22 WordPress Security Tips – Best WordPress Hardening Guide

WordPress is one of the most popular choices for bloggers, businesses and anyone who wants to have a hassle-free blogging software with loads of features and support. Being a popular CMS (Content Management System), it is the most targeted platform for hackers. Even though the WordPress core is pretty well coded and secure, you can harden your WordPress installation even more by putting a little more effort towards the security and following the WordPress best practices.

So, how do you protect your WordPress installation?

Well, that’s easy. All you have to do is put more care towards managing your WordPress site. In case you are wondering, here are some of the best and must follow WordPress security tips. Think of the below WordPress security tips as a checklist and make sure that you follow them by all means.

Note: Some of the WordPress security tips discussed below may require you to edit WordPress files. So, make sure that you manually backup your site to cloud storage services like Dropbox or Google Drive.

1. Never Use “admin” as Username

This one of the most recommended WordPress security tips. Always make sure that you never use “admin” as the username. Using a WordPress site with the username “admin” and not having a strong enough password is a deadly combination. In fact, this is one of most common reasons behind many hacked WordPress sites. Due to the obvious security reasons, WordPress itself stopped assigning “admin” as the username while installing.

If you already have a WordPress site with the user account named “admin,” then fixing it is pretty easy. Just create a new administrator account with a different username from the “Users > Add New” page, log in to your new administrator account and delete the user account named “admin.”

Delete default admin user account in WordPress.

Don’t worry, while deleting the user account named “admin,” WordPress lets you assign all the existing posts to the user account of your choice.

2. Use Strong Password

Using passwords like 123456, superman, your mobile number, date of birth, etc.., is good because you can easily remember them, but so can your friends and foes. So, never use passwords that are so obvious to guess and easy to brute-force. Having a good and strong password to protect any of your online or offline accounts is really important.

To create a strong password, always follow the rules below.

  • The password must be 12 characters or more.
  • The password must contain small and capital letters, numbers and special characters.
  • The password should not contain complete words.
  • The password should not contain any of your personal information.
  • You should not use the same password to secure any other account.
  • Finally, be creative.

If you think the password created using the above rules is pretty complex to remember or to enter in the web forms, then use software like LastPass or KeePass. These apps lets you securely manage all your passwords.

3. Only Use the Administrator Account When Needed

This is one of the most ignored WordPress security tips, but the thing is, you are not going to need the administrator access to your WordPress site every time. The best practice is to use the administrator account to do only the administrative tasks like updating WordPress plugins and themes, managing WordPress configurations, etc. You don’t need administrative privileges to edit or publish posts, to moderate comments, etc.

So, depending on your needs, create a new user account with Author or Editor user role and manage all the general tasks using that user account. You can know more about the Roles and Capabilities from the WordPress codex.

WordPress User Roles List

4. Block Access to WordPress Login Page

Using a strong password to protect your WordPress is good and all. But, you can increase your WordPress site security two-fold by simply blocking the access to your WordPress login page (wp-login.php) except for you and anyone approved by you. You can achieve this by limiting the access to selected IP addresses. This approach is particularly helpful to protect yourselves from the brute force attacks.

WordPress login page blocked by IP address.

To block access to the WordPress login page, open the .htaccess file in the root directory. Now copy and paste the below code on the top of the file. Don’t forget to replace “xx.xxx.xx.xxx” with your actual IP address. In case you are wondering, you can get your IP address details by simply asking Google.

# Limit access by IP address
<Files wp-login.php>
        order deny,allow
        Deny from all

# whitelist IP address one
allow from xx.xxx.xx.xxx

# whitelist IP Address two
allow from xx.xxx.xx.xxx

</Files>

5. Limit Login Attempts

In some cases, you may not be able to implement the above method of blocking access to the WordPress login page because you have multiple backend users and/or the IP addresses are dynamic. In those cases, you need to limit the login attempts. i.e, after a predetermined number of failed attempts, the user or the IP address is locked out for a pre-determined period of time.

In that time period, the user cannot login even with a valid username and password. This simple precaution can save your WordPress site from brute force attacks and guess works.

WordPress login page secured with Limit Login Attempts plugin.

To enforce a limit on the login attempts, you can use the plugin Limit Login Attempts. The best thing about the plugin is that you can configure the lockout rules as required using the respective settings page.

6. Hide Login Error Message

Whenever there is a failed login attempt, WordPress displays an error message something like “The password for ‘username’ does not match.” If you read the error message clearly, WordPress is indirectly hinting that the username is correct.

The worst thing about this error message is that it lets the hacker know whether the username is correct or incorrect.

Remove WordPress login error message.

So, the good thing to do is to disable or hide the actual login error message. To do that, open your theme’s functions.php file, copy and paste the below code at the bottom of the file.

// Hide login message on WordPress login page
add_filter('login_errors',create_function('$a', "return null;"));

That’s all there is to do. From this point forward, the login error message is disabled.

7. Disable Directory Browsing

By design, when a web server has no default index file in a directory, it simply displays all the files and folders in that directory. This could be a big loophole in your WordPress security. This is called as directory browsing. This loophole can be used by hackers to gather sensitive information like the plugins used, vulnerable files, etc.

WordPress directory browsing.

To disable directory browsing, open the .htaccess file in the root directory, copy and paste the below code in it.

# Disable directory browsing
Options -Indexes

If you are uncomfortable editing the file, you can also disable directory browsing from cPanel.

8. Disable WordPress Editor

In WordPress, you can easily edit all your theme and plugin files using the built in WordPress code editor. As useful as it is, a hacker can use it to edit theme and plugin files to add some malicious code once he has access to your WordPress site. Moreover, when is that last time you’ve used the build it code editor to edit theme or plugin files? If you’ve ever used it, then you should just avoid that practice, for real.

WordPress plugin and theme editor.

