On March 13th, a SQL injection script was found in the WP Statistics plugin. WP Statistic is an open source plugin design to track visitors. It records IP addresses, referring sites, search engine terms, and location statistics. Per it’s WordPress.org, the plugin has over 600,000 installs. The Daily Swig reported that the plugin can break a WordPress site’s encryption keys and salts. Hackers can use automated tools like sqlmap. The flaw was found in admins accessing the “Pages” option to get statistics. This sends a request to a database and generates an SQL query. This function is normally reserved for administrators. But the flaw can be viewed by non-admins. The hacker can then input their own values into the database.
When the creators were alerted to the flaw, they quickly sanitized the bug and released a new patch.
I had speed issues with my WP installs for a while now. I could not figure out what I was doing wrong until now. I used too many plugins to block brute force attacks.
My default plugins for my WP installs are iThemes Security, Wordfence Security, and Jetpack. I use iThemes to change the WP-config and .htaccess files. iThemes has its own brute force protection. Wordfence is used a firewall and scanner. Jetpack has its own brute force protection. By disabling Jetpack’s brute force option, my sites sped up. I’m already protected with iThemes Security.
Sometimes I forget that a website suffers because of over-protection. When I overprotect my sites with a lot plugins, my sites suffer from performance issues. It is like doubling up on prophylactics… the effectiveness degrades because of friction. It is the same for plugins. Too many security plugins destroy the effectiveness of one security plugin.
Unsplash released an official WordPress plugin. For those who may not know, Usplash is an image repository for free images. Photographers donate their photos to Unsplash for others to use for free. Unsplash built a plugin that connects WordPress to their image library.
The setup is easy. A user must have Unsplash account so the plugin can connect the site via security token. Click on the connect button in the plugin’s dashboard, and your all set.
Adding this powerful repository eliminates the need to search for royalty-free images. It is not fun activity unless you are creating your own images. The conflict I found is that this plugin will not work if you are using the External Links plugin (by WebFactory LTD).
draw comics and webcomics. Comics is a passion of mine since I was a kid. It is
important that my webcomics loads fast and clear. I am particular on site
had an option called “Photon.” Photon accelerated images by using WordPress.com
as a Content Delivery Network. Photon did the reverse for my images. My sites
loaded very slow. If my site lost its connection to WordPress.com, my images
would not load at all. I stopped using the Photon option.
merged Photon with a new option called “Site Accelerator.” I was skeptical
about activating this option because of my experience. To my surprise, the Site
Accelerator did NOT screw up my webcomic; it improved my site’s load speed.
am happy that Jetpack continues to improve their service. I am also happy that
my load speeds improved.
I’ve accepting that images cannot post left or right. I wanted to have images within a paragraph body, but its difficult in Gutenberg. After reading the WP Tavern post, I see that I’m not the only one frustrated with the image options in Gutenberg.
I hope that this issue is resolve before the 5.0 release date later this month.
I’m not fond of site builders. I don’t care for them. I’ve felt that using website builders was cheating. It is like tracing when drawing buildings. The latest theme from Cyber Chimps, called Solome, requires the Elementor plugin. I was not happy with having to use a builder plugin. But, after using the plugin, I’ve revised my opinion about page builders.
Elementor is a WordPress plugin designed to “build” custom pages and posts. Users can add responsive columns and widgets as well as add background not set by the WP theme. Users can also save designed templates to use on other pages or export to other WP sites. There is no extra coding required and the free version is powerful.
The one thing I liked about Elementor is how much I can do with a simple page. I used to rely in tables and HTML tricks for custom page layouts. The plugin removes the need to hard code. Verse Gutenberg, Elementor is much easier to use. The block editing/drop and drag designer with this plugin is superior.
My opinion has changed about site builders. Site builders for WordPress are good… if the user knows the fundamentals of WP. I wouldn’t recommend it for all types of websites. A user/developer would need to decide if it is right direction on a case by case basis.
I try to be open to change. I understand that programs need to evolve to meet the needs of the user. I am also very aware that I am not a programmer nor a web developer. I have a very limited knowledge so I am not an educated authority on the topic. In my attempt at learning, Gutenberg became my default text editor for my sites.
The issue I have is the block editing. This is distracting and unwieldy. I want to create a post. I don’t enjoy writing when every block of text has it’s own option sections. I also want the option to edit my entire post using the HTML editor. I don’t want to go through each paragraph and select “Edit as HTML.” I don’t want pictures to be its own block. I want to add a picture and choose where it’s located with ease. In Gutenberg, the picture is its own editing block. Once the image is set then it is very difficult to impossible to change its location.
I know that like it or not I must learn to love Gutenberg. I trust that WordPress is reaching out to a broader range of uses. I also know that the Gutenberg Editor will become intuitive. I am worried that the new core editor may make the WP experience more cumbersome.
Health Check & Troubleshooting is a new plugin by The WordPress.org community. The plugin test the WP install for errors. The plugin will troubleshoot some common problems offer solutions to solve install issues.
Before anyone runs the plugin, it is ideal to do a backup. I was too eager to explore this plugin and ran it. I had no errors on my WP network install. My multisite install had some issues with the scheduling functions. In both sites, the troubleshooting section, both sites were clear of errors.
Matt Mullenweg, creator of WordPress, gave an address in Belgrade about Gutenberg. He discussed that future installs will ask users to choose between the Classic Editor or Gutenberg for text editing. This is one feature of Gutenberg that I have reservations about.
My first reservation is the ability to copy and paste text. In the Classic Editor, I can copy and paste text from a Word Doc to a post with ease. With Gutenberg installed, I get extra paragraphs or no paragraphs at all. Additionally, I worry about the ability to add HTML/CSS code into a post. I’ve modified page layouts by adding CSS styles and tables. Gutenberg has yet to adjust for plugins that fall under the “Extended Settings” field. For example, I use a plugin called WP Multisite Crosspost. In a multisite environment, I can create a post and have links show up in other blogs. It works fine in the Classic Editor, but not in Gutenberg. I also cannot add links without reverting back to the Classic Editor setting.
What I want and hope is that Gutenberg will not give an “either/or” option for how users write their blogs. But, I recognize that may not be the direction WordPress will want to go. WordPress seeks to increase their user base.
This term I’m taking a WordPress class. I’ve been using WordPress since 2009 so I went into the class thinking this would be an easy A. Because I’m a punk, I thought I’d go nuts with my final. I mean… really start showcasing what WP can do. I even added my mod of the Hello Dolly plugin. I figured this would demonstrate that I’m a WP god. Then I received my first critique of the site…
You need to set the home page to a static page rather than your activity stream – it’s confusing to your site visitors to see that on the home page.
I’m not sure what benefit the Hello Nacho plugin provides to your site? And I wasn’t able to see where it is on the back end, or what it does.
My teacher is right. The site is hard to read. In my attempt to be artsy with my site created some confusion. I have an assignment and I was arrogant. My take away is that I need to remember the first rule of design… Keep It Simple, Stupid. Sometimes customers don’t know what they want. Sometimes customers do know exactly what they want… a WordPress site. Nothing fancy or complex. Keep it simple. Stick to what the customer wants. I learned the K.I.S.S. concept in graphic design, so I should carry that thought process in web design… Keep It Simple, Stupid.
I got a 90 in the assignment when, with my skills, I should have received a 100. Oh well… lesson learned.