How to Add No Right Click on WordPress Images

Do you want to stop users from stealing images on your WordPress site?

While there is no complete solution to prevent image theft on your website, there are some measures that you can take to make it a bit harder for users to save images from your website.

One such solution is to add no right-click popup to your images. You can do that in WordPress by using plugins that disable right click and make it difficult to download images from your website.

In this article, we’ll show you how to add no right-click on WordPress images and galleries. We’ll also talk about alternative approaches to discourage users from stealing images off your website.

Adding No Right Click on WordPress Images

First, you need to install and activate the No Right Click Images Plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, go to Settings » No Right Click Images page to configure plugin settings.

The default options would work for most users, but you can still review and change them as needed.

The first option allows logged in WordPress users to right-click on images. ‘Disable Dragging of images’ option prevents users from dragging an image from their browser to their computer.

‘Disable Touch events’ options prevents users from using touch devices like mobile phones to download images. It is the no right-click solution for smart phones and tablets.

You can also disable gestures and context menu on Apple devices.

After reviewing the settings, don’t forget to click on the ‘Save changes’ button to store your changes.

You can now log out of WordPress and then visit your website to see the plugin in action.

Adding No Right Click on Image Galleries

The above solution works for all images on your website. However, a lot of users who want to protect their images are photographers and people sharing their work through galleries.

This is where Envira Gallery comes in. It is one of the best WordPress gallery plugin on the market and comes with a protection addon that disables right-click for your image galleries.

First thing you need to do is install and activate the Envira Gallery plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit Envira Gallery » Settings page to enter your license key. You can find this information under your account on the Envira Gallery website.

Next, you need to visit Envira Gallery » Addons page. Scroll down to the Protection addon and then click on the Install and Activate button.

Now you can start creating image galleries using the Envira Gallery plugin.

Let’s create your first image gallery and enable no-right-click protection for images in that photo gallery.

First, you need to visit Envira Gallery » Add New page to create a new gallery. Provide a title for your image gallery and then upload the files you want to add to the gallery.

After that, you need to scroll down to the gallery setting section below and click on the Misc tab. From here, go to the image protection settings section.

You need to check the ‘Enable Image Protection’ checkbox to disable right-click for this particular image gallery. Optionally, you can also show a popup notification when users try to use right-click.

You can now click on the publish button to save your image gallery.

Adding Your Gallery to a WordPress Post or Page

Your image gallery is ready, and you can now add it to any WordPress post or page. Simply edit the post or page where you want to add the gallery and add the Envira Gallery block to the editor.

After that, you need to select the image gallery you created earlier from the dropdown menu. Envira Gallery will load your image gallery with a live preview.

You can now save your post and visit your website to see the no right-click feature in action. If you have enabled the popup feature then this is how it would look when a user tries to right-click on an image in the gallery.

Pros and Cons of Disabling Right Click on WordPress Images

The number one reason users want to add no right-click on WordPress images is to prevent website visitors from illegally using those images elsewhere.

Adding no right-click to your images makes it harder for users to download images. It also serves as a reminder to users that the website owner does not want them to download images or reuse them without permission.

However, it does not completely stop users from stealing images from your website.

A user can still download an entire web page which will also include all images on that page.

They can also use the browser’s view source or inspect tool without right-clicking. This will give access to the direct image file which they can download and save on their computer.

On the other hand, adding no right-click on images may also stop several users who may have some genuine reason to save images from your website. Some users may find it annoying and this would affect their user experience on your website.

Alternative Approaches to Discourage Image Theft on Your Website

If you don’t want to affect user experience by adding no-right-click to your WordPress images, then there are a few things you can do to discourage improper use of your work.

1. Add a Copyright Notice Below Your Images

You can add a copyright notice below your images in plain text. This serves as a deterrent without affecting user experience.

You can do this by using Gutenberg blocks. See more details in our Gutenberg tutorial.

2. Give Users a Chance to Ask for Permission

If you want users to be able to reuse your images with your permission and conditions, then you can simply let them know. We recommend using WPForms to create a simple contact form for users to send requests.

3. Add Watermark to Your Images

You can also add watermark to your images. This will affect the quality and aesthetics of your images, but it will definitely discourage users from stealing and reusing those images.

We hope this article helped you add no right-click on WordPress images. You may also want to see our guide on how to optimize your image SEO, and how to optimize images for web performance (without losing quality).

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Add No Right Click on WordPress Images appeared first on WPBeginner.

November 05, 2019 at 07:00PM

How to Properly Install and Setup WP Rocket in WordPress

Do you want to properly install and setup WP Rocket plugin in WordPress?

