covid days : 30 April + upgrades

6:30a:
Last working day of the month and WordPress releases an update. I have developed this little anxiety about updates. I have always believed that if you’re going to update or upgrade something that you should be physically present in case something goes south and you’d be there to fix it. With this extended quarantine you’re stuck at home or some other place and you cannot be physically present. That’s where the anxiety starts.

9:48p:
And it has been a long day. People had unconsciously shown me how they behave in stressful situations. This pandemic has shown me the hidden in people. Some are good. Some more bad than others. There are no concrete conclusions but there have been decisions I have made mostly for my consumption. Good bye April.

WordPress Reminders

Quick WordPress reminders or tips that shouldn’t be forgot [a moving checklist]

  • Pick plugins carefully. Look at the number of active installations and user ratings — higher numbers reflect its usefulness and security. No one in their right mind will use an known insecure plugin. Look at the date when it was last updated — it shows how active the developers are in modifying, upgrading, improving their plugin.
  • Pick themes with care. Check the theme details, click on Live Preview and see how the site looks with it. If I cannot do a Live Preview, move on to the next that interests you. I usually look the the featured themes as I assume they have been looked over by a human third party not involved in the theme’s development.

 

AIOWPS and the WordPress mobile app

I cannot login to my WordPress site using the Android mobile app. I have the All In One WordPress Security (AIOWPS) plugin installed and enabled the Completely Block Access to XMLRPC checkbox.

I have to note that when I blocked access to XMLRPC my failed logins went from more than 3,000 for one month to zero which means the login bots were trying to guess a username/password combination to gain access to the site.

I prefer to keep blocking XMLRPC access but I also want to use the mobile app.

I found two ways around this situation.

If I want to use the WordPress mobile app, I really have to uncheck the  Completely Block Access to XMLRPC checkbox keeping the Disable Pingback Functionality From XMLRPC checked.

If I want to keep my sense of security, I have to block access to XMLRPC and just use a browser instead of the WordPress app in my mobile thingy.

 

keep it updated

I’ve heard people say WordPress and open-source in general is not secure. I believe otherwise. Simply keep the app and its associated plugins updated and you’re good.

If you customized your theme, the next theme update will wipe your customizations so seriously think of creating child themes. It’s easier than you think.

Should the plugins you use stops development then ditch it and look for another plugin.

Sometimes the process is tedious but you’ll feel more secure about your WordPress site.