Category: WordPress

Joomla K2 to WordPress Migration in two easy steps

Thinking about migrating Joomla to WordPress in free?

Follow these steps…

If you are returning a user to Geek Flare, you will notice the
change in design and URL structure.

Well, after two years of running my blog on Joomla! I decided
to migrate to WordPress for many reasons.

If you were like my running blog on Joomla + K2 and would like
to migrate them to WordPress then following steps would help

1. Migrate K2 items to Joomla Articles

If you are migrating from Joomla articles, then you can skip
this step. However, if you are using K2 items, I have explained
in details how to export
K2 items to Joomla articles .

2. Migrate Joomla Articles to WordPress

Now, it’s time to migrate Joomla articles to WordPress using
FG Joomla to WordPress

  • Login into WordPress Admin
  • Go to Plugins>>Add New
  • Search for FG Joomla to WordPress


  •  Click on Install Now
  •  Click on Activate Plugin


  •  Go to Tools>>Import and you should see Joomla
    (FG) in import tools list
  •  Click on Joomla (FG)


You will get a self-explanatory page where you have to enter
your Joomla information and once you are ready click on “Import
content from Joomla to WordPress.”

Overall process was much easier than I thought. Once you are on
WordPress, follow these to
optimize for performance .

Cloud Flare SSL breaks WordPress & Joomla and how to fix it

is fantastic free + premium CDN service which provides SSL in
the free plan at no cost.

I was testing their SSL with WordPress & Joomla, and both
were broken which upset me for a minute. However, I found the
easy solution and thought to share with you.

In this article, you will learn: –

  • How to ensure SSL is activated in Cloud Flare
  • How to fix broken WordPress due to Cloud Flare SSL
  • How to fix broken Joomla due to Cloud Flare SSL
  • How to ensure HTTP is getting redirected in https

So first thing first – let’s ensure you have
SSL activated in Cloud Flare

  • Log in to Cloud Flare
  • Select the website from list
  • Click on Crypto


  • Ensure you can see “ACTIVE CERTIFICATE,” and SSL level is
    enabled like Flexible, Full or Strict based on what you need.
    If you don’t want to spend money on having a cert on your web
    server, you can leave default value, which is Flexible.

This ensures Cloud Flare SSL is activated on your website.

Fix CloudFlare SSL issue in WordPress

As you can see in below screenshot, my WordPress site layout
got broken. This usually happens when all content is not
getting loaded through https which results in broken site.
There are two ways to fix this –


First – ensure your all contents are getting
loaded from https URL. However, if you were using third-party
theme then mostly you would prefer the second solution, which
is easy.

Second – Install Cloud Flare Flexible
WordPress Plugin

  • Login to WordPress admin
  • Go to Plugins >> Add New
  • Search for “Cloud Flare Flexible SSL
  • Install and activate it

That’s all – this plugin takes care of everything. As you can
below, it loads correctly.


Fix CloudFlare SSL issue in Joomla

I activated Cloud Flare SSL on my website which is on Joomla
and got the layout broken.


To fix this – install “Cloud Flare For Joomla

  • Download Cloud Flare For Joomla
    plugin. You need to register for a free account first.
  • Login into Joomla Admin
  • Go to Extensions >> Extension Manager
  • Click on Choose File and select the downloaded plugin and
    click on Upload & Install
  • By default, Joomla will not enable this plugin, so you got
    to do this manually. To enable:-
  • Go to Extensions >> Plugin Manager
  • Search for Cloud Flare and enable

Now you can see it’s getting loaded correctly.


Once you activate, you must ensure HTTP is getting redirected
to https to avoid duplication in a search engine.

HTTP to https redirection using Cloud Flare Page Rules

  • Log in to Cloud Flare
  • Select the website from the list
  • Click on Page Rules
  • Enter HTTP URL in URL pattern
  • Turn ON “Always use https” as shown below


That’s all – you are all set to use free SSL-powered by Cloud
Flare. Don’t forget to test your
SSL  for any vulnerabilities.

Find WordPress Vulnerability with WPScan before Someone Hack

More than 2 million websites are powered by WordPress and
holding number one position with 67% of market share in CMS


Recent Vulnerability Report by Acunetix shows that around
8% of vulnerabilities found in websites are related to


Do you perform web
vulnerability scan regular to your website or blog? If you
aren’t then you should!

WPScan vulnerability scanner sponsored by SUCURI helps you to identify the
security-related problems on your WordPress website.

WPScan is not a plugin, so you need to use this either on UNIX
flavor (Ubuntu, CentOS, Debian, Fedora, Mac OSX) or
pre-installed Linux distributions like Kali
Linux , BackBox Linux, Pentoo, SamuraiWTF, BlackArch.

WPScan is useful if your website is on a private network or
Intranet where the Internet is not available.

If you are on Windows OS then sorry!

Let’s take a look at how to use WPScan on CentOS and Kali Linux
to search the security vulnerabilities.

