Round up of WordPress News and Tips January 10th
The Weekly round up of news, tips, and information to help you create the best possible WordPress website.
This is a weekly round up of WordPress news I have accumulated from across the web. Some old, some new, but always interesting. The new relates to WordPress and sometimes other areas of the web. It often has a focus on security and more.
We try to have news here that is important to help you with your website as well as news from the wpdrama scene and more.
Some of the news here will be of interesting links to not only articles but training materials and other sources I can find online that will help you create a better WordPress website.
This week we have the following news for you.
WordPress Governance Project Flagged as Unsanctioned, First Meeting Set for January 15
The WordPress Governance Project is a new community initiative, led by Rachel Cherry and Morten Rand-Hendriksen, that will host its first meeting Tuesday, January 15 2019.
The purpose of the project is to address two objectives: Hendriksen advocated for open governance when he introduced the project at WordCamp US in his presentation, Moving the Web forward with WordPress. He discussed how the decisions made for WordPress’ future affect a large portion the web. The project will first look at WordPress’ internal governance structure and then move into the second aspect of getting WordPress a seat at the table in important discussions affecting the broader web.
Contributors on the project are aiming to propose a governance model for WordPress at or before WordCamp Europe 2019 or the Community Summit, if one is planned for 2019. The group plans to research existing governance models from corporations, government, and the open web community and submit their proposal to WordPress’ current leadership for consideration. Read original article here…. wptavern.com
55 Web Design Blogs to Follow in 2019
Inspiration comes in many forms and professional development never ends. With that in mind, we have put together a massive list of web design blogs that can keep your brain fed for the entire year. But don’t worry. You won’t find any duds on this list. We respect your time and feel like you deserve only the best of the best. Fire up your Feedly account and get ready to add more than a few subscriptions.
Starting us off, we have Smashing Magazine. It’s not often that you find a publication that can put out as many high-quality articles as consistently as Smashing can. Some places publish lots of articles that have very little substance, but Smashing Magazine makes sure that pretty much every word they publish is relevant to you as a designer and developer. They also do various freebies and host conferences, as well as put out books on topics across our field, too. Read original article here…. elegantthemes.com
WordPress 5.1 to Replace “Blogging” References with “Publishing”
WordPress 5.1 will replace the “Happy blogging” language in wp-config-sample.php with “Happy Publishing.” The next major release also cleans up a few other “blog” references by replacing them with the word “site.” A lot of tutorials and documentation will need to be updated. WordPress contributors are continuing to fine-tune the wording in various files to reflect its expanded capabilities as a publishing platform.
“As of this commit, WordPress is no longer a simple blogging platform,” Gary Pendergast wrote in the commit message. “It’s now a comprehensive publishing solution.” Read original article here…. wptavern.com
And now for something older in the past article collections.
How I Got My Slow WordPress Site Loading In 200ms (100% Grades)
I’ll show you how to take your GTmetrix, Pingdom, and PageSpeed Insights report and use them to make WordPress-specific optimizations that improve grades/load times. I’ve already written one of the most popular WP Rocket tutorials including one on W3 Total Cache and WP Fastest Cache which combined have 800+ comments and used by 250k people. Let’s do yours! Read original article here…. onlinemediamasters.com
By default, WordPress uses the mail function in PHP, which is sufficient for the few emails that a new or small WordPress site needs to send. When your email volume increases, you’ll start to notice email delivery issues. You’ll need to switch over to a third party provider such as Gmail at this point.
It’s easy to turn off the Gutenberg text editor. See my top 4 ways to do it, depending on your needs.
At the end of last week, a plugin called WP GDPR Compliance sent out a security update for a privilege escalation vulnerability that was reported to the WordPress Plugin Directory team on November 6. The plugin was temporarily removed and then reinstated after the issues were patched within 24 hours by its creators, Van Ons, a WordPress development shop based in Amsterdam.
We’re all familiar with the term “landing page” thanks to Google Analytics. But while a landing page is technically the first page someone “lands” on when they visit a website, that’s not always what we mean when we talk about landing pages.
That’s it. I’ve had it with the W3TC plugin. See why I won’t use it again and advise you don’t either.
