two beetles on green leaf

SQL Injection on WP Plugin

On March 13th, a SQL injection script was found in the WP Statistics plugin. WP Statistic is an open source plugin design to track visitors. It records IP addresses, referring sites, search engine terms, and location statistics. Per it’s WordPress.org, the plugin has over 600,000 installs. The Daily Swig reported that the plugin can break a WordPress site’s encryption keys and salts. Hackers can use automated tools like sqlmap. The flaw was found in admins accessing the “Pages” option to get statistics. This sends a request to a database and generates an SQL query. This function is normally reserved for administrators. But the flaw can be viewed by non-admins. The hacker can then input their own values into the database.

When the creators were alerted to the flaw, they quickly sanitized the bug and released a new patch.

assorted wood stamps

I like Elementor

I know a lot of WP users prefer Gutenberg. I like Elementor. The drop and drag interface is far more user friendly than Gutenberg. I don’t want to watch a billion You Tube videos to learn how to maximize Gutenberg. I want to get to my page and start designing. I know that using Elementor I sacrifice page speed and resources. But Gutenberg is just not user friendly. More power to WP users who use Gutenberg. If deleting my comment posts defending Elementor makes others feel powerful, then I hope they get their fix. Gutenberg… just sucks.

By the way… I hate how the Gutenberg interface deletes my tags after typing them.

two NFL players

Too Much Blocking

I had speed issues with my WP installs for a while now. I could not figure out what I was doing wrong until now. I used too many plugins to block brute force attacks.

My default plugins for my WP installs are iThemes Security, Wordfence Security, and Jetpack. I use iThemes to change the WP-config and .htaccess files. iThemes has its own brute force protection. Wordfence is used a firewall and scanner. Jetpack has its own brute force protection. By disabling Jetpack’s brute force option, my sites sped up. I’m already protected with iThemes Security.

Sometimes I forget that a website suffers because of over-protection. When I overprotect my sites with a lot plugins, my sites suffer from performance issues. It is like doubling up on prophylactics… the effectiveness degrades because of friction. It is the same for plugins. Too many security plugins destroy the effectiveness of one security plugin.

Unsplash logo

Unsplash for WordPress

Unsplash Test Image
A look at the Unsplash Block

Unsplash released an official WordPress plugin. For those who may not know, Usplash is an image repository for free images. Photographers donate their photos to Unsplash for others to use for free. Unsplash built a plugin that connects WordPress to their image library.

WPTavern wrote an excellent blog about the plugin at https://wptavern.com/unsplash-launches-official-plugin-for-wordpress.

The setup is easy. A user must have Unsplash account so the plugin can connect the site via security token. Click on the connect button in the plugin’s dashboard, and your all set.

Adding this powerful repository eliminates the need to search for royalty-free images. It is not fun activity unless you are creating your own images. The conflict I found is that this plugin will not work if you are using the External Links plugin (by WebFactory LTD).

Download the plugin at https://wordpress.org/plugins/unsplash/.

Space shuttle lift off by NASA Imagery

Site Accelerator

Site Accelerator
To accelerate or not to accelerate, that is the question.

I draw comics and webcomics. Comics is a passion of mine since I was a kid. It is important that my webcomics loads fast and clear. I am particular on site caching.

Jetpack had an option called “Photon.” Photon accelerated images by using WordPress.com as a Content Delivery Network. Photon did the reverse for my images. My sites loaded very slow. If my site lost its connection to WordPress.com, my images would not load at all. I stopped using the Photon option.

Jetpack merged Photon with a new option called “Site Accelerator.” I was skeptical about activating this option because of my experience. To my surprise, the Site Accelerator did NOT screw up my webcomic; it improved my site’s load speed.

I am happy that Jetpack continues to improve their service. I am also happy that my load speeds improved.

Happy Birthday WP

WordPress celebrates 16 years today. You can read more about it via WP Tavern at https://wptavern.com/happy-sweet-16-wordpress.

I began using WordPress in 2009. I worked on a site called Real Life Superheroes.org. I used WP to repost articles about people dressing up as Superheroes to do good deeds. The site evolved into a Social Network (due to BuddyPress). When the movie Kick-Ass came out, Lionsgate offered my co-admin and I a cross marketing deal. In 2011, I stepped down as admin and left the site to new administrators. They could not maintain the site. It broke due to viruses and spambots. I moved the old content to a wordpress.com address.

Since then, WordPress is my go-to site builder. I often experiment with other platforms, but my bread and butter is WordPress. It is what I am familiar with and it is what I’ve taken classes for. It’s a powerful piece of software. I don’t know where I would be without WordPress.

Thank you to the Automattic team for building a CMS that has shaped how I develop websites.

WordPress 5.0 Icon

WP 5.0 is Live

WordPress 5.0 just launched today. I have updated all my WP sites. There are no issues to report right now. All is good.

This is my first blog with Gutenberg as the native text editor.I’m not skeptical about how WP would function with Gutenberg. I am concerned with how awkward the new text editor is. WP is reaching out to Squarespace and WIX users. I will learn to live without a basic text editor. I remain annoyed by the Document/Block options on the right-hand side. This may be another feature that appeals to non-WP users. 

There are new plugins to build on Gutenberg framework. Block Gallery by Rich Tabor allows users to build better galleries. Block Lab is another plugin to create custom Gutenberg block. I’ve loaded both in this install and will experiment with them. 

Good luck to everyone updating their installations today. I hope it is a smooth transition. 

Moving my blog

I changed my Heart WordPress blog address! I want toexperiment with the latest version of WordPress (WP 4.9.9 Alpha). Although WPdoes not recommend beta testing their programs on live site, I am doing itanyway.

My Heart WP site is a continuation of my college finalproject. Rather than let my WP project fade into portfolio obscurity, I use itto test new WP features. My final blog project site was a subfolder my WP network install. I created that network using the WP Multi-Network plugin and WordPress Multi-Site option. But, the plugins I use for my final are not usedanywhere else on in the network. This concerns me because I don’t want to usean untested plugin that will destroy my network. So I moved my blog to adifferent install which I can destroy without worry.

This site will be the first site I upgrade when WP 5.0 comesout. I’m anxious to see how WordPress runs when Gutenberg is its core text editor (https://wordpress.org/gutenberg).

Le Image Issues

WPTavern reported on the Image issues with Gutenberg, the new editor for WordPress 5.0.  I reported a similar image issue-  https://wordpress.org/support/topic/adding-an-image-is-a-nightmare/#post-10647313

I’ve accepting that  images cannot post left or right. I wanted to have images within a paragraph body, but its difficult in Gutenberg. After reading the WP Tavern post, I see that I’m not the only one frustrated with the image options in Gutenberg. 

I hope that this issue is resolve before the 5.0 release date later this month.