Tips Tuesday – UpdraftPlus Update, llms vs WebMCP vs NLWeb, GSC AI Tracking

ByMaAnna Stephenson
Tips Tuesday – UpdraftPlus Update, llms vs WebMCP vs NLWeb, GSC AI Tracking

Tips this week include:

  • Critical update to UpdraftPlus
  • Reminder about auto updates
  • AI being used for good
  • New 24 hour delay on plugin update releases
  • Do you need a security.txt file?
  • llms.txt and WebMCP workshop this week
  • Why my bet is on NLWeb
  • Bots make up 57% of site hits
  • GSC adds AI tracking

This post contains affiliate links. Thank you for using them to support the free and helpful info you get from BlogAid.

Plugin and Security Tips

Critical Update to UpdraftPlus

I sent word to my site audit clients and webmasters last week about a critically important update to UpdraftPlus.

They sent an email to all users of the paid version. But if you’re on the free version you may not have received an email.

For those who did not receive an email or see an update available, this is what they said about the versions:

“A patch has already been released and any site using UpdraftPlus version 1.26.5 (free version) or UpdraftPlus version 2.26.5 (premium version, or later, is already safe.”

If you have minor updates turned on, it might have even done the update for you before you got to it.

Reminder About Auto Updates

My clients and I have minor updates turned on for security reasons. The recent Updraft update is a good example of why.

But, we have major updates turned off for both plugins and WordPress.

We do this through code in one of our files instead of through WordPress as it is just easier to manage and we don’t have to worry about configuring a new plugin or such for that setting, nor it getting wiped out in a WP update or such.

Keep in mind that even minor updates don’t run the moment the new version becomes available. 

You may see a notification that a new version is available, and you can manually do that update right then.

Or, you can wait for the next update cron cycle to run and it will do the update for you.

FYI, the cron is WP’s internal clock that keeps all of its core functions running, and carries out scheduled functions like your backup or publishing posts later and such. Some cron jobs run every minute, or once an hour, or once a day or once a week. So, an auto update may not run for at least an hour after WP checks to see if updates are available.

AI Being Used for Good

About 6-8 weeks ago, I mentioned in a Tips Tuesday that there were folks using AI with great effect to help keep our sites safe.

Dusin Hyle, of our favorite Iridium Hosting, introduced me to the work of one of his buddies, Austin Ginder. I couldn’t tell you about all the things Austin was working on then, but I’m delighted to share his work with you now.

The folks at WPTavern did a podcast with Austin about how he is using AI to expose, and fix, hidden threats in WordPress plugins and updates.

Austin has also made a new website to call out companies who abuse the notifications area on the admin side of our sites. 

And here is a list of most of his other open source projects. 

New 24 Hour Delay on Plugin Update Releases

WordPress has decided that all plugin updates need a 24 hour delay before public release to give time for their scanner to ensure that the update is clean.

This change has come about, in part, due to the work Austin Ginder has done, as mentioned above.

You’ll want to read the article yourself for why they are doing this, not the least of which was a dev buying up a whole bunch of plugins and using them for malicious means.

And while I understand the thinking behind it, this new delay might allow more sites to be harmed when there is a patch for something actively being exploited.

That’s not usually the case right now, but who knows if that will hold in this new age of AI finding vulnerabilities and attack vectors so fast.

I suspect that they may revisit and tweak this measure.

Do you need a security.txt file?

The short answer is no.

But, be aware that there are folks now scanning for this to scam folks out of money, much like some folks did a few years ago over accessibility lawsuits. So, you may get an email from one of them at some point.

The security.txt file is only helpful for enterprise sites that have a tech team and no single person to contact.

We could add this file via Cloudflare, but we don’t need to. 

Anyone who needs to contact you about your site already has your info, like the domain registrar, hosting, or Cloudflare.

SEO Tips

llms.txt and WebMCP Workshop 

This week in the DIY SEO course we’ll be revisiting whether we want to add an llms.txt file and/or WebMCP markup to our sites as Google is in the process of re-evaluating their stance on them.

FYI, neither has been adopted as a standard by any AI crawler, and all of them say they don’t use them. I believe that about most of the AIs, as I see what they do crawl, and it’s haphazard, at best. But with Google, they lie to us all the time with what they say they do and what they actually do, so that’s why we need to revisit this topic.

And we’ll have a look at how to implement them too.

My Bet is on NLWeb

IMO, I don’t think llms.txt will ever become a standard. I’ve got my eye on NLWeb for that.

Here’s a nice article from Moz titled WTF is NLWeb? to help you understand how it will ensure sites are ready for the Agentic Web, which is what’s coming.

Bots Make Up 57% of Site Hits

Matthew Prince posted on X that bots now make up the majority of site visits.

He had previously predicted that wouldn’t happen until 2027.

You may recall that 2 weeks ago during the Google I/O conference, they announced that you could now use Google Search to create your own AI Agents to continuously search the internet for you to find a deal or keep tabs on news or such.

So, I suspect when more folks start using this, and other 3rd-party agents, the percentage of human visitors to our sites will drop into further minority status.

Humans are going to read AI Agent summaries first before clicking over to sites.

But that’s for now.

AI replies are getting worse, not better.

I believe there will be an end in sight to AI summaries as folks will dump search engines altogether at some point for the info they need. That includes chatbots like ChatGPT too.

GSC Adding AI Tracking

Well, it’s about damn time, Google!!!

The new report is called Search Generative AI performance.

I have yet to see this new metric in my Google Search Console, as they are doing a limited rollout.

But they say it is coming to everyone soon.

Please keep an eye out for it and let me know when you see it.

blank

MaAnna is a geek who can still speak in plain English. She helps DIY site owners plus webmasters and designers create sites that are secure, perform well, and get noticed by search engines and readers.

Leave a Reply

Your email address will not be published. Required fields are marked *