WordPress 4.6.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in the upgrade package uploader, reported by Dominik Schilling from the WordPress security team.
Thank you to the reporters for practicing responsible disclosure.
Download WordPress 4.6.1 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.6.1.
I wanted to tell you about 9 Essential Software Apps and online resources I have used in the past, everything I am going to talk about is free.
9 Essential Software Apps
2. Advanced System Care
We love WordPress – but not all of us are ready to settle with all its default settings and displays – particularly how posts are displayed. As we’re taught that uniqueness does matter to a website’s branding which gives the visitors a great impression, throughout these years bloggers and developers have been striving to tweak the post display, in order to make it as unique as possible.
Today we are going to focus on the smart tweaks you can perform to improve your WordPress post display. Whether you are looking to change your post display to enhance user experience or to increase revenue or page impressions, chances are there is a way to do it without plugin, and most of the snippets listed here are easy to implement, in most time you just need to copy and paste the provided code.
Hope you will find these tweaks useful for your projects, enjoy customizing
Google+: View post on Google+
Security on the web is paramount, forget to set the correct permissions and your hacked. WordPress is just as susceptible as any other web based application and as the source code is publicly available the chances are doubled for an attack on your site so you need to do it right first time
I have put together a few tips to help you with the WordPress setup so you do it correctly and avoid the pain of having to make changes further down the track.
The installation of WordPress is just to easy and most people will miss one of the most important security features when setting up the installation.
The standard prefix for the database tables is ‘wp_’. What you need to do is to change it to something different so it can not be guessed and ultimately hacked.
For example instead of ‘wp_’ use something like ‘eCcJ3q7u_’ using upper and lower case letters as well as numbers to make your database prefix extremely difficult to guess.
If you have already installed WordPress with the standard ‘wp_’ prefix you can still change the prefix but be prepared for a lot of work behind the scene.
2. Permission Settings
Once installed you need to FTP into your site and make sure the permissions are set correctly. A great plug in to check you folder permissions is wp security.
Your folder permissions should be set at 755.
A good start to stopping unwanted guests is to add a .htaccess file to your folders.
WordPress does not put in a .htaccess file in the admin folder so you will need to copy the one from the wp-content folder.
Be careful when doing this as you could block yourself out of the control panel so after adding the file see if you can access the administration of your site, if you are having issues you may need to look at that the setting for the .htaccess are and even Google for information about it.
Now that you have logged in to the admin it’s time to decide whether your site is going to be a blog or a CMS.
If your site is to be a blog you don’t need to make any changes to the default landing pages.
If you are going to use WordPress as a website or a Content Management System (CMS) you need to make a few changes to start.
Go to ‘Pages’ in the left side navigation and create the following pages: ‘Home’ and ‘Blog’.
With that done go to the ‘Settings’ in the left side navigation and expand it. Click on ‘Reading’ and you will see ‘Front page displays’, with two (2) radio buttons
- Your latest posts
- A static page
Choose the second one – ‘A static page’
Now you need to set your front page from the drop down menu called “Front page”. Choose the page you just created called ‘home’
the other drop down is “Posts page”, this is to select the page you want to be your blog page, lets use the page called ‘blog’.
save the settings
That’s about it as far as setting up WordPress goes.
A Vanilla WordPress installation is perfect for your blog or website and with the right plugins you can extend it to do ‘so much more‘ One of the great features of using WordPress is the abundance of free plugins available to install with just a few clicks of the mouse. If you need it, chances are that someone has made a module for it.
Here are 12 essential WordPress plugins that I can’t live without, well … I can but these plugins just make it make it easier. I use other plugins as well but I thought I would keep it down to my ‘Top 12’.
If you have a fav not listed here, let me know in the comments.
1. Headworks 2
Always top on my list, Headworks 2 does it all and more. If you really, truly want to SEO each and every page on your website you need to use this plugin. Its a Meta-data manager on steroids, allowing complete control over all SEO needs such as keywords/tags, titles, description, stylesheets, and many many other goodies.
A great tool for handling all your redirects and 301’s and is fantastic if you are moving or updating your website, keep track of 404 errors, and generally tidy up any loose ends your site may have.
3. Link Within
SEO Smart Links can automatically link keywords and phrases in your posts and comments with corresponding posts, pages, categories and tags on your blog.
Further SEO Smart links allows you to set up your own keywords and set of matching URLs.
Finally SEO Smart links allows you to set nofollow attribute and open links in new window.
Everything happens completely transparent, and you can edit the options from the administration settings panel.
4. Contact Form 7
This plugin allows your WordPress site to use the content distribution network side of Google’s AJAX Library API, rather than serving these files from your WordPress install directly. This will also reduce the load on your server.
5. Really Simple Captcha
A CAPTCHA module intended to be called up from other plugin. It was originally created for Contact Form 7 plugin, and is now an independent, stand-alone plugin.
Manages your WordPress database. Allows you to optimise database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up and optimising of database.
7. Widget Context
Make conditions for the viewing of your widgets. Let a widget appear on in a category or a set of pages or even only on one page. This really lets you shape and style your columns down to each page.
8. Disqus Comment System
The Disqus comment system replaces your WordPress comment system with your comments hosted and powered by Disqus.
Analytics360 plugin allows you to pull Google Analytics and MailChimp data directly into your dashboard, so you can access robust analytics tools without leaving WordPress. Even without the Mailchimp function this is a great visual tool to get a look at your visitors habits.
10. RSS Footer
This very simple plugin let’s you add an extra line of content to articles in your feed, defaulting to “Post from: ” and then a link back to your blog, with your blog’s name as it’s anchor text, which you can edit, Read about it on Yoast’s posts
11. Use Google Libraries
This plugin allows your WordPress site to use the content distribution
network side of Google’s AJAX Library API, rather than serving these files from your WordPress install directly.
