Round up of WordPress News and Tips October 23, 2017
The Weekly round up of news, tips, and information to help you create the best possible WordPress website.
This is a weekly round up of WordPress news I have accumulated from across the web some old some new but always interesting. The new relates to WordPress and sometimes other areas of the web. It often has a focus on security and more.
We try to have news here that is not only important to help you with your website as well as new from the #wpdrama scene and more to share.
Some of the news here will be of interesting links to not only articles but training materials and other sources I can find online that will help you create a better WordPress website.
This week we have the following news for you.
Postman SMTP Plugin Forked after Removal from WordPress.org for Security Issues
In early October the popular Postman SMTP plugin was removed from WordPress.org due to security issues. The plugin had not been updated in two years and also contained a reflected cross-site scripting (XSS) vulnerability that was made public in June and left unfixed. The security researcher’s attempts to contact the plugin’s author, Jason Hendriks, were unsuccessful.
The plugin is used to improve the delivery of emails that WordPress generates and it logs the causes of failed emails to help eliminate configuration mistakes. It was installed on more than 100,000 sites before it was removed from WordPress.org. Read original article here…. wptavern.com
The Difference Between GTmetrix, PageSpeed Insights, Pingdom Tools and WebPagetest
GTmetrix requires JavaScript to function properly. Please enable JavaScript in your browser and refresh the page to ensure the best GTmetrix experience.
If you’ve used any of these tools, you may wonder why the results are sometimes different. The post serves to highlight the key differences in these performance analysis tools.
We’re glad to be in the company of other great tools that offer an in depth look at website performance.
PageSpeed Insights, Pingdom Tools, and WebPagetest all offer similar features to GTmetrix, but there are a few things that should be pointed out with regards to our differences. Read original article here…. gtmetrix.com
Locked Out of WordPress? 4 Solutions When You Can’t Access wp-admin
Are you currently locked out of WordPress? I can practically feel the anxiety through the screen. It’s understandable. There aren’t many more uncomfortable feelings than not being able to access your own WordPress website
However, let’s take a deep breath, ok? We will get through this. You have a backup of your site, right? Never mind that now. Instead, let’s concentrate on making things better. Read original article here…. elegantthemes.com
Display Widgets Plugin Permanently Removed from WordPress.org Due to Malicious Code
Display Widgets, a plugin with more than 200,000 active installs, has been removed from WordPress.org due to its authors inserting malicious code. SEO consultant David Law was the first to bring this issue to the attention of the plugin team after discovering that Display Widgets was inserting content into sites from external servers and also collecting visitor data without permission. He posted to the WordPress.org forums several times to warn other users. Read original article here…. wptavern.com
How to add a new WordPress user without logging into WordPress
Simply add the below code to your active WordPress theme functions.php file, then visit the site to inject the new user and password into the database.
This will instantly create a new admin user.
Just remember to remove the below code from your functions.php file once you’ve verified the new username and password is working nicely. Read original article here…. hackrepair.com
This week we have the following Security News for you.
Blog | Plugin Vulnerabilities | A service to protect your site against vulnerabilities in WordPress plugins.
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.
Recently the web scanner service Detectify has been vaguely disclosing minor vulnerabilities in a number of WordPress plugins. It seems …To read the rest of this post you need to have an active account with our service. Read original article here…. pluginvulnerabilities.com
The Man Behind Plugin Spam: Mason Soiza
This post is part of a series. This is the second post and a follow-up to our first story titled “Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites“. There is a third post in this series which explains how the same spammer influenced a total of 9 WordPress plugins over a 4.5 year period.
In this post, we explore who is behind the purchase and corruption of the Display Widgets plugin and at least two other popular WordPress plugins.
As part of my research into the sale of the Display Widgets plugin and the subsequent spam that appeared in it, I had reached out to Stephanie Wells, the original author of Display Widgets who sold it. Stephanie got back to me moments after I hit the publish button on our post. Read original article here…. wordfence.com
Topic: Display Widgets Plugin v2.6.3.1 Includes Hacking Code « WordPress.org Forums
This is the latest version of the plugin code (version 2.6.3.1) : https://plugins.trac.wordpress.org/browser/display-widgets/trunk/geolocation.php
Look at the function on line 186 (pasted below).
Note the name of the function dynamic_page, what do you think a function with name Dynamic Page does?
It creates a DYNAMIC PAGE (a Dynamic WordPress Post) on Display Widget users sites and is loaded using line 299: Read original article here…. wordpress.org
Backdoor WordPress Login Script
I have created this script to allow me to quickly login to clients wordpress installs after they have royally messed things up. For example, some clients have changed their admin password and dont know which email account they have used, so this script allows me to quickly create a new user, login and reset their details without having to muck about with mysql etc.
NOTE: to use this script you do actually need to have access to the web server and upload the file to their site and then execute it through the browser. Read original article here…. craig-edmonds.com
Cheat Sheet for Analyzing Malicious Software
This cheat sheet presents tips for analyzing and reverse-engineering malware. It outlines the steps for performing behavioral and code-level analysis of malicious software. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs.
Follow me for more of the good stuff. Read original article here…. zeltser.com
And now for something older in the past article collections.
