Rainbow WordPress Rap

Howdy Folks!;

This communique is from Lookingheart a focalizer at https://rainbowfamilygatherings.net and is intended to help other internet focalizers with WordPress websites overcome a few primary issues when setting up such a website. At 10 pages long this information is well rounded but not too technical and is an easy read worth your time and may save you considerable hassles in the long run. This article / Rap can be found on the website under the site journals. Feel free to share this information with others who may benefit from the information.  —  While WordPress in focus, some details may be viable for general website administration though there will be different tools to achieve the same level of security and protections to your end users and domain health. Other articles coming soon.  Blessings.
 
——————

Re: WordPress Administration. A general guideline with some suggestions and not intended to be a full assessment or complete list of tools or protocols. More in depth writings will come at a later date by this author and others. Please consider this information as a primer and friendly advice given to help new website teams to be more effective and as a good start to protecting sensitive information on a new WordPress website from day one. Use of the suggestions below are just a start to good administration and in time you will find additional tools that help create a safe environment to your WordPress website.

Offered below is just a small sample of protocols but are very important to the overall effectiveness of your WordPress website and include advice, suggestions, commentary, links and other information for site administrators and their focalizing teams. Done properly your new WordPress website will be useful, protected and easy to manage.

While the information below may seem intensive at first glance I assure you it is limited and only a small inclusion into the chores and protocols all focalizers should consider when setting up a WordPress website that will include sensitive data and the use of a server SMTP to send and receive emails. What more, the advice contained below will help you if your site is ever lost, compromised, hacked or suffers an internal or external corruption – innocent or intentional.

Content covered is limited with a focus on Communications Security / SMTP and Backup. All are base starts to a new WordPress website and should not be skipped over in the heat of publishing content to the internet. There are other tools as well as ways to restrict content to private or public. I wanted to focus on what I feel are the most important aspects of building a secure website that also protects the administrator from future complications due to hacking of security loopholes causing issues with data breaches and being tagged as a spam site which can lead to other issues in the online world.

I am always available to help any focalizers with WordPress, Facebook, Youtube, Google, SMTP, API, Development, Analytics, Security, Android and iOS mobile applications, Backups, Applications, Storage, Coding, Programming, Networking  ……..  And a host of other skill sets too many to list. If you need help and have no viable resources to cull from, feel free to contact me personally as I may be able to help in some manner.

Email:  ozarkcruiser@gmail.com (personal)
Phone: +1 (417) 409-8221  /  USA – CST ~ Messaging & Text (Iphone 6S)
Facebook: Rainbowfamilygatherings Group

If you have any questions, advice, comments or suggestions please contact myself or the focalizer team via the website listed above, email is a good choice or feel free to join our team of focalizers to be included in a dynamic focus that is community minded.

~ May peace be your journey ~


Rainbow WordPress Rap

Effective Tools – Organized Management – Security Protocols

Email Accounts / SMTP Security / Backup & Restore / Encryption

August 2021 by Lookingheart   —  Public Domain & Copyright-Free. Not to be sold under any conditions. Original Content/Source below. An expression of love gifted to the Rainbow Family of Living Light.

~

While WordPress is a great tool for building websites, blogs and social forums it is not without complications nor is it the most secure program as it is an Open Source project that many hackers exploit. Left unattended and without proper protocols to ensure security, your domain can suffer several attacks resulting in data breaches, email relay, corruption of programming and loss of access to your administration dashboard.

In most instances corrections can be made and the security updated to close loopholes in the program. There are many plug-ins for WordPress and documentation on security issues. Below are a few of the plug-in suggestions for your WordPress site with some general information on the use of the plug-ins. This is not a complete list but does offer a few suggestions based on past experience and in the interest of making sure your website is secure as well as easy to use in the future.

Depending on what plug-ins you add to your website you will need some experience in API settings and Developer Accounts. Apple, Google, Facebook, Youtube and many other service providers have API development accounts that will allow you to set up simple API keys and all of them have documentation on use. Plug-ins also offer documentation as well as links to accounts that will be needed for their use.

There will be several instances where you will need an email account to associate various Developer accounts and for website administration duties. If there are more than one Focalizers for your website it is almost a certainty that a common email account will be needed at some point as accesses to site functions will be delegated or are needed to have an effective team that can perform duties in a fluid manner. Keeping general information and controls under one or more email accounts will help you in the future when administering your website.

