2. About Terri
⢠Founded beyond the office in 2006
⢠Specialize in WordPress, websites &
email marketing templates
⢠Certified Internet Webmaster
⢠Internet Marketing Virtual Assistant
⢠IVAA EthicsCheck Certification
⢠@torlowski
⢠facebook.com/beyondtheoffice
3. What is WordPress?
⢠âWordPress is web software you can use to
create a beautiful website or blog. We like to say
that WordPress is both free and priceless at
the same time.â (from WordPress.org)
⢠First released on May 27, 2003, by Matt
Mullenweg as a fork of b2/cafelog. (Wikipedia)
⢠As of 02/11, WP 3.0 had been downloaded over
32.5 million times.
⢠WordPress is used by over 13% of the
1,000,000 biggest websites.
4. .com vs. .org
WordPress.com WordPress.org
⢠Free ⢠Free (to download)
⢠Custom Domain ($) ⢠Custom domain ($)
⢠Free hosting (limited) ⢠Requires Hosting ($)
⢠Limited Themes ⢠Unlimited Themes
⢠Limited Plugins ⢠Unlimited Plugins
⢠Automatic backups and ⢠Responsible for your own
upgrades backups & upgrades
⢠Hosted across ⢠Your-choice hosting*
servers, can handle traffic
6. One-click installation
⢠Quick & Easy install available from
most web hosts
ďś Not all hosts use Fantastico, but most offer some
one-click installation option
⢠Good option for non-techies
⢠Not as secure as manual installation
⢠Takes about 3-5 minutes
7. âFamous 5 Minute Installâ
⢠Some technical experience required
⢠Download latest version from WordPress.org
⢠Create MySQL Database & User
⢠Edit wp-config-sample.php
⢠Rename to wp-config.php
⢠Upload WordPress files (FTP or File Manager)
⢠Go to site to activate install script
*may take longer than 5 minutes depending on your computer speed
and Internet connection
9. WordPress Security
⢠Remove or neuter the ⢠Security Plugins
admin account ⢠Be choosy about
⢠Non-default table prefix theme & plugin
⢠Hide version & sources
Generator meta tag ⢠File permissions
⢠Regular Updates ⢠Move wp-config.php
⢠Strong Password ⢠Good Host
⢠.htaccess in /wp-admin ⢠Regular Backups
10. Plugins - Security
⢠Semisecure Login Reimagined
⢠User Locker
⢠WP Security Scan
⢠WP Optimize â use to rename admin account &
remove post revisions to decrease db size
⢠WordPress File Monitor
⢠Akismet (Bad Behaviour, Spam Karma, Disqus)
⢠SEO Ultimate â (404 monitor)
⢠Bluetrait Event Viewer (BTEV)
⢠Theme Authenticity Checker (TAC)
11. Plugins - Backup
⢠WP DB Backup
⢠WordPress Backup by BTE
⢠Backup Buddy ($)
12. Plugins â Other Useful Stuff
⢠Gravity Forms ($)
⢠Google XML Sitemaps
⢠Sexy Bookmarks
⢠WordPress Editorial Calendar
⢠WP Google Analytics
⢠WPtouch (free or $)
⢠All in One Webmaster (free or $)
⢠Broken Link Checker
⢠Simple URLs
13. Plugins
⢠Where to find plugins?
â http://wordpress.org/extend/plugins
â IVAANet (ask for recommendations)
⢠What are your favorite plugins?
14. What about themes?
⢠StudioPress
⢠ithemes
⢠WooThemes
⢠ElegantThemes
⢠Frameworks
â Thesis
â Genesis
â Headway
⢠wordpress.org/extend/themes (free, use with
caution)
15. WordPress for Podcasting
⢠Simple â link to an audio file from a post
⢠Podpress plugin
⢠PowerPress by blubrry.com
16. WordPress for Newsletter
⢠WordPress/Feedburner
â Add a new category (ie Newsletter)
â Exclude this category from Category list
â Exclude regular blog posts from newsletter category
â Create new feed in Feedburner for your category
â Enable email subscriptions in Feedburner for that
feed
â Get code from Feedburner for subscription & put it in
a widget
â Enable full text feeds in WordPress Settings
â Publish post in newsletter category and let
Feedburner take care of the rest
17. WordPress for Newsletter
⢠Use RSS feed option with your favorite mail
service (MailChimp, Aweber)
⢠Get code for signup box and put it in a
widget, page or post on your site
â MailChimp List Subscribe Form plugin
â Gravity Forms Pro add-on plugin for MailChimp
â Aweber Web Form Plugin
18. WordPress for Newsletter
⢠ALO EasyMail Newsletter
â Track/manage subscribers in WordPress
â Can send to additional email addresses
â Merge tags available for subscriber names, post
titles, excerpts, etc.