To disable the WordPress Editor, open the wp-config.php file, copy the below code and paste it at the end of the file. That’s all there is to do. From this point forward, the built-in WordPress editor is no longer accessible.

// Disable WordPress Editor
define( 'DISALLOW_FILE_EDIT', true );

Don’t worry, even after disabling the WordPress editor, you can alway edit the theme and plugin files through FTP.

9. Change WordPress Table Prefix

Whenever you install WordPress without changing table prefix before hand, it will be installed with the default table prefix. Often times, this default table prefix could make your site vulnerable to automated or manual SQL injections.

So, in order to protect your site, you can change your default table prefix from wp_ to something random like wp_bs645t_.

Change WordPress Table Prefix - Default WordPress Table Prefix.

Changing WordPress table prefix isn’t anything hard. But if you don’t want to make your hands dirty, then using a plugin like Change DB Prefix can be helpful. This simple change makes your site a bit more secure from the hack attacks.

10. Protect “wp-config.php” File

If you are using WordPress for any span of time, then you will probably know that the wp-config.php file is one of the important files in your WordPress installation. This file holds all the important configuration information like the database username and password, table prefix, etc. So as a precaution, you need to protect this file at all costs.

To protect the wp-config.php file, copy and paste the below code snippet in the .htaccess file located in the root directory.

# Protect wp-config.php file
<Files wp-config.php>
   order allow,deny
   deny from all
</Files>

11. Protect “.htaccess” File

Hypertext Access file (.htaccess file) is a directory level configuration file and is it is also one of the important files in your WordPress installation. This simple file holds some of the important configurations that can affect the web server directly. Just like the wp-config.php file, you should also protect the .htaccess file. To protect the .htaccess file, simply copy the below code and paste it in your .htaccess file.

Quick tip: download all essential htaccess rulebook for WordPress.

# Protect htaccess file
<Files .htaccess>
   order allow,deny
   deny from all
</Files>

12. Protect readme.html and license.txt Files

Whenever you install or upgrade your WordPress site, WordPress automatically creates two files named readme.html and license.txt in the root directory. These files are not at all required by your WordPress site and may sometimes be used to gather your WordPress version information. To protect your WordPress site, you can just delete them, but the thing is, they will be created whenever you upgrade your WordPress site.

So, the best way is to protect these files from being accessed by the public. To protect the readme.html and license.txt files, simply copy the below code and paste it in your .htacess file located in the root directory.

# Protect readme.html File
<Files readme.html>
    order allow,deny
    deny from all
</Files>

# Protect license.txt file
<Files license.txt>
    order allow,deny
    deny from all
</Files>

13. Protect install.php File

After installing WordPress, there is no need for the install.php file. In fact, if you execute the URL http://exmple.com/wp-admin/install.php, you will see that WordPress gracefully informs you that you’ve already installed WordPress. Even though this doesn’t look like much, there are instances when the installation script tried to reinstall WordPress under certain circumstances.

WordPress informing WordPress is already installed.

So, blocking the file from being accessed by the public is a good thing to do. To do that, simply copy and paste the below code in your .htaccess file.

# Protect install.php
<Files install.php>
    order allow,deny
    deny from all
    Satisfy all
</Files>

14. Protect “wp-admin” Directory

For those of you who don’t know, wp-admin directory acts as the front end for the backend users like admins, editors, etc. Considering the importance of the directory, it is always a good thing to add an additional layer of security. This not only secures your WordPress installation from regular attacks but is also good at blocking brute force attacks.

Password Protect wp-admin folder.

To protect the wp-admin directory — download, install and configure the plugin AskApache Password Protect as per your needs. Don’t forget to choose a strong password to protect your wp-admin folder.

15. Protect “wp-includes” Directory

In case you don’t know, the wp-includes directory in your WordPress installation hosts all the core files and is only intended to be used by WordPress itself. That is, there is no need or should not be any need for any user to access the contents of the wp-includes folder.

So, in order to protect the wp-includes folder from being accessed by any user, copy and paste the below code at the bottom of the .htaccess file located in the root directory.

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

16. Use Security Plugins

WordPress plugin repository has a plethora of security plugins to secure your WordPress site from general exploits and hardening WordPress security. Some of the best security plugins include iThemes Security, WordfenceAll In One WP Security and Firewall, Sucuri (free plugin), etc. Most of the plugins available in the WordPress repository are capable of acting at WordPress level to filter and protecting your Website.

In fact, almost all the tips shared here can be managed using the above plugins. So, install the plugin of your choice and harden your site. If you want to be more secure and carefree, then spending a few bucks on premium services like Sucuri is well worth it. Moreover, services like Sucuri can even help you recover your hacked website.

17. Always Stay Updated

Whether it’s WordPress core, themes or plugins, staying up to date is like winning half the war. For those of you who don’t know, bad guys generally target out-dated and vulnerable WordPress core, plugin and theme files. To close the security holes, developers release the security patches and fixes in the form of updates. So, always stay updated and safe.

If you don’t stay updated, you will always be an easy target for the hackers. The recent MailPoet incident is a good example.

Update plugins and themes.

If you think it is too much work to manage all the plugin and theme files, then consider using secure and managed hosting services like WP Engine and SiteGround or website security services like Sucuri who can monitor and protect your WordPress site from known and zero-day vulnerabilities.

Moreover, starting from version 3.7, WordPress introduced automatic update feature which by default updates your WordPress core for all the minor releases like maintenance and security updates.

By adding the below code in your wp-config.php file, you can enable automatic updates to all the major WordPress core updates.

// Enalbe all automatic updates
define( 'WP_AUTO_UPDATE_CORE', true );

18. Delete Unused Plugins and Themes

WordPress is pretty customizable and most of the credit goes to the all the free and premium plugins that offer the extra functionality. Often times, you try different themes and plugins to find the right combination that works for your site. After that, you may just disable all the plugins and themes that aren’t needed anymore. This is good and all but the unused plugins and themes in your WordPress site may stock up without your realizing.

