1. Stop using the admin username

Often beginners use very common usernames such as admin, administrator, test, root etc. Our friends over at Sucuri reported those usernames are being heavily targeted right now. If you have a generic WordPress username such as admin, then you should change it right now.

We have an easy to follow tutorial that will show you how to change your username in WordPress.

2. Use a strong password

Please, please, please use a very strong password. These brute force attack tries to target all the most common passwords that people use. A strong password contains uppercase and lowercase letters, numbers, and symbols. Do not use the same password at more than one location. It is never too late to start using a password management solution like 1Password or LastPass.

3. Keep Good Backups

The best security you can have for your website is a great backup solution. We are using VaultPress which is a monthly service. However, if you don’t like to pay monthly, then we highly recommend that you get BackupBuddy.

Please keep good backups of your site because most hosting companies do not.

4. Use Two Factor Authentication

Start using two-factor authentication. This way even if someone guesses your password, they can’t access your site because they don’t have the security code. We highly recommend that you do this right now.

5. Password Protect WP-Admin and Limit Login Attempts

We always recommend our users to limit login attempts. However, this alone cannot protect all the attacks because this botnet contains 90,000 IPs. Another thing you can do is password protect your WP-admin directory. You can also limit your wp-login.php file to a specific IP.

6. Start using Sucuri

If you are not using Sucuri, then we highly recommend that you start using Sucuri. They are always on top of things, and there is no one else we would trust more when it comes to our WordPress security. See 5 reasons why we use Sucuri.

We are not sure what is the end goal for these attacks, but whatever it is we would hate to see our users fall prey to this. Please keep your sites up to date, and follow all the tips above.

To leave a comment please visit WordPress Brute Force Attacks, and What You Need to Do About it on WPBeginner.

Better Editorial Controls

WordPress 3.6 will be a great update particularly for bloggers and content publishers. It is focused on post edit area, providing better tools and support to improve the editorial process of creating content with WordPress.

Post Lock

WordPress 3.6 will have an editorial control feature, called post lock. This will allow website administrators and authors to lock a post so that other users can not work on the same post until it is unlocked. If the other user has the rights to edit a post, then they will be prompted to either go back or take over. This is a very neat feature for blogs with multiple authors.

Improved Autosave

WordPress 3.6 will be focused on content editing, so the auto-save feature will see some great improvements. There are talks about saving unsaved changes in browser’s local storage. This will be very helpful because it will prevent you from losing posts due to expired cookies, loss of internet connection, inadvertent navigation, plugin or core errors on save, browser crashes, OS crashes, cats walking on keyboard, etc. If any of those happen, you would be able to resume editing exactly where you left it.

The goal is to get people to trust WordPress with their posts. The autosave feature was introduced for this vary reason because people were afraid of losing their work. This is the reason why many use third-party applications like Windows Live Writer to write their WordPress posts. The hope is that by enhancing the auto-save feature, many users will begin to trust the WordPress autosave capabilities.

Better Handling of Post Revisions

Post Revisions will now reflect the changes between different versions. Changes will be highlighted with colors and visual elements, so you will be able to quickly notice the difference between them.

Editorial Workflow

There were talks of integrating one of the best editorial workflow plugin into core. However due to time constraints, this feature will not be added in WordPress 3.6. The efforts weren’t wasted because it brought to surface many challenges involved in the process. This will allow the core team to prepare in advance for next release. (See Mark Jaquith’s Explanation). Well nothing to worry about. You can still use Edit Flow plugin (we’re using it).

New and Improved UI for Post Formats

As you know that WordPress has support for Post Formats and custom post formats. However, the old interface was not very noticeable. In WordPress 3.6, there will be a new user interface for post formats. Users will be able to choose and switch between post formats, and the edit area will change based on the post format. Inspiration for these changes comes from Alex King’s post format UI plugin, we showed you earlier how to install Post Format UI Plugin in WordPress 3.5. Folks are submitting ideas and wireframes as to what Post Formats UI should look like. Below is a mockup submitted by Mel Choyce:

Twenty Thirteen

WordPress 3.6 will also come with Twenty Thirteen, the new default WordPress theme. Twenty Thirteen will have great support for post formats. Unlike previous WordPress default themes, Twenty Thirteen will be using lots of bold colors. It will use different background color for each post which looks great when a user scroll downs the page. Twenty Thirteen will be fully responsive and will look equally great on different screen sizes, resolutions, and devices. See the live demo.