â Can create HTML or plain-text email messages
â Scheduled sending
â Reports and stats
19. How do you use WordPress?
⢠Website ⢠Invoicing
⢠Blog ⢠Newsletter
⢠Video Blog ⢠Photo Blog
⢠Podcast ⢠Business Directory
⢠News Site ⢠Contact Manager
⢠Membership Site ⢠Online Job Portal
⢠Social Networking Site ⢠Online Classifieds
⢠Project Management ⢠FAQ Portal
⢠E-commerce ⢠Ticket System
⢠Forums ⢠Wiki
⢠Article Directory ⢠Digg Clone
Takes about 10-15 minutes sometimes, but more secure and reduced risk of invasion from hackers.If you host offers it, I recommend uploading the zip file & decompressing on the server versus unzipping and FTPing all the files, which takes considerably longer
For most web hosts, DB_HOST will be âlocalserverâ. If your web host requires that you use something different, they usually indicate this in the MySQL database area Authentication Keys & Salts are used to encrypt the information in WP cookies. If you heard Justin Ryanâs presentation at Online Summit, he discussed how hackers can use your cookies to get into your site. Using the salts and keys can help prevent this. This can be done at any time, so even if this wasnât done when your site was setup (such as if you used one-click install), you can add this layer of security. It will force all users to log in again, but shouldnât cause any other problems. it is possible to change table prefixes after the initial install, but this can be hairy and should not be attempted without a good backup, some technical experience, some time to kill, and a bottle of wine if there are problems.
If you already have an admin account, there are 2 ways you can handle this â create a new administrator account (will have to use a different email address) and then log in with that and delete the admin account (or change it to subscriber) or use wp-optimize plugin to help you change the admin account name. This can also be done directly in the DB if youâre savvy with that stuff. Some advocate to remove the account but if itâs been successfully downgraded to Subscriber role, it shouldnât cause any problems. Can be changed during manual setup, or with plugin (wp-security scan) //remove WP Generator tag -> remove_action('wp_head', 'wp_generator'); Password â according to Justin Ryan, DuckDuckBlue (Online Summit 2010), anything less than 12 characters can be cracked by average computer in less than 1 day, no supercomputer needed. Use a variety of upper- and lower-case letters, numbers and symbolsCan create .htaccess file with FTP program or File Manager. Used to control file access on Apache-based servers. WP requires LAMP plaftorm or compatible to run. File Permissions: Directories 755, Files 644. If on shared- server, wp-config should be 750. wp-config.php can be moved ONE directory up from install directory, which means it can be outside your public folder if WP is in root directory. Make sure you have regular backups of your database (all your content) and your files (theme, plugins, modifications, etc.)
SemiSecure Login Reimagined â not as good as SSL for logging in but better than nothing.UserLocker - This plugin locks user account after given number of incorrect login attempts.WP Security Scan â looks for common security issues, such as database errors, table prefixes, wp-generator meta tag, etc. This doesnât have to be running all the time. Most of the time, I have it deactivated, and activate it once a month or so, or after installing new plugins, to make sure Iâm still good.WordPress File Monitor âwill alert you if any file is changed or added in your WP install directory. Can be a hassle with backup files, but worth it for the peace of mindAkismet comes automatically with WP, but requires a API key, which are free for personal use, and start at $5 month for non-personal sites. Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. Spam Karma blocks spammers by known IP addresses, and has good reviews but Iâve never personally used it. Disqus is a comment management plugin but since I installed it, I havenât had an comment spam, so that works for me. SEO Ultimate is, as its name suggests, an SEO plugin. However, it has a 404 monitor module that I can use to see which files people/bots are trying to access, which can be a clue if someone is trying or has tried to hack my site. BTEV logs events for your site to help identify potential hacking episodes TAC checks for malicious code, links or javascript in your theme files. Great if you use a lot of free themes.
BackupBuddy is also useful for moving WP install from subfolder to root or to a new server
Plugins in repository have to pass spam/malicious code check when submitted, but nothing preventing from uploaded bad code on the next go-round, so use with cautionPaid & premium plugins are safer and usually more well maintained.
Podpress & PowerPress both give you FreeStatsPlayerID3 tagsAudio or VideoSupports many different file typesPodpress has a history of being neglected for a while, but Iâve read some strong reviews for both.Powerpress can also do hosting. It was developed as a replacement/upgrade of Podpress when it was abandoned in 2009. However, since then, development has started back up for PodPress.
Has limited stats, and does not include the nice checks that many email service providers do, such as Spam flags, and automatically including required information according to CAN-SPAM act.