Organized under one or several email accounts your information will be easy to find should you need to change settings and you can allow specific users with access to the various email accounts and any other service providers used to compliment your website (API Consoles – Development Accounts).

This is very important and should be a first consideration when setting up your website. NEVER use your own personal email account or another domain email address. If there were ever a major complication with your http://brandX.org website / domain (ie: Blocked IP, SPAM listed, Service Cancellations, etc.) you would not want your personal email accounts affected or cancelled. Heed this advice early as in time it would become apparent as a need.



*Email Accounts

NOTE: It is suggested that there be at minimum 3 separate email accounts for your website. I suggest Google’s Gmail as a good choice as it will keep things organized, offers additional features that will be needed or desired and can serve as a WorkPlace for other focalizers. Their service is available world wide and access to the Gmail accounts are generally 90% uptime and their servers are secure. The control panel in Gmail is simple and there are a lot of people who are familiar with its use. It is also free so the price is right. Examples below:

  1. yourwebsitename_admin@gmail.com
    This type of email account should be used for all critical information and access limited to just a  few trusted people on your administration team. This email account might be used for Developer Accounts, API Accounts, Plugin Communications and other upper echelon administration accounts. This is also a good place to store your private keys, passwords, usernames, links and notes in an email that you send to this email account. Simply email that account any information you may want to retain at a later date and make the subject line specific. 
  2. yourwebsitename_focalizer@gmail.com
    This type of email account should be used for all general duties on the website such as approving user accounts, approving comments, answering questions, notifications from noncritical plug-ins, focalizer communications. This type of account can also be used for meetings, storage and access to documentations you want to have available to your focalizer team.
  3. yourwebsitename_contributor@gmail.com
    This type of email account should be used for all general duties not listed as an administration or focalizer. Types of uses may be the WordPress sites primary email account and tied directly to a Facebook group forum, Facebook Business Account, Facebook Messenger, Website Chat Box, general Youtube accounts or Facebook Page.

    The email account names can be anything and the above are only examples and are intended to teach some of the separate uses and various levels of access provided by multiple email accounts. What is important is that your personal email account not be used, sensitive information is protected, other people have a measure of access to help steward rudimentary website tasks. Alternatively, a third email account used as public would be a very active account in some instances and is also the one most likely to be flagged in an “Event”.

    1 – Private (Data) Account for “Business” – Restricted
    2 – Semi-Private (Focalizers) Account for “Community” – Focalizing
    3 – Public (Everyone) Account for “General Use” – Display/Presence


Understanding the importance of separation is critical and will become apparent as a need in time and it is hoped that the information provided above will educate focalizers and offset future hassles and a need to make changes. While each email account is vital to good operations there are many other uses to the Google Gmail platform that can be used to stimulate community building along with communications, mapping, storage and for their use as data clouds within Google’s Apps package. An excellent place off your server for large files, photos, PDF’s and a host of other useful applications for getting work done while sharing with others.

*SMTP Security

SMTP is “send mail transfer protocol” and is how your emails are sent and received. Information through your SMTP is located on an email header in the source of the email and is manipulated in various ways depending on your settings, your servers settings and any third party settings. Some of the information is manageable and can be steered by editing settings that you can control while other items may not be user friendly. 

WordPress works with your server PHP programming and some settings can be manipulated through the WordPress settings but are limited. In other instances as an administrator on your server, you may have some abilities to change settings and manipulate your emails. WordPress uses the PHP mail function to send emails generated by WordPress or any contact form plugin. If the proper authentication isn’t there, then emails either go in the SPAM folder or worst, don’t get delivered at all. A major issue is that most WordPress hosting companies and reseller server spaces don’t have their servers properly configured for sending PHP emails. The combination of two causes your WordPress emails to not get delivered. It is also a known fact that some hosted servers have their Ip blocked or are flagged as spam, routing your emails differently may help avoid your emails being automatically sent to a spam folder or not delivered at all. 

There are programs and plug-ins that can be installed to manage various aspects of your email handling protocols, it is highly suggested that you update and/or inspect your WordPress settings and make changes where appropriate. Alternatives beyond the WordPress settings are an effective way to thwart vulnerabilities and offer additional dynamics that are easy to manage such as authentication, header specifics, scheduling dates, return addressing, routing, masking, logging, blocking, white listing / black listing and a host of other features.

