Upgrade your site to SSL with Rich Graphics – and avoid being penalized by Google!

By | Design, News, Online Marketing, SEO, Training, WordPress | No Comments

Now is the time to upgrade your site to HTTPS.

Google is cracking down on web security, and has started penalizing websites that are not SSL compliant. If your site does not have a Secure Socket Layer Certificate installed, Google is not only down-ranking your website in it’s search results, but they are now starting to display ‘INSECURE’ beside it in the latest release of Chrome.

Now is the time to upgrade your website to HTTPS. Not only will you avoid being penalized, but you will ensure you are found before your competitors’ because of your quick action and compliance. It’s essentially your chance to ‘jump ahead’ of your competition in search results — while everyone else is still figuring this out!

Sounds great. What do I do?

Get in touch, of course. Rich Graphics will be happy to upgrade your existing site to be HTTPS compliant and install a SSL certificate for you. Or we can build a new site that meets all of today’s demanding web standards. We can even help you market your website with our extensive content and social marketing plans!

Upgrade Now!

Don’t take our word for it…

Google tightens noose on HTTP: Chrome to stick ‘Not secure’ on pages with search fields

In October, Google will begin phase two of its plan to label all HTTP pages as non-secure…
Read full article at ZDNet

Google to Further Penalize Websites Lacking SSL in 2017

SSL is a way of encrypting websites to make them safer and less hackable. Google is already penalizing sites that DON’T have this in place. Things are about to get a whole lot worse for pages with logins and credit card forms come January 2017…
Read full article at

Rich Graphics – for all your design and marketing needs!

We build great websites, and then get people to come to them. Specializing in content generation, distribution and analytics, we are your one-stop shop for design and online marketing services in Halifax.

Contact Us Today!

How to Secure and Harden WordPress Against Hackers

By | Coding, Design, Training, Web Design, WordPress, Workshops | No Comments

title-slide(Originally presented at Volta Labs Halifax, for the Halifax WordPress User Group on Oct.20, 2016.)

Though often overlooked, security measures should be integral to every WordPress install.  Due to its open-source nature, WordPress can be particularly susceptible to hackers. If you haven’t spent any time SECURING your site, this is your wake up call!

Having a site hacked can get you on the google ban list – which is difficult to get off of. Your site may also lose hard-earned traffic, and your company may lose face. Hackers choose the sites that are easy to hack and have no safeguards in place, so by spending a few hours here and there HARDENING your WordPress site – you can prevent future headaches!

I’ve been at this ten years now, and I’ve seen sites with spam injected, ad redirects, entire makeovers in Arabic, and more! Today we will cover the basics of securing your site, and also delve in to more advanced techniques.


slide2Back up often

If anything goes awry at any time, a recent backup of your site will be a godsend – you can simply ‘turn back the clock’ and restore your site to it’s proper state! I backup sites monthly in three ways:

1 – I pull the entire thing down via FTP
2 – I backup the MySQL database to a local drive
3 – I export the WordPress site structure

An ounce of prevention is worth a pound of cure here!

slide3Keep WordPress up-to-date

WordPress updates often patch security holes in the software. Again, the open-source nature of WordPress is a double edged sword – because when updates are released, details of the patches (and security flaws) are published openly to the public…. including hackers. By keeping your CORE, THEMES and PLUGINS up-to-date, you can mitigate potential hacks.

Delete plugins and themes you are not using

Be ruthless. Don’t just DEACTIVATE plugins – it’s not enough. Frankly, each plugin you have is a potential backdoor into your site – close as many of these doors as you can! Also, be sure to delete plugins that are not frequently updated, or haven’t been updated in 1 year or more. (Consider replacing these plugins with more stable and frequently updated ones with the same or similar functionality.)

slide5Do not use ‘admin’ as any username on the site

This is where hackers begin. A simple change to your username can make a world of difference.

Change your password often – and make it a good one every time!

Lots of people use random strings of letters and numbers for a password – which are okay. In fact, there are lots of password generators online that can generate these strings for you:

Cloudwards Password Generator
– Password Generator
Norton Password Generator

slide6However, I find a group of 4-5 random words to be the best password. The longer a password is, the more exponentially secure it is. In my experience a random string is hard for humans to remember, but easy for something like Brute Force to parse. Something like ‘table light projector security remote’ is hard for machines to parse, but easy for us humans to remember.