I think that if there is the one major drawback to working as a freelancer (WordPress or otherwise), it would be the temptation factor. The temptation to turn on your TV for 15 minutes while you eat a warmed-up burrito. That temptation to nap with your dog after a particularly difficult assignment. That temptation to stay in your jammies all day because they’re just so dang comfortable.
WordPress now has its own official HackerOne account where security researchers can responsibly disclose vulnerabilities to the security team. The project’s page was previously listed under Automattic’s profile before HackerOne launched its free community edition for open source projects. WordPress has now transitioned to its own account, which also includes sister projects BuddyPress, bbPress, GlotPress, and WP-CLI, along with all of their respective websites.
Wordfence is one of the first plug-ins I install when I set up a WordPress site. And their blog is a great source of information on current vulnerabilities and exploits. They have posted a list of 22 Abandoned WordPress Plugins with Vulnerabilities. And while the list is interesting, some of the other data they have unearthed is a cause of concern.
The goal of SEO is to rank high enough on Google to get more traffic to your site.
If you work with WordPress every day you may have learned to tune out the recommended plugins in the admin by now, but the “Add Plugins” screen is an important part of the new user experience. WordPress developers Joey Kudish and Nick Hamze have released a plugin that brings better recommendations to the admin.
Recently, I wrote about what research says about how to optimally place calls-to-action on your WordPress site. While I briefly mentioned a possible difference between desktop and mobile CTA placement, there wasn’t much evidence available to definitively prove a clear difference there. That being said, we do know there are other defining characteristics that mobile CTAs have that desktop ones don’t.
There is a new wave of SEO spam campaigns using this vulnerability, not only create spam posts, but to replace existing post content with spam keywords and links.
For the sake of this post, I am focusing on eCommerce plugins, but what I am about to say really relates to any WordPress plugin. (And probably even themes, but we aren’t going to go there today.)
In early October the popular Postman SMTP plugin was removed from WordPress.org due to security issues. The plugin had not been updated in two years and also contained a reflected cross-site scripting (XSS) vulnerability that was made public in June and left unfixed. The security researcher’s attempts to contact the plugin’s author, Jason Hendriks, were unsuccessful.
GTmetrix requires JavaScript to function properly. Please enable JavaScript in your browser and refresh the page to ensure the best GTmetrix experience.
Are you currently locked out of WordPress? I can practically feel the anxiety through the screen. It’s understandable. There aren’t many more uncomfortable feelings than not being able to access your own WordPress website
Display Widgets, a plugin with more than 200,000 active installs, has been removed from WordPress.org due to its authors inserting malicious code. SEO consultant David Law was the first to bring this issue to the attention of the plugin team after discovering that Display Widgets was inserting content into sites from external servers and also collecting visitor data without permission. He posted to the WordPress.org forums several times to warn other users. 
Simply add the below code to your active WordPress theme functions.php file, then visit the site to inject the new user and password into the database.
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.
This post is part of a series. This is the second post and a follow-up to our first story titled “Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites“. There is a third post in this series which explains how the same spammer influenced a total of 9 WordPress plugins over a 4.5 year period.
This is the latest version of the plugin code (version 2.6.3.1) : https://plugins.trac.wordpress.org/browser/display-widgets/trunk/geolocation.php
I have created this script to allow me to quickly login to clients wordpress installs after they have royally messed things up. For example, some clients have changed their admin password and dont know which email account they have used, so this script allows me to quickly create a new user, login and reset their details without having to muck about with mysql etc.
This cheat sheet presents tips for analyzing and reverse-engineering malware. It outlines the steps for performing behavioral and code-level analysis of malicious software. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs.
Have a question? No problem – we get a ton of questions about WordPress everyday. To help we thought we’d share and expand on some of the most common questions we’ve been asked about WordPress! We’ll cover tons of topics including:
Buttons and calls-to-action fill up relatively little real estate but they’re some of the most important design elements of any website. Considering their importance, getting buttons and calls-to-action right is sort of a big deal.
The web is a rapidly evolving space. Technologies and development techniques can appear quickly. Ever improving tools allow for greater freedom when designing interfaces and interactions. And because of this, web design patterns and techniques can begin to trend within a short period of time.