WP Rocket is the best WordPress caching plugin in the market because it offers the most comprehensive set of tools to help speed up your website.

However, many beginners are not familiar with the techy lingo and may find it difficult to decide which plugin options they should turn on.

In this tutorial, we will show you how to easily install and setup WP Rocket plugin in WordPress. We will walk you through complete WP Rocket plugin settings, so you can get maximum performance benefits.

Why Use WP Rocket?

No one likes slow websites. In fact, a performance study found that a single second delay in page load time costs 7% less conversions, 11% fewer page views, and 16% decrease in customer satisfaction.

And it’s not just users, search engines like Google also don’t like slow websites. They give a priority to faster websites in search rankings.

This is where WP Rocket comes in.

It is the best WordPress caching plugin on the market and allows you to quickly improve your WordPress website’s speed and performance.

Here is how it works.

WordPress is a dynamic content management system. Every time a user visits your website, WordPress fetches the content from your database, generate a page on the fly, and send it back to the user.

This process takes up WordPress hosting server resources. If a lot of people visit your website at once, then this would slow down your website.

WP Rocket makes WordPress bypass all this.

It crawls and saves a static copy of your pages in the cache and allows WordPress to show the cached page to the user instead of generating a page on the fly.

This frees up server resources on your website and improves overall page load time throughout your website.

We use WP Rocket on many of our own websites including WPForms, OptinMonster, etc.

That being said, let’s take a look at how to easily install and set up WP Rocket on your WordPress website.

Step 1. Installing WP Rocket Plugin in WordPress

The first thing you need to do is install and activate the WP Rocket plugin. For more details, see our step by step guide on how to install a WordPress plugin.

WP Rocket is a premium plugin, but the best part is that all features are included in their lowest plan.

Once installed and activated, the WP Rocket plugin works out of the box, and it will turn on caching with optimal settings for your website.

We ran speed tests on our demo site before and after installing WP Rocket. The performance improvement was incredible with just out of the box settings.

The performance improvement is instantly noticeable because WP Rocket doesn’t wait for user requests to start caching pages. It proactively crawls your website and preloads pages in the cache.

You can see caching status by visiting WP Rocket dashboard located under Settings » WP Rocket page.

Now that you have installed WP Rocket, let’s take a look at other WP Rocket options and how to set them up to further improve your website speed.

Step 2. Set up Caching Options in WP Rocket

Fist, you need to visit Settings » WP Rocket page and click on the ‘Cache’ tab.

WP Rocket has already enabled page caching by default, but you can tweak the settings to further improve your website speed.

1. Mobile Caching

You’ll notice that mobile caching is turned on by default here. However, we recommend you to check the ‘Separate cache files for mobile devices’ option as well.

This option allows WP Rocket to create separate cache files for mobile users. Checking this option ensures that mobile users get the full cached mobile experience.

2. User Cache

If you run a website where users need to login to your website to access certain features, then you need to check this option.

For example, if you run a WooCommerce store or a membership website, then this option will improve user experience for all logged in users.

3. Cache Lifespan

Cache lifespan is the time you want to store the cached files on your website. The default limit is set to 10 hours which would work for most websites.

However, you can set it to a lower value if you run a very busy site. You can also set it to a higher value if you don’t update your website frequently.

After the lifespan time has passed, WP Rocket will delete the cached files. It will also immediately start preloading the cache with updated content.

Don’t forget to click on the Save Changes button to store your settings.

Step 3. Minifying Files using WP Rocket

WP Rocket enables you to minify static files such as JavaScript and CSS stylesheets. You can simply switch to the File Optimization tab and check the boxes for the file types that you want to be minified.

Minifying static content makes those file sizes smaller. In most cases, this difference is too small to make any noticeable impact on your website’s performance.

However if you run a large traffic site, then this can definitely have a big impact in reducing your overall bandwidth usage and saving on hosting costs.

The one caveat is that minifying files can also have unexpected consequences like files not loading or not working as intended.

If you turn this setting on, then please make sure to thoroughly review your website pages to make sure everything is working as intended.

Step 4. Lazy Load Media to Improve Page Load Speed

Images are often the second heaviest item on a page after video. Images take more time to load than text and increase the overall page download size.

Most popular websites now use a technique called lazy loading to delay image downloads.

Instead of loading all your images at once, lazy loading downloads only the images that will be visible on the user’s screen. This not only makes your pages load fast, but it also feels faster to the user.

