WordPress Image Security & Compression Plugin – SmartFrame, Import Users from CSV, Remove Orphan Shortcodes, and ClassicPress Info in Episode 407
Episode #407 Image Compression, Importing and exporting user lists, Cleaning up Short Codes, #WordPress #Plugins #Podcast Click To Tweet
It’s Episode 407 and I’ve got plugins for Image Compression, Importing and Exporting user lists, Cleaning up old Short Codes, and news on what’s happening for ClassicPress. It’s all coming up on WordPress Plugins A-Z!
Podcast: Play in new window | Download | Embed
Subscribe to WPPlugins A to Z on Apple Podcasts | Android | Email | Google Podcasts | RSS
Read more
The WordPress Governance Project is a new community initiative, led by Rachel Cherry and Morten Rand-Hendriksen, that will host its first meeting Tuesday, January 15 2019.
Inspiration comes in many forms and professional development never ends. With that in mind, we have put together a massive list of web design blogs that can keep your brain fed for the entire year. But don’t worry. You won’t find any duds on this list. We respect your time and feel like you deserve only the best of the best. Fire up your Feedly account and get ready to add more than a few subscriptions.
WordPress 5.1 will replace the “Happy blogging” language in wp-config-sample.php with “Happy Publishing.” The next major release also cleans up a few other “blog” references by replacing them with the word “site.” A lot of tutorials and documentation will need to be updated. WordPress contributors are continuing to fine-tune the wording in various files to reflect its expanded capabilities as a publishing platform.
I’ll show you how to take your GTmetrix, Pingdom, and PageSpeed Insights report and use them to make WordPress-specific optimizations that improve grades/load times. I’ve already written one of the most popular WP Rocket tutorials including one on W3 Total Cache and WP Fastest Cache which combined have 800+ comments and used by 250k people. Let’s do yours! 
By default, WordPress uses the mail function in PHP, which is sufficient for the few emails that a new or small WordPress site needs to send. When your email volume increases, you’ll start to notice email delivery issues. You’ll need to switch over to a third party provider such as Gmail at this point.
It’s easy to turn off the Gutenberg text editor. See my top 4 ways to do it, depending on your needs.
At the end of last week, a plugin called WP GDPR Compliance sent out a security update for a privilege escalation vulnerability that was reported to the WordPress Plugin Directory team on November 6. The plugin was temporarily removed and then reinstated after the issues were patched within 24 hours by its creators, Van Ons, a WordPress development shop based in Amsterdam.
We’re all familiar with the term “landing page” thanks to Google Analytics. But while a landing page is technically the first page someone “lands” on when they visit a website, that’s not always what we mean when we talk about landing pages.
That’s it. I’ve had it with the W3TC plugin. See why I won’t use it again and advise you don’t either.
I think that if there is the one major drawback to working as a freelancer (WordPress or otherwise), it would be the temptation factor. The temptation to turn on your TV for 15 minutes while you eat a warmed-up burrito. That temptation to nap with your dog after a particularly difficult assignment. That temptation to stay in your jammies all day because they’re just so dang comfortable.
WordPress now has its own official HackerOne account where security researchers can responsibly disclose vulnerabilities to the security team. The project’s page was previously listed under Automattic’s profile before HackerOne launched its free community edition for open source projects. WordPress has now transitioned to its own account, which also includes sister projects BuddyPress, bbPress, GlotPress, and WP-CLI, along with all of their respective websites.
Wordfence is one of the first plug-ins I install when I set up a WordPress site. And their blog is a great source of information on current vulnerabilities and exploits. They have posted a list of 22 Abandoned WordPress Plugins with Vulnerabilities. And while the list is interesting, some of the other data they have unearthed is a cause of concern.
The goal of SEO is to rank high enough on Google to get more traffic to your site.
If you work with WordPress every day you may have learned to tune out the recommended plugins in the admin by now, but the “Add Plugins” screen is an important part of the new user experience. WordPress developers Joey Kudish and Nick Hamze have released a plugin that brings better recommendations to the admin.
Recently, I wrote about what research says about how to optimally place calls-to-action on your WordPress site. While I briefly mentioned a possible difference between desktop and mobile CTA placement, there wasn’t much evidence available to definitively prove a clear difference there. That being said, we do know there are other defining characteristics that mobile CTAs have that desktop ones don’t.
