Hello Happy Site Owners and Webmasters!
Tips this week include:
- A security release from WordPress in version 5.2.4
- Why I’m so excited about the new Gutenberg Ninja tutorials
- How to get the most from BlogAid and Tips Tuesday
- Why you need to update your PHP version right now
- Why you need to get a real HTTPS conversion instead of using the free way and the Chrome warning that’s on the way come December if you didn’t get all of your HTTPS related stuff done
- A reminder that SSL and HTTPS are two different things
- Why cheap is the most expensive thing you can do for your site
- A deep performance test on Gutenberg vs Page Builders and which one has faster page load
- How to customize an archive page in Astra Pro
- A potential issue with SSL certificates not renewing at some hosts
- Tips for updating your holiday and other seasonal posts and why you need to do them now
- More about the new Google Search Console Video Report
- Why I’ll be purchasing the Yoast Video SEO plugin, but not putting it on BlogAid
Listen to the Podcast
Podcast: Play in new window | Download
Join me Live to Discuss Tips Tuesday
I hope you’ll join for tonight’s livestream at 9pm ET / 6pm PT on the BlogAid Facebook Page. It’s a great way to get the deeper story on what’s reported in Tips Tuesday. And, I almost always have breaking news for the day too. So come join us live for the party.
Replay
BlogAid Happenings
It’s been a super productive week of tutorial making and doing client work. And it’s been a while since we’ve had a chat, just you and me.
So, I want to take time this week to share with you what came out of a few new client conversions I had recently too. Sometimes I forget that many of you have not been following me for long and a lot of what’s in Tips Tuesday goes over your head.
Lots of New Gutenberg Ninja Tutorials
But first, I’ve been a Gutenberg tutorial making maniac this past week.
I’ve created 12 new tutorials for the Gutenberg Ninja course!
Some are complete replacements for the originals and some are just brand new.
All of these are in preparation for the launch of WordPress 5.3 in November when they will be rolling in everything that is currently in Gutenberg plugin and we’ll be getting rid of that.
I chose to remake most of them because there are now slight variations and improvements in some of the functions and where you click, and even what you have available to click, has changed.
But the other reason I wanted to remake them is because I’ve been working in Gutenberg longer now on a live site, and following along with the changes as they were made.
And now I have a LOT more tips and tricks to tell you about, plus more real-world examples to show you.
So, I’ve been busting out each of these features into their own dedicated tutorials. That’s going to make it easier for you to learn and easier for you to reference.
I’ve completed the Editor Basics section that gets you started with creating your first post and all of the blocks you’ll use the most.
And then I created a whole new section devoted to images, as there are LOTS of really fun and cool looking things you can do with Gutenberg and images.
And I also changed the Advanced Blocks section to a Layout section with several more tutorials on all the things you can do with Columns, including more real-world examples.
I’m still working in that section and then I’m do the same with revamping the Group block section as there are so many new things you can do with styling choices and such too.
And then I’ll be moving on to the Reusable Blocks and Templates with more real-world examples.
And then on to adding the Ultimate Blocks Add-Ons for Gutenberg plugin that I’ve been so jazzed about. That’s from the Astra themes folks. And I’m itchy to start doing reviews on those themes too. But I want to finish up the tutorial list I’ve already got.
For those already in the course, you can see a list of the new tutorials in the Gutenberg Updates page in the Start Here section.
How to Get the Most From BlogAid
I also had a couple of really interesting conversations with a few clients this week.
Most folks tell me they found me through Google or YouTube or even the podcast. And then they follow me from 6-12 months before hiring me.
And one of things each one of these new hires mentioned in our site audit conversation was that most of what I talk about in Tips Tuesday makes so much more sense to them now.
A big part of the site audit is the HUGE education you get in DIY site ownership.
And a HUGE part of Tips Tuesday is to keep my clients way ahead of the curve with changes that are coming.
Update Your PHP Version Now
A good example of that is telling you it’s time to update your PHP version. I’ve been mentioning this for several months now because support for version 7.1 ends on Dec 1, 2019. And you don’t want to wait until the last minute to make this change in case you have a plugin that doesn’t work well with a higher version.
READ: How to Check and Change Your PHP Version for details.
And thank you to all of my long-time followers and clients who made the big leap from PHP 5.6 up to 7.0 nearly 3 years ago and have easily kept up with the changes ever since.
When this 7.1 support drops and folks discover that their host has made the upgrade for them, especially those on SiteGround because they didn’t get out of their automated system like I show you how to do, and then their themes or plugins start breaking unexpectedly, my clients will be calmly enjoying their lives while those folks are screaming and having to throw down everything and deal with it.