When you look from the security point of view, there is no reason whatsoever to leave unused plugins and themes installed in your WordPress. This is not only a security risk but these unused plugins and theme may clutter the database and also increases your disk space usage.

Delete unused themes and plugins from WordPress.

So, be a happy egg and make a habit of deleting any unused plugins and themes. After all, you can always reinstall them with just a few clicks.

19. Never, Ever Use Nulled Plugins and Themes

Premium plugins and themes like OptinMonster, Genesis Framework, Gravity Forms, etc., are well worth their price. But, it is very tempting when you access sites which give your premium plugins and themes for free to install on your WordPress site. Often, these kinds of resources are called as nulled plugins and themes.

The thing is, nobody gives a premium plugin or theme for free.

In most cases, these nulled plugins and themes are infected with malicious code that can effectively spread spam, hide malicious links, show eyebrow-raising ads, and/or create backdoors to your WordPress site. So, don’t take the risk and you are better off “not” installing the nulled themes or plugins.

Malicious code in nulled WordPress themes and plugins

If possible, even avoid using free themes in favor of using premium themes like Genesis Framework or Elegant Themes. This is because even the genuine free themes may sometimes contain encoded code (base64) that can hide malicious links. Moreover, the premium theme developers are quite quicker to resolve any issues with the theme security and they often provide better support to customize your theme according to your needs.

20. Have a Backup of Everything

The best defense is a good offense and creating daily and steady backups are the best thing you can do for your WordPress site. Sure, these backups won’t stop your site from being compromised corrupted, but will surely help you to restore the site to a previous known good state. Not to say, having reliable backups of your WordPress site including the database will give you a peace of mind to concentrate more on developing your blog or website.

Generally, you can create a manual backup of your site, but that process is very inefficient and will be quite a hassle. So to automate the WordPress backup process, WordPress plugin repository has several free and popular backup plugins like BackWPup, UpDraftPlus, WP-DB-Backup, etc.

Just install one of them and make sure that you take daily backups.

Backup your WordPress site regularly with plugins like BackupBuddy, BackWPup, etc.

If you want premium support and more reliable features, then spending a few bucks on premium backup solutions like BackupBuddy or VaultPress can help you in many ways. Again, make use of these free or premium plugins and never neglect to create regular backups.

21. Always Use SFTP Instead of FTP

This seems pretty obvious, but considering that the regular FTP (File Transfer Protocol) has no encryption for your FTP account password, I can’t restrain myself from recommending. So, depending on what your hosting provider supports, always use SFTP (Secure FTP) or FTPS (FTP over SSL) to transfer files to and forth.

That being said, even though the names FTP and SFTP are similar, SFTP is completely different from FTP. Know more about FTP from Wikipedia.

22. Keep Your Computer Clean and Virus-Free

This is one of the most over-looked thing’s while securing a WordPress site. Keeping your computer clean and virus free is really important because the infected computers may leak confidential information like your account user ids and passwords. This, in turn, leads to information theft, identity theft, and data loss.

So, don’t do anything crazy like clicking unknown links in email, installing pirated software, etc., on your main productive machine. To keep your computer free from viruses and other malicious infections, install a good antivirus and anti-malware software.

Protect your computer from viruses and malware.

Conclusion

If you are a beginner, then all the above tips may seem pretty intimidating if not nerve-wracking. But the fact is that all most all the tips shared here to harden your WordPress security are very easy to follow and most of them are “set it and forget” configurations. So, make sure you follow them and each and every tip you follow will make your WordPress site a little bit more secure and keeps you one step ahead of hackers and other unintended consequences.

That’s all for now and hopefully, the hardening tips will help to secure your WordPress site. If you find this article useful, then do share it with your friends. If you think I’ve missed something, then do share it in the comments form below. That will help everyone using WordPress.

If you find this article useful, then do share it with your friends. If you think I’ve missed something, then do share it in the comments form below.

20 Best Minimalist WordPress Themes That Are Stunning and Feature Rich

Minimalist WordPress themes or designs are nothing new, in fact, they are here since forever. Unlike the themes that pack several features like the clunky sliders, unnecessary flashy colors, widgets, multi-color buttons, etc., minimalist themes for WordPress are simple, unique, and clean. Moreover, minimalist WordPress themes are comprised of what’s necessary and focus on the content.

Most of all, minimalist WordPress themes load quickly and users just love websites that load fast.

Best Minimalist WordPress Themes

Simply put, minimalist WordPress themes are not messy and makes the content shine, be it your portfolio, photography, blogs, or anything of your choice. So, here are some of the best minimalist WordPress, that are not only stunning but also feature rich with all the necessary ingredients.

1. Phoenix

Minimalist WordPress Themes - Phoenix

Minimalist WordPress Themes – Phoenix

Phoenix is a simple WordPress theme that is gorgeous and can either be used as a simple one page WordPress theme or just like the regular multi-page theme. Phoenix has several different features such as pricing tables, video backgrounds, full-screen sliders, full-screen backgrounds, etc. Moreover, Phoenix has the built-in Blog page which has a nice two-column layout.

To make configuration easier, the Phoenix theme has an easy to use yet highly configurable theme settings page. The theme also includes two premium plugins, Visual Composer, and Revolution Slider.

Key Features:

  • Multi-page and one-page layouts
  • Included premium plugins – Visual Composer and Revolution Slider
  • Highly configurable customization options
  • Pre-built layouts

Download / More info

2. Brixton

Minimalist WordPress Themes - Brixton

Minimalist WordPress Themes – Brixton

Brixton is one of the most popular WordPress theme’s that is modern yet minimal. The theme has a creative design and easy to customize features. Besides from all the regular features, Brixton is well optimized for SEO, loads lightning fast and is built with readability in mind. Simply put, Brixton takes pride in favoring speed and simplicity over flashy styles and animations. Moreover, Brixton supports Social Feed out of the box. So, if you are looking for a simple and blog type minimalist WordPress theme, then Brixton does the job like no other theme.

