Tag - Step

The Ultimate WordPress Security Guide (Step by Step)


WordPress security is a topic of huge importance for every website owner. Google blacklists around 10,000+ websites every day for malware and around 50,000 for phishing every week.

If you are serious about your website, then you need to pay attention to the WordPress security best practices. In this guide, we will share all the top WordPress security tips to help you protect your website against hackers and malware.

Complete WordPress security guide

While WordPress core software is very secure, and it’s audited regularly by hundreds of developers, there is a lot that can be done to keep your site secure.

At WPBeginner, we believe that security is not just about risk elimination. It’s also about risk reduction. As a website owner, there’s a lot that you can do to improve your WordPress security (even if you’re not tech savvy).

We have a number of actionable steps that you can take to protect your website against security vulnerabilities.

To make it easy, we have created a table of content to help you easily navigate through our ultimate WordPress security guide.

Table of Contents

Basics of WordPress Security

WordPress Security in Easy Steps (No Coding)

WordPress Security for DIY Users

Ready? Let’s get started.

Why Website Security is Important?

A hacked WordPress site can cause serious damage to your business revenue and reputation. Hackers can steal user information, passwords, install malicious software, and can even distribute malware to your users.

Worst, you may find yourself paying ransomware to hackers just to regain access to your website.

Why WordPress security is important

In March 2016, Google reported that more than 50 million website users have been warned about a website they’re visiting may contain malware or steal information.

Furthermore, Google blacklists around 20,000 websites for malware and around 50,000 for phishing each week.

If your website is a business, then you need to pay extra attention to your WordPress security.

Similar to how it’s the business owners responsibility to protect their physical store building, as an online business owner it is your responsibility to protect your business website.

[Back to Top ↑]

Keeping WordPress Updated

Keeping WordPress updated

WordPress is an open source software which is regularly maintained and updated. By default, WordPress automatically installs minor updates. For major releases, you need to manually initiate the update.

WordPress also comes with thousands of plugins and themes that you can install on your website. These plugins and themes are maintained by third-party developers which regularly release updates as well.

These WordPress updates are crucial for the security and stability of your WordPress site. You need to make sure that your WordPress core, plugins, and theme are up to date.

[Back to Top ↑]

Strong Passwords and User Permissions

Manage strong passwords

The most common WordPress hacking attempts use stolen passwords. You can make that difficult by using stronger passwords that are unique for your website. Not just for WordPress admin area, but also for FTP accounts, database, WordPress hosting account, and your custom email addresses which use your site’s domain name.

Many beginners don’t like using strong passwords because they’re hard to remember. The good thing is that you don’t need to remember passwords anymore. You can use a password manager. See our guide on how to manage WordPress passwords.

Another way to reduce the risk is to not give anyone access to your WordPress admin account unless you absolutely have to. If you have a large team or guest authors, then make sure that you understand user roles and capabilities in WordPress before you add new user accounts and authors to your WordPress site.

[Back to Top ↑]

The Role of WordPress Hosting

Your WordPress hosting service plays the most important role in the security of your WordPress site. A good shared hosting provider like Bluehost or Siteground take the extra measures to protect their servers against common threats.

Here is how a good web hosting company works in the background to protect your websites and data.

  • They continuously monitor their network for suspicious activity.
  • All good hosting companies have tools in place to prevent large scale DDOS attacks
  • They keep their server software and hardware up to date to prevent hackers from exploiting a known security vulnerability in an old version.
  • They have ready to deploy disaster recovery and accidents plans which allows them to protect your data in case of major accident.

On a shared hosting plan, you share the server resources with many other customers. This opens the risk of cross-site contamination where a hacker can use a neighboring site to attack your website.

Using a managed WordPress hosting service provides a more secure platform for your website. Managed WordPress hosting companies offer automatic backups, automatic WordPress updates, and more advanced security configurations to protect your website

We recommend WPEngine as our preferred managed WordPress hosting provider. They’re also the most popular one in the industry. (See our special WPEngine coupon).

[Back to Top ↑]

WordPress Security in Easy Steps (No Coding)

We know that improving WordPress security can be a terrifying thought for beginners. Especially if you’re not techy. Guess what – you’re not alone.

We have helped thousands of WordPress users in hardening their WordPress security.

We will show you how you can improve your WordPress security with just a few clicks (no coding required).

If you can point-and-click, you can do this!

Install a WordPress Backup Solution

Install a WordPress backup solution

Backups are your first defense against any WordPress attack. Remember, nothing is 100% secure. If government websites can be hacked, then so can yours.

