Welcome to Tech Talk Tuesday!

Every Tuesday, a member of the BigScoots team or one of our wonderful partners from our ecosystem will be digging into a variety of WordPress topics and trends. Each #TechTalkTuesday is designed to expand your understanding of a WordPress topic and give you an opportunity to learn more about what everyone is doing for you behind the scenes!Table of Contents:

Table of Contents:

Week 1 – How can I improve security on my WordPress site?
Week 2 – What is caching and which caching plugins does BigScoots recommend?
Week 3 – Why does BigScoots choose CloudFlare?
Week 4 – What is FTP?

Week 5 – EXTENSION – How can I improve security on my WordPress site?
Week 6 – How do I make my WordPress website accessible? By Bill Erickson
Week 7 – Why is it beneficial to have a dedicated IP?
Week 8 – Why does BigScoots use the NGINX web server?
Week 9 – What is phishing?

Week 1 – How can I improve security on my WordPress site?

Week1 Facebook

It is important to be aware that using security plugins will have both positive and negative impacts to your site. Oftentimes they are found blocking legitimate requests and more critically the scans they perform can greatly impact overall website performance.

That said, if you are someone who chooses to manage the security of your WordPress website yourself without the help of a managed WordPress provider, a security plugin can be a very helpful tool providing you with an extra set of eyes on your WordPress security.

How Can BigScoots Help?

At BigScoots, we block access to all scripts that do not need to be accessed from the outside world to prevent attackers from sending requests to scripts that are potentially vulnerable. If the script does have a vulnerability the attacker can exploit and they attempt to do so, we will immediately block the request.

With our managed WPO plans, we will also proactively monitor for irregular resource consumption which can be an early indicator of an exploit. We dig deep into stuck PHP processes and database conflicts which can be a result of malware. We also regularly upgrade and expand our on-premise security appliances designed to block attacks before they impact you or your visitors.

Paid Options

CloudFlare Pro is a fantastic paid security option that adds an industry leading Web Application Firewall (WAF) to your site. The WAF will sit in front of your site, so any and all load a WordPress security plugin would normally expose your site to will be handled entirely off server at Cloudflare, resulting in zero impact to the performance of your website.

Pro Tip: WordPress Security is only as strong as the weakest point – don’t forget about a secure password! A password manager is a fantastic way to create long and secure passwords without running into the hassle of forgetting them.

Contributor

justin 1

Justin, Co-Founder and SVP of BigScoots.

As SVP, Lead Systems Engineer and co-founder, Justin controls the BigScoots helm in day-to-day operations. He studied network security, advanced Linux administration and has over 15 years of hands on experience.

In addition to overseeing the support desk, Justin is lead on all configuration, proactive monitoring and ongoing maintenance of BigScoots infrastructure.

When not in Chicago, you can find Justin in Southern New Jersey with my wife and three children.

Week 2 – What is caching and which caching plugins does BigScoots recommend?

What is Caching Which Caching Plugins Does BigScoots Recommend

Caching is the process of storing frequently-accessed data temporarily in a ‘cache’ so that it can be reused for subsequent requests.

When cache is disabled, your server is required to process the requests, compile the data, and send it back to the browser each time a visitor browses your website. These requests include various file types such as HTML, PHP files, scripts, images, fonts, and all other content stored within your WordPress database.

A WordPress website generating high traffic will result in a much heavier workload for the server as it will be required to work significantly harder to process and compile multiple pages per second as requests flow in. This increase in workload will result in an inevitable decrease in website performance.

This is where caching comes in!

When cache is enabled, it can assist with decreasing the workload on your server by storing a copy of each request to ensure when a subsequent request flows in, it is served directly from the stored cache.

Caching plugins can further assist with website performance in that they will create a static page of your web pages. When a visitor browses your website, they will see a cached version. When content is updated on your website, the plugin will empty the stored cache, and regenerate with updated content and files. Not only will this minimize the amount of data transmitted between the browser and server, it will improve the overall speed and performance of your website.

Common Types of Caching

  1. Page Cache – The simplest of the caching mechanisms. Page Cache is the process of storing content for each and every web page; created at the time the request is received from visitors browsing a web page.
  2. Object Cache – The process of storing database queries in a cache. As WordPress is heavily dependent on databases, efficiency is crucial.
  3. Opcode Cache – Saves all compiled PHP codes as the requests flow in.
  4. CDN Cache – CDN’s use edge servers located all around the world to store static website files for faster and more efficient delivery to users that are geographically distant from the host server.