Key Features:

  • Include revolution slider, a premium plugin for free
  • Support for video widgets
  • Multi-purpose layouts
  • Made for readability
  • SEO optimized and fast loading times

Download / More info

3. Gravit

Minimalist WordPress Themes - Gravit

Minimalist WordPress Themes – Gravit

Gravit is a free minimalist WordPress theme available directly through the WordPress theme repository. The theme is pretty simple and mainly focuses on the content with it single column layout and striking featured images. If you are looking for a simple and free theme from trusted source, then Gravit is that way to go. Being a free theme, don’t expect any sort of official support regarding any issue. However, you can still use the WordPress forums to get things resolved.

Key Features:

  • Free theme available through WordPress theme repository
  • Mainly focuses on content with it single column layout
  • full-width featured images
  • Simple and clean design

Download / More info

4. Minimal

Minimalist WordPress Themes - Minimal

Minimalist WordPress Themes – Minimal

As the name implies, Minimal is really minimal and highly focuses on displaying content without any distractions whatsoever. Besides from the regular blog type content, the theme can also be used for simple portfolios. The Minimal also supports multiple columns, sliders, and video portfolios among other features. The good thing about the Minimal theme is that it take full advantage of built-in WordPress functionality. This eliminates the need to use custom and complex options panel to configure the theme. So, if you are looking for a minimal blog or portfolio type theme then Minimal will be a good choice.

Key Features:

  • Truly minimalist theme with no distractions
  • Focuses on the content
  • Supports multiple columns and video portfolios
  • Makes full use of built-in WordPress functionality

Download / More info

5. Hellish Simplicity

Minimalist WordPress Themes - Hellish Simplicity

Minimalist WordPress Themes – Hellish Simplicity

Hellish Simplicity, the name itself tells you a story. This minimalist WordPress theme is pretty straightforward with just two columns that focus on the content. Just like all the regular WordPress themes, Hellish Simplicity supports all the elements, tables, buttons, forms, etc. Most of all, you have to love that name and how aptly it suits the theme.

Key Features:

  • Free theme downloadable via WordPress theme repository
  • Minimalist theme with two columns
  • Responsive design with full-width template
  • Support for WordPress theme customizer

Download / More info

6. Collective

Minimalist WordPress Themes - Collective

Minimalist WordPress Themes – Collective

Collective is a minimalist portfolio theme that is great for photographers, designers, etc. To put it simply, this theme is built to show off your work in the coolest possible way. Moreover, the theme comes pre-installed with Visual Composer plugin to built your own page styles. Among other features, the theme supports WooCommerce and has over ten different home page layout to get you started.

So, if you are looking for a minimalist WordPress theme that can showcase your work in beautiful layout and styles, then do give it a try.

Key Features:

  • Includes free premium plugin – Visual Composer
  • Responsive swiss inspired layouts
  • Over ten pre-built home page layouts
  • WooCommerce Integration
  • Social Share functionality
  • 2000+ icons from a collection of four sets

Download / More info

7. Gridlocked

Minimalist WordPress Themes - Gridlocked

Minimalist WordPress Themes – Gridlocked

As the name implies, the Gridlocked theme displays all your content in a creative grid format. As you can see from the image, the theme is perfect for any portfolio or if you are building a Tumblr style blog. Just like all the WordPress themes, Gridlocked support post formats and the standard posts. Other features include but not limited to light and dark modes, custom login logo, custom gravatar support, built-in shortcodes, etc.

Key Features:

  • Support for dark and light modes
  • Creative grid format
  • Support for custom logo and custom gravatar
  • Built-in in Facebook like button
  • Filterable Portfolio

Download / More info

8. Casper

Minimalist WordPress Themes - Casper

Minimalist WordPress Themes – Casper

Casper is a simple design inspired by the Ghost blogging platform’s original theme. The theme is simple and focuses on the content with its single column layout and typography. Moreover, it is a free theme. If you love simplicity then you gotta love this free minimalist WordPress theme.

Key Features:

  • Simple and straightforward design
  • Single column layout good for blogging
  • Free theme available from WordPress theme repository

Download / More info

9. Purity

Minimalist WordPress Themes - Purity

Minimalist WordPress Themes – Purity

Purity is a clean and fully responsive minimalist WordPress theme that supports WooCommerce and WPML (WordPress Multilingual) out of the box. Even though Purity is a minimal WordPress theme, it does come with extensive options, Google font switcher, unlimited colors and much more. Besides from all the regular features, it has two premium plugins included, Revolution Slider and Layer Slider.

Key Features:

  • Two premium plugins included – Revolution Slider and Layer Slider
  • WooCommerce support
  • Fullwidth, boxed, and wide layout
  • Retina graphics and responsive design
  • Extensive theme options and customization

Download / More info

10. Super Skeleton

Minimalist WordPress Themes - SuperSkeleton

Minimalist WordPress Themes – SuperSkeleton

Super Skeleton is also a fully responsive minimalist WordPress theme with interesting features like extra minimal skins, font stacks, and intuitively designed options manager. Along with the theme, you will also get other goodies like free high-quality PSD UI kit, individual skinnable PSD files for all major UI elements, etc. The best thing about this theme is that it is fully SEO optimized and has extensive documentation.

Key Features:

  • Fully responsive theme
  • Extra minimal skins
  • High-quality PSD UI kit and other goodies in the theme bundle
  • Fully SEO optimized and fast loading speed

Download / More info

11. Tonal

Minimalist WordPress Themes - Tonal

Minimalist WordPress Themes – Tonal

Tonal is yet another free minimalist WordPress theme that gives your content all the glory. It has built-in support for big featured images and single-column layout. Moreover, the theme also supports full-width videos and it just looks great no matter from what device you are viewing it in.