Backups allow you to quickly restore your WordPress site in case something bad was to happen.

There are many free and paid WordPress backup plugins that you can use. The most important thing you need to know when it comes to backups is that you must regularly save full-site backups to a remote location (not your hosting account).

We recommend storing it on a cloud service like Amazon, Dropbox, or private clouds like Stash.

Based on how frequently you update your website, the ideal setting might be either once a day or real-time backups.

Thankfully this can be easily done by using plugins like VaultPress or UpdraftPlus. They are both reliable and most importantly easy to use (no coding needed).

[Back to Top ↑]

Best WordPress Security Plugin

After backups, the next thing we need to do is setup an auditing and monitoring system that keeps track of everything that happens on your website.

This includes file integrity monitoring, failed login attempts, malware scanning, etc.

Thankfully, this can be all taken care by the best free WordPress security plugin, Sucuri Scanner.

You need to install and activate the free Sucuri Security plugin. For more details, please see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to go to the Sucuri menu in your WordPress admin. The first thing you will be asked to do is Generate a free API key. This enables audit logging, integrity checking, email alerts, and other important features.

Generate Sucuri API Key

The next thing, you need to do is click on the ‘Hardening’ tab from the settings menu. Go through every option and click on the “Apply Hardening” button.

Sucuri security hardening

These options help you lock down the key areas that hackers often use in their attacks. The only hardening option that’s a paid upgrade is the Web Application Firewall which we will explain in the next step, so skip it for now.

We have also covered a lot of these “Hardening” options later in this article for those who want to do it without using a plugin or the ones that require additional steps such as “Database Prefix change” or “Changing the Admin Username”.

After the hardening part, the default plugin settings are good enough for most websites and don’t need any changes. The only thing we recommend customizing is ‘Email Alerts’.

The default alert settings can clutter your inbox with emails. We recommend receiving alerts for key actions like changes in plugins, new user registration, etc. You can configure the alerts by going to Sucuri Settings » Alerts.

Set up security email alerts

This WordPress security plugin is very powerful, so browse through all the tabs and settings to see all that it does such as Malware scanning, Audit logs, Failed Login Attempt tracking, etc.

Enable Web Application Firewall (WAF)

The easiest way to protect your site and be confident about your WordPress security is by using a web application firewall (WAF).

A website firewall blocks all malicious traffic before it even reaches your website.

DNS Level Website Firewall – These firewall route your website traffic through their cloud proxy servers. This allows them to only send genuine traffic to your web server.

Application Level Firewall – These firewall plugins examine the traffic once it reaches your server but before loading most WordPress scripts. This method is not as efficient as the DNS level firewall in reducing the server load.

To learn more, see our list of the best WordPress firewall plugins.

Sucuri WAF

We use and recommend Sucuri as the best web-application firewall for WordPress. You can read about how Sucuri helped us block 450,000 WordPress attacks in a month.

Attacks blocked by Sucuri

The best part about Sucuri’s firewall is that it also comes with a malware cleanup and blacklist removal guarantee. Basically if you were to be hacked under their watch, they guarantee that they will fix your website (no matter how many pages you have).

This is a pretty strong warranty because repairing hacked websites is expensive. Security experts normally charge $250 per hour. Whereas you can get the entire Sucuri security stack for $199 per year.

Improve your WordPress Security with the Sucuri Firewall »

Sucuri is not the only DNS level firewall provider out there. The other popular competitor is Cloudflare. See our comparison of Sucuri vs Cloudflare (Pros and Cons).

[Back to Top ↑]

Move Your WordPress Site to SSL/HTTPS

SSL (Secure Sockets Layer) is a protocol which encrypts data transfer between your website and users browser. This encryption makes it harder for someone to sniff around and steal information.

How SSL works

Once you enable SSL, your website will use HTTPS instead of HTTP, you will also see a padlock sign next to your website address in the browser.

SSL certificates were typically issued by certificate authorities and their prices start from $80 to hundreds of dollars each year. Due to added cost, most website owners opted to keep using the insecure protocol.

To fix this, a non-profit organization called Let’s Encrypt decided to offer free SSL Certificates to website owners. Their project is supported by Google Chrome, Facebook, Mozilla, and many more companies.

Due to this, it is now easier than ever to start using SSL for all your WordPress websites. For step by step instructions, see our article on how to get a free SSL certificate for your WordPress website.

