All posts by jwork

WordPress core committer Jonny Harris merged a patch into WordPress core for a 12-year-old ticket that he says has the potential to bring “a massive effect on performance for custom pages.” The change, which will be included in the upcoming 6.0 release, stops unnecessary queries when developers are using the do_parse_request filter, thanks to a refreshed patch from contributor Paul Bearne.

Harris summarized the problem and how the change improves performance in the commit message:

Developers of plugins and themes can use the do_parse_request filter to hot-wire requests and hook in early to render custom pages. However, even through these request may not need post queries and 404 lookups to be run, they run anyway. This can results in unnecessary SQL queries running on these requests. By adding a return value to the parse_request method of the WP class, these queries can now be skipped.

WordPress core contributor Konstantin Kovshenin detailed the need for this change in a Twitter thread he published in 2021, when soliciting help for the ticket:

I don’t usually tweet about #SEO, but this is important. Is a static robots.txt file good for WordPress performance? Let’s find out!

To display the default robots.txt, a fresh WordPress install will: 🧵

— Konstantin Kovshenin (@kovshenin) December 3, 2021

Harris performed a quick review of plugins that use the filter and said he does not anticipate breakages. The search found 133 plugins using the filter. Some of the most popular ones include Google’s Site Kit plugin (1M+ installs), The Events Calendar (800K installs), and AMP (500K installs). Harris suggested the change requires a dev note, as it may have unanticipated side effects. The dev note is likely to be published closer to the time of release. WordPress 6.0 is currently scheduled for release on May 24, 2022.

SEOPress is the latest plugin for WordPress websites to support the IndexNow protocol, which automatically pings search engines when content is added or updated.

With IndexNow being adopted by a growing number of search engines, including Bing, support among SEO tool companies is ramping up as well.

In an announcement, the SEOPress team states:

“By integrating the possibilities offered by the API, SEOPress allows more than 200,000 sites to be indexed more quickly and efficiently, all without any technical knowledge necessary and automatically!

As soon as content from a WordPress site is published, edited, or deleted, participating search engines are alerted via the IndexNow protocol to keep them informed of the changes. By proactively pushing updates as they are made, the traditional logic of indexing is reversed: the content owner initiates changes to the search engine index and not the other way around.”

SEOPress + IndexNow Integration

IndexNow capabilities are offered for free in the latest version of the SEOPress WordPress plugin.

To activate it, navigate to the WordPress admin panel, then click on the SEO menu option, then look for Instant Indexing.

Activate IndexNow from the Settings panel by clicking the blue toggle. Make sure the “Automatically notify search engines” option is checked from the Settings tab.

From there, SEOPress will automatically ping IndexNow with content changes.

---

Source: Bing

Featured Image: FGC/Shutterstock

WordPress announced a security update to fix two vulnerabilities that could provide an attacker with the opportunity to stage a full site takeover. Among the two vulnerabilities, the most serious one involves a stored cross site scripting (Stored XSS) vulnerability.

WordPress Stored Cross Site Scripting (XSS) Vulnerability

The WordPress XSS vulnerability was discovered by the WordPress security team within the core WordPress files.

A stored XSS vulnerability is one in which an attacker is able to upload a script directly to the WordPress website.

The locations of these kinds of vulnerabilities are generally anywhere that the WordPress site allows input, like submitting a post or a contact form.

Typically these input forms are protected with what is called Sanitization. Sanitization is simply a process for making the input only accept certain kinds of input, like text, and to reject (filter out) other kinds of input like a JavaScript file.

According to Wordfence, the affected WordPress files did perform sanitization in order to prohibit the upload of malicious files.

But the order in which the sanitization happened set up a situation where the sanitization could be bypassed.

Wordfence offered this insight into the patch that fixes this vulnerability:

“The patched version runs wp_filter_global_styles_post before wp_filter_post_kses so that any potential bypasses have already been processed and wp_kses can effectively sanitize them.”

The reason an attacker can upload a script is often because of a bug in how a file was coded.

When a website user with administrator privileges visits the exploited website, the uploaded malicious JavaScript file executes and can with that user’s administrator level access do things like take over the site, create a new administrator-level account and install backdoors.

A backdoor is a file/code that allows a hacker to access the backend of a WordPress site at will with complete access.

Prototype Pollution Vulnerability

The second issue discovered in WordPress is called a Prototype Pollution Vulnerability. This kind of vulnerability is a flaw in the JavaScript (or a JavaScript library) against the website.

This second issue is actually two problems that are both Prototype Pollution Vulnerabilities.

One is a Prototype Pollution Vulnerability discovered in the Gutenberg wordpress/url package.  This is a module within WordPress that allows a WordPress website to manipulate URLs.

For example, this Gutenberg wordpress/url package provides various functionalities for query strings and performs clean up on the URL slug to do things like convert uppercase letters to lowercase.

