Tuesday, January 1, 2019

Building a WordPress site ~ [6] WordPress Plugins

Time to log into your new WordPress site!

You should immediately install an anti-virus plugin to protect your site. I am currently using the free version of WordFence.

Then you will add plugins recommended by ABCInc.




You will need your admin username and admin password to proceed.

Enter https://yournewsite.moc/wp-admin into your browser. When asked, enter the username and password to continue.

When the dashboard opens, go directly to Plugins, and click on the "Add New" button at the top.

On the right is a box that says "Search Plugins." Click in the box and enter "wordfence." Find the correct plugin and click on installnow , then activate.

The next screen pops up, and you must complete it before proceeding.
  • Enter the wordfence email forwarder you created in cpanel.
  • Choose whether to receive their newsletter.
  • Agree to the terms
  • Click on the "Continue" button
  • Ignore the premium key request - you can click on the "No Thanks" link on the screen.
Next, the full dashboard will be restored to your screen, and you will find a new menu choice on the left tool bar "Wordfence." Click on the Wordfence menu choice and step through whatever tutorial is launched for a new, fresh installation.
  • Go to All Options ~ open one at a time
  • Wordfence Global Options
    • Skip: Wordfence License
    • Skip: View Customization
    • General Wordfence Options
      • √ Automatically update WordFence 
      • Review/verify admin email address for notification
      • Save Changes (upper right corner of screen)
      • Skip: Dashboard Notification Options
      • Skip: Email Alert Preferences
      • Skip: Activity Report
  • Firewall Options
    • Skip: Basic Firewall Options
    • Skip: Advance Firewall Options (...for now...)
    • Open Brute Force Protection
      • Enable brute force protection is on
        • Change login failures to 3 (Use pull-down)
        • Change forgotten passwords to 4 (Use pull-down)
        • Leave count failures at 4 hours (Use pull-down)
        • Change user lockout time to 30 minutes (Use pull-down)
        • Enable "Immediately lock out invalid usernames."
          • Add selected domain names to "Immediately block the IP of users who try to sign in as these usernames." such as admin, user, test, etc.
        • Leave "Prevent the use of passwords leaded in data breaches" enabled
    • Leave Additional Options defaults
    • Ignore/Skip Rate Limiting defaults
    • Ignore/Skip Whitelisted URLs (...for now...)
    • Save Changes (upper right corner of screen)
  • Blocking Options
    • Skip Advanced country Blocking Options
  • Scan Options
    • Skip/Ignore all the options in this section
  • Tool Options
    • Skip/Ignore Two Factor Authentication Options
    • Skip/Ignore Live Traffic Options
    • Save Changes (upper right corner of screen)
    • Skip/Ignore Import/Export Options
  • Save Changes (upper right corner of screen)

Return to Plugins


  • Add the following plugins: 
  • Tools
    • Child Themify by John Bolch
    • WP Maintenance Mode (Designmodo)
    • Health Check & Troubleshooting (WP.org community)
    • ManageWP Worker (ManageWP)
    • Google Analytics (MonsterInsights)
  • Contact Form
    • Contact Form 7 by Tekayuki Miyoshi
    • Really Simple CAPTCHA by Tekayuki Miyoshi
  • Editors
    • Classic Editor should already be installed (WordPress contributors)
    • WP-Edit (Josh Lobe)
  • UpdraftPlus - (UpdraftPlus, David Anderson)
  • Yoast SEO 
  • Membership
    • Disable Toolbar (Michael Dance)
    • Members (Justin Tadlock)
    • WP-Members (Butler)
    • WP User Avatar (flippercode)
  • Return to Installed Plugins and activate the following:
    • [ Delete ] Akismit
    • [ Delete ] Hello Dolly
    • [ Activate ] Child Themify
    • [ Activate ] Classic Editor should already be activated
    • [ Activate ] Contact Form 7
    • [ Activate ] Google Analytics
      • [ Activate ] Health Check & Troubleshooting
      • [ Activate ] *ManageWP Worker (Add to ManageWP.com)
      • [ Activate ] Really Simple CAPTCHA
      • [ Activate ] UpdraftPlus
      • [ Activate ] WP-Edit
      • [ Activate ] Yoast SEO


    Plugin Configuration

    • Contact Form 7
      • Find "Contact" on the dashboard menu
      • Select "Contact Form 1" for editing
        • Rename "Contact Form 1" to "Template"
        • FORM: Add CAPTCHA information
        • MAIL: Change "To" and "From" to the email forwarders you have already created. It's important to change the from to the admin login to "wordpress@.." because you've already registered it.
        • You can ignore MESSAGES and ADDITIONAL SETTINGS for now
    • Insights (Google Analytics)
      • You will need to connect this plugin to the GMail account you set up in step [2] ~ not necessarily immediately, but the sooner the better
    • Updraft
      • Go to Settings -> UpdraftPlus backups
      • Select "Settings" ~ this is where you configure when Updraft makes backups and where in the cloud Updraft should send/store your backups. This is where the free Google drive comes in handy.
    • WP-Edit
      • Buttons ~ Ignore for now
      • Global ~ Ignore for now
      • General ~ Ignore for now
      • Posts/Pages
        • Max Post Revisions - Enter a number (5? 3?)
        • Max Page Revisions - Enter a number (5? 3?)
        • SAVE YOUR CHANGES
      • Editor ~ Ignore for now
      • Extras ~ Ignore for now
      • User Specific ~ Ignore for now
      • Database ~ Ignore for now



    Neil Patel has written an excellent article:
    15 WordPress Plugins No Content Marketer Should Live Without

    He discusses installing/using the following plugins:

    • Security Tools
      • WP Limit login attempts
      • Wordfence or iThemes
    • Caching, for better SEO
    • Analytics & A/B Testing & SEO/Site Maps
    • Email subscription form
    • Other plugins 
      • Mobile Responsiveness
      • Editorial Calendar
      • Social Sharing/Social Accounts
    • Comment Management/Related Posts
    • Rich Snippets
    • Calls to Action & Landing pages



    Patel points out that plugins introduce vulnerabilities and can slow down your site ("sometimes dramatically")

    No comments:

    Post a Comment