50+ Frequently Asked Questions About WordPress
Have a question? No problem – we get a ton of questions about WordPress everyday. To help we thought we’d share and expand on some of the most common questions we’ve been asked about WordPress! We’ll cover tons of topics including:
Not sure if WordPress is right for you? Here are answers to basic question about WordPress, what it is, how much it costs and more.
WordPress is a popular content management system (CMS) that you can use to power your website on your own hosting plan. WordPress makes creating a blog, landing page, online store, forum or other website possible for users around the world. Read original article here…. wpexplorer.com
A Guide to Designing Better Buttons and CTAs for WordPress
Buttons and calls-to-action fill up relatively little real estate but they’re some of the most important design elements of any website. Considering their importance, getting buttons and calls-to-action right is sort of a big deal.
However, designing buttons can be tricky. There are many design factors to consider when designing buttons – size, color, icons, shape, placement, and text — and call-to-action buttons are even more critical to get right. Read original article here…. premium.wpmudev.org
10 Hottest Web Design Trends You Gotta Know for 2017
The web is a rapidly evolving space. Technologies and development techniques can appear quickly. Ever improving tools allow for greater freedom when designing interfaces and interactions. And because of this, web design patterns and techniques can begin to trend within a short period of time.
Below is a list of web design trends to keep in mind during 2017. They aren’t all new; some are styles that have been gaining and/or maintaining their popularity during 2016. These are expected to continue to be in common use for new websites launched in 2017. Read original article here…. premium.wpmudev.org
A Quick and Dirty Guide to Post Type Templates in WordPress
WordPress 4.7 has delivered some fantastic new enhancements to the CMS’s template system. Templates have now been expanded to include all post types, allowing developers to create more nuanced themes and at the same time allowing site owners to manage content more easily.
But how does it all work? In this article, I’ll show you how to use post type templates in your themes with a few easy examples.
Templates are essentially special files that can change the look and feel of a page and/or add functionality to your WordPress website. Read original article here…. premium.wpmudev.org
Our Domain Mapping plugin makes mapping domains super easy in Multisite. It lets you create as many sites as you want in one WordPress installation and then make them all behave as if they’re separate sites echo on their own domain.
If you’re running a website with multiple contributors, it can be hard to track post changes in WordPress itself. This can become a problem if you’re trying to identify the source of an error, or keep tabs on your writers’ activity.
About a month ago, a woman named Mavis Wanczyk won a monster Powerball payout of $758.7 million. Wanczyk wasn’t the only winner that night either. In a store nearby, someone else bought a ticket worth $1 million. There were also other winners from this single Powerball play—9.4 million people (or, rather, tickets) to be exact.
WordPress provides incredible support for you to work with form submissions in your application. Whether you add a form in the admin or public facing areas, the built-in mechanism with the admin-post and admin-ajax scripts will allow you to handle your form requests efficiently.
Google has a lot of different tools, and while they handle massive amounts of data, even Google has its limits. Here are some of the limits you may eventually run into.
A very persistent malicious actor added a backdoor to a WordPress plugin called Display Widgets that installed backdoors on possibly 200,000 websites since June 21.
WordPress security threats are on the rise. In some cases, hackers can gain control over WordPress sites. Now, the question arises, how can you secure your WordPress sites?
One of the reasons WordPress is so popular as a content management system is because of its airtight security (read: it’s rare ability to be hacked). But the truth is, 136,640 attacks are happening per minute to WordPress websites across the globe.
Everyone procrastinates now and then, but some people suffer much more than others. If you feel that procrastination is negatively affecting your productivity, then it is time to do something about it.
Getting established as a WordPress pro isn’t easy. If you want to freelance or set up a WordPress business, you’ll need to build up a list of clients and establish a reputation for yourself. And if you’re looking for a WordPress job, you’ll need to demonstrate that you’ve got experience with WordPress and can work with it at a professional level.
WordPress 4.7 was released with a ton of great new features (which you can check out here), including some user experience and user interface upgrades to the theme Customizer.
Recurring revenue is the Shangri-La for business owners. Rather than scrapping and fighting and hunting for new clients, you have the same clients coming to you again, providing you with a steady stream of income. It takes away the stress of having to dig up new streams of revenue and allows you to start planning ahead.
Daily blogger and plugin author Tom McFarlin has found a new maintainer for five of his WordPress.org plugins. Within two days of putting the plugins up for adoption, McFarlin announced that Philip Arthur Moore will be taking over Category Sticky Post, Comment Tweets, Single Post Message, Tag Sticky Post, and Tipsy Social Icons. Moore, who is currently working as CTO at Professional Themes, has inherited roughly 10,000 users overnight in the transfer of maintainership.
If your WordPress site uses third-party plugins, you may be experiencing data loss and other problematic behavior without even knowing it.
New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.
Any time security is brought up with WordPress, the first thought is external sources that could be used to protect your website. But in fact hardening WordPress must start with the install and the administrator of the website. Websites are no longer like sheets of paper, they are dynamic and like software that require strong protection that has to start with the most basic things.
