how to block spam emails in wordpress

WordPress Tips: How to block spam emails

By Website Tips No Comments

We constantly get questions from clients about how to avoid spam emails coming through the online forms on their websites. This is the first of two articles about how to block spam emails. First, let us say the most important thing about blocking spam:

NO anti-spam system is 100% effective

Sorry, spam is here to stay. It surely boggles the mind that there are companies spending obviously hundreds of thousands of dollars on spam techniques and technology. All I can say is that they must keep doing it because it works. Unfortunately! So, No anti-spam system is 100%. The tech world’s best efforts against spam are mostly a game of catch-up figuring out what the spammers are doing, and methods for overcoming it. Every solution is quickly met with the spammers’ next curveball.

Top that off with low-exchange rates with other countries where it is super cheap to pay someone–real human beings–to spam you. There are no easy ways to block this kind of spam that aren’t also dramatic (i.e. blocking the original IP and anyone else attached to it).

So…Here are our Top Three EASY solutions for blocking MOST automated spam on WordPress sites and SOME spam generated by human beings.

1. Use Akismet

Akismet has been in the spam-blocking game for many years. They have free versions available but we also encourage contributing to the service so they can keep up the good work. Simply install the Akismet WordPress plugin, create your Akismet account, and activate the Akismet plugin on your site using the Akismet API key. Not only does this filter out many to most spam comments on your site, it also blocks emails if you’re using Contact Form 7 for your forms.

2. Use an anti-bot system like CAPTCHA

This also doesn’t work against real-people spam, but it does a great job at blocking automated spam. Not much more else to say about this solution without making this a step-by-step tutorial (which this is not because there are already tons of good tutorials out there). Here’s an example of Google’s reCAPTCHA:

google recaptcha example

You’ve probably had to use this feature on other websites.

3. Manually block domains or IP’s

WordPress has a built-in feature for blocking spam messages or comments. This doesn’t really work until you’ve received a spam message BUT it will block any future messages so it’s still worth doing. To implement this method

  • Go to ‘Dashboard > Settings > Discussion’
    how to block spam emails in wordpress 1
  • Go to ‘Comment Blacklist’
  • Enter the domain you wish to block
    See the screenshot above for where to place it. You find the domain from the spam email you received. If sent you an email about starting a bank account, you copy and highlight everything AFTER the ‘@’ symbol (don’t include the ‘@’ symbol). Place the domain (e.g. in the Comments Blacklist and this will work with Contact Form 7 to never send emails to you. As you can see from our example above we use this method ourselves.

    It’s unfortunate that you are going to receive spam from time to time. Start with the methods above. Most of your automated spam will stop. When the odd spam message does get through you can block the domain and stop future emails. Mostly. Spammers are bound and determined to get through, and they get very creative about how they do it. What’s worse, your domain or email can end up on spam lists that are shared with others. But, online forms are a VERY important way for your ideal customers and prospects to get through to you so we recommend keeping a form active on your site when at all possible.

    Hope these tips helped!

    Photo credits: d3images

website security wordpress security

Three website security tips for your WordPress website

By Website Tips No Comments

Website security has become an increasingly important topic over the last few years. It has become so important that even Google has taken steps to prioritize websites that use secure hosting — even if the site doesn’t perform any functions like processing credits cards. Since we deal mostly with WordPress we care specifically about WordPress security. Below are some of the most basic and most important steps you can take to protect your site from malicious behavior, hacks or malware injections.

1. Create regular backups

This is easily the most important thing you should do for website security. WordPress operates in multiple parts: tables, content files and code files. By creating regular backups of your WordPress website you will always have a working copy of your site. If your site goes down or gets hacked you can easily restore it to the most recent working version. How often to backup? The more frequently you edit or add content to your site, the more frequently you should backup your site. We recommend weekly. If you don’t change content very often you can get away with backing up your site monthly. We also recommend a regimen of automated backups with manual backups just to be safe.

2. Update WordPress Version, Plugins and Themes

This is the most important preventative action you can take for website security. One thing we love about WordPress is that it is open source and is backed up by a thriving community of fans and expert coders. WordPress is constantly upgraded to improve the security of its coding. Granted, weaknesses are usually identified after they’ve been exploited, but teams of crack coders work to fix the weaknesses and improve WordPress security. The same can be said for GOOD themes and plugins whose creators actively update their coding. You should keep your site updated to the most recent, stable version of WordPress as well as plugins and themes. Otherwise, your site will be vulnerable to hacking.