WP Rocket comes with a built-in lazy loading feature. You can enable lady loading for images by simply switching to the Media tab on the plugin’s settings page. You can also enable lazy loading for embeds like YouTube videos and iframes.

Note: While lazy loading images will help improve perceived website speed, you should always save and optimize images for web to get maximum results. Here’s how to easily optimize images for web performance (step by step).

Step 5. Fine Tune Preloading in WP Rocket

Next, you can review the preloading settings in WP Rocket by switching to the ‘Preloading’ tab. By default, the plugin starts crawling your homepage and follow links to preload cache.

Alternately, you can tell the plugin to use your XML sitemap to build cache.

You can turn off the preloading feature as well, but we do not recommend that.

Turning off preloading will tell WordPress to only cache pages when they are requested by a user. This means the first user to load that specific page will always see a slow website.

Editors note: Please keep preloading on to get maximum performance results.

Step 6. Set up Advanced Caching Rules

WP Rocket gives you full control over caching. You can switch to the Advanced Rules tab on the settings page to exclude pages that you don’t want to be cached.

You can also exclude cookies, user agents (browsers and device types), and automatically rebuild cache when you update specific pages or posts.

The default settings would work for most websites. If you are unsure about these options, then you need to leave them blank.

This settings area is for developers and power users who need custom settings because they likely have a complex website setup.

Also See: 19 types of websites you can build with WordPress.

Step 7. Performing Database Clean up using WP Rocket

WP Rocket also makes it easy to clean up the WordPress database. It has very little to no effect on your website performance, but you can still review these options if you want to.

You need to switch to the Database tab on the plugin settings page. From here you can delete post revisions, drafts, spam, and trash comments.

We don’t recommend deleting post revisions because they can be really useful in undoing changes to your WordPress posts and pages in the future. You also don’t need to delete spam and trashed comments as WordPress automatically clean them up after 30 days.

Step 8. Configure Your CDN to Work with WP Rocket

Next, you need to switch to the CDN tab. If you are using a CDN service for your WordPress site, then you can set it up to work with WP Rocket.

CDN or content delivery network enables you to serve static files from a network of servers spread across the globe.

This speeds up your website because it allows users browser to download files from the server closest to their location. It also reduces your hosting server load and makes your website more responsive.

For more information, see our guide on why you need a CDN service for your WordPress site.

We use MaxCDN by StackPath on our websites. It is one of the best CDN service for WordPress beginners.

Alternately, you can sign up for Sucuri, which is the best WordPress firewall and security plugin. Sucuri’s cloud-based firewall gives you a powerful CDN service to serve your static files.

If you are looking for a free alternative, then Cloudflare would work as well. However, Cloudflare’s free CDN offers limited protection against DDoS attacks, and the free plan is quite limited in terms of features.

WP Rocket has separate addons to easily set up Sucuri and Cloudflare on your website (more on this later).

Step 9. Reducing Heartbeat API Activity in WordPress with WP Rocket

Heartbeat API allows WordPress to send a periodic request to the hosting server in the background. This allows your website to perform scheduled tasks.

For example, when writing blog posts the editor uses heartbeat API to check connectivity and post changes.

You can click on the Heartbeat API tab to control this feature and reduce the heartbeat API frequency.

We don’t recommend deactivating the Heart Beat API because it offers some very useful features. However you can reduce its frequency to improve performance specially for larger sites.

Step 10. WP Rocket Addons

WP Rocket also comes with some ready to deploy features available as Addons. Let’s take a look at currently available addons on this list.

1. Google Analytics Addon

The Google Analytics add-on for WP Rocket allows you to host Google Analytics code on your own server. This does not have any significant performance improvement but some users want it to get a 100% page speed score.

This feature is compatible with popular Google Analytics plugins like MonsterInsights and ExactMetrics.

2. Facebook Pixel

If you are using the Facebook pixel for user tracking, then this addon will host the pixels locally on your server. Again, this will improve your pagespeed score but may not have any actual impact on website speed.

3. Varnish Addon

If your WordPress hosting company uses Varnish cache, then you need to enable this addon. This will ensure that the Varnish cache is cleared when WP Rocket clears its cache.

4. Cloudflare

If you are using Cloudflare CDN, then you need this addon to make it work alongside WP Rocket. Simply enable the addon and click on the ‘Modify options’ button.

After that, you need to enter your account credentials to connect WP Rocket with your Cloudflare account.

5. Sucuri

If you are using Sucuri, then you need to enable this addon and click on the ‘Modify options’ button. After that, enter your Sucuri account’s API key to connect your account.

