WordPress

WordPress is a content management system that does not require any introduction. Millions of blogs and websites and stores are powered by WordPress. It is so huge that there are thousands of different cases that might require changes in the configuration of the website. One such case is the change in the domain name of the website. In this short guide, I will show you different methods to change WordPress site URLs. By site URLs, I mean the WordPress address and the Site address. Both of them are same in the majority of the cases. Both of them are the base URLs of your WordPress site. So, In this guide, I will show you three different methods to update the URLs of your WordPress websites. The three methods are: Change WordPress URLs from the Admin section Update URLs from wp-config.php Change WordPress URLs using WP-CLI Let’s start our guide with the first and the easiest method to change WordPress site URLs. Change WordPress Site URLs from the Admin section This is the easiest method to change WordPress URLs. The first thing you have to do is to log in to the Admin section of your WordPress site. Once you are logged in, click on the Settings section from the left sidebar. On the General Settings page, you will see a bunch of fields for a bunch of information. In that form, you will find two fields with (URL) in the label. Just like the following image. Enter the new URLs in both of these fields and click on the Save Changes button given at the bottom of the settings page. Once done, you will be able to access your site on the new WordPress URLs. Change URLs with wp-config.php If you don’t want to change URLs from admin section or cannot change URLs from the admin section, don’t worry! You can actually set the URLs from wp-config.php file. So, Open up the file manager or FTP client and navigate to the WordPress installation directory. Once you are there, Edit the wp-config.php file and add the following lines at the end of the file. define('WP_HOME', 'https://newexample.com'); define('WP_SITEURL', 'https://newexample.com'); Now, Save the file and you will be able to access your WordPress site using the new URLs. Note that the values set in the wp-config.php file will override the URLs provided in the General settings page of WordPress. Now, Let’s move on to the last method to change WordPress site URLs. Change WordPress URLs using WP-CLI WP-CLI is an awesome tool to manage all your WordPress instances using the command line interface. It is very easy to manage WordPress settings using WP-CLI. You can also set the site URLs using the WP-CLI tool. It just takes two commands to update the URLs using this method. But to execute these commands, you have to connect to your server via SSH. If you are using Linux based operating system or Mac OS, open up the terminal and connect with your server via SSH directly. If you are using Windows, use Putty or Bitvise to connect with your server via SSH. Once you are in, Execute the following commands to update the URLs of your WordPress site. wp option update home 'https://newexample.com' wp option update siteurl 'https://newexample.com' So, that’s all it takes to update Site URLs using WP-CLI. If you want to install WP-CLI on Linux, you can follow our guide too!   Conclusion: There is one more method to update the WordPress site URLs. In that method, you will basically log in to the PHPMyAdmin and update the site URLs directly into the database. It is a little bit hard if you are facing this for the first time. But the above-given methods are the easiest and the best! Let us know in the comment section if you are facing any issue changing WordPress site URLs, we will respond back with the solution as soon as possible.

A brute force attack is a trial-and-error method in which the hackers aim to gain access to a website by trying different combinations of usernames and passwords until they get in. These attacks focus on websites having weak security links. For example, these attacks mainly happen to a website using a weak username and passwords like ‘admin’ and ‘12345’. Brute Force attack can run out of the server memory as the number of HTTP requests becomes high. Furthermore, this can lead to a performance issue on the website. The number of HTTP requests is the number of times someone visits our website. How to Prevent Brute Force Attacks These hackers hammer the ‘wp-login.php’ file over and over again until the website is accessible or the server dies. We can prevent brute force attacks using the following measures: 1) ALWAYS USE UNUSUAL USERNAME In the early version of WordPress, the username ‘admin’ was a default, so the hackers assume that most of the people are using the same now. It is always advisable to change the username using the “Change Username” plugin. Try not to keep an easy username like “admin” or “administrator” or “boss”. Make sure it is unusual so that no one can guess your username. 2) CREATE COMPLEX AND STRONG PASSWORD It is always recommended to have a secure password, which prevents others from guessing your password and can avoid a brute force attack. There are many ‘automatic password generators’ available which can be used to generate a secure password. The WordPress password strength meter feature ensures the password strength is adequate while changing the same. The ‘Force Strong Password’ plugin can help users to set strong passwords. Some of the things which need to be kept in mind while choosing a password are: Avoid using any permutation of your name, username, company name, or name of your website. Don’t use any word from a dictionary, in any language. Avoid using Short Passwords. Always try to use alpha-numeric passwords. It is always recommended to enable “Two-Step Authentication” on your website for more security. 