A New GUI for WordPress Menus

The WordPress Menu editor will also get a new and more intuitive user interface. At WPBeginner, we noticed that a lot of WordPress beginners don’t understand the menu system. The tabs, menu drop down, choosing multiple menus and switching between them is trivial to most new users. Hopefully this will change in WordPress 3.6, and it will become easier to create and manage Menus in WordPress.

Improved Login Notifications

Sometimes a user session expires right in the middle of something important. The new login notification system will ask a user to login without leaving the page they were working on.

There is still some time left in the release of WordPress 3.6. This is a major release so apart from these new features, there will be several improvements to the core code, bug fixes, security updates, etc. Remember you can always submit your ideas for WordPress, the highest voted ideas will be included in upcoming versions of WordPress. What new features you would like to see in WordPress? What’s your favorite feature of this WordPress 3.6 release? Let us know in the comments below.

To leave a comment please visit What Features are Coming in WordPress 3.6 on WPBeginner.

Check out this short video that summarizes the things we think you will find interesting in WordPress 3.5.

Lastly, don’t forget to upgrade to WordPress 3.5.

To leave a comment please visit WordPress 3.5 – “Elvin” is Released on WPBeginner.

After ordering, it took a few days for our cards to get here. From the very first impression, we started to appreciate Moo’s attention to details. The cards came in an elegant little box with magnetic closures which was wrapped in a purple ribbon fastened by what looked like a stamped wax seal. Literally, our first impression was WOW.

Crazy huh? Most business card companies just send you a crappy paper box that you can’t even carry with you for more than one event. This unboxing experience really won our heart. The cool thing about this box was that it was SOLID and had magnetic closures. You can carry it with you for events without ever risking your cards being bent. We have already carried it with us to two events, WordCamp Raleigh and WordCamp Orlando.

So, you think the box was awesome? Wait till you see the business card. We ordered their Luxe Business Cards that sounded really good on their website. The luxe card is printed on a very high quality paper, so when a person holds it, they can feel the quality and the weight. It is about 3 times thicker than an average business card. When we handed this card out at events, we got compliments from just about every person. People were like “Wow, this puts my card to shame. Where did you get it?” Now when you get this type of reactions, you know that you have made the right choice. Check it out in the picture below.

Did you notice the thickness of the card? It looks like that it is two cards glued together, but it is not. It is really one card. We chose to keep our middle color be black, but you can have it black, blue, pink, or white. Since we had a few extra credits, we ordered a business card holder. Most business card holders will probably ruin the quality of these cards. We got the holder that they call “The ShowCase”. It should really be called “The ShowOFF” because it is that good. It will get you tons of compliments because you have the coolest business card holder compared to everyone at the conference.

So at the first look, it is a sleek business card holder that flips open. At least that is what most people will think. But there are times when you are talking in a group, and everyone wants to exchange business cards. That’s the perfect moment for you to use the sliding ability which they call it “fan out”.

A word of advice, practice the flip and sliding feature with one hand. It looks so much cooler. Honestly, this was the best business cards we have ever had. With their attention to detail, awesome presentation skills, and super high quality product, Moo has convinced us to be a lifetime user.

If you were looking to order business cards for your company, then we highly recommend checking out Moo Cards.

To leave a comment please visit WPBeginner got Moo’ed – Moo Luxe Business Cards Review on WPBeginner.

Clifden – $39

Simplicity – $39

More+ Responsive Theme – $39

Beta Responsive Theme – $39

Vixen Responsive Theme – $39

Stella WordPress Theme – $39

Zenbox – $39

NEO Responsive Full Screen theme – $39

Mapify.it – $52

Suheto – $39

Zone4 – $37

Studio London – $39

Betty WooCommerce Theme – $42

Modest – $37

Next Slider – Responsive Slider plugin – $20

Mojo Newsletter Plugin – $15

Again, this offer will end soon. It comes once a year, so take advantage of it while you can.

To leave a comment please visit Mojo Themes Cyber Bundle – $594 value for Only $29 on WPBeginner.

If you don’t find anything here, then check out our WordPress coupons section which always have great deals for WPBeginner users.

Get MaxCDN for $1

MaxCDN is the best WordPress CDN provider. We are using them on our site to speed up WordPress. Normally, they charge $39.95 for the first TB of bandwidth. For this black friday, they have a special offer where they are giving away the first TB for only $1. You pay as you go. For most bloggers, this 1TB lasts about a year. For really high traffic sites, you can burn through this in a day.

