RIP Blue Screen of Death

In The Sky IT Posted on by

For decades, one screen symbolised everything that could go wrong with a PC: the Blue Screen of Death. It became a cultural meme, a punchline in presentations, and a running joke in IT departments the world over.

But here’s what most people forget: the Blue Screen wasn’t bad design. It was honest engineering.

When the Windows kernel hit a critical fault, the operating system did exactly what it was built to do: it stopped. Not gracefully. Not quietly. But transparently. It told you something had gone seriously wrong. The system halted to prevent data corruption, threw a stop code on the screen, and dumped memory to disk so engineers could piece together what happened.

Modern Windows has changed all that. In recent builds of Windows 11, Microsoft has gradually redesigned and de-emphasised that iconic screen. Crashes still happen, but the experience is faster, simpler, and built for automated diagnostics rather than human eyes.

That shift reflects something bigger: computing has fundamentally changed. Years ago, a stop code might be the only clue an administrator had. Today, the system captures kernel dumps, telemetry, crash diagnostics, and driver fault data automatically, pushing most of it into diagnostic pipelines before the user notices anything at all. Troubleshooting moved off the screen and into logs, telemetry platforms, and engineering tooling.

There is an irony in that, though. The Blue Screen became infamous because it was visible. Modern failures are often far more complex, but far more hidden. The system gathers its diagnostics, reboots in seconds, and the user sees nothing but a restart. No explanation. No dramatic blue warning. Just silence.

The Blue Screen of Death may have been one of the most honest error messages in computing history. It didn’t pretend everything was fine. It said: something went wrong, and we stopped the system to protect it.

Every sysadmin who saw that screen knew exactly what came next. Time to start digging.

The Hidden Cost of “Making Do”: Why Small Businesses Can’t Afford Bad Tech

In The Sky IT Posted on by

In the fast-moving world of small business, the pressure to keep costs down and productivity up is constant. It’s tempting to adopt a “this will do” approach when it comes to technology, patching together systems, relying on ad-hoc fixes, or deferring investment in IT improvement. After all: business is OK right now, right?

But that approach hides a far more insidious cost: the time, disruption and missed opportunity that accrues when your tech isn’t built for growth, reliability and efficiency. In fact, poor IT setups cost far more than the price of “just surviving”, and for small businesses and non-profit organisations that margin can be razor thin.

At In The Sky IT, we see it constantly: smart business owners, doing everything they can, yet hampered by sub-optimal technology. Here’s why making do with bad tech is a false economy.

  1. Time is money, and you’re wasting both

When your systems are slow, unstable or poorly integrated you pay in hidden ways:

  • Staff waiting for applications to load, data to sync, or queries to return.
  • Duplicate data entry because systems don’t talk to each other.
  • Frustration and disengagement when people fight tech rather than use it.
  • Re-working and corrections when “quick fixes” create errors and data inconsistencies.

Each minute lost aggregates across your team and across days. What feels like a small lag becomes a productivity drag. In a growth-minded business every hour spent waiting is an hour lost in serving customers, innovating or scaling.

  1. Avoidable costs

When you accept “it works for now” you may still be paying:

  • Subscriptions for multiple siloed tools instead of one integrated platform.
  • Legacy systems that are harder (and costlier) to support and maintain.
  • Excessive help desk time dealing with recurring “weird tech issues”.
  • Lost opportunities – e.g., inability to onboard new users quickly, or support remote working efficiently.

The cost of maintaining fragile or inefficient systems often exceeds the cost of replacing or upgrading them, yet many businesses stick with what they know because they ‘just make do’.

  1. Business risk and disruption

Poor technology setups expose you to risk:

  • A single point of failure or unsupported system can bring your operations to a halt.
  • Data-integrity issues, security gaps, compliance failures.
  • Inability to scale or adapt quickly. When you need to move fast, you’re held back.

When you don’t plan your tech strategically, you inadvertently build constraints into your business.

  1. Missed strategic opportunity

Good technology isn’t just about keeping the lights on, it’s a competitive asset. If you’re bogged down in “making do” then you can’t focus on:

  • Using data proactively to inform business decisions.
  • Automating repetitive tasks so staff can focus on value.
  • Enabling mobile, hybrid or flexible working that supports talent retention.
  • Integrating systems so that your tech supports growth rather than creating a bottleneck.

A strategic tech setup becomes a platform for growth; a poor setup becomes a dragchute.

Common Mistakes SMEs Make – and How Strategic Tech Planning Avoids Them

Here’s a handy checklist of the typical mistakes we see,  and how taking a strategic approach can avoid each one.