3) USE SECURITY PLUGINS There are many plugins available for WordPress to limit the number of login attempts made to the website like Limit Login Attempts, IP Geo Block, etc. Also, you can completely block someone from accessing wp-admin by using different plugins like Loginizer, WP Custom Admin Interface, Admin Menu Editor, etc. 4) PASSWORD PROTECT WP-LOGIN.PHP FILE The password protection of your ‘wp-login.php’ file can add an extra layer of security to your site. For the same, you can create a ‘.htpasswd’ file. This file can be created under your public folder or in the same folder of .htaccess, but if you are adding it under the same folder as that of .htaccess, then you need to add some extra security to the .htaccess file. After uploading the .htpasswd file to the server, you have to include it in the.htaccess file in order to protect some routes on your website. For instance, if you have uploaded the htpasswd file in the home directory containing asecretuser the user, add the following code to your htaccess file. # stop Apache from serving .ht* files <Files ~ “^\.ht”> Order allow, deny Deny from all </Files> # Protect wp-login.php <Files wp-login.php> AuthUserFile ~/.htpasswd AuthName “Private access” AuthType Basic require user asecretuser </Files> The “AuthUserFile” location depends on your server, and also the “require user” details changes based on what username you pick. By using the ‘HttpAuthBasicModule’, we can protect the wp-login.php file in Nginx by adding the following block inside your server block. Location /wp-login.php { auth_basic “Administrator Login”; auth_basic_user_file .htpasswd; } The .htpasswd filename path is related to the ‘nginx.conf’ file and the files should be in the following format: user:pass user2:pass2 user3:pass3 The passwords must encode by function crypt(3), so you can use the ‘htpasswd generator’ to encrypt your password. 5) LIMIT ACCESS TO WP-LOGIN.PHP BY IP If you have a fixed IP address to log in to your Admin area, then you can deny wp-login.php access to others using ‘.htaccess’ or ‘web.config file’. This process is known as IP whitelist. To allow only one IP address (e.g., 203.0.113.15) to access the admin area, you can create a file with the name .htaccess and add the following code: # Block access to wp-login.php <Files wp-login.php> order deny,allow allow from 100.00.00.01 deny from all </Files> If you want to add pre than one allowed IP address, we can edit the .htaccess file as below. # Block access to wp-login.php <Files wp-login.php> order deny,allow allow from 100.00.00.01 allow from 100.00.00.02 allow from 100.00.00.03 deny from all </Files> If you are using Apache 2.4 and Apache module, then the syntax is different: # Block access to wp-login.php <Files wp-login.php> Require ip 100.00.00.01 </Files> To access the admin using multiple IP addresses in Apache 2.4, you can add: # Block access to wp-login.php <Files wp-login.php> Require ip 100.00.00.01 100.00.00.02 100.00.00.03 # or for the entire network: # Require ip 100.00.00.0/255.255.255.0 </Files> 6) DENY ACCESS TO NO REFERRER REQUESTS The Spam login attack can be prevented by adding the following block into the ‘.htaccess’ file. # Stop spam attack logins and comments <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php* RewriteCond %{HTTP_REFERER} !.example.com.* [OR] RewriteCond %{HTTP_USER_AGENT} ^$ RewriteRule (.*) http://%{REMOTE_ADDR}/$1 [R=301,L] </ifModule> 7) BLOCKLISTS As per the study, most of the brute force attacks are from hosts from Russia, Kazakhstan, and Ukraine. So, we can block the IP-addresses that originate from these countries. We can download blocklists from the internet, and then we can load block rules with iptables using some shell scripting. Blocking an entire countries IP address cannot be done if your website is global; that time, you can add the well-known spammer’s IP-addresses to the iptables. This table needs to be updated regularly. 8) CLOUD/PROXY SERVICES Some services like Cloudflare and Sucuri CloudProxy can help to reduce these attacks by blocking the IPs before they reach the server.   Conclusion: There is no actual way to make your site 100% hack-proof. It is

and Knowing how to remove malware from a WordPress site is a skill every webmaster should have. Malware stands for malicious software, which is a general term for harmful programs and files that can compromise a system. It can damage computers, servers, networks, and websites. In this article, you’ll learn how to remove malware from a WordPress site. What Can a Malware Do to Your Site? Although WordPress is well maintained and secure, it does have several vulnerabilities that can expose your site and its visitors to malware threats. Hence paying attention to your site’s security is absolutely essential. Here are some of the risks posed by malware: Unwanted changes to your content or site, whether something is added or removed without your permission. Compromised sensitive data, like users’ private information. Spam, whether in the form of emails or suspicious links being spread from your site. Your URL getting redirected to untrustworthy websites promoting scam, inappropriate content, or malicious ads. A sudden spike in server resource consumption. Google marking your site as unsafe on the browser and search results. Negative impact on SEO (related to the point above). As you can see, keeping your security up to date and knowing how to remove malware from a WordPress site is an absolute must! How to Remove Malware from a WordPress Site Manually? The manual method may take a while and requires more technical knowledge, but it can give you insights on where the breach happened. If you would rather use a simpler alternative to remove malware from a WordPress site, try a security plugin instead. 