Tips Tuesday – Updating PHP Version, reCAPTCHA, Protect Your Site

Hello Happy Site Owners!

Tips this week include:

• March 9^th free performance and conversion site review webinar
• Webmaster and DIY SEO tutorial updates
• When the next SEO Workshop will be
• WordPress 4.7.3 rolling out
• What are your must-dos for protecting your site now
• Surprising results in the WordPress Customizer survey
• Clef two factor authentication ending support in June
• How to add Google’s reCAPTCHA to Contact Form 7
• Why you need to pay attention to the new PHP version warning in Yoast SEO
• How to update your hosting to the latest PHP version
• How to configure WP Fastest Cache

Listen to the podcast

Podcast: Play in new window | Download

Subscribe: RSS

BlogAid Happenings

Free Performance and Conversion Site Review Webinar

I’m so looking forward to the upcoming webinar with Mary Iannotti on March 9. This is a live-only event and we’ll be reviewing sites for both performance drags and conversion snags.

There’s still time to send in your site for review.

Plus, just for registering you get Mary’s extended guide on how to properly optimize your images for quality and speed, and I know a LOT of you need that.

So do join us.

Webmaster Training Tutorial Updates

Over the last couple of weeks I’ve made a slew of updates to Levels 2 and 3 of the Webmaster Training courses that involve both site security and HTTPS.

If you’re a designer who sets up sites for your clients, you can’t afford to not know how to do them securely and make them ultra fast. Plus, all sites need to be built as HTTPS now.

All entities involved with it are changing rapidly and this course offers you the best way to keep on top of things.

BlogAid SSL Updated

And for those of you who tried to visit the www version of the Webmaster Training URL and got an SSL error, that has finally been taken care of.

It required getting the Domain issued version of the SSL certificate on CloudFlare, and they had a glitch in their system that delayed it from becoming active for a while.

It’s all fixed now and every version of the URL works properly.

We couldn’t have a person who teaches HTTPS conversion not have a redirect work, huh?

DIY SEO Tutorials Updated

Yoast made a slight change to where some of the SEO plugin settings can be found.

The affected tutorials in the DIY SEO course have been updated.

New SEO Workshop Coming Late March

I’m putting the final tutorials together on a six week SEO Workshop that will launch at the end of this month and run through April.

It will take you deeper into every place Google indexes your site and how to get a real competitive edge with your SEO.

Look for an announcement in the coming weeks for registration opening.

That’s all the news from around here. Let’s jump into this week’s tips.

WordPress Tips

WordPress 4.7.3 Rolling Out

WordPress issued a security update on Monday.

Three of the six patches were for XSS vulnerabilities, which seems to be a favorite of hackers for the last couple of years with no end in sight.

Most of those are not as deadly as it would seem. Most require the admin of the site to click on something while they’re logged in.

And, I believe all of these were patched before any, or very few of them were seen in the wild.

There was one for YouTube embeds too, which got my attention.

That’s what hackers are going for these days, the mother companies that have an open door into millions of sites.

WP 4.7.3 also contains 39 bug fixes. The dev team is working hard on bug scrubs every week and they pile them into these minor releases whenever possible.

Protect Yourself

The two things that are must haves to protect your site now are

• a solid backup and recovery strategy
• Paid WAF (Web Application Firewall)

Both of these are worth paying for and are now the cost of doing business, just like paying for a domain and hosting.

Test Your Backup

You need to restore a backup of your site to ensure that it is truly getting everything.

I don’t care what backup plugin or service you are using, and it doesn’t matter what your settings are.

Test it.

Be sure it has everything.

This is not something you want to discover after your site has an issue.

WordPress Customizer Survey Results

Considering that the Customizer is one of the big core changes in the works for WordPress, the results of a recent survey they ran on it are a bit surprising.

For starters, 53% of those who responded said they rarely or never use the Customizer.

In its current state, it really isn’t all that useful to serious designers and site owners. It’s a lot more useful to folks just starting out with the romantic idea that customizing their own theme is time well spent.

