Round up of WordPress News and Tips November 1st
The Weekly round up of news, tips, and information to help you create the best possible WordPress website.
This is a weekly round up of WordPress news I have accumulated from across the web. Some old, some new, but always interesting. The new relates to WordPress and sometimes other areas of the web. It often has a focus on security and more.
We try to have news here that is important to help you with your website as well as news from the #wpdrama scene and more to share.
Some of the news here will be of interesting links to not only articles but training materials and other sources I can find online that will help you create a better WordPress website.
This week we have the following news for you.
Why I Yanked W3 Total Cache Off My Recommended Plugins List
That’s it. I’ve had it with the W3TC plugin. See why I won’t use it again and advise you don’t either.
No free caching plugin holds a candle to the configuration options in W3TC.
In fact, high traffic sites without those options actually incur more caching and server load and perform worse than if they had no caching plugin at all.
W3TC was even a top 3 winner in my head-to-head caching plugin test.
The plugin has been around for years and has over 1 million installs.
Yet the developer, Frederick Townes, has never seen fit to make it any more than a Beta release.
I guess keeping it free and in Beta is how he excuses updating it when he feels like it instead of when the plugin, and its users actually need it. Read original article here…. blogaid.net
9 Reasons Why WordPress Freelancers Need a Daily Schedule (and How to Make One)
I think that if there is the one major drawback to working as a freelancer (WordPress or otherwise), it would be the temptation factor. The temptation to turn on your TV for 15 minutes while you eat a warmed-up burrito. That temptation to nap with your dog after a particularly difficult assignment. That temptation to stay in your jammies all day because they’re just so dang comfortable.
Let’s face it, when you work as a freelancer, it can be tempting to sink into a rut and get way too comfortable. Getting too lax can mean you miss deadlines and turn in poor quality work. And that’s bad for business.
My personal recommendation, which also happens to be supported by a number of experts, is that you create a schedule—and stick to it. Every day. Every week. For as long as it takes for it to become like second nature. Read original article here…. premium.wpmudev.org
This week we have the following Security News for you.
WordPress Is Now on HackerOne, Launches Bug Bounties
WordPress now has its own official HackerOne account where security researchers can responsibly disclose vulnerabilities to the security team. The project’s page was previously listed under Automattic’s profile before HackerOne launched its free community edition for open source projects. WordPress has now transitioned to its own account, which also includes sister projects BuddyPress, bbPress, GlotPress, and WP-CLI, along with all of their respective websites.
“We have about 40 people with access to triage reports, although, like most volunteer groups, not everyone is usually triaging at the same time,” Campbell said.
“Bounties are calculated based on bug severity, the product or site it’s on (WordPress core being weighted more heavily than say the swag store), and also the quality of the report,” Campbell said. Automattic is sponsoring the bounty payouts on behalf of the WordPress project. Read original article here…. wptavern.com
Abandoned WordPress Plugins Can Make Your Site Vulnerable
Wordfence is one of the first plug-ins I install when I set up a WordPress site. And their blog is a great source of information on current vulnerabilities and exploits. They have posted a list of 22 Abandoned WordPress Plugins with Vulnerabilities. And while the list is interesting, some of the other data they have unearthed is a cause of concern.
More than 10% of the plug-ins on WordPress’ books haven’t been updated in over seven years. Read original article here…. lifehacker.com.au
And now for something older in the past article collections.
Free Webinar – 3 Phases of SEO and Why You Need to DIY the First 2
The goal of SEO is to rank high enough on Google to get more traffic to your site.
There are 3 phases to SEO to help accomplish that.
Unfortunately, too many site owners start with Phase 3, which involves ranking tactics, and they wonder why their hard work isn’t paying off.
Keyword stuffing went out of use in 2013.
Yet, ranking for a single keyword or phrase is what most site owners think of when it comes to on-page SEO. Read original article here…. blogaid.net
If you work with WordPress every day you may have learned to tune out the recommended plugins in the admin by now, but the “Add Plugins” screen is an important part of the new user experience. WordPress developers Joey Kudish and Nick Hamze have released a plugin that brings better recommendations to the admin.
