Hello Happy Site Owners and Webmasters!
Tips this week include:
- Multiple tips and myth busting for DIY site owners
- Why I had to mute a few Facebook groups
- 11 new Gutenberg Ninja tutorials are now live, including full page examples for home, landing, optins, and more
- WordPress 5.3.1 is out
- The difference in major and minor releases and which one auto updates
- Why you need to get on the Cloudflare Pro for better security
- Why security plugins don’t work and what they’re really doing to your hosting resources
- Why you must get a site audit checkup
- All of the site audit client perks you get for free, including where to find info I don’t release to the public
- Which is the best hosting, and why most replies to that question are useless
- The truth about why migrating to a new host is harder than it used to be
- Checking on the Yoast SEO Search Index Purge plugin and why I think it may not be working and what to do about it
- Why to stop using an incognito window to check ranking
- Why you need to check your WP Fastest Cache settings now
- Why I’m suggesting you embed Google Analytics code instead of using a plugin
- The bot hits that Google Analytics is not counting that are costing you money
- A check to see if you are using the WP Rollback plugin correctly
- Why I suggest doing a full purge after plugin updates, and how to do it
- What’s in the email you get from Amazon S3 for your backup file storage, and why not to freak out about it
- A way to check that your backup is getting everything you need to fully restore your site
Listen to the Podcast
Join me Live to Discuss Tips Tuesday
I hope you’ll join for tonight’s livestream at 7pm ET / 4pm PT on the BlogAid Facebook Page. It’s a great way to get the deeper story on what’s reported in Tips Tuesday. And, I almost always have breaking news for the day too. So come join us live for the party.
Whew! What a rollercoaster week it’s been around here!!
I’m in a bunch of industry-related Facebook groups. Some are advanced site and security things. And others are blogger groups of various expertise level.
I had to leave one of those newbie groups because I just couldn’t tolerate reading all of the super bad advice from the admin. Things like using Bluehost.
I know, I can hear y’all groining.
But the fact is, you didn’t know any better when you first started out either, and you listened to whoever was making money in a way you wanted to make money and just did what they said until you learned better.
And then there is another group that constantly advocates new bloggers start making their own products to sell. And generally that’s some type of course on how to start a blog based on their extremely limited experience and knowledge.
So, we end up with the blind leading the totally ignorant and it’s a horrible cycle of repeating the bad advice they got from some guru who doesn’t stay in their lane with what they know and just gives folks an affiliate link to bad hosting and resource hog premium plugins.
That cycle is making me so crazy that I just had to turn it off for a while. But I believe I might just be mad enough to really start attacking it next year. We’ll see.
But, I also had to temporarily mute another group that has more knowledgeable folks for the most part because they know blogging, but not site tech related things. And I just could not take any more posts where I saw that a newish blogger was about to make a mistake that would be very expensive for them down the road, and my advice to them get drowned out by the ignorant masses.
And ALL of my site audit clients can say amen to that because you get drowned out too.
And that includes advice from some of the more established bloggers who are making a full-time living giving out tech advice that hasn’t been true for the last 5 years.
Some days I just have to walk away to save my sanity and realize that groups like that are just seeding my business for the next two years.
I can only help those who have already run that newbie gauntlet and woke up to the fact that they need to invest into making their site fast and secure, learn SEO, and get up to speed with where WP is going, like Gutenberg.
So, today’s tips are focused on some of the most frequently asked questions I see in those groups.
And I also have some memory jogging tips for all of my site audit clients, to remind you of things we covered, but you may have not retained due to the sheer volume of education you received during that process.
Plus, we’ll do a little myth busting while we’re at it, for things I don’t normally cover in my post, but more in my courses and such too. So, today’s podcast is a little longer than normal.
On a happier note – WOOT!!!!
I am thrilled to tell you that 11 new tutorials have been added to the Gutenberg Ninja course.
Oh, those were a LOT of fun to make!!!
There’s a new tutorial in the Ultimate Addons for Gutenberg section. I just love that little plugin which is made by the nice folks that also make the Astra theme. That brings the total count of tutorials for that plugin to 11 and you’ll find them in the Specialty Blocks section.
And then I added 2 new sections:
- Page Elements – with 2 new tutorials with multiple examples of eye-catching optins, CTAs, and pricing tables that are all so easy to create with Gutenberg.