3. Use Security Plugins

Over the years, two WordPress security plugins have risen to the top of our favorites list. We recommend them highly. They both have free and premium versions. The free versions have awesome features, and if website security becomes more of a concern, we recommend the premium versions. We’ll just highlight our favorite features. You should check out these plugins fully.

iThemes Security Plugin

Hide Backend: This feature hides the typical login page for WordPress. Hackers frequently try brute force attacks by bombarding pages like the login page with bogus login attempts. If they can hack your login they can do anything they want to your site. This is no good! By hiding your login page URL you can prevent an enormous number of these kind of brute force attacks.

404 Detection: This is another way hackers frequently attack a site — by searching for known page URL’s on other sites. If your site doesn’t have the same URL’s these hackers will generate an unusually high number of 404 errors. iThemes Security Plugin allows you to limit, even block IP’s that are acting suspiciously on your site.

Banned Users: This is by far our favorite feature. You can permanently ban suspicious or malicious IP’s from your website. Talk about website security! Once a spammer or hacker finds your site they can be relentless at bombarding your site with spam or hack attempts. Once you detect them you can block them from even getting to your site. It’s a beautiful thing 🙂


Live Traffic: Live Traffic allows you to view real-time activity on your site. Wordfence does a pretty good job of determining whether that activity is a human, a bot, or potentially dangerous. You can view in real-time if something suspicious is going on and then determine what action to take.

Blocking: You guessed it. We love blocking malicious activity. Wordfence provides multiple ways of blocking IP’s. Probably the coolest is in the Live Traffic feature. If you see someone (or a bot) trying to exploit WordPress weaknesses you can immediately block them right then and there.

Firewall: Wordfence’s Firewall feature is not too shabby! They’ve even built in the ability for it to “learn”. By monitoring the behavior on your site it tries to differentiate automatically between normal behavior versus suspicious behavior. And, when it detects suspicious acting IP’s, it goes into action protecting your site.

If you take the above security measures you can eliminate 99% of your worries about your site being hacked. The nicest thing about these website security tips is that they are free and easy to do. If you invest just a little time each week to monitoring and maintaining the security on your site you will easily stay on top of things and keep your website safe.




all pathways website redesign

Website Redesign: All Pathways, LLC

By Portfolio Websites, Web Ninja Updates No Comments

Believe it or not, All Pathways, LLC was our very first client — ever. They have been wonderful additions to our team for over a decade. As times and technology have changed, we have had the pleasure of updating their site to keep up and keep putting their best foot forward. Introducing Cari Zoebelle and:

All Pathways, LLC




(view the website)

What did we do?…

Responsive Design

Cari’s previous website was built in HTML which didn’t adapt to display well on mobile devices. With her new responsive design the site looks great on smart phones, tablets, as well as laptops and desktops.


We found some gorgeous photos with pathways in them to create a welcoming, artistic experience for visitors. With these images as a rotating background, visitors instantly know that Cari is no ordinary bookkeeper 🙂

WordPress Website

This website redesign included putting All Pathways’ information on the WordPress platform. Not only is this good for SEO purposes, it means Cari can edit her own content if she wants.

Street Cred

There are certain elements that help lend credibility to a website. First we coached Cari to add a photo of herself. It adds the human element, and her smiling face brightens up the page.

Next, we coached her to get some testimonials from her happy clientele. She has a LOT of them. By sharing what others have to say about working with her, potential new clients will start trusting Cari’s ability and be more likely to contact her.

Tagline Work

We helped Cari with banner text and a tagline that helps potential new clients understand what she’s all about. Cari prides herself in not only her skilled bookkeeping, but also her honesty, integrity, and appreciation of diversity. Every client has their own special needs and Cari makes sure to deliver those services with quality.

Web Hosting

We have proudly served as All Pathways’ domain registrar and web host for over a decade. With our top-notch facilities, their site has been up for all the world to see.

This project was truly a pleasure, as always.

View our services to see how we can help you show off your services, sell online, and achieve your goals!

free stock images for blogs and websites

Best, FREE stock images for blogs and websites

By Website Tips No Comments

The demand for free stock images for blogs and websites has always been high. I mean, with the advent of WordPress, one of the driving themes has been creating a blog or website on a shoestring budget (or no budget at all). But what is a website with out images? Boring. That’s what. We are visually driven creatures by nature. Do we really buy magazines for the articles? Maybe a little, but what really grabs us are the images. The same goes for blogs and websites.

Until the last year or two, finding quality (emphasis on quality) free stock images for blogs and websites has been a real chore. That has changed, however. Several sites have really stepped up their game and have become great resources for free images and free stock photos. We thought we would share some of the top sites we use and recommend to clients.