1. Backup Your Site Always backup your site before tweaking its core files. There are two ways to do this, depending on whether or not you’re locked out of your site. If you’re unable to login, you can save a copy of your site’s public_html folder via your hosting file manager or FTP. Here’s how: File manager – right-click on the public_html directory and select compress. Once done, save it to your computer by right-clicking on the archive and downloading it. FTP – go to Site Manager -> Connect and then download the folder using the same method as used above. The only difference is that you’ll need to use an FTP client like FileZilla. Meanwhile, if you still have access to your site, you can use plugins such as UpdraftPlus, Backup Buddy, or VaultPress to save time. Last but not least, keep a backup of your database stored locally as well. 2. Run a Scan on Your Computer We suggest downloading your backup using an FTP client or with the file manager then locally running a scan on the backup. Use an anti-virus system and a malware scanner such as Kaspersky or MalwareBytes to diagnose and fix possible issues in your site’s files. If the scan is successful and helps locate and remove any issues, change your FTP password and re-upload site files. 3. Remove the Malware Infection There are a few actions you can take to remove malware from your WordPress site. First, you will need to access the site’s files through FTP or a file manager. Erase every file and folder in your site’s directory except for wp-config.php and wp-content. Afterward, open wp-config.php and compare its content with the same file from a fresh installation or wp-config-sample.php that can be found on the WordPress GitHub repository. Look for strange or suspiciously long strings of code and remove them. It’s also a good idea to change the password of your databases once you’re done inspecting the file. Next, navigate to the wp-content directory and perform actions on these folders: plugins – list all your installed plugins, and erase the subfolder. Later you can re-download and re-install them. themes –  delete everything except your current theme and check for suspicious code, or just remove it altogether if you’ve saved a clean backup or don’t mind reinstallation. uploads – check for anything you haven’t uploaded. index.php – after you’ve deleted the plugins, erase this file. 4. Download a Fresh WordPress Copy to Install Re-download WordPress and re-upload the content to your website via FTP or the file manager. Go to your file manager, click Upload Files and locate the WordPress zip file. After it’s finished uploading, right-click or press the Extract button and enter a directory name to define the save location. Copy everything else besides the zip file to public_html. Alternatively, you can use hPanel’s one-click installer and edit the database credentials in the wp-config.php file to point it to your new installation. 5. Reset WordPress Password If multiple users are running a website, the breach might have occurred through one of their accounts. It’s recommended to reset every user’s password, log out every account, and to check for any inactive or suspicious user accounts that should be deleted. Change the passwords into long, randomized strings that can’t be breached by brute force attacks. It’s a great idea to use a password generator. 6. Re-Install Plugins and Themes Now that you have removed malware from your WordPress site, re-install all the removed plugins and themes you had. However, be sure to leave out plugins that are outdated and no longer maintained. While you’re at it, we advise you to install security plugins that can protect your WordPress site and easily remove malware in the future. Use one with a proven track record such as MalCare, WordFence, or Sucuri. How to Remove Malware from WordPress Using a Plugin? If you prefer a quicker way to remove malware from your site and can afford a premium service, you can purchase a WordPress security plugin. For this article, we’re going to demonstrate how to remove malware from a WordPress site using Sucuri. But first, let’s take a look at what it offers: Server-side scanning (premium) and remote scanning (free). The latter only detects on-site malicious code and while the former also checks for it on the back-end. Detects compromised WordPress files in your system and replaces infected ones with their original copies. Runs a check on antivirus software and search engine databases to see whether your site is blacklisted. Reinforces your site’s security to prevent malware attacks. Notifies you whenever signs of malware activity are spotted. Sets up a firewall on your website (premium). You can get Sucuri from the WordPress plugin repository. Once it

