Web Development

Security Through Obscurity: Should you change your WP-Admin Directory?

February 5, 2021

One of the most common recommendations that you hear regarding WordPress security upgrades is to change the name of your WP-Admin directory. Does this really make much of a difference?

Not really.

Improving WordPress Security by changing the WP-Admin directory

So what does this do exactly? Well it makes it harder for a hacker to find your WP-Admin directory and attempt a brute force hack. That’s known as “security through obscurity,” and while it will prevent a certain number of malicious IPs from reaching your login screen, it won’t prevent sophisticated attacks in any real way. Here is what the WordFence Security experts have to say about this:

Changing your WP-Admin Directory Can Break Your Site

There are tons of plugins and themes that depend on wp-admin being located at /wp-admin. One common reason is that plugins or themes may rely on accessing the admin-ajax.php file, which is in the root of the WP-Admin directory. If you change this directory, the plugin or theme may not have the proper configuration to be able to find it at its new directory, and the AJAX call will fail. For many sites, changing this directory isn’t a viable option, and as you will see, it does little to protect your site at the end of the day.

Better WordPress Protection Against Brute Force

The security pros at WordFence have a great feature that detects brute force hack attempts and bans the IP address that attempted the hack. It then submits this IP to a blacklist, which includes blacklisted IPs from all over the world. Sites that are on this blacklist are not permitted to access your website.

The easiest solution for protecting your site is to ensure that every user has a strong password. This is critical. Your WordPress site security is only as bulletproof as your weakest armor, and if users are creating weak passwords, there will always be security issues. We recommend auditing password strength for all users automatically, and making sure that they are all using strong passwords. For an extra layer of security, you can also enable 2FA to force users to verify their login on new devices.

Contact Valier for a full WordPress Website Security Audit

To refer back to the armor analogy, its important to note that security issues with themes and plugins is the most common manner in which WordPress sites are hacked. It’s imperative that you keep WordPress website up to date, including themes, plugins, and WP-Core, and that you audit every plugin that you use to make sure you aren’t installing something that damages the security of your site.

The best way to make sure that you are doing everything you can from a security standpoint is to hire a WordPress security expert. Valier offers a fixed-rate audit for any WordPress site, which is a great way to make sure you are doing what you can to protect your website and your customers’ data. We will analyze plugins and themes, and perform a series of updates to make sure your site is safe and secure. We also offer ongoing WordPress security services, which includes premium security services and ongoing testing/updates. If you want to be a worry-free WordPress site owner, this is the way to go.

The Nostalgiaphiliac – Part 1

January 10, 2020

Well, its 2020. Two-thousand-and-twenty. Holy fuck.

What is it about the arbitrarily assigned significance of a new decade that is so captivating to humans? You see the same effect throughout all of numerology. It really pulls at my heart strings to think of the amazing memories that I have made over the past decade. Some of the memories are of joy, others of heartache. Some of accomplishment, some of failure. The beauty of all of that merged into a single thought – “last decade,” is almost too much to bear, yet I can’t look away or diminish its significance. I graduated from college and started my career in this last decade. I found the love of my life. I lived in three different states. A lot has happened!

The feeling of wanting to revisit some of these memories brought me to dig through my old portfolio, dating back to some of my first professional projects created back in 2010-2011. It was amazing to see how much I have grown since then, as a web developer, as a designer, and as an artist. Some of the work still stands on its own! Some of it, not so much. Either way, I am grateful for each learning experience and the abundance that this universe has provided for me. The truth is, I made a lot of sacrifices. I worked my butt off at multiple jobs all the way up until I landed my first full time professional gig. I had a lot of people help me out along the way, and I had a fair amount of luck. I am not one to bullshit – luck is a big part of it. In order for that luck to be converted into growth however, you have to put in the work. From January 1st 2010 – December 31st, 2019, in the voice of Mark Jackson, I. put. in. the. work.