We like calm and easy around here – not last minute or didn’t-do-it-in-time panic.
Get a Real HTTPS Conversion
Another good example of keeping my peeps ahead of the curve is HTTPS.
Google is beating the drum on your Content Security Policy, which is just one of the HTTPS-related security headers you need.
The non-secure warning that Chrome will display if your site is not setup right will start in Dec 2019 and more progressive steps and warnings will continue through Jan. and Feb. of 2020.
READ: Chrome to Block HTTPS with Mixed Content for more.
Another security header is HSTS, which is required to get on Chrome’s preload safe site list.
If you did the free way of getting your site to be HTTPS, then you’re missing all of these headers, and more. See the post for a way to test your site’s headers.
SSL and HTTPS are Different Things
I was in a group just yesterday where someone was asking about SSL certificates. And what she really was talking about was getting her site to be HTTPS.
Those are two different things.
The SSL certificate is one piece of it, but having it does not make your site HTTPS.
And just doing a redirect does not make your site fully HTTPS either.
And that’s exactly what everyone in the group was telling her to do.
That’s the chicken wire – duct tape way of doing it and you’re missing so much, and giving yourself a redirect issue with not only every permalink, but every image and site element. That’s not the way to go with it.
READ: The Top 7 Myths About HTTPS Site Conversion for details.
And again, I want to thank my long-time followers for getting way ahead of this curve 3 years ago. You haven’t needed to change or update anything since your full site conversion. Nor will you have to do anything with it in the future as Google continues to beat the drum on what’s required and what they will start issuing penalties and warnings for.
You’re all set and you can keep this off your plate for years to come while others run screaming that they’re getting warnings or Google has dropped their ranking, or their Pinterest links don’t work right anymore.
Cheap is the MOST expensive thing you can do
I know everybody’s looking for the cheap and easy way.
Let me tell you a story about that. I bought a course on affiliate marketing and was totally put off by the very first recommendations I saw about getting your site ready to become an affiliate marketer.
The hosting recommendation was Bluehost and there were equally egregious recommendations for taking the free and easy route with HTTPS and everything else, like using the Ultimate Nofollow plugin.
And I had to remind myself that this “guru” is not a site tech – just like most others aren’t. And that they are recommending what all the other gurus are recommending and getting a commission off of it.
And, I had to remind myself that they are mostly talking to starry-eyed newbies who have spent all their money on the course and need everything else to be cheap or free.
Those newbies also need everything site related to be easy.
Cheap and easy now will cost you more in time and money down the road.
And every single one of my non-techie, money-making followers is saying Amen right now, because they know why and how all of those recommendations are going to come back to bite those folks in the butt down the road.
And every one of those clients tells me the same thing, “I wish I had found you sooner.”
Newbies Can’t Hear Me
I used to teach a Scratch to Published class. It was 1-on-1 training with a whole library of video tutorials on the basics of using WP.
I’ve thought several times about starting a new course on how to start a blog on the right foot and avoid all of the expensive pitfalls later. But I don’t think I could sell it.
And even though more experienced, money-making site owners say they wished they had found me sooner, the reality is that most newbies don’t have the mindset to hear me.
READ: Moving From A Newb To A Money Making Mindset for more on this.
And again, I want to thank you for finding me and hearing me and acting on what you’ve heard because you no longer have that newbie mindset and you value staying in the know and ahead of the curve and not having panic and worry with your site anymore.
That’s the news from around here. Let’s jump into this week’s tips.
WordPress Tips
WordPress 5.2.4 Security Release
There were several bugs in WP that this release fixed – chief among them were 2 XSS vulnerabilities.
And this is why I have the Pro version of Cloudflare.
It has a Web Application Firewall (WAF) that has about 20 extra security settings including several XSS vulnerability protection walls.
This patches us over with issues like this until the offender can be updated.
And plugins are the greatest offenders – by far. Some of the most popular plugins will have this vulnerability 4-6 times a year.
And you need bridged protection until they put out an update and you have time to see it and do the update.
You can see more in my livestream on the BlogAid Facebook page that I did last night. Or on the BlogAid YouTube Channel.
Gutenberg Tips
Gutenberg vs Page Builders Performance Test
I was pretty thrilled to see this post on the GutenbergHub site with deep performance tests using Gutenberg vs Divi and Elementor.
In all tests, Gutenberg proved to be faster for page load!!!
And that’s one of the reasons I’m so excited about making these new tutorials for you using the Astra Theme and specialty block plugins that give you so many styling choices.
