Hello Happy Site Owners!
Tips this week include:
- Celebrating this podcast listed in top ones to catch in 2017
- HTTPS site conversion checklists updated
- New code in .htaccess for Let’s Encrypt SSL Certification validation
- DIY SEO member site updates
- Webmaster bonus material updates
- What’s coming in WordPress 4.7.3
- Why to stop doing SEO like it’s 2012
- Major Russian spam bot attack continues
- Proof of why you have to turn XML-RPC fully off
- A little secret about renewing VaultPress without JetPack
- BlogVault’s security breach
- How HTTPS is becoming the norm for web traffic
- How HTTP/2 protocol removes the performance hit of HTTPS
- Google partnering with CloudFlare for faster ads
Listen to the podcast
Woohoo!!! I’m so honored and thrilled that the BlogAid Tips Tuesday Podcast made the top 30 list of WordPress podcasts!!!
Thank you so much to the nice folks at Optimizer for including me!!
Site Flipping Maniac
I’ve been converting sites to HTTPS like crazy this past week!
That includes celebrating the conversion of the main BlogAid site. Woohoo!!!
I am so glad to have all of my BlogAid related sites converted so I could remove all the tricky settings I had to use in CloudFlare due to some of the sites being sub-domains.
Podcast Link Updates
Well, iTunes is telling me that the https version of my podcast feed to them is working. So, I hope all of my subscribers are still receiving this podcast.
I hope you’ll take a moment to let me know that it’s working for you.
Conversion Checklists Updated
And, running into all kinds of new things to check prior to doing the conversion too, as some site elements don’t react well to conversion.
That pre conversion checklist is helping us nail those down and get them squared away prior to conversion. And that saves a lot of mop up afterward too.
Site Function Spreadsheet
I’ve also added a spreadsheet for clients to fill out with URLs so we can test major site functions before and after the conversion.
Good thing too, as we are finding things that are broken that needed fixing prior to the conversion.
You know, little things like a contact form not working and such.
So, this mini site function audit is helping in all kinds of ways.
HTTPS Site Conversion Waiting List
If you’re on my waiting list to have your site converted, know that I’m working through the list as quickly as possible. But it takes the time it takes, even with my site audit clients, and those are the fastest projects.
I’ve had to stop and research some new code in the last week too, which has caused a bit of a delay. More on that in a moment.
I’m adding notes to the Webmaster Level 3 tutorials daily and updating the pre conversion and order of conversion checklists too, as we discover more things to test or check and refine our conversion process to make everything go smoothly.
Having a whole group of webmasters doing these conversions and reporting what the unique conditions they are running into is helping all of us and I want to say a big thank you to all the webmasters who are sharing their findings.
New Let’s Encrypt SSL Certificate Validation
A few weeks ago I suddenly started seeing new code appearing in .htaccess files. It was prior to every redirect.
I’ve been checking into it this past week and found that it’s coming from cPanel itself. They’ve been working on it since November and released it in early January.
Even some hosts didn’t know the .htaccess files were being changed on their client’s sites.
The code is for an alternative way to check the validity of the free Let’s Encrypt SSL Certificate.
It is really bulking up the .htaccess file, especially if you have a bunch of redirects there.
I’m going to jump into the cPanel forums and see if we can find a better way to do this, else performance might be hindered. Or, redirects in plugins might not be checked properly too.
I expect this project to be tweaked for months to come.
For everyone using Let’s Encrypt, this will most definitely affect your site, and is just one more reason why it’s worth paying someone to help you with the conversion who is staying on top of all this stuff.
DIY SEO Member Site Updates
Thanks to everyone who took advantage of the $1 special and converted from the Site Success Courses member site over to the new BlogAid Learning Center.
That’s where the DIY SEO course is being moved and by March 1 will no longer be available on the original site.
It’s also where the new workshops and live training will be too.
There’s still time to convert over and retain access to the tutorials.
I sent out an email to all members yesterday, so be sure to act on that before the price goes up again.
I’ll be opening the site to the public in a couple of weeks.
Watch BlogAid News for announcements.
SEO Tutorial Updates
At the top of my to do list this week is getting all of the SEO tutorials moved into the new BlogAid Learning Center site.
As I’m doing that, I’m also taking screenshots of all the common settings in the Yoast SEO plugin. Those will be updated in the cheat sheet on the Webmaster Level 3 SEO section.
And I’m making a list of all the video tutorials that need updating as I go too.
Plus, I’ve changed to a new video delivery system and updating the tutorials to that as well.
So, there’s a lot more to it than just recreating all of the pages in the course and I hope to finish it up this week.
I so appreciate your patience as I get all this squared away into the new, improved systems.
Webmaster Bonus Material
Also at the top of my to do list is squaring away access to all the Level 6 bonus material. It will only be available to Level 5 folks through March 1, as will access to the Facebook group.