WP Mail SMTP Version 3.0.3 | By WPForms  –  Reconfigures the wp_mail() function to use Gmail/Mailgun/SendGrid/SMTP instead of the default mail() and creates an options page to manage the settings. Documentation, support and much more. Free version works just fine.


Either properly configure your WordPress SMTP settings and those on your server or install a good management plug-in so that you have a measure of control with the settings. Become familiar with how your emails are sent and received as well as any associated programs and how to access them. Below is a reiteration of topic points:

  1. SMTP can and should be managed. Access is important.
  2. SMTP uses API for authentication and is a security key.
  3. How and where your email is received and delivered is critical.
  4. Many reseller servers IP’s are flagged as spam.
  5. WordPress SMTP may be vulnerable and is limited.
  6. Some servers may not be configured properly.
  7. Plug-ins simplify access and control to SMTP settings.
  8. Routing SMTP can be useful in some situations.
  9. Protecting data is imperative as is understanding the issues.
  10.  SMTP is a hot spot attack on server ports.

* Website Backup

If you have spent any time building the design and function of a WordPress or any other website than you know of the vast amount of time incorporated into the development of a fully functioning piece of art, or an unfinished “work” that is up and running. Initially there is a lot of time in understanding the operation and functions of WordPress, for some people this learning curve may take weeks before any good progress is made. This is valuable time and in some instances a corrupted website can not be duplicated by the same hands in an exact manner. It takes time to get things to work together with a good appearance.

Lost work is a disappointment as well as a struggle. Backing up your WordPress site and restoring it is very simple but does come with some considerations. Here are just a few samples that are basic considerations.

  1. What to back up?
  2. Where to back up?
  3. What data protections should be implemented?
  4. Quick access and restore options?

There are several ways to backup a website including the WordPress program. While some ways are more convenient others may be a bit more detailed. For simplification let us look at WordPress alone and best options available for that program and needed content to be saved. These suggestions are a quick guide that will save you a lot of time and extra work. Again, be creative as there are other ways.

A simple plug-in that works very well with WordPress, Google APP DOC’s and a Gmail account is UpdraftPlus – Backup/Restore Version 1.16.59 | By UpdraftPlus.Com. UpdraftPlus – Backup/Restore

Backup and restore: take backups locally, or backup to other storage spaces, generates an email and has automatic schedules. This plug-in is efficient, can be expanded and custom tailored with many other options. The free version is excellent and works fine without purchasing the Pro versions. Comes with documentation, support and other inclusions. It is highly suggested and is a known plug-in so if you need help we understand it and can offer help.

What to back up?  –  UpdraftPlus is comprehensive and will back up the whole site but in the interest of saving space only the database and WordPress setup needs to be backed up. WordPress core is available for free download so there is no need to save that information. 

Essential to a good save are the database, plugins, themes and uploads. If you are operating a forum and other inclusions you would want those saved as well. These would include member lists, additional functions, possible drafts and stuff just outside of WordPress on the server.

2 copies of original site setup and/or 2 monthly backup sets of a “Satisfied” site that is working correctly and is set up to your liking. It is always good to retain an original design backup as an archival document that is dated and preserved. Below is additional information on backup protocols and strong suggestions for being well rounded with a solid backup plan.

Where to back up?  –  Several places is the answer but in short backups should follow these suggestions for safe keeping. These backup copies should be kept on a local drive and exact copies in a Google Apps DOC folder. The UpdraftPlus plug-in will walk you through the basic backup settings and guide you through allowing API access permissions to your chosen Google APPs Doc folder. UpdraftPlus is limited in the free version and will allow you to backup several copies to ONLY one remote location and so there is advice below that is recommended to protect your backups. UpdraftPlus also creates a backup folder called UpdraftPlus. Backups in this folder are subject to being overwritten.

Make your backups to the Google Apps Doc folder used by UpdraftPlus.

In Google Apps Doc’s folder create a “Backups” folder outside of the Updrafts folder and within it make a few new folders and give them names. Ie:  WebsiteName_Origenal, WebsiteName_Monthly, WebsiteName_SAVE. These additional folders are where you would want to paste copies of backups. Simply copy what UpdraftPlus has placed in your UpdraftPlus folder. You would also save/download these folders on your hard drive or a remote location.

