Hello Happy Site Owners and Webmasters!
Tips this week include:
- A salute to one of my favorite bloggers
- DIY SEO Special Content Formatting Workshop this Thursday
- Video SEO Booster course beta testing is nearly complete
- New boutique hosting clients are moving into their new home
- Why you need paid migration help these days
- Reminder to site audit clients to get in the BB Hub
- WP 5.7.2 security release rolled out
- Why I’m so interested in Liquid Web’s purchase of GiveWP
- Why Genesis had to make their framework free
- Where we are with all theme revamps
- Why Block Patterns are the new page templates of the future
- Where to learn how to make your own landing pages
- Whether or not you need a theme designer now
- Why you should just say no to accessibility trickery
- Why designers need a legal statement about accessibilities compliance
- Whether or not you should have plugin auto updates on or not
- Recent issues with the Cloudflare plugin losing connectivity
- Clarifying the confusion about what the Cloudflare plugin does and doesn’t do
- How the new PHP Version Manager is breaking sites
- More info on the White Screen of Death when editing posts some folks are getting
- Why not to contact your host first for site fixes
- Confirmation of massive brute force attacks rolling globally
- Why to stop doing speed tests yourself
- Why I’m looking into more ways to block bad bots via Cloudflare
- Why I’m overjoyed with the release of the new schema markup validator
- The long-term catch in YouTube’s announcement to pay creators for making Shorts
Listen to the Podcast
Spill the Beans Livestream tonight
I hope you’ll join for tonight’s livestream at 8pm ET / 5pm PT on the BlogAid Facebook Page. We spill the beans on this week’s news, breaking stories for the day too, and special info just for those who watch. So come join us live for the party.
Who I Help
All BlogAid posts and tutorials are intended to assist business-minded, hands-on bloggers and webmaster designers who are serious about making money and who want to stay up-to-date with site changes.
There sure were a lot of fires to put out this past week with sites malfunctioning due to various causes. I’ll tell you more about those in a moment. And, we have proof that brute force attacks were rolling around the globe last week too. And I’ve got news on that front as well.
This is a longer than normal Tips Tuesday so I can bring you up to speed with changes happening everywhere, including at our hosts, with themes, and with plugins.
Plus, you’ll want to know how and where to get help with all of it too.
I want to send a huge shout out and thank you to Marilyn Lesniak, chief chef of the wonderful Marilyn’s Treats website.
After dazzling us for the last 10 years with all manner of culinary delights, Marilyn is hanging up her blogging apron.
And I am so happy to help her sunset her site properly later this week in a way that protects all of the hard work she has done in building her online presence.
I also want to thank Marilyn for being one of my first clients so many years ago, and for all of her selfless help to me and countless site owners all these years.
And I do mean countless as Marilyn has always been quick to help in blogging groups, and in our own groups, and to me personally as well.
Marilyn’s Treats is still available on social media, so do jump over to wherever you follow her and wish her well in her blogging retirement.
And on a personal note, Marilyn, I’m so glad we became friends on Facebook too. You keep me laughing every day, and I cannot thank you enough for being such a wonderful part of my life. I treasure you more than I can say.
Our DIY SEO Workshop this Thursday covers all manner of special formatting that you can do with your posts to help them get into all of the extra areas that are offered on page 1 of Google search, like:
- Recipe carousel
- Video carousel
- Featured snippet
- People also ask
- Knowledge Graph
- And more
And we really NEED to be doing this now as page 1 of Google is literally filled with this stuff and ads now, not organic blog posts. You have to go to page 2 for those.
It’s never too late to join us in the DIY SEO course as replays for all workshops are there as are the standing tutorial sections on Yoast and Search Console and such that ensure you have a solid SEO foundation for your site.
Video SEO Booster Beta Testing Underway
I want to send a huge thank you to all of the video SEO testers who are currently vetting the new Video SEO Booster course.
Your comments and feedback have been so incredibly helpful, including catching a few typos, and where info needed be expanded a bit.
We’ll be giving them another week to finish the course and then I’ll launch the next phase with special invitations and discounts to my other course members. And then that will be followed by the public Grand Opening special.
Thank you for your patience, as it will be well rewarded.