New Caching Plugin Tutorials
And last on my to do list for this week are new caching tutorials for the winners of my head to head caching plugin tests.
I’ll be adding those to the Webmaster Level 4 tutorials, along with updating the W3TC tutorials.
That’s all the news from around here. Let’s jump into this week’s tips.
I mentioned this in last Tips Tuesday, but if you haven’t done so already, you need to get your site updated to the latest WP version. There was a zero day vulnerability in it that was patched in 4.7.2 that they delayed going public with for a week to give everyone time to update first.
In other words, they didn’t want to give the hacker community a heads up until most sites were safe.
And if you turned off automatic updates for these patches, I suggest you turn it back on. It won’t do auto updates for major releases, just these little patches.
We can thank the nice researchers at Sucuri for finding this vulnerability and working behind the scenes to update their Web Application Firewall (WAF) and the folks at WordPress for alerting other WAF services like SiteLock and CloudFlare so they could also include the blocks.
By the way, I can see the day coming that all of us are going to be on a paid firewall.
The WP devs are already hard at work with bug fixes in the current WP version. Expect a minor release of 4.7.3 for those in the near future.
All other work centers around the REST API right now. For this next major release cycle they are only working on that, the customizer, and the text editor. I think it’s going to take all year before we see the next major release. I’ll keep my eyes on that for you.
I think this headline on Moz says it all. It’s what I’ve been telling my SEO peeps for years about how they’re using that analytics tool in the Yoast SEO plugin too.
Keywords have their place still. But semantic search has changed everything. If you’re still trying to get the right keyword density in your posts, you REALLY need to read this post. Your SEO tactics are years out of date.
Major Russian spam bot attack happening
I’ve been seeing this for a couple of weeks and especially in the last few days.
It’s hitting way more than just your comments. Seeing huge rise in spam crawler bots and even login attempts.
Depending on what spam blocker you are using, it could be putting an extra strain on your hosting resources just trying to kick them all to the curb.
That includes your comment spam filter and any security plugin you may be using too.
Way better to kick them further away from your site, like at an outside firewall such as the one in a paid CloudFlare account.
THIS is why I tell folks to turn XML-RPC all the way off!
The folks at WordFence tracked hits on XML-RPC and just regular brute force attacks on wp-login for two weeks. They found hits using both methods to be equal.
And this is also why I threw such a fit when Automattic announced that we would have to install JetPack in order to use VaultPress in the future.
XML-RPC has to be turned at least half way on to use JetPack.
Nope, not gonna do it. I don’t care what Matt Mullenweg says about how safe he thinks it is.
Renew VaultPress sans JetPack
I’ve heard from several clients now that they were able to update their VaultPress subscription without having to install JetPack.
I have no idea how long that will last, but for as long as it does, I won’t be jumping ship. I’d very much like to keep this awesome backup service.
But, I can no longer recommend it as a new service, as that would require installing JetPack. So, we’re in this middle place with it for the moment.
I am checking out other backup alternatives and will report on those as I finish the tests.
Last week the backup service BlogVault announced that they had been hacked and some client’s sites may have been exposed to a malware injection.
They are taking all the appropriate measures with letting clients know and scanning their sites.
As far as I can tell they are all over this and your personal info was never exposed and there’s nothing much to worry about with the service.
Hey, things happen with all companies and they are most certainly doing all the right things and handling this very well. So, don’t be put off using this service or jumping ship or anything.
HTTPS and SSL Tips
WPTavern released a post commenting on a report from Let’s Encrypt that more than 50% of the web’s traffic is running on the encrypted layer. Meaning, adoption rate for HTTPS is growing super fast.
Now, that doesn’t mean 50% of sites have switched to HTTPS. In fact, “the number of HTTPS-enabled sites is just 13.75% of Alexa’s top million” according to the report.
But it is quickly becoming the norm, so you definitely need to plan on converting your site in 2017.
I enjoyed this nice write up on why the HTTP/2 protocol has relieved all the speed issues with HTTPS, and why current performance testers need to change to keep up with the times.
That performance hit was one of the reasons I waited so long to convert my sites. But now that most browsers are supporting, that’s no longer an issue.
Ad Network Tips
I’m thrilled to hear this. Google has partnered with both CloudFlare and Triplelift to deliver ads faster, especially for AMP powered sites.
If you use AdWords, you’re definitely going to want to read this article and the nice performance boost you’re about to get.
Also, if you are using an ad network and they are not delivering over a fast CDN, dump them. They are killing your site performance, and that’s killing your revenue potential.
That’s a wrap for this week’s Tips Tuesday.
Find these tips helpful? Share them with your peeps!!!!
Subscribe to all BlogAid Posts
Drop in on my BlogAid Live shows
Subscribe on iTunes
Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.