Mistake What it looks like Strategic tech planning avoids it by…
1. “It’s okay for now” mentality Systems are cobbled together, short-term fixes abound, no review plan Building a roadmap with key review points; choosing systems with growth in mind.
2. Siloed tools and data Sales uses one CRM, accounts use another, everyone uses spreadsheets Moving towards an integrated platform, aligning systems around core processes.
3. Legacy / unsupported systems Older software, end-of-life tools, high support costs Assessing lifetime costs, planning upgrades or migrations before breakdowns happen.
4. Under-investing in training/support People struggle with new tools, use old workarounds Ensuring change management, training and support built in as part of rollout.
5. Ignoring scalability and flexibility Systems rigid, changes require heavy effort, remote/hybrid work is awkward Choosing cloud-first, modular, future-ready tech, with flexibility for staff and growth.
6. No real data strategy Data scattered, reporting ad-hoc, decisions gut-based Implementing data governance, real-time reporting, dashboards that support actionable insights.
7. Reacting to problems rather than planning ahead Fix-it mode, firefighting, no time for proactive improvements Regular IT health-checks, strategic reviews, roadmap aligned with business strategy.
8. Overlooking security, compliance and risk Quick fixes, minimal controls, shadow IT Embedding cybersecurity and compliance in core thinking, not as afterthoughts.

Why Your Business Can’t Afford to Be “Good Enough”

When you look at the full impact of poor technology: lost productivity, frustrated staff, higher costs, missed opportunities, reputational or compliance risk. It becomes clear that “making do” is expensive. More expensive than it feels, and harder to track than you might think.

Here are three real-world implications:

  • Hidden hourly cost: Even a small daily delay (say 15 minutes) per user becomes hundreds of lost hours per year across the team. That’s cost and opportunity lost.
  • Growth bottleneck: When adding staff, expanding offices, or adopting new services you hit the tech ceiling, and growth stalls or becomes painful.
  • Competitive gap: Other businesses invest in their tech; you remain mired in operational drag, you deliver slower, adapt more slowly, innovate less. Your customers notice.

By contrast, a strategic tech setup pays dividends: efficiency, scalability, better decision-making, happier staff and customers, and ultimately cost savings and revenue growth.

How In The Sky IT Helps You Break the “Make-Do” Cycle

Here at In The Sky IT we specialise in helping SMEs (and start-ups) turn their tech from a burden into a business enabler. With over 20 years’ experience working for leading organisations and SMEs we bridge the gap between strategy and delivery.

When you engage with us on a tech refresh or digital transformation project, we always walk your organisation, regardless of size, through the following five steps

  • Carry out a technology health-check: what systems, processes and workflows are in place; where are the pain-points.
  • Develop a roadmap aligned to your business goals: growth, scalability, remote working, data-insights, cost control.
  • Ensure your tech is future-ready: cloud-friendly, modular, secure and efficient.
  • Wrap in a support plan, training curriculum and change-management policy so your people adopt and use systems properly.
  • Develop a governance and cost-control framework so you avoid surprise bills, multiple overlapping tools and hidden costs.

The outcome is tangible: stable, high-performing technology that grows with the business. Downtime decreases, operational efficiency climbs, and staff frustration drops. In The Sky IT ensures every part of the organisation runs on systems designed for success, not survival.

Starting the Conversation: Next Steps

If any of the above resonate, here’s how you can move forward:

  1. Schedule a Technology Health-Check – A short, no-obligation review of your current systems, workflows and pain-points. Many consultancy firms offer a service like this. If you’d like to work with In The Sky IT, please get in touch.
  2. Define Your Business Goals – Growth, efficiency, remote work, customer experience: what does your business want to achieve in the next 12–24 months?
  3. Create Your Tech Roadmap – With cost, benefit and risk mapped out – so you invest with confidence.
  4. Execute With Team Buy-In – Because technology is only as good as adoption and use. Training, support, governance all matter.
  5. Review Regularly – Business evolves and so should tech. A yearly or bi-yearly review ensures you stay ahead.

At In The Sky IT we’re ready to walk that path with you: from feeling stuck, to having tech that works for you. Because in today’s world you can’t afford to make do. Your tech should be helping you, not holding you back.

 

 

 

Why Small Businesses Need to Stop ‘Googling It’ and Call the Professionals

In The Sky IT Posted on by

At In The Sky IT, we love a good small business story. Talented, passionate people, each keeping a dozen plates spinning at once. But it doesn’t always work out. Every so often, we meet a founder whose determination to do it all leads to headaches as well as triumph. Enter Zoe, founder of Zig Zag Dance, a vibrant local dance studio here in Manchester.

Zoe had built her business on a love of teaching and passion for contemporary dance. She knew exactly when to call in expert advice: legal contracts? Solicitor. Payroll? Accountant. Staff issues? HR specialist. But when it came to her tech? Well, that was a different story. Like many small business owners, Zoe thought she could muddle through with the help of Google and a few well-meaning friends. Printer on the blink? A quick YouTube tutorial. Wi-Fi issues? Reboot the router. New software needed? Download whatever looked easiest.

It worked… until it didn’t.

The moment that truly summed it up for us was when Zoe confessed she’d recently bought a new laptop for the studio. Not because it had the power to manage bookings, run her creative software, or integrate with her billing system… but because she liked the colour. A lovely shade of green, apparently.