I have been meeting with my webmaster designers and I have yet to see a page builder template that I can’t replicate in Gutenberg.
And I’m going to show you how to build them yourself in the Gutenberg Ninja course too!
Yes, Gute is that powerful now, and I see it as the death of most all page builders if they don’t morph directly into something that runs entirely on Gute.
The new specialty block plugins I cover in the course are the new way to do all of this – and they are free!
Theme Tips
How to Customize an Archive Page in Astra Pro
I believe this is the 3rd week in a row that I’ve included a stellar post from Michelle Phillips of Codefetti as she documents her deep dive into using Astra Themes. And I’m tickled pink to see her latest one on customizing the Archive Page.
Michelle is a fellow webmaster and I’m following her Astra post series with great interest as it gives me a running start with using them.
And she covers them from an experienced designer’s perspective. In other words, she knows tricks that I won’t even begin to cover in my Gute course. I’ll just be doing reviews on the themes, like I did for the Genesis themes.
So, do follow Michelle so you can learn more about why I’m so excited about Astra themes as an excellent alternative to Genesis and Divi.
Hosting Tips
SSL Certificates Not Renewing at A2 Hosting
I’m just sick about this. A2 Hosting was a fine host for so many years and I was proud to be associated with them. But as they made the choice to grow big, fast, they have just gone downhill. That’s been happening over the last 2 years to the point that I finally left back in January. And I’m super sad to say that they have really tanked in the last 6 months or so.
A few months ago I discovered that they made some server change that was blowing out the HSTS security header for my clients and they were no longer on Chrome’s preload safe site list. That’s part of the HTTPS stuff I mentioned earlier.
And then a couple of weeks ago, I was preparing a client to migrate off A2 and the day of migration her site was down because the SSL certificate had not renewed. I re-issued it manually via cPanel and we went on with the migration and I just considered it a fluke.
But last week, one of my webmasters posted in our private Facebook group that one of his clients on A2 also lost their HTTPS status due to the SSL certificate not renewing.
I don’t know what the cause of the issue is yet. There is a tool in cPanel that auto runs to renew the certificate and maybe that has a bug. But if it did, then it would happen at every host that has cPanel, and we’re not seeing that yet. But then, certs only renew every 90 days, so it may take a while for the problem to show en masse.
I’m also concerned with how SSL certificates will renew at SiteGround once they move off cPanel and what tool they will be using and if it requires the same DCV rewrite conditions if you are using Cloudflare or not. Those conditions were written to our .htaccess files by cPanel. And with no cPanel, I don’t know what’s going to become of it yet.
Move to Better Hosting
I’ve already alerted the nice folks at NameHero about a possible cPanel issue. And it sure is nice to be treated as a helpmate by them and thanked for giving them a heads up.
So, they’re ahead of the curve on this, if there is a bug somewhere with cPanel, the AutoSSL tool, or even Let’s Encrypt.
READ: Host Migration Checklist if you’re ready to move to better hosting.
And if all that seems like too much for you to do, then let me help you with it.
See the Site Services page for my migration help.
SEO Tips
SEO for Holiday Posts
I’ve been meeting live with my DIY SEO course members to give them individual help with revamping their old content.
And we just talked about how to revamp your seasonal posts in our most recent live session.
Google needs time to rank your holiday and seasonal posts.
So, you need to get them done early.
Yoast also had a webinar a few months ago about searches for Easter in the fall compared to searches in the spring and how what Google shows in SERPs (Search Engine Results Pages) and how it varies by the season.
And I think that’s something you need to take into account when you are looking at your rank average in Search Console. The time of year you’re looking may play into it.
Video SEO Tips
Google Search Console Video Report
Last week Google launched a new Video Report in Search Console. And now it’s also beginning to send site owners with videos messages if they have any schema markup issues with their embedded videos.
The thing is, most of us don’t have any schema markup for Google to find yet, but we need it because Google eats those extra descriptions up like candy. And it’s a great way to get your video, and the post it is embedded into, ranked higher in search.
Keep in mind that Google loves featuring YouTube videos at the top of search.
And search in YouTube is different from search for blog posts. So, it would be great if you could have the opportunity to get both ranked.
Yoast Video SEO Plugin
As I mentioned in the breaking news livestream of Tips Tuesday last week, I had bet that Yoast would be adding more video schema markup to his Video SEO plugin. And yep, he did!!!
I also mentioned in that livestream why I would be purchasing that plugin and putting it on my Heartwood Art site rather than on BlogAid.