Get MaxCDN for $1

Mighty Deals Birthday Bundle

Mighty Deals is celebrating their birthday with an amazing bundle. The bundle is valued at $4535, but you can get all the goodies for only $47. Yes that is a steal. It mainly includes icons, stock images, backgrounds, and tons of other designer goodies.

Get Mightly Deals Birthday Bundle

Bluehost 50% OFF and a Free Domain

Bluehost one of the oldest web hosting compnanies in the industry is offering WPBeginner users 50% off their normal packages. You can get the hosting for as low as $3.95 per month. It also comes with a free domain name. Bluehost is officially recommended by WordPress.org as well.

Get Bluehost Hosting now

30% off Standard Theme

Standard Theme is consistently voted the best blogging theme by WPBeginner and other popular sites like Mashable. They normally do not offer discounts, but for this black friday, they are offering 30% off their licenses.

Get 30% off on Standard Theme by using the coupon “BF2012”

StudioPress 25% OFF

StudioPress is the company that is behind the most popular theme framework, Genesis. We used that vary framework to build our custom child theme for WPBeginner. For this black friday, they are having a special 25% off discount deal that starts right now, and will go on until Monday.

You can get Genesis Framework for only $45. Our advice would be to purchase their Pro-Plus package which comes with all 46 current themes, plus every design that they make in the future. You will save over $950 off the retail price.

Get StudioPress Black Friday Deal Now

iThemes 50% off the Toolkit

iThemes is one of the well-respected theme and plugin shop. They are doing a 50% off on their WordPress web designer’s toolkit. This toolkit puts all the tools in your hands to build a WordPress web design business. Normally it costs $825, but until December 21st, you can get it for $412.50.

The toolkit includes everything that iThemes make. This includes 160 WordPress themes, 20 plugins (including BackupBuddy), 400+ hours of training videos and 3-day-info packed WordPress developers course.

Don’t miss out on this amazing opportunity. Headover to iThemes to check out this special. Look at the big green bar they have on their homepage.

25% OFF Gravity Forms

Gravity forms is the best form management solution in WordPress. You can use it to generate leads, accept payments, accept guest posts, and much more. They have a special 25% off discount for WPBeginner users.

Use the Gravity Forms coupon “wpbeginner” to take advantage of the deal.

Get Gravity Forms Now

Headway Themes 33% OFF

Headway Themes, the most beginner friendly theme, is offering 33% off discount on their theme and extensions. This is the first true drag & drop theme which allows beginners to customize their WordPress themes using their visual editor.

Use the coupon: hwblackfriday to get 33% off.

This deal will end on Tuesday, November 27th, 2012.

WPEngine $25 OFF first 3 months

WPEngine one of the most well-reputed managed hosting company which normally doesn’t hand out discounts like these is also offering a coupon for black friday and cyber monday.

You will get $25 off your first 3 months of service if you use the coupon blackcyber

This deal will expire on Monday the 26th of November.

40% OFF ThemeJunkie

Theme Junkie is offering 40% off all their packages for this black friday. This means you can get their 1 year membership for just $41.

Use the coupon: Black to take advantage of this deal.

30% OFF ThirstyAffiliates

WordPress affiliate link management plugin, ThirstyAffiliates is giving 30% off to WPBeginner users for this special occasion. This deal would be live from November 23 – Nov 26th.

Use the coupon BEGINNER30 to get 30% off ThirstyAffiliates.

40% off Themify

Themify has a beautiful collection of WordPress themes. They are offering 40% off all their themes, and even their club memberships.

Use the coupon “BLACKFRIDAY” to get 40% off Themify

Save 33% off Pippity

Want to build a larger email list? Then Pippity is just the plugin you need. It allows you to create beautiful lightbox popups with great targeting, so you can boost your email list growth. Some folks have reported over 300% growth after first installing the plugin. We at WPBeginner also use this plugin.

You can get 33% off Pippity if you use the coupon “blackfriday”

Get 20% OFF WooThemes OR 5 in 1 Deal

WooThemes one of the very well known theme companies is having a 20% off everything on their themes and products. If you spend more than #200, then you will get an extra 5% discount. If you spend $300, then you will get an extra 10% discount. If you spend $400, then you will get an extra 15% discount. Yup, so in total you can get 35% discount specially if you buy addons for their popular WooCommerce plugin.

For those who are not interested in this deal, they also have Buy 1 Theme get 4 Bonus themes for free. So its like a 5 in 1 deal.

All you have to do is go to WooThemes site. The details are there. This deal is good till November 30th.