The second one is a Prototype Pollution vulnerability in jQuery. This vulnerability is fixed in jQuery 2.2.3.

Wordfence states that they are not aware of any exploits of this vulnerability and states that the complexity of exploiting this specific vulnerability makes it unlikely to be an issue.

The Wordfence vulnerability analysis concluded:

“An attacker successfully able to execute JavaScript in a victim’s browser could potentially take over a site, but the complexity of a practical attack is high and would likely require a separate vulnerable component to be installed. “

How Bad is the WordPress Stored XSS Vulnerability?

This particular vulnerability requires a user with contributor level access in order to have the necessary permission level to upload a malicious script.

So there is an extra step needed in the form of first having to acquire a contributor level login credential in order to proceed to the next step of exploiting the stored XSS vulnerability.

While the extra step could make the vulnerability harder to exploit, all that stands between relative safety and a full site takeover is the strength and complexity of contributor passwords.

Update to WordPress 5.9.2

The latest version of WordPress, 5.9.2, fixes two security related issues and addresses and patches one bug that could result in an error message for sites using the Twenty Twenty Two theme.

A WordPress tracking ticket explains the bug like this:

“Having an older default theme activated and then clicking to preview Twenty Twenty Two gave me an error screen with a grey background with a white notification box saying “The theme you are currently using is not compatible with Full Site Editing.””

The official WordPress announcement recommends that all publishers update their installation to WordPress version 5.9.2.

Some sites may have automatic updates enabled and the sites are currently protected.

But that’s not the case for all sites because many sites require someone with an administrator level access to approve the update and set it in motion.

So it may be prudent to log in to your website and check to confirm if it is currently using version 5.9.2.

If the website is not using version 5.9.2, then the next steps to consider are backing up the website itself and then updating to the latest versions.

That said, some will add an additional layer of safety by first updating a copy of the site on a staging server and reviewing the updated test version to make sure there are no conflicts with currently installed plugins and themes.

Typically, after an important update to WordPress, plugins and themes may publish updates in order to fix issues.

Nevertheless, WordPress recommends updating as soon as possible.

Citations

Read the Official WordPress.org Announcement

WordPress 5.9.2 Security and Maintenance Release

Read the Wordfence Explanation of the Vulnerabilities

WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities

Official WordPress 5.9.2 Version Summary

WordPress Version 5.9.2

Examine the WordPress Bug Fix Documentation

Live Preview Button showing issue

Learn More About the WordPress Gutenberg URL Package

Gutenberg wordpress/url package

Plugins for WordPress, or more specifically – free WordPress plugins, are a real primordial soup of flaws and vulnerabilities, many of which allow threat actors to completely take over the target website, and many of which – never get patched.

This is the grim conclusion in a report from Patchstack, a company that provides threat intelligence and security tools for the popular website builder platform.

WordPress announced the release of a plugin called the Performance Lab plugin. It was developed by the WordPress performance team that is designed to help WordPress sites speed up. The plugin gives publishers the opportunity to use new improvements now before they are included into the core of WordPress itself.

The WordPress performance team, consisting of WordPress core developers, developed the plugin in order to receive feedback on new features developed for inclusion into a future version of the WordPress core.

WordPress Performance Team

The WordPress Performance Team was created in November 2021 with the purpose of coordinating performance improvements within the WordPress core. The team is made up of WordPress developers, with some of the team members developers from Google and Yoast.

From their initial meetings they drew up a list of performance projects to work on and this plugin, called the Performance Lab Plugin, is one of the results from the performance team.

Performance Lab Plugin

The Performance Lab plugin provides access to improvements to WordPress that are designed to help publishers speed up their websites and also to diagnose issues that may be slowing their websites down.

The plugin itself is designed in a modular fashion so that publishers can pick and choose which improvements they want to use.

The new features in the plugin are intended to eventually make it into a future release of WordPress.

WordPress hopes that by releasing these new features early through a plugin that they can receive feedback on any potential issues.

New features are normally released as separate plugins.

WordPress decided to group all the new performance features into one plugin which will allow publishers to pick and choose which new features to enable from one central location, within a single plugin.

Performance Lab Plugin Modules

The new Performance Lab plugin has four modules.

The four plugin modules are:

• WebP Uploads
  Converts newly uploaded JPEG files to the faster WebP format. The functionality is dependent on server support for WebP.
• WebP Support
  This is a site health module that checks to see if the server supports WebP and shows a warning if WebP is not supported.
• Persistent Object Cache Health Check
  A site health check module that may suggest the use of object caching. Object caching is a way to speed up the amount of time it takes for the site to respond, helps reduce the database load and speeds up the website for site visitors.
• Audit Enqueued Assets (experimental)
  Provides an audit of CSS and JavaScript files enqueued on the home page. This helps to identify unnecessary CSS and JavaScrip files that might slow down a website.

Enqueued Assets Module is Experimental?