But, I expect that when the WP core devs complete this overhaul of the Customizer, following the vision of Matt Mullenweg, use of it will radically change.

The survey had a place to add text replies to the questions too, which were even more insightful. And it shows just how deeply divided opinions are on the current Customizer.

I see this as them saying to either radically improve it or get rid of it. I think the current work on it is to bring unprecedented change to make it better and more useful. We’ll see how that goes.

Security Tips

Clef Two Factor Authentication Ends on June 6 2017

Clef came up with the neat idea of using your phone to scan your WordPress login, providing two factor authentication.

While novel, I’m not sure it caught on enough to keep the company in business.

On Monday they announced they would discontinue Clef on June 6 and the app would be pulled from Apple and Google Play.

See the post for a transition guide for both API and WordPress user instructions.

They also said their team would be joining another company and will have more info on that in the near future.

How to Add Google’s reCAPTCHA to Contact Form 7

Every week I get emails from folks wanting to get their blog or infographic into Tips Tuesday. Many of them come from form robo fillers.

So, I installed Google’s reCAPTCHA on all of my contact forms to put a stop to those mass contacts.

See my MaAnna Minute video on how you can install it too.

And I’m starting to install it on all client sites as I do HTTPS conversions and Loyalty Site Audits.

Plus, the Revision Control plugin is no longer being supported and I’m hard coding that, along with the heartbeat control, and a real cron job on all of my sites and client sites too.

PHP Version Warning in Yoast SEO

We very much need all sites to move up to PHP 7.

That’s the coding language that WordPress, your theme, and plugins run on.

The current stable version is PHP 5.6.

PHP 7 was already in the works, and instead of creating a version 6, the devs opted for constantly upgrading version 5. And that’s how we got to 5.6

Well, now the line has been drawn. Versions 5.4 and below are no longer even supported.

While 5.6 is still actively supported, it will only be that way for just so long.

PHP 7 is way faster than any other version.

Hosts, WordPress, and many plugin devs desperately want all of us to upgrade.

The problem is, too many themes and plugins have not been tested with it and sites could break all over the place.

As a way to put some pressure and visibility on this issue, Yoast has decided to issue a warning message for any sites where PHP 5.5 and below is detected.

I STRONGLY suggest you heed that warning and upgrade your PHP version to at least 5.6.

I suggest you read his post for more on why this switch is necessary.

For me, the biggest point is that since the lower versions are no longer being supported, they are a security risk. Not to mention that your site is running slower on them too.

How to Switch Your PHP Version

On shared hosting with cPanel, switching your PHP version should be simple to do. Check with your host for their instructions.

Be sure to get a full backup of your site first.

And be prepared to investigate any plugins that have an issue with the switch, and then switch back, and then find an alternative for that plugin.

If it were me, I would go all the way up to PHP 7 because you’re going to have to do that in the near future anyway. But, if you’re favorite plugin doesn’t support it yet 5.6 will do for now until they either catch up of you find an alternative.

If you’re on VPS hosting, your host will have to make the switch for you and it will take about 30 minutes for PHP to recompile. If you run into any issues, it will take 30 minutes to switch back.

If you’re on cloud hosting, check with your host about how to make the PHP switch.

Performance Tips

WP Fastest Cache Settings

Speed matters more than ever on sites now.

A local caching plugin can definitely help with that.

WP Fastest Cache was one of the winners in my head to head caching tests

These are settings you can do yourself, so I made a little tutorial for you.

Put a Pair of Qualified Eyes on Your Plugins

One of the biggest issues I see in site audits is that folks don’t turn on plugins or configure them properly.

Contact me if you want a plugin audit. We’ll make sure you have the best ones for the purpose, have them all set up right, and don’t have any conflicts.

We can do it in a live session and you’ll see what I see. And you don’t have to share any logins or anything.

Wrap Up

That’s a wrap for this week’s Tips Tuesday.

Find these tips helpful? Share them with your peeps!!!!

Subscribe to all BlogAid Posts

Subscribe on iTunes

Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.