WP Minder

Security

Weekly Links Roundup – Hacked Sites, Easy WP Guide, Event Calender Plugins, PHP Versions

by Leave a Comment

This week’s top WordPress and web marketing links.

If your WordPress site had been hacked, how would you know? Check out this infographic from iThemes showing 7 key signs that your site has been the target of a hack. Prevention is much easier than recovery – if you need help keeping your site secure, check out our WordPress maintenance plans. We include an upfront (and then annual) security audit of your site in all our plans.

Easy WP Guide has just released their new guide for WordPress 5.1 – get a PDF here. But don’t bother to print it, it gets updated frequently and is quite large!

Looking for an event calendar for your site? Here’s a roundup of 5 event calendar plugins for WordPress. This list is unusual in that it doesn’t include some of the big players in the category – these are all commercial plugins available at Code Canyon. Check out this post for some top free event calendar plugins – lots of high-quality choices listed here.

A common problem I see with new WP Minder clients is old PHP versions. Why is this so important? WordPress now recommends a minimum of PHP 7.3. But over 77% of WordPress users are on unsupported (read: no security updates ever) versions of PHP – that’s PHP 7.0 and older! Most users don’t know or care about this, but here’s why you should.

You can check the PHP version with this plugin.

WP Minder’s maintenance plans include fast Managed WordPress Hosting on modern, up-to-date servers. Besides the security benefits our clients also get the performance boost that PHP 7.1+ provides.

Did you find this information useful? Please share with your friends and colleagues! And comment below with questions or observations.

Weekly Links Roundup – Collapsing Nav Menus, Translation Plugins, Affiliate Plugins, WordPress Security Myths

by 1 Comment

This week’s top WordPress and web marketing links.

This morning I was putting together a mega menu (think: a really huge menu) for a new site. You know when you have a lot of links in a menu, how hard it gets to move things around in that menu in the WordPress dashboard? I have a fix for that – check out Nav Menu Collapse. It will let you collapse and expand individual menu sections or the entire menu. This functionality should be part of WordPress core, it’s so essential for large sites.

That same new site also needs to be multilingual. The client isn’t interested in manually translating the entire site at this time, but we are going to take advantage of Google Translate and have quick language switching functionality. Learn about different ways to make your site multilingual. And, here’s a review of the 11 best WordPress translation plugins if you want more choices.

Another new client was looking to set up an affiliate program that would let friends and customers sign up to promote the site. A user signs up as an affiliate and then gets a special link to share with others. When someone uses the link, that affiliate gets rewarded. Here’s a review of 10 WordPress affiliate plugins. I’ve heard many good things about AffiliateWP, which integrates with WooCommerce.

Security is an important part of WP Minder’s services. Here’s a quick post about the top 5 security myths surrounding WordPress – and how they have all been debunked. Keep in mind that the biggest security issue with WordPress is user-related; not updating plugins, themes or WordPress core is the number one reason WordPress sites get hacked. If you don’t want to do this yourself, give WP Minder a try and let us handle site security and updates for you.

Did you find this information useful? Please share with your friends and colleagues! And comment below with questions or observations.

Weekly Links Roundup – Cookies, PHP, Store Locators, Mixed Content Warnings

by Leave a Comment

This week’s top WordPress and web marketing links.

Seems like every website now has a cookies popup notification, right? In light of the GDPR and some new state-based privacy laws, like we have here in Colorado, it’s not surprising. But how do you get a cookie notice on your site? Here’s a great little tutorial on using the Cookie Consent plugin to do just that. In fact, I followed it earlier this week when I added a cookie popup to this very site you’re reading. It’s easy and quick to do.

I saw this post earlier this week and it made me sit up in alarm: 57% of WordPress sites will become less secure in December 2018. Yikes! What does this mean? It seems that 57% of all WordPress sites are running on host servers using PHP 7, PHP 5.6, or something even older than that. PHP is one of the software platforms that powers WordPress. And as of December 2018, those older versions of PHP will no longer receive any security patches or updates.

That means that if your site is sitting on one of those affected servers, it will become much more vulnerable to hacks and security issues. As new security problems are uncovered, they will not be fixed. Ever. The linked article shows how to find out which version your host uses. If you’re hosting with us, don’t worry – you’re covered and this will not affect you.