The Audit Enqueued Assets module is labeled as experimental. The developers chose to label it as experimental because the module itself will be improved.

The developers discussed this, with one developer noting on a discussion in the official Github page:

“To clarify, it’s not that there is a problem with the module, it’s more about that it doesn’t feel as polished yet, hence marking as “experimental” for this first release – as it sees more refinement over time, we could then mark it as non-experimental.”

He later followed up with this reason why it’s labeled as experimental:

“Indeed this wouldn’t break anyone’s site, but IMO the main point for marking this as experimental is that it’s still in an earlier stage of development compared to the other modules.

…e.g. we haven’t fully defined what the thresholds should be, and the approach to gathering the assets is known to be not yet reliable for certain environments.”

An example of the kind of improvement needed for this one module is to make it more useful by identifying which plugins or themes are bloating the website with unnecessary CSS and JavaScript files.

Should You Download the Plugin?

The plugin download page states that the plugin has been tested and should be okay to be used on a live production site.

While at least three of modules are not labeled experimental and all of them are considered stable and probably won’t break a site, the main purpose of the plugin is to provide publishers with the opportunity to provide feedback about the modules before they are integrated directly into the WordPress core.

In terms of stability, the official plugin page notes:

“…unless a module is explicitly marked as “experimental”, it has been tested and established to a degree where it should be okay to use in production.”

In terms of guarantees, it also says:

“Still, as with every plugin, you are doing so at your own risk.”

A best practice for WordPress websites is to add new plugins on a staging site first and test it there first before updating the main website.

Another best practice is to save a backup of the website before installing the plugin. The backup will make it easy to roll back the website to its original version should the plugin conflict unexpectedly with another plugin or theme.

The plugin delivers clear benefits that may help speed up your website. But it’s provided by the WordPress Performance Team as a way to receive feedback on brand new improvements that will eventually make it into the WordPress core.

WordPress provides a Performance Lab plugin support forum and a GitHub repository where feedback can be given to WordPress.

Citations

Read the Official WordPress Announcement

The Performance Lab plugin has been released

Visit the Performance Lab Plugin Download Page

Performance Lab

Visit the Official Performance Lab GitHub page

Performance Lab 1.0.0-beta.1

Microsoft Bing announced that the popular WordPress SEO plugin Rank Math is integrating the IndexNow instant indexing protocol.  A publisher doesn’t even need to have an API key or a Bing Webmaster Tools account to enjoy the advantages of instant indexing. Getting started with IndexNow by using Rank Math SEO plugin is easy, especially with these step by step instructions.

Rank Math WordPress SEO Plugin

Rank Math is a popular SEO plugin that has over one million active installations. It is popular because it is easy to use and also because the plugin offers a generous selection of features absolutely free, including local SEO structured data and local search SEO optimizations, something that other SEO plugins charge extra for.

Rank Math User Interface

What makes Rank Math easy to use is that all of the features are organized in the form of a user interface (UI) that uses modules that can be toggled on or off, depending on your needs.

If you don’t require the local SEO optimization feature, then leave that module turned off.

If you want Rank Math to generate site maps for your website, then turn that module on.

Turning a module on (in order to access a feature) activates a “settings” button that when click takes you to another screen where the settings can be configured.

Screenshot of Rank Math Modules UI

IndexNow Integration into Rank Math

The module user interface (UI) method for using IndexNow makes it easy to set up. You only need to turn the feature on then click on the settings button to proceed to the final step to finalize getting IndexNow working for your website.

It’s a great user interface that simplifies something that is ordinarily very difficult.

Convenience of the IndexNow Module

The IndexNow feature is introduced as a new module that only needs to be turned on and then configured with a few easy choices.

Ordinarily, in order to participate in the IndexNow instant indexing program, a publisher would have to sign up on the Bing Webmaster Tools website to get an account and then obtain an API.

That’s no longer the case if  you use the Rank Math SEO plugin.

Activating the IndexNow module within Rank Math is all you have to do. Rank Math handles obtaining an IndexNow API key without needing to fuss with a Bing Webmaster Tools account.

How to Set Up IndexNow Using Rank Math

Step 1: Navigate to the Rank Math Dashboard

To get started, first select Rank Math from the left hand WordPress menu then select Dashboard: Rank Math > Dashboard.

Screenshot of Rank Math WordPress Menu

Step 2: Select the IndexNow Module

The next screen shows you all of the available modules:

 

After selecting the IndexNow Module you will see the off/on toggle switch turn blue and a “Settings” button appear in  the bottom left of the module.

Screenshot of IndexNow Module

Step 3: Configure the IndexNow Settings

After you click the settings button, another page will open and this will be the last page you have to deal with.

Configuration of the IndexNow module is easy. But the interface is not as clear as it could be, which is surprising considering how easy the rest of Rank Match is to configure.

In order to access the hidden IndexNow settings you have to click the little “gear” icon that is labeled “settings” which is located on the left side.