We had a good laugh about it together, but it was a telling moment. The truth is, small business owners wouldn’t dream of filing their own tax returns without an accountant, or writing their own legal contracts without a solicitor. So why, when it comes to IT, arguably the backbone of modern business, do so many think they should just figure it out as they go?

The Right Tools, The Right Setup, The Right Support
When Zoe reached out to In The Sky IT, we sat down over a cup of tea and took stock of the studio’s tech setup. From ageing laptops and mismatched software to a email that was still being sent from a Gmail account, it was clear things had fallen by the wayside while she focused on what she does best: running a thriving dance school.

Together, we created a plan. Advice on purchasing new hardware and software, tailored to her business needs. A web presence that reflects the energy and creativity of Zig Zag Dance. And crucially, ongoing tech support on retainer so when something goes wrong five minutes before a class, Zoe can just pick up the phone and get the help she needs from an expert.

It’s About Value, Not Just Cost
Some small business owners hesitate to bring in IT specialists because they worry about the cost. But as Zoe discovered, the time lost wrestling with tech problems, not to mention the missed opportunities from outdated systems, can be far more expensive in the long run. And no one should be buying laptops based on the colour.

A Word to Fellow Start-ups and Small Business Owners
If you’re a founder juggling a thousand tasks and trying to patch together your tech as you go, we get it. But you don’t have to do it alone. Having the right IT advice isn’t a luxury, it’s part of building a solid, sustainable business.

Zoe’s now got a business setup that works for her, not against her. And yes, we made sure her new laptop still came in a colour she liked.

Need a hand with your IT setup?
We’re In The Sky IT, your friendly Manchester-based IT consultancy for start-ups, small businesses and non-profits. Drop us a line, we’d love to hear your story.

Customising Your WordPress Site: Which Plugins Are Right For You?

In The Sky IT Posted on by

WordPress is an incredibly powerful platform, but to truly unlock its full potential, the right plugins are essential. Whether you’re running a blog, an eCommerce store, or a business website, the right tools can enhance security, improve performance, and boost SEO.

With thousands of plugins available, it can be overwhelming to choose the best ones. That’s why we’ve curated a list of must-have WordPress plugins that will help you optimize your site, enhance user experience, and streamline your workflow. From SEO and security to speed and design, these plugins are essential for any WordPress admin.

1. Jetpack Security

Jetpack Security is a WordPress plugin that provides real-time protection against malware, brute-force attacks, and spam. It includes automated backups, security scanning, downtime monitoring, and two-factor authentication. The plugin offers a web application firewall (WAF) and site activity logs to track changes. Jetpack Security integrates seamlessly with WordPress, offering both free and premium features. The premium plan includes priority support, malware removal, and enhanced backup options. Designed for ease of use, it helps site owners maintain security without technical expertise

2. Yoast SEO

Yoast SEO is a popular WordPress plugin that helps optimize website content for search engines. It provides real-time analysis of readability and SEO factors like keyword usage, meta descriptions, and internal linking. The plugin includes XML sitemaps, schema markup, and social media integration. Its traffic light system (green, orange, red) guides users in improving their content’s SEO and readability. Yoast SEO also supports canonical URLs to prevent duplicate content issues. The free version covers essential features, while the premium version offers advanced tools like multiple keyword optimization and internal linking suggestions.

3. WP Super Cache

WP Super Cache is a popular WordPress plugin that improves website speed by generating static HTML files for pages, reducing server load. It offers three caching modes: Simple, Expert, and WP-Cache, catering to different user needs. The plugin supports CDN integration, cache preloading, and garbage collection to optimize performance. It also includes features like mobile caching and REST API support. Ideal for high-traffic sites, WP Super Cache enhances user experience and SEO by delivering faster load times. It’s easy to configure and works well with most hosting environments.

4. Google XML Sitemaps

The Google XML Sitemaps WordPress plugin helps generate XML sitemaps to improve search engine indexing. It automatically updates the sitemap when new content is added, making it easier for search engines like Google, Bing, and Yahoo to crawl and index your site. The plugin supports all WordPress-generated pages, custom URLs, and various post types. It also allows fine-tuning of sitemap settings, including priority and frequency adjustments. This SEO-friendly tool enhances visibility without slowing down site performance, making it a must-have for website optimization.

5. WordFence

Wordfence is a popular WordPress security plugin that provides firewall protection, malware scanning, and login security. It blocks malicious traffic, prevents brute-force attacks, and offers real-time threat intelligence. The plugin includes two-factor authentication, IP blocking, and a web application firewall (WAF) to safeguard websites. It also scans for vulnerabilities, backdoors, and malware infections. Wordfence’s premium version offers advanced features like country blocking and real-time updates. With an intuitive dashboard and detailed security reports, it helps website owners monitor and protect their sites from cyber threats effectively.