Using WPScan on CentOS

  • Login into CentOS with root and open Terminal
  • Install GIT & pre-requisites components using yum
# yum install gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel libcurl-devel patch rpm-build git
  • Clone the WPScan repository from git
# git clone
  • It will create a new folder called “wpscan”. Go to wpscan
# cd wpscan
  • It’s time it install using the following command
# gem install bundler && bundle install --without test

This will take few seconds to install and once done; you are
all set to perform the scan.

To run the scanner, you have to use ruby
with URL parameter. Let’s take few examples.

To check the plugin vulnerabilities

# ruby wpscan.rb --url --enumerate vp

To check the theme vulnerabilities

# ruby wpscan.rb --url --enumerate vt

Using WPScan on Kali Linux

The beauty of using Kali Linux is you don’t have to install
anything. WPScan is pre-installed.

Let’s find out how to run the scanner.

  • Login into Kali Linux with root and open Terminal
  • Run the scan using wpscan command
# ruby wpscan.rb --url --enumerate

Above command will run all the available tools. You may also
refer official site for more information.

Hosting your site on shared hosting and can’t install WPScan,
don’t worry. Test your site with
these online tools .

I hope this helps you to find a security flaw in your WordPress
site. To add complete and continuous security to your site, you
may consider using SUCURI WAF .

Secure WordPress with X-Frame-Options & HTTPOnly Cookie

Protect WordPress website from XSS, Clickjacking Attacks

Securing your site is essential for your online business
presence. Over the weekend, I did a security scan on my
WordPress website through
Acunetix and Netsparker and found following

  • Missing X-Frame-Options Header
  • Cookie Not Marked as HttpOnly
  • Cookie without Secure flag set

If you are on dedicated or VPS hosting, then you can directly inject these
headers in Apache
or Nginx to
mitigate it. However, to do this directly in WordPress – you
can do the following.

Are you wondering why to fix them? Well, here is a quick
explanation of the solution.

A quick note on implementation verification: You can either use
HTTP Header Checker online
tool or F12 on your web browser to verify the response headers.

Implement X-Frame-Options Header in WordPress

Having this injected in Header will prevent Clickjacking attacks. Below was discovered
Netsparker .



Option 1

  • Go to the path where WordPress is installed. If you are on
    shared hosting , you can
    log into cPanel >> File Manager
  • Take a backup of wp-config.php
  • Edit the file and add the following line
header('X-Frame-Options: SAMEORIGIN');
  • Save and refresh your website to verify.

Option 2

Use WP no-iFrames (Content
Protection) plugin. easy peasy!

Implement Cookie with HTTPOnly and Secure flag in WordPress

Having Cookie with HTTPOnly instructs the browser to trust the
cookie only by the server, which adds a layer of protection
against XSS attacks.


Secure flag in cookie instructs browser that cookie is
accessible over secure SSL channels, which add a layer of
protection for session cookie.


Note: This would work on HTTPS website. If you
are still on HTTP, then you may consider switching to HTTPS for
better security .

Solution: –

  • Take a backup of wp-config.php
  • Edit the file and add the following line
@ini_set('session.cookie_httponly', true);
@ini_set('session.cookie_secure', true);
@ini_set('session.use_only_cookies', true);

Save the file and refresh your website to verify.

If you don’t like to hack the code then alternatively, you can
use Shield plugin which will
help you to block iFrames & and protect from XSS attacks.

Once you install the plugin, go to HTTP headers and enable


I hope above helps you in mitigating WordPress vulnerabilities.

If you can looking for continuous WordPress security, then
SUCURI will be very helpful.

How to Protect WordPress from Brute Force Attacks

Attacking website using Brute Force is an old technique and
still, exists on the Internet.

Brute Force attacks can take your website
down and disrupt your online business if necessary
prevention tool is not in place.

Brute Force attack can be applied either using human or bots by
continuously trying to log in with guessed credentials into
your WordPress website.

This gets worse when the login page is not protected, and some
of the research has noticed thousands of login attempts to
wp-login.php per minute.

Let’s take a look at graph by SUCURI .


More than 1 million attacks per hour are protected by SUCURI.


That’s huge!

A few days back, I received 42 emails notification about site
lockout due to brute force attacks. So this can happen to you.


There are multiple ways to prevent brute force attack; here are
two of them, which you can follow.

Hide WordPress Login

One of the first things after setting up your website you
should consider doing is to hide the login area.

By default, WordPress login page is available as:

  •  /wp-login.php
  • /login
  • /wp-admin
  • /admin

the technologies , you are using is easy these days.

So if bad guys know you are using WordPress and login area is
not hidden then they can easily access login page and prepare
for a brute force attack.

Let’s hide the WordPress login area with following plugins. You
can use any one of them.

WPS Hide Login

WPS Hide Login is a lightweight
plugin with active installed over 40,000. This
plugin will help you change the login URL to anything you wish.

After changing the login URL, if someone try to access
wp-admin/wp-login.php/login/admin then it will throw
404 error page .

Rename wp-login.php

Another very lightweight plugin with over 100,000
actives installed
to solve the purpose. Change the
wp-login.php to anything you want but don’t forget to remember
the one you change it.

Don’t worry about what will happen if you disable or uninstall
the plugin. The login page will be restored the default
WordPress one.

iThemes Security (Better WP Security)

Better WP Security is not
just to hide the login area but a complete suite of WordPress
security. If you are already using this plugin, then this is
how you can use to hide the login area.