Screenshot of Settings Button

Once you have clicked the Settings button, you can now begin selecting which kinds of content you want to alert Bing to crawl and index.

The choices are:

• Posts
• Media
• Pages
• Plus an option to select MailPoet Pages (if you have MailPoet installed)

For most publishers, all you’ll have to select is posts, media and pages.  That’s pretty much it.

Screenshot of Rank Math IndexNow Settings

What Happens Next

After selecting which pages to have Bing index, the Rank Math IndexNow module will take care of the API key and you are done.

From now on the IndexNow protocol will notify Bing any time a post or page is published,  whenever a post or page is updated and any time a post or page is deleted.

If you have opted to have your media indexed then that content will also be a part of the notification.

IndexNow Instant Indexing

IndexNow is only used by Bing and Yandex at this time. Many SaaS site builders and content delivery networks like Cloudflare and Akamai support the new IndexNow indexing protocol.

The protocol not only speeds up the indexing of content that’s new or updated, it also helps to reduce bot traffic on your site, freeing up resources for site visitors.

On the search engine side it will reduce data center resources, which is another opportunity to reduce the data center carbon footprint, which is good for the environment.

The Rank Math implementation couldn’t possibly be any easier and frictionless.

Rank Math was already a great choice for an SEO plugin.

The addition of the IndexNow module makes Rank Math even more useful and attractive, especially because Yoast still refuses to provide IndexNow as an option.

Citation

Read the Official Announcement on the Bing Blog

Rank Math Supports IndexNow for WordPress Sites

For the most part, bots and spiders are relatively harmless.

You want Google’s bot, for example, to crawl and index your website.

However, bots and spiders can sometimes be a problem and provide unwanted traffic.

This kind of unwanted traffic can result in:

• Obfuscation of where the traffic is coming from.
• Confusing and hard to understand reports.
• Misattribution in Google Analytics.
• Increased bandwidth costs that you pay for.
• Other nuisances.

There are good bots and bad bots.

Good bots run in the background, seldom attacking another user or website.

Bad bots break the security behind a website or are used as a wide, large-scale botnet to deliver DDOS attacks against a large organization (something that a single machine cannot take down).

Here’s what you should know about bots and how to prevent the bad ones from crawling your site.

What Is A Bot?

Looking at exactly what a bot is can help identify why we need to block it and keep it from crawling our site.

A bot, short for “robot,” is a software application designed to repeat a specific task repeatedly.

For many SEO professionals, utilizing bots goes along with scaling an SEO campaign.

“Scaling” means you automate as much work as possible to get better results faster.

Common Misconceptions About Bots

You may have run into the misconception that all bots are evil and must be banned unequivocally from your site.

But this could not be further from the truth.

Google is a bot.

If you block Google, can you guess what will happen to your search engine rankings?

Some bots can be malicious, designed to create fake content or posing as legit websites to steal your data.

However, bots are not always malicious scripts run by bad actors.

Some can be great tools that help make work easier for SEO professionals, such as automating common repetitive tasks or scraping useful information from search engines.

Some common bots SEO professionals use are Semrush and Ahrefs.

These bots scrape useful data from the search engines, help SEO pros automate and complete tasks, and can help make your job easier when it comes to SEO tasks.

Why Would You Need to Block Bots From Crawling Your Site?

While there are many good bots, there are also bad bots.

Bad bots can help steal your private data or take down an otherwise operating website.

We want to block any bad bots we can uncover.

It’s not easy to discover every bot that may crawl your site but with a little bit of digging, you can find malicious ones that you don’t want to visit your site anymore.

So why would you need to block bots from crawling your website?

Some common reasons why you may want to block bots from crawling your site could include:

Protecting Your Valuable Data

Perhaps you found that a plugin is attracting a number of malicious bots who want to steal your valuable consumer data.

Or, you found that a bot took advantage of a security vulnerability to add bad links all over your site.

Or, someone keeps trying to spam your contact form with a bot.

This is where you need to take certain steps to protect your valuable data from getting compromised by a bot.

Bandwidth Overages

If you get an influx of bot traffic, chances are your bandwidth will skyrocket as well, leading to unforeseen overages and charges you would rather not have.

You absolutely want to block the offending bots from crawling your site in these cases.

You don’t want a situation where you’re paying thousands of dollars for bandwidth you don’t deserve to be charged for.

What’s bandwidth?

Bandwidth is the transfer of data from your server to the client-side (web browser).

Every time data is sent over a connection attempt you use bandwidth.

When bots access your site and you waste bandwidth, you could incur overage charges from exceeding your monthly allotted bandwidth.

You should have been given at least some detailed information from your host when you signed up for your hosting package.

Limiting Bad Behavior

If a malicious bot somehow started targeting your site, it would be appropriate to take steps to control this.