To honor this time in my life and to reflect on the miles traveled, I am going to create a short professional journal right here in my blog. I want to go through each part of my career, discussing the connections, projects, relationships, and lessons learned along the way. I will speak as candidly as I can in respect to my current and past clients, as there is always a balance between professionalism and brutal honesty. There is also a fair amount of NDA stuff to avoid or rewrite, so don’t hate me if I have to flat out skip over some shit. Mostly, I hope to bask in the brilliant nostalgia, the humor of my failures, and turn the page into 2020 with a new-found sense of completion. I hope maybe someone who is starting a career as a developer or designer happens to come across blog and finds a nugget of wisdom or two, should I be able to dig any up to begin with.

Here we go…thank you for tuning in and your support!
– Merritt

The Nostalgiaphiliac, Part II: Design School

Anti-lytics: Let Data Inform Decisions, Not Make Them

December 8, 2019

The rise of analytics has ushered in a new era of business management. Once only obtainable through expensive market research, data is now available, and used by businesses of all shapes and sizes. Google Analytics, when used properly, is one of the most commonly used and powerful analytics tools on the market. Its also fucking free. Everyone is, or should be, using it. Sadly, many website owners misinterpret their website analytics data and rush off to hire a web developer fix things that aren’t actually broken.

Many website owners look to see improvements in two categories: pageviews and conversions. After all, a store that gets busier and sells more product is growing right? Perhaps, but if pageviews or conversions are not increasing, does that then mean that the business is dying? You see, this becomes an area where you want to dig deeper into the data and perform experiments in order to discover what is working and what isn’t. Maybe your product is missing a key feature. Maybe the prices are too high. Maybe your traffic is coming from off-topic search terms or bad advertising. All of this can be researched through a careful examination of the existing numbers.

Seasons Change, Data Does Too.

First, compare your data trends to previous quarters, then to one year ago, and then two years ago. Most websites go through natural fluctuations on a seasonal basis. For me, November and December are usually big months, while April and May are usually pretty slow by comparison. This is likely due to tax season fluctuations. Having been through a few years of this, I now know what to expect but initially I was caught off guard!

New websites haven’t been around long enough to demonstrate how the seasons will impact your analytics data. Your first year, your first quarter, and your first month are all experiments. You don’t have a large enough sample size at this point to fully understand the data, so you will have to rely on your professional instincts and short term experimentation to draw strong conclusions.

Where’s Your Traffic Coming From?

Where your traffic is coming from makes a big difference. Often times, this is reflected in your bounce rate. Think about it this way, if you ran an ad on the radio for a sale on cars but you actually run a billiards store, you would likely get a bunch of visitors who immediately turn around and leave once they see that you don’t have what they want. Your bounce rate is just that: customers who bail right away.

One of the best ways to analyze your bounce rate is to look at individual traffic sources and see where they are coming from. Start from your highest traffic pages and highest bounce rate pages, and go down the list. Are the visitors arriving through organic searches? Paid advertising? What are the search terms that are attracting them? For example, a user searching for “restaurants near me” and landing on a web page that talks about restaurants in a different state are going to leave. These people are hungry. Don’t do that to them, and don’t do that to your bounce rate, even if it means that your pageviews are improving.

Run experiments through A-B Testing

If you feel confident that your product is priced properly and your traffic is consistently coming from good sources, then its time to analyze the design of your site. To do this effectively, run an A-B test using Google Experiments so that you can compare and contrast page style and content variations so that you aren’t left guessing. The results will show you which page variation performed better, helping you to understand which parts of your website design are working better than others.

One good way to see if your website design is impacting your sales is to run a short A-B test where you put your product in a very simplified page. I’m not talking a page that sucks, just a page that is ultra minimalist – like this page. A page that this leaves little for the user to be turned off by in terms of design, so if it performs as poorly as your main product page, then you can bet that your website design isn’t impacting your conversion rate as much as your product is. Here’s the thing – a good web designer or developer is going to push you to isolate variables and take a good look at your entire online presence rather than just jumping into redesigning the site. This isn’t because they are proud of the site and are unwilling to change it, rather that they are willing to tell you not to spend your hard earned money on their services if they aren’t going to solve the problem.

…and cut yourself some slack!

