How to create an online community with WordPress (and make a profit from it)

Today I was looking for a way to create an online community (and make a profit).

In the past, I always used BuddyPress, but I always encountered some limitations, so I was very happy when I found BuddyBoss!

They offer a theme + a plugin that improve all the social stuff you can find in BuddyPress.

I have to say that after giving it a try, it is lightning fast, and very very nice visually (those were the 2 things I was looking for).

Highly recommended on my side!

On a side note, they also offer an app creation for both Android and iOs, which I will most likely be using very soon as the project might require we create them too…

Also, Happy New 2021 for all my readers!

How to avoid spam in your WordPress Site

Spammers, spammers, we all hate them.

They will register in your website, add comments with ugly links…

But hey, they are just doing their job, right?

Now it’s your job to stop them! Here are some tips to avoid all kinds of spam in your blog.

Disable user registration (if it’s not a need).

Go to Settings > General and make sure the box “Anyone can register” is not checked.

Obviously, if you have a community where people need to register, you should leave it on.

Configure Discussion Settings

Under Settings > Discussion you should make sure these box are checked:

Before a comment appears:

– Comment author must have a previously approved comment

– Optionally, you can moderate all comments by hand. Depending on your traffic this might be a good idea (or not)

You can also insert certain trigger keywords under Comment Moderation / Blacklist

Use an antispam plugin

Here are my recommendations:

Akismet: This is a must have. I have it activated in every single website. You can get a free api key.

Spam FireWall, Anti-Spam by CleanTalk: Works great, but requires a paid key after the trial period

WP-SpamShield Anti-Spam: 100% free, works great too

Use a security plugin

The top two are:



You will just need one of them (since they mostly overlap in features), and they will give you some extra peace of mind.


That’s it! Do you have any other extra advice?

My top 10 favourite [100% free] WP plugins

Here are some of the plugins I use in most (or at least many) of my sites:

Yoast SEO

Excellent SEO plugin, with (almost) everything you will need (link)

W3 Total Cache

Speeds up your site (link)

Contact Form 7

Create simple contact forms (link)

Contact Form to Database

Save all contact form submissions to database (so nothing gets lost) (link)


Cleans 99% of spam (link)

Wordfence Security

Extra security for your site (link)

Pretty Link Lite

Add website redirects, and track clicks. (link)

WP Offload S3 Lite

Store the images on your site in an Amazon S3 bucket. Save space and bandwidth. (link)

Updraft Plus

Automatically (and/or manually) create a backup of your site (link)

Google Analytics Dashboard for WP

Add Google Analytics tracking. Does what it says. (link)


BONUS: 2 other plugins that I have used in the past multiple times (also free)

Woocommerce: eCommerce solution for WP

BuddyPress: Turn WordPress into a Social Network

How to secure your WordPress site

So, you have your WordPress site up and running, the wind is blowing nicely in your face, and all is going well, until… what is this? You have been hacked!

WordPress is the most widely used web platform in the world, so that’s one of the reason that some hackers are after you (it’s not personal, you know).

Here are a few things that you can do to avoid being hacked (listed in order of importance, from highest to lowest):

1. Keep your WordPress version up to date.

This is crucial: every so often, new vulnerabilities that affect old WordPress versions come out, and hackers rub their hands when they find a site with an old version of WordPress. Don’t let this happen to you! Especially knowing that you can update with just one click!

2. Use a secure password for your site (and whenever possible, a secure username too).

Fist, the username. In old versions of WordPress, the admin username was, yes or yes… “admin”. But not anymore! When you install your site, you are prompted to choose a username. Make sure to pick something creative and give hackers a hard time.

As to the password, make sure not to choose one of these (seriously? “hottie” is number 14?). Ideally, your password should combine uppercase/lowercase/numbers, and if you want to be a bit more paranoid, add a symbol like %$!?()/

This is a bad password: jonathan

This is a good password: JoNa1hAn

This is a pretty good password: J0nA1H%n123$

This is an awesome password: 5e9@XKNTvhRBCMgl

The reason behind choosing a hard password is that hackers sometime use what is called “brute force” attacks, ie, testing thousands of possibilities to try to log in to your site. Which password do you think they will try first, jonathan or 5e9@XKNTvhRBCMgl ?

By the way, if you have trouble remembering passwords, I recommend using lastpass (I use the free version). It will help you generate and store as many passwords as you like. I couldn’t live without it now!



Have you heard about the Pareto Principle? It says that 80% of your results, come from 20% of your actions. Well, those 2 were the top 20%! Do these and your chances of being hacked are very very low.

Here are a few extra tips for the power users:

  • Make sure your plugins and theme are up to date. Every so often, new vulnerabilities in common plugins are found, so keep an eye for updates.
  • Use a security plugin like Wordfence or Sucuri (both free; do not install both, just pick one; my personal recommendation is Wordfence, but both are very similar). This will prevent many attacks from happening.
  • Use a plugin to limit login attempts, like Login LockDown (free)
  • Use this plugin (free) to add an extra field (aside from user and pass) to be able to log in.
  • For advanced users, hide to the outside world the fact that you are using WordPress, with Hide My WP (paid plugin)


Final advice: if the worst thing happens and your site gets hacked, make sure you have a backup! There are paid and free plugins for that, so don’t be lazy! (Ideally, backups should be stored somewhere else, like Dropbox or Google Drive)

So that’s it! Do you have any other tip? Make sure to share your thoughts  in the comments, I’m always happy to learn new things 🙂

PS. If you would like to add an extra layer of security to your site, and make your WP site almost bulletproof, make sure to check Chris Hitman’s WP Site Guardian plugin. Totally recommended!

