Securing WordPress Websites - RD224
Resourceful Designer: Strategies for running a graphic design business
Release Date: 07/13/2020
Engage More, Talk Less - The Key to A Thriving Design Business - RD341
Resourceful Designer: Strategies for running a graphic design business
Welcome back to another insightful episode of Resourceful Designer, where today's message is all about the art of engagement over trivial chatter. I'm your host, Mark Des Cotes, and in episode 341 we dive deep into the importance of engaging more and talking less. We explore how the wisdom of an elementary school teacher, who emphasizes understanding her students to truly elevate their learning, can be a powerful lesson for us as graphic designers in our own client interactions. I'll share with you how critical it is to connect with clients on a level that goes beyond flaunting our design...
info_outline
Are Your Design Clients Time Or Money Minded - RD340
Resourceful Designer: Strategies for running a graphic design business
Welcome to episode 340 of Resourceful Designer. Today we're diving into an intriguing question: Are your design clients time or money minded? We'll unpack the significance of understanding whether your clients value their time over their money or vice versa. I'll share some personal anecdotes, like the time I decided to replace my wife's car backup camera myself to save money, and on another occasion, when purchasing a course on Facebook ads, valued my time more. We'll explore how this distinction applies to your design business, how it affects the way you position your services, and...
info_outline
Accepting Credit Card Payments - RD339
Resourceful Designer: Strategies for running a graphic design business
In this episode of Resourceful Designer, I delve into the topic of accepting credit card payments from clients. I received an email from Phil, thanking me for the podcast's impact on his transition from working for an employer to running his own business. Phil's client asked to pay by credit card, and he was unsure how to proceed. I share the simplicity and speed of credit card payments and elaborate on the various options available, from PayPal to Stripe and other accounting software. I discuss the fees involved and the ways to incorporate them into pricing strategies, emphasizing the...
info_outline
Handing Over Your Working Files: Yes or No - RD338
Resourceful Designer: Strategies for running a graphic design business
Have you ever been in a sticky situation where a client has asked for your working files? In this episode of Resourceful Designer, I delve deep into the topic of whether or not to hand over working files. Join me as I share personal experiences and insights to help you navigate this common dilemma in the design industry. From legal considerations to negotiating with clients, I offer practical advice to help you make informed decisions and protect your creative assets. Tune in to discover the nuances of sharing final files and gain valuable tips on handling such requests in your design...
info_outline
Backing Up: It's Better To Be Safe Than Sorry - RD337
Resourceful Designer: Strategies for running a graphic design business
On this episode of Resourceful Designer, I delve into the critical topic of backups. Through two poignant real-life stories, I stress the importance of not solely relying on web hosts for backups. I share a scenario where a client's website was lost due to an overlooked credit card update and the absence of off-site backups. I emphasize the significance of using plugins like for WordPress or services like for complete cloud-based backups. I underscore the need to protect valuable data, whether for personal memories or business assets. Join me to understand the pivotal role of backups in...
info_outline
Persistence Will Pay Off - RD336
Resourceful Designer: Strategies for running a graphic design business
Hey there, it's Mark, and in this episode, "Persistence Will Pay Off," I want to talk to you about the challenges of running a design business. Whether you're just starting out or have been in the industry for years, finding clients can be tough. I've been there myself, going through long stretches without new projects coming in and questioning if my business was sustainable. But I made it through, and so can you. I'm here to share some words of encouragement and actionable tips to help you stay motivated and push through the tough times. From staying persistent and believing in your talent to...
info_outline
Presenting Your Designs To Clients: You're Doing It Wrong - RD335
Resourceful Designer: Strategies for running a graphic design business
In this episode of Resourceful Designer, I discuss a common mistake designers make when presenting their work to clients. Drawing from my own experience, I delve into the significance of presentation and its impact on a design business. Sharing insights from my college days to my current approach, I highlight the practice of presenting designs to clients with crucial information included. I explain how this method not only enhances professionalism but also leverages client sharing to attract potential leads. Join me as I reveal how this simple adjustment in presentation can make a substantial...
info_outline
Sure, You Can Do It, But Should You? - RD334
Resourceful Designer: Strategies for running a graphic design business
In this episode of Resourceful Designer, I share my journey as an entrepreneur and the pivotal role delegation has played in shaping the success of my business. From initially shouldering every responsibility solo to embracing the power of collaboration, I delve into the transformative impact of outsourcing tasks beyond my expertise. By strategically investing in external help, whether through hiring specialists or utilizing online platforms, I've been able to optimize productivity and focus on growth-oriented activities. Through examples from my own experience, I highlight the...
