I thought I might start blogging here a little bit, as a way of keeping in touch with the iChurch network as a whole. It’s difficult to keep up with contacting everyone individually all the time (there are quite a lot of iChurch webmasters now!), and I thought you might appreciate some information, particularly since I’ve been very busy lately, and therefore you may be wondering where I’ve got to and why I haven’t answered your email yet. If it turns out that this is useful as a means of communication, it may also be a way for me to share some tips and tricks, as well as all the stories of the things I’ve been struggling to solve, which could help you get the most out of your site.
So – what’s current with iChurch?
This week, I’ve had a few sites going over their bandwidth quota. When this happens, you – and your site visitors – will get a message when you load the site, that tells you the quota has been exceeded, and prevents access to the site. When this happens, there are three steps you need to take:
- Don’t panic
- Contact me
- Wait patiently for me to fix it.
I’ll try to reset bandwidth as soon as possible, which is usually do-able because it’s not a big job at my end, as long as I’m near my computer and have access to the internet – just a few clicks – but I sometimes delay doing so, because I want to check what’s caused the issue in the first place.
Often, it can simply be caused by lots of organic traffic, as “bandwidth is the sum of all data transfer to and from your hosting account“, so this could be traffic either from lots of people visiting your site, or from you doing lots of work on it behind the scenes. This is most often the case when a site is new, or has just been taken over, and the webmaster is doing significant work on getting it set up and customised.
Alternatively, your site has been subject to some kind of SPAMbot or hacking attack. If, for instance, your site is being used maliciously to send emails or host pages/links (which you wouldn’t necessarily know about), then hitting the bandwidth quota is one way (a) to prevent further traffic, and (b) to alert us to the fact that there is a problem. Don’t worry about this – it is exactly why we have the quotas set up in the first place, and why I then want to make checks if your site is exceeding its quota regularly.
If it turns out that your site is just busy, or you are very busy building it, I can then extend your bandwidth quota, so that you shouldn’t keep on having the problem on a regular basis.
What can you do to prevent problems?
We do what we can in the background to help ensure that your site is safe, but there are lots of things you need to do to help keep your site secure:
Run the latest version of WordPress
WordPress itself is protected pretty well against hacking – that’s partly why there are often updates to the WordPress installation – they are building in protection against new types of attack, which are developing all the time. The first, most important thing you need to do to keep your site safe is to ensure that you are always running the latest version of WordPress. Often, WordPress will install its own updates, particularly if there are only minor changes such as security fixes, but if there are any functional changes, it will need you to install the update. When this is the case, you will get a notification at the top of your dashboard when you log in; all you need to do then is click through the notification into the update screen, and follow the instructions there (you don’t need to worry about doing back-ups, as the site is backed up regularly by our hosting providers)
Make sure your plugins are always up to date
Plugins are probably the weakest link in terms of WordPress site security – not because there’s anything wrong with them, but because they are created and provided by thousands of independent developers, using all different systems, which gives the hackers lots of chances to find vulnerabilities to exploit. The good news is that there are lots of experts out there, fighting the good fight against hackers, who spot the vulnerabilities and alert the plugin developers, who can then create a fix. Those fixes then need to be installed into your site through plugin updates. Therefore, it is essential that you install these as soon as possible. To do so, all you need to do is go into your site to the plugins section, and hit ‘Update’ on any that say they need it. It’s as simple as that. I’d recommend that you need to check your site once a week, ideally, to install any pending plugin updates.
Secure Your User Account
You need to make sure that all users’ passwords are strong ones (more recent versions of WordPress insist on this anyway), and preferably, that the most obvious usernames are not in use. For instance, because WordPress used always to have one main user called ‘admin’, the hackers know to look for that one. Therefore, if you do have an ‘admin’ account (which you will, if you have been using WordPress/iChurch for a while, then it is even more important to ensure that user account has a very strong password.
Check Your Comment Settings
There are a few things you can do to avoid SPAM coming into your site via the WordPress comments system: firstly, go to Settings – Discussion, and ensure that the site is set up so that you have to moderate every comment made. Secondly, make sure that you are running Akismet, to keep control of SPAM comments. Thirdly, only have comments open where you actually want them. Depending on which version of iChurch you are using, there are different ways to prevent the comments box from appearing – if you have any trouble with this, please contact me (maybe I may even write a blog post about that at some point).
Prevent SPAM user registration
There has been quite a bit of discussion about this on the iChurch user forum, and recently I have been checking this setting on all sites that I’ve accessed. It’s very easy to ensure you don’t end up with thousands of SPAM users registered on your site: go to Settings – General, and deselect the check-box next to ‘Anyone Can Register’, then save the settings – et voila, no more SPAM user registrations.
If you can keep on top of these five things, it will make your site significantly more secure. Perhaps I’ll blog more about site security in the future, if this blog turns out to be a useful thing, but the good news is that there are lots and lots of blogs about WordPress out there, which provide all sorts of useful information.
I hope you found this post helpful. Please use the comments below (yes, I’ve left comments open on this post!) to feed back to me about whether you think my blogging here is a good idea, and what you’d like me to write about.