Avada is a multi-purpose WordPress theme, and it is the number one selling theme for over six years. Because of Avada’s features and consistency in the market, it has become one of the most trusted and complete WordPress themes. Avada is powerful and flexible. In Avada, one can import a professionally designed demo in one click, and these demos are free. Avada is a slow, bloated theme, and it is one of the fully featured and capable WordPress themes. By using Avada, you can create any WordPress websites, and it can be installed either via WordPress or FTP. Avada is used to create any websites, a law business site or a corporate business website, a wedding website, an IT website, a hosting company site, or a blog site or an online eCommerce enterprise. And, this theme also comes with a professionally designed demo for different industries like healthcare, cafe, Agency, Photography, Travel, and more. In Avada, over 50 pre-designed demos are available, and these demos include Avada Classic, Avada Law, Avada Sports, Avada University, Avada Creative, Avada Galerie, Avada Crypto, and more. If you want to use the Avada theme on your website, then it should meet the following requirements: Ensure that your web host is capable of running WordPress and make sure you are using WordPress 4.6 and higher. PHP version should be 5.6 or higher. Make sure you have MySQL 5.6 or higher. Install Avada Theme The first thing to do before Avada install is to download all the necessary theme files from your ThemeForest account. If you are downloading the theme from ThemeForest for the first time, then it is recommended to download the Full Theme Package. The Full Theme Package includes additional files such as Revolution and Layer slider documentation, and the classic demo only has the ‘. PSD’ files. If the Full Theme Package is already downloaded, then you can go for the WordPress installable file. DOWNLOAD AVADA THEME FILES Log in to your ‘ThemeForest’ account and navigate to the ‘Downloads’ tab. Locate your Avada theme purchase. Choose the ‘Download’ button only to download the ‘Installable WordPress file’ or if you want to download the Full Avada Theme Package, then you can choose download ‘All Files & Documentation’. INSTALL AVADA VIA WORDPRESS Login to WordPress dashboard and navigate to the ‘Appearance’ tab. Select the ‘Themes’ option. Click the ‘Choose File’ option and upload the downloaded file. If you have downloaded only the installable file, then you can upload that as such. But if you have downloaded the Full Theme Package, then you need to unzip the master file and then upload the secondary zip that is inside the primary zip. Once the file upload completes, you need to activate Avada. To Activate, you can go to the ‘Themes’ option in the WordPress dashboard and click the ‘Activate’ button. After activation, you get redirected to Avada’s welcome screen, and this screen prompts you to install the required Avada’s plugins such as Fusion Core plugin and the Fusion Builder plugin, and more. INSTALL AVADA VIA FTP Log into your server via FTP, or you can connect using FileZilla. If you have downloaded the Full Theme Package, then you need to unzip the master file. There is a secondary zip available inside that file, and you need to unzip that secondary Avada.zip file also. If you have just downloaded the installable file, then you need to unzip that file. Go to the ‘wp-content’ folder and upload the extracted Avada folder to the ‘themes’ folder on the server. Make sure that the name of the folder is Avada. After upload, you need to activate the theme from WordPress. To activate the same, you need to login to the WordPress dashboard and select the ‘themes’ option under the ‘Appearance’ tab and click the ‘Activate’ button. You get redirected to the Welcome screen after the activation. The system prompts you to install the required Avada’s plugins such as Fusion Core plugin, and the Fusion Builder plugin, and more. Avada Plugin Installation The Fusion Core and the Fusion Builder plugins are essential to operate Avada. It also comes with five different premium plugins such as Fusion White Label Branding, Convert Plus, Advanced Custom Fields PRO, LayerSlider WP, and Slider Revolution. Some plugins are essential to run a particular demo in Avada, so it is recommended to add those plugins before the demo import. All Avada plugins are available under the ‘Plugins’ option in Avada. Some of the recommended plugins to run a demo are PWA, WooCommerce, The Event Calendar, Yoast SEO, HubSpot, Contact Form 7, bbPress, and more. INSTALL PLUGINS If you want to download any premium plugin, then you need to register your purchase under the ‘Token Registration’. But the registration is not required when you purchase the required and recommended Avada plugins. Log into WordPress admin and navigate to the ‘Avada’. Select the ‘Plugins’ tab, and this tab list all the required and recommended plugins. Select the required plugin image and click the ‘Install’ button over the plugin image. After the installation, click the ‘Activate’ button and then return to the Plugins page by clicking the ‘Return to Required Plugins Installer’ link. If you want to update the installed plugin, then you can click the ‘Update’ button to apply the changes. Always remember that you need to install the Fusion Core plugin first and then followed by the Fusion Builder plugin. Repeat Steps 3 to 5 until you finish installing and activating all the desired plugins. So, this is how you can install Avada Theme on your WordPress site. If you have any questions or queries regarding this tutorial, please let us know in the comment section given below.