BigScoots Recommended Caching Plugins

  • WP Cloudflare Super Page Cache – Recommended for WordPress websites using Cloudflare services. Allows Cloudflare to handle all page caching to ensure all web pages are served over the Cloudflare CDN rather than static content. This plugin is becoming more and more favored as it continues to be developed as there are many great features including a fallback cache which services cache from the server if it doesn’t currently exist at Cloudflare.
  • WP Rocket – Ranked the fastest and most feature-rich caching plugin for WordPress websites, while this plugin is very good, it still relies on the cache to be stored locally on the server, we recommend pairing this plugin with WP Cloudflare Super Page Cache so you can utilize the script optimization WP Rocket provides with the page caching being handled by Cloudflare.
  • Cache Enabler – For those not using Cloudflare, we recommend this plugin. For those using our Fully Managed WordPress services, we have a specific configuration for it to improve its performance by serving the cache directly by the web server and bypassing PHP. This can also be done for those using Apache on our shared/VPS plans using the following:
    https://www.keycdn.com/support/wordpress-cache-enabler-plugin#advanced-configuration
    • Shibin’s Pro Tip: Installing Autoptimize with Cache Enabler may lead to further performance improvements.
  • LiteSpeed Cache – Recommended specifically for BigScoots shared hosting. Provides object cache support, image optimization, LazyLoad images, Content Delivery Network (CDN) support, and much more!

At BigScoots we use different forms of caching in order to speed up and optimize your site. Caching is a critically important part to any efficient and well performing site.

Depending on your workflow and development routine, it may be necessary for you to clear this cache from time to time from your live environment. At any time you are free to clear your OPCache, Page Cache, Object Cache, All Server Cache as well as Cloudflare Cache from within your BigScoots WordPress Optimized (WPO) Portal.

Although the WPO Portal gives you option to manually clear your site(s) cache with a single click at any time, if you are the least bit weary about doing so, or would like some additional insight and direction on a particular issue you believe is related to caching, please feel free to reach out to our team here at BigScoots – we are always happy to assist!

Contributor

HUSS8707

Shefin, AKA Shibin, Support Specialist at BigScoots.

Shibin is passionate about providing each and every one of our amazing clients with the highest level of support available on the market.

Shibin is a newlywed! When not working, you will find him enjoying his family time with his wife.

Week 3 – Why does BigScoots choose CloudFlare?

Handling over 10% of all global requests from websites, Cloudflare has gained its popularity within the hosting industry due to its excellence as both a Domain Name Server (DNS) and a Content Delivery Network (CDN). Though not limited by these services, Cloudflare has extended their scope to include domain name registrations, website optimization, enhanced security and performance improvements.

Week3 Facebook

Benefits of Using Cloudflare

1. Content Delivery Network (CDN) – Cloudflare’s CDN capabilities stores your websites static files across multiple data centers that are geographically distributed around the world. Using a CDN allows your websites visitors to load your sites files much quicker by pulling data from a data center more geographically favorable to them, thus, improving website speed and load time.

2. Bandwidth – Cloudflare helps to reduce bandwidth usage on the server side as only dynamic requests for your website will reach the server, while Cloudflare will load the previously stored static files through its CDN capabilities.

3. Faster Domain Name Server (DNS) – DNS are responsible for converting your registered domain name to its respective IP address, allowing your browser to download your website’s data. With the addition of Cloudflare DNS, you can reduce all possible DNS query delays to under 15 seconds.

4. Security – Cloudflare provides several excellent options for enhancing the security of your website. For example, if you were to ever experience an attack or hacking attempt, Cloudflare provides an attack mode which allows you to instantly enable additional security features, such as additional IP address checks or Captcha. Additionally, extensive DDOS scans are completed for each visit on the server.

5. Page Rules – Cloudflare grants you the ability to activate specific page and/or traffic rules to your website, Not only does this include allowing your website the capability of disabling cache as required, you can also create page rules for redirecting to additional websites.

6. Analytics – Cloudflare can provide analytical data based on the unique visitors your site generates at the DNS level, and without needing to add any additional code to your website. This ensures that all data is accurate as there is no possibility of adsense code being blocked at the user-side in the way it would be by plugins and scripts if the analytical code had been added to your site.

Contributor

prasul

Prasul, Support Specialist at BigScoots.

While ensuring all clients receive the highest level of support and service available on the hosting market, Prasul is responsible for testing and maintaining all operating systems.

Prasul has a degree in information technology, and when not working you will find him traveling with his family and friends.