Now for something less scary. If you have multiple locations, or better yet if you have a lot of distributors or other providers related to your business, did you know you can easily add an interactive map of all those locations? This can be really helpful for your users. Here’s a review of the best WordPress store locator plugins. I’m a fan of WP Store Locator and have used in on a few client sites. Here is an example of WP Store Locator in action.

Finally… if you decided to make the switch from HTTP to HTTPS and secure your site (yay, you!), you may have been met with a surprise: a Mixed Content warning from the browser. This means your page has links that are https://, as it should, but it also has some leftover links to http:// too. Those need to be fixed, and depending on the size and complexity of your site, this can be a big hairy deal. Learn about Mixed Content warnings and how to fix them.

Did you find this information useful? Please share with your friends and colleagues! And comment below with questions or observations.

 

Elementary GDPR for WordPress Site Owners

by Leave a Comment

The GDPR (General Data Protection Regulation) went into effect on May 25, 2018. Even if you are not selling or marketing to EU customers directly, this is still very important for website owners. And it is very much a moving target – you’ll see conflicting information, very little in the way of direction, and this is unlikely to change until the new rules are actually tested in court. It’s frustrating, but I’ll try to share the basics of what I’ve learned here.

Note: I am not an attorney and this is not legal advice; it’s recommended that you contact your attorney to review your privacy policy, terms of service, opt-in forms and other aspects of use that involve personal data.

What’s it all about?

User privacy concerns
Photo by Hannah Wei on Unsplash

It’s about privacy, an overriding concern these days. It’s all about personal data – we have to all be good stewards of our customers’ personal information.

Some sites don’t store personal data, but if they do they have to comply with requests from EU users to remove that data and to share information about why the data is collected, how it’s used, and and how it’s stored.

I’m not in Europe – does this matter to me?

If you’re not selling anything, or focusing on EU users in your marketing, does it still affect you? Most likely. If you have a comment or contact form on your site that asks for name and email address, that’s personal data. If someone from the EU fills out your form, then GDPR applies. From Red Kite’s point of view, compliance is a good target for all website owners.

You may be collecting personal data through:

  • User registrations
  • Payments
  • Comments
  • Contact form requests
  • Chats
  • Plugins
  • Analytics and traffic logs
  • Security tools and plugins

This are serious penalties involved here too – fines can go up to 20 million Euros or 4% of total company annual earnings.

GDPR for WordPress Site Owners – How WordPress is Helping You

You’ll probably be relieved to hear that WordPress is taking this seriously, and as of release 4.9.6 has put some new tools in place right in the admin dashboard to assist you with compliance. These are:

  • Under Tools, new features to make it easy for you to export or erase the data for a user by their username or email address.
  • Under Settings, a new Privacy feature that lets you specify an existing privacy page or have WordPress create a default one (which you must edit) for you.

For more information, check out this helpful post by BlogAid on using the new WordPress GDPR tools.

Keep in mind…

Some key aspects about GDPR to consider (remember: I am not an attorney!).

  • Breach notifications – if you have a security issue with your site, notify users with personal data storage within 72 hours. This means you need to be monitoring security with a plugin and/or a service like Sucuri. Security is going to become even more important!
  • Data collection, processing and storage – a terms of service or privacy page should detail what data is collected, how it’s used, why it’s stored, and how it will be stored. You’ll also need to provide a copy of the data stored if a user requests it, and remove the data if requested (which will mean removing an account in most cases).
  • How plugins on your site store data collected from users – this is a big issue, and a lot of plugin developers are working to make it easy to access/remove user data.

What should you do to make your WordPress site compliant?

Chat with your attorney about this, but these are steps to take that are likely common to most small business sites.

  1. Look at all the different ways you’re collecting user data on your site.
  2. Put mechanisms in place so users can control their data (make sure you’re asking for consent for forms, for example).
  3. Avoid collecting user data when it’s not completely necessary.
  4. Make sure your site’s plugins are also compliant. Site owners are ultimately responsible for the data collection and storage of plugins, so review your plugins carefully.
  5. Make sure all newsletters, downloads, etc. are asking for consent/are opt-in instead of opt-out. Already-checked consent boxes are a breach of GDPR.
  6. Consider a Cyber Liability insurance policy that protects against data breaches and other losses of personal data.