Step 11. Managing Your WP Rocket Cache

WP Rocket also makes it easy for admins to manage and clear WordPress cache. Simply go to the plugins settings page, and you’ll find the options to clear WP Rocket cache on the Dashboard tab.

You can also start a preloading sequence to rebuild the cache on demand.

The plugin also makes it easier to import and export plugin settings. You can switch to the tools to easily export and import plugin settings. This is helpful when moving WordPress from local server to a live website and/or when moving WordPress to a new domain.

Below that, you’ll find the option to Rollback plugin to an earlier version. This comes in handy if a WP Rocket update didn’t work as expected.

If you want to have the same rollback feature for all your plugins, then see our guide on how to rollback plugins to older version in WordPress.

WP Rocket FAQ – Frequently Asked Questions

As WP Rocket has grown in popularity, we have answered many questions related to the WP Rocket WordPress caching plugin. Here are some of the top WP Rocket questions:

1. Is WP Rocket free? Is there a free version of WP Rocket available?

No, WP Rocket is a premium WordPress caching plugin. There is no free version or free trial available. They do offer a 14 day money back guarantee.

You may find a nulled version of WP Rocket for free, but we strongly recommend against using those because sometimes hackers use nulled version as a bait to hack your website.

See 9 reasons why you should always avoid nulled version of WordPress themes and plugins.

2. Is WP Rocket worth the price?

Yes it is worth every penny. We are paying customers of WP Rocket and use it successfully on many of our websites including WPForms, OptinMonster, and others.

We also have plans to switch to WP Rocket on WPBeginner in the near future as well. We are closely working with their team to get one particular setting included for it to work on our complex multi-server enterprise hosting setup.

Curious to see what WPBeginner hosting setup looks like? Check out the detailed case study here.

3. Do I need to use WP Rocket with managed WordPress hosting platforms?

The short answer is yes. You can and should use WP Rocket in combination with built-in caching offered by your managed hosting company to unlock additional performance improvements.

A lot of managed WordPress hosting companies like WP Engine, SiteGround, Bluehost, etc have their own caching plugins built in.

WP Rocket plays nicely along those built-in caching options provided by your managed hosting provider while helping you get additional performance benefits with features like CDN, minifying files, lazy loading, smart cache preloading, and more.

4. How to check if WP Rocket is working and caching pages?

To check if WP Rocket is working properly, you need to log out of your site or open it in an incognito window.

Next, you need to open the browser’s source view of the page, and scroll to the bottom. At the very end, you should see a text like: “This website is like a rocket …”

If that text is there, then you know WP Rocket is working properly and caching pages.

5. What makes WP Rocket better than other caching plugins?

In our opinion, WP Rocket is better than other WordPress caching plugins like W3 Total Cache, WP Super Cache, etc because it offers the most comprehensive set of features, and it is regularly updated to keep up with modern browser standards.

This is the #1 reason why we have started switching all of our sites to use WP Rocket, and soon WPBeginner will be using WP Rocket as well.

We hope this guide helped you learn how to install and set up WP Rocket plugin in WordPress. You may also want to see our ultimate guide on how to speed up WordPress, and our list of the must have WordPress plugins.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Properly Install and Setup WP Rocket in WordPress appeared first on WPBeginner.

November 04, 2019 at 07:45PM

7 Best Video Hosting Sites for Bloggers, Marketers, and Businesses

Are you looking for the best video hosting sites for bloggers, marketers, and business websites?

Uploading videos directly to your website requires a lot of server resources. This is why smart business owners use video hosting sites to upload videos and then easily embed those videos in WordPress without affecting performance.

In this article, we will share some of the best video hosting sites for bloggers, marketers, and business owners.

Why Use Video Hosting Sites?

Videos are the most engaging form of content, and they are highly effective for conversions. However, they also take a lot of space and bandwidth.

WordPress allows you to upload videos to your website. However, it is not really optimized to serve videos. This affects video playback and creates a bad user experience.

Apart from that, videos consume more WordPress hosting resources, which slows down your website. If you are on shared hosting, then your hosting provider may even terminate your account to stop it from affecting other sites.

Due to these issues, we recommend using a video hosting site to add videos in WordPress. They have more server resources to serve video files, and you don’t have to worry about WordPress performance.

More importantly, they automatically adjust video quality to provide a better viewing experience based on your visitors’ internet speed.

To learn more, see our guide on why you should never upload videos to WordPress.

WordPress makes it super easy to embed videos on your website. See our guide on how to easily embed videos in WordPress for detailed instructions.

That being said, let’s take a look at some of the best video hosting sites that you can use.