The homepage is one of the essential parts of a website. It is an easy task to set and edit the homepage in WordPress. In a WordPress platform, the newly uploaded blogs and posts are displayed on the website’s homepage by default. For some type of sites like Blogs and News sites, this process is perfect. But it does not make sense for other websites as most of the companies are looking for static homepages. For such companies, the homepage of their website should have information about their products, services, etc., and a blog is a secondary section. So, it is essential to set and edit the WordPress homepage. Mainly, we edit or set the home page to achieve the following goals. It helps to generate more sales and helps to focus on the services. It helps in increasing email subscribers and get more leads. If you do not want to post the blogs on the landing or homepage. Steps to Set a Static Homepage via WordPress As discussed, some companies like to display their company’s services and products on the landing page. Some likes to add a product gallery or slider to their homepage and even would like to change the homepage to a static homepage. For all these mentioned criteria, we can set the homepage in WordPress. Most of the premium themes you purchase require the immediate switch of the homepage to a static homepage. To set a static homepage in WordPress, follow the below process. First of all, Log in to WordPress as an admin/root user. Navigate to the ‘Settings’ option in the left-side menu bar and select the ‘Reading’ option from the drop-down to open your homepage settings. In the ‘Reading Settings’ page, navigate to the ‘Your homepage displays’ section. If you want to change the display settings from the default ‘Latest posts’ option to the static home page, click the ‘A static page’ option to set the new homepage. After the selection, WordPress reveals two options. The first one is to set the homepage of your website, and the other is for the blog posts. If you already have multiple pages on your website, you can select the pages for the two options from the list. Please note that you need to create and publish the pages before being able to select them. Finally, hit the ‘Save Changes’ button. Now, visit your website to check if the homepage got changed to the static page. Steps to Set the Blog Page as Homepage First of all, Log in to WordPress as an admin/root user. Now, Navigate to the ‘Settings’ option in the left-side menu bar and select the ‘Reading’ option from the drop-down to open your homepage settings. Then, change the display settings to ‘Your latest posts’ to set the blog page as the homepage. After that, you can make some changes depending on how you want the blogs to show up. For that, follow the steps: First, set how many posts get displayed on a single page in the text bar next to the ‘Blog pages show at most’ option. Next, you can set the count of RSS feeds in the text bar next to the ‘Syndication Feeds Show the Most Recent’ option. Then, you can set how the post should appear. If you select the ‘Full text’ option, all the details of the post get displayed on the page. But if you select the ‘Summary’ option, only a summary of the post gets displayed on the page. After the selection, hit the ‘Save Changes’ button to apply the changes. Steps to Create a WordPress Menu Most of the WordPress themes do not implement a menu automatically. Therefore, to create a WordPress menu, follow these steps: Navigate the ‘Appearance’ tab in the left-side menu bar of WordPress. Click the ‘Menus’ option. In the Menus page, either select an existing menu from the drop-down or click the ‘create a new menu’ link. Then, select the categories, such as posts, pages, tags, and more that you want to add to the menu or add a custom link as an item on the menu. After the selection, click the ‘Add to Menu’ button. Drag the menu items to reorder or nest the menu. After that, select the display location of the menu from the list and click the “Save Menu’ button. Navigate to the ‘Manage Locations’ tab to set the primary or main menu and the footer menu from the drop-down. The menu locations vary with each theme. After that, click the ‘Save Changes’ button. So, this is how you can create and set a menu in your WordPress site. Keep in mind that each WordPress theme is different and the number of menu locations available in the layout might vary from theme to theme.  

BuddyPress is a free, open-source social networking software package. It is also known as a social network in a box. BuddyPress is a WordPress plugin that helps to transform any platform into a social network platform. It allows companies, schools, colleges, or other niche communities to start their communication tool or social network. The integral functional elements of WordPress engines, such as themes, widgets, and plugins, can inherit and extend BuddyPress. That means you can mix-match the features offered by these plugins, themes, and widgets to customize the social network. In this knowledgebase, you learn the steps to install BuddyPress in WordPress and to build a social website with this BuddyPress plugin. Steps to Build a Social Website using BuddyPress To build a social networking website for your organization using the WordPress plugin BuddyPress, follow the below steps: 1) INSTALL A WORDPRESS THEME Log in to WordPress as an admin user. Go to the ‘Appearance’ tab and open the ‘Themes’ page. Then, select a social network theme from the list. In this knowledge base, we are using ‘Quest’ as the WordPress theme. Click the ‘Install’ button to install the theme. After the installation, click the ‘Activate’ button to activate the theme on your website. 