WordPress Security for DIY Users

If you do everything that we have mentioned thus far, then you’re in a pretty good shape.

But as always, there’s more that you can do to harden your WordPress security.

Some of these steps may require coding knowledge.

Change the Default “admin” username

In the old days, the default WordPress admin username was “admin”. Since usernames make up half of login credentials, this made it easier for hackers to do brute-force attacks.

Thankfully, WordPress has since changed this and now requires you to select a custom username at the time of installing WordPress.

However, some 1-click WordPress installers, still set the default admin username to “admin”. If you notice that to be the case, then it’s probably a good idea to switch your web hosting.

Since WordPress doesn’t allow you to change usernames by default, there are three methods you can use to change the username.

  1. Create a new admin username and delete the old one.
  2. Use the Username Changer plugin
  3. Update username from phpMyAdmin

We have covered all three of these in our detailed guide on how to properly change your WordPress username (step by step).

Note: We’re talking about the username called “admin”, not the administrator role.

[Back to Top ↑]

Disable File Editing

WordPress comes with a built-in code editor which allows you to edit your theme and plugin files right from your WordPress admin area. In the wrong hands, this feature can be a security risk which is why we recommend turning it off.

Disable file editing in WordPress

You can easily do this by adding the following code in your wp-config.php file.

// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );

Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.

[Back to Top ↑]

Disable PHP File Execution in Certain WordPress Directories

Another way to harden your WordPress security is by disabling PHP file execution in directories where it’s not needed such as /wp-content/uploads/.

You can do this by opening a text editor like Notepad and paste this code:

<Files *.php>
deny from all
</Files>

Next, you need to save this file as .htaccess and upload it to /wp-content/uploads/ folders on your website using an FTP client.

For more detailed explanation, see our guide on how to disable PHP execution in certain WordPress directories

Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.

[Back to Top ↑]

Limit Login Attempts

By default, WordPress allows users to try to login as many time as they want. This leaves your WordPress site vulnerable to brute force attacks. Hackers try to crack passwords by trying to login with different combinations.

This can be easily fixed by limiting the failed login attempts a user can make. If you’re using the web application firewall mentioned earlier, then this is automatically taken care of.

However, if you don’t have the firewall setup, then proceed with the steps below.

First, you need to install and activate the Login LockDown plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, visit Settings » Login LockDown page to setup the plugin.

Login Lockdown options

For detailed instructions, take a look at our guide on how and why you should limit login attempts in WordPress.

[Back to Top ↑]

Add Two Factor Authentication

Two-factor authentication technique requires users to log in by using a two-step authentication method. The first one is the username and password, and the second step requires you to authenticate using a separate device or app.

Most top online websites like Google, Facebook, Twitter, allow you to enable it for your accounts. You can also add the same functionality to your WordPress site.

First, you need to install and activate the Two Factor Authentication plugin. Upon activation, you need to click on the ‘Two Factor Auth’ link in WordPress admin sidebar.

Two Factor Authenticator settings

Next, you need to install and open an authenticator app on your phone. There are several of them available like Google Authenticator, Authy, and LastPass Authenticator.

We recommend using LastPass Authenticator or Authy because they both allow you to back up your accounts to the cloud. This is very useful in case your phone is lost, reset, or you buy a new phone. All your account logins will be easily restored.

We will be using the LastPass Authenticator for the tutorial. However, instructions are similar for all auth apps. Open your authenticator app, and then click on the Add button.

Add website

You will be asked if you’d like to scan a site manually or scan the bar code. Select the scan bar code option and then point your phone’s camera on the QRcode shown on the plugin’s settings page.

That’s all, your authentication app will now save it. Next time you log in to your website, you will be asked for the two-factor auth code after you enter your password.

Enter your two-factor auth code

Simply open the authenticator app on your phone and enter the code you see on it.

[Back to Top ↑]

Change WordPress Database Prefix

By default, WordPress uses wp_ as the prefix for all tables in your WordPress database. If your WordPress site is using the default database prefix, then it makes it easier for hackers to guess what your table name is. This is why we recommend changing it.

You can change your database prefix by following our step by step tutorial on how to change WordPress database prefix to improve security.

Note: This can break your site if it’s not done properly. Only proceed, if you feel comfortable with your coding skills.

[Back to Top ↑]

Password Protect WordPress Admin and Login Page

Password protect WordPress admin area

Normally, hackers can request your wp-admin folder and login page without any restriction. This allows them to try their hacking tricks or run DDoS attacks.