Key Features:

  • Free theme available via WordPress theme repository
  • Support for big featured images
  • Support for full-width videos

Download / More info

12. Futura

Minimalist WordPress Themes - Futura

Minimalist WordPress Themes – Futura

If you are looking for a simple blog style minimalist WordPress theme then Futura would be a nice choice. The good thing about the theme is that there are no fancy settings and is fully beginner friendly. You can select the base color of the theme with just a click and has six custom widgets. Like any other WordPress theme, it supports all the standard post formats.

Key Features:

  • Fully responsive
  • Six custom widgets
  • Support for child theme and custom 404 pages
  • Retina ready Font Awesome icons

Download / More info

13. Concept

Minimalist WordPress Themes - Concept

Minimalist WordPress Themes – Concept

Concept is a modern looking minimal portfolio WordPress theme that suits photography, freelancers, business, agencies, etc. Concept theme supports full-screen sliders out-of-the-box and you can also display your portfolio in a grid layout. The other features include Parallax effect, Bootstrap 3, custom theme options, unlimited color choices, and much more.

Key Features:

  • Support for full-screen sliders
  • Unlimited color options
  • Extensive customization with the theme options panel
  • Parallax effect

Download / More info

14. Roua

Minimalist WordPress Themes - Roua

Minimalist WordPress Themes – Roua

Roua is a portfolio and blogging WordPress theme that mainly focuses on the content with its striking layout and elegant design. Roua theme is built on Redux Framework and supports WooCommerce, custom page templates, portfolio post types, etc. Even with all awesome features, Roua is extremely easy to use and can be easily customized with its extensive options panel. Most of all, Roua is child theme ready if you are into that sort of thing.

Key Features:

  • Support for custom fonts and colors
  • Custom page templates
  • WooCommerce compatible
  • Support for child themes
  • Bootstrap 3.x framework

Download / More info

15. Oshine

Minimalist WordPress Themes - Oshine

Minimalist WordPress Themes – Oshine

Oshine is a multi-purpose WordPress portfolio theme. Unlike other themes in the list, Oshine is just plentiful and gives you unlimited variations to meet all your creative needs. The good thing about Oshine is that it comes with its own custom drag and drop page builder with visual previews for super fast page building.

Moreover, the theme is fully compatible with WooCommerce and other miscellaneous features include video backgrounds, parallax sections, support for WPML, etc.

Key Features:

  • Built-in drag and drop page builder
  • WooCommerce support
  • Unique layout and unlimited portfolio
  • Comes pre-installed with premium plugins – Revolution slider and MasterSlider

Download / More info

16. TinyPress

Minimalist WordPress Themes - Tinypress

Minimalist WordPress Themes – Tinypress

TinyPress is tiny, just kidding. It is an ultra minimalist WordPress theme that purely focuses on you content with its single column layout. Moreover, the theme is fully responsive which simply means that it is mobile friendly. Even though it is a minimal theme, TinyPress sports its own matching social sharing buttons to increase your social presence.

Key Features:

  • Built-in social sharing buttons
  • Free minimalist WordPress theme
  • fully responsive and built for speed
  • High focus on content

Download / More info

17. BeTheme

Minimalist WordPress Themes - BeTheme

Minimalist WordPress Themes – BeTheme

BeTheme is the rockstar of all the WordPress themes because of it ridiculous flexibility. The theme comes with 100+ pre-made layouts to serve any of your creative needs, like the portfolio, blog, business, agency, listings, etc. Besides from the pre-made layouts, BeTheme has 17 different header styles with different colors, navigation styles, logo placement, etc.

The good thing about BeTheme is that with all those features, you can easily build your own theme from scratch just by changing the layouts and playing with a few options. Most of all, you will get lifetime updates for this theme.

Key Features:

  • 100+ pre-made layouts
  • Support for 17 different header styles, and colors
  • Custom navigation styles and logo placement
  • Lifetime updates
  • Built-in mega menu
  • Shortcode generator
  • Custom font uploader

Download / More info

18. Modern Studio Pro

Minimalist WordPress Themes - The Modern Studio

Minimalist WordPress Themes – The Modern Studio

Of course, what list would it be without mentioning Genesis Child themes?

Modern Studio Pro is a simple blog style minimal WordPress theme that feels pretty light with its black and white theme and tons of white space. Moreover, with its gorgeous typography, Modern Studio Pro theme makes your content the king in readers perspective. Being a Genesis theme, the child theme has three layout styles, column classes, and built-in landing page. Being a child theme, you need to have the Genesis Framework installed.

Key Features:

  • Built-in landing page
  • Four different layout options
  • Modern typography
  • Fully responsive and SEO optimized
  • Genesis child themes are lightweight and fast

Download / More info

19. Wintersong

Minimalist WordPress Themes - Wintersong

Minimalist WordPress Themes – Wintersong

Wintersong is one of my favorite minimal Genesis child themes that is just clean and simple. Even though the theme looks simple, it is HTML5 ready, supports custom header and custom menus. Moreover, just like any other Genesis child theme, Wintersong comes with the built-in landing page. Then again, you need to have Genesis Framework installed to use this minimal child theme.

Key Features:

  • Built-in landing page
  • HTML5 ready
  • SEO optimized and built for speed
  • Clean design with focus on content

Download / More info

20. Sixteen Nine

Minimalist WordPress Themes - Sixteen Nine

Minimalist WordPress Themes – Sixteen Nine

Sixteen Nine is yet another Genesis child theme and yet another favorite minimal themes of mine. The default layout is a three-column style with two sidebars. Just like the Wintersong theme, Sixteen Nine theme also sports black and white scheme which drives focus towards the content with no distractions whatsoever. That being said, you need to have Genesis Framework installed to use this minimal child theme.

