Why You Need Website Care

So you got yourself a car. Congratulations! Now you can commute to work a bit more comfortably and not have to rely on transit timetables. But with the car comes new situations that you didn’t have to deal with before – like taking care of a flat tyre. Sure, you can replace it with the spare, but what do you do with the punctured one? Unless you’re in the tyre repair business, you wouldn’t try to fix it yourself, would you? You could try to Google how to do it and buy the tools, but heck, you have more important things to worry about in your life/work/business than fixing a puncture. You take it to a professional – a person who knows the trade and is quite good at it.

It’s not much different when it comes to your website, WordPress or otherwise.

Your website’s importance varies depending on the role it occupies. If it’s just a hobby blog where you write about some of your deepest thoughts and feelings (Facebook pretty much made that kind of site obsolete), then website technical issues really won’t mean much to you. On the other end of the spectrum, if you’re in the retail business and your e-commerce site goes down, that’s akin to locking the doors on a physical store in the middle of the day. You can’t let that happen. But just like in our punctured tyre example, your main focus should be your business, not your website.

It’s a lot of work to put up an effective and pretty website. What many people don’t realise is that once it’s up, it needs to be looked after. What can possibly go wrong, you ask? Keep reading and try not get too scared.

Security

Website Security

The vast majority of people want to make money. It’s part of our survival instincts. Also, everyone wants to have fun, whatever fun may mean to them. Whether it’s for the money or for fun (or in a perfect world, money-paying-fun), some people will try to take advantage of your website. That’s the internet for you. This can go from stealing your client’s credit card information, down to placing their ads on your pages so that your traffic makes money for them.

Back in the early 1990’s, when I was just dipping my toes in the computer world, I asked my then mentor how to keep computers safe. His answer: turn it off, unplug it from the power grid, and store it in a safe. And even so it won’t be 100% safe. The internet was in its infancy then, with no such thing as broadband and the fastest modems you could get would download at a top speed of 5 bytes per second.

The number of users since then has multiplied enormously and with that, the number of hackers (or crackers, or whatever you want to call them). And the sad reality is that there isn’t a single piece of software that can be truly safe from attack. It’s not necessarily because the software itself has flaws, but because it depends on a whole ecosystem for it to work – other pieces of software, hardware, and even users (many attacks are successful because they manage to scam users out of their passwords).

The best we can do is make it hard for attackers to succeed. Software bugs and vulnerabilities need to be fixed as soon as they’re disclosed, as many attackers rely on outdated software to gain access to servers and other systems.

When it comes to website hosting, we also need to choose our host company well. It’s really no use to have your website nice and up-to-date if the server that your files are in has insecure software that you can’t control. For example, if you’re on a shared server that doesn’t have its file permissions set correctly, you’ll be vulnerable from other people’s insecure software. If they get attacked, then your site is as good as dead, too.

So what’s the solution? Besides keeping your site up to date: remediation.

Backups

Back to our flat tyre analogy, you wouldn’t drive without a spare, right? The same can be said for websites, especially those that change frequently, like a blog or ecommerce site.

When things go wrong (and mind you, they will go wrong at some point in time), you’ll be relieved if you have a recent snapshot of your website.

This is what we call a backup and it’s saved many a business’ bacon time and again. When backing up a site, we store a copy of all files and the database on a separate server, so that if the server itself blows up, your backups are safe.

The frequency with which you backup your site can depend on how often your site changes. Daily backups are fine, but some sites can go to extremes like getting immediate file backups and redundant databases (where changes to the database are automatically applied to a secondary database on a different server).

Malware Scanning

OK, so you managed not only to get backups done frequently, but also to recover your lost files and data. Next thing you know, your site is attacked again. You’d be surprised as to how common this really is.

The problem is that when you backup your site, you’re probably doing the attackers a favour and backing up their means of attacking as well. So when you restore the files, they’ll still have the front door wide open for them.

That’s why it’s important to, as well as keeping your site up to date, scan your site periodically for malware and clean it up. Malware are the files and data that attackers are able to embed into your website to let them do what they want.

Security Plugins

There are some handy WordPress plugins that assist in tying up loose ends security-wise – from hiding your admin area behind a custom address, to blocking forced entry attempts, to forcing two-factor authentication, among a plethora of other tactics designed to keep your site safe. The trick is choosing the best one and making sure it won’t conflict with any other functionality of your site.

Pretty daunting, right? Sure, there’s Google to help you take care of all that, but do you really want all that weight on your shoulders when you could be focusing on reaching your quarterly goals? Oh, and speaking of Google, they’re not always your friend! Now you have to also worry about Performance.