2) INSTALL THE BUDDYPRESS PLUGIN To install the BuddyPress plugin to your WordPress platform, follow the below steps: Log in to the WordPress dashboard as an admin/root user. Navigate to the ‘Plugins’ section and click the ‘Add New’ option. Then, search for BuddyPress in the search bar at the right-side corner of the page. After locating the plugin, click the ‘Install Now’ button. After the installation, click the ‘Activate’ button to activate the plugin on the website. 3) CONFIGURE BUDDYPRESS TO WORK WITH THE PLUGIN After the installation of both BuddyPress plugin and theme, we need to make sure that the BuddyPress plugin can work with the installed theme. For the same, we need to configure the BuddyPress plugin. To configure the plugin to work with the installed Quest theme, follow the below process. Log in to the WordPress dashboard as an admin user. Navigate to the ‘Plugins’ section and select the ‘Installed Plugins’ option. Select ‘BuddyPress’ from the list and click the ‘Settings’ option.     Then, configure the BuddyPress plugin by using the following process. Go to the ‘Components’ tab in the BuddyPress settings page. On this page, the site administrator can enable or disable actions that impact the communication between the users in the social network. Extended Profiles: When this action gets enabled, one can add custom fields to the user profile. Account Settings: Enabling this action can help the user to change their account and notifications from the profile screen directly. Friend Connections: This action helps the user to send friend requests to other users in the network. Private Messaging: Enabling this action helps the user to send private messages to other users or groups. Activity Streams: Enabling this action helps users to view the other user’s activities, such as comments, threads, mentions, favoriting, and direct posting. Notification: Enabling this action allows users to receive notifications, such as private messages, friend requests, and more. Site Tracking: This action allows us to view the activity records related to new comments and posts. User Groups: This action allows users to create private, public, or hidden groups.   The options tab of the BuddyPress settings page helps the user to allow or disallow actions from a registered user.   Next, in the ‘Pages’ tab, you can set these three labels: Members, Activity, and User groups. Create the registration and account activate pages and then add these pages in the ‘Registration’ section of the ‘Pages’ tab. After that, click the ‘Save Settings’ button. Please note that, if you could not see this option, navigate to the ‘Settings’ option, and click the ‘General’ option. Then, select the checkbox next to the ‘Anyone can register’ option. 4) USE BUDDYPRESS WITH THE THEME Navigate to the ‘Appearance’ tab and select the ‘Menus’ option. Then, click ‘Screen Options’ from the top right-side corner. Mark ‘BuddyPress’ and again click ‘Screen Options’. 5) CREATE A MENU FOR THE NAVIGATION BAR If your website already has a menu bar, delete the same before starting this process. Click the ‘Create a new menu’ option on the Menus page. Enter the menu name as ‘BuddyPress’ and click the ‘Create Menu’ button. Select all the log-in and log-out menus from the list. Then, select the theme location and click the ‘Save Menu’ button. After that, remove the default widgets, and configure a new widget according to your needs. Then, add the created BuddyPress widgets to the sidebar 6) ENABLE USER REGISTRATIONS ON WEBSITE To make the registration process public, follow the below steps: Navigate to the ‘Settings’ tab in the left-side menu bar and select the ‘General’ option. Then, select the checkbox next to the ‘Anyone can register’ option. 7) SETTING UP THE HOMEPAGE To set up a static homepage for your website. Now, you have successfully built a social website using the WordPress BuddyPress plugin. We hope that this knowledge base was helpful to you.

Table Of Content: 🔴 WordPress site redirects to another site 📥What is WordPress Malware Redirect? 📥Instances Of Malicious Code in WordPress site 📥 ‎How to Detect and Clean WordPress Redirect Hack? 📥 How to Prevent future malware redirects 📥 WordPress Malware Removal WordPress website security and protection from malware or malicious code has become more important than ever. Its a well known fact that wordpress is used by more than 40% of websites, due to which it is more prone to hacking attempts than other CMS. Is your site redirecting to another website? Then, you are a victim of redirect hack in WordPress. You might be thinking that how do a malware or malicious code make your website redirect. In this article, we will provide you detailed info about WordPress malware redirect OR url redirect hack fix. According to Sucuri, WordPress malware infections saw a considerable from 83% to 90% in 2019-20. We will show you how to fix wordpress site hacked redirecting to another site ‎🔴 step-by-step. We have also included a video and an infographic (down below) to cleanup malicious redirects in WordPress. You can bookmark for future reference. It’s important to understand this hack so that you can do a cleanup of your website and also prevent it from reoccurring in future. In case you are short of time, we can remove malware from wordPress site. Why my website is being redirected to another site? Often, we come across people asking questions such as why my website is redirecting to another site or to multiple websites. A straight forward answer to website getting redirected is that your WordPress has been hacked and is infected with a malware which sends visitors to a spammy or phishing sites. Know more about WordPress Phishing in this post. Intent behind inserting such malicious redirects can be black hat seo, or obtaining ad impressions. Attacker exploits vulnerabilities present in your wordpress site via a backdoor or malicious scripts which are hidden in source code. In some case, it also throws a 404 error for your wp-admin area. This could be due to an infected wordpress plugin, malware injected .header.php and footer.php or .htaccess. We have seen many instances of