The internet is an extremely competitive and confusing place. In 2019, there are a 1.8 billion sites and 51.8% of all internet traffic comes from bots. All Cyberdyne jokes aside, this means that most of the traffic coming to your site could be completely irrelevant. In the next article, I will show you how you can configure Google Analytics to filter out bot traffic and get closer to the truth!

– Merritt

Valier (pronounced “Va-leer”) is a boutique graphic design and website development studio focused on creating unique projects for unique clients. We work with companies and individuals that are pushing the boundaries within their industry and are looking for a partner in media development that can inject life and creativity into their marketing presence. With over 10 years of experience in the graphic design and website development industries, Merritt Lentz (Founder), has a proven track record of producing successful and innovative projects for a wide variety of clients ranging from artists and ski companies to government agencies and payment processing companies. Regardless of the size or complexity of your vision, we will help you hone in on a digital actualization of that vision and deliver a product that is rich and captivating.

How to use Google Drive and WAMP to Develop Websites and Applications on Multiple Computers

September 20, 2019

Creating the ideal local development environment is a key component of being an efficient developer, but it sometimes takes a bit of trial and error to create the website development environment that works best for you. One important component of this is finding a way to share files between your various dev stations so that you can quickly switch computers and pick up where you left off. For me, I prefer WAMP and Google Drive as my current weapons of choice. This may change over time, as it has many times before, but for now the following important tasks are accomplished with this workflow:

  • I can develop a website quickly without having to deal with FTP uploads
  • I can utilize popular tools like an SCSS preprocessor and Chrome Dev Tools to quickly see code changes persisted into the browser
  • All of the files that I want to share between machines are shared, and the files that I don’t want to sync are left alone
  • I am able to accomplish this with minimal additional cost as Google Drive includes ample storage with my existing plan

Step 1: Install WAMP

The first step, if you haven’t done this already, is to set up WAMP on your local machine: http://www.wampserver.com. I won’t cover how to install WAMP in this article as it is really straightforward and there is sufficient documentation on their website.

Step 2: Install Google Drive – Google Backup and Sync

Note that you will have to pick a storage plan that fits your storage needs. I am getting by on the 30gb plan that comes with my Google account. Here is the current location for this bad boy: https://www.google.com/drive/download/

During the installation process, you will be asked whether you want to backup folders from your Desktop (I chose not to) and whether you want to “Sync My Drive to this Computer.” The difference here is that My Drive is a special folder that is used for syncing files between multiple devices and the cloud, while the “Desktop” option will only backup your selected files to the cloud. For the purposes of this demo, you will want to choose to sync My Drive. You can also choose to just sync certain folders in your My Drive, which is recommended as it will help you organize your dev files from your standard shared files.

Step 3: Configure WAMP to use the Google Drive for syncing

Now that you have both apps up and running, its time for the fun part:

  • Go into your WAMP directory (for me I chose to install WAMP directly in my C: drive), click on the “www” folder, and then CTRL+C to copy it.
  • Navigate to your Google Drive folder. This is your My Drive folder that was set up by Google Drive during the installation process.
  • Paste the “www” folder in this directory, or in a subdirectory if you prefer to add an extra layer or two of organization.
  • Go back to your WAMP directory and go to bin\mysql\mysql5.7.24. Copy the “data” folder
  • Navigate back to the Google Drive folder where you pasted the “www” directory, and paste your “data” folder there.
  • Start WAMP, click on the tray icon, then go to Apache > httpd.conf to open it in a text editor:

Replace DocumentRoot and Directory variables to point to your new “www” location. In my case, these are on line 263 and 264:

  • Save that sucker, then open up your httd-vhosts.conf file using the same method as you used to open the httpd.conf file. As you can see in the screenshot above, they are right next to each other in the WAMP tray menu.
  • Replace DocumentRoot and Directory variables to point to your new “www” location. In my case, these are on line 6 and 7:
In this screenshot, you can see an example where the “www” folder has been nested inside a “Sync” folder. You can place this file wherever you want really. The important part is to make sure that you replace the variables with YOUR www directory location.