If not using yet, then you may try it. It’s one of the very
popular plugins with over 700,000 active installed.

Assuming you have already installed the plugin.

  • Login to your WordPress
  • Go to Security >> Settings
  • Select “Hide Login Area” next to Go to
    drop down


  • Enter the URI you want to use to access to admin page


  • Click on “Save All Changes”

Don’t forget to test by accessing admin page with the one you
changed just now.

Above three plugins should be able to help you with hiding
WordPress login area.

Let’s take WordPress security further with 2-factor

Implement 2-factor Authentication

2-factor authentication adds an extra layer of security to your
WordPress website. Along with your credential, you also need to
supply the one-time password (OTP).

This is achievable by using following plugins. Pick the one you

Google Authenticator for WordPress

Use Google Authenticator plugin
to generate a one-time password and to be used every time your
login. This will add a box in Login form to enter the OTP
generated by Google.


Note: to use Google Authenticator, you must have a phone with
installed Google Authenticator apps .

Once you have apps installed, you can set up the account and
all set!

These techniques you can apply to your WordPress website to
protect from brute force.

However, you may also use Cloud-Based Security
, which protect from brute force and many
vulnerabilities .

You may consider any one of the following.


Incapsula by IMPERVA is complete website security &
performance solution powering thousands of websites including
some of the following popular sites.


Incapsula offers a free plan and has 28 data centers worldwide.
So if web security is your concern then go ahead and try

Cloud Flare

One of the most popular CDN and Security companies powering
more than 2,000,000 web properties faster and safer.

If you are struggling with slow loading website and weak
security, then go ahead and try Cloud Flare .


SUCURI is specialized in website antivirus and firewall . They
help you to stop hack attempts, stop a DDoS attack, clean hack
and complete security to your website.

WordPress security by SUCURI
is probably the only thing you need to secure your WordPress
website from Brute Force and many other security

Above three cloud-based security provider not only help you
WordPress but also any other platform like Joomla, Drupal, PHP,

I hope now you have an idea of protecting your
from brute force and many other security

Stay secured!

5 Real-time Tips to Harden & Secure WordPress Website

SUCURI Q2 hacked analysis report shows 74% of 9,771 infected
websites was WordPress.  Millions of website owners love
WordPress and having more than 58% market
share in a content management system for sites.

I see hundreds of questions/concern every month in Facebook
Group, Stack Overflow regarding website got
hacked/malware infected .

Website security is as important as your
content and SEO , and one should do whatever it takes to
keep the online business safe and secure.

There are multiple approaches to tightening your WordPress
however, following you will learn the practical ideas which I
do and I hope will be helpful to you.

Hardening & Security Tips

1. Go Passwordless

Brute Force attack is one of the old techniques to constantly
try to get into the WordPress admin with many user/password

By going passwordless, you are not leaving any option for a
hacker to attempt login. Wondering how does it work?

Let me show you.

The default WordPress login window looks like:

When you go passwordless, you will not have the option to enter
the user and password instead you will need to authenticate
with your phone. It’s simple and convenient.



UNLOQ has WordPress plugin too which let you
replace the password with your phone. UNLOQ use TLS over the
communication and data is encrypted with an AES-256-CBC

You can have up to 100 users with unlimited authentication in
FREE which is more than enough for WordPress
admin login.

Teddy ID

Teddy ID is little different. You
should enter your credential once, and it stores and encrypt
the password for you in the browser.

In next login attempt, instead of entering the credential you
must match the photo being displayed on your phone and if that
match then your login is successful.

Teddy ID WordPress can be downloaded from here .

Let the magic happens and goes passwordless.

2. Have Solid Backup

Backup is your friend! When things go wrong, and nothing works
then, a backup will come for a rescue.

There could be many things go wrong with the following.

  • Messed up with the configuration
  • Files got deleted
  • Website got hacked
  • You installed some plugin and then site broken
  • Site is broken after updating WordPress/Theme/Plugins

If you are unable to fix or taking a long time to put your
online business operational, then you can consider restoring
your website from the backup.

Most of the shared web hosting like SiteGround , InMothionHosting
provide daily backup, so you are okay. However, if you are with
some other web hosting, then you may want to check the backup
they provide.

If you are on VPS like DIgitalOcean or Linode,
then the backup is not enabled by default, and they charge
around 20% of your VPS plan.

So if you are on $10 plan, you need to pay additional $2 for
the backup.

Trust me; it’s worth it. There were many situations when I had
no option than restoring Geek Flare from Linode backup.

If you are cloud like AWS, Google Cloud then
you must consider taking snapshot regularly or use a
third-party backup tool.

If you have a backup with web hosting then I don’t see any
reason to use the backup plugin, but in case you want, here are
some of the popular free backup & restore
plugins for WordPress.

Updraft Plus

Active installed over 900,000 says a lot. Updraft Plus let you backup your website
data in a cloud like Amazon S3, Google Drive, DropBox, FTP,

Whenever you need to restore, you are just a click away.


