All posts by wpwork

Thankfully, there are plenty of steps you can take to protect your WordPress website.

Start With These Easy Security Basics

When setting up your WordPress site security, there are some basic things you can do to beef up your protection.

Here are some of the first things you should implement to help protect your website.

1. Implement SSL Certificates

Secure Sockets Layer (SSL) certificates are an industry standard used by millions of websites to protect their online transactions with their customers.

Obtaining one should be one of the first steps you take to secure your website.

You can buy an SSL certificate, but most hosting providers offer them for free.

Next, use a plugin to force HTTPS redirection, which activates the encrypted connection.

This standard technology establishes an encrypted connection between a web server (host) and a web browser (client).

By adding this encrypted connection, you can ensure that all data passed between the two remains private and intrinsic.

2. Require & Use Strong Passwords

Along with obtaining an SSL certificate, one of the very first things you can do to protect your site is to use and require strong passwords for all your logins.

It might be tempting to use or reuse a familiar or easy-to-remember password, but doing so puts you, your users, and your website at risk.

Improving your password strength and security decreases your chances of being hacked.

The stronger your password, the less likely you are to be a victim of a cyberattack.

When creating a password, there are some general password best practices you should follow.

If you aren’t sure that you’re using a strong enough password, check the strength by using a free tool like this helpful Password Strength Checker.

3. Install A Security Plugin

WordPress plugins are a great way to quickly add useful features to your website, and there are several great security plugins available.

Installing a security plugin can add some extra layers of protection to your website without requiring much effort.

To get you started, check out this list of recommended WordPress security plugins.

• Wordfence Security – Firewall & Malware Scan
• All In One WP Security & Firewall
• iThemes Security
• Jetpack – WP Security, Backup, Speed, & Growth

4. Keep WordPress Core Files Updated

Keeping your WordPress up to date at all times is critical to maintaining the security and stability of your site.

Every time a WordPress security vulnerability is reported, the core team starts working to release an update that fixes the issue.

If you aren’t updating your WordPress website, then you are likely using a version of WordPress that has known vulnerabilities.

As of 2021, there are an estimated 1.3 billion total websites on the web with more than 455 million of those sites using WordPress.

Because it is so popular, WordPress is a prime target for hackers, malicious code distributors, and data thieves.

Don’t leave yourself open to attack by using an old version of WordPress. Turn on auto-updates and forget about it.

If you would like an even easier way to handle updates, consider a Managed WordPress Hosting solution that has auto-updates built in.

5. Pay Attention To Themes & Plugins

Keeping WordPress updated ensures your core files are in check, but there are other areas where WordPress is vulnerable that core updates might not protect – such as your themes and plugins.

For starters, only install plugins and themes from trusted developers.

If a plugin or theme wasn’t developed by a credible source, you are probably safer not using it.

On top of that, make sure you update your WordPress plugins and themes.

Just like an outdated version of WordPress, using outdated plugins and themes makes your website more vulnerable to attack.

6. Run Frequent Backups

One way to protect your WordPress website is to always have a current backup of your site and important files.

The last thing you want is for something to happen to your site and you do not have a backup.

Backup your site, and do so often.

That way if something does happen to your website, you can quickly restore a previous version of it and get back up and running faster.

Intermediate Security Measures To Add More Protection

If you’ve completed all the basics but you still want to do more to protect your website, there are some more advanced steps you can take to bolster your security.

7. Never Use The “Admin” Username

Because “admin” is such a common username, it is easily guessed and makes it much easier for scammers to trick people into giving away their login credentials.

Never use the “admin” username.

Doing so makes you susceptible to brute force attacks and social engineering scams.

Much like having a strong password, using a unique username for your logins is a good idea because it makes it much harder for hackers to crack your login info.

If you are currently using the “admin” username, change your WordPress admin username.

8. Hide Your WP-Admin Login Page

By default, a majority of WordPress login pages can be accessed by adding “/wp-admin” or “/wp-login.php” to the end of a URL.

This makes it easy for hackers to start trying to break into your website.

Once a hacker or scammer has identified your login page, they can then attempt to guess your username and password in order to access your Admin Dashboard.

Hiding your WordPress login page is a good way to make you a less easy target.

Protect your login credentials by hiding the WordPress admin login page with a plugin like WPS Hide Login.

9. Disable XML-RPC

WordPress uses an implementation of the XML-RPC protocol to extend functionality to software clients.

This Remote Procedure Calling protocol allows commands to be run, with data returned formatted in XML.

Most users don’t need WordPress XML-RPC functionality, and it’s one of the most common vulnerabilities that opens users up for exploits.

That’s why it’s a good idea to disable it.

Thanks to the Wordfence Security plugin, it is really easy to do just that.

10. Harden wp-config.php File

Your WordPress wp-config.php file contains very sensitive information about your WordPress installation, including your WordPress security keys and the WordPress database connection details, which is exactly why you don’t want it to be easy to access.

You can “harden” your website by protecting your wp-config.php file via your .htaccess file.

This basically means you are giving your site some extra armor against hackers.

11. Run A Security Scanning Tool

Sometimes your WordPress website might have a vulnerability that you had no idea existed.

It’s wise to use tools that can find vulnerabilities and fix them for you.

The WPScan plugin scans for known vulnerabilities in WordPress core files, plugins, and themes.

The plugin also notifies you by email when new security vulnerabilities are found.

Strengthen Your Server-Side Security

By now, you have taken all the above measures to protect your website.

However, you may still want to know if there is more you can do to make it as secure as possible.

The remaining actions you can take to beef up your security will need to be done on the server-side of your website.

12. Look For A Hosting Company That Does This

When looking for a hosting company, you want to find one that is fast, reliable, secure, and will support you with great customer service.

That means they should have good, powerful resources, maintain an uptime of at least 99.5%, and use server-level security tactics.

If a host can’t check those basic boxes, they are not worth your time or money.

One of the best things you can do to protect your site from the very get-go is to choose the right hosting company to host your WordPress website.

13. Use The Latest PHP Version

Like old versions of WordPress, outdated versions of PHP are no longer safe to use.

If you aren’t on the latest version of PHP, upgrade your PHP version to protect yourself from attack.

14. Host On A Fully-Isolated Server

Private cloud servers have a lot of advantages.

