WP Minder

Blog

Links Roundup for August 2021

by 2 Comments

Questions about GDPR. GDPR (the General Data Protection Regulation, their privacy guidelines for the acquisition, usage, storage and deletion of personal data for EU users) can be a confusing beast. I get questions about it from clients mostly concerned about privacy policies. Here is a post from MailerLite about 99 common GDPR questions for email marketers that you may find helpful.

AI-powered copywriting. Does the idea of writing a blog post make you feel _____ (insert your favorite anxious feeling here)? It can be hard coming up with interesting things to write about week after week, there’s no way around it. But have you considered one of the many AI-powered copywriting tools that are now available? There are a good many to choose from; some focus more on short content like headlines and ads, while others work with longer content like blog posts or product descriptions. Here’s a review of some of the top AI-powered writing tools.

Roundup of content generators. Here’s another post on content generators, but this one covers a lot more ground. In addition to AI copywriting tools, it includes others for generating headlines, names, ad copy, audio and video content, blog ideas and more.

Redirects. Removing (or sometimes moving or renaming) old website content can cause big problems for search engines. Redirection is the process of sending search bots and human visitors to the correct new content when they try to go to deleted or moved content. It’s easy to do with WordPress plugins like Redirection and 301 Redirects, but the reasoning behind it may seem confusing. Learn 6 redirection best practices for your WordPress site.

3 Common WordPress Vulnerabilities and How to Prevent Them

by Leave a Comment

WordPress is the most popular content management system (CMS) in the world, powering over 39% of all websites in 2021. But despite its increasing popularity, even long-time WordPress users are often unaware of common security issues that put their site at risk…

Three very common vulnerabilities of WordPress sites include:

  • Outdated plugins and themes
  • Abandoned plugins
  • Outdated WordPress core

A WordPress “vulnerability” is a flaw in the software (in plugins, themes, or WordPress itself) that makes your site more susceptible to attack. A WordPress vulnerability can allow an attacker to execute arbitrary code on your site or bypass authentications, which can lead to major data loss or site defacement

Vulnerabilities in WordPress can be exploited by attackers using a variety of techniques, including SQL injection (where a hacker tries to access a WordPress dashboard by injecting malicious queries into the SQL database) and cross-site scripting (where hackers upload malicious Javascript code to a site, usually designed to trick users into sharing sensitive data).

If you’re using WordPress, this post will teach you how to protect yourself against these very common problems. And thankfully, that’s pretty easy to do.

#1. Outdated Plugins and Themes – The Top Reason Sites Get Hacked

Research consistently shows that plugins are the main way that a site gets hacked – usually over 50% of all hacker entry points involve plugins. And Sucuri’s 2019 Hacked Website Report found that over 44% of sites they worked with had at least one vulnerable plugin.

And plugins are critical – the ability to add a huge array of features to your site with plugins is one of the things that makes WordPress so wonderful!

Yet many WordPress users don’t seem to realize that plugins and themes are actually software – just like software on your phone or computer – that has to be updated from time to time. The longer the plugin or theme has been around without an update, the more likely it’s going to have issues, either with security vulnerabilities or by no longer playing well with the newer version of WordPress on your site. You’re asking for trouble by avoiding updating plugins on your site.

What To Do About Outdated Plugins and Themes

Updates Available
Updates are available

Make it a habit to login to your WordPress dashboard at least once per week and check for any available updates to plugins and themes. Just run the available updates you see in your WordPress dashboard – that’s all you need to do (making sure that you have a fresh backup available first, especially if you’re running complex plugins like WooCommerce).

This is simple, rarely results in any problems with your site, and is one of the very best ways to protect your site. And if an update does cause a problem – that’s what backups are for.

For commercial plugins and themes, make sure you keep those licenses updated, otherwise you’ll lose the ability to update the plugin or theme (making your site more vulnerable to hackers) and miss out on bug fixes and new functionality.

Also make sure you’re using a security plugin on your site that provides malware scanning. Automated scanning is best because it can be set up to alert you when a problem is found so you can take care of it quickly. But a manual scan is also fine if you can remember to do it when you check for updates.

If eventually you no longer need a plugin, deactivate it and remove it. Keeping an unused plugin on the website is still providing a potential entry point for malware.

A Special Word About Updating Themes

In my experience, once in a while I’ll run across a client’s site where the theme is wayyyy outdated. That’s a warning sign, and typically shows up where the site’s developer did not properly use a child theme for modifications and the site’s owner was either told not to update it or is prevented from updating it by a code change. If changes were made directly to a purchased commercial theme, it can’t be updated without losing all those modifications, and that’s bad news.

