Hello Happy Site Owners! This week’s tips include what you need to know about WordPress security these days, a new User Avatar plugin that doesn’t rely on Gravatar, settings for the WordPress SEO plugin, how to fix missed scheduled posts publishing, bunches of updates to Gravity Forms, what the heck is going on with HostGator lately, and what affect the Genesis 2.0 update will have on your current site when it comes out. So, let’s dive in. Listen to the podcast.
Let’s talk security. I believe that most site owners consider a site to be hacked when there’s visible evidence, like the site simply not being available. But the truth is, most hackers are not interested in taking your site down. They would much rather use it as a spam or malware portal. So, you may not even know that you’ve been hacked until you get a penalty warning from Google Webmaster Tools. (You do have your site connected to Google Webmaster Tools, right?)
Well, it seems that the hackers have figured out a way to hide their activity from Google so that you never get that warning. Daniel Cid has an excellent post on the Sucuri blog about the recent Google Transparency Report – Malware Distribution. In that post he states that, “in the first week of Jun/2013, 37,000 legitimate sites were compromised to host malware.” But, he goes on to say that the real number of infected sites are much higher because this number only represents the ones Google can detect.
The Sucuri Malware Scanner can detect much more, and I suggest you routinely scan your site with it. I scan mine every month using the Sucuri malware scanner that comes with BackupBuddy (aff link). Or, you can also use the free one on the Sucuri site.
I know it’s an extra chore, but cyber security must become a top priority on your to do list now. A decent backup strategy and these scans are your only real security blankets these days. Please don’t keep putting it off. If you don’t believe me, I’ll let you talk to the handful of site owners that have contacted me recently to fix their hacked sites.
Some of the links below are to the plugin developer’s page, but you can find most if not all of these plugins in the WordPress plugins repository.
The WP User Avatar plugin cuts your dependence on having a Gravatar account. It uses an image you upload to the site and the bio info you include in your User profile instead. A lot of folks, including me, are advocating this become the default standard for WordPress and relax the necessity of a third party site for basic info about who wrote the post. I would be happy to see it go even further and allow the integration of your G+ personal profile as a standard option. That would work beautifully with authorship.
– – – – – – – –
The WordPress SEO plugin by Yoast has had several updates in the last few months. And because of that, I’ve gone through all of the settings pages again and updated my notes for them. I’ll be updating all of the videos in the SEO and AuthorRank Video Course accordingly too. What I’ve discovered is that when he adds new things, he puts them at a default setting, and now I know why a couple of things I had set in other places on the site no longer work correctly, specifically the link for my author byline and where readers are redirected when they click an image that is set to show the Attachment page. I always look through the changelog when he makes an update, but the notes there are sketchy compared to the reality of the settings they effect and/or conflict with other core WordPress settings. And then there are settings that just get moved around to other places. I appreciate that this plugin does so much and does it so well, but I would like to see more notes and/or screen shots in the changelog notes or in his blog posts that are very clear so I don’t have to dig through every setting to see what happened.
And, this is exactly why you need to be careful to check the date on any post you read about how to configure this plugin too. Google changes all the time and this plugin changes to keep pace. That’s also why paid subscriptions to my Video Courses are so worthwhile too. I do the research and keep things current for you all through your subscription.
– – – – – – – –
This is a question I see asked from time to time in forums about displaying docs on your site pages. The Google Doc Embedder plugin lets you embed several types of files into your WordPress pages using the Google Docs Viewer – allowing inline viewing (and optional downloading) of several file types, with no Flash or PDF browser plug-ins required.
– – – – – – – –
There’s a plugin called WP Missed Schedule Fix Failed Future Posts and I think the title pretty well explains what it does. And while it probably helps with that issue, if you’re experiencing a lot of issues with scheduled posts not publishing on time, I would invite you to check some settings in your core WordPress files first. Begin with the time zone setting. WordPress runs on UTC, which is the Universal Time Code, and that does not recognize Daylight Savings Time. Plus, there is a setting for the Cron job, which is the master clock for all internal site maintenance. And then there are other external factors to consider, such as when your site and your host are running backups. You want to make sure that your times are set well everywhere so that you don’t have conflicts. You can find out more about all of this in my post titled Set the Time Properly in WordPress for Cron Jobs. It will help you fix the problem at the root instead of covering up the symptoms with a plugin.
– – – – – – – –
Gravity Forms has an Update Palooza! That’s the title of a post by John Saddington on WP Daily with details on the four updates Gravity Forms has made lately. And there’s one in there for MailChimp sign up forms too. And, keep in mind that most Genesis/StudioPress themes have built-in styles for Gravity Forms widgets, so you can make them look nice on your site too.
I’m still trying to get to the bottom of all this, but it seems that the recent changes at HostGator have more to do with their parent company than with what’s best for the site owner. I reported a month or so ago about an email I received from HostGator that they were moving my sites to a new server, which also meant a new DNS address. My sites became crazy slow and glitchy after the move. Basically, they had set up a redirect from the original DNS to the new one, which is what was causing the slowdown. When I called Tech Support, they wanted to do the usual troubleshooting of my site, like finding plugins that might be slowing it down and encouraging me to use a caching plugin. But, when I proved that it was slow on all of my sites, including my new sandbox sites that only had a fresh WordPress installation, then they escalated the problem to the migration team. That’s when I discovered that the DNS redirect was the culprit. So, I went to my domain registrar and changed the DNS to point to the right place and that seemed to fix the problem.
But, the sites are running slow again intermittently. When I did some digging into the new servers, I found that they are based in Utah, which is where the servers are for HostGator’s parent company, which is EIG. And that is the same company that owns BlueHost, JustHost and FatCow, among others.
Now, before you get too concerned, keep in mind that there are car companies that own several brands too, and they all run independently. But, with this move to the EIG servers, I am cautious and I’ll definitely be keeping an eye on things as more and more folks start complaining about the way they are handling these transfers and loss of site up time and load speed. I’ve been a big fan of HostGator for many years and hope to continue that relationship. But I also want what’s best for me and my clients. So, keep reading Tips Tuesday and I’ll keep you as up to date as I can.
A few weeks ago, I wrote a post on HTML5 and Genesis 2.0 that will both hit when WordPress 3.6 gets here. Since then there have been a lot of questions flying about how it affect StudioPress themes that folks are already using. StudioPress owner, Brian Gardner has written a post to address those questions. It’s titled Why You Shouldn’t Fear Upgrading to Genesis 2.0 When it’s Released. Basically, your theme will be fine after the update, it just won’t take advantage of the new features. And, he includes some resources if you want to dig into the code to make your theme HTML5 compatible. Now, that’s not something I advocate you do. Best to leave that to a coding or design pro.
That’s a wrap for this week’s Tips Tuesday podcast. You can find this podcast on iTunes, as well as Stitcher, and the Blackberry Podcast. You can also subscribe directly to the blog posts to get them via email. Visit BlogAid.net for more tips, tutorials, and free resources to make your site better.
And I’ll see you online!