Best WordPress Plugins to Boost Your Business Site’s Performance

Most corporate websites are extensions of real-world businesses that want to create an online presence. In the real world, these companies most likely have real-time tools and metrics in place to determine how the business is doing at any given point. Reports and analysis are part and parcel of normal operations as is marketing campaigns and feedback. Does this apply to the company’s online presence?

The online address of a company serves as a virtual business card cum portfolio cum marketing tool which the company can use to expand their reach. It is not unusual for business owners to expect that the same measurables to be derived from their corporate website. The ability to track, measure, and analyze data extracted from online activities is one of the key things a business owner needs to be able to do to be able to asses the effectiveness of the corporate website.

Here are some of the best WordPress plugins and tools you can use to enhance the efficiency of as well as measure the viability your business website.

Site Security and Backup

iThemes Security (formerly Better WP Security)

iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software. iThemes Security works to fix common holes, stop automated attacks and strengthen user credentials. This plugin hides common WordPress security vulnerabilities, preventing attackers from learning too much about your site and away from sensitive areas like your site’s login, admin, etc. iThemes Security works to protect it by blocking bad users and increasing the security of passwords and other vital information. This plugin monitors your site and reports changes to the filesystem and database that might indicate a compromise, works to detect bots and other attempts to search vulnerabilities, and makes regular backups of your WordPress database, allowing you to get back online quickly in the event of an attack.

WordPress Backup to Dropbox

WordPress Backup to Dropbox keeps your valuable WordPress website, its media and database backed up to Dropbox in minutes and on a regular basis. Simply choose a day, time and how often you wish your backup to be performed and just wait for your websites files and an SQL dump of its database to be dropped in your Dropbox account.

Wordfence Security

Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups. Key features include: real-time blocking of known attackers, two factor authentication used by banks, government agencies and military world-wide for highest security authentication, includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets, block entire malicious networks, etc.

Site Statistics and Analytics

Google Analyticator

Google Analyticator adds the necessary JavaScript code to enable Google Analytics logging on any WordPress blog. This eliminates the need to edit your template code to begin logging. Google Analyticator also includes several widgets for displaying Analytics data in the admin and on your blog. It supports Universal (analytics.js) and traditional analytics (ga.js), includes an admin dashboard widget that displays a graph of the last 30 days of visitors, a summary of site usage, the top pages, the top referrers, and the top searches, supports outbound link tracking of all links on the page, including links not managed by WordPress, and many other features to support Google Analytics on your site.

Google Analytics for WordPress

Google Analytics for WordPress plugin allows you to track your blog easily with lots of metadata, views per author & category, automatic tracking of outbound clicks and pageviews. This plugin uses the asynchronous Google Analytics tracking code, the fastest and most reliable tracking code Google Analytics offers. It features simple installation through integration with Google Analytics API where its as simple as authenticating and selecting the site you want to track. You can also easily connect your Google AdSense and Google Analytics accounts.

Site Content Management

Editorial Calendar

The Editorial Calendar plugin makes it possible to see all your posts and drag and drop them to manage your blog and gives you an overview of your blog and when each post will be published. You can drag and drop to move posts, edit posts right in the calendar, and manage your entire blog.

Zedity™ The Easiest Way To Create Your Content

Zedity™ is an innovative Editor to create your posts or pages amazingly easily, quickly and hassle-free with no technical skills required. It gives you total flexibility and unprecedented possibilities to create any desired design, as easily as if done on a piece of paper. Key features include: content in posts and pages that scale down accordingly to your responsive layout, additional content boxes (color box, document box, HTML5 box), audio and video embed capabilities, snap and alignment positioning, and so many other features.

WP Fastest Cache

WP Fastest Cache plugin creates static html files from your dynamic WordPress blog. Performance enhancement features include: Generating static html files from your dynamic WordPress blog, Minify HTML (decrease the size of page), Minify Css (decrease the size of CSS files), All cache files are deleted when a post or page is published, Enable/Disable cache option for mobile devices, Leverage browser caching which reduces page load times for repeat visitors, etc.

SEO

WordPress SEO by Yoast

WordPress SEO by Yoast plugin, designed and developed by WordPress Consultant Joost De Valk, is the most complete WordPress SEO plugin that exists today for WordPress.org users. It incorporates everything from a snippet preview and page analysis functionality that helps you optimize your pages content, images titles, meta descriptions and more to XML sitemaps, and loads of optimization options in between.

Heartbleed Could Affect Your WordPress Site

A critical OpenSSL vulnerability nicknamed “Heartbleed” was discovered recently and you need to know whether your information could be impacted. What is Heartbleed anyway?

What is Heartbleed

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs). (source – Heartbleed.com)

Basic Things You Should Know About Heartbleed and OpenSSL

  • The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software.
  • OpenSSL is a library that provides cryptographic functionality to applications such as secure web servers. Be sure to read the documentation of the application you want to use. The INSTALL file explains how to install this library. OpenSSL is based on the SSLeay library developed by Eric A. Young and Tim J. Hudson and the OpenSSL toolkit is licensed under an Apache-style licence which basically means that you are free to get and use it for commercial and non-commercial purposes.
  • The Heartbleed bug compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content.
  • The Heartbleed bug allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
  • The Heartbleed bug is not a design flaw in SSL/TLS protocol specification. It is an implementation problem, i.e. programming mistake in popular OpenSSL library that provides cryptographic services such as SSL/TLS to the applications and services.