I hope to have time to do that this week because the faster I get it on there, the faster Google will crawl it. And almost every post I have on Heartwood Art has a video too. That was the plan all along. So, I’m especially tickled about this.
And do come join us for the livestream on Tuesday evenings to get the deeper story and breaking news.
Wrap Up
That’s a wrap for this week’s Tips Tuesday.
Gimme some love!!
Share this post with all your blogger buddies to support all the free info and help you get on BlogAid – and help your buddies too!!
Get the BlogAid Tips Tuesday Podcast on iTunes or Stitcher
Subscribe to all BlogAid Posts via email so you never miss anything!
Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.
Hi MaAnna, thank you so much for sharing the latest post in my Astra Series. I really appreciate it! :)
MaAnna: Love Tips Tuesday podcast. I wait for them every week. Thougt you might find this interesting. I have had repeated problems with Let’s Encrypt certificates not renewing at SiteGround for well over a year. The fix is always the same. Since Cloudflare is my DNS Server and possibly because I’m using a Full/Strict SSL/TLS mode for Cloudflare, I have to take Cloudflare out of proxy status and let it pass through and then go to Cpanel on SiteGround and manually renew the certificate. This actually make some sense but it means I have to keep up with all this. Is this normal when a CDN is in the SSL loop?
You’re likely missing the 3 DCV rewrite conditions above your redirects in your .htaccess file. It helps Cloudflare find the acme-challenge and pki keys to renew your SSL certificate.
At one time cPanel wrote those directives for us. But then they flip-flopped and took them out. Then followed one of my suggestions to just put a directive saying where the keys could be found. Then took that out. The put in the dcv code again. And now I’m seeing it missing on most site audits again.
It’s been a nut house. And it’s mostly cPanel’s fault, but sometimes it’s the host’s fault as both of those write things to some of our files without our knowledge or permission.
MaAnna: Thanks for motivating me to check this out.
I had a one hour chat with SG and the bottom line was for auto-renewal of Let’s Encrypt the following settings had to be true according to the SG tech. (we’ll see) :)
1) SG Let’s Encrypt HTTPS Setting with “HTTPS Enforce” set to “On”. (which writes to .htaccess)
2) Cloudflare Setting under SSL/TLS for “Always Use HTTPS” set to “Off”.
3) Cloudflare SSL/TLS encryption mode set to “Full (strict)”
I questioned the 3 DCV rewrites with the tech but they were firm in say if the above settings were correct, Let’s Encrypt certificates would renew automatically. I did find a few domains I have needed fixing so for the moment we will see what happens. PS: I am still on cPanel. :)
Those settings are correct. But they are not correct about the DCV rewrite conditions not playing a part.
FYI, I could have fixed ALL of this in 5 minutes, or a 15 minute live session so you could see it all being done correctly, including the DCV rewrite conditions that you still don’t have.
The host may be free, but your time, and peace of mind aren’t. And how much time, in total have you spent on this already and it’s still not as fully fixed as it should be.
As usual, you are right. :) Is this covered in your webmaster course? Should we take this conversation off-line?
Yep, every bit of it is covered in the Webmaster course. However, that course is overkill for DIY site owners. It’s geared toward folks who make a living setting up and/or maintaining sites. That’s why I offer site audits and HTTPS conversion, so I take care of the techie stuff that is usually 1-off for most site owners.
MaAnna,
I am a newbie. Got a domain & hosting with Siteground. I followed your link in this article to another about https and then linked to the test page. I only have a “coming soon” type of post up and I got an “F”. Below that grade was a list of the reasons why, with code snippets. Are these snippets something I have to put in the theme as some sort of master setting? Or is this something I have to build into a reusable block. I was going to try to build my first website with Gute from the get-go because that seems the logical thing to do. It indicates that these “headers” that are missing.
JJ Huntt
There are several critically important files outside of WordPress that reside at your host, like .htaccess, robots.txt, and more.
These headers, and your HTTPS redirects, and other security measures, go into the .htaccess file.
It’s not something you can get to from within WP and actually has nothing to do with it. Even if you use plugins, they are supposed to write these things to that .htaccess file.
This is the tech stuff that folks hire me to do, and is stuff I check in site audits and https conversions. These are not files that non-techs should be poking in.
Ok got it. So after I build it, I may need to hire you.
The BEST time to secure a site is the minute it goes live so we can hide the host’s IP address and bad bots will never find it.
Security day 1 is more effective than doing it later. If you have a live site, even in maintenance mode, it is at risk of being hacked.
Part of that also includes the https header stuff as some of that comes through Cloudflare, which is also a seriously good security partner to have in your corner.
Don’t wait on security and https!!!!