Profile cover photo
Profile photo
Garrett W.
See my website for a complete bio:
See my website for a complete bio:

Garrett's posts

Post has shared content
Excellent advice. WordPress is an easy target for hackers. I know – I've been hacked before. More than once. And I'm not a big target.
 Because lately the number of webmasters who use WordPress increased, the volume of #compromised WordPress-powered websites is increasing too.

That's why I'd like to remind everyone who's also addicted to this great content management system, that being the most popular open-source CMS across the world-wide web, along with the benefits like numerous community, plenty of addons, user-friendliness, also means being the hottest target for #hacker attacks, and therefore it is vital for a webmaster to take security seriously and implement protection against all popular types of WordPress attacks: #DDOS, #xmlrpc, wp-login.php, username probes, #bruteforce attacks.

Below is the exclusive must-follow set of rules for for WordPress webmasters that I collected during years, basing on my own experience in a position of hosting customer support specialist, and the experience of hundreds of clients who required assistance with their hacked websites.

1. Always update anything that requires updating, not just because an updated theme or plugin is better, but because often new versions contain fixes for previously existing security holes and a missed day may lead to a hacked site (refers to themes, plugins, and WordPress core).

Tip: to get this routine task accomplished easier, I’d recommend

a) automating it, for example with the help of Wordfence plugin that has an option to auto-update itself along with other plugins and WordPress core, or

b) subscribing to theme developers’ newsletters, social media channels, RSS feeds, etc. and get notifications when updates are rolled out without having to open dashboard.

2. Use only official software, no nulled themes etc.

3. Install a firewall plugin, like Wordfence, and tightly configure it.

4. Install the Disable XML-RPC Pingback plugin or similar.

5. Install Captcha in every place of the site where applicable (comments, contact, login forms, etc.).

6. Install a wp-login.php protection plugin, or add .htaccess protection on wp-login.php file.

7. Never keep unused on the server, e,g, if you installed a plugin, but don’t like it, not just disable it, but uninstall and remove files.

8. No easy-to-remember passwords, only something really insane-looking and brain-cracking.

9. Never access your hosting account (via control panel, FTP, SSH) or WordPress dashboard using insecure connection and internet access points, e.g. public WiFi.

IMPORTANT: always backup your files and database, before you update anything, or simply when you’ve added a significant amount of content to the site, to save it.

Post has attachment
Just asked for code review on my PHP event library - if you have any tips for me, feel free to come post a response!

Post has shared content
Very true. Mental health is a huge issue and I only wish there was more I could do to help society on that front.

Post has shared content
Very useful advice for just about everyone.
You have to understand how stress works and where it comes from, so you can deal with it.

Post has shared content

Post has attachment
Cool network diagramming thingy. I'll keep it in mind for if/when I ever need it.

Post has shared content
It probably won't surprise you that Jairek Robbins (son of Tony), is as equally inspiring as his father.

Post has attachment

Post has shared content
It's about time a big name mentioned how this would be better.
Gates wants to shift the American tax code from one that taxes labor to one that taxes consumption.

Post has shared content
Wait while more posts are being loaded