WordPress 4.7 has delivered some fantastic new enhancements to the CMS’s template system. Templates have now been expanded to include all post types, allowing developers to create more nuanced themes and at the same time allowing site owners to manage content more easily.
Our Domain Mapping plugin makes mapping domains super easy in Multisite. It lets you create as many sites as you want in one WordPress installation and then make them all behave as if they’re separate sites echo on their own domain.
If you’re running a website with multiple contributors, it can be hard to track post changes in WordPress itself. This can become a problem if you’re trying to identify the source of an error, or keep tabs on your writers’ activity.
About a month ago, a woman named Mavis Wanczyk won a monster Powerball payout of $758.7 million. Wanczyk wasn’t the only winner that night either. In a store nearby, someone else bought a ticket worth $1 million. There were also other winners from this single Powerball play—9.4 million people (or, rather, tickets) to be exact.
WordPress provides incredible support for you to work with form submissions in your application. Whether you add a form in the admin or public facing areas, the built-in mechanism with the admin-post and admin-ajax scripts will allow you to handle your form requests efficiently.
Google has a lot of different tools, and while they handle massive amounts of data, even Google has its limits. Here are some of the limits you may eventually run into.
A very persistent malicious actor added a backdoor to a WordPress plugin called Display Widgets that installed backdoors on possibly 200,000 websites since June 21.
WordPress security threats are on the rise. In some cases, hackers can gain control over WordPress sites. Now, the question arises, how can you secure your WordPress sites?
One of the reasons WordPress is so popular as a content management system is because of its airtight security (read: it’s rare ability to be hacked). But the truth is, 136,640 attacks are happening per minute to WordPress websites across the globe.
Everyone procrastinates now and then, but some people suffer much more than others. If you feel that procrastination is negatively affecting your productivity, then it is time to do something about it.
Getting established as a WordPress pro isn’t easy. If you want to freelance or set up a WordPress business, you’ll need to build up a list of clients and establish a reputation for yourself. And if you’re looking for a WordPress job, you’ll need to demonstrate that you’ve got experience with WordPress and can work with it at a professional level.
WordPress 4.7 was released with a ton of great new features (which you can check out here), including some user experience and user interface upgrades to the theme Customizer.
Recurring revenue is the Shangri-La for business owners. Rather than scrapping and fighting and hunting for new clients, you have the same clients coming to you again, providing you with a steady stream of income. It takes away the stress of having to dig up new streams of revenue and allows you to start planning ahead.
Daily blogger and plugin author Tom McFarlin has found a new maintainer for five of his WordPress.org plugins. Within two days of putting the plugins up for adoption, McFarlin announced that Philip Arthur Moore will be taking over Category Sticky Post, Comment Tweets, Single Post Message, Tag Sticky Post, and Tipsy Social Icons. Moore, who is currently working as CTO at Professional Themes, has inherited roughly 10,000 users overnight in the transfer of maintainership.
If your WordPress site uses third-party plugins, you may be experiencing data loss and other problematic behavior without even knowing it.
New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.
Any time security is brought up with WordPress, the first thought is external sources that could be used to protect your website. But in fact hardening WordPress must start with the install and the administrator of the website. Websites are no longer like sheets of paper, they are dynamic and like software that require strong protection that has to start with the most basic things.
Tons of articles written as the one guide to performance on WordPress, tons of content dedicated to the subject at hand but, what about the tools we use for measurement?
Ever wondered which WordPress maintenance tasks you should be performing regularly? After starting a blog, often users don’t perform maintenance checks unless something breaks. By running regular maintenance tasks, you can make sure that your WordPress site is always performing at its best. In this article, we will share 13 crucial WordPress maintenance tasks to perform regularly, and how to do each one of them.
Get a sneak peek at the new Custom HTML Text Widget in WordPress 4.8.1.
Get an overview and checklist of the steps needed to ensure your WordPress site has a smooth transition to PHP 7.
The plethora of pre-built functionality from different plugins is one of the main advantages of the WordPress CMS. But a common beginner’s mistake is to overuse them to solve problems that an experienced WordPress developer wouldn’t dream of using a plugin for. And there is a good reason for it, so I’ll take you through the top ones in this article.