One of those advantages is that it ups your security.

All cloud environments require a strong combination of antivirus and firewall protection, but a private cloud runs on specific physical machines, making its physical security easier to ensure.

On top of security, a fully-isolated server has other perks such as very high uptime and easy integration of managed hosting.

Looking for the perfect cloud environment for your WordPress website?

Look no further.

With InMotion Hosting’s Managed WordPress Hosting you get server-to-server migrations, safer upgrading, on-the-fly security patching, and industry-leading speed all rolled into one.

15. Use A Web Application Firewall

One of the final things you can do to add extra security measures to your WordPress website is to use a web application firewall (WAF).

A WAF is usually a cloud-based security system that offers another layer of protection around your site.

Think of it as a gateway for your site.

It blocks all hacking attempts and filters out other malicious types of traffic, like distributed denial-of-service (DDoS) attacks or spammers.

WAFs usually require monthly subscription fees, but adding one is worth the cost if you place a premium on your WordPress website security.

Make Sure Your Website & Business Is Safe & Secure

If your website is not secure, you could be leaving yourself open to a world of hurt.

Thankfully, securing a WordPress site doesn’t require too much technical knowledge as long as you have the right tools and hosting plan to fit your needs.

Instead of waiting to respond to threats once they happen, you should proactively secure your website to prevent security issues.

That way, if someone does target your website, you are prepared to mitigate the risk and go about your business as usual instead of scrambling to locate a recent backup.

Get WordPress Hosting that is secure and fully isolated with free SSL, dedicated IP address, free backups, automatic WordPress updates, DDoS protection, and WAF included.

Learn more about how Managed WordPress Hosting can help protect your website and valuable data from exposure to hackers and scammers.

Advertiser & Editorial Disclosure

In this digital era, having your own website is essential for most small businesses. They can amplify your brand, help you connect with old customers, and allow you to reach new customers.

In fact, not having a website can make your business look archaic and out of touch.

The good news is that establishing your online presence is easier than ever before. In this step-by-step guide, we cover everything you need to know about how to make a new website.

How to Make a Website in 5 Steps — Tutorial

Here’s a quick beginner’s guide on how to create a website.

1. Determine Your Website’s Purpose

First decide what you want to accomplish digitally.

A few use cases for websites include:

• Building brand awareness by showcasing your products or services
• Collecting emails through a sign-up form
• Selling products or services through your website
• Fielding customer service inquiries
• Blogging about your business and industry, as well as announcing new products
• Providing a forum for customers in your industry and/or community to network
• Directing customers to retail locations or social media platforms that sell your products

It’s important to map out your goals because the amount it costs to make a website can vary depending on your needs. For example, you may be able to use a free service if your only goal is to collect emails.

2. Pick a Platform

Next, choose a website builder or platform. These services allow you to create your website using drag-and-drop interfaces, which means you don’t have to code anything by yourself. Simply create an account, then start customizing the look and feel of your site.

Here are a few of the top website providers.

• Shopify —  Designed for online stores and e-commerce businesses of all sizes, Shopify takes care of all your payment processing needs. Their user-friendly interface also makes it easy to create beautiful product pages that instantly make your business look professional. Pricing scales with your business.
• Wix.com — Great for any kind of business. Known for its user experience, Wix is one of the most customizable platforms available with features for every industry. Whether you’re building an e-commerce site or simply a landing page, they make it easy to build and scale stunning websites.
• GoDaddy — A one-stop shop for both domains and website building,  GoDaddy comes with a platform that lets you customize your site, like Shopify and Wix. They also have a service that handles the entire design process for you.
• MailChimp — Designed for landing pages with opt-ins and sign-up forms, Mailchimp is primarily an email marketing automation tool for email lists. But they also offer a site design feature that’s perfect if your only goal is to collect contact information.
• Squarespace — Great for any kind of business. Squarespace is a close competitor to Wix and features similar features, including the ability to create beautiful sites quickly and effortlessly.
• WooCommerce — Perfect for ecommerce stores and online businesses looking for slick homepages and reliable payment processing, WooCommerce is a WordPress plugin that integrates into your WordPress dashboard. 
• WordPress — Designed for businesses and bloggers who want even more customizability than what the solutions above offer, WordPress is a free, open source platform that is an ideal choice if search engine optimization (SEO) is important to your business. It’s also the go-to content management system for some of the world’s biggest websites, and can be a great fit for personal websites.

And of course, there’s always the option to code your own site from scratch or hire a web developer.

3. Grab a Custom Domain Name

Once you’ve chosen a platform, lock down a domain name for your website. Domain names are the address users will enter to go to your website, like nav.com or wikipedia.org.

Most website providers now offer the ability to buy a domain name within the platform, but you can also browse domain registrars like namecheap.com and domains.google if you prefer to get yours through a third party. Note that domains no longer have to end in “.com” or “.org.” There is a sizable list of other options, including “.co,” “.finance,” “.us,” and “.biz.” To see the full list of what’s available, just enter a keyword on your domain provider’s site.

Domain names can range from as little as $12 a year to as much as seven figures. Longer domains tend to be cheaper, while one-word ideas are often much more expensive.

4. Get Web Hosting

“Hosting” is a technical term that translates to “renting storage space for your website’s files.” Your site needs somewhere to store its data, and web hosting providers provide the digital real estate.

Popular hosting companies include Bluehost, HostGator, and Hostinger. Pricing for a basic hosting plan can start at as little as $2.75 per month, and scales up according to your needs.

You only need to follow this step if you’re building your site on WordPress or coding your own. Other platforms come with hosting services built in.

5. Check Off Everything On This List

If you’ve made it to this step, you’re ready to start designing your website and attracting visitors. While you design, make sure you’re accounting for these important features. 