New Boutique Hosting clients moving in
I am thrilled to share with you that the first boutique host clients are moving into their new home.
These were folks I hand-picked to help us vet our migration process, as the host is using my exact same processes for migration, including pre-checks prior and security changes after.
You are NOT going to get that from any other host. And it’s just for my clients.
A few months ago I sent out a survey to all of my site audit clients and to webmasters to gauge interest in this new hosting, and ask who was ready to move and when.
This first batch of folks are moving into the special HOA area of the new hosting, which is just for my site audit clients who meet the criteria.
Very soon I will be sending out new emails with invitations for all who want to move to the new boutique hosting, as they will open the public side of this too. And I’ll be able to publicly release the name of the new host so you can check them out as well.
So, you haven’t missed an invitation, and yours will be on the way soon!!
Why you need paid migration help
This past week I did the pre-checks for a new client who got the migration/audit combo service as she can’t wait to leave SiteGround.
She was using the SG Optimizer functions, including:
- HTTPS trickery
- Server-side caching
- Browser caching
- Site optimization
- Preloading fonts
- WebP image trickery
And ALL of that goes away the minute she moves to a better host.
In fact, her site will likely break at the new host with these things suddenly going missing.
And guess who would get blamed for that – the new host.
It burns me up to see a good host get trashed in a blogging group due to the sheer ignorance of the site owner having zero clue how their site is set up now, and zero clue that moving hosts these days means that you are RADICALLY changing hosting environments too.
THIS is just one of the reasons you need to pay for migration help.
Another reason is due to security.
You can’t just leave all of your info at the old host and simply terminate the account anymore. And if you think deleting your WP files is all there is to it, then that shows your ignorance about all of this as well.
Plus, if it was a cPanel migration, bunches of conflicting junk from the old hosting environment came over to the new host as well. If that stuff doesn’t cause an immediate problem, it will down the road.
And NO host that does a free migration is going to take on the liability of changing the locks on your new house so they won’t be the same as what was on your old host either.
This is the crap I find and clean out during site audits every day.
And with the worsening cyber security situation we have now, you can’t afford to just let this stuff go.
And let me lay it on the line for you here.
If you have the mindset of “free is better than right” about anything related to your site, then you are not the kind of money-making client I want to work with.
I help my clients avoid these expensive pitfalls, and clean up all of those newbie mistakes. And they make more money. Go read their testimonials on my services pages for yourself.
I help you get results that grow your bottom line.
READ: Moving From a Newb to a Money-Making Mindset for more on this.
Get in the BB Hub
A note to my site audit clients.
In the goodies email I sent you when we closed your project is info on our BB Hub member area and Facebook group.
These are perks you most definitely cannot afford to be without.
If you have not registered for the BB Hub member area, see that email for the link to do so.
In it you will find the link to request to join our BB Hub Facebook group. Do so, and be active with it so that you see notifications from it.
I send all kinds of info to the BB Hub email list that I don’t make public. The member area has tutorials and resources that are not available to the public.
The BB Hub group is where you get support.
Did I mention that all of this is free?
If you can’t find that goodies email, then contact me and I’ll send a new one to you.
If you are in the BB Hub member area, but are not getting emails, contact me.
That’s all the happenings around here. Let’s jump into this week’s tips.
WordPress rolled out a security release of version 5.7.2 last week to fix an injection vulnerability.
This should have been an auto update for you.
I don’t think anybody saw this coming.
The huge hosting company, Liquid Web, has been buying up all manner of software companies over the last couple of years.
You may recall in a recent Tips Tuesday that I announced iThemes acquired Kadence themes. Well, Liquid Web bought up iThemes back in 2018.
Liquid Web also purchased The Events Calendar plugin a few years ago too.
The main reason LW recently purchased GiveWP is that WP Business Reviews was part of the deal.
And they plan to relaunch both under a new brand called StellarWP that will house and manage all of LW’s software assets.
To me, this is a super smart move, and one that I hope brings coding standards across all of these softwares. That may not happen, though, as all of the companies LW has purchased continue to operate independently.
So, we’ll see what becomes of all these moves, and what else LW has in mind to buy.
FYI, Liquid Web provides the server farms that many of the big box hosts we are on use. LW also owns InterWorx, which is the leading alternative to cPanel, and they provide it for free on these hosts too.
