Hello Happy Site Owners! Welcome to the BlogAid Tips Tuesday Podcast for April 28 2015, and I’m your host MaAnna.
Tips this week include:
– multiple WordPress and plugin updates
– the Pinterest, Ads, and Mobile Webinar replay
– features you need to watch out for in the WordPress 4.2 update
– a tour of the latest WordPress SEO plugin by Yoast
– what makes for a successful membership site
– why not to let a security plugin give a false sense of protection
– tips for automating your daily business routine
Listen to the podcast.
Whew! All of these security and other updates had me running silly this past week and right up until today. I’ve released a couple of new videos covering them, and I’ll tell you more about those and the security patches in just a bit.
But first want to cover the other exciting news here.
In case you missed the live webinar, the replay is now available, along with a timestamp and lots and lots of links of all the things we discussed.
I’m grateful so many super folks were in the audience to help bust some myths about whether you can delete an image in a post that has been pinned or not. And we heard from the creator of AdThrive too. So, very much worth watching.
You’ll find the replay and show notes at the end of the post.
As I mentioned, I released a couple of quick videos this past week.
See the new features in WordPress 4.2, including two that will cause you a security issue if you use them.
There’s also a super small issue with Category Widgets in Genesis themes. Thanks to +Cyndi Papia for catching that and alerting the Genesis developers. They’re working on it. So, I’m holding off updating my sites and most of my clients because most all of us use that.
I’m delighted to say that the TinyMCE Advanced text editor plugin updated immediately after I updated WordPress on my test site. That’s what I was keeping my eye on most closely with this update, so no worries there.
Google moved the cheese again and +Yoast was all over it. He released an update to his WordPress SEO plugin within days. It can now handle how your site name will look in the new breadcrumbs instead of URLs in mobile now.
And this is why I split the tutorials on settings for this plugin into 7 videos, because I knew changes would be popping up. Just didn’t expect them so soon.
I’ll remake the two videos affected as soon as the dust settles on the changes, and then all of these security patches floating around. That should be later this week.
New Membership Site Client
Before I set up member sites for new clients, I insist we have a full consult on it first. Some folks think they have everything figured out beforehand, but the truth is, if you’re new to running a member site, it’s likely you’re leaving money on the table and doing things the hard way, which costs you money.
That’s the whole point of the consult – to help you avoid all of those pitfalls. So, the consult ends up paying for itself right away, and the site owner is well aware of that during the call. It’s not even something folks have to wait to know is true.
But the bottom line of why I offer this service is to help you make the most money possible in your member site through great product delivery and user experience, to upsells, cross promotion. And then to set things up so you can take advantage of all those things and have less admin time running the thing.
All of that translates into more money and membership site success.
If you think going the DIY route with a member site will save you money, think again. This is one thing that’s worth getting help with.
That’s all the news from around here.
Let’s jump into tips from around the ‘net.
There were three recent security updates to WordPress. One of them was right on top of the release of version 4.2.
I advise folks to leave auto updates turned on for these security releases. They are jumping from version 4.1.1 to 4.1.2, and then right behind it was version 4.1.3. And then yesterday, they released 4.1.4. All of those were auto updates.
But for major releases, like 4.1 to 4.2, it won’t auto update. And yesterday they released 4.2.1, which would have been an auto update.
So, you get quick security patches, but less worry about something breaking. And you can manually do the major update when you’re ready.
It’s rare that minor patches like this breaks a site, but plugin updates sometimes have bugs. Because of these frequent updates, and because of the current security climate, I’ve taken to doing full daily backups. You might want to do the same.
If you’re hovering at version 4.1.3 and haven’t updated to ver 4.2, you’re okay. A security patch of 4.1.4 and then 4.2.1 are both out, so you’re covered either way.
Multiple Plugin Security Updates
In conjunction with WP security updates, actually, right before those, there were bunches of plugin security updates. And while there were a lot of popular plugins in the list this time, the vulnerability has actually been going on for months. Lots and lots of plugins have been updated for it.
A few to highlight for you are:
- UpDraft backup plugin
- Gravity Forms
- All-in-One SEO Pack
- Google Analytics by Yoast
If you want to keep up with the 100s of plugins that are getting updated all the time, mainly for this cross site scripting issue, or XSS, visit the WP Security Bloggers site. That’s my go to source for news on them.
And following are a few more you’ll want to know about.
This is not the more popular, official MailChimp plugin. But if you use it, update it.
This is a really good excuse to get rid of this plugin. It’s a real resource hog. And, it gives too many false positives. +Ana Hoffman has a super duper post on way better alternatives to the Broken Link Checker plugin. I refer to this post so much in forums and such that I should just have it on speed dial. It’s that good.
This is another resource hog plugin. If you have to use it, be careful when you run it. Do it when traffic is slow on your site. And then delete it. Don’t just deactivate it. Delete it.
This is the most popular plugin for creating a mobile version of your site. But, it’s not a good way to go mobile if you care about SEO. The changelog of their latest update says they have better SEO now, but no details.
I don’t use it, neither do my clients. So I don’t know how bad for SEO it is.
The Sucuri security plugin just got bypassed. In other words, a white hat hacker demonstrated that he could run end around it. You can read all about in this post from WP White Security.
The bottom line is, don’t let plugins like this give you a false sense of security. There are 100s of hackers working all day, every day to find ways to run end around plugins like this. And somebody’s going to be the first one hacked.
Make sure that you have a solid backup, and more importantly, a solid restoration plan. It’s not enough that you can take a backup. You need to know how to restore it too.
Thanks so much to my favorite world-class hacker specialist, +Makis Mourelatos for finding this post.
Y’all know that I moved my entire back office over to Google Apps about this time last year. And +Dave Webster of Webster Consulting was instrumental in making the switch. In fact, he did all of the really hard work. I was able to hook up all manner of integrations with it too, including my favorite thing, an online scheduler. It’s embedded in my site, and integrated with my Google Calendar, and with GoToMeeting.
That one integration cut my emails down by two thirds!
And, an online scheduler is just one of the tips in this fine post from +Resse Ben-Yaacov that will make your life easier and more efficient and productive too.
That’s a wrap for this week’s Tips Tuesday. Thanks for subscribing on iTunes, and for giving this show a rating and review. I really appreciate it. And do drop by and say hey over on my Google+ page too. That’s where I hang out. Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.