Unsplash is by far our favorite website for free stock photos. The site is 100% photographs taken by professional-grade photographers. The images are stunning, high grade, and very useable for any level of site, whether free blog or Ferrari-quality website. What’s more, the images are completely free to use. You don’t even have to give the artists credit. That’s pretty damn cool.

You know what else is pretty damn awesome? Giving the artists credit! Hey, they did you a solid. It’s just common decency. In a world where we all help each other out, great things happen. (You’ll notice we used an image from Unsplash for this blog post AND credited the artist! 🙂 )

Freepik is our other #1 stop for quality free images. (Again, emphasis on quality.) They have some pretty cool copyright rules. You can either credit the artist (which it’s just fair and decent if you do anyway), or you can purchase a VERY reasonable monthly membership and not have to credit the artist. Either way, it seems like a win-win situation.

Another important way Freepik differs from Unsplash is that it has a wider array of graphics available. Not only does it have basically free images for blogs, it also has vector graphics and other art that are great for websites. Check ’em out!


This may seem a teensy bit out of place, but for those of you looking for a great stock VIDEO resource, we recommend Super, super awesome resource. It gives you great videos for truly amazing prices. Granted it’s not free, but it is practically free. We use this resource liberally and have been extremely happy with it.

Check ’em out!


Here are some other resources for free stock images for blogs and websites. If we don’t find what we’re looking for at the above resources, we frequent these sites:


There are lots and lots of stock photos and free images sites nowadays so it’s easy to do an internet search for ‘royalty free images’. Browse several of them and find which one gives you the best results for your style.

Remember to give credit to the artists. These people work hard to make your site look good!

Photo credit: Teddy Kelley

error 404

How to fix error 404 on your website

By Website Tips No Comments

You may have been browsing the web and come across an error 404 that looks something like this:

HTTP 404 Not Found Error

When you hit an error 404 web page like that it can be alarming and a little scary. If you saw something like this you probably hit the ‘Back’ button immediately and went to another website.

But wait…If you own a website you want to make sure your site doesn’t have any 404 error on it, right? I mean, if people were landing on a page like that on your site, you would want to fix it — ASAP!

You might be thinking, “Why would I have an error 404 on my site? I haven’t done anything to create any errors. I’m good.” Danger Will Robinson! 404 error’s are more common than you might think. And they can mean different things. This article will share some causes of 404 errors as well as how to find and fix them. If you don’t fix an error 404 on your site, you could be missing out on vital web traffic AND business.

What is a 404 error?

Luckily, a 404 error is not as scary as it sounds. It simply means, “There is no page on this URL.” If you were worried, you can wipe your brow. Your site hasn’t been hacked or anything. But, don’t rest easy yet, you have work to do.

How to find error 404 on your site

There are many ways to find 404 errors on your website. Since we’re specifically talking about WordPress sites, I will share my favorite two.

1. Redirection

The WordPress plugin called Redirection by John Godley is by far my favorite WordPress plugin for finding and fixing 404 errors. Once you install and activate the plugin on your site, all you have to do is:

  1. Go to Dashboard > Tools > Redirection
  2. Click ‘404’ on the top navigation area (screenshot below)

fix 404 error redirection plugin

Once on this page, the plugin tells you basically all the 404’s your site is getting. We’ll show you how to fix the 404 error right then and there, next. But first…

2. Google Search Console

…Our other favorite source for finding an error 404 on your site is Google Search Console (formerly known as Google Webmaster Tools. Don’t ask me why they changed their name, I suspect it’s because Bing and Yahoo created their own ‘Webmaster Tools’ and Google had to stay unique). Once you’ve created your account, simply click on the ‘Crawl Errors’ button and voila! Google shows you the history of 404’s found on your site. It also gives you the opportunity to notify Google that you’ve fixed the issue.

So I guess that means we should talk about…

How to fix a 404 error on WordPress

If you are in the Redirection plugin on the 404 page, all you have to do is hover over a listed 404. You’ll see a link pop up that says: “Add Redirect”. Click it. A window pops up with the 404 already pre-populated. Enter the link where you would like the traffic to go. Click the “Add Redirect” button. All done!

Important Note!

You want to see if you can guess where people are trying to get when they land on your error 404. For instance, if they landed on a page that has to do with buying a product, redirect them to a similar product. Or if is looks like they were trying to contact you, redirect them to your actual contact page.

If you find a 404 using Google Search Console you can still use the Redirection plugin. Simply navigate to the plugin page and scroll to the bottom of the page. There is a section to create a redirection for any link you desire. It’s so easy to use. We love it!

What causes an error 404

Lots of things.