such hack where WordPress Site URL Redirects to Another Site and have fixed it successfully. This can negatively impact your business in many ways. These hackers may make out money, data and confidential information from your website. If in any case, your website is being redirected to phishing or malware websites then get ready for the consequences. SEO loss – Yes, of course, Google is not going to take any chance with its reputation and you are definitely going to be penalized by Google maybe your WordPress site gets blacklisted in google. Google may also show “This Site May Be Hacked” warning message alongside your website listing in search results. You host may suspend your website (Siteground suspension). You might get a message like  “this site has been suspended” OR Account suspended contact your hosting provider for more information Breach of Privacy – It could result in data loss and breach of user privacy, in case, visitors download any software from that infected website unintentionally. Branding – A visitor to your hacked site could be redirected to websites selling illegal or spam products which can harm your brand and customers will loose trust in your ecommerce website Revenue Loss – If your website uses WordPress woocommerce for selling products, then it can lead to huge revenue loss as well as theft of sensitive information. What is WordPress Malware Redirect Hack? “WordPress Malware Redirect” or “WordPress Redirect Hack” is a kind of  🔴 exploit where infected site redirects the visitors to malicious website, phishing page and malware websites. It is likely due to the code injected in your WordPress database, that gets your WordPress site redirected to another site. Signs & Symptoms – How To Detect You can easily make out that your wordpress is infected with a redirect malware. Look out for these signs and symptoms to diagnose your site for redirect malware. Is your website redirects to another site Is your WP-admin shows 404 error while logging in your dashboard Are you are unable to access the website dashboard or front end Are you unable to log in admin area of your website Do you come across this error -““ERROR: There is no user registered with that email address” while loggin in wp-admin. In case you come across any of the above mentioned symptoms, get in touch with us right away. Our scanner will thoroughly analyze your website, find the location of the hack & start the removal process. Generally, a malicious WordPress Hacked Redirect is detected through the site’s front end when a visitor is redirected to any other page instead of the page or any website he requested. In most of the cases hackers use a particular malicious code to redirect the website to a porn or scam website to harm your website. Commonly used tricks includes: Adding themselves as a ghost admin on your website Injecting or uploading a malicious code in your WordPress site Executing .php code If any malicious script is added by hackers it’s often named to look like a legitimate file like that’s the part of WordPress core files on the website. Hackers can add malicious code to wp-content/plugins or wp-content/uploads folders, .htaccess, wp-includes, wp-content/themes, or wp-config.php file.   Examples Of Malicious Codes Inserted in WordPress Sites Site Redirect Chain – Redirecting from one site to another, automatically We recently noticed that large number of wordpress sites have been redirecting to malware infected domains such as ibuyiiittraffic[.com] and i.cuttttraffic[.com]. In this kind of redirection malware site webmaster comes across a 404 error on his wp-admin. This is accomplished by infecting the website with backdoor hack or other means of malicious java-scripts being induced by SQL injection or CSS. This is a explicit example of malware redirection ‘chains’ where websites get automatically redirected multiple times before landing on the domain as desired by the attacker. In other instances, it re-directs when you click anywhere on the page or click ALLOW. There are many

The process of creating a replica of your website is known as website cloning. By using this clone, you can create blueprints, perform updates, test compatibility, and more before implementing the changes on your website. By this method, you can safely implement any changes to your live website. In this tutorial, we are going to check How to Manually Clone a WordPress Website. Why Do You Need to Clone Your Website? Every power user of WordPress has access to create the exact copy of your website. This feature is most helpful for web agencies that have several websites across multiple WordPress hosting providers. Whenever an issue occurs on your live website, you can create a clone and try the fixes in that copy until you get a resolution. So, it is easy to implement the correct resolution on your live website. If you want to update a theme in a website without breaking any service, then you can follow the below steps: First, take the clone of your website. Update the theme on the clone. Do all the necessary testing. Then, either remove the previous version or make this clone website as the original version of your website. The scenarios when you need to create a clone for your website are: 1) TO PERFORM COMPATIBILITY TEST You can perform the compatibility testing on your website to check if all the components are working as expected and also if the website codebase is capable of running on software and hardware infrastructure. While performing the compatibility test, you need to make some changes to your website. So, we suggest you perform these tests on a cloned or staging website instead of the live website. Similarly, perform all the processes that can affect your website on the clone, such as code change, implement themes and plugin updates, installation of untested themes, and more. 2) TRANSFER OF YOUR WEBSITE TO NEW SERVER The transfer of a website from one hosting provider to another seems to be easy. But it is always essential you create a clone of your website along with the backup of website files and databases before the transfer. If the website gets broken after the transfer, you can use the clone of your website to recover. 