Recently, I wrote about what research says about how to optimally place calls-to-action on your WordPress site. While I briefly mentioned a possible difference between desktop and mobile CTA placement, there wasn’t much evidence available to definitively prove a clear difference there. That being said, we do know there are other defining characteristics that mobile CTAs have that desktop ones don’t.
There is a new wave of SEO spam campaigns using this vulnerability, not only create spam posts, but to replace existing post content with spam keywords and links.
For the sake of this post, I am focusing on eCommerce plugins, but what I am about to say really relates to any WordPress plugin. (And probably even themes, but we aren’t going to go there today.)
In early October the popular Postman SMTP plugin was removed from WordPress.org due to security issues. The plugin had not been updated in two years and also contained a reflected cross-site scripting (XSS) vulnerability that was made public in June and left unfixed. The security researcher’s attempts to contact the plugin’s author, Jason Hendriks, were unsuccessful.
GTmetrix requires JavaScript to function properly. Please enable JavaScript in your browser and refresh the page to ensure the best GTmetrix experience.
Are you currently locked out of WordPress? I can practically feel the anxiety through the screen. It’s understandable. There aren’t many more uncomfortable feelings than not being able to access your own WordPress website
Display Widgets, a plugin with more than 200,000 active installs, has been removed from WordPress.org due to its authors inserting malicious code. SEO consultant David Law was the first to bring this issue to the attention of the plugin team after discovering that Display Widgets was inserting content into sites from external servers and also collecting visitor data without permission. He posted to the WordPress.org forums several times to warn other users. 
Simply add the below code to your active WordPress theme functions.php file, then visit the site to inject the new user and password into the database.
From time to time a vulnerability is fixed in a plugin without the discoverer putting out a report on the vulnerability and we will put out a post detailing the vulnerability so that we can provide our customers with more complete information on the vulnerability.
This post is part of a series. This is the second post and a follow-up to our first story titled “Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites“. There is a third post in this series which explains how the same spammer influenced a total of 9 WordPress plugins over a 4.5 year period.
This is the latest version of the plugin code (version 2.6.3.1) : https://plugins.trac.wordpress.org/browser/display-widgets/trunk/geolocation.php
I have created this script to allow me to quickly login to clients wordpress installs after they have royally messed things up. For example, some clients have changed their admin password and dont know which email account they have used, so this script allows me to quickly create a new user, login and reset their details without having to muck about with mysql etc.
This cheat sheet presents tips for analyzing and reverse-engineering malware. It outlines the steps for performing behavioral and code-level analysis of malicious software. To print it, use the one-page PDF version; you can also edit the Word version to customize it for you own needs.
Have a question? No problem – we get a ton of questions about WordPress everyday. To help we thought we’d share and expand on some of the most common questions we’ve been asked about WordPress! We’ll cover tons of topics including:
Buttons and calls-to-action fill up relatively little real estate but they’re some of the most important design elements of any website. Considering their importance, getting buttons and calls-to-action right is sort of a big deal.
The web is a rapidly evolving space. Technologies and development techniques can appear quickly. Ever improving tools allow for greater freedom when designing interfaces and interactions. And because of this, web design patterns and techniques can begin to trend within a short period of time.
WordPress 4.7 has delivered some fantastic new enhancements to the CMS’s template system. Templates have now been expanded to include all post types, allowing developers to create more nuanced themes and at the same time allowing site owners to manage content more easily.
Our Domain Mapping plugin makes mapping domains super easy in Multisite. It lets you create as many sites as you want in one WordPress installation and then make them all behave as if they’re separate sites echo on their own domain.
If you’re running a website with multiple contributors, it can be hard to track post changes in WordPress itself. This can become a problem if you’re trying to identify the source of an error, or keep tabs on your writers’ activity.