- Full Page Examples – with 8 new tutorials taking you step-by-step through all kinds of full page layouts, like home and landing pages, event with countdown timer, optin, product with pricing tables, downloadable page, and more.
I took screenshots of them so you can see just how powerful Gutenberg is and all you can do with it, and why you don’t need a page builder or templates, or services anymore.
Gutenberg Webinar in the works
Right now I’m putting together a free webinar to show folks the awesome power of Gutenberg first-hand, and allow folks to ask questions and I’ll answer them live, including creating whatever it is right on the spot.
I think that’s the best way to help folks get over the scary of switching to Gute – just let everyone have a good look at it and see what it does – and what they can do with it!!!!
I’ll give you as much advance notice as I can for when I’ll be running that webinar.
And a quick reminder that you have not missed out on the savings for my courses, including:
- Gutenberg Ninja
- DIY SEO
- Webmaster Training
Plus, site audits booked in Dec get a discount too.
Now, the audit itself won’t happen in December, as I’m booking into February at this point. So you won’t pay until after the audit is done, which is maybe a couple of months from now. But you have to book before Dec 31. So get on that list.
That’s all the news from around here. Let’s jump into this week’s tips.
I can’t believe it took this long to get some of the bug fixes in WP 5.3 released but it’s finally here.
Difference in minor and major releases and auto updates
So, let’s talk about the difference in major and minor releases and which one auto updates and why.
Going from WP 5.2.x to 5.3 is a major release. And it does not auto update.
Going from WP 5.3 to 5.3.1 is a minor release. And it does auto update.
Those are also called point releases.
And you want them to auto update as many contain security fixes.
Your plugins are the same way. Many of them now have a setting to auto update for minor, or point release updates in the background and for the same reason. Many of those not only contain bug fixes, but they also have security fixes too.
Get Out of Host Auto Update
If you are on SiteGround, you need to get out of their auto update program for WordPress. See this post for the exact wording to put in your support ticket to ensure they do that the right way.
Also keep in mind that I’m speaking here to my clients, none of whom pay extra for true managed hosting where they take care of updates and backups for you. If you’re in that sort of setup, then you need to be extra careful about following some of my tech advice, as that’s not the situation I cover.
Get on the Cloudflare Pro Plan for better security
There are 10-15 new plugins and themes a day that fall prey to at least one of the two most common security vulnerabilities with WP sites.
- XSS – Cross Site Scripting
- MySQL Injections – writing things to your database
The Cloudflare Pro plan has a WAF (Web Application Firewall) that protects you against both of those vulnerabilities until the plugin or theme, or even WordPress itself can be patched.
It also protects you from 20+ other OWASP type attack vectors – and these are now THE most popular way for hackers to hammer a site.
And Cloudflare does all of that for you BEFORE any of it hits your hosting.
And no, I don’t have an affiliate link for you to use to upgrade. They don’t offer one.
But I do offer a live session to help you with all of the settings, especially that WAF.
Security Plugins Don’t Work
ALL security plugins do it AFTER it hits the hosting, which chews up the resources you are paying for, and leaves fewer of them for human visitors.
These behemoth plugins are resource hogs from hell and don’t really protect your site.
They are, at best, just giving you a very false sense of security.
It takes more than what they do.
I don’t use them because I hard code the security at your host, including slamming the door on the hacker’s favorite way to hammer your login page. And no, I don’t move the login page to accomplish that, because that doesn’t work either.
And then we combine that with Cloudflare. Even the free plan kicks thousands of bots to the curb before they hit your site.
READ: What Celebrity Homes and Secure Sites Have in Common for more details about good ways to kick bots to the curb.
Why you MUST get an audit checkup
I was doing an HTTPS conversion for a site audit client, and in the pre-checks I found that all of the security I hard coded into 2 of her files, that are below the WordPress files, got completely wiped out.
She was having trouble uploading a new premium plugin. It said the file size exceeded her hosting limits. That’s a simple change to the PHP settings to raise that limit.
And when the host did that for her, it wiped out one of those files and wrote the new PHP settings into it.
That, or a plugin she installed to fix that issue wiped out that file.
Either way, it was toast.
That file contains not only security settings, but HTTPS redirects and HTTPS security headers, among other things.
I had another site audit client work with a theme designer who ignorantly used a migration technique from the new dev site to replace the existing site that wiped out all security everywhere, including files that are below WordPress.
Thank goodness these folks came in for other services or a checkup not long after that and we were able to get those things fixed.
