Helpful Posts

Most popular how-to and site success tips

Take Me There!

BlogAid

Help for DIY Site Owners and Webmasters - WordPress, SEO, HTTPS, Security, and Performance

Tips Tuesday – DDoS Attack, PHP 7.2, TLS Upgrade, Storify, WP Spamshield

by

Share on PinterestShare on LinkedInShare on RedditShare on WhatsApp

Tips Tuesday – DDoS Attack, PHP 7.2, TLS Upgrade, Storify, WP Spamshield

Hello Happy Site Owners and Webmasters!

Tips this week include:

  • Two new comment reply notification plugin tutorials
  • DIY SEO survey results livestream this week
  • Webmaster tutorial updates for HTTPS
  • How the privacy policy changes at WP.com and new GDPR regulations for the EU affect you
  • Why there is a bright economic future for Gutenberg devs and designers
  • What I think about the threat of WordPress Attrition over Gutenberg
  • What’s up with WP Spamshield moving to a premium plugin
  • Is the biggest DDoS brute force attack in history underway right now?
  • What you need to know about the TLS upgrade deadline coming from Google
  • Getting your site ready for Google’s Mobile First Indexing
  • What everybody needs to know about PHP 7.2
  • What you need to do before Storify shuts down this spring

Listen to the Podcast

Podcast: Play in new window | Download

Subscribe: RSS

BlogAid Happenings

Two Comment Reply Notification Tutorials Available

I’m delighted to announce the release of two new video and written tutorials for the top plugins in my in-depth comparison testing results.

I’m still contemplating how I want to do the tutorial for wpDiscuz. It has a TON of settings and there is no way I would want to try to cover all of those in a single video or post with screenshots. Both would just be too long.

So, I’m thinking I might just cover the super important ones, and/or those I changed from default based on the way me and my 20+ testers decided it worked best.

What would be most helpful to you?

DIY SEO Survey Results

Thanks to everyone in the DIY SEO course who took a few minutes to fill out the survey I sent last week.

I’ll be streaming live into our Facebook group on Thursday with the results so far.

Look for an email with a link to the survey if you haven’t filled it out yet. It’s super important to make your voice heard, as that feedback is what I’m basing the live Workshop on.

The first Workshop will be in mid January, but we’re actually going to get started the first week in January with a special challenge.

The replay of my livestream will also be available in your DIY SEO course dashboard.

And that’s also where you’ll find the link to join our Facebook group too.

Holiday Specials on DIY SEO, SEO Workshop, Webmaster, and Site Audits

Thanks to everyone who is still taking advantage of the big holiday deals on BlogAid

You can still get in on big savings for BlogAid classes and services including the expanded DIY SEO course that now includes the live SEO Workshops, savings on a site audit, and a huge discount on the Webmaster Training courses.

Webmaster HTTPS Tutorial Updates

Webmasters, look for an email soon on a couple of HTTPS tutorial updates.

I’m adding new code for you that will help AutoSSL renew the SSL certificate.

If you’re a designer or developer or someone who maintains sites for clients, you can’t afford not to be in the Webmaster Training.

This stuff changes all the time, especially with regard to the new tech stuff, like HTTPS.

I’ll also be expanding the courses with more speed tutorials too, as that is now a rising SEO ranking factor. UX and ADA compliance are too. And then there’s Gutenberg, which will change the way you design sites. And we’ll be keeping up with all of it in the course to keep you ahead of the curve and separate yourself from the pack so you can get the hot jobs.

That’s all the news from around here. Let’s jump into this week’s tips.

WordPress Tips

Privacy Policy Changes at Automattic and WP.com

The folks at WP.com sent out an email to everyone who has an account there about their new privacy policy changes.

You have an account at Automattic if you use:

  • Jetpack
  • Gravatar
  • Akismet
  • VaultPress
  • or any similar service/plugin created by Automattic

Several of the changes are to comply with the new General Data Protection Regulation (GDPR) which is about to become a new EU privacy regulation.

Many of you are already using cookie notification plugins/code to comply with EU regulations on that.

How do you think this new GDPR might affect you?

I’d appreciate you leaving links to any info you have on that too.

It takes a village.

Bright Future for Gutenberg Devs

Webmasters, you’re definitely going to want to read this post over on Freemius about how Gutenberg is going to impact the WordPress ecosystem.

