In a previous post from April 2018, Testing WordPress Performance and Site Speed, I discussed an article describing five online tools for testing the page load speeds for your website. Google PageSpeed Insights Pingdom GTmetrix WebPagetest YSlow Browser Plugin Most of these simply test a webpage from the URL submitted and report relative site speed of that page (it’s not always clear relative to what exactly – presumably all other webpages that tool has tested) and then make suggestions on how you can improve the performance of that page. Pingdom allows you to select from one of three locations to use to test your page load speed. WebPagetest expands on this by offering a choice of several locations around the world and in addition allows you to check your page speed with a choice of browsers and devices. More recently, I learned about a new online tool which is similar to those discussed above but with several significant improvements: Website Speed Test | Dotcom-Tools. Dotcom-Tools adds the following features to those offered by their competitors: Tests browser-based load time of all page elements Detects slow or missing elements Tests from your selection of Chrome, Firefox, Internet Explorer, or various mobile web browsers Provides a complete waterfall report with charts and graphs Displays results from nearly two dozen global locations all in the same report Conducts tests from each location twice, with the second visit cached to allow you to estimate the effectiveness of the various caching systems used by your page These tests are all absolutely free with no sign-up required. Dotcom Web Site Monitoring also offers a selection of various paid plans as well. In addition to the features of the free service described above, the Pro plans offer Website Performance Monitoring starting at $7.99 USD per month for
The new Gutenberg editor is coming soon to WordPress. Some welcome this change. Some disparage it. Whichever camp you fall into, if you manage client sites you may want to disable it temporarily (or permanently) for client sites, either site-wide or for certain types of posts. The good news is you can now easily do that. How to Disable Gutenberg: Complete Guide by Jeff Starr, DigWP.com April 18th, 2018 Gutenberg soon will be added to the WordPress core. This is great news for some, not so great for others. With 99.9999% (estimate) of all WordPress sites currently setup to work without Gutenberg, the massive changes barreling down the pike are going to affect literally millions of websites. And as swell as the whole “Gutenberg” experience may seem, the simple truth is that a vast majority of site owners will not be prepared when it finally hits. Nor will many small business have time or budget to test and update client sites to accommodate ol’ Gut’. If that sounds like your situation, you basically have two options: Buck up and fork out your time and money to test and update all existing client sites for Gutenberg. OR, simply disable Gutenberg until you are ready for it. The easiest way to disable Gutenberg is to install my free plugin, Disable Gutenberg. It is a simple plugin focused on one thing: disabling Gutenberg and restoring the default classic WP Editor screen. Just enable the plugin, choose your options and done. Options include: Disable Gutenberg completely (all post types) Disable Gutenberg only on specific post types Disable Gutenberg for specific user roles So it’s flexible yet simple, and super easy to use. Check out the documentation and homepage for more details. More options… I will be testing both the Disable Gutenberg plugin and a second
5 Tools to Test WordPress Performance and Site Speed WPExplorer January 10, 2018 The following tools will give you a complete picture of your website’s performance. You can use a single tool, or use them all in conjunction to cross-reference website data. 1. Google PageSpeed Insights PageSpeed Insights is a brainchild of Google. This nifty web app measures your site’s performance across multiple devices, including desktop and mobile browsers. This is useful if your visitors are accessing your site from a variety of screen sizes and devices. 2. Pingdom Pingdom is a free tool that gives you full-site performance information including load time, page size, as well as a detailed analysis of each page on your website. Best of all, this app saves your performance history, so you can track if your efforts to improve loading times are working. 3. GTmetrix The report that GTmetrix generates will show you a complete history of the website’s loading speeds, as well as a detailed report that suggests ways to improve the performance of your website. Beyond the initial page analysis tools, this web tool also has a video playback feature that enables you to see where the loading speed bottlenecks occur. 4. WebPagetest WebPagetest gives you your site’s loading speed and a grade breakdown of your site’s performance. It’s unique in that it allows you to select a country to view your report from, so you can see how your site performs across the world. This is useful if you have a large overseas user base. 5. YSlow Browser Plugin YSlow is a browser plugin that lets you track the performance of any site you’re currently visiting. It doesn’t give you the actual load time, but it does break down over 20 different performance cues. This can help you compare other competitors site’s within your niche to see
Automattic Releases WordPress Plugin for Facebook’s Instant Articles by Sarah Gooding, WordPress Tavern March 7, 2016 Today the WordPress.com VIP team released a plugin for Facebook’s Instant Articles, which will be open to any publisher starting April 12, 2016. Automattic partnered with Facebook and VIP-Featured-Partner agency Dekode to produce a plugin that outputs a compliant feed of posts wrapped in the required markup for Facebook. Instant Articles for WordPress is now available on GitHub and is also coming soon to the WordPress plugin directory. Publishers must go through a review process to ensure that their posts are properly formatted and compliant before being allowed to push content via Instant Articles. Once approved, articles will load nearly instantly on mobile devices. According to Facebook, the speed is as much as 10 times faster than the standard mobile web. Read more… The WordPress plugin is available at Facebook Instant Articles for WP — WordPress Plugins. This plugin adds support for Instant Articles for Facebook, which is a new way for publishers to distribute fast, interactive stories on Facebook. Instant Articles are preloaded in the Facebook mobile app so they load instantly. With the plugin active, a special RSS feed will be available at the URL /feed/instant-articles. Developers: please note that this plugin is still in early stages and the underlying APIs (like filters, classes, etc.) may change. Feed submission to Facebook Facebook has a review process where they verify that all Instant Articles are properly formatted, have content consistency with their mobile web counterparts, and adhere to their community standards and content policies. You will not be able to publish Instant Articles in Facebook until your feed has been approved. It’s important to note that if you use meta fields to add extra text, images or videos to your Posts, Facebook will
Automatically make phone numbers clickable on smart phones and tablets I just came a cross a plugin for WordPress sites called WP Phone Number. This is a simple but ingenious little plugin that does what it says it can do without any fuss or fanfare. There are no settings for this plugin. Simply install and activate the plugin and it automatically turns any telephone numbers on your WordPress site into clickable call links! And the beauty of this plugin is it only does this on smart phones or tablets! Nothing changes for anyone visiting your site from a desktop computer or laptop. They won’t see anything different. But those viewing from a smart phone or tablet will see a clickable link. Tapping on that link will automatically dial the phone number and bring up a little message box indicating that’s what it’s doing – with an option to cancel if this action was triggered unintentionally. Beauty! You have to love little tech gems like this.
