Blocking Everyone from Accessing WordPress Login Page


This will block everyone (including yourself) from accessing your WordPress login page:

# BLOCK EVERYONE FROM LOGIN PAGE INCLUDING MYSELF

RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ - [R=403,L]

This goes to .htaccess file that is located in the root folder of your site. It’s possible to exclude yourself by adding your IP address, but for sites I never touch I prefer it this way.

How to Disable Plugin and Theme Updates and Installation

Due to installing a faulty plugin to one of my sites, I had an experience of being hacked — twice. What I noticed is that every time hackers got access to my site, they tried to install a new plugin. Because I already disable file editing in my WordPress dashboard, these new plugins they install are probably meant to be used as backdoors in the future.

So I found this quick way to disable future installs of plugins and themes (by wpmudev). To your wp-config file simply add

/**Disable plugin and theme updates*/
define('DISALLOW_FILE_MODS',true);

Unfortunately this prevents even your own updates and installs as well. Once the line is added to your wp-config file, you will simply stop receiving new updates notifications.

In the future, I will probably need another solution, but for now this is good enough for my compromised site that keeps getting hacked. I will settle for this code until I figure out how to close the backdoor.

How to Back Up WordPress Manually, Without Plugins

backup cloud

backup cloudWhile there are many backup solutions both paid and free some of you will want to know how to backup WordPress site or blog manually without relying on plugins or paid services. It is a matter of preference really, but if you are a control freak like me or if you have too much to lose in case of disaster, knowing how to do this will definitely not hurt.

What you have to know about your WordPress site is that ir consists of:

  • database that can be accessed via PHPMyAdmin in your cPanel. Database contains all your pages, text, titles, plugin settings, menus, ads etc.
  • WordPress files with wp-content folder being the most important. This can be accessed via File Manager in your cPanel. wp-content folder is important because it contains all your images, themes, plugins. Obviously images here is what we are most concerned about.

What it means is you can afford to lose all the rest, because it can be easily restored with fresh WordPress install. Even your themes and plugins aren’t typically something to worry about because you can easily download and install them again, but your text and images are crucial.

So basically, if you back up just these two you are fine. The disasters in form of being hacked or database failure never stroke me yet but I had to use my backup quite a few times because I like to switch my hosts and when I do so I prefer to transfer my files myself (remember, I am a control freak).

The good news is that manual backup is very easy to do. Some of you might find using FileZilla a little challenging for wp-content backup, but even your great grandma and elementary school kids can download database backup, provided your host gives you a cPanel.

Most hosts will provide you a cPanel. I used Hostgator, Site5, StableHost, Siteground, ASmallOrange, Bluehost… it all works there. Bluehost and Site5 looked just a little different but the principle is the same and it’s very easy to figure out how to do it there.

So let’s just do it!

Step 1.
First get rid of anything you have in your dashboard that you don’t use. Now you don’t have to do this but it’s a good habit to keep things lean and light. If you keep twenty twelve, twenty thirteen, twenty fourteen themes when you use Genesis or any other theme it is a waste. Same goes for plugins. The more themes and plugins you have the longer you will have to wait for your wp-content to download. Then most probably you will be uploading it to Dropbox or similar service where after you pass a certain amount of storage, you will have to upgrade to a paid account or a more expensive account. The leaner, the better.

Step 2.
Go to your cPanel by entering in your browser

yourwebsite.com/cpanel

and when you see this

login with your username and password (those of your web host, NOT WordPress).

Scroll down and find Backup Wizard and click to enter:

cPanel backup wizard

Click on backup

backup button

Under Select Partial Backup chose Backup MySQL Databases

mysql database backup

Click on that and you will see the list of databases you have. Most WordPress sites have only one so it will be a no-brainer what to click on. Click on the name of your database to download it to your computer.

As you noticed there were other options to backup email forwarders, filters and home directory but I personally never do this. I barely use my email so I am not worried to lose it. For home directory, if you only have a WordPress install, I find it wasteful to backup everything. As I said earlier you can have a fresh install of WordPress, the only thing that matters there is wp-content folder, so to save my time and space at file storage company (Dropbox in my case) I only backup what is absolutely necessary.

Step 3.
Now you need to open FileZilla. If you don’t have it installed go ahead and download it and install it now from here. FileZilla is a free software that allows you to connect to remote server where your website files are located and to your local computer at the same time. Its convenient interface allows you to navigate both, download, upload, delete and rearrange files as you please. Best of all, it allows you do to do things in bulk so you can hit the button and go have your coffee while it works for you.

I will assume you know nothing about FileZilla and will explain how to configure it first.

So open your FileZilla. Left window represents your local computer, you can navigate your folders right from here. If you created a special folder where you want to save your backup navigate there, or else just choose Desktop or Downloads folder. In my case, I chose Desktop.

filezilla desktop

Now we want to connect to server to be able to see all our website’s files in the right window which is currently empty. We need to connect first so, if it’s not done yet, you need to create a new project by clicking File ==> Site Manager ==> New Site

Give a name to your new site project. It can be anything you want, not necessary site name. As long as you recognize it, anything will do. Then configure access as shown. For most hosts entering mysite.com in Host field will work, provided that your site is already hosted there and name servers propagated. You might meet an occasional host that will not work that way and will use IP address or name server instead. In that case enter IP address provided by your host or name server. If nothing seems to work or if in doubt, contact them and ask what works specifically with their server.