I am in agreement with most all of the assessments and quotes here from industry leaders.

Gutenberg is the first step in opening up a whole new economy.

To me, it’s like the transition from horse and buggy to cars.

Yes, it’s going to require time to educate yourself and your clients. But that’s a good thing.

I’m still seeing lots of social media group and forum posts with webmasters who are saying this is going to kill their business, or be an intolerable waste of retooling time.

All I can say is bye-bye to those that resist change and growth and have been skating by on not investing in their education for the very things I teach in the webmaster courses.

You know, things like security, speed, HTTPS, and more.

If you are a non-techie designer and want to stay that way, then at least partner up with folks who are keeping up with the changes.

And no matter what, you’re either going to have to learn how to design with Gutenberg, or leave WordPress.

It’s the same challenge you faced when you moved from hard coding HTML sites to WordPress, if you were around 12 years ago when that happened.

And if you allow your clients to leave WordPress instead of educating them, you’re going to be out of business anyway.

Think about it.

The Threat of WordPress Attrition

I’ve also seen lots of comments from non-techie DIY site owners who have decided they don’t want to go through the Gutenberg transition and plan to leave WordPress.

All I can say to you is look before you leap.

You’re going to put yourself through the expense of a major transition and learning curve to move anywhere else.

Not to mention that you’ll be going to a far less powerful platform where you will likely lose many of the functions and control that are making your site successful now.

The other thing I can say is that the rest of us who have seen the light will be here when you’re ready to spend another small fortune coming back.

I would also say to webmasters that you can look forward to another boom in business after Gutenberg themes fully hit about this time next year, for all the folks who want to migrate from those other platforms. Gutenberg will have all the functions they can’t get elsewhere and will want.

Plugin Tips

WP Spamshield Moves to Premium Plugin on CodeCanyon

Here’s your immature WordPress drama story for the week.

You may remember me reporting a few weeks ago that WP Spamshield was removed from the WP plugin repository due to their squabbling with another plugin. They were found to be disabling code on that other plugin because it was in conflict with their own.

The huge issue was that it involved security.

So, the WP grownups stepped in and put a stop to it.

WP Spamsheild’s adolescent, and knee-jerk response has been to create a premium-only version of the plugin and move it to CodeCanyon for access.

Their article with the news claims that WordPress removed them from the repo so they would have no competition for Akismet, which is made by Automattic.

Of course, that’s BS.

What I do know is that I don’t recommend WP Spamshield because it holds the bad bot info in your database and chews it up. That’s compared to Akismet and AntiSpam Bee, which use a cloud available list of bad commenter IPs. That is significantly less strain on your hosting resources and the better way to go.

I also know that WP Spamshield just cut off their nose to spite their face with this move and they can basically kiss their business goodbye if they think most of their users are going to move over to the paid version, especially with devs who have shown such child-like mentality at the helm.

Security Tips

Huge DDoS and Brute Force Attack Reported

Yesterday, WordFence reported a sudden hit of the largest brute force attack they had ever seen.
While I don’t care for using any type of behemoth plugin like this for security, I do appreciate that they have a global tracking network that can alert them to such things.

I checked my CloudFlare stats on Monday and as of 10 am, hits to my site quadrupled. CloudFlare was able to mitigate the attack and it was over in about an hour, with zero harm to my site or hosting resources.

In other words, the problem was taken care of far away from my site and hosting.

READ: What Celebrity Homes and Secure Sites Have in Common for why this is the preferred security setup me and all of my clients use, plus properly hard-coded security on the host, below WP, and why we don’t sweat when attacks like this hit.

The only thing we have to worry about is the host server frying from all the unprotected sites around us, especially those on shared hosting.

FYI, I was unable to corroborate the numbers WordFence was reporting. So far every other site I watch for cyber attacks is looking pretty typical.

Here’s one place to watch what’s going on, if you want to have a look at a more visual map.

You may be super surprised to discover how many attacks are originating from U.S. based servers now.

SEO Tips

TLS Upgrade Deadline Announced by Google

Google has been warning site owners that they need to upgrade to TLS version 1.2 for years.

And now they have given an official deadline of March 2018 for it.

TLS stands for Transport Layer Security.

Think of it as the car your site data is riding in as it travels from the origin to the visitor’s browser.

TLS version 1 is not secure.

That’s why we all need to move up to TLS version 1.2. That’s especially important if your site has been converted to HTTPS.