Backup by Backup Guard gives you an
option to backup files or database or both. You can customize
your backup location and visualize the live progress of backup
and restore.

Don’t settle anything less than a daily backup.

3. Use WAF/Security

The default WordPress installation may expose
configuration/information and can be vulnerable if not harden

There are many security-related plugins available so pick what
you like but ensure it cover the following.

Change Admin URL – WordPress admin is
accessible by default as wp-login.php, and the whole world
knows about it.


So if you know a site is
built on WordPress, then you can try to access admin URL by
adding wp-login.php and do the nasty things in trying to get
into, etc.

It will be a good idea to change the admin URL from
wp-login.php to something else.

Comment Spam Protection – don’t let your blog
post comments with full of spam, advertising.

Block suspicious request – don’t entertain
malicious request, script execution

Implement Security HTTP Header – protect from

clickjacking , secure cookie, XSS attack, etc. by injecting
necessary parameters in HTTP response headers .

Let’s take a look at top four plugins


Wordfence is loved by over a
million websites and has tons of features including the

  • WordPress Firewall
  • Blocking Features
  • Login Security
  • Security Scanning
  • Monitoring
  • IPv6 Compatible

All In One WP
Security & Firewall

Tips & Tricks HQ develop all-in-one security plugin and
active installed on more than 400,00 websites. Some of the
popular features/protection are:

  • Comment SPAM
  • Security Scanner
  • Brute force attacks
  • Blacklist
  • Firewall
  • File system/database security
  • User account/login security

iThemes Security

iThemes plugin previously
known as Better WP Security helps you to protect your website
from more than 30 types of attacks.

Better WP Security is available in FREE with most of the common
features/security; however, if you need more then you may try
pro version.


Shield a.k.a. WordPress
Simple Firewall is simply awesome and gives you almost
everything you need for FREE.

I use this plugin currently and love the dashboard and
comprehensive features. Worth giving a try.

4. Use Cloud-based

Security/firewall by WordPress plugin is good, but it’s still
within WordPress and protection starts when the request reaches
to WordPress.

If you are looking to have additional protection, then you must
consider using cloud-based security. Security from cloud
protects and block the attackers from the edge of the network.

Most of the cloud-based security provider also offer you a
CDN (Content Delivery Network) to make your
website load faster.

Some of the popular CDN & Security providers are:


One of the industry leaders in providing website security and
high-performing CDN for better performance and security.

SUCURI offers complete website
security for eternal security and performance.


Incapsula by Imperva provides CDN & Security for all types
of website from blog to enterprise level of applications.

Incapsula has a FREE plan to get you started and offer the
following features.

  • Bad bot/SPAM protection
  • IPV6 compatible
  • DDoS/SQLi/XSS/Backdoor protection
  • Content compression/minification
  • Image optimization
  • SSL support
  • And much more…
  • They offer a trial to the higher version so go ahead if you
    are serious about website protection.


The list won’t be complete without including CloudFlare . One of the most popular CDN &
Security provider to make your website secure and speedy.

Take a look at the plan details for features comparison .

Some of the worth mentioning features of CloudFlare.

  • Global CDN
  • FREE SSL Certificate
  • HTTP/2, WebSockets, IPv6 support
  • DNSSEC, cache purge, custom rules
  • Comment spam, content scraping, OWASP WAF, DDoS protection


StackPath recently bought MaxCDN and provide
secure CDN and WAF. StackPath doesn’t have any FREE plan and
pricing starts from $20 per month.

Some of the StackPath’s features are:

  • Two-step authentication
  • EdgeSSL
  • Origin
  • OWASP top 10 vulnerability protection/WAF
  • DDoS protection against SYN/UDP/volumetric attacks
  • Hotlink protection
  • Real-time analytics

5. Patching/Keep

SUCURI says 55% of an infected website had out-of-date

Having an old version of WordPress, plugin, a theme may be
vulnerable, and as a best practice, you much keep an eye on the
vulnerable plugins and patch on priority.

You may subscribe to WP Scan Vulnerability Database for
an email alert, so you know if used plugin/WordPress/theme are

It’s not hardening, but I think it’s worth mentioning about
hosting provider. Choose the well-known quality hosting
provider to host your website. Some of the popular hosting you
may consider.

Shared Hosting

  • SiteGround
  • InMotionHosting


  • Google Cloud Platform
  • AWS
  • DigitalOcean
  • Linode

Hosting your website on quality provider not only make your
website faster but support you when you need
help. Many things can go wrong, so expert support is the key
when you consider web hosting.

I hope the above helps you in keeping your WordPress website
more secure & robust.

Personally, I follow this strategy on Geek
Flare and works well so thought to share with you all.

11 WordPress Scanner to Find Security Vulnerabilities & Misconfiguration

Is your WordPress site secure enough? Find the
flaws in your WordPress website and fix them
before someone misuses it.

The latest research by SUCURI shows more than 70%  of
WordPress sites are infected with one or more

There are plenty of
online scanners to check the common web vulnerabilities,
but that may not be sufficient as a security risk may arise
from WordPress core, plugin, theme or misconfiguration.

For that, you need a specialize security
which not just detect the common but also
particular to WordPress vulnerabilities.