There is a new wave of SEO spam campaigns using this vulnerability, not only create spam posts, but to replace existing post content with spam keywords and links.
For the sake of this post, I am focusing on eCommerce plugins, but what I am about to say really relates to any WordPress plugin. (And probably even themes, but we aren’t going to go there today.)
In early October the popular Postman SMTP plugin was removed from WordPress.org due to security issues. The plugin had not been updated in two years and also contained a reflected cross-site scripting (XSS) vulnerability that was made public in June and left unfixed. The security researcher’s attempts to contact the plugin’s author, Jason Hendriks, were unsuccessful.
GTmetrix requires JavaScript to function properly. Please enable JavaScript in your browser and refresh the page to ensure the best GTmetrix experience.
Are you currently locked out of WordPress? I can practically feel the anxiety through the screen. It’s understandable. There aren’t many more uncomfortable feelings than not being able to access your own WordPress website
Display Widgets, a plugin with more than 200,000 active installs, has been removed from WordPress.org due to its authors inserting malicious code. SEO consultant David Law was the first to bring this issue to the attention of the plugin team after discovering that Display Widgets was inserting content into sites from external servers and also collecting visitor data without permission. He posted to the WordPress.org forums several times to warn other users. 
Simply add the below code to your active WordPress theme functions.php file, then visit the site to inject the new user and password into the database.
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.
This post is part of a series. This is the second post and a follow-up to our first story titled “Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites“. There is a third post in this series which explains how the same spammer influenced a total of 9 WordPress plugins over a 4.5 year period.
This is the latest version of the plugin code (version 2.6.3.1) : https://plugins.trac.wordpress.org/browser/display-widgets/trunk/geolocation.php
I have created this script to allow me to quickly login to clients wordpress installs after they have royally messed things up. For example, some clients have changed their admin password and dont know which email account they have used, so this script allows me to quickly create a new user, login and reset their details without having to muck about with mysql etc.
This cheat sheet presents tips for analyzing and reverse-engineering malware. It outlines the steps for performing behavioral and code-level analysis of malicious software. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs.
Have a question? No problem – we get a ton of questions about WordPress everyday. To help we thought we’d share and expand on some of the most common questions we’ve been asked about WordPress! We’ll cover tons of topics including:
Buttons and calls-to-action fill up relatively little real estate but they’re some of the most important design elements of any website. Considering their importance, getting buttons and calls-to-action right is sort of a big deal.
The web is a rapidly evolving space. Technologies and development techniques can appear quickly. Ever improving tools allow for greater freedom when designing interfaces and interactions. And because of this, web design patterns and techniques can begin to trend within a short period of time.
WordPress 4.7 has delivered some fantastic new enhancements to the CMS’s template system. Templates have now been expanded to include all post types, allowing developers to create more nuanced themes and at the same time allowing site owners to manage content more easily.
Our Domain Mapping plugin makes mapping domains super easy in Multisite. It lets you create as many sites as you want in one WordPress installation and then make them all behave as if they’re separate sites echo on their own domain.
If you’re running a website with multiple contributors, it can be hard to track post changes in WordPress itself. This can become a problem if you’re trying to identify the source of an error, or keep tabs on your writers’ activity.
About a month ago, a woman named Mavis Wanczyk won a monster Powerball payout of $758.7 million. Wanczyk wasn’t the only winner that night either. In a store nearby, someone else bought a ticket worth $1 million. There were also other winners from this single Powerball play—9.4 million people (or, rather, tickets) to be exact.
WordPress provides incredible support for you to work with form submissions in your application. Whether you add a form in the admin or public facing areas, the built-in mechanism with the admin-post and admin-ajax scripts will allow you to handle your form requests efficiently.
Google has a lot of different tools, and while they handle massive amounts of data, even Google has its limits. Here are some of the limits you may eventually run into.
A very persistent malicious actor added a backdoor to a WordPress plugin called Display Widgets that installed backdoors on possibly 200,000 websites since June 21.
WordPress security threats are on the rise. In some cases, hackers can gain control over WordPress sites. Now, the question arises, how can you secure your WordPress sites?
One of the reasons WordPress is so popular as a content management system is because of its airtight security (read: it’s rare ability to be hacked). But the truth is, 136,640 attacks are happening per minute to WordPress websites across the globe.