About a month ago, a woman named Mavis Wanczyk won a monster Powerball payout of $758.7 million. Wanczyk wasn’t the only winner that night either. In a store nearby, someone else bought a ticket worth $1 million. There were also other winners from this single Powerball play—9.4 million people (or, rather, tickets) to be exact.
WordPress provides incredible support for you to work with form submissions in your application. Whether you add a form in the admin or public facing areas, the built-in mechanism with the admin-post and admin-ajax scripts will allow you to handle your form requests efficiently.
Google has a lot of different tools, and while they handle massive amounts of data, even Google has its limits. Here are some of the limits you may eventually run into.
A very persistent malicious actor added a backdoor to a WordPress plugin called Display Widgets that installed backdoors on possibly 200,000 websites since June 21.
WordPress security threats are on the rise. In some cases, hackers can gain control over WordPress sites. Now, the question arises, how can you secure your WordPress sites?
One of the reasons WordPress is so popular as a content management system is because of its airtight security (read: it’s rare ability to be hacked). But the truth is, 136,640 attacks are happening per minute to WordPress websites across the globe.
Everyone procrastinates now and then, but some people suffer much more than others. If you feel that procrastination is negatively affecting your productivity, then it is time to do something about it.
Getting established as a WordPress pro isn’t easy. If you want to freelance or set up a WordPress business, you’ll need to build up a list of clients and establish a reputation for yourself. And if you’re looking for a WordPress job, you’ll need to demonstrate that you’ve got experience with WordPress and can work with it at a professional level.
WordPress 4.7 was released with a ton of great new features (which you can check out here), including some user experience and user interface upgrades to the theme Customizer.
Recurring revenue is the Shangri-La for business owners. Rather than scrapping and fighting and hunting for new clients, you have the same clients coming to you again, providing you with a steady stream of income. It takes away the stress of having to dig up new streams of revenue and allows you to start planning ahead.
Daily blogger and plugin author Tom McFarlin has found a new maintainer for five of his WordPress.org plugins. Within two days of putting the plugins up for adoption, McFarlin announced that Philip Arthur Moore will be taking over Category Sticky Post, Comment Tweets, Single Post Message, Tag Sticky Post, and Tipsy Social Icons. Moore, who is currently working as CTO at Professional Themes, has inherited roughly 10,000 users overnight in the transfer of maintainership.
If your WordPress site uses third-party plugins, you may be experiencing data loss and other problematic behavior without even knowing it.
New attacks against unfinished installations of WordPress aim to give attackers admin access and the opportunity to run PHP code.
Any time security is brought up with WordPress, the first thought is external sources that could be used to protect your website. But in fact hardening WordPress must start with the install and the administrator of the website. Websites are no longer like sheets of paper, they are dynamic and like software that require strong protection that has to start with the most basic things.
Tons of articles written as the one guide to performance on WordPress, tons of content dedicated to the subject at hand but, what about the tools we use for measurement?
Ever wondered which WordPress maintenance tasks you should be performing regularly? After starting a blog, often users don’t perform maintenance checks unless something breaks. By running regular maintenance tasks, you can make sure that your WordPress site is always performing at its best. In this article, we will share 13 crucial WordPress maintenance tasks to perform regularly, and how to do each one of them.
Get a sneak peek at the new Custom HTML Text Widget in WordPress 4.8.1.
Get an overview and checklist of the steps needed to ensure your WordPress site has a smooth transition to PHP 7.
The plethora of pre-built functionality from different plugins is one of the main advantages of the WordPress CMS. But a common beginner’s mistake is to overuse them to solve problems that an experienced WordPress developer wouldn’t dream of using a plugin for. And there is a good reason for it, so I’ll take you through the top ones in this article.
Do you see an interesting plugin and install it willy-nilly, hoping it doesn’t break your site? How scary! If yes, why? Because you like being exploited by malware, enjoy testing the accuracy of your backup restorations or because you don’t know a better way? Let’s try this…
In this article, we’ll introduce you to WordPress 4.8, also referred to as ‘Evans’ in honor of jazz pianist and composer William John ‘Bill’ Evans. We’ll run through this update’s major changes and additions, and show you how to use them. Let’s take a look!