• Privacy policy page — Due to certain wording found in the Federal Trade Commission Act, having a privacy policy on your website is highly recommended. Google “privacy policy generator” for a template.
• Cookie policy — If your web page collects cookies and receives visitors from California or foreign countries, make sure you have a cookie disclaimer. Many sites structure this as a pop-up.
• Analytics plug-ins — At some point, you’ll want the ability to analyze user behavior, including where your visitors are coming from and how they’re interacting with your site. With free solutions like Google Analytics, there’s no reason not to start tracking this from day one.
• SEO plug-ins — If you plan to drive traffic from Google and other search engines, make sure your site is using search engine optimization (SEO). For WordPress users, one of the best plug-ins is Yoast.
• SSL and security measures — If your site runs on WordPress.org, you may need to install an SSL certificate, as well as other security plug-ins to keep your site safe. Other platforms like Shopify and Wix often come with built-in security features.
• Make sure your site loads quickly — Don’t spend hours beautifying your site only to find that it takes forever to load. Periodically check your site’s speed –- especially on mobile devices.
• Include an email opt-in or contact form — Email is one of the most powerful ways to turn visitors into customers. Make sure you have a way for visitors to enter their contact information somewhere on your site. You may also want to include a pop-up that gives away a freebie in exchange for an email sign-up.

Can You Create a Website for Free?

There are a few free website builders that allow you to create a fully functioning business website for free.

If you’re looking for a standard site with basic functions like the ability to host a home page, contact page, navigation menu, and blog, consider using WordPress. There are two versions: WordPress.com and WordPress.org. 

The .com version is as plug-and-play as it gets, and is a great choice if you’re designing your first website. Create a free account and start building immediately. The .org version comes with a slightly higher learning curve. It requires setting up hosting and a domain name before you can start building. If your goals include SEO optimization and html and css customizability, choose the .org option.

If you need an ecommerce website with capabilities like the ability to process payments and create product pages with shopping cart functions, you’ll either need to buy paid WordPress themes and apps, code your own WordPress site, or hire a website designer.

Another platform that allows you to create a free website is Mailchimp. Mailchimp’s landing pages are great if your only purpose is to collect email addresses or other contact information. Keep in mind that the free plan only supports domains with Mailchimp branding. To create a free-standing site with your own domain, you’ll need to upgrade to a paid plan.

Finally, most platforms allow you to build the foundations of your website for free. You’ll need to upgrade to a paid plan to make your website live, but Shopify, Wix, Squarespace, and other similar sites all allow you to poke around and design a rough draft for free.

How to Find the Best Website Builder

Online business has grown at an incredible rate in the last few years, and website providers have scaled with the industry. There’s no shortage of choices for website providers, which can be overwhelming.

One way to find the best platform for you is to use Nav. Our platform curates the leading website making services and regularly updates our selection as new options become available. 

With that said, here are a few high-quality options we recommend. This short list is optimized for reliability, customizability, and affordability. Some of the world’s biggest businesses use these sites, and their long-standing reputations make them trustworthy.

Nav can also help you find the best loans, credit cards, business bank accounts, and more, and it’s all based on your business data. Create a free account to compare your options with confidence.

class=”blarg”>

A well-designed website is the digital business card that will make you money online. When it comes to website building, having a user-friendly experience both on a desktop computer and a phone can make or break your online efforts.

“As web designers, we want to make what’s most beautiful, which is usually the desktop version [of a website], and then kind of pare it down for the mobile version,” says Krystle Rowry, a web designer and brand strategist for entrepreneurs. “But it needs to be mobile first for most people. A lot of people are mostly on mobile.”

There are more do-it-yourself (DIY) website builder options than ever before (and even more website builder reviews) to help you get your online dreams off the ground, and you don’t need to hire a web developer to set up a website that makes an awesome first impression. The best website builder for small business owners, however, ultimately depends on what you want your online store or website to accomplish – and your overall goals.

We asked four experts to weigh in on what they think is the best website builder platform. Here is what they had to say.

First, a Decision: Should You Use WordPress or Not?

In figuring out the best website builder for your circumstances, you’ll first want to decide whether or not you want to build your website on WordPress or on a more drag and drop interface. WordPress.org is a free hub for building your own website in any way you want; 43% of all websites on the internet are powered by WordPress, according to realtime reporting from W3Techs, a data collection company. WordPress is beloved for both its search engine optimization potential and its functionality as a content management system. After signing up for WordPress, you would then choose a website builder software and install it within your account.

In the 2000s, the WordPress learning curve was considerable. As a result, many new website builders began to emerge that required no coding knowledge and had far simpler interfaces; some of the most popular ones include Squarespace, Wix, and Weebly.

“For these drag-and-drop providers, some settings are kind of locked in because they don’t want you to change things around too much,” says David Yarde, a brand architect and software engineer with over 17 years of experience. “But you can be up and running within an hour or two if you already have your domain name.” A custom domain, web hosting, and certain ecommerce features are also factors to consider when choosing the best website builder for your professional website.

WordPress responded to its market competitors by adding its own drag and drop functionality. Now, “you can actually get started on WordPress with a shorter learning curve,” says Wendy Coop, a certified financial education instructor (CFEI) and owner of Creative Consulting LLC, a company that teaches individuals and organizations financial literacy.

The key factor to consider is your how your website fits into your overall business plan. A drag-and-drop website builder will help you get started quickly, but you may end up having to migrate your site down the road, says Jasmine Powers, founder of Jasmine Powers Multimedia, a creative agency that offers brand strategy, digital production, and systems management.

“Your website may need to be able to manage things like e-commerce or a community,” she notes. “Your site may need to be able to manage multimedia, marketing or SEO tools, or other aspects of the business.” If you anticipate wanting to add lots of bells and whistles to your website down the line, it might be better to choose WordPress over other website builders from day one.

Best Website Builder for WordPress: Elementor

What Should You Consider When Choosing a Website Builder?

In addition to the features mentioned above, here are some other elements to take into consideration when choosing the best website builder for your needs.

Your Level of Web Experience

Top website builders said being comfortable with the platform you’re on will get you further than picking the “best” software and having no idea how to use it.

“You want to look for [a website builder] you can easily maintain until you can pay someone to do the maintenance in the building for you,” says Coop. “So if that means starting on Wix for most people, that would be fine. But you can also start on WordPress, and build up to it. As your site gets more and more robust, Wix is likely not going to be able to handle what you need. So you’re going to eventually be moving over to WordPress.”

A WordPress website can give you incredible creative power, but if you’re so intimidated by your WordPress site that you never want to log in, consider a simpler web builder with a drag and drop editor instead.

Your Hosting Platform 

You could have the greatest website in the world, but if you haven’t set up web hosting services, your site won’t actually be live on the internet. Our experts recommended getting web hosting from a provider that is separate from your website builder; this will make migrating your site down the road way easier if you choose to do so.