Key Features:

  • The black and white theme makes your content the king
  • The theme supports three column layout
  • Built-in support for page templates
  • HTML5 ready

Download / More info

Conclusion

Minimal WordPress themes are here to stay. If you want your content to shine, then there is no other good choice but the minimalist themes that can do the work for you. Of course, there are still many more awesome minimal themes with stunning looks and features. But that’s all for now and if you think I’ve missed any awesome minimalist WordPress themes that you like, let me know.

Hopefully that helps and do comment below sharing your thoughts and experiences about the minimalist WordPress themes listed above.

In Depth SiteGround Hosting Review – Pros and Cons [With ScreenShots]

SiteGround Hosting Review – Finding a good, experienced and trustworthy web host for your website is one of the hardest things to do. Though there are a lot of web hosts that claim they are the best at what they do, it is not always true. There are many factors to consider when choosing a web host. This is especially true if you are a WordPress user.

So, let me share my experience with SiteGround, its pros and cons, and if they deliver what they promise.

SiteGround Hosting Review – Features You Get

No matter who you are, if you are a beginner or a pro while choosing a web host, you should always see if the target web host meets your specific needs. In my case, since I love and use WordPress, I always go for a web host that meets WordPress specific needs like speed, security, premium support that know their stuff, automatic backups and easy restoration, etc. So, here are some of the best SiteGround features every WordPress user will love.

SignUp and Get 50% off on Any Plan

1. One-click WordPress Installation

Not everyone is proficient in installing WordPress manually. So if you ever need, SiteGround has an awesome and simple setup wizard that guides you with installing WordPress. Installing WordPress using the SiteGround’s setup wizard takes no more than a few clicks. It’s just that easy. Of course, if you want to, you can always install WordPress manually without any hiccups whatsoever.

2. Performance and Speed

For any website, speed and performance are a huge concern. To get the best possible speed and performance, SiteGround uses top-tier servers, extensively tested configurations with SSDs for storage. Moreover, SiteGround has four data centers in 3 different continents. The good thing is, you can actually select which datacenter you want while signing up. For increased speed, SiteGround offers server side caching and even stores MySQL databases on a different disk for faster performance. On select plans, MySQL databases are stored in SSDs and in other plans, the databases are stored in SAS hard disk drives.

To top it all, SiteGround cooked their own plugin called SuperChacer with three levels of caching for a solid and dynamic caching. This plugin works great with WordPress and Joomla.

3. Top-notch Security

When it comes to security, SiteGround always stays top in terms of protecting the shared hosting users. Typically, if one site is hacked in the shared hosting space then it sometimes makes all the sites on the server vulnerable due to how they are configured. But, SiteGround uses a unique “chroot mechanism” to isolate each account to its own directory. This ensures even if a site on a shared hosting space is hacked or infected, other accounts or sites on the server won’t be affected.

The good thing is, even if there is a vulnerability found in software like WordPress, SiteGround will immediately patch it on the server level without leaving users to fix it on their own. Moreover, SiteGround also offers various features like spam prevention, anti-hack systems, power redundancy, hardware redundancy, etc.., to compliment their existing security systems. Watch the below video to get a basic idea on how SiteGround takes measures to protect your website.

4. Automatic Daily Backups

Daily backups are an important part of any website as they help us restore the website to a known good state in the event of hack attacks, database corruption, etc. Though there are several WordPress backup plugins to backup your website to cloud services, having an in-home solution is the best. The good thing about SiteGround is they do daily backups of your site and you will have access to 30 backups to choose and restore from. To restore the backup, you can use their backup restore tool.

Moreover, on select plans like GoGeek, you can actually request the SiteGround support staff for unlimited manual professional restores.

SiteGround Hosting Review - Professional Support to Restore Backup

SiteGround Hosting Review – Professional Support to Restore the Backup

5. WordPress Staging

For WordPress specific hosting in SiteGround, the cPanel provides you with all the tools necessary tools to stage your current WordPress site. In case you don’t know, a staging environment is kinda like a test site where you can test new plugins, configurations, themes, etc.., before applying them to the main production site. The good thing about the SiteGround’s staging environment is you can actually develop an entire website and when you are done with the development, you can move it to the main domain with just a click or two.

SiteGround Hosting Review - Support for WordPress Staging Environment

SiteGround Hosting Review – One Click WordPress Staging Environment

6. 24×7 Support

When it comes to web hosting, 24×7 support is the one thing that you should never ignore and SiteGround excels at this part. Yes, I’ve personally tested them and I’m not exaggerating their support. You can reach SiteGround support through phone, chat, and email.

Test 1:

As the first test, I manually installed the WordPress site, configured it and even added some dummy content. After that, I logged into my FTP account, opened the .htaccess file and replaced everything in it with random letters. As you can tell, this action will break the site.

To resolve the issue, I contacted the SiteGround support through the live chat. I explained my issue to the support staff and they fixed the issue in just a minute.

Of course, the problem itself is nothing major but the important thing is they fixed the issue without asking too many technical questions, a big thing for many WordPress users.

Test 2:

As for the second test, I wanted to move one of my test sites to a temporary domain. After the successful transfer, I wanted to change the domain name. That way, I won’t have any downtime on the test site. So, I created a new database and uploaded all the WordPress files. Then started a live chat session to ask if the SiteGround support staff can import the database and change the domain name in the database to match the temporary domain. This action helps to see if the site transfer is successful or not.

To my surprise, they actually complied my request without a second question. Did the tasks I asked for in just a minute or two and everything worked as it should.

Since everything is fine and dandy, I contacted SiteGround’s support staff again and requested to change the temporary domain to the main domain name. Again, they complied with my request and changed the domain name in the database. With that, I have my site successfully transferred without any hiccups or downtime.