And now you know why I’m keeping such close eye on what LW does, as it could directly impact us on a lot of levels – from our hosting, to our themes, to our plugins.
A little birdie told me this was coming and here it is officially.
Genesis has always been a designer-centric framework – meaning that you had to hire a designer to tweak the look of your theme.
But, the increasing popularity of theme and page builders has caused Genesis to leak market share because so many site owners, especially the millions of new ones that start a site every year, are drawn to the newbie trap of spending 80+ hours of sweat equity getting through the learning curves of building their own theme only to end up paying a designer to help them with it anyway.
And with new theme frameworks like Astra and Kadence, and even GeneratePress flipping to Gutenberg, self-styled themes, Genesis is hemorrhaging market share like crazy.
And now Gutenberg Phase 2 with a big chunk of the new Full Site Editing rolling into the next WP 5.8 release has put the final nail in that designer-centric focus.
Genesis is finally jumping on the bandwagon and will be making the Genesis framework free, just like Astra, Kadence, and GeneratePress have always done.
Plus, you won’t be able to even purchase individual StudioPress themes anymore either. I’m actually quite happy about that and encourage you to get the designer to build your new base instead of using any child theme available from anywhere now.
Where we are with themes
And now you know why I’ve been jumping up and down to get a new theme case study out to you.
All of these themes are following the same pattern now, including:
- Base theme for free
- Pro version and/or paid add-ons for more styling options
- Their own Gutenberg block suite plugin – all of which can be used on any theme
You do still need to make a child theme and style it, not the framework. And if you have already jumped to one of these other new themes and didn’t know to create a child theme first, you need to find out how to do that, and bring your customizations to the child theme instead.
Getting caught in the messy revolution
As I mentioned, a big chunk of Full Site Editing will be coming into the WP core with version 5.8 in July.
This will bring block editing to what has been widget-only areas of your theme like the headers, sidebar, and footer.
And there’s the rub.
Most all of these themes now have a Pro version that allows you to style the header and footer without using widgets now.
And when Full Site Editing becomes a viable thing, you will be switching over to a theme that is Full Site Editing compliant, and you won’t need these paid Pro version thingies anymore. The theme will be able to handle it by default.
So, if you are thinking about switching themes right now, I stand by what I have been telling you for months in Tips Tuesdays.
Use the themes we have right now – as they are.
Full Site Editing compliant themes will not be fully viable for us to use until at least this time next year, if not late 2022.
And even then, most of the forward-facing plugins we use now, meaning ones that have a widget that displays on the site, will not have a block equivalent until perhaps 2023.
And by then, everything about themes and blocks and UX and Accessibility compliance will have changed so much again that you will want to update to the latest themes and plugins available at that time.
When Gutenberg first rolled out Block Patterns, my first thought was that all theme developers and all designers would start using these instead of demo content.
I’m shocked that it has taken over a year for others to catch on to that idea, but it’s coming.
Astra was the first major theme framework to make tons of Block Patterns available. Unfortunately, they only come with the Starter Theme package, which still adds a lot of useless bloat to your site.
WPTavern has an op-ed about why designers need to up their game with Block Patterns.
And I believe this will open the market that page builders have dominated, like the templates Elementor and Thrive and such have made available.
WP is even making a Block Pattern directory for them so that you will soon be able to download a free template just like you download free themes and plugins now.
And if theme framework folks are smart, they will publish these things in that directory too. And then maybe make some paid ones available.
But the fact is, you can make any landing page you want with Gutenberg right now.
I show you how in my Gutenberg Ninja course.
You don’t need paid page builders or paid plugins either.
Plus, it’s fun and easy.
READ: 8 Pages You Can Make with Gutenberg in 15 Minutes to see examples of the exact things I teach you in the course.
Do you need a theme designer now?
NONE of my top money-making clients waste a single minute designing their themes. Nor do I.
Designing your own theme is a newbie trap.
You don’t know about things like:
- The load difference on desktop and mobile
- Coding standards
- UX standards
- Accessibility standards
A designer who is qualified in all these things, not just making a site pretty, is worth every single penny.
If you don’t think you have the money to spend on a designer, then you are likely losing money every minute of every day with the theme you have and don’t know it.