Related: Best Web Hosting for June 2022: 5 Options to Ensure Your Website Gets Seen, According to Experts

Web hosting and website builder software packages often come with a free domain, but our experts advised against this. If you decide you want to migrate your site at a later date, it can be a pain to migrate over your free domain as well.

Site Speed and Performance

53% of mobile users will abandon a website that takes more than three seconds to load, according to internal data recorded and published by Google. When building your website, aim for a user interface that is quick, light, and easy to navigate with just a few clicks. For many website builders, this might mean saving versions of images that are lower in file size while still maintaining the same visual quality, for example. 

Check your web hosting and search engine optimization (SEO) settings so that search engines can find and index your site quickly; this makes your website more user-friendly and appealing. If you’re not sure how your website is performing, check your analytics tools within your website builder, and also be sure to set up Google Analytics if you haven’t already done so in order to see how many users are visiting your own website.

Everyone loves professional-looking websites, but as a small business owner you need your professional website to load quickly and efficiently.

Level of Site Customization 

When it comes to picking the best website builder, think about the amount of content you’ll need on your site to reach your overall goals. Powers advises prioritizing three pages when building a website: a home page, a services page, and a contact page. She also recommends including sections that tell visitors about you and capture users who want to sign up for your email list.

“You need to have a home page that details one to three calls to action that you want a visitor to take,” she says. “You need a contact page. And then you need a services page – it can be for products or services  – where [visitors] can actually buy whatever you have that is available for purchase.” Powers adds that about pages and opt-in pages are optional, but that you would want that functionality somewhere on your website; these sections could live on existing pages or be part of your home page.

Your website is your online business card; it’s the corner of the internet where people can go to learn more about who you are and what you do. Familiarize yourself with the best website builder for your situation so you can spend less time tied up with tech snags and more time pursuing your online financial goals.

Cloudflare announced that they are offering a Web Application Firewall (WAF) free of charge to subscribers on the free plan. The WAF will provide access to the WAF user interface which comes with a ruleset that can be used to block known threats automatically.

The free managed ruleset has been tested against the Cloudflare network and allows free users to activate their firewall and begin enjoying the benefits of a firewall right away.

Because the ruleset is a managed ruleset, free users will benefit from updates that will protect their sites from new wide ranging security threats.

The free tier of the firewall is especially tuned for protecting WordPress websites as it protects against common WordPress exploits.

Cloudflare WAF

The Cloudflare WAF is an application firewall that monitors incoming web traffic from the Internet to the website and automatically blocks any traffic that it identifies as malicious.

The firewall uses a ruleset which is a set of patterns and signals that it looks for in order to identify malicious traffic and filter it out.

Cloudflare Free Managed Ruleset

The Free Cloudflare WAF comes with a managed ruleset that is designed to block a multitude of common vulnerability attacks.

A managed ruleset consists of pre-configured rules that allows a user to deploy the firewall and have it ready to inspect and block malicious web traffic.

The benefit of a managed ruleset is that the firewall is ready to deploy and with minimal configuration on the part of the user.

Cloudflare describes this free managed ruleset:

“Designed to provide mitigation against high and wide impacting vulnerabilities. The rules are safe to deploy on most applications. If you deployed the Cloudflare Managed Ruleset for your site, you do not need to deploy this Managed Ruleset.”

The free managed ruleset will be updated whenever a wide ranging threat appears that can affect many websites. This is a huge deal that can go a long way toward mitigating the effects of brand new hacking attacks.

The free version of the ruleset protects against the Shellshock server security bug, blocks Log4J vulnerabilities, and protects WordPress websites from vulnerabilities that are common to WordPress.

Access to Cloudflare Firewall User Interface

Cloudflare is providing the free tier of users access to the Firewall User Interface (UI), a dashboard where publishers can manage their firewall.

The dashboard allows users to alter their firewall and also to monitor actions taken by the firewall via the Security Overview tab.

Free users can do the following in the dashboard:

“Overriding all rules to LOG or other action.

Overriding specific rules only to LOG or other action.

Completely disabling the ruleset or any specific rule”

Citations

Read the Official Cloudflare Announcement

WAF for everyone: protecting the web from high severity vulnerabilities

Learn About the Cloudflare WAF Managed Rulesets

Managed Rulesets

Read About the Redesigned Cloudflare WAF UI

A new WAF experience

Today it was announced that Automattic, parent company of WordPress.com, WooCommerce, Jetpack, Akismet and more has acquired Frontity, a headless WordPress framework. The announcement stated that the acquisition will directly benefit the open source WordPress CMS and will further the goal of realizing full site editing with Gutenberg blocks.

Headless CMS

A headless content management system (CMS) is an approach to publishing that uses a CMS like WordPress for handling the creation and management of the content (this is the back end) and a React front end for the part that users see (this is the front end, the head).

When you separate the front end functions from WordPress in order to exclusively use WordPress for managing the content and not the front part of the site (the head) that users see, this is called a headless CMS.

The CMS, in this case WordPress, is just used as the back end for the content creation and the management of that content.

There are speed and SEO benefits to using a headless CMS.

A headless CMS also allows publishers to more easily publish content across different channels like social media, Internet of Things, etc.

Frontity

Frontity is an open source framework for making it easy to use WordPress as a headless CMS.

What Frontity does is to make it easy to bring the headless site architecture to the WordPress environment so that publishers can enjoy the speed advantages without having to worry about coding issues.

Automattic invested in Frontity in 2020 and began a close working relationship with the Frontity team at that point, with Automattic sponsoring Frontity’s work on the WordPress core.

With this acquisition the Frontity team will focus on the WordPress core and on Gutenberg.

This move does not mean that that the React framework is going to be pushed to the WordPress core.

Frontity will continue as an open source project.

What’s Exciting About Frontity and Automattic

what’s really of interest about this announcement is that the JavaScript engineering resources devoted to creating Frontity will now be focused on the WordPress core, specifically to helping finalize the Full Site Editing Experience via Gutenberg blocks.

Gutenberg is the WordPress project for modernizing the creation of websites with the goal of making it easy for anyone to create websites.