There is an excellent checklist in this post on these other considerations for compliance.

Is it likely that your small business site will ever be involved in a GDPR dispute? Hard to say, but it seems much more likely that the targets of such disputes will most likely be very large companies, at least in the beginning.

There will be more to come on this topic… GDPR is still in its early stages and evolving.

Some other references on GDPR:

GDPR: How it Affects WordPress Site Owners and Developers
GDPR Compliance Tools in WordPress
5 Actionable Steps to GDPR Compliance with Google Analytics
The Complete WordPress GDPR Guide
Worried About WordPress and the GDPR? Start Here
Ask Yoast: Preparing for the GDPR

Did you find this useful? Please share with your friends and colleagues!

Weekly Links Roundup – Membership Sites, Not Secure, Emailed Blog Posts, .com to .org

by Leave a Comment

This week’s WordPress and web marketing links.

Ever thought about starting a membership website? It can be a daunting proposition. Here’s a short but informative list of FAQs for starting a membership site from MemberPress that may help you gel your ideas before you decide to take the leap. Also: MemberPress is an awesome tool for running your new site. They have good support and the plugin itself is pretty intuitive to set up and use.

One more step in eradicating the insecure website – as of last week Google Chrome is now flagging all plain HTTP sites with a more prominent “Not Secure” warning in the address bar. If you’re still using HTTP you’ll see this warning before your site’s URL. Please, get an SSL certificate for your site and switch to HTTPS. If you don’t know how, contact me. You are hurting your business and your customers by not doing this.

A great way to reach more readers is to offer your blog by email. Basically, a blog produces an RSS (really simple syndication) feed that users can subscribe too with tools like Feedly. But you can make it even easier for your readers by having them instead subscribe to a blog mailing list and delivering excerpts of new posts to their email inbox automatically. The awesome email marketing tool Mailchimp offers a step by step tutorial in how to get your blog posts automatically into newsletter format. You can choose to send out notifications about new posts as they’re published or on a regular schedule. The Mailchimp RSS tools will provide prominent links to your post and blog to drive more vetted traffic to your website – which is what we all want, right?

Finally…. You may know that wordpress.com and wordpress.org are two completely different animals. If you started off with a wordpress.com site and quickly realized that it has too many limitations to function as a business platform, here’s a guide on moving from wordpress.com to wordpress.org. Please note that the quality of your host really matters. A $3-per-month host may sound like a great deal, but it will not be – you will pay primarily with poor performance. Do some research and find a solid host – it’s worth the effort.

Please let me know if this information is useful to you by commenting below. And let me know if there’s something in particular you’d like to know more about.

 

Weekly Links Roundup – Forums, Video Players, Shortcodes, Security Plugins

by Leave a Comment

This week’s WordPress and web marketing links.

While discussion forums don’t seem to be as popular as they once were, they can still be a great tool on websites where you have a lot of members and want to enable them to ask questions and interact with each other – which can be good for sustaining and growing your membership site. Learn how to add a forum to your site with bbPress.

Looking for a video player plugin to embed videos from YouTube or play locally-hosted videos? There are many out there, both free and commercial. Check out this review of 7 free WordPress video player plugins.

WordPress shortcodes can be great while you’re using them, but one big mess if you have a theme or are using a layout tool like Visual Composer and decide to switch. You’ll end up with a whole lot of useless shortcodes in your pages. Here’s a review of the commercial plugin Shortcode Cleaner that will help clean up all those unused shortcodes. If you use a tool like this, please be sure to backup your site beforehand!

Finally… if you’re considering paying for a security service for your site, here’s a comparison of Wordfence and Sucuri. There’s a lot of noise in the comments about this being a biased review by a Sucuri affiliate, but IMO that may not be true. I’d also strongly recommend Sucuri over Wordfence. If you’re hosting with us or using our Small Business or higher WordPress maintenance plans, you’re already taking advantage of Sucuri’s services.