Keeping your site secure or safe from hackers is not always easy but is something you need to be aware of. One thing I encourage you to do just in case your site is compromised is to always have a back up of your files and database. As a start, one plugin that can help with this is named BackWPup ( www.backwpup.com ). You can set this plugin to backup your files and database daily, weekly, monthly, or if you feel even hourly. But you can have it email it to you, save it to another server via FTP, or even save it to your DropBox account.

There are a few steps that you can take from the beginning when you first setup your WordPress site. The first thing to do is do not use the default table alias. WordPress by default will suggest that it use “wp_”. If you are only going to use the database for your site and not add any other tables I would suggest you take it off all together, but to make it even more secure use a different alias.

If you already have a site up and running and just want to take what you have now and make it secure here are the list of plugins and what they do:

• Change the login URL
  By default WordPress uses your URL / wp-login. To make it more secure  you can change the URL to be used to login. Sometimes people want /manger, /login, or /admin. Whatever it is that you choose you can use one of these plugins to change it from the default
  - Ozh’ Simpler Login URL – Link
  - Peter’s Login Redirect – Link
  - Custom Login and Admin URL’s – Link
• Limit Login Attempts
  By default WordPress does not limit that amount of tries to log into the Admin. It will instead inform the user instantly that it is not correct and allow them to try again. So using one or even both of these plugins will help you limit this and track what is going on
  - Limit Login Attempts – Link
  - Login LockDown – Link
• Find Out What Security Holes Your Site Is Susceptible To
  Run tests on your site to see what security holes may appear in your site. It is a full time job to stay on top of what the latest security risks are out there. So to help know what your problems are run one, or both plugins to evaluate your sites holes and close them up as you can
  - Ultimate Security Checker – Link
  - Secure WordPress – Link

These are just a few ways you can secure your WordPress site just using plugins. There are other ways that I may expound on at a later time but it requires editing code, editing configuration settings on the server, and even updating the .htaccess on the server.

Bonus Thought:
Another thing that I would encourage all to do that does not make your site a little more secure is in your robots.txt file that you have available to the search engines is to have them ignore your wp-content directory. There is no reason they need to go through these files. To do that you can add the following to your robots.txt file:
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/cache
Disallow: /wp-content/themes
Disallow: /wp-login.php
Disallow: /*wp-login.php*
Allow: /wp-content/uploads

What plugins are you using to secure your WordPress site?

When I heard the news that IE has dropped just below 50 percent market share on the desktops, I reflected on when I started to develop for the web. When I started web development seriously, I was working for the Davis School District in Utah. We were required to use IE5, but when IE5.5 came out I was so excited. So hearing this news brought back memories (some good and some bad).

To this date I do not use Internet Explorer. I still like Firefox myself, but I do have Chrome installed. I mostly use Firefox out of habit and knowing how to work my tools or plugins with it keeps me happy. But I have not used Internet Explorer myself since IE6. I moved on to a better, safer, faster, and more compatible browser.

I don’t have anything against Internet Explorer like some other developers. I think it is because I have built many PCs, I have worked on even more PCs, and I have had to interact with the owner of those PCs. They use Internet Explorer out of ignorance. You ask them what browser they use and most of them will say “I use Google.” Then if you follow up that answer with “Oh you use Chrome?” they will say no and you will discover that they use Internet Explorer and Google is their home page.

People don’t know the difference between browsers like developers or geeks. This is where we can help educate them. But before you can educate them you need to really know what the problems are. Don’t just hate it cause it is what most developers do. Know or learn why. I used to swear by Internet Explorer, not at it. But as I learned about ‘web standards’ and I started swearing at Internet Explorer.

Now with Internet Explorer falling below 50 percent market share on the desktop and less then 0.2 percent on the mobile, does this mean we need to stop cross browser testing? No. There are still people out there using the default browser that comes with Windows and they don’t know better.

We as web developers need to still provide the best web browsing experience possible to the end user no matter what browser they use. We need to test the site fully to ensure that it will work in Internet Explorer as best it can. This may not be the exact same experience as when a user uses Firefox, Chrome or Safari but we need to support the Internet Explorer users. Even if you don’t like Internet Explorer there are users out there that will visit your site, your companies site, or your own personal blog that use Internet Explorer.