For example, you would want to ensure that this bot would not be able to access your contact forms. You want to make sure the bot can’t access your site.

Do this before the bot can compromise your most critical files.

By ensuring your site is properly locked down and secure, it is possible to block these bots so they don’t cause too much damage.

How To Block Bots From Your Site Effectively

You can use two methods to block bots from your site effectively.

The first is through robots.txt.

This is a file that sits at the root of your web server. Usually, you may not have one by default, and you would have to create one.

These are a few highly useful robots.txt codes that you can use to block most spiders and bots from your site:

Disallow Googlebot From Your Server

If, for some reason, you want to stop Googlebot from crawling your server at all, the following code is the code you would use:

User-agent: Googlebot
Disallow: /

You only want to use this code to keep your site from being indexed at all.

Don’t use this on a whim!

Have a specific reason for making sure you don’t want bots crawling your site at all.

For example, a common issue is wanting to keep your staging site out of the index.

You don’t want Google crawling the staging site and your real site because you are doubling up on your content and creating duplicate content issues as a result.

Disallowing All Bots From Your Server

If you want to keep all bots from crawling your site at all, the following code is the one you will want to use:

User-agent: *
Disallow: /

This is the code to disallow all bots. Remember our staging site example from above?

Perhaps you want to exclude the staging site from all bots before fully deploying your site to all of them.

Or perhaps you want to keep your site private for a time before launching it to the world.

Either way, this will keep your site hidden from prying eyes.

Keeping Bots From Crawling a Specific Folder

If for some reason, you want to keep bots from crawling a specific folder that you want to designate, you can do that too.

The following is the code you would use:

User-agent: *
Disallow: /folder-name/

There are many reasons someone would want to exclude bots from a folder. Perhaps you want to ensure that certain content on your site isn’t indexed.

Or maybe that particular folder will cause certain types of duplicate content issues, and you want to exclude it from crawling entirely.

Either way, this will help you do that.

Common Mistakes With Robots.txt

There are several mistakes that SEO professionals make with robots.txt. The top common mistakes include:

• Using both disallow in robots.txt and noindex.
• Using the forward slash / (all folders down from root), when you really mean a specific URL.
• Not including the correct path.
• Not testing your robots.txt file.
• Not knowing the correct name of the user-agent you want to block.

Using Both Disallow In Robots.txt And Noindex On The Page

Google’s John Mueller has stated you should not be using both disallow in robots.txt and noindex on the page itself.

If you do both, Google cannot crawl the page to see the noindex, so it could potentially still index the page anyway.

This is why you should only use one or the other, and not both.

Using The Forward Slash When You Really Mean A Specific URL

The forward slash after Disallow means “from this root folder on down, completely and entirely for eternity.”

Every page on your site will be blocked forever until you change it.

One of the most common issues I find in website audits is that someone accidentally added a forward slash to “Disallow:” and blocked Google from crawling their entire site.

Not Including The Correct Path

We understand. Sometimes coding robots.txt can be a tough job.

You couldn’t remember the exact correct path initially, so you went through the file and winging it.

The problem is that these similar paths all result in 404s because they are one character off.

This is why it’s important always to double-check the paths you use on specific URLs.

You don’t want to run the risk of adding a URL to robots.txt that isn’t going to work in robots.txt.

Not Knowing The Correct Name Of The User-Agent

If you want to block a particular user-agent but you don’t know the name of that user-agent, that’s a problem.

Rather than using the name you think you remember, do some research and figure out the exact name of the user-agent that you need.

If you are trying to block specific bots, then that name becomes extremely important in your efforts.

Why Else Would You Block Bots And Spiders?

There are other reasons SEO pros would want to block bots from crawling their site.

Perhaps they are deep into gray hat (or black hat) PBNs, and they want to hide their private blog network from prying eyes (especially their competitors).

They can do this by utilizing robots.txt to block common bots that SEO professionals use to assess their competition.

For example Semrush and Ahrefs.

If you wanted to block Ahrefs, this is the code to do so:

User-agent: AhrefsBot
Disallow: /

This will block AhrefsBot from crawling your entire site.

If you want to block Semrush, this is the code to do so.

There are also other instructions here.

There are a lot of lines of code to add, so be careful when adding these:

To block SemrushBot from crawling your site for different SEO and technical issues:

User-agent: SiteAuditBot
Disallow: /

To block SemrushBot from crawling your site for Backlink Audit tool:

User-agent: SemrushBot-BA
Disallow: /

To block SemrushBot from crawling your site for On Page SEO Checker tool and similar tools:

User-agent: SemrushBot-SI
Disallow: /

To block SemrushBot from checking URLs on your site for SWA tool:

User-agent: SemrushBot-SWA
Disallow: /

To block SemrushBot from crawling your site for Content Analyzer and Post Tracking tools:

User-agent: SemrushBot-CT
Disallow: /

To block SemrushBot from crawling your site for Brand Monitoring:

User-agent: SemrushBot-BM
Disallow: /

To block SplitSignalBot from crawling your site for SplitSignal tool:

User-agent: SplitSignalBot
Disallow: /

To block SemrushBot-COUB from crawling your site for Content Outline Builder tool:

User-agent: SemrushBot-COUB
Disallow: /

Using Your HTACCESS File To Block Bots

If you are on an APACHE web server, you can utilize your site’s htaccess file to block specific bots.