Switch Logon Type to Normal, enter your username and password (same as cPanel) and click Connect. Filezilla will remember these settings, so when you do this next time you will not have to worry about the settings.

Here is the screenshot how it should look like when you are about to click connect.

Filezilla settings

If you entered correct login details and host name your directory listing should be successful. You will also notice that you have some files in the right window. This is what you have on your server. If you were to go to File Manager via cPanel you would see them there, but Filezilla interface is just another way to see them and manage them. Double click on public_html to see your website’s files. When working here be careful not to drag or rearrange files accidentally, because they are all drag-able and rearrange-able.

Once again you will see “Directory listing successful”. In the right window you will see even more files (those that were inside your public_html). Scroll down to find

wp-content

Right click on wp-content and choose download. It will take a while to download so you can just leave your computer alone.

wp-content backup with filezilla

When it will be done you should find downloaded backup wherever you chose to save it (in my case it’s Desktop). You can now zip it and send it to your file storage place together with database (database is already compressed).

You are done!

I never keep very old backups, so when I do new one I delete previous backup so I can stay within free account limit in Dropbox. You can save more than one if you wish, but my point is you don’t have to keep all backups you ever do unless you want them.

More on FileZilla here.

Forgot your WordPress Username or Email? Here is How to Find it!

wordpress database

If you build so many websites that you eventually forget not only your password but even username or maybe even email you used to install WordPress, here is how you can find it (provided you still remember how to access to cPanel where your site is hosted):

1. Go to yourwebsite.com/cpanel and login using your hosting login details.

2. Under “Databases” find “PHPMyAdmin”

3. Find the name of your WordPress database installation in the left column and click on it.

wordpress database

4. Click on wp_users either in the left column or in the center of the page.

wordpress users in database

Next you will see the list of all users, their usernames and their emails, including your own. You now can sign in or reset password using your email address if necessary.

Handling Index.html Error Issues in WordPress

redirect cpanel

This quick tutorial will help you fix 404 error issue when you request index.html for your WordPress site. If you initially started out with WordPress you will not have this problem, but those who were on different platforms or had static websites that used index.html page, then converted to WordPress might still have old links pointing to domain.com/index.html.

It is a good practice to make your website’s homepage available ONLY under “domain.com” or ONLY under “www.domain.com”. If your website is available under

  • domain.com/index.html
  • domain.com
  • www.domain.com
  • www.domain.com/index.html

you are deluding link juice and wasting PageRank. While it’s true that Google can sometimes figure out that all these are same, it is not always the case. It is your responsibility to set up your website properly and quit relying on Google to figure things out.

Back to index.html issue, some WordPress themes and frameworks will handle that automatically. You can test that by typing in yoursite.com/index.html into your browser and see what you get.

If you get homepage you don’t need to do anything, if you get 404 page we need to fix that.

Method 1

If you have a static page set as your homepage and are using plugin like .html on pages to add .html at the end of your pages’ URLs, you can easily fix the issue by doing the following:

  • Temporarily assign any other page to be your homepage (just for about 20 seconds, promise!) via Reading–>Settings.
  • Now go to Pages and find your original homepage and edit it’s URL to be index.html.
  • Go back to Settings –> Reading and assign this page to be your homepage again.
  • Check domain.com/index.html to make sure things work as expected.

Method 2

Install a plugin like “All 404 Redirect to Homepage” and it will always redirect all 404s (Page Not Found) including typos, broken links and non-existent index.html to your homepage.

Method 3

Another way is to first create index.html, then redirect it to homepage. This will not work on hosts that default to index.html BEFORE index.php. Hostgator and Stablehost default to index.html and if you attempt to do this there you will only get blank page instead of homepage. If you are using Hostgator, Stablehost or other host that has similar setup you should either use first method or contact your host and ask them to change default index page for you. Once they do you should be able to do what’s below.

Site5, on the other hand, doesn’t default to index.html from what I can see and this method worked there immediately.

First to create index.html:

1. Go to cPanel and choose File Manager (NOT Legacy File Manager), click on that and choose web root/public_html.

2. Once you are in your file manager click New File icon in the top left (NOT New Folder).

3. Create index.html by simply typing index.html and clicking Create New File.

create new file cpanel

4. Return to your cPanel and find URL Redirects and click to enter.

5. Add a new redirect by filling as follows:

– Type 301 (Permanent)
– Choose your site URL from drop-down menu and complete it by typing index.html in the blank area after the slash /
– Set it to with and without www

Here is how it should look like (please paste in the field “Redirects To” the version of homepage URL you are using, it can be either http://www.domain.com or http://domain.com. If you are an ex-SBIer you should use http://www.domain.com):

redirect cpanel

6. Click Add and you should be done.

Type into your browser yourdomain.com/index.html once again and see if redirect worked (it should!).