiest one and what I recommend)
- Disabling javascript (remember to undo this unless you want to live in a boring world) from the settings of your browser
- Looking for the specific script and disabling it
- Pasting in javascript:void(document.oncontextmenu=null); to the browser console (supposedly…I was not smart enough to get this to work, so I had to use one of the first two methods)
What worked for you?
Move Over, Caching
I listened to a few downloaded youtube videos (sort of a choose your own adventure poor man’s podcast) while I was on a recent road trip. They were by Miriam Schwab, and one was about speeding up your site, (and so was this one) and a very approachable one was about securing your site. I listened to one about content security policies (and another on the WordCamp 2018 livestream Guitar track, starting at 29:02) which, full disclosure, was a little over my head. Like, not completely over but I had to stand on tiptoe. Both were good, especially since they challenge us to start thinking about ways to make our sites faster and and more secure; at the end she talks about her new company Strattic which sounds like it will do both. Or like caching, only better.
I described it to my dad thus:
Molly: Picture you could make a cardboard cutout of me, and it was ready instantly.
Dad: So we wouldn’t have to wait for you to get ready before we could leave for breakfast.
Molly: Yes.
Dad: Like, it’s just a cardboard cutout so it’s ready to go, we could just pick it up and there’s no waiting.
Molly: Yes. But also, the cardboard cutout can’t be hurt. Like, it’s impervious to stab wounds. So it’s me, it’s the latest version of me, but ready at a moment’s notice and completely secure.
Dad, interrupting: …stab wounds?!?!
Molly: What I mean is, in this example I/the website can’t be hurt. Your site is the latest version, but blazing fast because it’s also static, and un-hackable, because it’s not a living, dynamic thing.
I’m only curious about how often you’ll need to do changes – obviously on most sites pushing out a new version once a day would be more than fine. But on huge sites or membership sites it could be a problem. Also, I guess this wouldn’t work for something like membership site with a discussion board. And – I’m showing my ignorance here, but I think it would interfere with any contact forms giving confirmation messages, right?
Still, I love the elegance of the security and speed inherent in simply serving a static site. What do you think?
Easy Way to Stop Those Varmints from Stealing Your Images n Stuff
If you don’t lock down your directories, people can come along and poke through them and take your images and sometimes even pirate a copy of your theme. (though I doubt they’d be able to update it, but still, it’s the principle of the thing)
Easy-peasy fix for this. But first go test if your site is unsecure at the moment. I’ll wait. Type in
mysitename.com/wp-content/uploads
And you’ll likely see a list of your images, themes and plugins. Yowza!
But there’s a simple fix, just a line of code in your .htaccess file. Navigate to the .htaccess file you need for any particular site (remember you might need to look in the root directory if it’s the main domain) and paste in
# Disable directory browsing
Options All -Indexes
before the comment ending WordPress (# END WordPress). Here is another site explaining the steps to prevent people seeing your directories. They list a few plugins that can do this for as you as well if editing files is not your jam.
- WP safely disable directory browsing
- Hide My WP – WordPress Security Plugin
- AB WP Security
I ran out of time to do the links but if you like you can easily search out these plugins. Remember to back up your .htaccess file before you start to edit! And good luck! 
Upgrading Your Version of PHP for Fun and Profit
- What does it mean to upgrade your version of PHP? (start using a newer, better version of PHP to run your site)
- Why should you do it? (your site will load faster and be more secure)
- How often should you? (check the releases, but generally…maybe twice a year)
- Will it hurt? (not if you are doing other stuff right – keeping your themes, plugins and version of WordPress up to date)
Here is what the WordPress community has to say about upgrading your version of php (hint: they’re all for it). Basically, PHP (which stands for Php Hypertext Preprocessor – pretty cute, that) is the language that runs a WordPress site. Periodically a new version is developed and released, usually running things faster, better while using fewer resources. Doing more with less. The big change was the release of PHP 7.0 in 2015, but as of Nov 2018 we are already up to 7.3
Overall, PHP 7 is faster, more secure, and significantly more resource efficient than older versions. To give you an example, a site running PHP 7 can handle twice as many visitors as PHP 5 can, using the same amount of memory.
It’s generally agreed that you should aim to be on the latest secure release, not the most recent bleeding edge one. (though most people are lagging behind updating PHP 7.0 – only less than 1 in 5 sites as of 2018) And it’s further agreed that you should probably not experience any problems from upgrading to a higher version of PHP.
Probably.
If you use plugins, themes or scripts on your site that rely on outdated PHP code and you upgrade to a newer version of PHP, the changes from the upgrade would cause old code on your site to be incompatible and break.
It’s not a bad idea to check if your site will be okay with a newer version of PHP by using a plugin like Compatibility Checker. If you’re always updating WordPress and using reputable, premium, well-supported plugins and themes, you should be all ready to move forward. However, if your plugin or theme is not being updated frequently, it may not play nicely with a newer version of PHP. To be honest, you may already be aware of which theme or plugin might cause a problem if something crashed your site after a WordPress version update. (Remember, if you can’t access the dashboard, you can sftp in or use the cpanel to easily rename and disable your plugins and themes one by one till your site comes back up and you identify the culprit).
A reputable webhost will have the latest couple of versions of PHP available to you to select from via the cpanel. Remember, you may not be able to upgrade if you’re on a managed WordPress plan (at least from GoDaddy). And you should always have a backup of your site (files and database) in case things go sideways and you need to restore.
Good Habit – Keep Your Hosting and Domain and Backups Separate
You know how the royal family has to travel separately, in order to mitigate risk to the line of succession? Of course you do, it was the entire plot of King Ralph. Keeping your domain and hosting separate helps to manage the risk that your site can be hacked.
Think about it – if someone hacks your site, at least they can’t take your domain as well (this is assuming they figured out the account user name and password with the host/registrar). If they get your domain, that’s a little trickier, but at least your still have your site on the host. And if your host’s backup of your files fails, at least you have a copy of your site in your DropBox, your Google Drive (and for the extra paranoid, a hard copy of your site on a usb stick, which was a brilliant idea I got from an InMotion support dude. Not all heroes wear capes, guys)
You’ll also tend to feel kind of stuck if you want to transfer away from that host – and a lot of times those sweet first year hosting plans get pretty pricey the second year. It doesn’t cost any more to register somewhere other than your web host, and you can just pick one domain registrar and then shop around for a plan to host your sites. It’s a good habit to spread the risk around and make things harder for hackers.
Also consider two factor authentication and installing wordpress in a subdirectory. These are simple steps but hackers go for low hanging fruit, so harden up your site, yo.