Performance

Google is hands down the largest and most popular Search Engine in the world. No argument there. The problem is that businesses are so dependent on getting the best positioning in search results that they have to abide by the ever changing rules that Google imposes (always claiming improved User Experience). A while back, thousands of information-based websites were negatively impacted by Google policy changes (Google gave these changes cute fuzzy animal names, perhaps in an attempt to soften the blow) and these people had to scramble to get back on their feet. Some never did.

Not satisfied, Google decided that sites should be mobile friendly, and then needed to be fast, and recently that sites should be encrypted. I’m not complaining – they’re all perfectly valid requirements when you look at it from a visitor’s perspective. But that also means that you, as a business owner, need to give much more attention to a tool (your website) than to your overall business.

Getting a site to be fast is not usually an easy task. There are many moving parts involved and getting all your ducks in a row can be quite frustrating. Remember the flat tyre analogy? Consider achieving and maintaining good performance as not only fixing the puncture but also balancing and aligning the wheels. And recapping the asphalt while you’re at it!

Professional Help

Taking care of a website shouldn’t be taken lightly. You’re better off hiring a professional who has that as their business so you can focus on your own.

We at UseStrict Consulting take pride in caring for our clients’ websites. With almost 20 years of experience developing websites, and over 5 years customizing and developing WordPress plugins, we know how to secure and optimize your site, and recover it when disaster strikes. It’s a scary world once you know all the dangers, but we’re there to help you through it.

Click here to learn more about our plans.


This post was originally written for TourismTribe.com by UseStrict Consulting.

The Latest Rumors About WordPress Are Wrong

Calypso has been the hottest topic in the WordPress community over the past week, following this announcement from Matt Mullenweg. While many have praised the development as genius, and a long time in coming, others have been less generous in their comments. In fact, there are some rumors and ideas being fervently discussed in various WordPress groups that are flat out wrong.

It all stems from confusion about what Calypso really is, and how it’s changing WordPress and the future development of that platform. Developers who have invested incredible amounts of time to create themes and plugins that are based on the traditional WordPress platform are understandably concerned that all of that work, and the basis for their businesses, could be going up in smoke.

We’re going to review how WordPress works today, how Calypso changes the platform, and what that really means to developers and site owners alike.

The Players

To understand how WordPress works in the background, let’s think about what happens when you go to a fast food restaurant. You order a burger and a few moments later you’re walking to your table with a tray filled with food. Is it magic? Nope. Behind the scenes, several employees were working hard to get your burger assembled to the chain’s standards. In the same fashion, when you load a web page, several things go on behind the scenes until a few moments later you see the page you requested.

HTTP Requests

There are 2 main actors in play when you access a web page. The first one, considered the front end, is the browser. When you type in the URL or click a link, the browser calls the second actor – the web server – requesting that page. The server identifies the type of file being requested and reads it into memory. Depending on the type of file, it will execute a set of instructions and then spit out the result for the browser to display. Simple enough, right? But where do PHP, MySQL, and JavaScript come into play?

PHP is considered a server-side language. It’s just one of many, but like any server-side language, it has no say whatsoever in what the browser does. The same goes for MySQL, one of many database systems. The web server calls the PHP script, which in turn calls the database, before generating the HTML code that gets sent back to the browser. That’s pretty much all that the browser reads.

However, a basic HTML page is dull and isn’t very useful by today’s standards. So browsers also have the ability to style the HTML output using CSS (Cascading Style Sheets), as well as execute predefined instructions that it gets from JavaScript blocks or linked external files.

For example, here’s what the wordpress.org site looks like with- and without CSS styling.

WordPress.org Site with CSS WordPress.org Site without CSS

 

Bottom line – JavaScript is for browsers, PHP and MySQL are for servers (with the exception of Node.js which is a mini web-server that runs JavaScript in the back end. Calypso runs on a thin layer of Node.js to generate the initial page, but has not dropped PHP/MySQL altogether). More on this in a moment.

REST API

REST means Representational State Transfer. It is an architecture style that relies on regular HTTP requests from the front-end to the back-end. In short, it’s basically a one page load that calls several other mini page loads during the same run. Each mini call loads a piece of information.

WordPress

WordPress is a Content Management System; system being the operative word. Its strength comes from the ability to extend it with plugins and themes. All WordPress plugins and themes are written in PHP and use MySQL to fetch and store data. In WordPress.com, the number of plugins and themes are limited and users do not have the power to install new ones – only to turn on those already vetted by WP.com. Self-hosted WordPress.org users have over 10,000 plugins to choose from, again, all of which are built in PHP/MySQL.