6. Akismet

Akismet is a WordPress plugin that helps prevent spam comments and contact form submissions. Developed by Automattic, it automatically filters out spam using an advanced algorithm and a global spam database. The plugin checks comments against its database and moves suspected spam to a separate folder for review. Akismet is easy to install and offers free and premium plans, making it ideal for bloggers and businesses looking to keep their sites clean and professional. It reduces manual moderation, improves site performance, and enhances user experience by blocking unwanted content.

7.Site Kit by Google

Site Kit by Google is an official WordPress plugin that integrates Google’s essential tools, including Search Console, Analytics, AdSense, and PageSpeed Insights. It provides website owners with key performance metrics, traffic insights, and monetization data directly in the WordPress dashboard. The plugin simplifies setup and management, eliminating the need for complex code integration. Site Kit helps users track visitor behavior, optimize site speed, and improve SEO effortlessly. It’s ideal for beginners and advanced users looking for an all-in-one solution to monitor and enhance their website’s performance using Google’s trusted tools.

8. Blog Vault

BlogVault is a powerful WordPress backup, migration, and security plugin. It offers automated daily backups, real-time syncing, and one-click restores. The plugin supports staging sites, seamless website migrations, and malware scanning with built-in security features. BlogVault stores backups on its own servers, ensuring minimal load on your website. It also provides incremental backups, saving only changes instead of full-site copies, optimizing performance. With support for multisite networks and WooCommerce, BlogVault is a reliable solution for website protection, uptime monitoring, and hassle-free recovery. Its user-friendly dashboard makes managing backups and security effortless.

9. Loginizer

Loginizer is a WordPress security plugin that protects websites from brute-force attacks by limiting login attempts and blocking IPs after multiple failures. It offers features like two-factor authentication (2FA), reCAPTCHA, login challenge questions, and IP blacklisting/whitelisting. The plugin also provides automatic security updates, passwordless login, and protection against XML-RPC attacks. Loginizer is lightweight and easy to configure, making it a popular choice for enhancing WordPress security. The free version includes basic protections, while the premium version unlocks advanced features for stronger defense.

How to Disable PHP Execution in WordPress

In The Sky IT Posted on by

Why You Should Disable PHP Execution in Key WordPress Directories

WordPress allows certain folders to be writable so you and other authorized users can upload themes, plugins, images, and videos. That flexibility is useful, but it can also create a security gap. If attackers gain access, they can upload backdoor files or malware into those same directories. These malicious files often mimic legitimate WordPress components. Most are written in PHP and can silently run in the background, giving hackers complete control of your website.

Alarming? Yes. But the solution is simple: disable PHP execution in directories where PHP never needs to run. Once you block PHP in these locations, no PHP file can execute there, even if someone manages to upload one.

Below is a clear guide to improving WordPress security by using an .htaccess rule to block PHP execution.

How to Disable PHP Execution with an .htaccess File

Most WordPress installations include an .htaccess file in the root directory. This file handles important tasks such as:

  • Password-protecting admin areas

  • Disabling directory browsing

  • Enforcing SEO-friendly URLs

  • Managing redirects and performance settings

You can also place additional .htaccess files inside WordPress subfolders to apply extra security rules.

To block PHP from running in vulnerable folders, create a new .htaccess file and upload it to:

  • /wp-includes

  • /wp-content/uploads

Step 1: Create the .htaccess file

  1. Open a text editor (Notepad on Windows or TextEdit on macOS).

  2. Paste the following code:<Files *.php>
    deny from all
    </Files>

  3. Save the file with this exact name:
    .htaccess

Step 2: Upload the file to your server

Use an FTP client or your hosting provider’s File Manager to upload the .htaccess file into both target directories:

  • /wp-includes

  • /wp-content/uploads

Once in place, this rule blocks any PHP script inside those folders from running. Even if a hacker uploads a malicious .php file, it simply won’t execute.

Why This Security Step Matters

Blocking PHP execution in these directories:

  • Prevents common backdoor attacks
  • Protects your site from hidden malware scripts
  • Reduces security risks from vulnerable upload forms and plugins
  • Adds a strong layer of defense with almost no effort

WordPress does not require PHP execution in these folders for normal operation, so this security enhancement creates protection without breaking your site.

How to Disable WordPress Theme and Plugin Files Editors

In The Sky IT Posted on by

Why Disable Theme and Plugin Editors in WordPress?

WordPress comes with a built-in code editor which allows you to edit WordPress theme and plugin files directly from the admin area.

The theme editor is located at Appearance » Theme File Editor page. By default, it will show your currently active theme’s files. Similarly, the plugin editor can be seen at Plugins » Plugin File Editor page. By default, it will show you one of the installed plugins from your site that comes up first in the alphabetical order. If you visit the theme or plugin editor page for the first time, WordPress will warn you that using the editor can break your website.

In WordPress 4.9, theme and plugin editors were upgraded to protect users from accidentally breaking their website. In most cases, the editor will catch a fatal error and will revert back the changes. However, this is not guaranteed and some code may still slip through and you would end up losing access to the WordPress admin area. The biggest problem with the built-in file editor is that it gives full access to add any kind of code to your website.