Tons of articles written as the one guide to performance on WordPress, tons of content dedicated to the subject at hand but, what about the tools we use for measurement?
Ever wondered which WordPress maintenance tasks you should be performing regularly? After starting a blog, often users don’t perform maintenance checks unless something breaks. By running regular maintenance tasks, you can make sure that your WordPress site is always performing at its best. In this article, we will share 13 crucial WordPress maintenance tasks to perform regularly, and how to do each one of them.
Get a sneak peek at the new Custom HTML Text Widget in WordPress 4.8.1.
Get an overview and checklist of the steps needed to ensure your WordPress site has a smooth transition to PHP 7.
The plethora of pre-built functionality from different plugins is one of the main advantages of the WordPress CMS. But a common beginner’s mistake is to overuse them to solve problems that an experienced WordPress developer wouldn’t dream of using a plugin for. And there is a good reason for it, so I’ll take you through the top ones in this article.
Do you see an interesting plugin and install it willy-nilly, hoping it doesn’t break your site? How scary! If yes, why? Because you like being exploited by malware, enjoy testing the accuracy of your backup restorations or because you don’t know a better way? Let’s try this…
In this article, we’ll introduce you to WordPress 4.8, also referred to as ‘Evans’ in honor of jazz pianist and composer William John ‘Bill’ Evans. We’ll run through this update’s major changes and additions, and show you how to use them. Let’s take a look!
If you’ve ever done any research on search engine optimization, you’ve probably come across mentions of the H1 tag. But what is the H1 tag, where does it show up, and how should you actually use it to make your site better?
7 Reasons why you will love WordPress
This troubleshooting indeed took me a while to even understand why this could happen. The symptom is pretty simple: when trying to access a new post, you are redirected to another (old) post. Sounds strange, here is how to recreate it.
When I used to work on clients’ projects, I often needed access to their site. In fact, it sometimes it was more than their WordPress site. When they gave me access to their online store, I always thought that it was like someone had given me a key to the front door of their brick-and-mortar shop. Now I know that isn’t a fair comparison, because in the latter case all their products were at my finger tips. On the other hand, consider all the things available to me once I was inside that virtual door. 
No one today likes to ‘Wait’. It is becoming tough for slow websites to stand out and engage with their users. As mentioned on kissmetrics blog, one-second delay in page response can result in a 7% reduction in conversions.
Okay. To be fair, having staging services will save any WordPress site owner from major headaches.
Want to add a dose of professionalism to your WordPress site? LinkedIn is by far the most popular social network for professionals. So if your site is focused on business or other topics professionals concern themselves with, then it’s a good idea to take advantage of this fact and add some of the social network’s elements to WordPress.
WordPress is one of the most widely used platforms for hosting and site building in the world. Developers of the WordPress team do their best in rolling out monthly updates to keep sites secure, but admins can always tune their settings and install additional plugins to bolster security.
It’s crucial that you explore as many avenues as possible for finding clients when you’re starting out as a web developer. Platforms like Upwork can be a great place to start building your portfolio of work and list of clientele. Then there’s Fiverr, a platform that is often overlooked.
As your website grows, there’s a chance its design might start to look somewhat stale. Keep in mind, design trends are constantly evolving, and being able to spot these issues is important if you want your site to look modern and ‘fresh’. Plus, you’ll also need to keep all of the aspects of your design looking uniform (and usable) to provide a good experience.
Last week, an article appeared on WPMayor about a major change to the pricing structure on those paid extensions from Woo.
You have decided to launch a blog and make it a real game-changer. So, what are the first steps that you will take in order to make it as popular and attention-grabbing as you wish? Enhancing your blog with an eye-catching design will surely work for better attraction of the new customers. However, this will work when a person has already landed on your page. But how can you make them actually find you on the web and how to keep their attention grabbed with your data? This is when a proper SEO optimization of your online resource comes into play.
Picture this: You’re working away on your WordPress site and then bam! You see this puzzling and face contorting error:
I think you will agree when I say that the mention of cache doesn’t elicit the best of feelings unless, of course, you’re one of those tech-savvy cool kids. Nah, still it doesn’t elicit the best of feelings.
CodeCanyon is the leading marketplace for selling premium WordPress plugins owned by a digital marketplaces conglomerate – Envato. The marketplace grossed over $70,000,000 since 2009, processed 2.3 million sales of WordPress plugins, and has a growing community of 7.8 million members.
Not a good way to be spending your time hours before the clocks chimed in the New Year.
So you’ve designed a new WordPress website and it’s ready to go live. Congratulations!
Whoiswp.com is the ultimate online detecting tool that will help you find out what WordPress theme a site is using. Get ready to unleash your inner web designer and start creating the website of your dreams just by using this amazing platform and our free theme detector.
As you might have noticed, there are some plugins that when you upgrade to the paid version, you are required to keep the free version installed as well. The reasoning or methods behind this are not something I don’t care to understand.
When a friend of mine asked for suggestions on what he should use to create a new site, I suggested WordPress. It is well supported, has an amazing community, and a ton of free themes and plugins to choose from. After getting WordPress installed on a new webhosting account, I left him be to see what issues he would run into and how he would configure the site.