  • Maybe you changed the name of a page or post
  • Maybe you deleted or hid a page
  • Maybe someone entered a typo in a link
  • Maybe someone has an old link to your site
  • A hacker could be looking for weaknesses in your site

It’s a long and endless list, to say the least. You can find all this information out via your 404’s. Cool, right?

The main point is that you find the 404’s and fix them. If someone has an old link, you can fix the 404 on your own site. You should also ask them to update their information, but you don’t have to wait for the issue to be solved. As for the hacker bit…

A kind of different fix for 404 errors…

The Redirection WordPress plugin by John Godley has some cool features in it. One we’ll make special note of is that you can see the IP address that generated the 404 error. An IP address is just the ‘computer address’ of the person or bot using that computer or server. Using this plugin you can detect some potential malicious behavior on your site. For instance, if you find that a 404 was generated for a page like /wordpress/wp-login.php or /users/register you can tell that this user or bot is trying to find the login page to your site.

Oh no!!!!!!

That’s not good. Now, you can’t use the Redirection plugin to block that IP. But you CAN grab the IP address and block it.

First, do some research. Look the IP address up here: Review comments left by others for details about potential harm. Then click the red ‘Blacklist’ button. See if that IP has been registered as harmful.

Next, If you determine the IP is harmful, or potentially unsafe, block it. We use our htaccess file and the iThemes Security plugin to block malicious IP’s. That is a whole other blog article which… we’ll write about soon. For now, install the Redirection plugin and start using it immediately.

If you don’t, your visitors are going to get that scary error 404 message and click that ‘Back’ button, which means you lose their business and lose out on helping people who need it.

Happy Redirecting!!!!!

Photo credit: @pinnacleanimates

las vegas shooting incites love

Las Vegas Shooting Makes Us Pause

By Web Ninja Updates No Comments

Greetings, friends. This is PJ Ferguson, creator of Today is National “Celebrate Non-Violence Day.” In that spirit I had a message prepared to share in celebration of non-violence, peace and goodwill. In light of this morning’s events and the Las Vegas shooting, it doesn’t seem appropriate to celebrate.

Las Vegas Shooting

This morning at a music concert hundreds of people were gunned down by a single gunman. Monday morning. Supposed to start the grind, right? When tragedies like this happen I find it difficult to work. And I think that’s a totally appropriate response to sad events like this. We should stop what we’re doing and take notice. Seems like a lot of tragedies have been going on. Hurricanes, tropical storms, earthquakes, tsunami, forest fires, killing many thousands of people an devastating the lives of those who still live.

Seems like there is a lot of pausing to notice the tragedies, lately. To some it feels like madness is taking over the world and sadness is settling into our hearts.

We Are Las Vegas

I chose the handle “we are web ninja” for Web Ninja’s social handle because that statement “We Are” binds us together in all that goes on in this world. We are in this together. We don’t design websites and marketing campaigns, we design human experiences.

And so, for this moment today we pause again today, to grieve for those who have been lost in today’s events, mourn with those who lost loved ones, and to commiserate with those who were hurt or frightened. We send you love, support and strength to get through the days and weeks to come.

Soon, when we are done mourning, the sun will rise in our souls and we will feel the warmth of light and joy again. We will celebrate again. We will celebrate the fond memories of those we loved. We will celebrate the day we have to make the world a better place, to spread peace and love in the hopes that we can change the world and prevent violence like we saw today.

That’s all I have for today. If you are sad or heartbroken today, we are with you. Let the sadness flow its course. Remember that you are not alone. This too shall pass, and when that sun rises, let us all rise with it.

Love & Deepest Condolences,


Photo credit: James Walsh

Website Redesign: Teeny Tiny Toy Store

By Portfolio Websites

This project is easily one of the funnest we’ve ever done. Teeny Tiny Toy Store is the creation of artist Mark Logan in Bisbee, AZ. Bisbee is a charming little town and the perfect place for these cute and cuddly little creatures to be born. This project also used a broad spectrum of our services so it was a wonderful adventure. Introducing:

Teeny Tiny Toy Store




View the new site

What did we do?…

Logo Design.

The logo needed to be freshened up for several reason, including the ability to translate it to many different kinds of media. Mark wanted to keep an elegant design while making it more modern and media-friendly.

Content Development.

Coming up with your own content can be tough! Mark is an artist, so he just wanted to focus on creating his work. We interviewed him and used his responses to craft meaningful content for the site. Great content tells a story and creates a relationship of trust with your visitors.

Custom Design.

We came up with a custom design for this new website, and translated it onto WordPress. The resulting site is easier to navigate and Responsive (mobile-friendly).