Also, consider using cloud-based password-storage software. These apps store your passwords, and you need know only one password to unlock anything and everything you do online. I used a package called ROBOFORM, but I hear LASTPASS is a great option as well.

slide7Move your login page

Most Brute Force attacks are automated with bots. These bots scrub the net looking for WordPress login pages. Change yours from or to something else. Then the bots can’t find your login page, and they move on to an easier target. I use the ‘LOCKDOWN WP ADMIN’ plugin for this, though a number of other security plugins with provide this feature as well.

slide8Limit Login Attempts

Programs like Brute Force try multiple logins in a short span until they gains access to your website. A simple way to combat this is to limit your logins attempts. Three failures, and than a lockout for an hour is a typical setup. I use the LOGIN LOCKDOWN plugin, though some of the major security plugins offer this as a feature as well.

Use a different database prefix -> not wp_

‘wp_’ is the default mySQL prefix that hackers look for in databases to identify WordPress sites and file structures. Setting the prefix to something else makes it harder for them to figure out what you have going on under-the-hood. Setting the prefix should be done at site install. If not, the ALL IN ONE WP SECURITY plugin has this feature and many others. If there’s one plugin I recommend you install to begin beefing up your security, this is it.

slide10Keep your computer updated

Believe it or not, hackers can sometime worm their way into your site via a compromised computer. Everything is connected nowadays, so try to keep all the conduits to your information in the cloud as secure as you can. Ensure you update your desktop software when required and run an anti-virus program at home. For Windows 10 machines, I recommend MICROSOFT SECURITY ESSENTIALS. It’s relatively lightweight, and free. Other options include AVG FREE and AVAST!


So now we’ll delve into some more advanced techniques to harden your WordPress site against hackers. For those comfortable with php code, this is the way to do it. A few code additions to some of your core files can do a lot of work for you.

For those uncomfortable with coding, I recommend using a plugin like ALL IN ONE WP SECURITY that can help implement some of these security measures without having to delve into the codebase. But remember, in WordPress, the more plugins, the more backdoors – so it’s BEST to do stuff in the code if you can.

slide12Set your FILE PERMISSIONS

This will secure the files so that they are ‘locked down’ to outsiders. This is done via FTP software like FILEZILLA. Login to your server via FTP and see what your permissions are set to and change as needed. WordPress recommends the following settings:

– Directories – 755 or 750
– Files – 644 or 640
– Wp-config.php – 600


slide13WordPress ships with special security codes called keys and salts that help secure your site. They are used to double-verify your site ownership – keeping the passwords in the config file and out of the database. This means a hacker will have to gain access to BOTH of these places to get in, not just one. Unfortunately, these are not active right out of the box on your WordPress install.  Open up your wp-config.sys file and look around line 30-40. You should see:

define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);

To update, you can create long random keys yourself – or just obtain new random keys from WordPress Central at:

To implement, simply replace the lines in your wp-config.php with the ones you generate here. For example:

define(‘AUTH_KEY’, ‘m=x$pSozxu(lkwS1tA$HWj1Y%p:EqW-:THd-@Op5Fo MJI$b+I*G0Ru~IWY c1uT’);
define(‘SECURE_AUTH_KEY’, ‘-(]afKYj,myC>C2QQT%N`w7oXu/^4Z+.{;0>U+1I|~=`R?=8g,-zL@!Y{FT$Jd:S’);
define(‘LOGGED_IN_KEY’, ‘|YLBico]F=>!JQJ69]e*r:%v>j`]KyP,QFI%@w(,;Tp1F;(m!J=vo8F;|MfdR#4t’);
define(‘NONCE_KEY’, ‘ZvmD9 w x*%Xl`2&,|_#6.|cgr:zIXF^`Oq@K+H&Q?| pU`e8q@8H7f?/,dyT^P+’);
define(‘AUTH_SALT’, ‘sg<*#Q%hPc?+quT<[rgtU9[BR=4n}Q_6J{^rgy]ko,K}0&1~2r__o*)N,2Yv,i:{‘);
define(‘SECURE_AUTH_SALT’, ‘UqH6~1!2mS|0MpfZrG+O/+JVac*w]1#&&;KYw!>w+p+3QSL_!Cri}Y2Rhh@%*g%_’);
define(‘LOGGED_IN_SALT’, ‘BE|zX_g@Lbr@VH:M-9 bf.xj|xfE&Vv;/asi@qBC_pNbzqw=y-t_|Q{RW|$q#Now’);
define(‘NONCE_SALT’, ‘{Sg#m-4*|ze7b!.tu*>:~)ciiGL itj`;(c=+Qe(yWVllA%c,T5c|Nd7Smf}rG]+’);

slide14More wp-config.php editing

Now that you’ve got your wp-config.sys open to check on those keys and salts, we can begin making some more additions to this file to add further functionality.