1. YouTube

YouTube is the most popular video hosting website on the internet. It allows you to upload videos, create channels, and build a following.

As a marketer and business owner, you would want to capitalize on YouTube’s huge potential. It is also the world’s second most popular search engine and the second biggest social media website with 1.9 billion active users.

You can build a YouTube following with your channel, find a new audience, get featured in video search results, and grow your business.

YouTube has a Partners Program that you can join to earn money online from your videos. This program also offers you more benefits like analytics, longer videos, and video editing tools.

At WPBeginner we use YouTube to upload our WordPress video tutorials. Check out WPBeginner channel on YouTube to see how we use YouTube to get more subscribers and visitors to our website.

2. Vimeo

Vimeo is an excellent video hosting and streaming site for bloggers, marketers, and businesses. It gives you a limited hosting space to upload videos for free. However, the unlimited bandwidth and ad-free display are the key perks for all the videos.

To upload large videos, you’ll need to buy a premium plan which is very affordable ($84 per year). The paid plans also include privacy options, video editing tools, customer support, password protection, related videos, and Google Analytics.

The premium members can also sell or rent videos to earn money online from your Vimeo video.

We use Vimeo to host private videos for our exclusive members only area. If you have a membership site or you want to create and sell online courses, then Vimeo is an excellent option.

3. Jetpack Video

Jetpack is a popular plugin suite which also includes a video hosting feature. Jetpack video is a premium video hosting service and requires a paid Jetpack subscription plan.

It is completely ad-free and does not show related videos from other websites on your videos.

It uses the same content delivery network used by Jetpack photos for faster delivery and streaming experience. It also includes privacy settings, analytics, multiple video formats, and more.

4. Wistia

Wistia is a professional video hosting site for marketers and businesses. The free account has a limit of 3 videos with features like custom thumbnail, Wistia branded video player, password protection, privacy settings, and more.

You’ll need their premium plan to upload more videos. The paid version allows you to remove Wistia’s branding from the video player. It also comes with viewer history, trend graphs, call-to-action buttons, related videos, and annotations.

It has powerful integrations with email marketing services and CRM software like Constant Contact, Drip, AWeber, Hubspot, Google Analytics, and others.

5. Vidyard

Vidyard is a high-end video hosting site for large businesses and professionals. It includes premium content marketing tools to promote your videos.

It comes with multiple video player styles and custom editing options. You can upload videos with call-to-action buttons, and perform A/B test against video thumbnails to see which one works best.

Vidyard offers powerful and detailed analytics, including viewer history, engagement, and more to improve your videos.

6. Dailymotion

Dailymotion is another popular video hosting site that you can use to upload your marketing and business videos. It has a free partner account with features like unlimited bandwidth and storage, featured videos, privacy settings, video player, and more.

It allows you to upload several videos in a day and you can also use the drag and drop feature to upload complete playlists. You can optimize your videos for SEO by adding title, description, and tags.

DailyMotion also offers a monetization program where you can earn money and get more features as a partner.

7. SproutVideo

SproutVideo is a paid video hosting site for bloggers, marketers, and businesses. It has a free trial account where you can test the video player and its features. Though the free version has limited options and you’ll need to upgrade to access all the settings.

Some of the notable features include video themes, layouts, video analytics, social sharing buttons, call-to-action placement, and viewer engagement history.

You will need to get the embed code for each video and use the Custom HTML block to add video code.

We hope this article helped you find the best video hosting sites for your blog or business website. You may also want to see our step by step WordPress SEO guide for beginners, and our expert pick of the best WordPress plugins for business websites.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post 7 Best Video Hosting Sites for Bloggers, Marketers, and Businesses appeared first on WPBeginner.

November 01, 2019 at 05:47PM

How to Find and Fix Broken Links in WordPress (Step by Step)

Everyone agrees that broken links are bad for user experience. But did you know that broken links can significantly hurt your WordPress SEO rankings?

Yes, it’s proven that having broken internal links on your website negatively impacts SEO rankings.

In this article, we will show you how to easily find and fix broken links in WordPress, so you can improve your user experience and SEO rankings.

What is a Broken Link?

A broken link, also known as dead link, is a link that no longer works. Broken links can happen for many reasons, but the most common reason is when a page is either deleted or moved to a different location which causes the server to show a 404 not found error.

On WordPress sites, broken links typically occur when moving a site to new domain name, or when deleting a post or page without proper redirection.

Sometimes broken links can also happen due to a typo, and they can go unnoticed for months if not years.