If a hacker broke into your WordPress admin area, then they can use the built-in editor to gain access to all your WordPress data. Hackers can also use it to distribute malware or launch DDOS attacks from your WordPress website. To improve WordPress security, we recommend removing the built-in file editors completely.

That being said, let’s see how to easily disable theme and plugin editors in WordPress.

How to Disable Theme and Plugin Editors in WordPress

Disabling theme and plugin editors in WordPress is quite easy. But, it requires adding code in WordPress.

You’ll need to add this line of code to your theme’s functions.php file, a site-specific plugin, or by using a code snippets plugin.

1
define( 'DISALLOW_FILE_EDIT', true );

We recommend using the WPCode plugin because it’s free, easy to use, and won’t break your website if anything goes wrong.

  • First, you’ll need to install and activate the free WPCode plugin.
  • Once the plugin is activated, go to Code Snippets » Add Snippet from your WordPress dashboard. Then, hover your mouse over the ‘Add Your Custom Code (New Snippet)’ option and click the ‘Use snippet’ button.
  • Next, you’ll be prompted to choose the code type for your snippet. Select the ‘PHP Snippet’ option.
  • After that, you can add a title for your snippet and paste the code from above into the ‘Code Preview’ box.
  • Lastly, simply toggle the switch from ‘Inactive’ to ‘Active’ and click on the ‘Save Snippet’ button.

That’s all, plugin and theme editors will now disappear from themes and plugins menus in the WordPress admin area.

As an alternative, you can also edit your wp-config.php file and paste the code from above just before the line that says ‘That’s all, stop editing! Happy publishing’ :

Then, save your changes and upload the file back to your website.

How to Disable XML-RPC in WordPress

In The Sky IT Posted on by

What Is XML-RPC in WordPress?

XML-RPC is a core WordPress API that has been enabled by default since WordPress 3.5 was released in 2012. It allows developers to use XML and HTTPS protocols to connect to and interact with your WordPress website. In short, you need XML-RPC enabled to access and publish your blog remotely, such as when you want to use a mobile app to manage your site or make connections to automation services.

However, if you’re not using mobile apps with your website, then it is advisable to disable XML-RPC as this closes a door that may potentially be exploited to hack your website. In this article, we are going to walk you through 3 methods to accomplish this.

Method 1: Disable WordPress XML-RPC With .htaccess (Advanced)

This method is for advanced users because it requires you to edit your site’s .htaccess file. This way has several advantages, such as the ability to give remote access to yourself and your team while restricting everyone else. It also won’t negatively affect your WordPress performance since it disables
XML-RPC requests before they are passed on to WordPress.

You will need to add the following code to your .htaccess file. You can do this by connecting to your site using an FTP client or file manager. Also, All in One SEO users can use the plugin’s built-in editor tool to add the code snippet, as you can see in the screenshot below.

1
2
3
4
5
6
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
 deny from all
allow from 123.123.123.123
</Files>

If you wish to give a certain user remote access to your site, then simply replace ‘123.123.123.123’ on line 5 with their IP address. You can add multiple IP addresses by separating them with spaces. Or, if you want to disable XML-RPC completely, then delete line 5 altogether.

Method 2: Disable WordPress XML-RPC With a Code Snippet (Recommended)

This method requires you to add some code to your WordPress website. WPCode is the easiest and safest way to add code to your WordPress site. It helps you to manage your code snippets and prevents any errors from breaking your site. In this method, we will use one of WPCode’s built-in code snippets to disable XML-RPC.

  • First, you need to install the free WPCode plugin.
  • Upon activation, head over to Code Snippets » Add Snippet. The WPCode library already contains a snippet that disables XML-RPC. You can find it by searching for ‘xml.’
  • Once you find it, you need to click the ‘Use snippet’ button.
  • Next, you need to switch the ‘Active’ toggle to the ‘On’ position.
  • Finally, make sure you click the ‘Update’ button to enable the snippet on your site and disable XML-RPC API.

Method 3: Disable WordPress XML-RPC With a Plugin

This is a simple method that can be used if you don’t want to add any other customizations to your website with a code snippet plugin

Simply install and activate the Disable XML-RPC-API plugin.

The plugin works out of the box and will immediately deactivate XML-RPC.

You can navigate to XML-RPC Security » XML-RPC Settings to configure the plugin. For example, you can allow certain users to access XML-RPC by whitelisting their IP addresses.

Testing That WordPress XML-RPC Is Disabled

Now you should check to make sure you successfully disabled the XML-RPC API on your WordPress website.

You can check that XML-RPC is disabled by simply visiting the URL http://example.com/xmlrpc.php in your browser. Make sure you replace ‘example.com’ with your own website’s domain name. If XML-RPC is disabled, you should see the error message: ‘Forbidden: You don’t have permission to access this resource.’

How to Change Your WordPress Admin Username

In The Sky IT Posted on by

Is It Possible to Change WordPress Usernames?