You can add additional password protection on a server-side level, which will effectively block those requests.

Follow our step-by-step instructions on how to password protect your WordPress admin (wp-admin) directory.

[Back to Top ↑]

Disable Directory Indexing and Browsing

Disable directory browsing

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access.

Directory browsing can also be used by other people to look into your files, copy images, find out your directory structure, and other information. This is why it is highly recommended that you turn off directory indexing and browsing.

You need to connect to your website using FTP or cPanel’s file manager. Next, locate the .htaccess file in your website’s root directory. If you cannot see it there, then refer to our guide on why you can’t see .htaccess file in WordPress.

After that, you need to add the following line at the end of the .htaccess file:

Options -Indexes

Don’t forget to save and upload .htaccess file back to your site. For more on this topic, see our article on how to disable directory browsing in WordPress.

[Back to Top ↑]

Disable XML-RPC in WordPress

XML-RPC was enabled by default in WordPress 3.5 because it helps connecting your WordPress site with web and mobile apps.

Because of its powerful nature, XML-RPC can significantly amplify the brute-force attacks.

For example, traditionally if a hacker wanted to try 500 different passwords on your website, they would have to make 500 separate login attempts which will be caught and blocked by the login lockdown plugin.

But with XML-RPC, a hacker can use the system.multicall function to try thousands of password with say 20 or 50 requests.

This is why if you’re not using XML-RPC, then we recommend that you disable it.

There are 3 ways to disable XML-RPC in WordPress, and we have covered all of them in our step by step tutorial on how to disable XML-RPC in WordPress.

Tip: The .htaccess method is the best one because it’s the least resource intensive.

If you’re using the web-application firewall mentioned earlier, then this can be taken care of by the firewall.

[Back to Top ↑]

Automatically log out Idle Users in WordPress

Logged in users can sometimes wander away from screen, and this poses a security risk. Someone can hijack their session, change passwords, or make changes to their account.

This is why many banking and financial sites automatically log out an inactive user. You can implement similar functionality on your WordPress site as well.

You will need to install and activate the Inactive Logout plugin. Upon activation, visit Settings » Inactive Logout page to configure plugin settings.

Logout idle users

Simply set the time duration and add a logout message. Don’t forget to click on the save changes button to store your settings.

[Back to Top ↑]

Add Security Questions to WordPress Login Screen

Add security question on login screen

Adding a security question to your WordPress login screen makes it even harder for someone to get unauthorized access.

You can add security questions by installing the WP Security Questions plugin. Upon activation, you need to visit Settings » Security Questions page to configure the plugin settings.

For more detailed instructions, see our tutorial on how to add security questions to WordPress login screen.

[Back to Top ↑]

Scanning WordPress for Malware and Vulnerabilies

Malware scanning

If you have a WordPress security plugin installed, then those plugins will routinely check for malware and signs of security breaches.

However, if you see a sudden drop in website traffic or search rankings, then you may want to manually run a scan. You can use your WordPress security plugin, or use one of these malware and security scanners.

Running these online scans is quite straight forward, you just enter your website URLs and their crawlers go through your website to look for known malware and malicious code.

Now keep in mind that most WordPress security scanners can just scan your website. They cannot remove the malware or clean a hacked WordPress site.

This brings us to the next section, cleaning up malware and hacked WordPress sites.

[Back to Top ↑]

Fixing a Hacked WordPress Site

Many WordPress users don’t realize the importance of backups and website security until their website is hacked.

Cleaning up a WordPress site can be very difficult and time consuming. Our first advice would be to let a professional take care of it.

Hackers install backdoors on affected sites, and if these backdoors are not fixed properly, then your website will likely get hacked again.

Allowing a professional security company like Sucuri to fix your website will ensure that your site is safe to use again. It will also protect you against any future attacks.

For the adventurous and DIY users, we have compiled a step by step guide on fixing a hacked WordPress site.

[Back to Top ↑]

That’s all, we hope this article helped you learn the top WordPress security best practices as well as discover the best WordPress security plugins for your website.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post The Ultimate WordPress Security Guide (Step by Step) appeared first on WPBeginner.





Source link

Read more...

How to Schedule Your Posts in WordPress (Step by Step)


Did you know that WordPress has the ability to schedule your posts to be published at a future time? This extremely useful feature is slightly hidden which is why many beginners don’t even notice it.

By scheduling your posts, you never have to worry about publishing your articles at a specific time. You can finish writing and schedule them to go live on the day and time that you choose.