This is why it’s extremely important to regularly monitor broken links on your site and fix them, so you can keep them from hurting your SEO rankings.

In this guide, we will share top four methods to find broken links in WordPress. After that, we will show you an easy way to fix those broken links.

Here’s a table of content for easy navigation:

• Finding Broken Links using SEMRush
• Finding Broken Links using Ahrefs
• Finding Broken Links using Google Search Console
• Finding Broken Links using Broken Link Checker Plugin
• How to Fix Broken Links in WordPress

Ready? Let’s get started.

Method 1. Finding Broken Links using SEMRush

SEMRush is one of the best SEO tool on the market. It allows you to easily monitor your website’s SEO rankings and overall health.

It also includes a powerful site audit tool that crawls your website to find common errors and prepare a detailed report for you.

First, you’ll need to sign up for a SEMRush account.

It is a paid service, but they do offer a limited free account which allows you to crawl up to 100 pages on one domain name. Paid plan limits start from 100,000 pages a month.

Once you are logged in, you need to click on the ‘Site Audit’ link from the left menu.

This will bring you to the Site Audit page. From here, click on the ‘New Site Audit’ button at the top to add your website.

You will be asked to enter your domain name. After that, you will be asked to configure site audit settings. You can select the number of pages to crawl and choose a crawl source.

Click on the start crawling button to continue.

SEMRush will now begin crawling your website for the site audit. This may take a few minutes depending on how many pages you selected for the crawl.

Once finished, you can click on your domain Under the Site Audit section to view your report.

To see the broken links on your site, you will need to click on the ‘Broken’ link under the report overview.

You can now click on the Export button at the top right corner of the screen to download your crawl report. You will need it when fixing broken links on your website (more on this later in the article).

Method 2. Finding Broken Links using Ahrefs

Ahrefs is an excellent all-in-one SEO tool for marketers, businesses, and SEO professionals. It offers detailed SEO insights into your own website or any of your competitors.

You can use it for keyword research, competition analysis, organic and paid keyword ideas, and site health monitoring including broken links.

First, you’ll need to sign up for an Ahrefs account. It is a paid service with plans starting from $99 per month. They also offer a full featured 7 day trial for $7.

Once you are logged into your Ahref’s dashboard, you need to enter your domain name under the Site Explorer tool.

Site explorer tool will now crawl your website to prepare reports. This may take some time depending on how much content you have on your website.

Once finished, you’ll see an overview of your site explorer results. From here, you need to click on the Pages » Best by Links menu and then sort your report by 404 status.

You can now export your report in CSV format to fix the broken links on your WordPress site.

Method 3. Finding Broken Links in WordPress using Google Search Console

Google Search Console is a free tool offered by Google to help webmasters manage their site’s visibility in search results. It also notifies you about errors including 404 errors which are caused by a broken link.

For more details, see our ultimate Google Search Console guide with step by step set up instructions.

After you have logged in to your Google Search Console account, click on the ‘Coverage’ link from the left menu.

You’ll find 404 errors either under Errors or Excluded tabs. Clicking on them will show you a list of errors or issues Google encountered while visiting your website.

Clicking on the 404 error will show you all the links on your website that are broken links and return a 404 error.

You can now click on the download button to get the list of all 404 errors on your website. You’ll need this to fix broken links on your website.

Method 4. Finding Broken Links in WordPress using Broken Link Checker

For this method, we’ll be using the Broken Link Checker plugin. However, this method is not recommended because it is resource-intensive and will slow down your website. Managed WordPress hosting companies like WP Engine already block users from installing this plugin on their servers.

The plugin checks for broken links on your website including both internal and external links that are resulting in a 404 error.

First, you’ll need to install and activate the Broken Link Checker plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, the plugin will start working in the background to find links in your posts, pages, and comments. You can now go to Tools » Broken Links page to view the full report.

If you have been running your WordPress blog for a long time, then this report will include broken links to third-party websites as well.

You will have to manually sort the list to find broken links on your website.

You will need to keep Broken Link Checker active on your website until you fix broken links. After that, you can deactivate the plugin because it will keep checking for broken links which will slow down your server.

How to Properly Fix Broken Links in WordPress

We have shown you four different methods to find broken links in WordPress. Now let’s talk about how to easily fix broken links in WordPress.

The best way to fix a broken link is to redirect it to another page. For example, if you moved the contents of an article to a different address, then you will need to redirect it to the newer article.

Similarly, if an article does not exist anymore, then you would want to point users to a similar page that is closely related to the contents of the old article.

You can do this by setting up 301 redirects.