If you’re in that situation, unfortunately you really need a new, correctly-built theme for your site. The longer you wait, the more risk you’re taking on that the site could be a target of hackers or will stop working well with the current version of WordPress.

#2. Abandoned Plugins

An abandoned plugin is one where the developers no longer actively maintain it and haven’t made any changes to it in over 2 years. That means it’s not tested for compatibility with current versions of WordPress, and is also not checked for bugs. If problems have been found, they haven’t been fixed.

The longer the plugin has been around without an update, the more likely it’s going to have issues, either with security or by no longer playing well with the rest of your site causing it to break or behave oddly.

Having these on a site makes me uncomfortable, because I know it puts the entire site at risk, and it’s an unnecessary risk!

There are some very popular abandoned plugins that used to be go-to’s that are still installed on hundreds or thousands of websites. For example, the WordPress plugin called Limit Login Attempts was great in its time. It helped prevent Brute Force attacks, where the hacker would try random username/password combinations until they found the right one.

However, Limit Login Attempts hasn’t been updated by its developer in over 9 years. It’s still installed in over 800,000 WordPress sites! That’s a potentially big problem waiting to happen.

What To Do About Abandoned Plugins

The View Details block
For plugins, this is the View Details block.

For plugins that you notice haven’t had an update in quite a long time, go to the Plugins page of your site. Under each plugin you’ll usually see a ‘View Details’ link in the Description section. Click it and it will show you when the plugin was last updated and WordPress version compatibility. If a plugin hasn’t been updated in the last 2 years, it’s a good idea to begin looking for a replacement (or if you no longer need it, just remove it).

Fortunately, it’s usually pretty easy to find a replacement that does what your old plugin does if you still need that functionality. Just be careful to check your site once you replace a plugin to make sure that it’s working correctly. That goes for removal too – check your site after removing an unneeded plugin.

 

#3. Not Keeping your WordPress Installation Updated to the Latest Version

When you have a WordPress site, you quickly learn that WordPress gets updated a lot. A major WordPress update may happen a few times per year, and it’s always a little bit scary because they usually involve some significant changes. Minor updates happen much more frequently.

The good news is, WordPress core is typically much more secure today than the plugins which are created mostly by third-parties, and successful attacks on WordPress core are quickly fixed by patches. That’s why there are so many updates to core. WordPress core has gotten more secure (less reported security issues) in every major version.

You should always use the latest version of WordPress because it will include the latest round of security fixes, as well as any new features. The latest version also tends to have some performance improvements.

What To Do About Outdated WordPress Core Files

The answer is simple, and the same as for outdated plugins and themes. Make it a habit to visit your WordPress dashboard at least once per week and check for updates. Before you click that update button, be sure you have fresh backup in place.

For the major updates (like 5.4, 5.5, 5.8) I typically wait about a week. There are always bugs associated with these big updates and it’s better to give it time to have these problems fixed before doing the update on your own website.

Especially if you haven’t updated WordPress in a while, make sure you have a fresh backup first, and check your site for any problems after the update.

Conclusion

In this post, we’ve gone over three very common WordPress vulnerabilities and how you can protect your site and your customers against them. If you’re using WordPress for your website, it’s more important than ever to make sure your site is secure!

And don’t forget that it’s critical to have a regular backup of your site stored safely away from your hosting account. Having that fresh backup can save the day – not having it can cause a catastrophe if something happens to your website.

How We Help You

WP Minder’s daily WordPress vulnerability checks help us stay on top of any plugin, theme or WordPress problems that arise on your site. They are just part of the comprehensive security measures we put in place for our Care Plan clients – and that includes redundant offsite backups made daily so we always have a fresh copy of your site in case disaster strikes. We also fix issues that may arise as a result of an update at no charge.

To see which WordPress Care Plan would be the best fit for your site, take our 5-question quiz.

Why Your Site Needs a Privacy Policy

by Leave a Comment

Concerned woman on computer

If you collect any kind of personally identifiable information (PII) from your website visitors, your site needs a privacy policy.

PII includes:

  • A contact form that requests a name, email and phone number
  • A newsletter signup form that requests an email address
  • An order page that requests name, address, email, phone, and credit card info

Privacy laws protect consumers (your site visitors and customers) by requiring websites disclose what PII is collected, what’s done with that data, and who the data is shared with.

You know how when you buy something and then you start getting tons of emails about other things you ‘might need’ too? Those are violations of your privacy.

Why does this matter for your small business website?