We will be adding more deals as we find more. Hopefully, you can take advantage of some of these limited time deals. Have a happy thanksgiving.

To leave a comment please visit Black Friday / Cyber Monday 2012 WordPress Deals – Big Savings on WPBeginner.

Links/Blogroll is Hidden

We wrote about this in September that Link manager aka Blogrolls will be hidden in WordPress 3.5. In the past, we used the wording “sort of removed” which confused the heck out of people. If you are using the link manager currently, then it will stay as is. However, for those users who do not use it or have a fresh install of WordPress 3.5, the link manager will be hidden by default.

You can enable the link manager feature by using the plugin Link Manager.

This decision was made to make the core of WordPress lighter and leave specific functionality to plugins.

New Welcome Screen

WordPress admin panel can be pretty complicated for beginners. This is why we have the free WordPress videos course that guides you through the entire dashboard. In the continuous efforts of improving the user experience, WordPress team has decided to improve the welcome screen. The idea is to highlight all the basic tasks that the user may need.

Easy Plugin Install with Favorites

Often regular users and developers complained that installing the same list of plugins on multiple sites was difficult. Folks used to say, it would be really nice if we can just pull all of our plugins at one place in the dashboard. Then install them to our heart’s content. Well that wish has come true thanks to Otto. WordPress.org repository has a feature called Favorites. When you go to a specific plugins page, you see a favorite button below the download button.

You can favorite all the plugins you like and have them displayed on your profile. In WordPress 3.5, you can now see the list of favorite plugins of any WordPress.org user in your backend. All you have to do is go to the plugins tag and click Add New. Click on the favorites tab. Type your WordPress.org username or anyone else’s username. For example, if you type “smub”, you will get our favorite plugins.

Media Enhancements

WordPress Media uploader got a major overhaul. The user interface was improved to make it easy for WordPress beginners and average users. For example, there was no button to click Upload/Insert media. It just showed text with an icon. When training a client, we would say click on the add media button, and they will say where is that? Little things like these go a long way.

The big overhaul happened with the actual uploader. If you click on the Add Media button, you are taken to a new lightbox.

If you look at the screenshot above, you will see quite a few things that are different. The entire layout is different to make it all work. When you click on an image, instead of opening a tab with all the image settings, this keeps everything visible by showing image specific settings on the right. In the past, it was really hard for users to use built-in galleries. You could only use the images that you upload in the specific post, you would have to use all the images you uploaded unless you utilized the gallery shortcode and exclude each image manually. With this new interface, this problem is solved. You can select images using a visual interface (even fro the media library), and then create a new gallery. This gives you the option to exclude or include images at your will. You can also batch insert images in your post if you want.

The entire media experience is improved. It’s totally awesome.

Twenty Twelve Theme

A brand new default theme will be shipped with WordPress 3.5. Twenty Twelve is already available for download in the WordPress theme repository for those who want to use it. It features a clean responsive design using all the basic WordPress features.

Other Enhancements

Ofcourse there were tons of other enhancements and bug fixes. We will try to highlight some of them:

• Improved Static Front Page UI under Settings » Reading.
• Rename the “HTML” editor tab to “Text”
• Bug fix: Prevent child categories from being visually promoted to the top level after quick edit.
• HiDPI (retina display ready) dashboard.
• New Color Picker for Live Theme Demos
• Improved keyboard navigation and screen reader support.
• XML-RPC enabled by default
• Native oEmbed support for SoundCloud, Slideshare, and Instagram. It also supports SSL links now. But again, if you followed WPBeginner, and used our tutorials for Slideshare, Instagram, and SoundCloud, then you should probably remove them in WordPress 3.5. Because the core supports it already.
• Updated External Libraries – TinyMCE 3.5.6. SimplePie 1.3. jQuery 1.8.2. jQuery UI 1.9 (and it’s not even released yet). They have also added Backbone 0.9.2 and Underscore 1.3.3, and you can use protocol-relative links when enqueueing scripts and styles.
• WP Query can now ask to receive posts in the order specified by post__in.
• Improvement to Posts API – Major performance improvements when working with hierarchies of pages and post ancestors. Also, you can now “turn on” native custom columns for taxonomies on edit post screens.
• Comments API – Search for comments of a particular status, or with a meta query (same as with WP_Query).

So how do we know all of this? Nope, we are not any special than any other WordPress user. If you want to try the beta version of WordPress 3.5, then all you have to do is use the WordPress Beta Tester plugin. We DO NOT recommend that you use this plugin on a live site. Create a demo site, and use it there.