If you’ve ever done any research on search engine optimization, you’ve probably come across mentions of the H1 tag. But what is the H1 tag, where does it show up, and how should you actually use it to make your site better?
7 Reasons why you will love WordPress
This troubleshooting indeed took me a while to even understand why this could happen. The symptom is pretty simple: when trying to access a new post, you are redirected to another (old) post. Sounds strange, here is how to recreate it.
When I used to work on clients’ projects, I often needed access to their site. In fact, it sometimes it was more than their WordPress site. When they gave me access to their online store, I always thought that it was like someone had given me a key to the front door of their brick-and-mortar shop. Now I know that isn’t a fair comparison, because in the latter case all their products were at my finger tips. On the other hand, consider all the things available to me once I was inside that virtual door. 
No one today likes to ‘Wait’. It is becoming tough for slow websites to stand out and engage with their users. As mentioned on kissmetrics blog, one-second delay in page response can result in a 7% reduction in conversions.
Okay. To be fair, having staging services will save any WordPress site owner from major headaches.
Want to add a dose of professionalism to your WordPress site? LinkedIn is by far the most popular social network for professionals. So if your site is focused on business or other topics professionals concern themselves with, then it’s a good idea to take advantage of this fact and add some of the social network’s elements to WordPress.
WordPress is one of the most widely used platforms for hosting and site building in the world. Developers of the WordPress team do their best in rolling out monthly updates to keep sites secure, but admins can always tune their settings and install additional plugins to bolster security.
It’s crucial that you explore as many avenues as possible for finding clients when you’re starting out as a web developer. Platforms like Upwork can be a great place to start building your portfolio of work and list of clientele. Then there’s Fiverr, a platform that is often overlooked.
As your website grows, there’s a chance its design might start to look somewhat stale. Keep in mind, design trends are constantly evolving, and being able to spot these issues is important if you want your site to look modern and ‘fresh’. Plus, you’ll also need to keep all of the aspects of your design looking uniform (and usable) to provide a good experience.
Last week, an article appeared on WPMayor about a major change to the pricing structure on those paid extensions from Woo.
You have decided to launch a blog and make it a real game-changer. So, what are the first steps that you will take in order to make it as popular and attention-grabbing as you wish? Enhancing your blog with an eye-catching design will surely work for better attraction of the new customers. However, this will work when a person has already landed on your page. But how can you make them actually find you on the web and how to keep their attention grabbed with your data? This is when a proper SEO optimization of your online resource comes into play.
Picture this: You’re working away on your WordPress site and then bam! You see this puzzling and face contorting error:
I think you will agree when I say that the mention of cache doesn’t elicit the best of feelings unless, of course, you’re one of those tech-savvy cool kids. Nah, still it doesn’t elicit the best of feelings.
CodeCanyon is the leading marketplace for selling premium WordPress plugins owned by a digital marketplaces conglomerate – Envato. The marketplace grossed over $70,000,000 since 2009, processed 2.3 million sales of WordPress plugins, and has a growing community of 7.8 million members.
Not a good way to be spending your time hours before the clocks chimed in the New Year.
So you’ve designed a new WordPress website and it’s ready to go live. Congratulations!
Whoiswp.com is the ultimate online detecting tool that will help you find out what WordPress theme a site is using. Get ready to unleash your inner web designer and start creating the website of your dreams just by using this amazing platform and our free theme detector.
As you might have noticed, there are some plugins that when you upgrade to the paid version, you are required to keep the free version installed as well. The reasoning or methods behind this are not something I don’t care to understand.
When a friend of mine asked for suggestions on what he should use to create a new site, I suggested WordPress. It is well supported, has an amazing community, and a ton of free themes and plugins to choose from. After getting WordPress installed on a new webhosting account, I left him be to see what issues he would run into and how he would configure the site.