In this article, we will show you how to easily schedule WordPress posts step by step and share some bonus tips to use WordPress scheduled posts like a Pro.

Schedule posts in WordPress

Why Schedule Posts in WordPress?

To create a successful blog, the best strategy is to plan your editorial calendar and publish articles on a regular basis.

That’s where schedule posts feature comes in handy. You can write your articles at your own pace and get ahead on your editorial calendar. Once you finish writing, you can schedule the post to be published at a specific date and time.

Another reason to schedule your posts is to benefit from peak traffic hours. There is a certain time in a day when each website gets the peak of their users. By publishing at that time, you can leverage existing traffic to increase your page views.

Now if you live in a different time zone than your readers, then it can be a problem. Imagine having your peak time as 3 a.m. where you live. Scheduling posts can be very handy for this.

Scheduling posts also comes in handy when you are going on vacation. You can simply schedule your blog posts and enjoy your holidays without worrying about writing and publishing content.

Now that you understand the benefits, let’s take a look at how to actually schedule your blog posts in WordPress.

How Do You Schedule a Post in WordPress?

It is easy to schedule WordPress posts if you know where to look. The option to schedule blog posts is not easily noticeable.

Once you have finished writing your blog post, you need to look under the ‘Document’ tab in the right column of the edit screen.

Under the ‘Status & Visibility’ panel, you need to click on the ‘Immediately’ link next to ‘Publish’ option.

WordPress post scheduling option

This will show you a date and time picker. You can select the date and time when you want to publish this post.

You can select a future date and time to schedule your article in WordPress.

You can also select a past date using the same tool to back date your blog post.

When you select a future date, you will notice that the publish button at the top will change into ‘Schedule…’.

Publish button changed into Schedule

Simply click on the Schedule button and WordPress will schedule your post.

The scheduled posts will be automatically published on the date and time you choose.

How to Schedule WordPress Posts in Classic Editor

If you are using the classic WordPress editor, then we highly recommend you to start using the new WordPress block editor, called Gutenberg.

The new WordPress editor is incredibly fast, modern, intuitive, and helps you create better content for your blog.

However, if you still want to use the older classic editor, then here is how you would schedule posts in WordPress.

Once you are done writing your post, look under the ‘Publish’ meta box in the right column of the edit screen and click on the ‘Edit’ link next to ‘Publish immediately’ option.

Change when to publish a post in WordPress

It will now show you the date and time options. Go ahead and enter the date and time when you want to publish your blog post and click on the OK button.

Select schedule date and time in classic editor

You’ll notice that the blue ‘Publish’ button will now change into ‘Schedule’. Go ahead and click on the schedule button to save your changes.

WordPress will now publish your blog post on the date and time you entered.

Troubleshooting WordPress Scheduled Posts

As your website grows, you will be regularly managing and scheduling WordPress posts. Following are some handy tips that will help you efficiently manage your scheduled posts in WordPress.

How do I use my own timezone in WordPress?

You need to change WordPress timezone settings, so that it uses your preferred timezone to publish scheduled posts.

How to view all scheduled posts in WordPress?

Simply go to Posts » All Posts page in your WordPress admin and then click on the ‘Scheduled’ link above the posts table. It will show all scheduled WordPress posts in the queue.

What to do if WordPress scheduled posts missed schedule?

To run scheduled tasks, WordPress uses a system called WP Cron. If the cron is unable to run due to a misconfiguration on your WordPress hosting server, then your scheduled posts will miss the schedule and won’t be published.

If you notice that your blog is affected by this, then you can install WP Missed Schedule plugin.

To learn more, see our article on how to fix the missed schedule post error in WordPress.

How to unschedule a WordPress post?

You can unschedule a WordPress post by editing the post and changing its status from ‘Scheduled’ to ‘Draft’.

In the new default WordPress editor, you will find the option to switch to draft at the top. In the classic editor, you will find it under the publish meta box.

Unschedule WordPress post

After you have changed a scheduled post to a draft, you can continue working on it, or you can publish it right-away if you want.

Can I also schedule WordPress pages?

Yes, you can schedule a WordPress page just like you would schedule a normal blog post.

Can I schedule changes to a published post or page in WordPress?

By default, you cannot schedule changes to a post or page you have already published. Any changes you make to a published post will become live as soon as you save it.

However, you can use the Tao Schedule Update plugin to make scheduled content updates.

For more details, please see our tutorial on how to schedule content updates in WordPress.

