header tail
how to add Google Analytics to WordPress

how to add Google Analytics to WordPress

how to add Google Analytics to WordPress

home / Archives for February 2021

Tracking website analytics is vital to find out who visits your site, how your site is navigated, and what is (and isn’t) working. This information helps you understand users’ behaviours and needs, and means you can make data-driven edits to optimise your WordPress site and boost results.

In this blog, we cover why you should add Google Analytics to your WordPress site, and show how to do it – both with/without a plugin. All you need to do first is set-up a Google Analytics account.

why add Google Analytics on WordPress

Google Analytics is a free web analytics service which tracks your website data and provides various stats and reports.

Google Analytics collects a wide range of useful information including:

  • How people find your site (for example, via organic search, social media or paid advertising)
  • When your site is busiest and quietest
  • Which webpages are most popular
  • How long people spend browsing your site
  • Which devices and browsers visitors are using
  • … and much more!

By collecting this information, you can base any decisions about updating or improving your website on real data. This gives you the best chance to increase your traffic and engagement, and therefore to maximise your WordPress website’s success.

how to add Google Analytics to WordPress with a plugin

Whether you’re a WordPress beginner or just like to keep things as simple and straightforward as possible, adding Google Analytics with a plugin is a great option.

With a Google Analytics plugin, you can also rest assured that your WordPress website data is always being collected, even if you change your design or theme.

Used by more than a million WordPress sites, MonsterInsights is the most popular Google Analytics plugin. The basic version is free, but you may want to add paid features such as tracking e-commerce sales.

Before installing MonsterInsights, make sure to back-up your site – just in case anything goes wrong! We explain how to back-up on WordPress in our Ultimate WordPress Optimisation Guide.

Once MonsterInsights has been added to your site, you’ll find ‘Insights’ appears in your WordPress dashboard menu. Click on this to start the setup wizard and connect MonsterInsights with your Google Analytics account. You’ll also need to select your preferred settings – the default option is suitable for most websites.

It’s that simple – Google Analytics is now installed on your WordPress site! You can visit Insights > Reports in your WordPress back-end at any time to see and analyse your data.

how to add Google Analytics tracking code on WordPress

If you’d prefer to add Google Analytics to your site without a plugin, you can manually add tracking code instead.

As always before making any major site edits, make sure to back-up first; we cover how to do this in our WordPress Optimisation Guide.

To set up Google Analytics tracking, log into your Google Analytics account. You’ll need to click on ‘Admin’, then ‘Tracking Info’, and then ‘Tracking Code’. Under ‘Website Tracking’, you’ll find a box containing your Global Site Tag (gtag.js) – highlight and copy this code.

Now go back to your WordPress website dashboard and find your header.php file. Paste in the Google Analytics tracking code, after the <body> tag and before the closing </head> tag.

Finally, click ‘Update File’ to complete the process. Google Analytics will now be recording your website data – just visit your Google Analytics account to see the latest stats.

It’s also worth remembering that if you change your WordPress theme or site design, you may need to re-add the tracking code into your header.php file to ensure data is always being collected.

a note about GDPR compliance

To comply with the UK’s latest data protection laws – also known as GDPR – your WordPress website users MUST agree to have their data tracked BEFORE Google Analytics code is loaded.

You can ask users for permission with a cookie notice. This is simple and easy to add to your WordPress site with a plugin such as Cookie Notice for GDPR & CCPA or similar.

Your cookie notice plugin will produce a popup message linking to your privacy policy and asking users whether or not they consent to data-tracking. Google Analytics will then only be loaded when permission is granted.

thanks for reading

We hope you enjoyed this blog about how to add Google Analytics to WordPress. For more great WordPress tips and advice, check out our ultimate WordPress optimisation guide, which covers all aspects of how to maintain and improve your WordPress website.

Or, for on-demand WordPress support from an agency with more than two decades of experience, please get in touch and we’ll be happy to help.

Drupal security best practices

Drupal security best practices

Drupal security best practices

home / Archives for February 2021

With automated bots and hackers constantly searching the internet for sites to attack, keeping your website safe and secure is vital. 

Just as shop owners lock up their physical shop premises, your Drupal website needs to be ‘locked’ and protected against hacking, ransomware infections and other online security threats.

Fortunately, Drupal is regularly scrutinised, updated and patched by developers all around the globe. The CMS also has its own dedicated team of security experts, an impressive track record for security, and a robust process for overcoming security vulnerabilities as they arise. So just using Drupal is a great start in terms of website security.

In this blog, we’ll cover why Drupal security is important and share ten Drupal best practices to ensure your site stays safe.

why Drupal security is important

Without adequate security protection on your website, your organisation could lose data, breach legislation and suffer severe reputational damage.

Web security is also a search engine ranking factor. Secure websites are prioritised in the search results and therefore more likely to gain organic traffic.

Of course, fixing security issues can be costly too, and the impact of security breaches (such as lost customers and fines) may have even greater financial implications. So Drupal security is vital not just for good digital performance and user trust, but also for your bottom line.

10 Drupal security best practices

Using our two decades of Drupal experience, we now share the ten best ways to keep your Drupal site secure and protected against online threats…

1. Use HTTPS

Without HTTPS on your website, hackers can interfere in the communications between your site and users/browsers. In fact, HTTPS is so important for website security that Google displays a ‘not secure’ message on HTTP sites to warn users.

It’s completely free – and pretty easy – to transfer your site to HTTPS so there’s no reason not to do it! You just need a Secure Sockets Layer (SSL) certificate, which you can get via Let’s Encrypt or your hosting provider.