The following scanner can help you to audit your website and
let you know for security
risk . So you can take necessary action to prevent from
being hacked.

WordPress Security Scanner Tools


WordPress Security Scan by Hacker Target

WordPress check by Hacker Target test for a vulnerable
plugin (1800+), outdated WordPress version, web server
configuration and the following.

  • Google safe browsing test
  • Directory indexing
  • Admin account status (enabled/disabled)
  • iFrames
  • Hosting provider reputation
  • JavaScript linked
  • Vulnerable themes (2600+)
  • Basic level of brute force

Hacker Target downloads few pages from the URL and examines the
HTTP header and HTML code.

2. Detectify

Detectify is enterprise vulnerability
scanner which tests for more than 500 vulnerabilities including
OWASP top 10 & WordPress specific.

So if you are looking for not just WordPress scan but
complete website security then gives a try to
Detectify .


SCANS leverage WPScan vulnerability database to
compare the version and report if any vulnerable core, plugin,
a theme found.

WPScan cover more than 6100 vulnerabilities database. If you
are looking to use WP Scan on your server/PC, then you may

refer this guide about how to install and use it.

4. Security Ninja

Ninja security is a plugin, so a
test is done from within your WordPress admin. It checks for
more than 50 metrics with one click, and you
get a detailed report including test name, status, how-to fix
& results.

It took less than 2 minutes to scan my site
and got the excellent report covering latest version, database
connectivity exposure, a connection over SSL , etc.


SUCURI provide end-to-end security
solution like monitoring, clean-up & protection. If you are
looking for complete website security solution
(antivirus+firewall), then SUCURI would be a good choice.

If you are just looking to test your website on-demand, then
you can use their FREE SiteCheck which checks
for malware ,
blacklisting status, out-dated technologies used & errors.

Another option would be to use the plugin to initiate the scan from your
WordPress admin dashboard.

6. Pentest-Tools

WordPress Vulnerability scan by Pentest-Tools is another
tool leveraging WPScan and give you the option to download the
report in PDF format. Sample report here .

It enumerates the plugin, theme, users and fingerprint the
WordPress version.

7. Exploit Scanner

Exploit Scanner is a plugin
which you got to install within your WordPress site. It scans
for files, database, comments for anything suspicious.

If you suspect your WordPress is compromised, then this would
be very handy to run a quick scan to find anything

It doesn’t remove/change anything.

8. WP Loop

WP Loop performs 11 basic
checks covering information leakage, enumeration & file

  • WP, PHP version disclosure
  • html, install.php, upgrade.php accessibility
  • Login enumeration
  • Windows live writer and EditURI link

If you have a just setup WordPress site, then it would be a
good place to start testing & securing.

9. WP Neuron

WP Neuron  tool scan
WordPress vulnerabilities in core files, plugins, libraries. It
also enumerate weak password to test brute force attacks
and scan all code to ensure none of the scripts is exposed to
online threats.

10. Acunetix

Acunetix is complete website
vulnerability scanner platform which covers CMS like WordPress
specific checks as well.

Acunetix test your site for XSS, SQLi, SSL, DOS, Header,
SSRF, XXE, more than 1200 WordPress plugins,
core files, weak admin password, user enumeration,
wp-config.php and much more.


Post scan, you get detailed report with the
risk finding and fix recommendation.

11. Quttera

Quttera plugin scan your
WordPress site for known and unknown malware
and suspicious activity. You can initiate the scan from your
WordPress admin dashboard, and it will make HTTP call to
Quttera to scan and get the results.

Along with malware lookup, it also does the following.

  • Check if URL is blacklisted
  • No signature or pattern detection
  • Inject PHP shells detection
  • External link detection
  • Investigate WordPress core files

I hope above on-demand tool and plugin helps you to scan your
WordPress website for online threats so you can prevent from
being hacked.

If you are looking for complete website security and
, then you may explore cloud-based
solution like SUCURI , Incapsula , Cloudflare .

9 Premium WordPress Hosting for Heavy Traffic Website

WordPress is one of the most popular platforms with more
than 59% of market share in CMS and 28%
of all websites.

WordPress is the first choice for
many requirements like a personal blog, news site,
corporate page, e-commerce, etc.

There are numbers of cheap hosting solution for WordPress which
is ok for when you are starting or playing around.

However, once your website is popular and starts gaining
heavy traffic you need premium hosting
for better availability
and performance.

Quality doesn’t come cheap.

As the traffic increases, you need a server which can handle
millions of request and doesn’t crash
when traffic surge. Quality hosting would cost you little extra
than traditional hosting but trust me; it would pay you

The following WordPress optimized hosting solution is for
optimal performance & security. They are
designed with inbuilt WordPress installation and control panel
to manage & configure your website which consumes less
time and efforts.

Most of the things are doable with just one

The advantage of hosting your site with a quality provider.

  • Excellent customer support – you might think
    what it got to do but when things go wrong, or you don’t have
    time to fix you can always rely on their customer support.
  • High uptime – the server can crash or goes
    down for many reasons, but quality hosting provider will have
    high-availability setup, so your website is always running
    with no or less downtime.
  • Better security – they provide account
    security like two-factor authentication, brute-force attack
    prevention, SSL certificate and many other things to keep
    your website
    safe and secure from online threats .
  • Better performance – they use latest tech
    stack and hot technologies to make your website
    load faster.