The Problem

Now, let’s get back to Calypso. I saw a slew of incorrect reports and conclusions because of this statement on Calypso’s home page:

“The new WordPress.com codebase, codenamed “Calypso,” moves WordPress.com away from MySQL and PHP. It’s built entirely in JavaScript, and communicates with WordPress.com only using our REST API.

This statement led people to believe that WordPress.com no longer uses any PHP and MySQL. If that were true, it would mean that either they broke hundreds of plugins and themes that relied on the database, or modified them all to work with the new technology. Neither are likely. Especially since they say they use REST API.

It’s also a very confusing statement. The new WordPress.com codebase communicates with itself using their REST API? If you’re running from inside a single codebase, there’s really no reason to make an external HTTP request to yourself.

The fact is that Calypso, WordPress.com’s new Admin Interface is mostly just that – an Interface – a Client Side interface. Using our fast food analogy, to suggest that WordPress.com would no longer use PHP/MySQL is like you asking yourself for a burger, not using any bread or meat, and still expecting to get a tray filled with the same exact food as a result.

The PHP server language, and the MySQL database structure, is still a very necessary element to WordPress’s ability to deliver filling content.

This has been confirmed by WordPress:

The old WordPress.com page (or any web page, for that matter) never had any PHP and MySQL to begin with – just a ton of HTML, CSS, and lots of JavaScript. Is Calypso better than the original admin interface? Sure, it looks better and runs faster, but the announcement had misleading statements that essentially blows it out of proportions.

WP.org and Security Concerns

Calypso is the new Admin interface for WordPress.com. It can, however, work for self-hosted WordPress sites. (We recommend self-hosted WordPress, where you can use the SBI! for WP plugin. If you’ve installed WordPress from cPanel or downloaded it directly from WordPress.org, you have self-hosted WordPress.) If you have Jetpack installed and its Manage module enabled, you can use the new Calypso admin interface. However, if you follow the basics of WordPress security, then you’ll find that it won’t work at all. This is because it relies on the XML-RPC API, which many WordPress professionals agree should be turned off at all times as it has been the target of extensive attacks. WordPress 4.4 will be releasing an improved REST API, and hopefully Calypso will adopt that for communicating with self-hosted WordPress sites.

Alternatives to Calypso

So, you saw that you can manage multiple sites with Calypso and you really want to be able to do that without putting your self-hosted site at risk by enabling XML-RPC? ManageWP, InfiniteWP, and WPDash, just to name a few, provide good alternatives.

WordPress User Impact

What does Calypso mean to the average self-hosted WordPress user? Absolutely nothing. Maybe in the future, but not now. So there’s no need for alarm or action. But you should be aware of it, because it may create some changes for self-hosted WordPress in the future. And we don’t want you to be caught off guard. Trust us to give you up-to-date, ACCURATE information, without hype.


This article was written by Vinny Alves for SiteSell and originally appeared in the SiteSell Blog and has been republished with permission.

How to Identify Good WordPress Plugins in 4 Easy Steps

How to Identify Good WordPress Plugins in 4 Easy Steps

Over the past few months I’ve been working with Mike Allton and Susanna Perkins on a project that will try to give info-preneurs using WordPress an edge on creating content for their audience. On one of the less busy days, I wrote the post below detailing how I choose plugins for my clients.


 

How to Identify Good WordPress Plugins in 4 Easy Steps

 

So you’ve finally decided what the focus of your website should be and are ready to set up your WordPress install. You now need to select your theme and a series of plugins to build upon the core functionality you get from WordPress out of the box. With thousands of options to choose from, getting a plugin or theme that will not blow up and bring your site down is a challenge.

There are a few steps you can follow to ensure you have good quality WordPress Plugins for your site. Even if you aren’t a developer and can’t understand a single line of code, using these guidelines as a rule of thumb will give you some level of security.

These are the steps I take when helping my clients decide whether to adopt a plugin or not.

1. Check What Others Have To Say

With close to 40,000 plugins at the time of this writing, WordPress.org offers the ability for users to rate plugins. In the early days, it was possible to select the number of stars for a plugin without commenting on it. To make things fair for authors, people now have to state why they are casting their votes and the authors have the chance to defend themselves, if needed. Plugins with too many low-star ratings should raise a red flag, as long as the comments actually make sense. Be careful of detractors that are only out to troll authors without actually trying to provide constructive criticism.