While it’s not yet a requirement for most U.S.-based customers yet, it’s very likely to be in the near future. If you’re in certain states or do business with European customers, you must have a privacy policy in place on your website now.

Otherwise you risk penalties. For the CCPA (California Consumer Privacy Act), if a customer of your site is not allowed the rights accorded them by CCPA, they have the potential to file a civil suit. Failure to comply with CCPA could result in civil penalties of $2,500 – $7,500 per violation per user. And for GDPR violations, it’s up to 20,000,000 Euros or up to 4% of global revenue.

Having a privacy policy in place can help protect your business if you are ever faced with a violation. Plus, protecting your customers and visitors is the right thing to do and the general move toward consumer privacy protections worldwide is a good thing! Show you care about your clients by including a comprehensive privacy policy in your website.

And…

Caring about privacy can give you an edge over your competition

A Pew Research study from 2019 showed that 79% of U.S. adults said they were concerned about how companies use the data they collect about them. Another study showed that:

  • 93% of Americans would switch to a company that prioritizes data privacy.
  • 62% of Americans called companies that prioritized privacy ‘trustworthy.’
  • 54% of Americans called companies that did not offer data privacy information ‘untrustworthy.’

People worldwide became more aware of privacy issues when the GDPR went into effect in 2018. But also in 2018, the Cambridge Analytica/Facebook scandal broke, disclosing the harvesting of PII from millions of Facebook users which was used for political purposes. That helped U.S. consumers start to focus on their privacy – why were Europeans being protected but Americans weren’t? This put pressure on U.S. lawmakers to get something done to protect U.S. consumers online, too.

Current state of privacy law in the U.S.

There are many bills in play right now in U.S. states to enact their own privacy laws. For example:

  • CA, CO, VA have all passed privacy legislation as of July 2021.
  • MA, NY, NC, OH and PA are actively considering privacy legislation.

Here’s a map showing the progress of privacy law legislation in the U.S. today.

The common things you’ll see among these bills are:

  • Requirement for websites to have a privacy policy.
  • They apply whether or not your business has a physical presence in the state.
  • The ability to opt out or request confirmation and deletion of PII.
  • The disclosures required differ from state to state, creating a patchwork of different rules.

There is no federal privacy law in the U.S. as there is in Europe, which will make compliance much harder for U.S. businesses, adding even more requirements for them over time.

How to get a privacy policy for your website

If you don’t have a privacy policy on your website, or if it is more than 2 years old or was most likely copied from a boilerplate policy years ago, you need a new privacy policy that covers the requirements of modern privacy law. And that is complicated!

Again, if you collect any kind of PII from a name or an email to a phone number or credit card info, you should have a privacy policy. How do you get one these days?

  • From an attorney. A privacy attorney is a great resource for large clients or ones needing special compliance help. The attorney must have a strategy in place for keeping your policy up to speed with the changing laws. You’ll need to find out if they’ll charge you for each update (which can quickly become expensive).
  • From a generator. This is much faster and more cost-effective for many small and medium businesses – you can stay up to date with rapidly-evolving privacy laws at no additional cost.

How WP Minder can help with your privacy policy

WP Minder will work with you to create a privacy policy that’s customized for your website and customers. You get the expertise of attorneys packaged in a convenient and more affordable software solution – the service is managed by an international legal team who monitor upcoming changes in privacy legislation worldwide.

Your policy will include the required content and disclosures depending on your location and who you sell and market to. Best of all, it gets updated automatically on your website when new laws are passed, so you don’t have to do anything about it.

Get the peace of mind of having an up-to-date Dynamic Privacy Policy on your website. This service is just $22/month, only for WP Minder clients.

Included in your service:

  • Learning about your audience to determine what laws will apply to your website
  • A scan of your site to locate potential privacy issues with third-party functionality
  • Creating a custom policy with the appropriate disclosures for your location and audience
  • Adding the privacy policy to your website with a link to it in the footer
  • Creating and customize a cookie policy
  • Cookie consent bar placement in your site

For existing clients, sign up here. For more information, just click the button below. We’re happy to answer your questions.

Contact us about your new privacy policy today

Why Updates Matter

by Leave a Comment

A WordPress site is software, and just like the software for your phone, computer, etc. it has to be updated, usually for security reasons and less often for new features or bug fixes. And just like your car needs regular maintenance to run right, so does your website.

WordPress and its plugins and themes do get updated a lot – that’s for sure. Especially if your site is large or complex, there’s a lot to keep up with when it comes to updates.