Let’s take a look at the next provider who takes care of
backend datacenter works so you can focus on your

1. Kinsta

Kinsta is powered by Google Cloud
and provide fully managed WordPress hosting.
Business plan starts from $100 a month with unlimited page
views which mean you don’t have to worry about when traffic
goes high.

Some of the features highlight:

  • Active and passive security – your site is
    monitored every minute to detect malicious requests, DDoS
    attacks and stop them proactively.
  • Flexibility to choose data center location
    you can choose where you want to host your website from US,
    Europe or Asia.
  • Site Migration – you can engage Kinsta
    support to migrate your existing website for FREE.
  • Backup – your sites are automatically backed
    up every day. Backup is your friend.
  • Tech stack – built on Nginx, PHP7 &
    MariaDB for fast loading web pages.

Read a detailed review about
Kinsta .

2. WP Engine

WP Engine is an
award-winning hosting platform for customer
service & support. Trusted by more than 60,000 customers
including AMD, Yelp, MaxCDN, New Relic, etc. You can get it
started from $29 a month.

WP Engine is built on highly scalable architecture with
EverCache, and the following are some notable features.

  • Real-time security – threats detection
    & prevention – your site is secured from online
    attacks like DDoS, XSS, SQLi and other WordPress related
  • Auto updates – don’t worry about updating
    WordPress, WP Engine does for you.
  • Automatic Migration – Migrate existing
    WordPress to WP Engine in just a few clicks.
  • Staging area – running a busy website and
    don’t want to change directly in production? Quickly create a
    copy of your site so you can do a test before pushing
    the changes to the live site.
  • Unlimited data transfer, FREE SSL, PHP7 ready.

So go ahead and give a try to WP Engine and see how it
works. Anyway, they offer 60-days money back so you can cancel
anytime if not satisfied.

3. Flywheel

Running a web agency and would like to offload WordPress
hosting & management to someone? Try Flywheel .

Pricing start from $15 a month with rock-solid features.
Flywheel provides the only WordPress hosting so you can
consider they are specialized in one thing and do it
. With inbuilt caching feature, you don’t have to
worry about third-party plugins. You get the following
with every plan.

  • SFTP access – secure FTP to transfer your
    files to the server.
  • Auto backup – backup is taken every night,
    and whenever need you can restore with just one click.
  • Malware scanning – Flywheel has partnered
    with SUCURI for continuous
    malware scan to your site

Flywheel blueprint is perfect for cloning. Blueprint let you
create a pre-installed package with your favorite themes,
plugin so you can get your WordPress site ready faster
with just one click.

Ready to fly? Try Flywheel to see if it works for you.


4. StudioPress

StudioPress is well known
for introducing Genesis framework to the WordPress market. New
entry in hosting solution but already awarded for
Fastest WordPress Hosting” of 2017 by

You can get it started from $24 a month which includes 20
mobile-ready themes, advanced SEO, free SSL certificate,
one-click plugin installation, automatic Genesis &
WordPress updates & world class support.

If you like Genesis (like me), you will like StudioPress
WordPress hosting too.

5. Pantheon

Pantheon is lightning fast
WordPress hosting built on the following hot technologies,
ready to scale to serve hundreds of millions of requests.

  • PHP7
  • Nginx
  • Varnish Cache
  • Redis
  • New Relic

Pantheon is trusted by thousands of big organization like Dell,
Docker, Tableau, Nvidia, etc. and claim to the fastest
hosting on the planet

Pricing start from $25 for a personal site. If you are looking
for reliable, scalable WordPress solution then looks like
Pantheon would be a good choice.

6. Rackspace

Rackspace is the largest
managed cloud provider offer WordPress hosting for the
high-traffic website. You can launch cloud-hosting
scalable WordPress site from $128 a month.

Your site is managed by backed by the award-winning 24x7x265
support, so you don’t need to worry about what’s running in the
backend like Web Server, Load balancing, caching, security,

7. Liquid Web

Designed for mission-critical sites. Liquid Web  is trusted by
thousands of customers, and some of the world leading brands
are FedEx, GM, Xerox, Fila, ESPN, etc.

Liquid Web provides site-wide caching, image compression and
some of the following notable features.

  • Managing multiple sites – partnered with
    iThemes to provide easy multiple site management. You can
    update multiple WordPress with just one click.
  • Unlimited page views – no need to pay extra
    if traffic increase.
  • Dynamic LB – load balancing for
  • FREE SSL Cert, backup, migration
  • Security monitoring

Liquid Web managed WordPress hosting plan starting from

8. Site Ground

Site Ground is known for quality customer support and providing
superior site performance. You may choose from the following
two plans for best performance.

Cloud hosting – fully managed cloud server to
host your preferred CMS including WordPress. Some of the
features include.

  • Dedicated IP
  • cPanel – easy to manage your hosting
  • Auto-scalable resource
  • SSH & WP-CLI access
  • GIT integration

Cloud hosting plan starts from $80.