And you are definitely losing money with all of the time you waste on the learning curve of building or even trying to style your theme.
Not to mention the huge mistake right of the gate of not creating a child theme first, or loading up a ton of bloat by using starter theme packages from the vendor.
All designers are not alike
My site audit clients can no longer have Jane Doe working on their site – in any capacity, including the design.
I have seen designers wipe out all of the work my clients paid me to do because that designer is unaware of:
- Site security
- HTTPS security
- Core Web Vitals, including on desktop and mobile
You need a webmaster designer now who does know all of these things, and who knows how to build a theme for you, and how to upload it, in a way that doesn’t trash your site.
If you are a designer, and you want to learn these in-demand skills, then jump into my Webmaster Training that will teach you every one of these things, including security from the host root up all the way out to finding Core Web Vitals issues.
Some of y’all are already well aware, and even a bit panicked, about the need to make your site accessibilities compliant. And rightfully so, as lawsuits against sites that are not compliant are becoming common.
Most site owners have resorted to some form of ADA compliance patch or trickery instead of having the issues fixed at the theme’s coding level.
That will not work.
In fact, there has recently been a HUGE, global pushback on services that offer such trickery.
AccesiBe is one such vendor.
The WP Tavern article I have linked for you describes what they offer this way:
“These overlay “widgets” are technologies that apply third-party code to the front end in an attempt to automate repairs after sites launch without having accessibility baked in from the design phase.”
Over 400 accessibility advocates have now signed an open letter to discourage the use of such products as a quick fix to make their sites compliant and to avoid lawsuits.
EqualWeb is another vendor who also promises to fix the issue with one line of code.
There are a lot more companies listed in the article, and I suggest you read it, and check with your vendor if you have implemented some such trickery on your site, especially if it is free or super low-cost.
Real Accessibilities Compliance and Limitations of Liability
Here’s the truth about all of this.
A full and true accessibilities and UX (User Experience) audit will run several thousand dollars.
And in the end, the fixes need to be done at the coding level of the theme.
I’m not saying that all of these overlays don’t work.
I’m saying that you need to read this article, especially the part about how these trickster overlays don’t work well – and how they do not protect you from a lawsuit.
I’m also asking my webmaster designers to consider updating their contracts immediately to state what level of accessibility the theme you have provided is tested to, and in compliance with.
There are several free and low-cost testers available.
And I think all designers should start running their themes on them to ensure they meet at least the minimum qualifications for accessibility compliance – and then state that as their limit of liability in the design contract.
BlogAid site audits do not check for accessibility compliance. That service is out of my wheelhouse as is GDPR and other related cookie tracking compliance. It’s legal and I can’t advise you on either.
If you are concerned, you need to seek someone who specializes in it. And you may want to seek a compliance lawyer too.
But start with reading the article I have linked for you so you can get familiar with the whole situation, and avoid getting ripped off by trickery that only gives you a false sense of security about it.
Do you have auto updates for plugins on or off?
In a few recent site audits I noticed that some folks have turned off auto updates for plugins.
That’s a bad idea.
There are at least 15 plugins a day with security vulnerabilities.
And they release patches for them in minor updates.
You want those to roll through.
So, if you turned off auto updates for plugins, turn them back on for minor releases.
For the major releases, you will still manually want to update those yourself.
Don’t turn on auto updates for major releases of WP
While you’re poking around in the updates section, do not turn on auto updates for WP major releases, like going from 5.7.x to 5.8.
But you do want the minor release auto updates, like the one we just had for 5.7.1 to 5.7.2.
Check your WP Dashboard. If you see a notice that WP 5.7.2 needs to be updated, then you have those minor updates turned off.
Cloudflare plugin loses connection
Have you checked your Cloudflare setting page lately?
If you see a blank section where the content and settings should be, then log into your Cloudflare account and purge it.
If that doesn’t work, then deactivate and then reactivate and reconnect the plugin. And be sure to use Cloudflare’s Global API key for connecting, not the new Token API key you created for your WP Fastest Cache integration with Cloudflare.