They didn’t get hacked, thank God, but all manner of other bad stuff happened, like filling up their databases we had just cleaned, with tons of revisions, and way more bot hits in places they should not have access to. That turned into more spam and other issues they could see. Not to mention slowing down the speed of their site.
So, it’s imperative to get a site audit in the first place, but it’s just as important to have a checkup every 12-18 months too.
Things change all the time with security and speed.
And then you change things all the time too, and those could wipe out all of the work you just paid to have done.
If you need work done on your site, for gosh sake’s check in with me first. We have a private Facebook group and member area for site audit clients too, and that’s a great place to check.
I don’t really want to make my living from cleaning up the mess made by hosts and designers ignorant of your security setup. I’d rather help you avoid that!!! And possibly avoid a hacked site too.
Site Audit Client Perks
If you have gotten a site audit, then you have lots of extra perks available.
Those include our private Facebook group for asking questions.
And, you have access to our private member area on the BlogAid Learning Center.
There you will find a doc with reminders of all the stuff that was done for you in your site audit fixes and cleanup.
Plus you’ll find video tutorials that I don’t release to the public too.
And of course, you get all manner of discounts on my courses and such too.
So, if you’re not in those things, check our wrap up email I sent you for the invitations, or just contact me directly and I’ll send them to you again.
Which is the best host?
There is no single best host – it depends on your needs.
Here are a few of those needs:
- How much disk space are you using?
- What are your human traffic stats in analytics?
- How much extra good and bad bot traffic do you have based on your security or lack of it?
- Do you need the host to handle all backups, updates, and technical, and security, and have knowledgeable folks you can call about every little thing, or do you want to handle most of that yourself?
If you don’t provide all of that info, and folks who reply don’t address it, the answers are meaningless in that they based are on limited experience and only address their needs, which may not be yours.
Plus, every group is going to have a majority favorite. If you ask in 10 groups then you’ll get 20 different answers. Because there will be 2 favorites in each group.
Most bloggers in these groups talk about how the host makes them feel. To me, that’s not the highest criteria for what makes for a good host.
And I just love it when one of them says they have been at some junk host for the last several years and have had no problems.
Come get a site audit – I’ll show you the problems.
They likely have zero idea how much money they are losing by being at that junk host, mainly due to slow speed, which impacts SEO and viewer attention. They also may not know how many email addresses a hacker is stealing out of their database from comments and contact forms. They also may not know how much they are overpaying in hosting due to all of the bad bot hits.
READ: The Worst Website Advice You’ll Ever Get to see why you need to stop asking folks who never actually test anything about techie site stuff. Ask a mechanic which is the best car to drive, not random drivers as they pass by in a parking lot.
Migrating to a new host is harder than it used to be
Back in the day when most every host used the same server setups, migrating from one to another was a piece of cake.
That hasn’t been true now for five years.
The hosting environment between hosts like Bluehost, SiteGround, and NameHero are all totally different from one another.
In fact your site files, as they sit, won’t even run on the new host if you move from any one of these to any other one of these.
Now, the new host will remark out the things they know will break your site, but they don’t remove it. Nor do they remove the other files that could cause conflicts and issues.
There are 30 elements I have to remove after migrating folks off SiteGround.
And when folks migrate from Bluehost, or GoDaddy, we have to be prepared for the new host to have found malware on the site and get that cleaned up first. And then be prepared to immediately put in security measures to hide their new IP address.
My site audit clients are appalled when they see just how much junk was leftover from a previous migration, and how much better their site runs once all of that stuff is cleaned out.
So yes, most good hosts will do a migration for free for you.
But, that’s not all you’re going to want done anymore.
For example, you want to ensure that everything connected to your site is properly deleted at the old host. That’s way more than just your WP site files. And it takes deleting things from the host’s trash, cache, and backup files too.
Plus, you’ll want your SALT keys and other security measures rotated at the new host, so there’s no chance that bad bots that might have gotten that info at your old host can follow you over and hack things again at the new host.
READ: Migration Checklist to see what all is involved now.
Check Your Yoast SEO Search Index Purge Plugin
If you got popped in the Yoast SEO 7.0 update where it exposed all of your image attachments pages to be crawled and indexed, and you installed his purge plugin to get rid of them, you need to check to see if it’s still working
In a recent site audit I saw it throwing PHP errors every day since March.
And many of my clients report that after all this time it still has over 1k links to purge on their site.
Yoast initially told us it would take maybe 6 months.