It has long been a complaint that it is difficult to change your username in WordPress. Usernames actually can’t be changed in WordPress. This can be frustrating and confusing to beginner WordPress users. So, in this article, we present you several workarounds that will accomplish the same end:

Method 1: Create a New User and Delete the Old One

The easiest way to change your WordPress username is by creating a new user with your desired username and with the administrator user role. The only catch is that you will need to use a different email address than the one used by your current account.

Note: If you are using Gmail, then you can insert a plus sign (+) with additional letters after your username. For example, if your email address is myname@gmail.com, then you can use the email address myname+wordpress@gmail.com. It will still go to the same email inbox, but WordPress will consider it a separate email address.

After creating the new account, you need to log out of your WordPress account and then log in with the new user account you just created. Next, head over to the Users » All Users page in your WordPress admin area and then click the ‘Delete’ link under your old username to remove it. When you delete the old username, WordPress will ask what you want to do with any content created by that user. Make sure that you click the ‘Attribute all content to’ option and then select the new user you just created. After that, you should click the ‘Confirm Deletion’ button to delete the old user account.

Congratulations, you have now successfully changed your WordPress username. If you want to use the same email address as before, then you can now change the email address of the new user.

Method 2: Use Easy Username Updated (Plugin Method)

Another simple way to change your WordPress username is by using a plugin. If you are concerned about using too many WordPress plugins, then don’t worry. You can safely delete the plugin once you have changed your WordPress username.

The first thing you need to do is install and activate the Easy Username Updater plugin.  Upon activation, simply go to the Users » Username Updater page and then click the ‘update’ link next to the username you want to change. Now, you simply enter the new username and then click the ‘Update Username’ button. If you’d like to notify the user about the change, then make sure you check the ‘Send User Notification’ box first.

That’s all! Now, you can remove the username changer plugin from your site.

Method 3: Change WordPress Username With phpMyAdmin (Advanced)

This method is a little bit complicated as it requires that you make direct changes to your WordPress database. We recommend that users avoid doing this if possible since it’s easy to make a mistake and cause errors on your WordPress site. However, in some cases, you may not have an option, such as when you forget your WordPress username and email address and get locked out of your admin account.

First, you will need to log in to your web hosting and open CPanel. Once you’re inside CPanel, go ahead and navigate to  ‘phpMyAdmin.’

This will launch phpMyAdmin in a new browser tab. You will need to select your WordPress database if it is not already selected. You will now see your WordPress database tables. By default, WordPress database tables use wp_ as a prefix before each table’s name. It is possible that you may have changed the database prefix to something else.

You need to click on the wp_users table on the left-hand side. Then, you should click ‘Edit’ next to the username that you wish to change. Now, you will be able to type the new username you wish to use into the user_login field. When you are done, you’ll need to click the ‘Go’ button at the bottom of the screen to save the new username.

That’s all! Now, you should be able to log in to your dashboard with your new username.

Keeping Your WordPress Blog Secure: A Beginner’s Guide

In The Sky IT Posted on by

WordPress powers over 40% of the web, making it a popular target for hackers and security threats. While the platform itself is secure, neglecting basic security practices can leave your site vulnerable. The good news? You don’t need to be a tech expert to protect your blog. In this guide, we’ll cover simple step you can take to keep your WordPress site safe from common threats. Whether you’re a beginner or just looking to tighten your defenses, these tips will help you secure your blog with confidence.

Basics of WordPress Security

Why Website Security is Important

A hacked WordPress website can cause serious damage to your business’s revenue and reputation. Hackers can steal user information and passwords, install malicious software, and even distribute malware to your users.
Worst, you may find yourself paying ransomware to hackers just to regain access to your website. Every day, Google warns 12-14 million users that a website they are trying to visit may contain malware or steal information.
Furthermore, Google blacklists around 10,000+ websites each day for malware or phishing.
Just as business owners with a physical location are responsible for safeguarding their property, online business owners need to pay extra attention to their WordPress security.

Keep WordPress Updated

WordPress is open-source software and is regularly maintained and updated. By default, WordPress automatically installs minor updates. For major releases, you need to manually initiate the update.
WordPress also comes with thousands of plugins and themes that you can install on your website. These plugins and themes are maintained by third-party developers, which regularly release updates as well.
These WordPress updates are crucial for the security and stability of your WordPress site. You need to make sure that your WordPress core, plugins, and theme are up to date.

Use Strong Passwords & User Permissions

The most common WordPress hacking attempts use stolen passwords. However, you can make that difficult by using stronger, unique passwords for your website.
We are not just talking about the WordPress admin area. Remember to create strong passwords for your FTP accounts, databases, WordPress hosting accounts, and custom email addresses that use your site’s domain name.
Many beginners don’t like using strong passwords because they are hard to remember. The good thing is that you don’t need to remember passwords anymore because you can just use a password manager.

Another way to reduce the risk is to not give anyone access to your WordPress admin account unless you absolutely have to.
If you have a large team or guest authors, then make sure that you understand user roles and capabilities in WordPress before you add new user accounts and authors to your WordPress site.