First, you will need to install and activate the Redirection plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to visit Tools » Redirection page to set up redirects. You need to add the old broken link in the ‘Source URL’ field and the new URL in the ‘Target URL’ field.

After that, click on the ‘Add redirect’ button to save your changes.

You can now test this by visiting the old broken link, and you’ll be redirected to the new page.

Repeat the process for all broken links on your website.

For more information, see our guide on how to set up redirects in WordPress for beginners.

We hope this article helped you learn how to easily find and fix broken links in WordPress. You may also want to see our actionable tips on how to optimize your images for web, and our pick of the best WordPress membership plugins to create a membership site.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Find and Fix Broken Links in WordPress (Step by Step) appeared first on WPBeginner.

October 31, 2019 at 04:30PM

How to Stop and Prevent a DDoS Attack on WordPress

WordPress is one of the most popular website builder in the world because it offers powerful features and a secure codebase. However, that does not protect WordPress or any other software from malicious DDoS attacks, which are common on the internet.

DDoS attacks can slow down websites and eventually make them inaccessible to users. These attacks can be targeted towards both small and large websites.

Now, you may be wondering how can a small business website using WordPress prevent such DDoS attacks with limited resources?

In this guide, we will show you how to effectively stop and prevent a DDoS attack on WordPress. Our goal is to help you learn how to manage your website security against a DDoS attack like a total pro.

What is a DDoS Attack?

DDoS attack, short for Distributed Denial of Service attack, is a type of cyber attack that uses compromised computers and devices to send or request data from a WordPress hosting server. The purpose of these requests is to slow down and eventually crash the targeted server.

DDoS attacks are an evolved form of DoS (Denial of Service) attacks. Unlike a DoS attack, they take advantage of multiple compromised machines or servers spread across different regions.

These compromised machines form a network, which is sometimes called a botnet. Each affected machine acts as a bot and launches attacks on the targeted system or server.

This allows them to go unnoticed for a while and cause maximum damage before they are being blocked.

Even the largest internet companies are vulnerable to DDoS attacks.

In 2018, GitHub, a popular code hosting platform, witnessed a massive DDoS attack that sent 1.3 terabytes per second traffic to their servers.

You may also remember the notorious 2016 attack on DYN (a DNS service provider). This attack got worldwide news coverage as it affected many popular websites like Amazon, Netflix, PayPal, Visa, AirBnB, The New York Times, Reddit, and thousands of other websites.

Why DDoS Attacks Happen?

There are several motivations behind DDoS attacks. Below are some common ones:

• Technically savvy people who are just bored and find it adventurous
• People and groups trying to make a political point
• Groups targeting websites and services of a particular country or region
• Targeted attacks on a specific business or service provider to cause them monetary harm
• To blackmail and collect ransom money

What is the difference between a Brute Force Attack and a DDoS Attack?

Brute Force Attacks are usually trying to break into a system by guessing passwords or trying random combinations to gain unauthorized access to a system.

DDoS attacks are purely used to simply crash the targetted system making it inaccessible or slowing it down.

For details see our guide on how to block brute force attacks on WordPress with step by step instructions.

What damages can be caused by a DDoS attack?

DDoS attacks can make a website inaccessible or reduce performance. This may cause bad user experience, loss of business, and the costs of mitigating the attack can be in thousands of dollars.

Here is a breakdown of these costs:

• Loss of business due to inaccessibility of website
• Cost of customer support to answer service disruption related queries
• Cost of mitigating attack by hiring security services or support
• The biggest cost is the bad user experience and brand reputation

How to Stop and Prevent DDoS Attack on WordPress

DDoS attacks can be cleverly disguised and difficult to deal with. However, with some basic security best practices, you can prevent and easily stop DDoS attacks from affecting your WordPress website.

Here are the steps you need to take to prevent and stop DDoS attacks on your WordPress site.

Remove DDoS / Brute Force Attack Verticals

The best thing about WordPress is that it is highly flexible. WordPress allows third-party plugins and tools to integrate into your website and add new features.

To do that WordPress makes several APIs available to programmers. These APIs are methods in which third-party WordPress plugins and services can interact with WordPress.

However, some of these APIs can also be exploited during a DDoS attack by sending a ton of requests. You can safely disable them to reduce those requests.

Disable XML RPC in WordPress

XML-RPC allows third-party apps to interact with your WordPress website. For example, you need XML-RPC to use the WordPress app on your mobile device.

If you’re like a vast majority of users who don’t use the mobile app, then you can disable XML-RPC by simply adding the following code to your website’s .htaccess file.