Should You Be Concerned?

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encryption doesn’t prevent hacking but it reduces the likelihood that the hacker will be able to read the data that is encrypted. Encryption is used to protect secrets that may harm your privacy or security if they leak. This bug has compromised secrets in four categories:

  • The Heartbleed bug leaked primary key material – the crown jewels – the encryption keys themselves. Leaked secret keys allows the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will.
  • The Heartbleed bug leaked secondary key material – the user credentials (user names and passwords) used in the vulnerable services.
  • The Heartbleed bug leaked protected content – actual content like personal or financial details, private communication such as emails or instant messages, documents or anything seen worth protecting by encryption handled by the vulnerable services
  • The Heartbleed bug leaked collateral – Leaked collateral are other details that have been exposed to the attacker in the leaked memory content. These may contain technical details such as memory addresses and security measures such as canaries used to protect against overflow attacks. These have only contemporary value and will lose their value to the attacker when OpenSSL has been upgraded to a fixed version.

OpenSSL is the most popular open source cryptographic library and TLS (transport layer security) implementation used to encrypt traffic on the Internet. You may be directly or indirectly affected if your popular social site, your company’s site, commerce site, hobby site, site you install software from or even sites run by your government might be using vulnerable OpenSSL.

Users of OpenSSL versions 1.0.1 through 1.0.1f with the heartbeat extension enabled are affected. OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

OpenSSL version 1.0.1g addresses the vulnerability, as well as OpenSSL instances compiled without the heartbeat extension.

What You Can Do

  • If you are not using OpenSSL on your servers (or are not hosted on one of our Shared hosting plans), you are not affected.
  • If you do use OpenSSL, identify which servers are running OpenSSL (versions 1.0.1 through 1.0.1f are affected).
  • Update to the latest patched version of the software (1.0.1g), or recompile OpenSSL without the heartbeat extension, if applicable.
  • Reissue any SSL certificates on affected web servers after moving to a patched version of OpenSSL.
  • Test your SSL installations. You can also test your site here: http://filippo.io/Heartbleed/
  • Revoke any certificates that were replaced. Please revoke AFTER the reissue has been completed and you have successfully installed it on your web server.
  • Consider resetting end-user passwords that may have been visible in a compromised server memory.

Helpful Resources regarding Heartbleed

It is wise to take all the necessary precautions but without allowing panic to come in. Learn all you can and act accordingly.

Secure Your Interwebs With Sucuri

Malware infestations, blacklistings, Google warnings, malicious software, infected domain, suspicious activity, phishing – not exactly the landing page you want to welcome your visitors with, right? But if you have experienced the dreaded Google warning splash page (just like the dreaded blue screen), it is a cause for concern.

Hackings and other website attacks are becoming more prevalent nowadays. Not that they weren’t before but these malicious activities never went away either. They’ve just become a little bit more sophisticated than before. Government websites, large hosting websites and the more popular and well-known websites seem to be a favorite target but the truth is – no website is immune from these attacks. It is projected that the total number of websites in 2013 will reach 1 Billion and 2 Billion in 2015. (source: toni.org) That’s a lot of www candidates right there. Of course, you can reason away that your website is totally insignificant compared to the 999 million other websites that can be targeted by a malicious attack. On the other hand, yours might just be THE one. Hopefully not.

The impact of a website attack can be devastating especially if it is an eCommerce or a highly monetized site. Not only do you lose a lot in terms of time, lost data, missed sales opportunities and potential business income due to messed up systems and lost traffic, these attacks also affect your site’s credibility and reliability which are the most important currencies any business can have online. Once the public becomes aware of the attack, caution sets in and transactions become paralyzed. The possibility of being blocked or blacklisted becomes a total nightmare. The website owner is now faced with an unnecessary battle of perceptions that could have been prevented in the first place. How can this battle be prevented and how can you, the website owner, protect your peace of mind from potential attacks?

Sucuri Security is a company that offers a security service that detects unauthorized changes to network (cloud) assets, including web sites, DNS, Whois records, SSL certificates and others. It is also heavily used as an early warning system to detect Malware, Spam and other security issues on web sites and DNS hijacking. Sucuri shot into the limelight when GoDaddy hosted sites were attacked and exploited. They were the company that conducted the cleanup operations for them. Sucuri is not a malware protection software to be installed on your site. The company provides a monitoring service to protect your website from any malware, threats of intrusion, infections, and the like. This extra layer of protection is an assurance for both you and your clients or customers that any information exchanged on your website will not be compromised.

You can get a free analysis for your website from Sucuri. Just visit their website and have your website checked anytime. They also have a free plugin that can be downloaded from the WordPress plugins page. This plugin is free but works best in tandem with their security service packages. To learn more about these service packages, check out their website to see which one matches your requirements. The investment you make today to secure your website can save you so much headache in the future.

Visit Sucuri.net to get your free analysis. Download the free plugin from WordPress.

Get Sucuri Now!