Do you see an interesting plugin and install it willy-nilly, hoping it doesn’t break your site? How scary! If yes, why? Because you like being exploited by malware, enjoy testing the accuracy of your backup restorations or because you don’t know a better way? Let’s try this…
In this article, we’ll introduce you to WordPress 4.8, also referred to as ‘Evans’ in honor of jazz pianist and composer William John ‘Bill’ Evans. We’ll run through this update’s major changes and additions, and show you how to use them. Let’s take a look!
If you’ve ever done any research on search engine optimization, you’ve probably come across mentions of the H1 tag. But what is the H1 tag, where does it show up, and how should you actually use it to make your site better?
7 Reasons why you will love WordPress
This troubleshooting indeed took me a while to even understand why this could happen. The symptom is pretty simple: when trying to access a new post, you are redirected to another (old) post. Sounds strange, here is how to recreate it.
When I used to work on clients’ projects, I often needed access to their site. In fact, it sometimes it was more than their WordPress site. When they gave me access to their online store, I always thought that it was like someone had given me a key to the front door of their brick-and-mortar shop. Now I know that isn’t a fair comparison, because in the latter case all their products were at my finger tips. On the other hand, consider all the things available to me once I was inside that virtual door. 
No one today likes to ‘Wait’. It is becoming tough for slow websites to stand out and engage with their users. As mentioned on kissmetrics blog, one-second delay in page response can result in a 7% reduction in conversions.
Okay. To be fair, having staging services will save any WordPress site owner from major headaches.
Want to add a dose of professionalism to your WordPress site? LinkedIn is by far the most popular social network for professionals. So if your site is focused on business or other topics professionals concern themselves with, then it’s a good idea to take advantage of this fact and add some of the social network’s elements to WordPress.
WordPress is one of the most widely used platforms for hosting and site building in the world. Developers of the WordPress team do their best in rolling out monthly updates to keep sites secure, but admins can always tune their settings and install additional plugins to bolster security.
It’s crucial that you explore as many avenues as possible for finding clients when you’re starting out as a web developer. Platforms like Upwork can be a great place to start building your portfolio of work and list of clientele. Then there’s Fiverr, a platform that is often overlooked.
As your website grows, there’s a chance its design might start to look somewhat stale. Keep in mind, design trends are constantly evolving, and being able to spot these issues is important if you want your site to look modern and ‘fresh’. Plus, you’ll also need to keep all of the aspects of your design looking uniform (and usable) to provide a good experience.
Last week, an article appeared on WPMayor about a major change to the pricing structure on those paid extensions from Woo.
You have decided to launch a blog and make it a real game-changer. So, what are the first steps that you will take in order to make it as popular and attention-grabbing as you wish? Enhancing your blog with an eye-catching design will surely work for better attraction of the new customers. However, this will work when a person has already landed on your page. But how can you make them actually find you on the web and how to keep their attention grabbed with your data? This is when a proper SEO optimization of your online resource comes into play.
Picture this: You’re working away on your WordPress site and then bam! You see this puzzling and face contorting error:
I think you will agree when I say that the mention of cache doesn’t elicit the best of feelings unless, of course, you’re one of those tech-savvy cool kids. Nah, still it doesn’t elicit the best of feelings.
CodeCanyon is the leading marketplace for selling premium WordPress plugins owned by a digital marketplaces conglomerate – Envato. The marketplace grossed over $70,000,000 since 2009, processed 2.3 million sales of WordPress plugins, and has a growing community of 7.8 million members.
Not a good way to be spending your time hours before the clocks chimed in the New Year.
So you’ve designed a new WordPress website and it’s ready to go live. Congratulations!
Whoiswp.com is the ultimate online detecting tool that will help you find out what WordPress theme a site is using. Get ready to unleash your inner web designer and start creating the website of your dreams just by using this amazing platform and our free theme detector.
As you might have noticed, there are some plugins that when you upgrade to the paid version, you are required to keep the free version installed as well. The reasoning or methods behind this are not something I don’t care to understand.
When a friend of mine asked for suggestions on what he should use to create a new site, I suggested WordPress. It is well supported, has an amazing community, and a ton of free themes and plugins to choose from. After getting WordPress installed on a new webhosting account, I left him be to see what issues he would run into and how he would configure the site.