WebsiteName_Origenal – Original site backup (Archive)

WebsiteName_Monthly – Copies of monthly backups by date.

WebsiteName_SAVE – A “Satisfied” website, something you want to keep.

Reminder: UpdraftPlus creates a backup folder called UpdraftPlus. Backups in this folder are subject to being overwritten. This should be a current copy of your Website/Wordpress and may be overwritten during a scheduled update or by others with site administration credentials at any time. For that reason, those additional folders with backups are recommended. Site development can and do cause crashes or conflicts. If you are working on a live site that fails and for some reason that current copy gets overwritten in the UpdraftPlus folder — You will be saved by the other saved backups. Always get a current backup BEFORE making changes to your Website/Wordpress and when finished to satisfaction, perform backup duties to the proper folders for safe keeping.

What data protections should be implemented?  – Database backups should always be encrypted for security purposes during transport to off server storage. Likewise any place you store data should be secured. The UpdraftPlus plug-in provides for secure encryption during transportation and there are additional protocols you can implement to add layers to protections. 

Any extra precautions should always be discussed with team members and anyone having valid access to sensitive data. It is worthy to mention that any software used for security purposes should be standardized by team members and some form of password sharing that is respected. NOTE: Encryption software is password driven and for the most part are not accessible without proper password keys. Lose the password and any data may be permanently sealed and unusable. Good passwords are uppercase, lowercase, numerals and some special characters.

Data is packaged (compressed) by UpdraftPlus into a GZ file that is compressed by the standard GNU zip (gzip) compression algorithm. – This data can be decompressed very easily and does not require much more than a common text editor to read. UpdraftPlus encrypts data for transportation only – Additional features are available in the pro versions but can be worked around with encryption tools that are good for other encryption / protection uses.

Password protection for individual folders are not directly or currently supported for Google Docs in general. Your Google Docs documents are protected by your account password only unless extra measures are implemented. Google Apps / Doc’s does have some add-on tools that can and should be used for additional password and encryption purposes. Recommended are PDFelement, Secure File Encryption and Boxcrypt.

Use of these tools are free or base trial versions that are either included with Google APPs or as stand alone programs. There may be instances where someone on your administration team will be using an operating system or browser that is not compatible with Google APPs but would be rare but possible. Have several backups as redundancy can be beneficial. Encrypt sensitive data prior to archiving and do not lose your password. Protecting sensitive data comes with responsibilities and some extra efforts but is worth the investment. Learning new methods and tools usage can take time but once you have the skill sets the workload will be quick and effective.

Quick access and restore options?  –  If all the above advice and suggestions have been followed you and your administration team will have the tools and support needed to quickly replace a corrupted WordPress website to a fully functioning duplicate of your last backup, dated archive, seasonal project, original base configuration or a scheduled future implementation version.

The UpdraftPlus plug-in is quick and easy to use for backup, restore or migration / cloning of your WordPress website. Google APPs Doc files are easy to understand and you now have knowledge on encryption protection. Any additional tools will also have documentation and support for their use. Get to know these tools and share these skills with your administration team. Protecting sensitive data is not complicated nor time consuming. What you have learned here can also be used in other applications where security and encryption is vital to protecting your WordPress website users.


Conspectus and Review

Email Accounts / SMTP Security / Backup & Restore / Encryption

These four considerations and proper protocols will garner a secure WordPress website and provide protection to your membership accounts as well as other critical data that perform useful functionality to your website programming. The advice and suggestions offered in each category are deeply important on many levels, individually they can be managed in a variety of ways with the use of various other tools or by different methods.

What is presented here is shared as a guideline based on experience gained through trial, error and successes over many years of efforts to do good work. Attention to core principles of stewardship and a desire to protect assets has always been a driving force to learn more. Technologies change and with those changes come new challenges that must be met with new knowledge.

Never stop learning new skills, be eager to stay informed and find ways to help others.