Week 4 – What is FTP?

FTP or the File Transfer Protocol is a standard network protocol that is used for transferring computer files between your website’s hosting account and a computer, or vice versa.

Week4 Facebook

In many cases, FTP is used in lieu of the WordPress admin area to manually upload images, blog posts, files, etc. to your website. If you are uploading a large quantity of files to your site at a single period of time, FTP can be very useful as it does not limit the size of your transfers.

FTP works to quickly establish a connection between a server (typically with your hosting provider) and a client (your local computer) to complete the transfer of the selected files.

An FTP client, such as FileZilla, needs to be used in order to upload your website’s files to your local computer.

Features:

  • Allows you to transfer multiple files and directories
  • The ability to resume a transfer if the connection is lost
  • The ability to add items to a “queue” to be uploaded/downloaded
  • No size limitation on single transfers (browsers only allow up to 2 GB)

As a Fully Managed WordPress hosting client with BigScoots, you have quick and easy access to both your FTP and phpMyAdmin details from within your WordPress Optimized Portal (WPO) for both your live and staging environments. You also have complete control over creating new and editing old FTP accounts.

Contributor

jay

Jay, Support Specialist at BigScoots.

Jay has his Bachelor’s Degree in Computer Applications and has pursued many courses in Business Management and Administration Tools. He has been within the web hosting industry for over 10 years, with 5 of those years being with BigScoots.

Jay has a passion for providing top-notch support to valued clients across the globe.

When not working or traveling, you will find Jay in Dubai testing out his culinary skills and watching movies with his friends and family.

Week 5 – EXTENSION – How can I improve the security of my WordPress site?

Week5 Facebook

Being able to launch a website for personal or professional use is possible for all knowledge levels, though it is paramount that every website owner learn how to keep their site secure.

This will help to avoid any potentially threatening attacks to your site, and it will also help to keep all of your personal information private and protected.

Did you know…

Top Tips For Enhancing Website Security:

  1. Keep your website up-to-date: This is largest cause of attacks against WordPress websites. Internet bots scan websites in search of WordPress versions, plugins, themes, etc. that are out of date. Once found, they send out random attacks in the form of brute force attacks, SQL injection attacks, backdoors, remote code execution, and much more!

    Dean’s Pro Tip: It would always be my recommendation to create a backup of your website prior to updating your WordPress core, plugins, or themes. As a Fully Managed WordPress client with BigScoots, we provide you with 30 days worth of backups stored off-server on our dedicated backup appliances. You are also able to take a manual backup at any time you’d like.
  2. Plugin selection: There are three major points to look out for when choosing a plugin for your WordPress site.
    • Last updated date. Ensuring your chosen plugin has been recently updated makes it much less likely there will be any outdated code or exploits.
    • The number of installs. Always look for plugins with the HIGHEST number of installs. A plugin with an extremely low number of installs may be a red flag.
    • Reviews and ratings. Each plugin within WordPress will have a reviews tab that will provide you with a brief explanation and overview of how well the plugin works. This will also provide you with user reviews.
  3. Enabling 2 Factor Authentication: A great way to add an extra layer of security to your WordPress website. 2FA will secure your site against password theft, phishing, and brute force attacks. It makes it impossible for any other individual to access your admin area without a unique code.

    Dean’s Pro Tip: For an additional layer of security, I would suggest making use of Google Authenticator. This will add an extra layer of security before signing into your WordPress admin dashboard. This works to eradicate bots from trying to brute force attack your WordPress admin. As a Fully Managed WordPress hosting client with BigScoots, you can simply reach out to our 24-hour support team to have this applied.

Contributor

dean

Dean, Support Specialist at BigScoots.

Dean is exceptionally dedicated to the success of each and every one of our amazing clients.

When not working, you will find Dean travelling throughout Europe with friends and family or indulging in his love for computer gaming.


Week 6 – How do I make my WordPress website accessible? By Bill Erickson

At BigScoots, we love to collaborate with other industry leaders, and this weeks #TechTalkTuesday contributor is no different!

BillErickson2

Bill Erickson, the lead developer of CultivateWP, was gracious enough to dig into his 6 simple tips for increasing the accessibility of your WordPress website. There is no one-size-fits-all solution, but there are a number of simple rules to follow so that your content is accessible to as much of your audience as possible.