SWEET! Now WAMP is set up to look for your files in the Google Drive directory. Now lets get it set up to look for your databases there as well. Open up your my.ini file from the WAMP tray icon:

Replace the datadir variable to point to your new “data” location. In my case, this is on line 47:

Save that file, then restart all WAMP services. That’s it! Your done! Well…kinda. You still need to test it out. You could create a simple test.html file in your new www folder and then navigate to it in a browser. In my case, the URL for the test file would be: localhost/test.html

Syncing with other computers

So now you have one computer that shares its key WAMP folders with the cloud. To also have access to these on another computer, you need to follow the exact same steps as the steps above on each computer. The only difference is that your directory for the “www” and “data” folders will likely be unique for each computer.

Parting notes

When I was setting this up, I ran into a small issue – my file permissions prevented Windows from starting Apache and MySQL. To fix this, you just need to navigate to your Google Drive folder, right click, go to “Properties > Security > Advanced > Enable inheritance.” This process may take a while depending on how many files are in your My Drive folder, but it should fix the permissions issue.

About Valier

Valier (pronounced “Va-leer”) is a boutique graphic design and website development studio focused on creating unique projects for unique clients. We work with companies and individuals that are pushing the boundaries within their industry and are looking for a partner in media development that can inject life and creativity into their marketing presence. With over 10 years of experience in the graphic design and website development industries, Merritt Lentz (Founder), has a proven track record of producing successful and innovative projects for a wide variety of clients ranging from artists and ski companies to government agencies and payment processing companies. Regardless of the size or complexity of your vision, we will help you hone in on a digital actualization of that vision and deliver a product that is rich and captivating.

Modern WordPress Development in the Gutenberg Era

September 11, 2019

WordPress has gone through a number of changes over the course of its life cycle. I know of at least one major developer who even considers WordPress to be a legacy application – meaning that it has passed beyond the the peak of its life cycle. From a popularity standpoint I’d say that’s pretty debatable considering the number of sites out there that are using WordPress. However, what they are referring to is just the overall architecture of the WordPress platform and how it compares to some of the new(er) kids on the block.

React app development, for example, has really taken the development world by storm, and in many cases, slower PHP based applications are being phased out in a lot of cases for JavaScript applications. There are pros and cons to either language, but what is important to keep in mind is that WordPress will still continue to have a place in as a marketing tool for years to come. It’s just that popular. Because of this, the demand for WordPress development will keep a lot of developers very busy coding WordPress themes and plugins. So how do we take a 10 year old PHP platform and modernize it using modern libraries like React?

Enter Gutenberg

The biggest change in the WordPress website development world is the implementation of Gutenberg as part of the WordPress core. Gutenberg basically allows WordPress to function as a block editor by replacing the popular but now somewhat dated feeling WYSIWYG editor. The Gutenberg block editor is both great and frustrating to use at times, but it does represent a major milestone in the life cycle of the WordPress platform. Most importantly, it indicates that WordPress is adapting and growing. Guess what Gutenberg is built off of? React. Want to build a new Gutenberg block for your WordPress site? You are going to have to dig into some React development.

Gutenberg offers a number of advantages in terms of being able to organize content in a way that is efficient and consistent. Take the YouTube Gutenberg block for example: in the past you would copy and paste the embed code from YouTube and style the resulting iFrame if necessary. These days? Simply add a new block, select “YouTube” from the list of available blocks, and add the video ID. The best part is that if you then want to move the video to a new place on the page, you can click and drag the block to a new location.

Hey look its a Gutenberg block with a video about Gutenberg blocks. That’s some “Inception” shit right there.

Update your WordPress site and start using Gutenberg

At Valier, pride ourselves in being able to deliver highly customized WordPress packages to our clients. Lately, we’ve been focusing on creating custom blocks for the Gutenberg Editor to give our clients even greater control over how their WordPress site performs, looks and functions. If your WordPress site launched before Gutenberg was released, then there are likely a number features that you are missing out on.

We design, develop, and manage WordPress sites for clients located all over the globe. If you are looking to modernize your WordPress site and start taking advantage of the Gutenberg block editor, get in touch with Valier.

WordPress Gutenberg Updates – Get a Free Quote