WordPress Security in a Few Steps

1. Install a Backup Solution

Backups are your last defense against any WordPress attack. Remember, nothing is 100% secure. If government websites can be hacked, then so can yours.
Backups allow you to quickly restore your WordPress site in case something bad was to happen.

There are many free and paid WordPress backup plugins that you can use. The most important thing you need to know when it comes to backups is that you must regularly save full-site backups to a remote location (not your hosting account). We recommend storing it on a cloud service like Amazon or Dropbox, or in private cloud like Stash.

Based on how frequently you update your website, the ideal setting might be either once a day or real-time backups.
Thankfully this can be easily done by using plugins like Duplicator or BlogVault. They are both reliable and most importantly easy to use.

For more about WordPress Plugins, check out handy guide to some of the most useful ones HERE.

2. Install a Good WordPress Security Plugin

After backups, the next thing you need to do is set up a way to keep track of all the activity happening on your website. This includes file integrity monitoring, failed login attempts, SQL injection attempts and lots more. Thankfully, you can easily take care of this by installing a security plugin. There are plenty available but the one we recommend is WordFence because it is both capable and simple. You don’t nee to be a network engineer to configure it.

Once you have installed your new plugin, you should head over to it’s Dashboard page see if the plugin found any immediate issues with your WordPress site. Whilst here you can click around and get comfortable with your new plugin’s capabilities. The default settings should work well for most websites, but if you are feeling confident, you can go ahead and tweak some settings to see what happens. You can always change things back later on.

one thing we recommend you customise right now is the email alerts feature. By default, you will receive a lot of email alerts that can clutter your inbox so go ahead and change these settings to whatever level of alert you feel comfortable with. We recommend enabling alerts only for key actions you wish to be notified about, such as plugin changes and new user registrations.

3. Enable a Web Application Firewall (WAF)

The next thing you should do is enable a Web Application Firewall to block malicious traffic before it even reaches your website. Firewall software works on one of two levels:

  • A DNS-level website firewall routes your website traffic through a proxy server hosted by the software vendor. This server screens out known malicious traffic sources and passes on the valid traffic to your website.
  • An application-level firewall examines the traffic once it reaches your site but before loading most WordPress scripts. This method is not as efficient as the DNS-level firewall in reducing the server load.

A DNS-level Firewall is the preferred option. Fortunately for you, you just installed WordFence, which includes a DNS-level WAF with a handy learning mode which allows it to partially configure itself based on your average content and traffic.

4. Make Sure Your Site is Using HTTPS

SSL (Secure Sockets Layer) is a protocol that encrypts data transfer between your website and the user’s browser. This encryption makes it harder for someone to steal your data. Once you enable SSL, your website address will use HTTPS instead of HTTP.

SSL certificates are typically issued by certificate authorities, and their prices start from $80 to hundreds of dollars each year. Due to added cost, most website owners in the past opted to keep using the insecure protocol. To fix this, a non-profit organization called Let’s Encrypt decided to offer free SSL Certificates to website owners. Their project is supported by Google Chrome, Facebook, Mozilla, and many more companies.

Many hosting companies now offer a free, or very cheap, SSL certificate for use with WordPress websites. If your hosting company does not offer one, then you can purchase an SSL certificate from Domain.com. They have the best and most reliable SSL deals on the market. The certificate comes with a $10,000 security warranty and a TrustLogo security seal.

5. Change the Default Admin Username

In the old days, the default WordPress admin username was ‘admin’. Since usernames make up half of the login credentials, this made it easier for hackers to do brute-force attacks. Thankfully, WordPress has since changed this and now requires you to select a custom username at the time of installing WordPress.

However, some 1-click WordPress installers still set the default admin username to ‘admin’. If you notice that to be the case, then it’s probably a good idea to switch your web hosting. Since WordPress doesn’t allow you to change usernames by default, there are three methods you can use to change the username.

  1. Create a new admin username and delete the old one.
  2. Use the Username Changer plugin
  3. Update username from phpMyAdmin

You can find our detailed guide to how to change your WordPress username HERE

6. Disable File Editing

WordPress comes with a built-in code editor that allows you to edit your theme and plugin files right from your WordPress admin area. In the wrong hands, this feature can be a security risk, which is why we recommend turning it off. You can easily do this by adding the following code to your
wp-config.php file or with a code snippet plugin like WPCode.

1
2
// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );
We show you how to do this step by step in our guide on how to disable file editing HERE.

7. Disable PHP File Execution

Another way to harden your WordPress security is by disabling PHP file execution in directories where it’s not needed, such as /wp-content/uploads/.
You can do this by opening a text editor like Notepad and pasting this code:

1
2
3
<Files *.php>
deny from all
</Files>

Next, you need to save this file as .htaccess and upload it to the /wp-content/uploads/ folder on your website using an FTP client.

For a more detailed explanation, see our guide on how to disable PHP execution, HERE.