We hope this article helped you learn how to easily schedule your blog posts in WordPress. You may also want to see our guide on how to do keyword research for your WordPress blog to find blog post ideas and get more traffic.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.





Source link

Read more...

How to Create a Free Business Email Address in 5 Minutes (Step by Step)


Do you want to create a professional business email address for free? A business email address uses your company name instead of the generic gmail or yahoo account. In this article, we will show you how to easily create a free business email address in less than 5 minutes.

How to Create a Free Business Email Address

What is a Business Email Address and Why You Need it?

A professional business email address has your company name instead of the generic gmail or yahoo account, for example: john@stargardening.com

Most beginners use generic free business email accounts without a domain name which isn’t very professional. For example: john.smith2019@gmail.com or jsmithfromstargardening@yahoo.com.

Since anyone can create these generic email accounts, it becomes harder for customers and other businesses to trust such email addresses as legitimate business email accounts.

Below are the top 4 reasons why you need a professional email address for your business:

  • A custom business email address looks more professional.
  • It is also short and easy to remember.
  • A professional business email address helps you earn customer’s trust as a legitimate business.
  • Sending emails with your own business name allows you to promote your brand with each email you send.

The best part is that you can get your own custom business email address for free, which means there is no excuse for not getting it.

If you want your customers and other businesses to take you seriously, then you need to start using a professional business email address, immediately.

What Do You Need to Create a Business Email Address?

You will need to have domain name and a website to create a free business email address.

After that, you will need an email service provider to handle your business emails.

There are a few different solutions that you can use to create a professional business email address.

We will show you two different methods, and you can choose the one that best fits your needs.

The first method is free and fairly easy to setup whereas the second method has a small fee, but it offers a lot more features.

Method 1. Creating a Business Email Address for Free

This method is easy and available to almost everyone who has a website. It allows you to create a business email address for free.

When creating a small business website, you will need to buy a domain and signup for web hosting.

What most beginners don’t know is that many WordPress hosting companies offer free business email features as part of the package.

Normally, a domain name costs 14.99 per year and website hosting starts from $7.99 per month. If you were to use a paid email service, then you can add another $5 per email account.

Luckily, Bluehost, one of the largest WordPress hosting company in the world, has agreed to offer WPBeginner users a free domain name and 60% off discount on hosting.

This means you can start your business website for $2.75 per month (and it comes with a free business email address).

→ Click Here to Claim This Exclusive Bluehost Deal ←

Here is the complete step by step instructions to create your free business email address with Bluehost.

Step 1. Setup your Business Address (Domain Name)

First, you need to visit the Bluehost website and click on the green ‘Get Started Now’ button.

Bluehost get started button

This will bring you to a pricing page where you need to click on the ‘Select’ button below the plan you want to use.

Basic and Plus plans are the most popular among small businesses who are just getting started.

Select plan

After selecting your plan, you will be asked to choose your domain name. You need to enter your business name and click on the ‘Next’ button.

Choose a domain name

Bluehost will now check to see if a domain name matching your business name is available. If it is not, then it will show you some alternative suggestions, or you can look for another domain name.

Here are some quick tips on choosing the perfect domain name for your business email address.

  • Always choose a .com domain name. See our article on the difference between .com vs .net domain names to learn more.
  • Keep your domain name short, easy to remember and pronounce.
  • Do not use numbers or hyphens in your domain name
  • Try using keywords and business location in your domain name to make it unique. For example, if stargardening.com is not available, then look for stargardeninghouston.com

For more tips, take a look at our guide on how to choose the best domain name for your business.

Choosing a good domain name is crucial for your business but don’t spend too much time on that, or you will never get past this step.

After choosing your domain name, you will need to add your account information and finalize the package info to complete the process.

On this screen, you will see optional extras that you can purchase. We don’t recommend choosing them at this time. If you need them, then you can always add them later from your account.

Finalize account information

Lastly, you need to enter your payment information to finish the purchase.

You will receive an email with details on how to login to your web hosting control panel. This is where you manage everything including website management, business email accounts, and other settings.

Step 2. Creating Your Free Business Email Address

In your hosting account dashboard, you need to click on the ‘Email’ section and then click on ‘Add Email Account’ tab.

Add a new email account

Enter a username and password for your email account and then click on the ‘Create Account’ button.

Bluehost will now create the email account, and you will see a success message.

Step 3. Using Your Business Email Account

Now that you have created your free business email account, the next step is to learn how to use it to send and receive emails.