Another responsibility we have as web developers is to educate the users or your clients to the differences the end user will experience when using different browsers. Not only different browsers but different operating systems with different browsers. Fonts render different, colors are different, and at times the code will need to be tweaked to display differently.

Internet Explorer is still here and still the biggest and strongest player on the Internet. On top of that it is job security that we still have jobs fixing bugs. With the growth of popularity of Macs and more people using mobile browsers I feel that Internet Explorer will become just another browser out there, but will not dictate how the Internet should be displayed as it used to. The browser that will become the biggest player on the Internet will be the one that works well on desktop and mobile.

What browser do you use most often? Where do you see Internet Explorer in 5 years?

For more information:

Event Website
Facebook Event Page

When he talked about the results they got from this $3M, 1.5 year investment, he said that only about 30% of what the team produced was able to be salvaged and used. The other 70% had to be rebuilt from scratch. One of the most telling things he said was that by the time they got all the kinks worked out and the team there was working at full speed, the production they saw from the Bangalore office was about what they would have had if they had kept their technical manager here in the States and hired one more guy like him. Two top notch guys (for argument sake, say you’re paying them each $150K per year, a total of $300K/year plus their office space and any other administrative overhead) would have yielded the same output as a 50 person team costing $2M per year. He didn’t say, but if that doesn’t already factor in the “30% usable output” then the difference is even more drastic. Don’t forget that another cost besides the money is the time it takes to get to the right solution. If 1.5 years is what it would take to do it right, then 1.5 years to get it 30% right means you still have a lot of work to do and a lot more time (1-5 years) to really get it done, which in a competitive market can leave you in the dust.

One really sad thing is that this story is hardly unique. Many people we’ve talked to who have tried outsourcing projects (to India, Russia, or anywhere) have run into similar problems and worse. Most of the outsourced web development projects we hear about didn’t get in that deep of course, but the principle is the same.

So what is the moral of the outsourcing story? It really is the same lesson many others have learned: Cost, or hourly rate, isn’t the only thing that matters. Sure your outsourced developers are cheap, but what do you get for it? What’s the quality and quantity of their output?

Mark tells a great story about a guy who has a brain tumor. He needs brain surgery. For the same price, he can hire a team of 10 nurses, or one brain surgeon. In this case it is obvious who he should hire – the quality of the brain surgery done by the team of nurses wouldn’t be the same. Now, say you fell of your bike and skinned your knees and elbows. You probably don’t even need a nurse to put on a bandage for you, but if you hired one, he or she would do a great job I’m sure. Say you need stitches though… you’d probably want at least a nurse for that. Most doctors or paramedics could probably handle broken bones and could stop some pretty serious bleeding. It’s all about finding the right skill level for the job. There’s usually a minimum skill level to get something done right. Then there’s a range of skill levels where the solutions range from “right” to “better” to “awesome”, and a point where higher skill doesn’t give you higher quality. This spectrum is different in almost every project, and for every client. What quality is acceptible to you may depend on a lot of things: your budget, how concerned you are with the perceptions it gives your audience, how much time you have, how concerned you are with short-term needs and costs compared to long-term benefits and savings.

That brings me to Mark’s next metaphor: finding the right balance on the spectrum of quality and cost is all about “the 9′s”. A solution that is 90% of the way to perfect, that’s one 9. If you get it to 99%, that’s two 9′s. Some applications need 99.999% of perfect, or the well-known five 9′s. The problem is that not all 9′s are created equal. The first 9 is the least expensive, fastest, and easiest. Almost any web developer can get you to one 9 in most projects they start. At that point, some developers will hit a brick wall, and can’t really get you past that point, no matter how much time and money you throw at it. They simply aren’t equipped for the task. A good example of one 9 is the really cheap website, like the $499 web site special you can find sometimes, for a template-based “custom” design and a static web site. Even though it feels like 90% of perfect is really good, it doesn’t mean that you’re better than 90% of the other websites out there. You’re probably in the bottom 5-10% with a site like this, maybe lower.