READ: WP Fastest Cache Settings if you have not done that integration yet, as you need it now so that Cloudflare will purge on site changes consistently now too. And if you did that integration in the past, but have not changed over to the new Token API way, be sure to make that update as well for better security. The tutorial has info on how to remove the Global API key and create the new Token API that is specific to this plugin.
About the Cloudflare plugin
There seems to be some confusion about the connection and function of the Cloudflare plugin.
Your domain’s nameservers are pointed to Cloudflare, not your host.
Your site is therefore on Cloudflare regardless of whether or not you install the Cloudflare plugin.
Removing the plugin does not remove your site from Cloudflare.
The main purpose of the CF plugin is to resolve all visitor IPs back to the original so that your analytics won’t show everyone coming from Cloudflare’s IPs.
The rest of what is in the plugin is mere convenience for purging Cloudflare cache or putting your site into Dev mode to bypass Cloudflare cache, so that you don’t have to log into your CF account to do those things.
The settings the plugin shows are from your Cloudflare account – do not change them. The plugin doesn’t have separate settings, except for one.
Do not use the recommended settings either.
There is only one setting in the plugin that is not in your CF account. And even it does not matter much if you have properly integrated your caching plugin with CF.
New PHP Manager breaking sites
In last week’s Tips Tuesday you may recall me reporting on the new CloudLinux PHP Manager that is rolling out on many hosts to replace the cPanel way of managing PHP on your site.
Because some of the old cPanel ways of doing stuff may still be in your site files, the new CloudLinux way could conflict and cause some goofy functionality on your site.
The most common issue we have seen is a white screen of death when accessing a post or page to edit. And we thought this PHP manager change was the cause. It may or may not be, more on that in a moment.
But we need to rule it out as a cause.
I’ve given my BB Hub members the info to tell their host for what to check and fix. And as site audits come up for folks who have yet to get the new manager, I am removing any old cPanel PHP hacks that even it doesn’t need anymore so that they won’t encounter these conflicts when then new manager hits their server.
This is a once and done fix. So please don’t ask your host to make any checks or changes with this for any new issues you encounter if you’ve already had them or me make the changes already.
FYI, please don’t get upset if the new PHP manager breaks your site. This thing is a security improvement and we need it. And, you are getting some old junk out of your site to boot.
More White Screen on Post Edit Issues
I’ve seen widespread reports of folks getting a white screen of death when they click on a post or page to edit it.
And I’ve also seen various plugins cited as causing the issue, because when folks deactivate that plugin, they can edit.
This issue is too random, and too many plugins have been named for them to be the cause.
It is deeper than that, like at the WP, host, or other such level.
We are still digging into it around here.
Please do report into our BB Hub if you are seeing this issue – we already have running posts for it.
Stop contacting the host first and document changes!!!!
My site audit clients are educated DIY site owners who have fully optimized and secured sites.
And they should never have to call the host first for any fixes.
That’s mainly because most of them have been moved off expensive managed hosting where they were paying overhead for WP trained staff that they don’t even need. They are now on a host that knows hosting, and that’s all any host should have to know.
If you are my client, please get out of your old habit of calling on the host for every little thing.
Instead, go to our BB Hub Facebook group and use the Search function to see if someone has already posted about it.
If not, then make a new post and give me the opportunity to respond.
That type of group posting is how we found the PHP conflict issue as well as the Cloudflare plugin issue. And now everyone has the help they need for when those issues pop up for them as these changes roll out.
Also, don’t panic and start calling in help from every direction, including a theme designer. Too many hands in the pot making changes is THE WORST thing you can do. And it’s not the job of any designer to go on a bug hunt for a site break anyway.
On top of it, other vendors are not going to know anything about your site security, optimizations, Cloudflare, HTTPS settings, and more, and they could wipe out the very work you paid me to do for you. That includes your host.
No matter who works on your site, get full documentation of any changes – and I do mean full details. The whole point of your DIY site owner education is that you are fully aware of everything that is going on with your site. Even if you don’t fully understand all of the lingo used, you still need the documentation to give to me during our next audit checkup, or to help continue troubleshooting an issue.
Brute Force Attacks Hitting Globally
In site audits this past week, at several hosts, I saw evidence of brute force attacks rolling through. These are attacks directly on your login page.
They were mitigated by the security I have on your site, but that chewed up CPU usage doing it.