For example, here is how you would use code in htaccess to block ahrefsbot.

Please note: be careful with this code.

If you don’t know what you are doing, you could bring down your server.

We only provide this code here for example purposes.

Make sure you do your research and practice on your own before adding it to a production server.

Order Allow,Deny
Deny from 51.222.152.133
Deny from 54.36.148.1
Deny from 195.154.122
Allow from all

For this to work properly, make sure you block all the IP ranges listed in this article on the Ahrefs blog.

If you want a comprehensive introduction to .htaccess, look no further than this tutorial on Apache.org.

If you need help using your htaccess file to block specific types of bots, you can follow the tutorial here.

Blocking Bots and Spiders Can Require Some Work

But it’s well worth it in the end.

By making sure you block bots and spiders from crawling your site, you don’t fall into the same trap as others.

You can rest easy knowing your site is immune to certain automated processes.

When you can control these particular bots, it makes things that much better for you, the SEO professional.

If you have to, always make sure that block the required bots and spiders from crawling your site.

This will result in enhanced security, a better overall online reputation, and a much better site that will be there in the years to come.

More resources:

---

Featured Image: Roman Samborskyi/Shutterstock

Last summer, I was on a pattern-creating bender. In two months, I had designed just shy of 100 block patterns. Outside of work and necessary household duties, I spent every waking moment building things with the block editor for fun. I had complete creative freedom, no need to roll out a commercial product, and no one to please but myself.

As an artist, I was living the dream. There was no pressure to do anything other than create whatever came to mind. Of course, I crashed after a while. The real world always catches up, but I built some neat patterns over the summer.

There was about a three-day stretch in mid-June where I focused solely on patterns for food bloggers and recipe sites. I distinctly remember my sister, who stayed over for the week, asking why I was on the computer instead of watching the movie on TV.

I angled my laptop in her direction and said, “Look at this. I’m building a way for food bloggers to insert recipe cards in their posts. You know, like that card you see after scrolling through 2,000+ words of someone’s life story when you’re just trying to find a recipe? Pretty cool, right?”

That may not be an exact quote, but it is close enough — this is my story, so I will tell it like I remember.

I had one of those pivotal moments during this stretch of building food-blogger patterns. If I can do this now, eventually, designers will be able to create and bundle any layout with themes, and users can insert them at the click of a button, I thought.

I was already on board the block bandwagon at that point. However, there are always those moments where things seem to come together. The lightbulb clicks on. The stars align. Whatever you want to call it.

Unfortunately, only a few patterns from the Summer of ’21 have seen anything beyond a folder on some obscure GitHub repository. For today’s entry into the Building with Blocks series, I pulled one out to share. It also provided an opportunity to rebuild it from scratch with newer block design tools.

Building a Recipe Card

For this Building with Blocks tutorial, I will walk you through each step for creating a simple recipe card. I recommend activating the Twenty Twenty-Two theme for the same results. However, I intentionally only used black and white for the text, background, and border colors so that it transfers across as many themes as possible.

When finished, your recipe card should look similar to the following:

While I encourage trying out each step for yourself, feel free to copy the pattern HTML from Gist and paste it directly into the editor.

The final step of this walkthrough requires the Social Sharing Block plugin by Nick Diego. If you prefer to stick with the core WordPress blocks, you can omit the last section.

Step 1: Card Group

Let us kick this walkthrough off with something simple. There is no need to complicate matters this early.

Open a new post or page in your WordPress admin and add a Group block. In the block options panel on the right, look for the “Dimensions” section and set the “Block spacing” option to 0. This is necessary to get the card design we are after. Then, add a border of your choosing.

Note: you can add a background color for the entire card during this step. However, if you do, WordPress will add some default padding. So, you will also need to set the “Padding” option to 0.

Step 2: Card Image Header

This is the first moment where you can really make a decision about your card. The two most obvious choices for a recipe card image are the Image and Cover blocks. I chose an Image and placed it into the Group block from Step #1.

The veggie pizza image is by Jennifer Bourn and is available in the WordPress Photo directory.

If you decide to add a Cover block, you can add the recipe title and description from Step #4 inside of it.

Step 3: Card Content Group

Let us continue keeping things simple for now. We need to group the “contents” of the recipe card together. Again, add a new Group block.

The only change you need for this block is to add some space around it. In the block options panel in the sidebar, set the “Padding” option to 2rem or your preferred value.