info_outline
2024 Design Trends by Freepik.com - RD333
Resourceful Designer: Strategies for running a graphic design business
Exploring Design Trends: A Dive into FreePik's 2024 Trend Report Click here to see the trend report: Join me as I delve into Freepik.com's 2024 trend report, highlighting key design trends predicted for the year. Freepic.com, a platform known for offering high-quality design resources for free, reached out to discuss its latest trend report, sparking my interest in exploring the upcoming trends. With full transparency, it's noted that while Freepik.com approached me for the discussion, there was no compensation involved. I begin the episode with a reflection on the reliability of future trend...
info_outline
You Need A Thick Skin To Be A Designer - RD332
Resourceful Designer: Strategies for running a graphic design business
Welcome to this episode of Resourceful Designer, where I explore the topic of thick skin in the world of design. Reflecting on my 30+ years as a designer, I share the often unspoken truth about needing a resilient attitude to thrive in this industry. I draw from personal experiences, offering valuable insights on handling criticism, difficult clients, and managing expectations, particularly when running your own design business. Join me for a candid conversation about the realities of being a designer and the resilience required to navigate the challenges of this creative profession.
info_outlineMy strategy for securing WordPress websites.
The internet is filled with unscrupulous people. Are you doing everything you can to ensure your clients’ portion of it is safe by securing their WordPress websites?
I recently published a podcast episode and article on earning extra income by offering website maintenance plans. Part of that strategy is making sure the websites you manage are secure. I received many questions afterwards asking how I secure my clients’ WordPress websites.
There are many ways and many tools available for securing a WordPress website. Here is the method that works for me.
WordPress Security.
Those two words, “WordPress Security” may sound intimidating to the uninitiated. Let me assure you they’re not. If I can learn how to do this, so can you. I’m not a programmer. I’m not even a developer. I’m just a WordPress user who figured out a security strategy that works for me.
What is WordPress Security?
WordPress security involves putting measures in place to decrease the chance of someone compromising a website.
If you sell WordPress Security as part of your website maintenance plan, be sure to tell your clients there are no guarantees. If a skilled hacker is determined to gain access to a website, they will, and there’s not much you can do to prevent it.
The purpose of Website security is to make it as difficult as possible for them, so they leave your site alone and go in search of an easier target.
Most hacking attempts are easily preventable with a few simple measures. Here’s what I do.
Securing Account Login.
By default, every WordPress installation provides easy access for administrators to gain entry to a site through the URL domainname.com/wp-login.php. This default makes the WordPress login page the most attacked part of any website.
So how do you secure the account login?
Hide the backend
I use iThemes Security Pro to hide the backend of every website and replace the login page with something else. If anyone tries entering the site via the /wp-login.php page, they’ll be taken to a 404 page not found page instead.
This is more of security by obscurity, and is not a very strong strategy, but if it helps prevent automated bots and such, then why not do it?
iThemes Security Pro > Security > Settings > Advanced > Hide Backend
Force the use of a strong password.
The stronger the password, the harder it is to crack. Forcing a strong password makes it more difficult to gain access to a site.
iThemes Security Pro allows me to force the use of strong passwords. New site users must enter a strong password to create their account, and existing site users are forced to update their weak password when they next log in.
iThemes Security Pro > Security > Settings > Password Requirements
Prevent the use of compromised passwords.
One of the main vulnerabilities of passwords is their reuse. Many people think up a good password, but then they use it everywhere. All it takes is for one database breach containing their user name and password, and a hacker can gain access to wherever the two are used in combination.
iThemes Security Pro connects to the haveibeenpwned API and refuses any compromised passwords.
As part of this prevention method, I recommend all my clients use a Password Manager such as 1Password to create strong, unique passwords for every site they visit.
iThemes Security Pro > Security > Settings > Password Requirements
Limit Login Attempts.
Even a strong password may be guessed if given enough time. So as an extra measure, I turn on Brute Force Protection in iThemes Security Pro to prevent the number of failed login attempts.
I have it set so that three failed login attempts will lock a user out of the site for 15 minutes. After their third lockout, it bans the IP address from even viewing the website.
iThemes Security Pro > Security > Settings > Local Brute Force Protection
Two-Factor Authentication.
Two-Factor Authentication, sometimes called 2FA, adds an extra step to the login process. The way it works is after entering a username and password; users must enter a temporary six-digit code to gain access to the site.
This code can be obtained from a predetermined list, one that’s emailed to the user, or, my preferred method, using an App on a smartphone such as Google Authenticator.
