Tips Tuesday – Cloudbleed, Beaver Builder and Genesis, WordPress Block Editor

Hello Happy Site Owners!

Tips this week include:

• Free website review webinar
• Last call for DIY SEO and Webmaster Level 6 switch over
• I’m ready for more HTTPS conversion requests
• A sneak peek at what’s coming from BlogAid in March
• The new CloudFlare leak dubbed Cloudbleed
• A security reality check
• Why a solid backup solution is more important than ever
• Which hosts are not supporting free SSL certificates yet
• How to avoid duplicate content on product pages
• Beaver Builder releases an add on for Genesis theme design
• First look at the new WordPress Block Editor

Listen to the podcast

Podcast: Play in new window | Download

Subscribe: RSS

BlogAid Happenings

Free Website Review Webinar

First, I want to remind you to register for the free webinar coming up on March 9, hosted by me and SEO and Conversion Copywriting expert Mary Iannotti of Digital Marketing Deva.

We’ll be doing a performance check and page analysis for conversion right in front of you.

This is well over a $200 value for free.

So register for the webinar and do send in your site info to get in on the review list. You’ll find the link of where to send it on the Thank You page after you register.

Last Call for DIY SEO and Webmaster Level 6 Switch Discounts

March 1 is the deadline for existing members to get in on the major discounts for switching over to the new subscription systems.

If you’re in the original DIY SEO course, or VIP level of the Site Success Courses membership, see the special discount link in the email I sent this weekend, or contact me for it to have continued access to the DIY SEO course.

If you’re in the Webmaster Level 5 membership and want to either stay there, or upgrade to Level 6 to keep all the bonuses and perks, like our private Facebook group, see the links in the email I sent this weekend, or contact me.

Get Your HTTPS Site Conversion Request In

I’m quickly working my way through the last of the request waiting list for everyone who wanted to get their sites converted to HTTPS immediately.

A few folks asked to wait until March, so those will be next. And one is already booked for April.

So, do get your request in now if you want to have your site flipped in the next couple of months.

Time to Consider a Paid Firewall

This past week I put BlogAid and all sub-domains on the paid version of CloudFlare to protect the site behind their paid Web Application Firewall, or WAF.

It’s only $20/mo and that’s about half the price of a site hack fix, and that’s not even including the cost in loss of business.

It’s cheap insurance for my business.

The time is coming when all of us will need to be on a paid firewall, either through a standalone one like CloudFlare and Sucuri, or through managed hosting.

My advice is that you start looking into that and budgeting for it now.

The security threats are getting more severe and what this type of firewall protects from is the next attack vector.

I’m keeping my site ahead of that curve and telling you about this so you can too.

What’s Coming from BlogAid in March

I’ve been a blogging and tutorial making maniac this past week.

Watch for a new post on how to configure the WP Fastest Cache plugin.

It was a winner in my head-to-head caching plugin tests.

That tutorial was also added to Level 4 of the Webmaster Training courses too. I’ll be adding one there on WP Rocket as soon as I finish updating the W3TC tutorials, all of which were also winners in my caching tests.

Plus, watch for a post on how owning a car and a website are alike with fun analogies.

And, I’m putting the finishing touches on SEO Workshop do over that will launch later in March.

Also coming to the top of my to do list is a spring cleaning special to help get your site into shape for the year.

That’s all the news from around here. Let’s jump into this week’s tips.

Security Tips

CloudFlare Leaks

CloudFlare reported a security leak that exposed info on 150 of its client’s sites. They contacted those clients directly, and sent a message to all other users, confirming that their site info was not exposed.

But, it looks like the leak was bigger than that, but still only affected 0.00003% of its clients.

What to do about Cloudbleed

Here’s the official word from my world-class hack specialist, Makis of FixMyWP with the skinny on the whole thing, and what steps you want to take.

More Cloudbleed Resources

There are bunches of write ups about Cloudbleed. Here are just a few that I found if you want to read more.

Please take these with a grain of salt as some sites are grabbing headlines and making this into a bigger issue than it is.