Of course, the SiteGround support staff saw that I haven’t utilized the free transfer option and recommended me to use it. Free website transfer is a great option for many WordPress users who got stuck with a web host just because they don’t know how to safely transfer a WordPress website.

7. Freebies on Signup

This is one of the best things about SiteGround. When you signup for the first time, you will get a free domain no matter what plan you choose. Moreover, on GrowBig and GoGeek plans, you will also get a free SSL certificate for one year. As I said earlier, if you want to transfer your existing website to SiteGround then the support staff will take care of it for free. All you have to do is submit a request for free transfer from the control panel.

SignUp and Get 50% off on Any Plan

SiteGround Hosting Review – What Plan to Choose?

SiteGround offers three different hosting plans namely, StartUp, GrowBig, and GoGeek.

SiteGround Hosting Review - SiteGround Hosting Plans

SiteGround Hosting Review – Different SiteGround Hosting Plans

StartUp Plan

StartUp plan is more suitable for blogs or websites that use fewer resources and has low traffic, much like personal blogs or portfolio sites. As SiteGround states, this plan is a good match for websites that gets approximately 10,000 hits or visits per month. This plan is perfect if you are starting a new website or to test how things work in SiteGround.

On the StartUp plan, you can only host one website.

GrowBig Plan

GrowBin plan is the second level and has more resources than the StartUp plan. With its increased resources, it is more suitable for websites which approximately gets 25,000 hits or visits per month. Compared the StartUp plan, GrowBig plan users will have access to SiteGround’s premium features like WordPress special cache, 30 days premium backup solution, priority support, free SSL certificate, etc.

On the GrowBig plan, you can host however many sites you want to host.

GoGeek Plan

GoGeek plan has all the features of StartUp and GrowBig plan and even has more premium features. Moreover, on this plan, you will get more robust hardware and fewer users per server.

Some premium features include but not limited to support of staging environment, PCI compliance, priority support, premium backup and restore service (if needed, SiteGround support staff will manually restore your site), Sg-Git for WordPress, SSD storage of MySQL databases, etc.

This plan is more suitable for business websites or bigger sites which receive approximately 100,000 hits or visits per month.

On the GoGeek plan, you can host however many sites you want to host.

Note: though SiteGround shows approximate visits per month on every plan, it is not a hard limit.

SignUp and Get 50% off on Any Plan

The good thing about SiteGround is after choosing the initial plan if your website grows and needs more resources and power then you can always upgrade your account with just a click or two.

SiteGround Hosting Review – Quick User Interface Tour

As I said before, when you sign up for SiteGround, no matter what plan you choose, you get a free domain. This saves you some bucks. Moreover, you can also choose which datacenter you want while signing up.

SiteGround Hosting Review - Datacenters in Different Places

SiteGround Hosting Review – Datacenters in Different Places

After signing up, log in to your SiteGround account. Here, under the “My Account” tab, you will find all the necessary details like your cPanel username, FTP details, account IP address, Name Server details, etc.

SiteGround Hosting Review - SiteGround Hosting Dashboard

SiteGround Hosting Review – SiteGround Hosting Dashboard

Under the “Extra Services” tab, you will find all the extra services. Those services include but not limited to, SSL certificate, premium backup service, HackAlert Malware Monitoring, etc.

If you choose the GrowBig or GoGeek plan, you are eligible for a one-year standard alpha SSL. You can redeem your free SSL certificate by click on the button “Get Free” next to “Standard Alpha SSL.”

SiteGround Hosting Review - SSL and Backup Options

SiteGround Hosting Review – SSL and Backup Options

To login to your account cPanle, just click on the button “Go to cPanel” in the “Information and Settings” tab and you will be taken to the cPanel where you can manage all your websites, domains, and other settings.

SiteGround Hosting Review - SiteGround Hosting cPanel

SiteGround Hosting Review – SiteGround Hosting cPanel

SignUp and Get 50% off on Any Plan

SiteGround Hosting Review – Install WordPress in SiteGround

1. In the cPanel, you can install WordPress with just a few clicks using the auto-install script. To do that, find “Auto Installers” category and click on the link “WordPress.”

SiteGround Hosting Review - Select WordPress Application

SiteGround Hosting Review – Select WordPress Application

2. The above action will take you to the auto installer screen, simply click on the button “Install” and follow the on-screen instructions. You will have your new WordPress site installed in no time.

3. After installing the site, you can see the installed site(s) under the “Installations” tab on the “My Account” page.

SiteGround Hosting Review - WordPress Installed

SiteGround Hosting Review – WordPress Installed

4. You can login to your new website using the URL http://example.com/wp-admin.

In case you are wondering, here are few things that you should do after installing WordPress for the first time. Also, follow the best security practices to secure your WordPress installation.

SiteGround Hosting Review – WordPress Toolkit

One of the best things provided by SiteGround is the WordPress Toolkit which can be accessed both from the cPanel and the “My Account” page.

SiteGround Hosting Review - WordPress Toolkit

SiteGround Hosting Review – WordPress Toolkit

The WordPress Toolkit has all the necessary tools to do things like:

  • one-click admin password reset
  • IP address restriction
  • Fixing file permissions
  • Moving the installation folder
  • Configuring SSL certificate
  • Change website domain

and much more.

SiteGround Hosting Review - SiteGround WordPress Toolkit Options

SiteGround Hosting Review – SiteGround WordPress Toolkit Options

SiteGround Hosting Review – Conclusion

If you are looking for a quality web hosting with features that compliment the WordPress ecosystem then you should definitely try SiteGround. Of course, SiteGround is a little bit pricey. But, the price is well worth if you consider all the things like security, speed, and premium class support. Go see what plan suits your needs. Don’t forget to get 50% off on any of your SiteGround hosting plans.