And this is why I establish multilayered security for your site. There are 3 gates bad bots have to try to get through, and then a deadbolt on the front door, which is the login page.
We count on Cloudflare to notice such rapid fire hits and block them before they ever hit our hosting.
And the reason it could not do that effectively is because the hackers were masking as Bingbots and were coming from so many different rotating IP addresses that no security net could catch them.
In fact, the situation was so bad that I saw folks reporting on the Cloudflare forum that legit Bingbots were getting blocked in the clamp down too.
This is not the first time I’ve seen hackers emulate Bingbots. It seems to be their favorite one to use.
And it’s super easy to see in AWStats too.
I also saw some hosts put up a captcha for all login pages so it would kick these bots at the host level.
Stop Doing Speed Tests Yourself
And things like these brute force attacks is just one more reason that I suggest you stop trying to fix your own Core Web Vitals issues.
The testers are changing weekly, and it’s not likely you know how to read the results properly, or that you need to run multiple testers to get the whole story.
And you would not know if your site was being throttled due to mitigating an attack at the time you ran the tests either.
Get a site audit and let me help you get accurate tests and an accurate assessment of exactly what is causing the issue.
More Cloudflare Blocks Coming
Now, Cloudflare already has the legit Bingbot IPs whitelisted. So, there should be nothing else for us to do with it there.
But we have WAY too many legit bots from paid search companies hitting our sites now too, and collectively they are chewing up our hosting resources at an unbelievable rate.
Later this year I’m going to look into the best ways for us to block these bots, like SEMRush, Ahrefs, oBots, and more.
Those SEO services are crawling the web independently of Google and other search engines. And they are collecting info about our sites to give that data to their paying clients about their competition.
Oh hell no!!!!
There is no way I want my hosting resources chewed up if I’m getting zero benefit from the data collected, and it’s being given to my competition.
We likely will be blocking these bots by agent name at the Cloudflare level so that they never reach our hosting, much less our site. I was just hoping to find a way to not have to input names of every one of them singularly. But it looks like that is the way it will have to be.
I’ll keep you posted on what I find, as Cloudflare has new rule areas for such things that I want to check out.
Google has a lovely schema markup validator, called the Structured Data Testing Tool, that it has made available for years. It is at the very heart of all my SEO case studies.
Well, they decided to release a new and improved version with their Rich Results Tester tool that integrates with their revamped Search Console.
While the new tester does show all of the schema markup it can find on your site, it is not a true code validator.
I nearly cried when they announced that this new thing was going to totally replace the old one and that Google will be entirely removing the old one in the near future.
Well, I guess I was not the only one who felt this way. And we were all thrilled to see the report on SEO Roundtable that Google decided to move the Structured Data Testing Tool to the Schema.org website.
And I have updated my bookmark for it.
Having both of these testers will make all of the difference to my continued case studies for the Video SEO Booster course, as well as the deep upcoming case study on recipe plugins.
Video SEO Tips
TikTok is taking over the world. And short videos are hot, hot, hot on all platforms because of it.
As you may recall my reports in previous Tips Tuesdays, YouTube has started putting ads on all videos, not just for those creators who qualify for the Partners Program where they can earn revenue from those ads, and have some say in what types of ads are shown.
By doing this, YouTube gets paid either way – from placing those ads or from end users who pay to have ads removed.
The problem is that viewers are leaving YouTube in droves to be entertained by shorter videos on TikTok.
So, to recapture those viewers, and those creators, YouTube will now pay $100 million to folks who make videos for YouTube’s new Shorts video clips.
Keep in mind that this is a short-term project. And while you may get paid and featured for a while, I have to wonder how this is going to impact your YouTube watch time analytics over the long term, especially if your channel is primarily long-form content.
So, don’t be lured in by what seems like easy money. Be sure to do your homework about Shorts.
And definitely look into how you can make use of short-form video on other platforms like TikTok, Instagram, Pinterest, and more. Those are definitely good, and safe bets.
That’s a wrap for this week’s Tips Tuesday.
Gimme some love!!
Share this post with all your blogger buddies and blogger groups to support all the free info and help you get on BlogAid – and help your buddies too!!
Subscribe to allBlogAid Posts via email so you never miss anything!
Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.