  1. Provide appropriate contrast between text and backgrounds. With so many people suffering from poor eyesight and color blindness, low contrast between text and the background can make reading difficult. By using a strong contrast between the two, you’ll increase your audience’s ability to read and understand your content. Depending on the level of accessibility guidelines you’re adhering to, that contrast ratio changes, so be sure to test and verify!

    Bill’s Pro Tip: You can use the WebAIM Contrast Checker or the contrast checker built into the WAVE accessibility browser extension.
  2. Use heading tags in order. As a general rule, heading tags are meant to help break up content on your page, like a table of contents for a book. By using the heading tags (H1-H6) in the right order, you not only make it easier for screen reader users to navigate your page and know what it contains, but also add to your site’s search engine optimization. 
  3. Describe your images with alt text or leave it empty. Alternative text is used by screen readers to explain what the image contains, so describe it to your audience! If the image is just for presentation and doesn’t add anything relevant to your content, an empty alt text tells a screen reader to skip over it. By default, WordPress adds the empty alt text attribute to images out of the box, but beware if any plugins change the image (such as lazy loading image plugins, etc.) as they might remove this attribute.

    Bill’s Pro Tip: You don’t need to include words such as “image of” or “photo of” in your alt text, as the screen reader announces that it’s an image for you. 
  4. Don’t rely solely on color to convey information. As I mentioned, color blindness is one aspect of accessibility, especially when 5-10% of people in the United States are affected. Since 99% of colorblind people suffer from red-green colorblindness, this can seriously impact how users understand success and failure on your website. If a contact form only shows a red border on fields to indicate errors, a colorblind user might not know what they’re doing wrong since they can’t see the difference. That’s why it’s important to include other ways to convey that information, such as an icon or helpful text near the field to show where the problems lie.
  5. Include focus styles for focusable elements. This may seem self-explanatory, but a lot of CSS frameworks opt to remove focus styles from elements like buttons and anchor links, without replacing them with a suitable alternative. If a user is accessing your site with a keyboard, they may not know where they are while tabbing around if there is no focus indicator.
  6. Review auto-generated closed captions. If you’re using a video service such as YouTube to host your videos, you might also be leaning on their auto-generated captions to do the heavy accessibility lifting for you. However, it’s best to play through the video with captions on and see where there might be grammar and punctuation mistakes, as the automated system won’t get everything perfect. Imagine reading a blog post that was one giant run-on sentence. If the system doesn’t know when to add periods, that could be what your viewers experience.

There is certainly more to accessibility than what is on this list, but adhering to these bullets will definitely get you started on the right foot. For greater detail, and to learn about the varying levels of accessibility conformance, you can check out the Web Content Accessibility Guidelines or a detailed tweet by Chris Brailsford, Bill’s development partner:

Contributor

BillErickson

Bill Erickson is the lead developer of CultivateWP, a WordPress development agency specializing in food bloggers and publishers.

He has been a WordPress developer for over 15 years. His custom-built websites are fast loading, accessibly, and easy to manage thanks to his expertise!


Week 7 – Why is it beneficial to have a dedicated IP?

When hosting your website within a shared hosting environment, you will notice that in many instances you are given the opportunity to invest in a dedicated IP address rather than sharing one with other websites on your server.

Week7 Facebook

A dedicated IP, or Internet Protocol, is a unique numerical identifier that is applied to every domain on the internet. If you are hosting within a shared environment, you too will be sharing your IP address, meaning that you may be impacted by what other site owners are doing on the same IP.

There are many benefits associated with using a dedicated IP address:

  • Improve email integrity. Reduce the possibility of having your IP address blacklisted or banned due to spamming by ensuring no one else on the internet has control over any emails sent or received from your IP address. This will also result in a much lower possibility of failure in email deliverability.
  • Access your website at any time you need. Having a dedicated IP address allows you to visit your website at any time without having to adjust your DNS settings.
  • Monitor IP reputation. Speed up the process of removing your IP address from being blacklisted or banned with the ability to monitor your reputation.
  • Requirement with third-party scripts or applications. There are some scripts and applications that may require a dedicated IP address for use.

Making use of a dedicated IP address within a shared hosting environment with BigScoots also means that if and when the time comes to upgrade to a Fully Managed WordPress hosting service, a Cloud VPS service, or a Dedicated service, you can keep your dedicated IP. Not only does this ensure your upgrade is entirely seamless, but it will assist with maintaining your SEO rankings.

Contributor

BaberKhan

Baber Khan, Support Specialist with BigScoots.

Baber Khan has a passion for providing a superior level of customer service and top-notch support to our amazing clients!

When not working, you will find Baber Khan spending his time playing cricket and attending sporting events.