Inventory Reference:

  • WordPress – Free / Open Source – WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system, referred to within WordPress as Themes. – Details
  • Google APPs – Google Apps is a Web-based and collaborative Software as a Service (SaaS) solution that customizes the proprietary Google platform and brand for businesses of all sizes, including large enterprises. Google Apps facilitates the provisioning of Google applications and user/enterprise management tools, including Gmail, Google Talk, Google Calendar, Google Docs, Google Videos and Google Cloud Connect. – Details
  • Gmail – Gmail is a free email service provided by Google. As of 2019, it had 1.5 billion active users worldwide. A user typically accesses Gmail in a web browser or the official mobile app. Google also supports the use of email clients via the POP and IMAP protocols. – Details
  •  WP Mail SMTP – WP Mail SMTP fixes your email deliverability by reconfiguring WordPress to use a proper SMTP provider when sending emails. Best of all, our easy-to-use Setup Wizard and detailed documentation guide you through the process. – Details
  •  UpdraftPlus – simplifies backups and restoration. It is the world’s highest ranking and most popular scheduled backup plugin, with over three million currently-active installs. Backup your files and database backups into the cloud and restore with a single click – Details
  •  PDFelement –  An all-in-1 PDF solution with powerful tools to reliably create and manage PDF forms and documents. Not free but very useful as a focalizing tool. Seek other alternatives if your project is small and a free trial of a similar program will suffice. – Details
  •  Secure File Encryption – This robust app provides bank-grade AES256 encryption to protect your private files stored on Google Drive™. No unencrypted data ever leaves your own computer. – Details
  •  Boxcrypt – Boxcryptor provides a user-friendly, additional layer of security for cloud storages by encrypting files locally on your device. Since Boxcryptor was optimized for the cloud from the very beginning, the encryption takes place on every file and access can be shared. – Details

Useful Plug-ins For WordPress (Not mentioned)

Download through WordPress Plugin search. Install is automated and has immediate activation as well as site propagation. Site management and utility tools.

Broken Link Checker

Checks your blog for broken links and missing images and notifies you on the dashboard if any are found.

Chat Bubble

Easy to get leads with beautiful floating contact form & get followers and chat messages via Facebook Messenger, WhatsApp, Telegram, Line, Skype, Zalo.

Classic Widgets

Enables the classic widgets settings screens in Appearance – Widgets and the Customizer. Disables the block editor from managing widgets.

Custom Sidebars

Allows you to create widgetized areas and custom sidebars. Replace whole sidebars or single widgets for specific posts and pages.

EWWW Image Optimizer

Reduce file sizes for images within WordPress including NextGEN Gallery and GRAND FlAGallery. Uses jpegtran, optipng/pngout, and gifsicle.

GTranslate

Makes your website multilingual and available to the world using Google Translate. For support visit GTranslate Support.

PublishPress Capabilities

Manage WordPress role definitions, per-site or network-wide. Organizes post capabilities by post type and operation.

Simple Google reCAPTCHA

Simply protect your WordPress against spam comments and brute-force attacks.


WP-Sweep

Allows you to clean up unused, orphaned and duplicated data in your WordPress. It cleans up revisions, auto drafts, unapproved comments, spam comments, trashed comments, orphan post meta, orphan comment meta, orphan user meta, orphan term relationships, unused terms, duplicate post meta, duplicated comment meta, duplicated user meta and transient options. It also optimizes your database tables.


None of the programs, software, plug-ins, services or mentioned proprietary tools referenced in this Rap should be considered an endorsement of the products nor are any methods conveyed intended to be an absolute manner on how to manage a WordPress website or a definitive manual on the care and handling of sensitive data. The only compensation for the time spent is satisfaction in the belief that it will help someone or several someone’s in a kind way or stimulate thoughts that lead to bigger ideas and processes. I also enjoy the selfish privilege of literary exercise and the ability to express opinions, ideas and knowledge to others, a pleasure of unmeasurable tidings found acceptable and worthy in my own heart.

I sincerely hope that what has been written here helps you and your team of focalizers to also do good work for the community, may it also open the mind to the real issues facing our individual experience online and the ever present threats that can crush hopeful projects large or small. The Rainbow Family of Living Light is diversified to the extreme and highly individualistic in every respect. Even so, protection of the kindred is a universal concept that deserves respect. Diligence in an exposed virtual reality is paramount to the safety of end users. Security begins when you install a WordPress website.

In Respect;   Lookingheart
August 15, 2021

Bookmark(0)

No account yet? Register

Leave a Reply

Your email address will not be published. Required fields are marked *