The reason so many sites haven’t moved up to that is due to the fact that super old legacy browsers don’t support TLS 1.2. Think of super old Internet Explorer browsers used in government agencies.

Here’s the thing, the cyber security world is moving on. IE has long been the worst, least secure browser on the planet. And if agencies that have thousands of users have been putting off the update due to expense, then a deadline such as this has to be drawn to light that fire and get the entire internet more secure.

And that security impacts all of us.

Hosts, sites, themes, and plugins all need this type of deadline so they can drop support for these old legacy browsers too, which is costing them a fortune, and keeping them from fully moving forward with their security.

If you are using CloudFlare, then you’re covered. It sends data on TLS 1.2 and even has a beta for 1.3.

And honestly, I can’t imagine why any site, of any kind is not on CloudFlare already. It’s free and it gives you more speed and security.

READ: How CloudFlare Makes Your Site Faster and Safer

I can help you do all the setup in one quick, live session too. You don’t even need to share any logins with me.

See my Site Services page for more.

Getting Your Site Ready for Mobile First Indexing

Google has been making good progress on their mobile-first indexing initiative.

Basically the gist of this thing is switching over to crawling the mobile version of your site, instead of the desktop version, to ensure that mobile searchers have a good experience when they click a link in Google search.

You can read the latest recap of their progress with it on the Webmaster Central site.

One of the big takeaways is that you’re going to see a radical increase in Google mobile bots crawling your site. So, be aware of that if you check your AWStats at your host. You won’t see these things in Google Analytics. But you will see them in Google Search Console.

And one of the other huge things they are checking for in these crawls is speed.

So, it’s time to get super serious about that too.

And some of you that run ads on your site and are big on Pinterest are going to have to change the way you blog. There’s just no getting around that any more.

And this is just one of the things we’ll be covering in the DIY SEO live Workshops in 2018 too.

Plus, you can get a jump start on it with a site audit and find all of the current speed drags on your site. On average, I find 26 security and speed issues on a site that no plugin can identify.

On most sites, we end up getting rid of about half of their plugins too, many of which have a direct bearing on speed.

Not to mention all the security holes that directly impact speed as well.

PHP Tips

What WordPress Developers Need to Know about PHP 7.2

The title of this post is a little misleading, because all site owners and webmasters need to know about PHP changes too.

I hope you’ve already updated to PHP 7.

READ: How and Why to Switch to PHP 7

PHP is still evolving and we’re now up to PHP 7.2.

PHP 7.1 was not stable, but 7.2 is and I recommend that you switch to it.

You’ll get a speed boost and better security due to the upgraded encryption.

See the post for details on what’s been deprecated if you have a super duper old site, or maintain one for a client.

Folks, this is not something you can just keep putting off.

One of these days you’re going to update a plugin and poof! You’ll get the white screen of death or some error message and you’ll be doing this switch under duress.

Contact me if you need help doing the initial check and switch from 5.x up to 7.x.

After you get to 7.x then you should be able to switch up to any minor update of it yourself, or have your host help you with that for free.

It’s just making that major jump the first time that needs a good check for compatibility before switching.

READ: 4 Non-Optional Site Upgrades You Must Make Now to ensure you’ve got all your ducks in a row and you’re ready for what’s coming in 2018.

Social Media Tips

Storify Shutting Down in May

Storify was very popular among WordPress users as a way to archive their social media content.

If you used it, you best find a way to download and archive all of those posts elsewhere because Storify is shutting down in May 2018.

I did a quick Google search on Storify shutting down, and then one on Storify replacement, and it returned all manner of alternatives and news about it.

So, give that try if you need to make other arrangements, just don’t wait too long.

Wrap Up

That’s a wrap for this week’s Tips Tuesday.

Find these tips helpful? Share them with your peeps!!!!

Get the BlogAid Tips Tuesday Podcast on iTunes or Stitcher

Subscribe to all BlogAid Posts via email so you never miss anything!

Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.

Share on PinterestShare on LinkedInShare on RedditShare on WhatsApp

About MaAnna Stephenson

MaAnna is a geek who can still speak in plain English. She helps DIY site owners plus webmasters and designers create sites that are secure, perform well, and get noticed by search engines and readers.

blankThis book could save you hundreds of dollars and months of frustration. Get it free with your subscription to BlogAid News plus my blog posts.
Privacy Policy