Once your SSL certificate is activated, your URL will be HTTPS and a padlock sign will be displayed in the URL bar, thus indicating that all site communications are secure.

2. Keep Drupal software up-to-date

Outdated software is a common security vulnerability, so it’s vital to install the latest Drupal core updates as soon as they are available. The same also applies to any modules or themes on your site.

Updates aim to patch security weaknesses and improve overall performance; without them, your site is vulnerable to hacking and security breaches.

We cover the different methods for updating the Drupal core in our ‘Drupal: how to update’ blog. Alternatively, your Drupal agency may cover regular updates as part of their support package.

3. Choose secure hosting

Having secure hosting is an important element of website security and should always be kept in mind when choosing a hosting provider.

Secure hosting is particularly important if you’re on a shared hosting plan, as your site will be vulnerable to attacks made through other sites using the same server.

It’s a good idea to check with your host what security measures they have in place and how they respond to any security issues on their server. If their security procedures are insufficient for your needs, it’s advisable to upgrade your hosting package or switch provider.

4. Use secure login details

Insecure login details and passwords are another common way that Drupal sites are hacked. Access is often gained via brute force attacks, where hackers attempt various username and password combinations until one is successful.

Drupal automatically limits brute force attacks, but choosing strong passwords is another important way to increase site security. It’s also a good idea to avoid obvious usernames such as ‘admin’.

Strong passwords include a combination of letters (both upper and lower case) alongside numbers and symbols. The longer the password, the better – aim for 12-14 characters to keep your site really secure.

For additional security, you might want to set-up two-factor authentication (2FA). This means that users have to login in two stages – firstly, by entering their username and password, and then by providing a one-time passcode.

You can add 2FA to your Drupal site with the Google Authenticator module (you’ll also need to download the related app for passcode generation). However, it’s worth bearing in mind that 2FA isn’t compatible with all Drupal modules and themes, so speak to your Drupal support agency if you encounter any problems.

5. Backup regularly

Backing-up means making and storing a copy of your Drupal site files and database. These copies can then be used to get your website back online again in case of a security breach or virus.

The more regularly you backup, the less data you’ll lose if your site is ever hacked or infected. It’s worth considering how often you make changes or add new content, and how easy it would be to re-do this work if it was lost – this will help inform how often you should schedule backups.

The simplest way to backup on Drupal is with the Backup and Migrate module. Simply install the module, and then tick to enable automatic backups and set your desired frequency in the module’s settings.

6. Block bots

Automated bots and crawlers are constantly searching for website vulnerabilities to hack or exploit. You can protect your Drupal site against these with various modules:

  • Captcha helps prevent bots from making contact form submissions
  • Honeypot also reduces bot form submissions
  • SpamSpan Filter prevents spambots collecting email addresses from your site

However, it’s also worth blocking bad bots at server level for additional protection. You can do this through your hosting provider or by adding the following code to your .htaccess file:
RewriteEngine OnRewriteCond %{HTTP_USER_AGENT} ^.*(agent1|Wget|Catall Spider).*$ [NC]RewriteRule .* – [F,L] 

Please note that if you add the code yourself, make sure not to block the Google crawling bot or you might find that you suddenly stop seeing any organic traffic! 

7. Update user accounts

The more users (and logins) you have for your site, and the greater access and permissions users have, the more your site is at risk of hacking and other security breaches.

The main Drupal role options (in order of decreasing capability to make website changes) are Administrator, Editor and User. However, Drupal’s flexibility means that an unlimited number of different roles and permissions are possible.

As administrators have the greatest permissions in terms of making changes on your Drupal site, this role should be reserved only for the website owner and a limited number of other trustworthy users.

We recommend reviewing your users regularly to ensure that people have the correct permissions. It’s also a good idea to delete user accounts when people stop contributing to your site. You can find out which users are registered and check/update role permissions under ‘People’ in the back-end.

8. Keep your database clean

Keeping your Drupal database clean and up-to-date helps reduce the risk of malware and ransomware infections.

We recommend regularly checking your website database and deleting anything that is no longer needed. But make sure you to backup first – just in case you accidentally delete something important!

The easiest way to cleanse your Drupal database is with the Clean up module. However, if you’re more technically-knowledgeable, you may prefer to use phpMyAdmin instead.

9. Scan regularly

To keep your site secure, it’s important to scan regularly. You can do this quickly and easily with an online scanner such as Sucuri.

A scan will highlight any possible security errors and vulnerabilities on your site – these should be addressed as soon as possible. If you’re not sure how to resolve any problems, read this great Sururi informational guide or contact your Drupal agency.

10. Be prepared!

By following our tips above, your Drupal site will be well-protected and secure, but it’s also important to create a disaster recovery plan in case the worst ever happens.

A disaster recovery plan should include details such as: your user account names and passwords; the steps you’d take to resolve any security issues; how you’d inform staff, users and stakeholders; where backups are stored; and any possible data protection or legal implications.

It’s may be worth asking your Drupal agency to write this for you to ensure it’s comprehensive and technically-robust. However, if you’d prefer to draft it yourself, Drupal.org has lots of useful information in this article about how to respond to website hacking.

11. Sign-up for Drupal emails

As a final bonus tip, we also recommend signing up to the Drupal security mailing list. This will ensure you stay up-to-date with all of the latest security notifications and announcements.

 

We hope you enjoyed this blog about Drupal security best practices. For more expert Drupal tips, read our ultimate Drupal optimisation guide which covers everything you need to know about optimising and maintaining your Drupal website.

Or, for on-demand Drupal support from an award-winning agency with more than two decades of experience, please get in touch and we’ll be happy to help!