12. WP Google Fonts
Google’s Font Directory is one of the most valuable contributions to web typography in a really long time. By hosting an assortment of free open source fonts, they have made it practical for anyone to add rich typography to their website with very little hassle.
There are so many great plugins out there to extend WordPress that I will never get to try them all.
Got a fav? Let me know
I recently outsourced the conversion of a graphic design to a WordPress theme (psd to wordpress) I say recently but in fact it was months ago. That’s what happens when you go for the cheapest quote, you get what you pay for.
I looked around for the best price ie the cheapest as it was a straight forward job. You see I was only going to use WordPress as a CMS, the client did not want a blog so the template work was reduced considerably.
I found ‘the cheapest’ for US$99 the next price was US$300 and they would not drop the price even thought it was only one template and no blog templates.
I took the cheapest option
Needless to say, you get what you pay for. Bad service, substandard work that I have had to consistently send back, bad communication, lack of care and worst of all but the norm when dealing with unprofessional people, blame.
Yes blame, it all became my fault because I upgraded my WordPress application and it broke their work. Don’t get me started on this point.
I could vent my spleen on this but I will save you my anguish because I have learnt my lesson.
You get what you pay for, so next time you get quotes for something (web work in particular) think carefully about the whole process. This little exercise cost me way more than $300 in my time let alone the stress I have had to go through.
So I will say it once more ‘Beware of Cheap’ you will only get what you pay for.
Blogging was our first taste of web 2.0 because of the interactivity of articles and comments and the very fact of ‘user-generated content.’ The search engines began to spider blogs more quickly as the frequent updates and freshness of user content triggered them to return often so as to keep up with news, public opinion, social happenings and trends.
Blogs, and especially WordPress or ‘WP’ platform based blogs, quickly overtook static HTML web sites, appearing in the tens of millions from about 2004. However, the default or classic templates and themes supplied at no cost by WordPress.org were not optimized for the search engines. There were problems such as duplicate page titles — while it is absolutely essential to have unique titles. Another problem for search engines was the question mark which appears with dynamic page generation. PHP is a neat ‘pre-HTML processing’ system but it needed a better way of creating permalinks that displayed key phrases, rather than using a question mark followed by a page reference number.
Technical aspects become very important with blogs, when you need to know how to get more traffic, meaning web visitors, to a WordPress blog. Whole new industries have sprung up on The Internet to provide:
1. Custom graphical WP themes.
2. Software plugins to perform specific functions.
Getting more web traffic to a WP blog automatically, using the major search engines, can be achieved by gaining a lot of inbound or incoming links. In the eyes of big Google, Yahoo and Bing, these inbound links count as ‘votes’ for your blog or web site. The more votes you get, the higher you will rank in the search engine results pages. (SERPs). You should use your creativity to get other blog owners to link to you. Please note that this will happen naturally when your web content is seen to be of the highest quality and value to your readers.
An SEO plugin is a smart, technical way to go. Search engine optimization is both a refined art and a mathematical science. In order to get more traffic to your WordPress blog you need a plugin that will perform some secret configuration settings. It must also modify your permalink structure to make the best use of your main key phrases. The plugin should help create XML sitemaps and also ping the aggregators like Technorati.com and Yahoo, Weblogs.com and all the news and announcement sites. Finally, but not exhaustively, the SEO plugin needs to ensure that page titles, descriptions and keyword meta tags all contain one instance of the focused keyword or phrase. Did I forget the automatic generation of larger numbers of ‘tags?’
Is this techie stuff all too much for you? Has it got your head in a blogging spin? The writer has resorted to trusting this expert work to one Jeff Johnson who generously gives away a highly developed SEO plugin which does all of the above, and probably more. This software is best applied at the very beginning with a new blog because it can mess up the configuration of an existing blog. Jeff Johnson has outstanding results online, which include winning many affiliate marketing competitions, both in The United States and internationally.
In last nights episode of the WordPress Podcast we discussed setting up a website for small businesses in WordPress. One of the things I touched on in that discussion is that we outsource a lot of our development work, especially slicing PSD’s to HTML or even directly to WordPress themes, both for Yoast and for OrangeValley.
I thought it might be useful for all of you to share with you which company we use for that. We’ve worked with several of them, some of them good, some of them not so good, but we’ve had the best experience working with a company called ShopHTML.
The difference, for projects that we do, is in the level of customization teams are able to do to a theme without having to be told specifically what to do. If we include star ratings in a design, ShopHTML will usually come back to us and say “hey, we’ve got this solution, would that work for you” instead of just adding the stars as images into what actually should be a fully functional WordPress theme.
I talked about sharing this with all of you with Absar from ShopHTML, (who’s btw very responsive through email and IM, something we always appreciate in an outsourcing partner). Rather than doing some affiliate scheme we decided we’d make it fun for everyone: we’re going to be giving away a free PSD design to WordPress theme conversion (and I get one too myself, it’s good to be me sometimes). All you have to do is come up with a suggestion for a post you want me to do, here on Yoast.com, and leave a comment below on what the post should be on, and why you’d want me to talk about that topic specifically.
Next week, wednesday May 26th, at noon CET this competition closes, and I’ll pick a winner! The winner will not only get his or her free PSD design to WordPress conversion, but also the post they asked for, so, let’s hear those great ideas!
Outsource slicing & coding of your WordPress themes is a post from Joost de Valk’s Yoast – Tweaking Websites.A good WordPress blog needs good hosting, you don’t want your blog to be slow, or, even worse, down, do you? Check out my thoughts on WordPress hosting!
Go here to see the original:
Yoast: Outsource slicing & coding of your WordPress themes