3) TO CREATE A BLUEPRINT The website builders use blueprints to create their website. These blueprints are stored in a shared location to speed up the development process, and these setups include code-level customization, plugins and themes configuration, and more. 4) TO BACK UP YOUR WEBSITE You can also use the cloning process to help make a backup (web files and database) of your website and store that in an offsite location. We can use this cloned website stored in offsite locations during disaster recovery. You can use different WordPress plugins to create a clone of your website. Clone a WordPress Website You can clone your WordPress website using multiple methods. But in this knowledge base, we discuss how to clone a WordPress website manually. CLONE A WORDPRESS WEBSITE MANUALLY The manual process of cloning your WordPress website includes the following steps:  Compress WordPress Files First, you need to clone your website is to compress all the files and folders in your public_html directory. For the same, follow the below steps: Log in to your cPanel as a root user. Navigate to the ‘File Manager’ and select the ‘public_html’ directory of your WordPress installation. Then, select all the files and right-click to select the ‘Compress’ option.   Then, select the compress file type and enter the name of the compressed archive. Click the ‘Compress File(s)’ button. Upload the Compressed File After the download, you can upload the compressed file to the new hosting location via FTP or SSH. The SSH is faster than the FTP upload. To upload the compressed file to the new location, follow the below process. Log in to the new hosting location via SSH as a root user. Switch to the folder in which you want to upload a copy of your WordPress website. Make sure that the folder is empty. If it is not empty, save all the essential files and folders to a safe location and then run the following command to empty the folder. # rm -rf * Then download and unzip the generated zip file. # wget </URL/of/the/Zip/File> # unzip <filename>.zip Replace the </URL/of/the/Zip/File> and <filename> flags in the above commands with the actual URL of the website zip file and name of the file, respectively. Database Migration All the web files got uploaded to the new location. After that, we need to import the database to the new location. To export the database from the current location, and then import it to the new location, follow the below process. Log in to the database manager (phpMyADmin) and select the database. Navigate to the ‘Export’ option and download the ‘.sql’ file. Then, log in to the new database manager and click the ‘Create Database’ button. Navigate to the ‘Import’ option. Click ‘Choose File’ and upload the downloaded ‘.sql’ file. Update the wp-config.php Next, you need to update the wp-config.php file to make sure that the WordPress installation on the new location gets connected with the new database. Go to the ‘public_html’ folder and open the ‘wp-config.php’ file. Then, enter the new database credentials. Conclusion Website cloning is the process of creating an exact duplicate of your website. By using this clone, you can create blueprints, perform updates, test compatibility, and more before implementing the changes on your website. We hope this knowledge base was helpful to you. Please comment below for any questions or queries. If you are an YISolutions customer, please reach out to our support team for further help.

As we already explained what is WordPress MU or WordPress Multi-site  – Let us show you how you can install one in few clicks under cPanel with the help of Softaculous. Login to cPanel: (If you do not remember cPanel login details, feel free to reach our support) Select WordPress from Softaculous App Installer     Click on Install Now:  That will select the latest version of WordPress version available under Softaculous app installer.     Select HTTPS protocol:  We offer FREE SSL for domains hosted under Shared hosting plans which use our hosting plan’s nameservers. Select the correct domain name. It is recommended to remove WP from directory field.  Softaculous by default populate a default directory name to avoid users overwrite an existing WordPress installation under domain root folder. Select Enable Multisite (WPMU) : This will create a WordPress Multi-site installation once you complete the setup.     It is recommended to follow these additional configurations to keep your WordPress secure by enabling auto-update and daily backups    

Very first question sparks your mind post ordering a Shared Web-hosting plan might be – How to migrate your WordPress website from old web-hosting provider to YISolutions. What if we told you that there is a single button click WordPress data migration option available for a Shared hosting cPanel users. Isn’t it something interesting!  Yes it is. This awesome option is available through Softaculous app installer tool we offer under Shared Linux Hosting plans. Here are few steps you shall follow to import WordPress data from an active control panel which supports FTP.   Login to cPanel: (If you do not remember cPanel login details, feel free to reach our support) Select WordPress from Softaculous App Installer Click on Import button you see post loading WordPress Installation page from Softaculous     Fill in the requested details of your previous hosting provider and select the correct domain name under Destination >> Choose Domain     Click on Import and wait for the import to be completed.     This is one of the safest way to migrate in a complete WordPress installation to YISolutions shared hosting cPanel servers.