Under the ‘Email’ section on your hosting account, switch to the ‘Email Accounts’ tab. You will see your newly created email address listed there.

Manage your email account

You can click on the ‘Access webmail’ link and Bluehost will take you to a webmail interface. This is a good option if you don’t want to use an email client on your desktop or mobile.

The downside is that you will have to login to your hosting account each time you want to check your email. A better way is to click on connect devices and then click on “Set Up Mail Client” link.

Bluehost will show you the information needed to use your business email address with any mail client or app. You can use this information to setup your business email inOutlook, Gmail, or any Mail app for your mobile phone or desktop.

Note: the process of creating a business email is pretty much the same with other hosting companies that offer cPanel like SiteGround, HostGator, and InMotion Hosting.

Method 2. Creating a Business Email Address using G Suite

Google offers professional business email address with G Suite which includes Gmail, Docs, Drive, and Calendar for businesses.

This method is not free, but it allows you to use Gmail for your professional business email with your own business name.

While there’s a small cost, it comes with many advantages:

  • You will be using Gmail’s familiar interface and apps to send and receive emails.
  • Google has far superior technology which ensures that your emails are delivered right away, and they don’t end up in spam folders.
  • Your website hosting company has shared server resources. This means they don’t want you to send too many emails. Gmail on the other hand will allow you to send up to 2000 emails per day.
    • We use G Suite for our business email address here at WPBeginner.

      That being said, let’s take a look at how to setup a business email address using G Suite.

      Step 1. Sign up for a G Suite Account

      G Suite basic plan costs $5 per user each month. It gives you access to Gmail, Docs, Drive, Calendar, and audio/video conferencing with 30 GB of cloud storage for each user.

      You will also need a domain name, which you can purchase during the signup. If you already have a domain name and a website, then you can use your existing domain with G Suite.

      To get started, simply visit the G Suite website and click on the get started button.

      Get started with G Suite

      On the next screen, you will be asked to enter your business name, the number of employees, and country where you are located. You can choose just yourself for 1 user account, or choose the number of employees.

      Enter business name and users

      Note: You will be charged for each user account, so it is better to start small. You can always add more users when needed.

      Click on the next button to continue.

      On the next step, you will be asked to enter your personal contact information including name and email address.

      Enter contact information

      After that, you will be asked to choose a domain name. If you already have a domain name, then click on ‘Yes I have one I can use’.

      If you don’t have a domain, then click on ‘No, I need one’ to register a domain name.

      Choose a domain name

      If you need to register a new domain name, then you will be charged separately for registering a new domain name. The cost of a domain name will be displayed on the screen and usually starts from $14.99.

      If you are using an existing domain name, then you will need to verify that you own that domain name. We will show you how to do that later in this article.

      After choosing your domain name, you will be asked to create your user account by entering a username and password.

      This username will also be your first business email address, so you need to choose a username that you want to use as your business email address.

      Create account

      After that, you will see a success message and a button to continue with the setup.

      Continue with the set up

      Step 2. Setting up Business Email with G Suite

      In this step, you will complete the G Suite setup by adding users and connecting it to your website or domain name.

      On the setup screen, you will be asked to add more people to your account. If you want to create more accounts for your employees or departments, then you can do that here.

      You can also just click on ‘I have added all user email addresses’ and click on the next button.

      Remember, you can always add more users to your account and create their email addresses later when needed.

      Add users

      If you are using G Suite with an existing domain name, then you will be asked to verify that you own that domain name. To do that, you will now see a HTML code snippet that you need to add to your website.

      Copy meta tag

      There are other ways to verify your ownership as well. You can upload a HTML file to your website using an FTP client or file manager app in your hosting account dashboard.

      If you don’t have a website, then you can use the MX Record method to verify your ownership of the domain name. You will see step by step instructions to do that once you choose this method.

      For the sake of this article, we are assuming that you already have a WordPress website, and we will show you how to add the verification HTML code snippet in WordPress.

      First, go to the admin area of your WordPress website to install and activate the Insert Headers and Footer plugin. For more details, see our step by step guide on how to install a WordPress plugin.

      Upon activation, go to Settings » Insert Headers and Footer page and paste the HTML code you copied from G Suite under the ‘Scripts in Header’ section.

      Site verification

      Don’t forget to click on the ‘Save’ button to store your settings.

      Now switch back to your G Suite setup screen and click on the checkbox that says ‘I added the meta tag to my homepage’.