Gutenberg replaces the coding-centric traditional WordPress interface with the an easy to use visual editor that utilizes the visual paradigm of blocks for creating websites.

According to Frontity:

“As part of Automattic, our team will contribute to the WordPress open source project and work closely with its community to help improve the full site editing developer experience.

…The impact our team could make working directly on WordPress is much more significant than continuing on our own, so we decided to go for it!”

Big Score for WordPress

The reaction in the private Advanced WordPress Facebook group has been positive.

This announcement is huge news for the entire WordPress publishing community. It means that more top engineering talent will be devoted to developing the WordPress core CMS and helping speed up the development of the Gutenberg content editor.

Citation

Read the official announcement from Frontity:
Frontity is joining Automattic

If a new user registers at a WordPress site the new user and the administrator receive notification mails:

User:

From: myBlog (info@myBlog.com)
Subject: [myBlog] Your username and password info

Username: new_user

To set your password, visit the following address:<http://myblog/wp-login.php?action=rp&key=3oCJkevP1ZSSb0P8DlOW&login=new_user>

http://myblog/wp-login.php

Admin:

From: myBlog (info@myBlog.com)
Subject: [myBlog] New User Registration

New user registration on your site myBlog:

Username: new_user

Email: new_user@myblog.com

Until version 4.8 the content of the mail was hard coded.The only way to alter the mails was to hook into wp_mail() or even phpmailer.

WordPress v4.9 now offers the ability to easily customize these mails by using the following filters:

The filters fire after the user has been added to the database.

The filters for the user’s and the admin’s email follow the same logic, just the filter and the variable names differ:

$wp_new_user_notification_email_admin = apply_filters( 'wp_new_user_notification_email_admin', $wp_new_user_notification_email_admin, $user, $blogname )

The parameters contain the following values:

• $wp_new_user_notification_email_admin: Associative array with the keys to, subject, message, headers.
• $user: A WP_User object of the registered user.
• $blogname: A string containing the name of the blog the user registered to.

With these values at hand it’s easy to create your customized mail:

add_action( 'login_init', 'my_wp_new_user_notification_email_admin_init' );

function my_wp_new_user_notification_email_admin_init() {
    add_filter( 'wp_new_user_notification_email_admin', 'my_wp_new_user_notification_email_admin', 10, 3 );
}

function my_wp_new_user_notification_email_admin( $wp_new_user_notification_email, $user, $blogname ) {
    $wp_new_user_notification_email['subject'] = sprintf( '[%s] New user %s registered.', $blogname, $user->user_login );
    $wp_new_user_notification_email['message'] = sprintf( "%s ( %s ) has registerd to your blog %s.", $user->user_login, $user->user_email, $blogname );

    return $wp_new_user_notification_email;

}

(As always for filters: do not forget to return the altered variable.)  The mail now looks like this:

From: myBlog (MyBlog@myblog.com)
Subject: [myBlog] New user new_user registered.

new_user (new_user@user.com) has registerd to your blog myBlog.

Of course, you can insert more data than provided by the filter. E.g., you can tell the admin, how many registered users the blog already has:

function my_wp_new_user_notification_email_admin($wp_new_user_notification_email, $user, $blogname) {

    $user_count = count_users();

    $wp_new_user_notification_email['subject'] = sprintf('[%s] New user %s registered.',
$blogname, $user->user_login);
    $wp_new_user_notification_email['message'] =
    sprintf( "%s has registerd to your blog %s.", $user->user_login, $blogname) .
"\n\n\r" . sprintf("This is your %d. user!", $user_count['total_users']);

    return $wp_new_user_notification_email;

}

The parameter headers can be used to easily change some header information:

$wp_new_user_notification_email['headers'] = "From: myBlog <myblog@myblog.com> \n\r cc: Admin 2 <admin2@mblog.com>";

In this example the From information of the mail is changed and the user admin2@myblog is added as an additional recipient. As you can see, multiple headers entries are separated by “\n\r” (return and linefeed).

As said before this all could already be done by using wp_mail() and phpmailer but the new filters are way more convenient.

Biology Fortified runs on a content management system called WordPress. We operated a self-hosted WordPress for a decade, then moved to a WordPress.com Business Plan. While no system is perfect, we like this content management system for many reasons.

To help our own guest authors and other new science communicators get started, here is our set of mini-tutorials. These tutorials assume you are using WordPress.com, though most of the steps will also work for self-hosted WordPress.

Need a WordPress tutorial you don’t see here? Just ask! You can also find more in-depth WordPress tutorials, such as the EZ WordPress Guide. For specific questions, you can check with WordPress.com support or the self-hosted WordPress forums.

We hope you find these WordPress tutorials helpful. If you’re looking for a place to write, consider the Biofortified Blog. We can provide guidance and editing to help you grow as an author. Group blogs have many advantages over striking out on your own – the main one being that you can spend your precious time writing instead of managing a website. Write with us!

WordPress Tutorials Table of Contents

1. Log In to WordPress
2. Create a Page or Post
3. Edit a Page or Post
4. Add an Image to a Page or Post
5. Add Anchors
6. Search Engine Optimization (SEO)
7. Collaborate via Google Docs
8. Post via Email

Log In to WordPress

1. Visit WordPress.com. You may need to follow the instructions on the website if they have two-factor authentication enabled.
2. On the top left-hand side, select My Sites, then choose the site you want to edit. You may need to click on Switch Site if one is already selected.
3. Then you can proceed with adding or changing content.

Create a Page or Post

Pages and Posts are the two primary content types on a WordPress site. Think of a Page as a more permanent part of the website. A Post is also permanent in that it will remain until deleted, but it will be pushed down by more recent posts over time.

For example, on our homepage at Biofortified.org, you can see six recent posts. Older posts do not appear on our homepage, but can be found on our posts page or by searching on our site.

1. On the left-hand side at WordPress.com, look for either Site Pages or Blog Posts and click the corresponding Add New button.
2. Now simply type, delete, or move text however you wish! You may notice that the text is organized in little containers. Those containers are called blocks. WordPress introduced those as part of their Gutenberg editor in late 2018. WordPress provides support on how to use the editor. You can also learn more about block types at Go Gutenberg.