Go Geek plan – suitable for ~100,000 visits.
If your budget is tight and expected traffic is a medium
range, then Go Geek plan would be a good
choice.You can get it started from $11.95 a month.

9. Pagely

Pagely is powered by AWS to help a big brand to
scale the WordPress. Pagely pricing starts from $499, and you
get everything you can ask for.

  • Unlimited pageviews – no matter how busy your site is
  • CDN – global CDN included serving content to the users from
    the nearest location
  • Advanced security – don’t worry about your site being
  • Route 53 latency reduced DNS
  • Dedicated IP, HTTP/2 ready, PHP 7
  • Access – get everything you need like SSH, Database, WP-CLI

Pagely is trusted by brand like Visa, Disney, Comcast, eBay,

Managing busy site is challenging as it
requires excellent skills and knowledge on multiple
infrastructure levels. If you are good in that then you
may build your WordPress environment otherwise you can choose
from above listed.

Almost all offer money-back so go ahead and give a try to see
what works for you.

How to Setup Fast Loading WordPress Site on Google Cloud?

A step-by-step guide to launching high-performance WordPress
site on Google Cloud Platform (GCP) using Easy Engine.

When you start as a blogger or running a small business then
shared hosting is fine as it cost
less and no hosting skills required to install/setup/maintain
the infrastructure platform.

However, when your traffic or user base increase then you need
a robust hosting platform to serve millions of
without slowing
down the site .

There are some premium
hosting providers for heavy traffic website, but that would
easily cost $100+ per month.

Note: Kinsta recently announced
starter plan starting at $30 per month which leverage GCP.

However, if you are ok to spend a little bit of time in
learning and doing by yourself, then you can think about
VPS/Cloud servers.

In this article, I will explain how to get WordPress site
running on Google Cloud Platform in less than 15

This setup would cost around $20 per month and
ready to serve 500,000 page views per month.
Post setup, I will do a
load test to verify the performance.


  • I assume you already have a domain, if not you can buy from
    Namecheap or Google.
  • Google cloud account with billing enabled
  • Some WordPress theme but I will use Newspaper by Tagdiv

Provision New Google Cloud Server

  • Login to Google Cloud and go to Compute Engine >> VM
    Instances ( direct link )
  • Click “Create Instance” and enter the required information
  • Select the zone (choose the nearest location of your
    targetted audience)
  • Choose the machine type (I will choose g1-small)
  • Change boot disk to Ubuntu 16.04 LTS and boot disk type to
    SSD persistent disk with 10 GB size
  • Allow HTTP and HTTPS firewall and click

In few seconds, you will have the new instance ready.

Installing WordPress using EasyEngine

There are multiple ways to install WordPress, but one of the
easiest ways is using EasyEngine .

EasyEngine is script wrapper which takes care of installing
required components like a database, PHP, Nginx, WordPress,

If you
install them manually, then it may take longer and room for
human errors.

  • Login to newly created Google Cloud VM and switch to root
    user Note: it’s recommended to setup

Note: it’s recommended to setup sudo access to
root from a normal user in production, but in this exercise, I
will use root.

  • Install EasyEngine with the below command
wget -qO ee && sudo bash ee

It will take a minute or two and once done; you will be
returned to the prompt

Now it’s time to create a WordPress site. EasyEngine gives you
an option if you want to install WordPress
with caching plugins .

Currently, it supports WP Super, W3 Total, Nginx, Redis. I’ve
tried all and Redis always performed better
for me.

  • Let’s create a site with Redis cache.
ee site create --wpredis

Above, I am asking EasyEngine to create a site for (It’s my lab domain) with Redis cache.

  • You will get an experimental information configuration,
    type ,y and press Enter
 [email protected] :~# ee site create --wpredis
Redis is experimental feature and it may not work with all CSS/JS/Cache of your site.
You can disable it by changing cache later.
Do you wish to enable Redis now for
Type "y" to continue [n]:y

It will take few seconds, and you will be returned to the
prompt with WordPress login credential.

WordPress admin user : Chandan
WordPress admin user password : GBHkx9lgawfErje
Configure redis-cache:
Object Cache: Enable
Successfully created site
 [email protected] :~#
  • Save the password in secure place.

WordPress is successfully installed, and it’s time to point
your domain to server IP.

Getting Static IP

By default, Google Cloud assign an ephemeral
to the instance which you don’t want to configure
with the domain as it may change in next instance reboot.

To avoid the risk, we will reserve a static

  • Go to VPC Network >> External IP addresses from left
  • Drop-down Ephemeral type and select static

  • Give the name and click RESERVE
  • You will notice type is changed to Static

GCP VM is ready with the static external IP and WordPress, and
the last thing to do is map domain to the static

Update Domain A Record

  • Go to domain registrar
  • Update the A record for your domain to the external IP you
    just reserved

It may take some time to get propagated globally. You can use
record lookup tool to verify.

Once domain A record is updated, you can access WordPress site
with the domain you used with EasyEngine
. In my example –

Performing Load Test

Let’s see how newly setup WordPress site on Google Cloud
Platform performs. Before doing a speed test,
I will install a theme by Tagdiv as mentioned earlier.