8. Limit Login Attempts

By default, WordPress allows users to try to log in as many times as they want. This leaves your WordPress site vulnerable to brute-force attacks. This is where hackers try to crack passwords by trying to log in over and over again with different combinations of characters in the hope of hitting the correct password by guesswork. This can be easily fixed by limiting the failed login attempts a user can make.

Some versions of a Web Application Firewall, include this feature. If you have chosen one of these, then this is automatically taken care of. However, if you don’t have a firewall set up. Or you chose a WAF which doesn’t have this facility,  then you can use a separate plugin to limit login attempts. We’re using Loginizer for this example:

  • First, you need to install and activate the free Loginizer plugin.
  • Once activated and Configured, the plugin will start to limit the number of login attempts users can take.

The default settings will work for most websites. However, you can customize them by visiting the Loginizer Security tab in the sidebar. This plugin will also allow you to enable other advanced login features like 2 Factor Authentication and Single Sign-On.

9. Disable XML-RPC in WordPress

XML-RPC is a core WordPress API that helps connect your WordPress site with web and mobile apps. It has been enabled by default since WordPress 3.5. However, because of its powerful nature, XML-RPC can significantly amplify brute-force attacks. For example, if a hacker traditionally wanted to try 500 different passwords on your website, they would have to make 500 separate login attempts.

But with XML-RPC, a hacker can use the system.multicall function to try thousands of passwords with say 20 or 50 requests. This is why if you are not using XML-RPC, then we recommend that you disable it. There are 3 ways to disable XML-RPC in WordPress, and we take you through them in our details article on the subject which you can find HERE.

10. Hire Professionals Instead

As a busy small business owner, you may not have time to monitor your website security and protect it from vulnerabilities. So, to ease your mind and lighten your workload, you can hire a managed service provider to monitor and maintain your WordPress site for you 24/7.

In The Sky IT offers comprehensive WordPress website maintenance at an affordable price. It includes security monitoring, routine cloud backups, WordPress updates, uptime monitoring, and much more. Find out more HERE.

So You’ve Installed WordPress, Now What?

In The Sky IT Posted on by

Congratulations on installing WordPress! You’ve taken the first step towards creating your own website or blog. Now you’re staring at the WordPress dashboard for the first time and feeling a little overwhelmed. Don’t panic! I’m going to walk you through the essential steps to configure your new WordPress site, even if you’re a complete beginner.

1. Familiarize Yourself with the Dashboard

When you log into WordPress, you’ll land on the Dashboard. Think of it as your website’s control center. Here’s you’ll find a sidebar with a set of options:

  • Posts: Where you create and manage blog articles.
  • Pages: Used for static content like “About Us” or “Contact” pages.
  • Appearance: Customize the look of your site.
  • Plugins: Add new features without coding.
  • Settings: Configure site-wide options.

And a lot of blank space in the middle under a welcome message. As you customise your site and add content, the blank space will fill up with useful data about your site. You’ll come here to find information about security threats, traffic, software updates and lots more.

Spend a few minutes clicking around to get comfortable.

2. Set Up Basic Site Settings

Head to Settings > General to configure key details:

  • Site Title: Your website’s name.
  • Tagline: A short description or slogan.
  • URL: Ensure your website address (URL) is correct.
  • Timezone: Set this to your local time for accurate post scheduling.

Click Save Changes when you’re done.

3. Choose a Theme

Your theme controls your website’s overall look and feel. Go to Appearance > Themes > Add New to browse free themes.

  • Use the search bar to find themes suited for blogs, portfolios, or businesses.
  • Click Preview to see how a theme looks.
  • Click Install and then Activate to apply your chosen theme.

4. Customize Your Theme

Go to Appearance > Customize to tweak your theme’s settings:

  • Site Identity: Upload a logo and adjust your tagline.
  • Colors & Fonts: Adjust to match your brand.
  • Homepage Settings: Choose between a static homepage or your latest posts.

Make changes and click Publish to save.

5. Create Your First Pages

Go to Pages > Add New to create important pages:

  • About: Share your story.
  • Contact: Include a form so visitors can reach you.
  • Privacy Policy: A must for legal compliance.

Add titles, content, and click Publish when ready.

6. Set Up Navigation Menus

Organize your site’s structure via Appearance > Menus:

  • Click Create a New Menu.
  • Add your pages (About, Contact, Blog, etc.).
  • Drag and drop to reorder.
  • Choose where the menu appears (usually “Primary Menu”).

Click Save Menu to apply changes.

7. Adjust Reading Settings

Go to Settings > Reading:

  • Homepage Displays: Choose a static page or your latest posts.
  • Blog Pages Show At Most: Control how many posts display per page.

Click Save Changes after adjustments.

8. Start Blogging!

You’re ready to create content. Go to Posts > Add New:

  • Add a catchy title.
  • Write your content in the editor.
  • Add images via the “Add Media” button.
  • Choose categories and tags to organize your posts.

Click Publish when you’re ready to go live.