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

For alternate methods, see our guide on how to easily disable XML-RPC in WordPress.

Disable REST API in WordPress

The WordPress JSON REST API allow plugins and tools the ability to access WordPress data, update content, and/or even delete it. Here is how you can disable REST API in WordPress.

First thing you need to do is install and activate the Disable WP Rest API plugin. For more details, see our step by step guide on how to install a WordPress plugin.

The plugin works out of the box, and it will simply disable the REST API for all non-logged in users.

Activate WAF (Website Application Firewall)

Disabling attack vectors like REST API and XML-RPC provides limited protection against DDoS attacks. Your website is still vulnerable to normal HTTP requests.

While you can mitigate a small DOS attack by trying to catch the bad machine IPs and blocking them manually, this approach is not very effective when dealing with a large DDoS attack.

The easiest way to block suspicious requests is by activating a website application firewall.

A website application firewall acts as a proxy between your website and all incoming traffic. It uses smart algorithm to catch all suspicious requests and block them before they reach your website server.

We recommend using Sucuri because it is the best WordPress security plugin and website firewall. It runs on a DNS level which means they can catch a DDoS attack before it can make a request to your website.

Pricing for Sucuri starts from $20 per month (paid yearly).

We use Sucuri on WPBeginner. See our case study on how they help block hundreds of thousands of attacks on our website.

Alternately, you can also use Cloudflare. However, Cloudflare’s free service only gives limited DDoS protection. You’ll need to signup for at least their business plan for layer 7 DDoS protection which costs around $200 per month.

See our article on Sucuri vs Cloudflare for a detailed side-by-side comparison.

Note: Website Application Firewalls (WAFs) that run on an application-level are less effective during a DDoS attack. They block the traffic once it has already reached your web server, so it still affects your overall website performance.

Finding Out Whether it’s Brute Force or DDoS Attack

Both brute force and DDoS attacks intensively use server resources, which means their symptoms look quite similar. Your website will get slower and may crash.

You can easily find out whether it is a brute force attack or a DDoS attack by simply looking at Sucuri plugin’s login reports.

Simply, install and activate the free Sucuri plugin and then go to Sucuri Security » Last Logins page.

If you are seeing a large number of random login requests, then this means your wp-admin is under a brute force attack. To mitigate it, you can see our guide on how to block brute force attacks in WordPress.

Things to Do During a DDoS Attack

DDoS attacks can happen even if you have a web application firewall and other protections in place. Companies like CloudFlare and Sucuri deal with these attacks on regular basis, and most of the time you will never hear about it since they can easily mitigate it.

However in some cases, when these attacks are large, it can still impact you. In that case, it’s best to be prepared to mitigate the problems that may arise during and after the DDoS attack.

Following are a few things you can do to minimize the impact of a DDoS attack.

1. Alert your team members

If you have a team, then you need to inform co-workers about the issue. This will help them prepare for customer support queries, look out for possible issues, and help out during or after the attack.

2. Inform customers about the inconvience

A DDoS attack can affect user experience on your website. If you run a WooCommerce store, then your customers may not be able to place an order or login to their account.

You can announce through your social media accounts that your website is having technical difficulties and everything will be back to normal soon.

If the attack is large, then you can also use your email marketing service to communicate with customers and ask them to follow your social media updates.

If you have VIP customers, then you might want to use your business phone service to make individual phone calls and let them know how you’re working to restore the services.

Communication during these tough times make a huge difference in keeping your brand’s reputation strong.

3. Contact Hosting and Security Support

Get in touch with your WordPress hosting provider. The attack you may be witnessing could be part of a larger attack targetting their systems. In that case, they will be able to provide you latest updates about the situation.

Contact your Firewall service and let them know that your website is under a DDoS attack. They may be able to mitigate the situation even faster and can provide you with more information.

In firewall providers like Sucuri, you can also set your settings to be in Paranoid mode which helps block a lot of requests and make your website accessible for normal users.

Keeping Your WordPress Website Secure

WordPress is quite secure out of the box. However, as the world’s most popular website builder it is often targeted by hackers.

Luckily, there are many security best practices that you can apply on your website to make it even more secure.

We have compiled a complete step by step WordPress security guide for beginners. It will walk you through the best WordPress security settings to protect your website, and its data against common threats.

We hope this article helped you learn how to block and prevent a DDoS attack on WordPress. You may also want to see our guide on the most common WordPress errors and how to fix them.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Stop and Prevent a DDoS Attack on WordPress appeared first on WPBeginner.

October 30, 2019 at 01:47PM