Which feature do you think is the best in WordPress 3.5? What are you looking forward to? Which feature you wish would’ve made it, but didn’t? Let us know in the comments.

To leave a comment please visit What’s Coming in WordPress 3.5 (Features & Screenshots) on WPBeginner.

As mentioned in our last article, one of the problems we identified was that people were not held accountable for their actions. They would rate something 1 star and leave. This could be done by a competitor plugin author and since there was no accountability, it was really easy to do it. With the addition of reviews, we will get rid of that problem because it adds accountability to each rating.

A user MUST write a review in order to make their rating count. The profile design is still not updated entirely to integrate this. Currently it just adds your rating in the activity tab where it says: “Started a new topic in WP.org forums”.

It would be neat if it says: Rated a plugin “Name of Plugin” – title of rating. Another nice addition would be if it shows rating + reviews under user favorite plugins list.

The reviews feature is really nice because you can always edit your review in the future if need be. Reviews are also threaded, so users can leave a comment on your review if they want. It would be nice to see a functionality like Amazon’s “Did you find this review helpful” to feature top reviews.

We understand that this is the first step in the right direction. Additional feature enhancements will be added in the future. Now the WP.org team has done their job. WordPress is nothing without its community. Please help others by rating and reviewing plugins that you use.

To leave a comment please visit WordPress.org Now Have Reviews for Plugins and Themes on WPBeginner.

Most hosting companies are charging $6.95+ / month if you signup for a 12 month package. Bluehost has agreed to offer WPBeginner users $4.95 / month if you signup for 12 months. If you signup for 24 months or 36 months, then you can get the prices lowered to even $3.95 / month. On top of that, you get free domain registration of your choice. When signing up, simply type the domain name you want in the box “I need a Domain Name”.

Bluehost is one of the oldest web hosts around the web (started in 1996). Since then, they have become a huge brand in all of web hosting including WordPress hosting. They are an official “WordPress.org” recommended hosting provider as well. In our experience, they have great support. We can vouch for them because we know some amazing people who works there.

You are probably wondering how can Bluehost offer unlimited space and bandwidth for such a low price? This service is called shared web hosting which is by far the most popular type of hosting used by WordPress beginners. It is very affordable and quite frankly a good starting point for new users. In shared hosting, you share a large server with a lot of sites. By having multiple sites on the same server, it allows the host to provide the service at a much affordable rate. The biggest catch that we see with shared hosting across all providers (including this one) is the unlimited resources. There is no such thing as unlimited. While it says unlimited, you still have usage restrictions. If your site starts to take up substantial server load, they will politely force you to upgrade your account. If they don’t take this action, this can have a negative effect on the overall performance of other sites hosted on the same server. It gets back to conventional wisdom. As your business grows, so will your overhead cost.

We wanted to get that out of the way just to ensure that you are making an educated decision. If your website is getting millions of pageviews per month, then don’t expect to pay $3.95 per month for hosting. You have to get a VPS or even a dedicated server. Shared web hosting is a great way to start for new users, and small businesses because most folks don’t receive millions of pageviews their first month or even their first year. There is no reason why you should pay hundreds of dollars for resources that you won’t use.

Lastly, we want to mention that all links in this post are affiliate links. This means if you click on the link and purchase the item, we will receive an affiliate commission. Regardless, we only recommend products or services we use personally and/or believe will add value to our readers.

Signup with Bluehost Now to get the exclusive discount and a FREE domain.

To leave a comment please visit WPBeginner users Get a Free Domain and 50% off Bluehost Web Hosting on WPBeginner.

So why did we title it sort of? Well because it is only being disabled for new users by default. If you have link data in the database, then the link manager will stay as is. But if you don’t have any links, then it will be disabled. In other words, the code for the link manager still stays in the core. This is to make sure that this update doesn’t break your site or delete your data.

However, in the future the plan is to get rid of the link manager code base from the core and make it into a plugin. Andrew Nacin, one of the core contributor already created a plugin called Link Manager. Currently, the purpose of this plugin is to give new users the ability to enable the link manager in version 3.5 if they choose to.

If you are still using the Link Manager or want to use the link manager, then we ask why? You can achieve all that the link manager offers and more with the built-in WordPress menus. To see how, just look at our last article about this issue.

We are definitely excited to have one less menu item. What are your thoughts?

To leave a comment please visit Link Manager aka Blogrolls to be “Sort of” Removed in WordPress 3.5 on WPBeginner.