Blowing up the blog has proven to be as much an opportunity as it has an obstacle. I lost a few months of content, but had this blog been as old as my Jim Winter blog, Edged in Blue, it would have been a catastrophe. Since this site is still building its audience, I decided to use the rebuild failure to let some of you play along at home while I rebuild. That brings us to today’s topic, iThemes, which I’ll get to in a moment.
First, to recap. What happened? I had a login looping problem, something WordPress is susceptible to on multiple levels. Most likely, I deleted something in my original theme that should have been left alone or I overwrote something to do with cookies. If I cleared the cache in Chrome, I could login a few times before having to wreck all my stored settings again. So… Bye bye blog. Bye bye pages.
I reinstalled WordPress on my host, set the theme to Twenty Fifteen, and got to work on a new theme. Twenty Fifteen looks kind of plain, so I tracked down theme called RedLine that had a default moonscape as the title and a bit more color. So this will be the interim theme. Then I installed JetPack and set it up. JetPack provides many functions that make up the guts to sites hosted on WordPress.com, and a self-hosted site is pretty hamstrung without it. of My friend, Jennette Marie Powell, asked if I secured my site as well. Which brings us to today’s topic: iThemes.
iThemes is more than just security. It provides themes, backup utilities, and various other plugins for WordPress. I downloaded the security plugin and set it up. Took about half an hour. The first thing it asks you to do is back up your site. After last week’s debacle, you didn’t have to tell me twice. You have two options for backups. You can give WordPress write access to your local machine or server. I didn’t like that option as I need to access the site from multiple devices. Instead, I took the email option and set backups to run every three days. I get a zip file every ree days and save it to my OneDrive. I’m a convert to cloud storage and recommend you use it whenever possible. I seldom use my thumb drive anymore.
iThemes Security also has a number of features to lock down your site. It disables wp-admin and wp-login to prevent bots from hacking the site. It tracks login attempts and permanently bans IP addresses that continually fail to login properly. Sunday morning, I got an email from iThemes saying that an IP address had been blocked for the next 15 minutes. I tracked this back to Moscow. Yeah, screw you, Russian hacker. Stay out of my site.
Another thing iThemes asks you to do on setup is to change the salts on your WordPress database. Salt is an encryption keys used by MySQL to lock down your databse, where all your content is stored. I went ahead with this as the original salts were invisible when I setup. All this is managed by iThemes Security as long as you allow it to write to your .htaccess and wp-config.php.
There are other features, such as timed access and plugin restrictions. I passed on these as I don’t have a regular time I access the site, and I really need JetPack to function.
So far, iThemes has earned its rep. As I type this, it’s blocked two attempts to hack the site via 404 attacks, and it changed the way I get into the site’s back end. Finally, it’s given me a reliable way to backup and recover the site. So no more ham-handed wiping out the blog.