That was 1.5 years ago.
Now, Google did radically reduce their recrawl budget within a few months of that happening. And that might have a lot to do with why it’s taking so long. But, I’m not sure the plugin is actually helping as much beyond removing the things from your sitemap as it’s now a matter of Google just giving up on looking for those links.
I did a quick check on the plugin’s Support section in the WP plugin repository and lots of folks are reporting that it’s taking too long to get this resolved. The only viable suggestion I saw was to resubmit your XML sitemap to force a new crawl. But I’m not sure that would do much good as you’ll still be under the same limited recrawl budget.
So, be sure to check your Google Search Console reports and ensure this thing is still working, even if slowly.
Stop using an incognito window to check ranking
It doesn’t work!!!!!!!!!!!!!!!!!!!!!!!!!!!!
All it does is not store browsing history for that session.
It does NOT negate your IP address, location, previous search history, and all of the other personal data the browser is tracking on you.
Use Google Search Console to see your average rank for a post.
And keep in mind, that average could be radically impacted by the time of year you look at it.
This is something I cover in my DIY SEO course too.
Check WP Fastest Cache Settings
I think maybe two updates ago there was a glitch in this plugin that turned on the separate mobile cache. I’ve seen it on a few site audits lately, and on my own sites.
I’ve been in touch with the developer, but have not heard back about it.
So, I’m asking you to go to the settings and ensure both of those mobile directives are turned off. They are near the top.
Then save your settings at the bottom.
And then check them again in a couple of days to ensure they stay off.
READ: WP Fastest Cache Settings for details on all of my recommended settings for this super plugin that actually beats WP Rocket for speed these days too, on the paid version. So do consider updating to that if you’re not already on it. And thanks for asking if I have an affiliate link for it. I don’t because he doesn’t have an affiliate program. I always recommend what the test data says works best, not on whether I can make money from it or not. And it’s cheaper, as you only pay once, not annually.
Analytics – Go to Code
I’m now advising folks to use the code Google Analytics gives you to put on your site rather than using any plugin for this.
The top two plugins are owned by the same company and they are collecting data from you for their paid services.
It’s easy to add the code directly into the header on both Genesis and Astra themes.
You can also use a header/footer script plugin for it.
And I show this in the Google Connections section of my DIY SEO course too.
Bot Hits Not Counted
Now, keep in mind that Google Analytics only shows human visitors.
To see all of the bots, good and bad, that are hitting your site, you’ll need to look in your hosting control panel at something like AWStats.
You’ll also see hits from social media bots like Pinterest too.
And those need to be calculated into your site traffic as a whole when you are looking at hosting package resources as well.
And this is why it’s so important to get proper security to get rid of those bad bots. There are more of them hitting your site than you realize, by a factor of 100x more than your human traffic.
And this is just some of the data we collect during a site audit too.
Are you using WP Rollback correctly?
The WP Rollback plugin is a thing of beauty.
It allows you to revert to a previous version if a plugin update goes sideways.
But, having WP Rollback installed is not enough.
You must also use the method in this post when doing the updates
Else it has no chance to work and allow you to rollback if you get a whitescreen of death or such.
Purge After Updates
These days I’m recommending that folks purge all cache after doing plugin updates.
You’ll want to check your site immediately afterwards, and then again in 10 hours if you use Cloudflare, as it may take that long to fully purge the deeply cached things.
READ: How to Delete Cache Everywhere for details.
I recommend folks use Amazon S3 storage for their backup files, as you need to store them off your host, and you need to keep several month’s worth of backups.
With AS3 you get 5GB or one year for free.
You’ll get an email when you get to 85% of that 5GB.
Thereafter you’ll pay about 10 cents a month.
So, don’t freak out about overages or think you have to go clean things out.
Just let it be and it will clean itself when you get to the limit you set in UpdraftPlus.
Ensure your backup gets everything
There’s more to backing up a site than just getting the database and your WP files.
READ: Backup Checklist to ensure you’re getting everything.
READ: UpdraftPlus Plugin Series to see the difference in the paid and free versions and what you may be missing.
That’s a wrap for this week’s Tips Tuesday.
Gimme some love!!
Share this post with all your blogger buddies to support all the free info and help you get on BlogAid – and help your buddies too!!
Subscribe to all BlogAid Posts via email so you never miss anything!
Be sure to visit BlogAid.net for more tips and resources and I’ll see you online.