      Verify domain name

      After that, you will be asked to enter MX record entries for your domain name. We will show you how to do that in the next step.

      Step 3. Adding Domain MX Records

      Note: This section is for users with existing domain names and websites. If you registered a new domain name via Google, then you don’t need to read this.

      Domain names tell internet servers where to look for information. Since your domain name is not registered with Google, your emails will reach your domain name, but not to the Google servers.

      You will need to setup the right MX records on your domain name settings, so Google’s servers can send and receive emails for your business.

      To do that, you will need to login to your web hosting account, or your domain registrar account.

      In our article, we will show you how to add MX records in Bluehost, but the basic settings are the same on all hosts and domain registrars. Basically, you will be looking for DNS settings under your domain name.

      Login to your Bluehost hosting dashboard and click on ‘Domains’. On the next page, select your domain name and then click on the ‘Manage’ link next to DNS Zone Editor option.

      Domain name settings

      Bluehost will now open your DNS zone editor. You need to switch back to your G Suite setup screen and check the box that says ‘I have opened the control panel of my domain name’.

      G Suite MX records

      It will now show you the MX records that you need to enter. You will also see a link to the documentation which shows you how to add these records to dozens of hosting and domain services provider.

      Here is how you will add this information to your Bluehost DNS settings:

      Adding MX records in Bluehost

      Click on ‘Add Record’ button to save it. After that, repeat the process to add all five lines as MX records.

      Once you are finished, switch back to G Suite setup and check the box next to ‘I created the new MX records’.

      Created new MX records

      You will be asked to delete any existing MX records still pointing to your website hosting or domain name registrar.

      To do this, you need to switch back to your DNS zone editor and scroll down to the MX records section. You will see the MX records you created earlier along with an older MX record still pointing to your website.

      Delete old MX records

      Click on the delete button next to the old MX record to delete it.

      After that, switch back to the G Suite setup screen and check the box that says ‘I deleted existing MX records’.

      Save MX records

      You will now be asked to save your MX records. For some providers, once you add MX records they are already saved, for others you may need to manually save MX records.

      Once you have saved MX records, check the box that says ‘I have saved MX records’ in G Suite setup.

      Verify domain and setup email

      After that you need to click on ‘Verify domain and setup email’ button to exit the setup wizard.

      Step 4. Managing email in G Suite

      G Suite makes it super easy to manage your email account. You can simply visit the Gmail website to check your email or use the official Gmail apps on your phone to send and receive emails.

      You will need to sign in using your business email address as your username.

      To create more business email addresses simply go to the G Suite Admin console. From here you can add new users, make payments, and adjust your G Suite account settings.

      G Suite admin control panel

      Business Email Address FAQs

      Following are some of the most commonly asked questions by our users regarding business email addresses and how to use them.

      1. Can I create more custom email addresses for my business for free?

      If you are using Bluehost, then yes you can go ahead and create more email accounts for free (You get 5 email accounts with basic and unlimited accounts with plus and choice plus plans).

      If you are using G Suite, then you can create email aliases which are separate addresses for the same email account. However, if you want to add a different email account or a new employee, then you will be charged based on your plan.

      2. Can I create free business email without domain?

      No, you cannot create a free business email account without a domain. You can create a free email account with Gmail or Hotmail, but it will not use your business name, so it will not be considered a business email address by customers and other businesses.

      3. Can I use desktop and mobile email apps with my custom branded email address?

      Yes, you can use your business email address with any desktop or mobile email apps. Most of these apps can automatically figure out mail settings. You can also get these settings from Bluehost or G Suite documentation.

      4. Can I switch my free business email account to another provider if needed?

      Yes, you can switch to any other email service, website hosting, or domain registrar and take your business email address with you.

      5. What are some business email address examples that I should use?

      It depends on your business needs. For example:

    • You can create a custom branded email for yourself or individual employees like: john@stargardening.com
    • You can set up a business email account for departments like sales, support, HR, etc. sales@stargardening.com
    • 6. Can I create a free business email address without making a website?

      Yes, you can. However, you’ll still need to pay for website hosting because you get the email service and domain name for free with your hosting package.

      Once you have signed up, you can choose a domain and then just create your email address.

      That’s all, we hope this article helped you learn how to create a free business email address or create a professional business address with G Suite. You may also want to see our guide on how to fix WordPress not sending emails issue.

      If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

      The post How to Create a Free Business Email Address in 5 Minutes (Step by Step) appeared first on WPBeginner.





      Source link

Read more...