Edit a Page or Post

1. On the left-hand side at WordPress.com, click on Site Pages and the list of all of your pages will appear. Or, click on Blog Posts and the list of all your posts will appear.
2. If you have many pages or posts, you can use the magnifying glass above the list of pages to search, or you can simply click on the title of the Page or Post you wish to edit.
3. Now simply type, delete, or move text however you wish! (as described above)

Add an Image to a Page or Post

Images (photos, charts, screenshots, infographics, etc.) are incredibly important for illustrating your content and visually breaking up text. Be sure that you have permission if you wish to use someone else’s work. See our post on Copyright and Fair Use for more information.

Infographics in particular are a great way to display complex information. What is an infographic? Learn all about them from Venngage. You can use an infographic website (such as Venngage, Canva, or Spark) or you can simply use PowerPoint or Google Docs.

1. In a Page or Post, hover your mouse cursor over a block. You’ll notice a plus sign appear at the top of the block. Click the plus sign, and a box with options will appear (see screenshot below). Select the Image block type, or search for image in the “Search for a block” search bar.
2. The image block gives you three options: upload a new image, select an existing image from the Media Library, or insert an image from another website.
   • To upload a new image, simply click the Upload button and follow the instructions.
   • To select a file from the library, click the Media Library button. You can use the search box in the library if you know the title, caption, or other information associated with the file.
   • Inserting an image from another website is typically not a good idea – if the other website owner removes the photo then the image will no longer appear on your website.
3. Once you have uploaded or selected an image, add the caption and alt text.
   • A caption typically describes the image or how the image connects to your text. The caption should also include your rights to share the image, such as indicating you took the image, that you have permission from the owner to share it, or includes the Creative Commons license if applicable.
   • Alt text helps search engines find your images, and is an important part of search engine optimization. Alt text is also important for people using screen readers: it tells them what the image is showing. Therefore, include your keyword and descriptive text.

Add Anchors

An anchor is a way to link to a part of a page or post. The Gutenberg editor in WordPress makes it very easy to create something like the Table of Contents above. It’s also convenient when you want to send someone a link to a specific part of a post or page.

1. Click on a heading within your page or post. The menu to the left hand side will change to show heading block options.
2. Click on Advanced in the menu to the left.
3. Add a word in the HTML Anchor field that describes the section you want to link to.
4. Select the word or words you want to hyperlink with the anchor, and click on the link button for the paragraph section.
5. Instead of pasting a link, type the pound symbol #, then the word you indicated for the Anchor. For example, I would link to this Add Anchors section by typing #anchors.

Search Engine Optimization (SEO)

Consider what your keyword or keyphrase will be for the post, and remember to include it in the title, in some of your headings, and in multiple places throughout the post. Yoast, a WordPress plugin, has great information about keywords to get you started.

Even if you’re not using an SEO plugin like Yoast, including a keyword or keyphrase throughout a post or page will help search engines to find your work. Want to learn more? The Beginner’s Guide to SEO from Mozilla is a great place to start.

Once you are done writing your post, be sure to add one or two sentences that describe your post or page in the WordPress Excerpt field. You’ll find it in the right hand navigation bar, under the Document tab. The excerpt should include your keyword or keyphrase, and can also be used as the meta description for the post or page; Yoast calls this the snippet and it will appear in search results. You can also use the excerpt as your first paragraph to help readers know what your post is about before they dive in.

Collaborate with Google Docs

Google Docs makes it particularly easy to write and edit content collaboratively. We usually can’t be in the same room when we collaborate, but with Google Docs we may as well be. Even if you’re writing solo, it can still be helpful to write in Google Docs so you have a record of your work outside of WordPress.

Compose your Text

Simply type your text into a Google Doc. WordPress will format your text to your theme font after you import. Simple formatting like bold, italics, numbered or bulleted lists, and hyperlinks will import as expected. Do not add extra breaks between paragraphs. Instead, select all text in the document, click on Format, then “Add space after paragraph.”

Do not add images in Google Docs as they do not paste into WordPress. Instead, add images directly to WordPress. You can note your captions at the bottom of the Google Doc for easy pasting into WordPress. Be sure to keep track of the sources of your images. You can also note your SEO keyword at the bottom of the Google doc to keep track.

Add Headings

Use Heading 1 to indicate the title. Do not use Heading 1 in the post or page content. Use Heading 2 to mark primary headings, and Heading 3 to indicate any secondary headings.

Keep it Simple

Even if you are writing technical content, shorter sentences, active voice, and transition words can help your readers. Further, search engines today “read” your text effectively the same way a human would. Use a readability tool to make sure that your text isn’t too complex. Once you import into WordPress, the free Yoast plugin can make some readability recommendations for you.

Collaborate

Once your draft is ready, click on the Share button in the top right-hand side of the Google Docs window. Type in the email addresses of the collaborators or editors you wish to share the document with. They will receive an email that they can now collaborate on your document. Collaborators can make comments, add suggestions, and edit the text directly.

Add Content to WordPress

Once everyone is satisfied with the document, the next step is to copy and paste the text into a WordPress post or page. The Gutenberg editor usually adds headings as heading blocks and adds each paragraph as its own paragraph block, but be sure to read through your text before publishing to make sure the content pasted as you expected. You’ll then need to add images, anchors, fill in SEO details, and set up social media sharing for the post before you are ready to publish.

Post by Email

If you have simple posts without much formatting, one very easy way to add a new post is to email it to your WordPress site! Learn more about Post by Email from WordPress.

First, you’ll need to turn on the Post by Email option. Login to WordPress, then scroll to the bottom of the left hand dashboard and select Settings. Click on Writing at the top of the page, then scroll down to Publishing Tools and turn on the “Publish posts by sending an email” option. WordPress will generate a special email address you can use to create new posts via an email.

Once you have your special email address, all you have to do is compose an email and send! You can use basic formatting like bold and italics, and basic HTML such as to designate headings. Shortcodes can add additional information such as setting the category of the post.

Be careful – any content you send to your special email address will post to your website automatically. A good option is to add the shortcode [status draft] at the beginning of your email to tell WordPress not to publish. Instead, your content will be saved as a draft post and you will need to login to WordPress to finalize the post and publish.

Note: Specific tools and websites are mentioned to assist the reader and do not necessarily indicate an endorsement.