Step 4: Card Title and Description

Inside the Group block from Step #3, insert a Heading block. Use this for the title of your dish. Then, insert a Paragraph immediately after for a description.

This is more of a free-form step, so go crazy with as much or as little detail as you want to add.

Step 5: Card Meta

Thus far, everything should have been relatively straightforward. The previous four steps did not do anything complicated with the layout. This about to change.

You need to create a four-column section showing cooking times and other recipe metadata for this step. The best solution in WordPress for this is the Row block. If you want, you can try it with Columns. Both experiences can feel a bit janky in small spaces.

Add a new Row block inside the Group block you have been working in. I selected the “Space between items” option for the “Justification” control. This makes sure that everything is evenly spaced, but the choice is yours.

Then, click the “+” icon in the Row and add a Paragraph block inside it. For my first Paragraph block, I added the text “Prep Time” first. Then, I hit Shift + Enter on my keyboard to create a line break and added “2 Hours.” For fun, I popped in an emoji.

The trick to making the rest of this easy is to get the first Paragraph block styled just like you want, duplicate it three times, and customize the text.

Step 6: Card Ingredients and Directions

The hard part is out of the way. I promise. This next step is as simple as adding Heading and List blocks for an Ingredients section and doing the same for a Directions section. These should still be placed in the same Group that the previous blocks were in.

For the Heading blocks, I set the level to H3. The only other settings change I made was to select the “Convert to ordered list” button in the toolbar for the list under Directions.

Step 7: Card Social Sharing

You cannot have a modern recipe card without a social section, right? You will need the Social Sharing Block plugin installed for this. Or, you can stop now with your completed card.

For this section, insert a new Group after (not inside) the Group used to house the recipe content. Change the text color to white and add a dark background color. You can also tinker with the padding (I set it to 2rem) or use a Spacer block if you want extra breathing room.

For the “Like This Recipe?” text, add a Heading block with the H3 level. Then, insert the Social Sharing block below it. Feel free to play with the design. I used centered justification and enabled the “Show labels” option.

That is a wrap!

Notes and Other Thoughts

I wanted to use core WordPress blocks for everything in this recipe card. The social sharing section was the obvious roadblock, so I needed to rely on a third-party plugin.

Compared to many modern recipe cards that I have seen around the web, this solution still lacks two features:

• Task-style checkboxes or radio inputs for crossing out ingredients or steps.
• A “print this recipe” button.

For the task list, the Todo Block plugin by David Towoju works as a great alternative to the List block. It is lightweight and will allow site visitors to cross out items as they work through the recipe.

For a print button, I do not have a recommended solution. It would not be particularly tough to do via code, and I would love to see a theme author take this pattern idea and run with it.

It is inevitable for every website owner to change their website theme occasionally. You might want to replace the existing theme with a lighter one to reduce loading times, add better customization options, or change the website’s appearance.

The process of changing the WordPress theme on your site is straightforward, but you need to follow some prerequisites beforehand to make sure you don’t mess up the live site. We’ve compiled a list of things you should do before changing your WordPress theme.

1. Back Up Your WordPress Site

Your top priority should be to take a complete backup of your website first. When you back up your content and database, you will have a replica of the current state of your website. In case things don’t go as planned while changing the theme, you can always use the backup to restore your site without losing any significant changes.

Although most users take daily or weekly auto-backups, it is essential to take a fresh backup and store it in the cloud or on your computer to avoid losing any changes made after the backup. There are a variety of plugins available to take backups of your website, but UpdraftPlus makes it easy.

Download: UpdraftPlus for WordPress (Free, Premium available)

2. Put Your Website on Maintenance to Notify Your Audience

It could be disastrous to change the WordPress theme on a live website. Thus, instead of disrupting the user experience of your website visitors by showing them a distorted webpage with content, images, headers, and footers scattered around, add a message stating that maintenance is taking place.

You can put your website on maintenance in various ways, so it looks like changes are being made behind the scenes. Either you can write custom code, use a plugin, or use third-party page builders. The easiest option is to use a plugin, as it allows you to activate and deactivate maintenance mode with just a few clicks.

Bloggers generally recommend using the SeedProd plugin to put your website in maintenance, but you can use any free plugins in the WordPress library.

3. Copy Code Snippets

Perhaps you have used some custom code snippets to enhance the functionality of your WordPress theme. Depending on how you added them, you will have to avoid losing them when changing themes. If you manually added them to the theme file, you have to copy them all before making any changes.

If you’re using a dedicated plugin to add snippets, it may or may not retain those snippets or apply them to the new theme. In either case, it’s better to copy all the custom codes you added to the theme file or plugin and save them offline. If something goes wrong, you can still use the same code snippets to customize your new theme.

4. Note Down Your Theme’s Customizations

You should also carefully note down the placement of different elements on your theme, including widgets, header elements, footer elements, custom texts, etc. As a result, if changing the WordPress theme reverts all such customizations to default, you can replicate them manually afterward.

