Master List of Spam Referral Sources

This post is no longer in use because there is a built in Google feature you can enable on the view settings of each account.

These are to be added to iThemes as blocked user agents.

  • 4webmasters.org
  • free-share-buttons.com
  • buttons-for-your-website.com
  • Get-Free-Traffic-Now.com
  • free-social-buttons.com
  • event-tracking.com
  • guardlink.org
  • best-seo-offer.com
  • trafficmonetize.org
  • www8.free-social-buttons.com
  • www.event-tracking.com
  • 100dollars-seo.com
  • sitevaluation.org
  • webmonetizer.net
  • floating-share-buttons.com
  • www4.free-social-buttons.com
  • site1.floating-share-buttons.com
  • site2.floating-share-buttons.com
  • site3.floating-share-buttons.com
  • site4.floating-share-buttons.com
  • site5.floating-share-buttons.com
  • success-seo.com
  • buttons-for-website.com
  • www1.free-social-buttons.com
  • www2.free-social-buttons.com
  • www3.free-social-buttons.com
  • www5.free-social-buttons.com
  • www6.free-social-buttons.com
  • www8.free-social-buttons.com

 

Permanent redirect all pages to HTTPS on WordPress

In the past we have modified the standard WordPress snippet in the htaccess file to add this redirect code. It is best to add this as a separate section in the htaccess file to prevent it being overidden by security plugin or a WordPress update.

# https
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}/$1 [R,L]
# end https

The Boom Visibility Parent Theme

Adapted from the WordPress Twenty Twelve Theme

Sliders and Tabs use Bx Slider

Photo Galleries and Single Images Use Osvaldas Responsive Gallery Script

The responsive Menu uses slick nav.

A copy of the parent theme can be worded on and experimented on PhilaDirectory.com.  Don’t assume the latest version is on there though.

bvi-twentytwelve-15-4

Needs columns shortcode and newsletter sign up code for gravity forms.

bvi-twentytwelve-15-3

Reorganized style.css into areas with their own sets of media queries.  Add PDF jQuery script to assign class to PDF’s and open in new window. Removed UL LI grids.

bvi-twenty-twelve-css

Charlie’s Version of the parent theme deviated from the Saas build.

bvi-twentytwelve-scott

Scott’s Version of the Parent theme deviated from the Saas build and a few additional sites.

Required

  • Advanced Custom Fields
  • Gravity Forms

Setting Up Gravity Forms Notifications Settings

Gravity Forms notifications are set up in the individual settings of each form. Under notifications, select Admin Notification (the default).

The Send to Email should be set to the email addresses the form should go to.

From Name can be set from the drop down to the right. The First Name should be selected, then a space, then Last Name.

From Email should be set to something like wordpress@<site URL>.

Reply to should be set to the user’s Email address (again, in the right hand dropdown).

BCC to admin email address.

Subject remove all but New Submission Form and add  First Name , then a space, then Last Name, as before.

If this form is in a sidebar, add Embed Post/Page Title into the Message.

 

Post-Hack Procedures

Reset FTP passwords

Reset all admin passwords

Reset database password

Reset WordPress SALTs

Check to see if any new users have been added

Replace all WordPress core files outside of Wp-content, except for WP-config.php.  Visually check over this file, if you are unsure then copy the database specs to the wp-config-sample.php and rename it.

Within WP-content.

Manually go through all of the folders within the uploads folder.

Manually review all files in the active theme folder.

Delete the cache folder it is there.  Delete unneeded themes.  Remove unneeded or unused plugins.  For any remaining plugins delete the folder and redownload them from the repository.

 

 

Configure iThemes Better WordPress Security

Enable all initial options including 1 click secure.