Week 8 – Why does BigScoots use the NGINX web server?

Week8 Facebook

Did you know that as a Fully Managed WordPress, Cloud VPS and Dedicated client with BigScoots, your server is purpose built using the highest performing and current generation hardware built to utilize the NGINX web server? With large performance, reliability, site speed, optimization and security benefits, you can expect nothing but the absolute best from your server!

Why does BigScoots choose NGINX?

NGINX, also known as Engine-Ex, is an open source web server that is very well known for its high performance, highly scalable, feature-rich and low resource consumption capabilities.

The most popular websites in the world such as Yahoo, Youtube, Pinterest, Instagram, WordPress.com and Tumblr make use of NGINX to manage their high levels of traffic due to the ability to achieve the highest level of speed.

NGINX was created to be the fastest web server available on the market, and maintaining that excellence remains the goal. NGINX consistently out performs all other web servers, and is continuously adapting and expanding alongside your WordPress websites.

What value does this provide to you?

  • NGINX supports every component of the modern web and is the absolute best web server available, period.
  • NGINX helps to cache dynamic content that is served from the backend. This removes the need for additional page caching solutions.
  • NGINX is exceptionally good at handling a high number of website requests at once, keeping your memory usage considerable lower than any other web server.
  • NGINX uses a reverse proxy capability to protect your website’s identity by hiding the IP address of your server. Acting as an additional defense against security attacks.
  • NGINX acts as a load balancer that is used to manage incoming traffic and distribute it across multiple servers, reducing the load on an individual server and improving overall performance for your end users.
prasul

Contributor

Prasul, Support Specialist at BigScoots.

While ensuring all clients receive the highest level of support and service available on the hosting market, Prasul is responsible for testing and maintaining all operating systems.

Prasul has a degree in information technology, and when not working you will find him traveling with his family and friends.

Week 9 – What is phishing?

Phishing is a type of hacking that targets users on the web by impersonating legitimate businesses and organizations.

Week9 Facebook

Phishing attacks are done in order to lure the targeted individual into providing personal and potentially sensitive information. Often times this information is in correlation with personal identification, banking and credit card details, passwords, and other important information. In some cases, these attacks can result in identity theft and financial loss.

Phishing attacks usually include a link that will appear as though it will take you to a business or organization website that you are familiar with. It will then prompt you to enter your personal information.

Types of Phishing attacks:

Although there are many forms in which phishing attacks may occur, the following are the 5 most common.

  1. Email phishing – the most common form of phishing attacks. Attackers will register domain names similar to well-known businesses and organizations used to send emails to targets. These domains typically involve a small character difference, such as replacing the “m” in “.com” to an “rn” for a similar appearance.
  2. Spear phishing – a more advanced form of email phishing. Attackers will target a specific individual already knowing some information about the victim such as their name, place of employment, etc. Targets are more apt to fall for the attack in this scenario due to the attackers use of their personal information.
  3. Whaling – another advanced form of email phishing done specifically to imitate senior executives of well-known businesses. These email scams will involve fake tax returns and other types of tax forms to obtain extremely valuable information, such as Social Security numbers.
  4. Smishing and vishing – making use of malicious text messages and phone calls to target individuals. Fraudulent investigators are the most common.
  5. Angler phishing – specific to social media. This form of phishing will make use of websites URL’s, blog posts, social media comments, posts, tweets, etc. to lure viewers into providing sensitive information or to download malicious content.

How do you protect yourself?

Unfortunately there is no way to keep yourself entirely safe from phishing attacks. They are inevitably going to occur however, there are a few precautions you can take to keep yourself safe from these attacks.

  • Be cautious about the emails, text messages, phone calls, etc. that you receive. If any appear to be a phishing attack, do not respond or click the provided link.
  • Do not open any provided attachments.
  • Do not enter any personal information in a pop-up screen. Legitimate organizations do not ask you to enter sensitive information inside a pop-up.

Contributor

Gibu

Gibu, Support Specialist with BigScoots.

Gibu has a passion for providing a superior level of customer service and top-notch support to our amazing clients!

When not working, you will find Gibu spending quality time with his family and friends.

Posted by Katie

Hi, I'm Katie! I take care of Marketing & Communications here at BigScoots. I am involved in advertising, branding, social media, & sales. I hold 2 degrees, one in Biomedical Sciences & a second in Marketing & Analytics. Outside of work, I am an avid blogger sharing my passion behind environmental sustainability while indulging in my love for exploring the world.