This is not necessary but just to ensure I have some post/media
files to simulate real-site scenario.

So as you can see is ready on GCP.

There are multiple ways to do performance
benchmarking , and one of the easiest ways is to do from a
cloud. I used to put a load for 100
to 500 users for a one-minute duration, and the results are:

Average response time = 597 ms

Max response time – 1.4 seconds

I know this is basic WordPress setup and require to install
additional plugins, add security , SSL certificate, etc. in a
production environment. But that would increase the load time
by few percentage.

I hope this gives you an idea how to setup WordPress on Google
Cloud Platform to serve over 100 users concurrently per

This requires a little bit of time to setup and skills, but if
you would like to save $$ per month, then I
believe it’s worth it.

Alternatively, if you don’t have time to setup or manage
WordPress and at the same time want to enjoy Google Cloud, then
you can try Cloudways managed hosting
platform .

10 WordPress Hacks for Content Optimization

WordPress is extremely popular among today’s webmaster. This
ingenious content management system helps bloggers, business
owners, and big brand entities develop and nurture their
websites in the most efficient manner.

When it comes to content optimization,
WordPress stands among the best systems which will allow users
to display, promote, and organize their content quickly.

In today’s post, we’re sharing 10 WordPress hacks that’ll
improve the performance of your
content .

By following our tips and tricks, besides improving your
productivity, your search engine
rankings will also grow, and your content will reach more
people’s screens.

Implement a few of them, see whether they work for your
business, keep them, drop them, and then continue optimizing.

1. Optimize Keywords and Key Phrases Through all Your Content

Whether you write a piece of text or you create a video for
your next post, you’d better target the right keywords.

It all starts with a proper keyword research. When you know
what people are looking for, you can include specific key
phrases to improve your SEO
optimization .

You should exaggerate. Use the key phrase moderately and use
similar words and key phrases which are related to the main

2. Use a Premium WordPress Theme

Premium WordPress
themes will save you a lot of headaches when it comes to
optimizing your SEO or your website’s pages.

If you choose to use a free template, it’s likely that you’ll
miss a lot of useful features and automation options which have
the power to significantly reduce the amount of work you need
to put in.

Moreover, the results will also look better. Some of the
popular premium themes are:

3. Use the Right SEO Plugins

You should take a close look at some of the most essential SEO
Plugins for WordPress and choose a few for your website.

Most of the popular WordPress plugins are free, but in case you
want to go deeper and invest your budget in premium plans, I’d
say you give it a go.

Yoast SEO is #1 WordPress FREE

I’m a big fan of plugins. They do a lot of work for you, and
you can always count on them!

4. Improve Your Website’s Speed

The experience you offer to your website users will improve or
damage your SEO rankings. Google likes sites that run fast and
without issues.

Use some online tools to test your
website load time and work on the feedback. Most of them
provide a straightforward explanation of how to fix.

The harder your pages load, the bigger your bounce rate will
be. When there’s a big bounce rate, search engines will
immediately punish your website.

5. Optimize Your Website Frequently

Without optimization, no business can achieve higher

Please keep in mind that your competitors are doing their best
to improve their websites and offers. You ought to do the same
in case you wish to stand a chance.

I’m not referring to search rankings only, but also to the
experience that you’ll offer to your user.

If you know what most of your users do the moment they access
your WordPress site, you’ll understand where the primary
focus spot” is.

Optimize it to drive more results.

6. Always Rename Your Content Files

Rename your content files while thinking that Google’s watching
you closely.

So for example, if you post an image about “social media
marketing,” rename the file and make it “social media

Search engines count these things whenever they rank websites.

7. Link to Your Social Media Pages

Jane Wilson is a marketing expert at a popular
essay writing company called Essay Geeks . After an enjoyable video interview,
she leaves us with a great advice:

“Your website users should be able to get in touch on social
media. When you find a great website that features amazing
content, you’re likely to want more. What do you do next? You
either sign up for the email newsletter or you follow on
social media. Give your website visitors these options by
adding several social plugins to your
WordPress platform.”

8. Consistently Run Diagnostics

Many WordPress tools will run diagnostics and will tell you
whether your website presents errors.

Your website has its own “health,” and you need to take care of
it! Take a look at some of the following online diagnostics
tools and let them show you the things that you can’t see.

Once you find them, you’re very close to fixing them!

9.Remove all the Unused Plugins and Files

Cut loose of all the plugins and files that you no longer use.
They’re only making your WordPress site run slower. Moreover,
these files also steal away your usable space, leaving no spots
for useful plugins or other necessary files.

10. Fix Broken Links

Lastly yet most importantly, your website should not have
links . Whenever people get errors while trying to get to
your content, Google receives a warning sign and takes action.


You’ll be penalized accordingly, so always fix and optimize
your broken links!


Optimizing your WordPress website is no rocket science.
There are tons of resources on the web which can be accessed
for free.

YouTube tutorials for example and in-depth explained How-To’s
blog posts would guide you through every process that brings
you challenges.

Optimizing your website is not a result – it’s instead a
process or a journey in which you got to stay enrolled until
the end of your activity!