For some time, I have been using Contact Form 7 on a number of WordPress sites together with one of the noCaptcha-reCaptcha plugins from wordpress.org. However, after a recent update of Contact Form 7, the pages no longer showed any Captcha form at all. After some investigation and a bit of trial and error, it turned out that Contact Form 7 now includes its own Captcha integration. The other (now redundant) Captcha plugin interefered with the CF7 display and they cancelled each other out. This was the case with two different supplementary Captcha plugins. The fix is quite simple and all done from your WordPress Dashboard: Deactivate and delete the now redundant extra Captcha plugin(s) Go to Contact Form 7 Integration Enter your Google reCaptcha keys there Then edit any and all contact forms for your site to ensure that the shortcode [recaptcha] appears just before the submit button. And that’s it! You now have a working reCaptcha form on all your contact forms again.
The WordPress Security Learning Center – Wordfence Wordfence.com December 16, 2015 The makers of the WordPress security plugin, Wordfence and Wordfence Premium, announced a new free feature today: The WordPress Security Learning Center – Wordfence. It includes tutorials from beginner to advanced and developer level. Everything from WordPress Security basics, security threats and attack types to guides for developers to help them avoid writing vulnerabilities and to penetration test their own code. The Learning Center is a completely free resource. No registration is required and absolutely no payment is needed. We have put this together as a resource for the WordPress community to do our part to help secure WordPress as a platform. This new resource should prove to be an excellent resource for beginners to seasoned WordPress users. The articles and videos are written and designed for anybody wanting to learn more about WordPress Security; also, a great selection of back-to-the basic resources for any WordPress Network Pro or Admin, computer sciences (Comp Sci) student and professors too. They also include information on what to do if your WordPress site has been hacked. Check it out here: The WordPress Security Learning Center – Wordfence Disclaimer: I have no association or affiliation with Wordfence. However, I do use Wordfence on all my sites and on sites I create for others, and I highly recommend it to anyone.
How to Scan Your WordPress Site for Potentially Malicious Code WPBeginner.com August 11th, 2014 If you don’t like the video or need more instructions: Theme Authenticity Checker (TAC) Theme Authenticity Checker is a free plugin that scans all of your WordPress theme files for potentially malicious or unwanted code. Often hackers target themes to inject links, so this plugin is a good way of checking for that. Exploit Scanner Exploit Scanner is another free WordPress plugin that is much more robust than the Theme Authenticity Checker because it search all files and database of your WordPress install. It checks for signs that may indicate if your installation has fallen victim to malicious hackers. Note: this does return a lot of false positives, so you have to know what you are doing to see if the error is really malicious or if it is ok. Sucuri Sucuri is by far the BEST WordPress security scanner out there. They have a very basic free site scanner, which checks your site to see if your site is doing ok. But the real value is in their paid version. See our article: 5 reasons why we use Sucuri to improve our WordPress security for detailed overview. In short, once you install Sucuri, it automatically monitors your website 24×7 against all threats. It audits all the activities that happen on your site to keep track of where things went wrong. If something looks fishy, Sucuri blocks the IP. They also send you alerts if they notice something going on with your site. Last but not least, they offer a malware cleanup service which is included in the price of their service (no matter how big or small your site is). WordFence Not mentioned in this article is WordFence, another free WordPress plugin which I personally
WordPress has become increasingly popular as a platform for creating highly customizable responsive websites. And of course this makes it increasingly attractive as a target for hackers and spammers. To help guard against this, here are a couple of plugins that help to at least minimize unknown vulnerabilities. Your first defence should be to ensure that you keep WordPress itself and all your plugins and themes up to date. WordPress and the WordPress community is very good at reacting to security threats and vulnerabilities as they are discovered and typically patched or updated versions are made available within a few days. But the patches won’t do you any good if they are not applied. Advanced Automatic Updates by pento adds extra options to WordPress’ built-in Automatic Updates feature. On top of security updates, it also optionally supports installing major releases, plugins, and themes. If you use this to keep your themes updated, please see Don’t let WordPress theme upgrades break your site to avoid losing your theme customizations. Plugin Vulnerabilities by White Fir Design alerts you when any of your installed plugins contain known security vulnerabilities, as well as warning you of vulnerabilities in other versions of those plugins. This will at least make you aware of an issue until the plugin updater can instgall a patched version. Finally, Wordfence Security by Wordfence is a must have plugin for any WordPress site. From the plugin description: Blocking Features Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected. Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall. Report security threats to network owner. Rate limit or block security threats like aggressive crawlers, scrapers and bots