SignUp and Get 50% off on Any Plan

That’s all for now and if you are using or consider using SiteGround for your website then do share your thoughts and experiences in the comments form below.

How to Add a User in WordPress Using FTP

Sometimes, there will be instances that get you locked out of your own WordPress admin area. This can be stressful and frustrating. There may be any number of reasons for this like the hack attacks, theme or plugin malfunctions, or even forgetting your username, email address or password for that matter.

Regardless, there are backdoor methods on how you can enter your site and create a new Admin User manually in the case of such emergency. One such method is connecting via the phpMyAdmin section and running MySQL queries to create the admin user. However, if you don’t want to meddle with the database or if you are unable to do so for some apparent reason, the other alternate method would be to add the new admin user via FTP.

Add Admin User in WordPress via FTP

Creating a new Admin user via FTP is really easy than you think. The first thing you need to do it to connect to your WordPress site via your FTP client.

Also read: how to update WordPress via FTP

After connecting to your FTP account, proceed to locate your WordPress theme’s “functions.php” file. The general location of the file would be /wp-content/themes/theme-name/functions.php.

Using the FTP client, download the functions.php onto your computer.

Theme functions file - Open WordPress theme functions file

Now open the file using a plain text editor, like the Notepad and add the following code snippet at the bottom of the file. Don’t forget to replace the Username, Password and name@example.com fields with the actual values. Also, the username and email address should be unique, i.e. there shouldn’t be a user already registered with the same username or email address.

//Add a new user using FTP
function bs_admin_account()
{
    $user = 'Username';
    $pass = 'Password';
    $email = 'name@example.com';
    if (!username_exists($user) && !email_exists($email)) {
        $user_id = wp_create_user($user, $pass, $email);
        $user = new WP_User($user_id);
        $user->set_role('administrator');
    }
}

add_action('init', 'bs_admin_account');

Now that you’ve done that, go back to your FTP client and upload the file to your website’s FTP account.

That’s all there is to do. You’ve created a new admin user using FTP. You can now log into your WordPress admin area using the credentials that you provided above.

Wordpress login page - Log into WordPress dashboard

Once logged in, make sure to remove the added code from the functions.php file. Don’t worry even when you remove the code, the user account will stay intact. You can always keep adding users and authors to your site as you need.

If you want to, you can force reset passwords of other accounts by simply navigating to “Users > All Users” and clicking on the “Edit” link under the user account. Once you are done resetting, you can remove the newly created account by clicking on the “Delete” link.

WordPress users - Edit WordPress Users

If you like this quick tip then you might also like to hide admin bar for all users except for administrators. Do check it out.

Hope that helps and do comment below sharing your thoughts and experiences about using FTP to create a new admin user in WordPress.

How to Better Manage Automatic Updates in WordPress

In WordPress, the smaller updates such as the security releases and minor bug fix updates are done automatically. This cannot be said for major updates. In those cases, you have to manually initiate the update process yourself.

However, some WordPress users, if not many, skip the whole updating process and tend not to pay attention. There may be any number of reasons for this behavior. But you must ensure your WordPress site is up to date at all times. So that it can perform properly and be safe from other vulnerabilities. Besides form the core updates, the same is applicable for plugin and theme updates. You should not ignore updates.

That being said, all this updating process can be tedious. Wouldn’t it be easier if all those tedious updates could be done easily by setting up WordPress to automatically update core, plugins, and themes of your choice? In case you are wondering, here is how to manage automatic updates in WordPress.

Also read: must follow WordPress security tips.

Manage Automatic Updates in WordPress

To manage automatic updates in WordPress, we are going to use the Easy Updates Manager plugin. To start off, download the plugin, install and activate it. After installing the plugin, visit Updates Options page by navigating to “Dashboard” and then “Updates Options.”

wordpress-automatic-updates-select-updates-options

This page gives you the options to turn on and off the automatic updates of the WordPress core, plugins, and themes. It is advised that you keep the default settings as is.

wordpress-automatic-updates-settings-dashboard

In the Updates Options settings page, locate the General tab. The settings this page give you the option of enabling or disabling WordPress updates globally.

As you can see, it is really easy to turn on or off the automatic updates for each of the update types like plugin updates, theme updates, core updates, etc. All you have to do is select either the “Enabled” or “Disabled” radio button and then click on the button “Save Changes.”

wordpress-automatic-updates-general-settings

You may be wondering what the Select Individually option does. This helps you to selectively turn on automatic updating for the plugins and themes of your choice. If this is what you want to do, then select the radio button “Select Individually” under the “Automatic Plugin Updates” and the “Automatic Theme Updates” sections.

Once you are done selecting the “Select Individually” option, navigate to the Plugins tab in the settings page. Here, click on the link “Enable Automatic Updates” under the target plugin and you are good to go.

From this point forward, this plugin will be automatically updated whenever there is an update available.

wordpress-automatic-updates-enable-automatic-plugin-updates

Also read: how to quickly switch between users in WordPress.

The same can be done to all your themes. Just navigate to the Themes tab and then click on the link “Enable Automatic Updates.”

wordpress-automatic-updates-enbale-automatic-theme-updates

That’s all there is to do and it is that simple to manage automatic updates in WordPress.

Rollback to Previous Version of Plugin or Theme

Sometimes there will be a plugin or theme update that break your site. Such incompatibilities are a major reason why some users think twice before updating.

Even though good developers spend a lot of time testing their plugins and themes, there can still be bugs. So, it is always recommended that you backup your site regularly so that you can revert back whenever you need. However, restoring the whole backup can be tedious and time-consuming.

To make things easier, you can use a simple and free plugin called WP Rollback. This plugin lets you rollback to the previous plugin or theme update.

Hope that helps and do comment below sharing your thoughts and experiences about using the above plugin to better manage automatic updates in WordPress.