WordPress Plugins
When I’ve started with WordPress I migrated the contents of my old website. I had a few pages with some plain html, few lines of php and javascript to display the image gallery of my webcam.
Since I didn’t want to start from scratch, I was looking for some suitable WordPress plugins. As a newbie, the vast amount of plugins was quite confusing.However, I quickly found the ones I need mostly by trial and error.
In order to import the few lines of php code from my old web-pages, I installed the Exec-php plugin. It lets you execute <?php ?> in your posts and pages. It requires to disable the visual editor of WordPress. Otherwise your raw php code will be screwed after saving.
If you would like to use your secondary widget area, the Dynamic Widgets plugin might be something for you. Because it’s width, my webcam gallery overlapped pretty much with the secondary widgets area. The default WordPress installation displays the widgets on all pages and posts. With the Dynamic Widgets plugin you can configure on which pages and posts your widgets should appear.
In order to share code snippets on your page, I installed the WP Code Highlight plugin. It presents them as a block of code with customizable background. Edit: Meanwhile, I switched to the WP SyntaxHighlighter plugin, since the WP Code Highlight messed up the lower/greater than sign (< , >) when publishing code with the visual editor. The WP SyntaxHighlighter is able to correctly escape special chars.
Last but not least you should activate some safety features. If your Admin user still exists, you should rename this account to prevent brute force attacks on your admin account. I used the Admin renamer extended plugin to give my account a new name. Afterwards it can be safely disabled.
Once you prepared some posts, it is a good idea to backup your work. The UpdraftPlus – Backup/Restore plugin takes care of that and allows to set up time intervals for the backup procedure.
If your curious how many visitors are reading your posts, then you should install a traffic analyzer such as NewStatPress. Most visitors do not leave comments to your posts, thus you can see who visits your pages. It also helps to detect unusual traffic, i.e. hacking attempts.
WordPress Security
If you have installed the NewStatPress plugin you’ll soon notice that not all visitors read your blog posts, but try to hack your server. Thus, it is important to defend your WordPress installation from being compromised. A simple method to block suspicious traffic on your page is to block IP addresses from specific countries. Watch your NewStatPress logs and you’ll learn which countries to block. Several WordPress plugins have been published for this purpose. As an alternative method, you can define a RewriteRule in your /etc/lighttpd/lighttpd.conf which blocks access to your blog based on the language of the visiting browser (replace the “xx” by the country codes you want to block ).
$HTTP["language"] =~ "xx|xx|xx" { url.access-deny = ( "" )}
Some hackers try to gain access by guessing the name of the admin user account. Therefore, you should never use your real name or an abbreviation of your name for the admin account. You can also filter for “querystrings” that search for it by placing the line
$HTTP["querystring"] =~ "^/?author=([0-9]*)" { url.access-deny = ( "" ) }
into your lighttpd.conf. WordPress plugins for filtering bad queries are also available.