2. Authors Should Provide (Fast) Support

WordPress.org also offers support forums where users can ask authors for help. Some authors choose to provide support on their own sites. Personally, I think this is valid for paid plugins, but free plugins support should be kept where the free plugins are downloaded. Look for how many resolved topics there are in the recent past, and the time it takes for authors to reply. Authors get notified of new topics immediately, and should have a good reason to not reply within a reasonable time frame.

3. Plugins/Themes Should Be Updated Frequently

Let me take a poetic license here… Code is a Living Entity. There’s seldom such a thing as writing a plugin and never touching it again. It is virtually impossible for any piece of code to not need updates from time to time. With the wide variety of environments out there, there’s bound to be a scenario where a bug patch is needed. Also, WordPress.org is always releasing new updates to the core, and plugins and themes need to keep up. The plugin page will tell you when it was last updated, and up to which version of WordPress it has been tested with.

4. Check For Coding Best Practices

Granted, this part is a bit harder to do if you are not a developer. There are, however, a few things you can look for to identify a well written piece of software. You can find the source code in the “Developers” section of the plugin page in WordPress.org.

Code is like a house – Keep it clean or it’ll become full of bugs. Proper spacing and indentation helps developers to easily understand what each part of the code does, as well as the intention of the previous developer when writing that piece. Another thing that helps understand code is commenting. If you look at the core WordPress files, you’ll see that they went to great lengths to properly document what each piece should do. No author remembers EVERYTHING they had in mind when writing code. If they say they do, run away – they’re either lying or they’re dangerously smart and might try to take over the world.

Object Oriented code is a Good Thing– Gone are the days when people could write code without structure. If you see words like class, static, public, private, protected, or extends, it is quite likely that the developer knew what s/he was doing. For the simpler plugins, this might be overkill as it usually comes hand-in-hand with more files and folders and it might be like killing a fly with a shotgun, but the danger of PHP is that it is so easy to use that it becomes easy to write BAD code.

Closing PHP tags are tricky – PHP comes with open and close tags, <?php and ?> respectively. Any white space after a close tag will be rendered by the web server, many times prematurely. If you see errors such as ‘headers already sent’, the culprit is likely to be white space after a closing PHP tag. Using closing tags at the end of a PHP file is not only unnecessary, but frowned upon. It’s better to see a comment indicating the end of file, than an actual closing tag.

Code should be tested – There are several techniques to test software. WordPress comes with a suite of test files that run via phpunit, a robust PHP testing tool. Plugins and themes should be tested, too. Look for a directory called ‘test’, or simply ‘t’ containing at least one PHP file.

Conclusion

Even if you follow all of these steps to the letter, you might still come across a bug. However, it is much less likely to happen and, if it does, you should be able to get fast support from the author. After all, you did follow step 2, right?

Bulk Package Class Helper for eShop Shipping Extension

This plugin provides the ability of updating eShop product Package Classes from a CSV file.

It’s as easy as downloading the template CSV containing all your products; adding the Package Class names to the appropriate fields; and uploading the updated file.

Continue Reading…

WordPress eShop FedEx Shipping Rates Plugin

WordPress eShop FedEx Shipping Rates Plugin

Use WordPress eShop FedEx Shipping Rates Plugin to replace eShop’s default shipping methods with live calls to Federal Express.

eShop Shipping Extension framework overrides eShop’s default shipping methods, interacting directly with Fedex and other systems for real-time shipping rates and services.

Other services such as DHL will be made available soon. See the bottom of this page for UPS, USPS, and Correios

Please note that if you’re using WooCommerce, turn away – this is NOT FOR YOU! This works with eShop for WordPress only.

Continue Reading…

Europe Region Pack for eShop Dynamic Checkout Form

Dynamically display European States/Regions for eShop Checkout form.

Available Countries:

  • Albania
  • Andorra
  • Armenia
  • Austria
  • Azerbaijan
  • Belarus
  • Belgium
  • Bosnia
  • Bulgaria
  • Croatia
  • Cyprus
  • Czech Republic
  • Denmark
  • Estonia
  • Finland
  • France
  • Georgia
  • Germany
  • Greece
  • Hungary
  • Iceland
  • Italy
  • Kazakhstan
  • Latvia
  • Liechtenstein
  • Lithuania
  • Luxembourg
  • Macedonia
  • Monaco
  • Netherlands
  • Norway
  • Poland
  • Portugal
  • Republic Of Ireland
  • Romania
  • Russia
  • San Marino
  • Serbia
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Turkey
  • Ukraine
  • United Kingdom

Total regions: 1465

Installation

  1. Upload eshop-checkout-dynamic-states-europe.zip into your WordPress plugins directory;
  2. Activate the plugin.

eShop Checkout Dynamic States, required for this extension to work.