Set notification email and backup email to web@ address

Send Digest Email

Set web@ address for brute force

Disable PHP Uploads

Enable 404 Detection

Enable Blacklist Feature in Ban Users section

Enable Infinite WP Compatibility

Enable File Change Detection, split files scanning into chunks

Retain 10 backups, enable scheduled backup, set backup interval to every 7 days

Protect System Files

Disable Directory Browsing

Remove RSD Header

Reduce comment spam

**turn off Blacklist Repeat Offender

If the website has a history of malware it is also good to change the login URL.

Add the master list of spam referral sources to the blocked user agents.

Setting up Contact Form Goals on Google Analytics

  1. Create a thank you page.  Take note of the page title and the URL.  Use a unique title if setting up multiple forms so its easy to find this page.  For example ‘Thank you requesting a consultation’.
  2. Go to the advanced tab of the Yoast portion of the page and exclude the thank you page from the sitemap and set it to noindex.
  3. Go to Forms > Selected Form > Confirmations – Select a page confirmation and choose the newly created thank you page as the confirmation.
  4. In Google analytics go to the Admin menu and select Goals > Custom Goal > Destination.  Use the partial URL of the page include leading and trailing slash. (/thanks-quick-contact/)

WordFence Configuration

WordFence is a security plugin that we install to all our sites before launch. It is a very powerful tool with many capabilities so this post should help optimize the plugin to fully utilize the features.

Once WordFence is installed, you have to go to Options link under the WordFence button in the Dashboard menu. WordFence will ask you to enter your email and then you can proceed with the configuration.

Basic Options:

  • You should uncheck the Enable Live Traffic View because it will tremendously slow down your site load-up speed.
  • For the to “How does Wordfence get IPs:” you want to select the “Use PHP’s built in REMOTE_ADDR…” option from the drop-down.

Advanced Options:

Alerts:

Uncheck the “Alert when someone is locked out from login” and “Alert me when someone with administrator access signs in” options.

Scans:

Make sure all options are selected

Firewall:

The following image will show you how I configured the firewall options. You can choose to change the options to better suit your needs and you can also choose to block the users or crawlers that break rules rather than throttling them.

wordfence

Login Security Options:

  • Change the drop-down values  for the “Lock out after how many login failures” and “Lock out after how many forgot password attempts” options to 5.
  • Change the “Amount of time a user is locked out” to 30 minutes.

Other Options:

You want to enter your site’s IP Address into the “Whitelisted IP addresses that bypass all rules:” field.

 

Getting special character HTML to show up in HTML code

If you type in something like & copy ; and then toggle back to the visual editor it will convert this to ©

Some older computers will not be able to interpret this symbol and show a question mark it its place.  To prevent this from happening we found this code on Stack Exchange.

// Custom configuration for TinyMCE
function wpsx_54398_configure_tiny_mce( $initArray ) {

    // Add some common entities to the default array (copy, reg, trade, service mark, euro)
    // The odd entires are the entity *number*, the even entries are the entity *name*. If the entity has no name,
    // use the number, prefixed with a hash (for example, the service mark is "8480,#8480").
    $initArray['entities'] = $initArray['entities'] . ',169,copy,174,reg,8482,trade,8480,#8480,8364,euro';

    return $initArray;

}
add_filter('tiny_mce_before_init', 'wpsx_54398_configure_tiny_mce');

Getting images to float without extra margin or page breaks

By default the WordPress visual editor will ad ‘p’ tags to all of your text and images. When you are floating an image the p tag around it can create more margin than you want, and it often ads an extra ‘br’ tag to the code which can cause spacing problems.

Add the following code to the functions.php file to prevent the IMG tags from being wrapped in a p tag.

Thanks to Css-Tricks.com for this code. css-tricks.com/snippets/wordpress/remove-paragraph-tags-from-around-images/

function filter_ptags_on_images($content){
   return preg_replace('/<p>\s*(<a .*>)?\s*(<img .* \/>)\s*(<\/a>)?\s*<\/p>/iU', '\1\2\3', $content);
}

add_filter('the_content', 'filter_ptags_on_images');