• TechCrunch
• Quartz
• Wired
• Motherboard Vice

I read these and vetted them and they look alright.

I didn’t list some that you may have seen a few days ago, and there’s a reason for that. I read those too, and trust me, the ones above are better.

Security Reality Check

Does any of this make me distrust CloudFlare?

No, not at all.

What it does do is re-emphasize the escalation of hacker sophistication to punch holes in any code on the web.

A few weeks ago we experienced a zero day vulnerability in WordPress itself, that was patched by the 4.7.2 update, and I’m not jumping ship on WP either. And that type of vulenerability is as bad, and serious as anything can get.

This is also why I urge you to consider getting on a paid firewall. I’m on the one with CloudFlare.

A Solid Backup Solution is Required Now

If you’ve been skating by on a backup solution that you are not 100% sure is getting everything on your site, and you haven’t tested that to be 100% sure, then you’re skating on thin ice.

Hackers are now going after mother companies that have an open door directly to your site.

Last week it was CloudFlare and the week prior it was BlogVault.

No matter what other security measures you may have in place, a full backup stored off site is your last safety net to recover your site.

No matter what backup solution you’re using, you may want to restore your site to a sandbox site, just to be sure it’s working and that you know how to go through a restore process.

This is something Makis, my world class hack specialist and favorite fix-it guy can do for you.

Here’s my direct link for him.

SSL and HTTPS Tips

Does Your Host Support Free SSL Certificates Yet?

Some of the folks who requested an HTTPS conversion for their site are discovering that their current host does not offer or support a free SSL certificate, like Let’s Encrypt.

Even if you go out and get your own free certificate, you’ll miss having auto renewals on it.

Be sure to read my post about it and see if your host is on the list of those who don’t have free SSL support yet.

CloudFlare Slow to Issue Free SSL Certificate

One of the legs in your data’s journey from host to the visitor’s browser is your CDN, like CloudFlare.

And if you’re on the free CloudFlare version, you have to use their free, shared certificate for that leg of the journey.

Well, lately they have been slow to issue them when I site has been converted, and that causes downtime.

I’m guessing it’s due to overwhelm from all the requests they are getting. That’s true of all entities involved in this, and is one of the reasons smart hosts are getting ahead of the problem by turning on Let’s Encrypt for all of their clients, whether they are making use of it or not.

READ: Making Up HTTPS and SSL As We Go

SEO Tips

Duplicate Content on Product Pages

If you run a shop on your site, like WooCommerce, you’ll definitely want to read this post from Yoast about duplicate content listings in your meta descriptions, and how to take care of it.

Theme Tips

Beaver Builder for Genesis

Being an old coder, I’m not crazy about drag and drop type builders because they are bloated and usually write crap code.

While Divi may be taking over that part of the world, it relies heavily on shortcode, which is another big no no in my book and that’s even more important than the fact that it is bloated and doesn’t support schema markup.

Beaver Builder has gained a good reputation as a drag and drop builder, even among elite devs like Pippin Williams, who did a critical review of all such builders.

Well, now Beaver Builder has released the first Alpha version of an add on that works with the Genesis framework.

I’m a big Genesis fan because the code is superior and they keep right on top of core changes with WordPress and SEO. Plus, they are one of the few frameworks that supports schema markup, which is superior for SEO.

So, this looks like it will be a good match.

And the webmasters I’ve talked with about it think it’s great because it plays well with Advanced Custom Fields too.

WordPress Tips

New Block Based Editor

One of the goals of the WP revamp this year is to create a better editor that is true WYSIWYG, meaning that it is integrated with the Customizer so what you see on the screen is exactly the way it will look on your site.

The core devs working on this have released a new prototype block editor. When you click on an area of the page, it wraps a block around it, allowing you to move the element.

That could be a block of text, an image, or anything else.

You can read the official announcement linked above, or this post from the nice folks at WPTavern that is more suited for non-coders.

Wrap Up

That’s a wrap for this week’s Tips Tuesday.

Find these tips helpful? Share them with your peeps!!!!

Subscribe to all BlogAid Posts

Subscribe on iTunes

Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.