What can happen if I don’t update my site?

The longer you go between updates, the more risk you’re taking. Here are some of the things that might happen if you don’t update regularly.

  • The risk of acquiring malware/being hacked increases. Did you know that when WordPress, plugin and theme developers release new versions, they generally publish a changelog which is basically a roadmap of the vulnerabilities they fixed with the new release? Hackers use these to target sites still using the old versions to exploit those vulnerabilities. The more old plugins/themes you have, or the longer you wait to update WordPress core software, the more vulnerable your site gets.
  • The risk of something breaking increases. I’ve had clients come to me with dozens (sometimes as many as 50) outdated plugins and themes. When you wait that long, something is bound to break when you finally do get around to updating. Unless you do it carefully and methodically (and on a safe copy of your site), you may not be able to figure out which update caused the breakage. This can lead to a rabbit hole of attempts to fix the problem and become quite time-consuming.
  • Missing out on new features. New features often accompany security improvements especially in major WordPress core software updates.
  • Functionality can begin to fail. If you update sporadically and have a mix of old and new versions of WordPress core software, plugins and themes, you may find that functionality on your site is not working the way it should due to conflicts between those various elements.

Software vulnerabilities in plugins, themes, and WordPress core are one of the top causes of site hacks1. Attacks are done through automated scripts that search for known vulnerabilities all over the web. It’s not personal, but if your site is chronically out of date it is an attractive target for these kinds of hackers.

Why don’t site owners update their WordPress sites?

I’ve heard a few reasons for this, the most common ones being:

  • They just don’t think about it, or forget to do it. This is mostly from brochure-style site owners who don’t update a lot and rarely login to their sites.
  • They didn’t know they needed to do it. This is usually from first-time WordPress site owners.
  • And the #1 reason: they’re afraid they’ll break something. The larger a site becomes and the more plugins in play, the likelihood of breaking something with an update increases. This is especially true of WooCommerce sites.

Those are the reasons we started WP Minder back in 2014 – so our clients don’t have to think about everyday, required site maintenance and are never at risk for breaking something just by trying to take care of their site. We do the care and if something does break, we fix it. It’s that simple.

If you’re a WordPress site owner ready to leave the maintenance behind so you can spend more time on your business, give us a try. Contact us for more information or take our quick survey to see which Care Plan is right for your site.

1 Sucuri 2019 Website Threat Research Report.

Weekly Links Roundup – Online Sermons, Help Desk Plugins, Before You Hit Publish, Download Managers

by Leave a Comment

Here’s our latest selection of curated WordPress and web marketing links to help your business thrive.

Are you the manager of a WordPress site for your church? If so, have you considered putting sermons online? Here’s a guide to doing that, including audio and video recording, getting sermon content into your site, turning your sermons into a podcast and more.

Here is a review of 13 of the best WordPress help desk plugins. Offer product support right within WordPress!  Help desks can make it much easier to manage client support – assign ticket numbers, organize all support requests and followups in a single dashboard (much simpler than using email!) and be less frustrating for both you and your customers.

Here’s a treat from ProBlogger – this video teaches you 23 questions to ask yourself before you publish your next blog posts.

Download manager plugins extend WordPress’ native ability to handle downloads by adding in download tracking, organization of downloadable materials, and user restrictions on downloading content. Here’s a roundup of 15 of the top WordPress download managers.

Did you find this information useful? Please share with your friends and colleagues! And comment below with questions or observations.

Weekly Links Roundup – WooCommerce Payments, Uptime Monitors, Popup Plugins

by Leave a Comment

Here’s our latest selection of curated WordPress and web marketing links to help your business thrive.

For WooCommerce users, a new payments option was announced this past week: WooCommerce Payments. This new service uses Stripe’s payment processing but with a different user experience. However, there’s one big drawback – it requires Jetpack to function. If you’re already using Jetpack to calculate taxes in WooCommerce, then it may be worth a look. If not, I’d probably stick with Stripe. Learn more about WooCommerce Payments. And, why you may want to avoid Jetpack if you can.

Looking for a service to let you know if your website goes down? Here are 12 of the best uptime monitoring services reviewed. Note: if you’re a WP Minder client, we do this for you and always have an eye on your site. Learn about all the benefits of working with us.

Popups are everywhere – they can be useful and engaging, or just terribly invasive. This post about the 5 best WordPress popup plugins also has info on how to make sure your popups are not irritating.

And a few posts from our sister site Red Kite Creative that you might find helpful:

Did you find this information useful? Please share with your friends and colleagues! And comment below with questions or observations.