How to Speed up your WordPress Site

Many people have shown interest in speeding up their WordPress site, so I’m writing a detailed guide on how to do that.

But first, why is speed important?

Well, two main reasons:

  1. Google ranks fast websites higher (higher rank = more visitors = more sales [most of the time])
  2. Speed increases visitor satisfaction and decreases bounce rates (incidentally, if you are selling something, just half a second lost can result in a decrease in sales of over 7%)

If you are applying some changes to your Website, I recommend you use this to measure page speed, before and after.

So, without further do, here are my top tips to increase page speed:

1. Use a fast hosting company

The company you choose (and the hosting type) plays a very very important factor in speed. Think of it as the car that is “driving” your website.

Different companies aside (my recommendation below), there are basically 3 hosting types:

a) Shared: this means that you share the same server with other people: it could be a few, it could be a lot. It is the cheapest and most basic hosting, usually costing between 4 to 10 USD a month. It is more than enough to run a small to medium personal page, although you cannot expect to get your site blazing fast. I recommend this option if you are just starting out, testing the waters, or if you have a page with very few visitors.

b) VPS (Virtual Private Server): It means you will “almost” have your own server. You will be sharing the server with a few people, but not many, so speed and reliability are much better. This is good for medium to medium-high traffic sites, online stores, etc. Price varies between 10 to 50 USD/mo, depending on how fast you want it to be.

c) Your own Dedicated Server: This is the jewel of the crown, you will have a computer just for yourself, you won’t share it with anyone else. It will need some configuration (usually the hosting company will do it for you, sometimes free, sometimes for a small fee). This is good when you have high peaks of visitors (that might make your shared or even VPS to go down), or when speed is a must for you. Price usually starts at around 40 USD/mo, up to anything you want to pay 😉

There are TONS of hosting companies out there, and most of them are good. Here are the ones I use, that I can recommend

a) Shared: Bluehost  (affordable, good support)

b) VPS: HostWinds

c) Dedicated Server: Also Hostwinds (awesome support)

Make sure to choose the one that fits your budget, and remember that you can always change later on (most hosting companies will help you with the migration)

2. Use a well coded, clean theme

The theme you choose (assuming you use WordPress) has a vital importance in how fast each page in your site loads, as it will “paint” the HTML code. Make sure to use a well tested code. My personal recommendation: visit where they have tons of themes to choose from. If a theme has hundreds of buyers that’s a good sign.

3. Use the minimum amount of plugins possible.

Each new plugin you add to your site adds some extra loading time. Some of them have a small footprint and will just add a few miliseconds, while others can add seconds. Of course you will need some plugins to spice up your site, but make sure to disable those that you are not using

4. Use a cache plugin.

What a cache plugin does is to “store” your pages so they don’t have to be built each time there is a new visitor, thus saving time. I will build a whole article around this, but to get started, here is a god resource (I personally use W3 Total Cache on my sites).

5. Use a CDN (Content Delivery Network)

Instead of storing all your files (images, etc) on your server, they can be distributed around fast and reliable servers around the globe (yes, it’s a small world). If you use the W3 Total Cache plugin, you can get a MaxCDN account and make those two work together with very little effort on your side. The plugin is free, but sadly MaxCDN is not 🙁

Another unexpensive solution is Amazon S3 (I pay less than half a dollar a month), which can store all your images on their servers instead of on yours, saving you space, and making the images load faster. Use it in combination with this free plugin.

6. Optimize your images

Images are usually one of the slowest items to load in your site.

If you have time and energy, resize your images before uploading them; they will be smaller and load faster. If you want to automate the process, you can use this free plugin which will optimize them for you.

You can also apply the “lazy loading” technique, which will load the images only as the user scrolls, instead of loading them at the very beginning. Here is a free plugin that will do the trick  for you.

7. Optimize your WordPress database

Every now and then, you should “clean up” your database. Luckily there is a free plugin for that.

8. Keep your WordPress version up to date.

Every few months, the WP people release a new version, with new features and security fixes. It is very important to keep up to date, as some old versions have security bugs that might help hackers attack your site. New versions also (usually) improve performance.

You can upgrade to the latest version from the admin panel, with just one click. Just keep an eye for update notices.


That is all for now! New articles describing how to use these recommended plugins coming very soon 🙂

Follow these recommendations (at least as many as you can; most of them are free) and check your site speed again, then let me know how much it has improved for you!

As always, make sure to leave your comment and let  me know if you have other suggestions; also post your questions here.

PS. For those of you who would like to know about the topic in depth, Chris Hitman has created a really detailed, newbie friendly course on the matter. You can grab it here (in my opinion, as long as you are willing to implement it, it’s worth every penny, although it’s a paid course).