Turn off the plugin and theme editor

If you’re not using WordPress to edit the PHP code of your theme and plugins, you should turn this off. Most developers edit off-site on a downloaded copy in their own software, and then use FTP to zip the completed file back up. The built-in editor is clunky and really kind of an afterthought IMHO. It allows logged in users access to your file system. To disable it for you (and any hackers who’ve wormed their way in) you should insert the following code in your wp-config.sys file:

define( ‘DISALLOW_FILE_EDIT’, true );

Automate core, plugin and theme updates

Don’t login in often? Hate updating themes, plugins and the core manually like a sucker, but want your site up-to-date? Automate! Simply add this code to your wp-config.php file:

# Enable all core updates, including minor and major:
define( ‘WP_AUTO_UPDATE_CORE’, true );
# Automatically update plugins:
add_filter( ‘auto_update_plugin’, ‘__return_true’ );
# Automatically update themes:
add_filter( ‘auto_update_theme’, ‘__return_true’ );

slide15.htaccess editing

The .htaccess file is a powerful little file that lives at the root directory of your site. It stands for HyperText Access, and common uses include redirects, URL rewriting, and to blocking access to certain files. We can add some code and do the following:

Hide wp-config:

order allow,deny
deny from all

Make site directories non-browsable:

Options All -Indexes

Restrict access to IP:

order deny,allow
Deny from all
# allow access from my IP address
allow from

Block IPs:

order allow,deny
deny from
allow from all IPs:

slide16Hide author usernames

When someone inputs ‘?author=1’ after your url they are redirected to homepage when you add this to your functions.php file:

add_action(‘template_redirect’, ‘bwp_template_redirect’);
function bwp_template_redirect()
if (is_author())
wp_redirect( home_url() ); exit;

Install a plugin like: All In One WP Security

My final recommendation is to install a security plugin like ALL IN ONE WP SECURITY to fill in any further gaps.


Social Media Workshops and Training

By | Networking, Social Media, Training, Workshops | No Comments

Wow. March has been a busy month here at Rich Graphics – not just with branding and design work – but an with abundance of workshops, seminars, presentations and training sessions in Social Media as well.

At the beginning of the month, I hit the road with the NSAR (Nova Scotia Association of REALTORS®) as their keynote speaker as they did their annual meeting in each region of the province. My role was to present my ‘Using, Branding and Integrating Social Media for REALTORS®’ presentation to each.

The presentations were roughly an hour long, and were delivered to six regions in five days. I presented in Sydney, Antigonish, Truro, Halifax, Bridgewater and Yarmouth. Halifax was by-far the most intimidating venue, with over 220 in attendance, and people parking on the street of the hotel due to lack of room in the lot.

The presentations were very well received, with guests taking notes and asking plenty of questions. A few have even contacted me since, for private training, to attend a more in-depth workshop, and even to begin planning and management of their social media strategies.

The middle of the month marked my ‘Hands-On Social Media Training Workshop‘ where I had nine in attendance. The workshop consisted of three-hours of hands-on training, with attendees logged into their facebook, LinkedIn and twitter accounts, learning to set up and use them properly. I also touch on a number of management tools, websites and apps to leverage these tools and take their Social Media to the next level.

And rounding out the month, yesterday I presented ‘Using, Branding and Integrating Social Media for Business’ at the Bconnected Trade Show that took place at Taboo in Halifax.

When I started this business three years ago, I had no idea I would become a sought-after trainer. In fact, I wasn’t all that comfortable speaking in public. It always amazes me to see the direction my business takes. It’s an ever-evolving entity!

So, if you’re looking to learn more about Social Media – please contact me today. I have been ‘in the trenches’ for the past three years, and am always happy to share my knowledge. In fact, keep an eye on the Hands-On website for upcoming training dates and be sure to book early. They tend to fill up quickly.

Till next time, keep on tweeting!