Google Authenticator generates a new unique code every 30 seconds. When logging into a website with Two-Factor Authentication, you must enter the code from the app and press the login button before the code expires.
The only way to gain access to a website protected by 2FA is to have the user name and password, plus have access to the smartphone tied to the account.
iThemes Security Pro > Security > Settings > Two-Factor Authentication (This is a PRO feature)
Passwordless Login
I want to mention Passwordless Login as a security option, but note that I don’t use this method myself. I explain why, later.
Passwordless login is a way to gain access to a website without entering a password or a 2FA code.
To use Passwordless Login, you enter your email address on the login page then check your email for a “magic link” that grants you access to the website. No password or Two-Factor Authentication code required.
Passwordless login is secure because it requires access to the email account associated with the site.
Although Passwordless Login is very secure and works great for clients, I don’t use this method. I sometimes need to access to a client’s website through their account instead of my admin account. I wouldn’t be able to access a site with Passwordless Login since I don’t have access to my client’s email account.
iThemes Security Pro > Security > Settings > Passwordless Login (This is a PRO feature)
WordPress Site Monitoring
Now that the account login is secure, the next thing I turn to is site monitoring. I want to know when something happens to one of my client’s website.
Security Logs
WordPress security logs are an excellent resource for seeing what is happening with a site. If a website gets hacked, the security logs will have the best information to help you recover.
To be honest, I don’t understand most of what the security logs contain. But I know where they are, and how to download and share them if I need to get an expert involved in fixing a compromised site.
iThemes Security Pro > Security > Logs
Monitor File changes
iThemes Security Pro allows me to monitor when files on a website change. This is a great way to know when someone had gained access to a site.
Be warned; this feature will also notify you of every change and update you make to the site.
iThemes Security Pro > Security > Settings > File Change Detection
Scanning for Malware
iThemes Security Pro regularity scans and notifies me if it detects malware on a website. This has saved me in the past when a client’s site became compromised. I was able to fix the issue before it escalated.
iThemes Security Pro > Security > Settings > Site Scan Scheduling (This is a PRO feature)
Themes and Plugin Management
Delete unrequired and inactive themes and plugins.
It’s much easier to hack into a website if it has outdated themes and plugins installed.
The first step in theme and plugin management is to deactivate and delete any unrequited or unused plugins. You can always reinstall a plugin should it be needed.
Also, make sure you acquire your plugins from reputable sources. I’ve seen some questionable WordPress Plugin bundles recently offering thousands of dollars worth of premium plugins for next to nothing. These plugins may work, but they may also be compromised. It’s not worth risking your business or reputation over.
Keep active plugins and themes updated.
As far as security is concerned, when it comes to the WordPress Core, Themes and Plugins, the best rule of thumb is to keep everything updated.
Many updates are to patch security vulnerabilities.
iThemes Security Pro has a nice feature called Version Management that allows a site to automatically update itself as new versions of the WordPress core, themes and plugins are released. Although handy, I leave almost all of this feature off. I prefer updating plugins myself. Should something on the site break during an update, I want to know right away.
The only option I turn on is the “Auto Update if Fixes Vulnerability” option. This allows updates only if it fixes a security issue.
iThemes Security Pro > Security > Settings > Version Management (This is a PRO feature)
Manually updating the WordPress Core, Themes and Plugins.
For updating my client website, I use iThemes Sync, a WordPress manager. iThemes Sync allows me to monitor and update all my clients’ websites from one dashboard.
iThemes Sync sends me daily emails telling me what plugins and themes have updates available. I can log into iThems Sync and perform all the updates from the one dashboard without having to log into each website individually, saving me time.
The basic version of iThemes Sync is free for up to 10 websites.
Domain security.
Whenever registering a domain, I highly suggest you include domain privacy. Some hosts include domain privacy while others charge an extra fee.
Domain Privacy hides the domain owner’s contact information from the public. Without domain privacy, a domain owner’s email address, mailing address and phone number are available for anyone to see.
Since it’s common to use the same email address to register a domain and access the associated website, without domain privacy, you’re handing hackers half of the login information they need.
That’s my WordPress Security plan.
That’s it. That’s what I do to secure my clients’ WordPress websites.
This is not meant to be an add for iThemes. There are many tools you can use to do the same things I do. Some of them possibly better and maybe less expensive than what I use. But I’ve been using the iThemes programs for several years, and I know, and I trust them. And so far, knock on wood, they’ve worked for me.
What's your strategy for securing WordPress websites?
Let me know by leaving a comment for this episode.