Tag: wordpress

Fixing The BackWPup Error: “Dropbox API: (59) Unknown cipher in list”

Keep calm and install this plugin

A few days ago I published The Ultimate WordPress Tutorial To Bulletproof Your WordPress Blog Backup, where I show step-by-step how to set up an automatic backup process for your WordPress site, that’s saved both to your server as well as your Dropbox.

The WordPress Error

Ever since then I’ve been getting questions from people who are receiving the following error when trying to authenticate Dropbox in the BackWPup plugin.

Dropbox API: (59) Unknown cipher in list

Continue reading Fixing The BackWPup Error: “Dropbox API: (59) Unknown cipher in list”

The Ultimate WordPress Tutorial To Bulletproof Your WordPress Blog Backup

OMG! Do we have a backup?!
OMG! Do we have a backup?!

Why Is Setting Up WordPress Backup The Most Important Thing You’ll Do Today?

As Bloggers, we spend a lot of time building our website. We put so much effort into creating content, building an online readership and an engaged audience. For most online entrepreneurs the home website is the top money-maker in their business – working for them 24×7.

Would you drive a car with no insurance? Of course not! So why are you neglecting your website backups?

Imagine this scenario: following brilliant advice from Chris Ducker, you decide to outsource some work on your website. Yay for you – it’s a great idea! So you get someone from Elance.com with decent reviews, go to bed – ready to wake up to a new world of geo-arbitrage and outsourcing bliss.

But when you wake up the next morning, you find out that your brilliant hired expert broke your website, lost your previous design, and mistakenly deleted over a month’s worth of content that you worked so hard to create. This is exactly what happened to my friend, Natalie Sisson just last week.

Not a fan of outsourcing? Fine, what would you do if someone hacked into your website? Or if you deleted something by mistake? Or your web host is under a cyber attach?

It really doesn’t matter what the circumstances are. At some stage, every web owner finds himself asking this frightening question:

“Do I have a backup?”

Having an updated and relevant backup is your insurance policy for a rainy online day. Having one means that no matter what happens, you can be back in business within minutes. Deleted something? You can restore. Someone broke something? No worries! Your hosting provider is under a massive cyber attack? You can restore to a different server and be back in minutes.

Hand of drowning man

The thing that amazes me is how easy it is to set a bulletproof, easy, and (the best part) – fully automatic backup process. Invest 15 minutes of your time today, and you will save a multitude of it when you’ll need it.

So today I want to show you how to create a WordPress backup process that will run automatically for you, and save the backup files to somewhere that’s EASY to access when shit hits the fan. Sounds good?

Continue reading The Ultimate WordPress Tutorial To Bulletproof Your WordPress Blog Backup

How To Secure WordPress – Common Mistakse

I’ve been seeing tons of posts recently covering the (important) subject of securing your WordPress blog. There are many blogs that are currently sharing their top 5, 10 or 20 security tips.

Why am I writing about this? Because I don’t like the fact that most of these blog posts ignore the elephant in the room, rendering their advice into…rubbish.

Garbage can in Melbourne australia with the label 'Rubbish'

 

Here’s the last one I encountered, on Copyblogger

Last week, in preparation for an interview about my work at Copyblogger’s managed WordPress hosting division, I chicken-scratched a top 10 list of tips for keeping your WordPress website(s) secure.

10 Steps to a Secure WordPress Website

Now, in that link you will find a checklist of ten (mostly valid and important) actions to take to secure your blog (and up-sell some services). So why am I not satisfied?

The Elephant In The Room

Everybody’s talking about security and importance of having “good” passwords. You’ll see tons of debating on how to choose a hard-to-hack password, but zero discussion on who can read your password???

Here’s the elephant: If you have a self-hosted WordPress blog, there’s a VERY good chance that you don’t have a secure way to log in to it . What does this mean?

If you don’t use a secure connection when you log in to your WordPress blog (and in a second I’ll show you exactly how to check if you are using one), then anyone on your local network can see your password when you click that Log In button.

Let me emphasize this again

Anyone can see your password when you log in to your WordPress blog using a non-secure connection.

This means that it doesn’t matter what-so-ever how complicated your password is. If you update your blog, approve comments or even just log in to check stats while you’re at a caffe, shopping mall or airport – congratulations, you’ve just given your password to all the other people that are using the same network like you.

How do you know if you’re using a secure connection?

When you log in to your admin panel, check if the URL (the address at the top) starts with HTTP:// (insecure) or HTTPS:// (secure). If it’s an HTTPS, this is a secure connection, and your password will not be up for grabs by your surrounding. If it says HTTP, you’re in trouble for two reasons:

  1. When you log in, you send your admin password as plain text over to the server, and any other computer on your network can read it
  2. Even if you log in at home, and select “remember me” and then access the blog from a public location, anyone can hack your account. The reason for this is that although you have logged in from your home, the server saves a special mark on your device that will allow it to be remembered. This marked is called cookie, and when you access your blog again in a public network, everyone can steal your cookie, and that will make your blog crumble!!

How To Fix This

Unfortunately, showing how to set up SSL certificates (this is what it takes to have a secure connection to your WordPress) is a subject for an entire blog, not just a post, and is definitely out of the scope for this blog.

Being a complicated setup that it is, it also completely negates the point of easy actions to improve security, like all the blog posts I mentioned advocate for.

What you should do, is contact your hosting provider and ask them to help you set up SSL connection for your blog. Notice that a shared-SSL certificate, like Hostgator (for instance) offers for free, will only allow you partial management of the blog (for instance, will allow to edit posts in HTML mode, but not in the WYSIWYG editor – which is what most people would prefer). Also take into consideration that a private SSL will cost money (few tens of dollars per year on average). If you host more than one blog on your account, take into account that you might end up being able to install SSL only on one of your blogs.

How To Fix This – The Quick & Easy Way

Don’t choose a simple & cheap shared-hosting package. Choose a Managed WordPress Hosting provider. Syntesis [this is NOT an affiliate link] is one that I heared some good stuff about, but haven’t checked them out myself. Make sure to pick a package that DOES includes SSL (their basic one doesn’t).

If you have any recommendations for managed WordPress hosting or at least one that makes it dead easy to enable SSL for WordPress on it, write me a comment!