This tutorial is a part of the series on running stateful workloads on Kubernetes with Portworx. The previous parts covered the architecture and installation of Portworx. This guide will explain how to leverage the features of Portworx such as storage pools, class of service, replicated volumes, shared volumes to achieve optimal performance and high availability of WordPress content management system (CMS).

WordPress is a stateful application that relies on two persistence backends: A file system and MySQL database. The storage service for these two backends should be reliable, secure, and performant. In a scale-out mode, multiple instances of WordPress access the same file system to read and update content such as images, videos, plug-ins, themes, and other configuration files. The storage backend for MySQL should support high throughput and performance during peak usage.

Portworx is an ideal cloud native storage platform to run WordPress on Kubernetes. It has in-built capabilities to handle the scale-out, shared, high-performance requirements of web-scale applications.

Portworx Storage Pools

Whenever Portworx detects a new disk attached to the cluster, it automatically benchmarks the device to assess its I/O performance. Based on the throughput reported by the benchmark, it creates storage pools that aggregate devices sharing the common characteristics.

In my bare-metal cluster, I have an external USB disk and NVMe device attached to each node. Based on the internal Portworx benchmark results, these two devices are separated into unique pools. During the installation, Portworx created two storage pools classified as low and high based on the IO priority.

When we run pxctl status command, the output shows the available storage pools.

The devices with lower IOPS are a part of pool 0 while the NVMe devices are a part of pool 1.

By running pxctl service pool show command, we can get additional information about the storage pools.

We can target these pools to create storage volumes aligned with the workload characteristics. For WordPress, we will place the shared file system on the pool 0 while creating the MySQL data and log files on pool 1.

Let’s see how to utilize these storage pools from Kubernetes.

Creating Storage Classes for MySQL and WordPress

The storage classes act as the medium between the Portworx storage engine and workloads running in Kubernetes. The annotations and parameters specified in the storage class influence how persistent volumes and claims are created. This approach takes advantage of the dynamic provisioning capabilities available in Kubernetes. When a PVC has an annotation with a storage class, Portworx dynamically creates a PV and binds the PVC to it.

For MySQL, we need a volume that’s replicated across three nodes with support for high IOPS. Let’s create a storage class with these parameters.

The parameter, io_profile: “db”, implements a write-back flush coalescing algorithm that attempts to coalesce multiple syncs that occur within a 50ms window into single sync. The flag, priority_io: “high”, indicates that the PV must be created on a storage pool with high IOPS.

The storage class for WordPress has different requirements. It not only needs replication but also a shared volume with the read/write capabilities. Since I/O is not so critical, the volume can be placed on a storage pool with relatively less throughput.

The special flag, io_profile: “cms”, applies to the shared volume that supports asynchronous write operations. This increases the responsiveness of the WordPress dashboard when uploading files to the shared storage volume.

Create the storage classes and proceed to the next step.

Configuring and Deploying MySQL

The first step in deploying MySQL is creating a PVC that makes use of dynamic provisioning.

Let’s create a dedicated namespace for the deployment.

The annotation in the PVC is a hint to create a PV based on the pre-defined storage class.

We will now create the MySQL deployment with one replica. Note that we don’t need to create a statefulset as the replication is handled by the storage layer. Since the replication factor is set to three, every block is automatically written to two more nodes.

Even if the MySQL pod is terminated and rescheduled on a different node, we will still be able to access the data. This is handled by Portworx’s custom scheduler called Storage Orchestration for Kubernetes (STORK).

In the below spec, we mention STORK as the custom scheduler to delegate the placement and scheduling of the stateful pod to Portworx instead of leaving it to the default Kubernetes scheduler.

Let’s expose the MySQL pods through a ClusterIP service.

SSH into one of the nodes to explore the volumes created by Portworx.

Notice that the volume complies with the settings mentioned in the storage class. It has replica sets across three nodes as shown by the HA and replica sets section. IO priority is set to high forcing the volume to be in the pool created from the NVMe device on each node.

Configuring and Deploying WordPress

The volume for WordPress has different requirements than MySQL. While it doesn’t demand the throughput as MySQL it needs a shared file system. We specified these parameters in the storage class. Let’s go ahead and create the PVC.

Let’s create the MySQL deployment and service objects.

Let’s now inspect the Portworx volume associated with WordPress deployment.

This volume has both replication and shared flags turned on. It is assigned to the storage pool with low IO priority.

Let’s scale the number of pods of WordPress deployment.

You can access the CMS from the IP address shown in the NodePort.

In the next part of this series, we will explore how to configure snapshots to backup and restore Portworx volumes. Stay tuned.

Portworx is a sponsor of The New Stack.

Feature image by Jessica Crawford from Pixabay.

WordPress 5.5 is largely a success. But there have been numerous conflicts from themes and plugins that caused sites to break. Arguably the biggest issue stems from WordPress’ decision to remove the outdated jQuery Migrate.

The first step of the process of modernizing WordPress was removing the jQuery Migrate 1.x in WordPress 5.5. And that’s what is causing some sites to break.

Some WordPress themes and plugins are using older jQuery scripts, which is causing a range of problems.

According to WordPress page for the jQuery Migrate Helper:

“With the update to WordPress 5.5, a migration tool known as jquery-migrate will no longer be enabled by default.

This may lead to unexpected behaviors in some themes or plugins who run older code.”

As of this writing, over 80,000 WordPress publishers have downloaded the WordPress plugin in order to stop the “unexpected behaviors” of WordPress 5.5.

Over 2,000 Plugins with jQuery Conflicts

According to a post on WordPress, a search of the plugin directory that was conducted two weeks ago discovered over 2,000 plugins that had conflicts.

According to a WordPress Core Committer who did the research:

“This results in ~2400 plugins with the potential to break when jQuery Migrate is disabled upon upgrading to 5.5.”

That list was created two weeks ago. The amount of plugins that have issues should by now be smaller.

Over 200 Themes with Conflicts

The list also discovered over 200 themes that broke.

“For themes these changes to the search bring the results from ~2600 themes to ~250 themes, with only 5 having more than 10k active installs.”

Some people may be experiencing issues with their themes because of outdated code. But some of those problems are because of plugins that are bundled with those themes. For example, premium page builder plugins and slider plugins are routinely bundled with some themes. But because they’re premium, they won’t necessarily get updated to the latest version, depending on your software license.