The second 9 may increase your costs by 20%, or it may double the cost, but it is usually still in a reasonable price range. This might be the $750-1000 web site, with an inexpensive web designer who can design and build a static site without starting from a template. This developer has a higher skill level and can build something that has much higher quality than the cookie cutter template site. The 99% site is probably getting a lot closer to average, but I’d say it is probably still in the bottom half of web sites.

The third 9 takes another step up in both cost and quality, and for a lot of people, it is well worth it. 99.9% is a lot better than 90%, and here you might be an average or above average website for a small to medium company that wants to look respectable. Continuing with the website analogy, this might be your $1500-2000 web site that has a pretty nice custom design, well built HTML/CSS code, and might have some content management functionality. For example, this could be a custom design implemented into a good WordPress theme, so you can manage the pages in your site, and maybe do some blogging or enable some cool plugins. It might not be a lot of custom stuff, but it will get you something reasonable.

The fourth 9 might be where you run into the knee of the curve, so to speak. Here you might see that it multiplies your cost by more than double, but the quality of the result also goes up a lot. Sometimes 99.99% is overkill for what you need, so the cost is a lot higher without having a much higher value to you. But when that extra quality has extra value for you, it can be a much better decision than taking the less expensive route.  This might upgrade your site to a really sweet custom design from a good marketing firm or graphic design shop, and could include a shopping cart for example, so you can sell products online. This could be anything from a custom theme for something like OSCommerce or ZenCart or some other out-of-the-box ready-made shopping cart, to a pretty nice custom shopping cart solution that works just the way you want it. Price ranges for something like this might be anywhere from $2000-3000 to $6000-10,000 depending on exactly what you get and from whom.

As you probably guessed, the fifth 9 is where you get a really awesome solution. Most of the time in my experience, this is overkill for 97% of businesses, and the extra investment doesn’t give them enough extra value to be worth it. But if you’re one of that 3%, this can be a total dream come true. The five 9′s solution for you might be an awesome custom web site designed by a great advertising agency with a highly-customized cart and fulfillment system underneath. This site could include content management of everything from FAQs, employee directories, and photo galleries to custom planning and quoting tools, integrated CRM functions, and integration with your warehouse or manufacturing line. You may start out with a $20,000=50,000  jump start on the project, then over a few years spend $100,000 to $300,000 on enhancements and upgrades. This is the kind of site that becomes the core of your business operations, tying together your accounting, employee management, inventory, ordering, and customer service in ways that save you a lot of man-hours and a lot of money. For the right company, this is a solution that is worth its weight in gold, but for the wrong company, it can be the millstone around its neck, dragging it down because the costs weren’t really justified and didn’t provide the return.

So how do you know which site to choose? How many nines are right for you? Often the best way to evaluate it is as a simple business decision. Try to assess the value of a feature, and weigh that against the cost of that feature. If it makes sense, do it, and if not, don’t, or do it later when the scale tips in favor of that feature. Everyone wants an awesome web site, but not everyone can afford a really awesome web site, and not everyone will get a lot of return on investment (ROI) for a five nines website. Try your best not to get your heart set on features that just don’t make any business sense, unless you’re willing to pay for them and not see any benefit from them other than that you got what you wanted. Just because you think a particular feature is awesome doesn’t necessarily mean your audience will.

I guess the bottom line to all of this is that the cheapest option, like outsourcing, isn’t always the best option, and that quality really matters. Buying cheap can easily give you quality that is too low, causing expensive repair or replacement of the faulty parts, and potentially costing you a lot of headaches and lost time that you’ll never be able to get back again. On the other hand, don’t jump to the most expensive solution if the ROI isn’t going to justify the costs. Find the right place on the spectrum for what you need, and stick to it. Have a plan for growth and the future, and be patient enough to stick to it when it means you have to wait a while longer to get your dream system. There are plenty of people who can share their stories with you. Learn from their mistakes so you don’t have to make as many mistakes of your own.