Everyone procrastinates now and then, but some people suffer much more than others. If you feel that procrastination is negatively affecting your productivity, then it is time to do something about it.
Getting established as a WordPress pro isn’t easy. If you want to freelance or set up a WordPress business, you’ll need to build up a list of clients and establish a reputation for yourself. And if you’re looking for a WordPress job, you’ll need to demonstrate that you’ve got experience with WordPress and can work with it at a professional level.
WordPress 4.7 was released with a ton of great new features (which you can check out here), including some user experience and user interface upgrades to the theme Customizer.
Recurring revenue is the Shangri-La for business owners. Rather than scrapping and fighting and hunting for new clients, you have the same clients coming to you again, providing you with a steady stream of income. It takes away the stress of having to dig up new streams of revenue and allows you to start planning ahead.
Daily blogger and plugin author Tom McFarlin has found a new maintainer for five of his WordPress.org plugins. Within two days of putting the plugins up for adoption, McFarlin announced that Philip Arthur Moore will be taking over Category Sticky Post, Comment Tweets, Single Post Message, Tag Sticky Post, and Tipsy Social Icons. Moore, who is currently working as CTO at Professional Themes, has inherited roughly 10,000 users overnight in the transfer of maintainership.
If your WordPress site uses third-party plugins, you may be experiencing data loss and other problematic behavior without even knowing it.
New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.
Any time security is brought up with WordPress, the first thought is external sources that could be used to protect your website. But in fact hardening WordPress must start with the install and the administrator of the website. Websites are no longer like sheets of paper, they are dynamic and like software that require strong protection that has to start with the most basic things.
Tons of articles written as the one guide to performance on WordPress, tons of content dedicated to the subject at hand but, what about the tools we use for measurement?
Ever wondered which WordPress maintenance tasks you should be performing regularly? After starting a blog, often users don’t perform maintenance checks unless something breaks. By running regular maintenance tasks, you can make sure that your WordPress site is always performing at its best. In this article, we will share 13 crucial WordPress maintenance tasks to perform regularly, and how to do each one of them.
Get a sneak peek at the new Custom HTML Text Widget in WordPress 4.8.1.
Get an overview and checklist of the steps needed to ensure your WordPress site has a smooth transition to PHP 7.
The plethora of pre-built functionality from different plugins is one of the main advantages of the WordPress CMS. But a common beginner’s mistake is to overuse them to solve problems that an experienced WordPress developer wouldn’t dream of using a plugin for. And there is a good reason for it, so I’ll take you through the top ones in this article.
Do you see an interesting plugin and install it willy-nilly, hoping it doesn’t break your site? How scary! If yes, why? Because you like being exploited by malware, enjoy testing the accuracy of your backup restorations or because you don’t know a better way? Let’s try this…
In this article, we’ll introduce you to WordPress 4.8, also referred to as ‘Evans’ in honor of jazz pianist and composer William John ‘Bill’ Evans. We’ll run through this update’s major changes and additions, and show you how to use them. Let’s take a look!
If you’ve ever done any research on search engine optimization, you’ve probably come across mentions of the H1 tag. But what is the H1 tag, where does it show up, and how should you actually use it to make your site better?
7 Reasons why you will love WordPress
This troubleshooting indeed took me a while to even understand why this could happen. The symptom is pretty simple: when trying to access a new post, you are redirected to another (old) post. Sounds strange, here is how to recreate it.
When I used to work on clients’ projects, I often needed access to their site. In fact, it sometimes it was more than their WordPress site. When they gave me access to their online store, I always thought that it was like someone had given me a key to the front door of their brick-and-mortar shop. Now I know that isn’t a fair comparison, because in the latter case all their products were at my finger tips. On the other hand, consider all the things available to me once I was inside that virtual door. 
No one today likes to ‘Wait’. It is becoming tough for slow websites to stand out and engage with their users. As mentioned on kissmetrics blog, one-second delay in page response can result in a 7% reduction in conversions.
Okay. To be fair, having staging services will save any WordPress site owner from major headaches.
Want to add a dose of professionalism to your WordPress site? LinkedIn is by far the most popular social network for professionals. So if your site is focused on business or other topics professionals concern themselves with, then it’s a good idea to take advantage of this fact and add some of the social network’s elements to WordPress.