If upgrading to the latest version of a theme doesn’t solve your problem, you can install the WordPress Enable jQuery Migrate Helper in order to restore functionality.

But be warned that this is only a temporary solution. It may be helpful to troubleshoot your site to identify what functionality is causing the issue. Once the function is identified, you may be able to download an up to date replacement plugin to handle that broken function.

Keep reading to understand more about troubleshooting.

How to Troubleshoot WordPress 5.5 Update

One of the ways to troubleshoot an issue is to use the Chrome Dev Console. Accessing the console is as easy as clicking the F12 button on Windows.

The alternate way is to click the vertical three dots menu at the top right hand corner and choosing More Tools then Developer Tools.

Here’s a screenshot of what an error would look like:

When you click on the file you’ll get another screen that has the error. You can then click the red X icon and a pop up will show what the error is.

If you want more tips on how to troubleshoot a JavaScript error in WordPress, scroll to the bottom of this article to the Citations section for an official WordPress tutorial.

Common Issues After Upgrading to WordPress 5.5

Some of the problems are so bad that some publishers can’t log back in.

Many of the issues some publishers are experiencing after updating to WordPress 5.5 are related to losing site functionality.

WordPress 5.5 Update Problems

These are just some of the problems users are experiencing

How to Fix WordPress 5.5 jQuery Problem

WordPress has released a plugin that restores the jQuery Migrate library. Installing this plugin will cause your site to work again. But…

The plugin does not actually fix what is wrong with your site.

What the plugin does is makes your site work again. But it does not fix what is wrong with the site.

What is wrong with the site is an outdated plugin or theme. If your image slider isn’t working, then the problem is probably image slider plugin. Updating that plugin is a solution.

But if there is no update for the plugin that needs to be updated, then you’re probably using an abandoned plugin. An abandoned plugin is generally one that hasn’t been updated in a long time.

What constitutes a “long time” is not clear cut because some plugins don’t need to be updated that often.

Most plugin developers are improving their software. So, in general, if a plugin hasn’t been updated in a year or more, it’s probably somewhat abandoned.

It’s best to stop using that plugin. Abandoned plugins can become security issues.

In the case of an abandoned plugin, it’s a good idea to find a more actively maintained plugin that does the same thing.

The plugin that you need to restore functionality to your WordPress site is called, Enable jQuery Migrate Helper. You can download it here.

Enable jQuery Migrate Helper plugin is not fix for what broke during the WordPress 5.5 update. It’s just a way to restore functionality.

It’s important to take the next step of diagnosing what is broken and fixing the actual problem.

Once the plugin or theme is repaired, you will be in a better place in terms of security and user experience for your site visitors.

Citations

Using Your Browser to Diagnose JavaScript Errors
https://wordpress.org/support/article/using-your-browser-to-diagnose-javascript-errors/

Enable jQuery Migrate Helper WordPress Plugin
https://wordpress.org/plugins/enable-jquery-migrate-helper/

Optimizing your WordPress website is a never-ending job.

But that doesn’t mean it has to be hard or complicated.

Syed Balkhi, founder and CEO of Awesome Motive joins Loren Baker for a discussion around tools that will make your WordPress SEO simpler.

With a community-first approach, Syed’s team was able to solve users’ problems, partner with other tools, or build tools for free. The value at the core of their success? If they helped others win, they won as well.

Learn more about the tools they developed, the secrets of their success, and how Awesome Motive and their full suite of WordPress tools became industry leaders.

“We give people the freedom to do the advanced things that they want to do and that’s what we’ve really built before.” – Syed Balkhi, [14:26]

“I remember the early days when WordPress came out, I was telling people I’m going to become a blogger. They said what are you doing? Why? You have to create new content every day? Are you crazy? I said, ‘Let’s do it!’” – Loren Baker, [33:36]

“Our goal is to fight inequality through education. This is why everything you see on WP Beginner is free. We don’t charge for courses, there are hundreds of videos for free that we create and I believe that helps level the playing field and creates a better tomorrow.” – Syed Balkhi, [48:56]

[00:00] – A look at Syed Balkhi, Awesome Motive, and their impressive WordPress brands
[03:44] – Why is on-site search important?
[07:09] – What’s unique about All In One SEO?
[16:25] – Opt-in Monster & other cross-platform tools
[18:58] – Does TrustPulse work?
[20:04] – What is Sugar Calendar, and how does it work?
[22:15] – How Syed describes most of their plugins
[23:02] – Using Seed Prod for faster landing pages and sites
[24:28] – How WPBeginner began and what Syed learned doing it
[33:57] – The “aha!” moment with WP Beginner
[35:04] – How Opt-In Monster started
[37:41] – How Syed got into analytics and MonsterInsights
[42:06] – The core culture of Awesome Motive
[42:47] – How does WPBeginner Growth Fund work?
[47:53] – How Syed gives back through Pencils of Promise

—

“The beginner tools, we made it beginner-friendly – that was our first goal. But we also have the power tools because it’s really built for us the migrating sites and the redirects.” – Syed Balkhi, [13:26]

“Don’t try to be everybody to everyone. You might end up drifting away from your core value. That’s when business growth starts slowing down.” – Syed Balkhi, [39:56]

“I might not be the smartest person in the room but I’m smart enough to know what I don’t know
and smart enough to bring people in that know what I don’t know, so we can work together and come to a solution at the end of the day.”- Loren Baker, [40:27]

For more content like this, subscribe to our YouTube channel: https://www.youtube.com/user/searchenginejournal

 

Connect with Syed Balkhi:

The mission of Syed Balkhi is for small businesses to have a level playing field. More than 19 million websites use his software to grow and compete with the big boys. More than 100 million people read his blogs every year to increase their website traffic, sales, and conversions!

Connect with Syed on LinkedIn: https://www.linkedin.com/in/syedbalkhi/
Follow him on Twitter: https://twitter.com/syedbalkhi
Pencils of Promise: https://pencilsofpromise.org/
Visit: https://awesomemotive.com/about/

Connect with Loren Baker, Founder of Search Engine Journal:
Follow him on Twitter: https://www.twitter.com/lorenbaker
Connect with him on LinkedIn: https://www.linkedin.com/in/lorenbaker