Mark’s primary goal was to have a website where he could highlight and sell his own stuff. Previously, he was selling on Etsy, but with his own site he has complete control over his visitors’ experience. In the near future we will be working closely with Mark to create an online world for his creations. This is only possible with his own website.


Believe it or not, Mark photographs his own products and does a pretty great job! We added our own graphics genius and fixed up a bunch of photos to get them looking sharp and professional — ready for people to fall in love with.

Other Services.

We are working with Mark on multiple other levels, including: Marketing Messages (we came up with “Cuddly Creations for your Heart and Home”), Business Coaching (especially relating to products, sales channels and creating multiple streams of income), Website Hosting, and more.

View our services to see how we can help you show off your products, sell online, and achieve your goals!

Website Redesign: Eliz Jewelry

By Portfolio Websites

This project pulled from nearly every bit of expertise we possess here at Web.Ninja. We developed this concept with the owner, Liz Obritsch, from bottom to top. We are proud of what we created as a team, and the end result was just gorgeous — just like Liz’s jewelry. Introducing:

Elíz Jewelry




Visit the new site

What did we do?…


We spent painstaking hours and hours of brand development, brainstorming and market research to settle on a name that would convey the elegance and meaning that goes into Liz’s custom jewelry. Then we matched the name to fonts that matched that elegance and quality. We even developed the tagline to express the spirit of Elíz and make her customers feel beautiful.


We built the custom website on WordPress and implemented WooCommerce so Liz could accept orders online. Her dream is to travel the world finding inspiration for new jewelry pieces, while still being able to conduct business. With an ecommerce website built on WordPress and WooCommerce, that is possible.

Piece Photography.

We are lucky to have an in-house photographer who takes gorgeous pictures of Liz’s jewelry. Presentation is a vital part of making a sale online. Since visitors can’t try on pieces, they need the best visual experience possible from the website.

Marketing Setup.

Liz needed social networks to start sharing her work with. We created Facebook, Twitter, Instagram, and Pinterest accounts for her. We also created a MailChimp email list so she can start growing her email list and marketing to her fans directly.

Other Services.

We are proud website hosts, domain registrar, and website maintenance for Liz. View our services to see how we can help you dazzle your visitors and grow your business!

carols roman shades

Website Redesign: Carol’s Roman Shades

By Portfolio Websites

This client wanted to refresh the look and feel of their website, as well as create a customer portal that would allow them to interact with their clients online. This was a fun and challenging project and we were all very happy with the end result. Introducing:

Carol’s Roman Shades




View the new website

What did we do?…

Custom Design.

We started completely from scratch with this project. The first step was to develop a look and feel that really showed off the client’s products. From there we developed the custom design into a fully-functioning WordPress website.

Visitor Pathways.

CRS has many different types of products, so we needed to lay the website out in a way that was easy to navigate on the front end. It also needed to be simple to manage in the back-end, so with some customizations and WordPress development we designed a site that gets visitors to the products they’re looking for quickly and conveniently.

Customer Portal.

CRS interacts directly with their clients and needed an online interface that would make the process more convenient both for themselves and for their customers. We developed a fully customized customer portal that allows CRS and their clients to automate vital processes. This solution not only makes everyone’s lives easier, it will grow with CRS as their needs change and adapt.

Other Services.

We provide website hosting and website maintenance as needed to keep everything running smoothly.

Contact us to see how we can help you strut your stuff and show off your products!

academy of hand analysis after ocean

Website Redesign: Academy of Hand Analysis

By Portfolio Websites

We were happy to help Kay Packard, owner of the American Academy of Hand Analysis, do a website redesign. Kay has been a wonderful client of ours for years, and we feel privileged to be part of her Web Team. Introducing:

American Academy of Hand Analysis




View the new site

What did we do?

In this case, Kay wanted to do most of the heavy lifting. She found a new WordPress theme she liked and asked for our help with some of the planning and more technical aspects. For business owners on a budget, this is a great way to go!


Kay created some wonderful products to sell on her site. We set up WooCommerce for her as well as some pilot products. From there she was able to copy our work and add more products herself.

WordPress Help.

There were several things the new theme wouldn’t do, so we added some customizations. The new theme also had some quirks to it which were not super user-friendly, so we gave Kay some WordPress help and she was off and running again!

Marketing Messages.

Marketing Messages are important for letting visitors know

  • they are in the right place,
  • you understand their problem,
  • and most importantly — you have the solution!

By helping Kay craft some powerful marketing messages, she was able to create a beautiful slideshow that welcomes new visitors and captures their interest.


Other Services.

We provide website hosting, domain registration, and business coaching services as needed to help Kay grow her business and help more people. View our Dynamic Plan and other services to see how we can help you and YOUR business kick butt!