It is also essential to check the feasibility of customizing the new theme. Analyze how customizable its fonts and layout are, how easy it is to use with a page builder, and how easily you can customize it using code snippets. So, make sure it offers the same level of customization as your old theme so that you can redesign it to your liking.

5. Note Your Website Speed Metrics

It’s essential to perform a live speed and performance test of your website in its current state on your old theme. You can repeat the test after changing the theme to compare the performance of your website on a new theme to that of an old one. Therefore, you can revert the change if the theme has overloaded your site instead of improving its loading time.

GTmetrix is an excellent tool for analyzing the website’s performance. Run a performance test and note the site’s performance and structure scores along with the web vitals. If you’ve used the code snippets on multiple pages, you can also review the performance reports for each page to ensure adding code snippets to the same pages in a new theme won’t overload it.

Doing so helps in analyzing how the new theme handles existing snippets. You can also use other WordPress speed test tools to check your site’s performance.

6. Check Theme’s Compatibility on Different Devices

Your website audience accesses your website from a variety of devices. Therefore, it is imperative to have a theme that is responsive and compatible with all devices. Generally, WordPress themes work perfectly on desktops but have issues on mobiles.

Check if the theme you plan to use is mobile-friendly by design, or gauge the amount of effort you will need to put into making the theme mobile-friendly.

As part of the compatibility check, keep an eye on your old theme’s loading speed on mobile, check the bounce rate of mobile users, and track the average stay time of mobile users. Later, you can compare this information with the data on your new theme. It’s easy to revert the change or switch to another theme when things go south.

7. Check Feedback of Other Users

Getting feedback from other bloggers using the same theme as yours will help you make a well-informed decision. You can check out the theme’s rating on different websites, read relevant discussions on various forums, or ask about it in multiple communities of bloggers. Make the change when you’re confident that the theme delivers what the developer advertised.

Ensure You Made the Right Change

If you make a change, it’s imperative to go back and review everything listed above to make sure you made the right choice. It is also important to solicit feedback from your audience on this change. Ask your audience about your website’s new interface and make any necessary adjustments after listening to what they have to say.

Moreover, check all existing website content and make sure there are no major formatting issues. Next, analyze your website carefully for any hiccups and make the necessary adjustments promptly. In addition, tracking your SEO rankings in analytics can help you see the impact of this change on your website traffic.

You should revert the change for good once you see traffic drop, bounce rate increases, or the average stay time decreases. In addition, if you’re not content with WordPress, there are many other CMS options to choose from. Take a look at our detailed comparison of WordPress and Wix.

Avoid Using a Nulled WordPress Theme

Hopefully, following the above steps will help you change your WordPress theme without much trouble. However, to avoid compromising your website’s security, you should ensure that you’re using the original theme file from the developer and not a nulled one. Take all possible measures to secure your website completely in either case.

An immersive reading experience, vividly expressing content, and flipping pages automatically is what FlipBuilder’s free magazine maker software helps users achieve. Flip PDF Plus Pro empowers them to customize their digital magazines to convey their ideas and communicate brand and product messages to people. Using the built-in templates, themes, backgrounds, animations, and other multimedia elements, they can change their PDF magazines into dynamic, lively online publications that audiences will love to read.

The free magazine maker software can make stunning business, learning, fashion, and entertainment magazines. It offers a faster way to share stories with the world, and one can update them regularly even after they’re published. Working with the software is easy even when one doesn’t have any design skills. Flip PDF Plus Pro offers tutorials that beginners can follow and make their magazines within a short time. The best part is that all the needed features are available in a simple, easy-to-use interface.

“At Flip PDF Plus Pro, we offer a host of options to make your magazines appeal to your audiences,” says Ivan Leung, the CTO of FlipBuilder. “In addition, you can sell your magazines directly online using a shopping cart. Monetizing publication is a simple process that allows you to set prices and customize the pages you want to sell. We also give you the options that will help your customers complete their purchases by giving direct payments or adding the publications to a shopping cart. You can set the online payment options and let them pay directly from the magazines.”

Flip PDF Plus Pro offers multiple output formats for offline and online magazine reading. Creators can publish their publications in HTML format by uploading their creations to their servers. This generates a link that readers can use to open magazines. The other option is to publish projects as WordPress plugins. Once the plugin is installed on WordPress, they will post their magazines on their websites to make them accessible to readers. More output options from the free magazine maker software include publishing in APK, app, and EXE formats or uploading them to the FlipBuilder server.

To discover more information about this free magazine maker software, stay tuned to FlipBuilder.

About FlipBuilder

FlipBuilder is an innovative and professional digital publishing platform, providing best solution to convert static PDF files into wonderful online flipbook. From design to delivery, we focus on simplicity in use and power in function. Unlike traditional printed publications based on paper, you can create an online elegant digital magazine within several steps.