I have been seeing more contact form spam in the past month or so from my own WordPress sites and clients are reporting the same. I assumed this was human spam and that little could be done to prevent it using the usual automated measures against spambots. However, while making changes on one of the sites, I noticed: that the form was no longer working, displaying a “There was a problem. Your email could not be sent.”, or words to that effect. that the reCaptcha 2 form was not being displayed below the form. I was vaguely aware that current versions of Contact Form 7 supported reCaptcha 3. What I failed to appreciate was that these versions were not backward compatible in that they no longer supported reCaptcha 2. That means, depending on the site, either visitors attempting to use your contact page were not getting their messages delivered; or messages sent via the form were no longer being intercepted by reCaptcha. If you use Contact Form 7 on any of your sites, make sure that you update them to reCaptcha 3: go to reCAPTCHA: Easy on Humans, Hard on Bots scroll down to the bottom of the page listing your sites and create a new listing for your domain to use reCaptcha 3 (there does not appear to be any way to just update a version 2 listing to version 3) delete your old site keys under the Integration option for Contact Form 7 and replace them with the new reCaptcha 3 site keys (Note: since these site keys apply to a domain plus any subdomains or subfolders under that domain, don’t delete your reCaptcha 2 keys until you are certain that you don’t have an application still using the old version. In particular, note that any custom HTML
Not everyone is happy about the new WordPress Gutenberg editor. Here’s a good summary about how to use it and how to avoid it (for now anyway) if you don’t want to use it: Official Resources for the Gutenberg Block Editor by Jeff Starr, DigWP.com December 14th, 2018 Just a quick post to share some recommended useful resources for anyone working with the new Gutenberg Block Editor. Learn more about Gutenberg There are many official posts that are useful in specific contexts. This list focuses on just the main resources for learning more about Gutenberg Block Editor. Starting points for digging in and branching out. Gutenberg Handbook Gutenberg Designer & Developer Handbook WordPress 5.0 Field Guide Gutenberg Media 5.0 Guide Blocks, Plugins, and You Any one of these resources will open many doors for further learning and exploration of the Gutenberg Block Editor and related WordPress features. Gutenberg Alternatives The Gutenberg Block Editor has come a long way since it first began as a plugin. But not everyone is ready for the changes. Some folks like myself prefer the original “classic” editor. So for anyone looking for alternatives to Gutenberg, here are some resources that may be useful. Classic Editor — official plugin by the WP team to restore the Classic Editor, already over 1 million active installations. Disable Gutenberg — free WP plugin that completely disables all traces of Gutenberg and restores the Classic Editor. Includes robust options for custom configuration and selective enabling of the Block Editor. ClassicPress — the new “Gutenberg-free” version of WordPress (forked at WP 4.9) that’s focused on providing a reliable, consistent CMS. Read more…
I recently started a test drive of a neat WordPress widget plugin called the Google Reviews Widget by RichPlugins. I’m using the free version at the moment which you can download from WordPress.org here. The plugin boasts the following features: Display up to 5 Google business reviews per location Keep all reviews in WordPress database Shows real reviews from G+ users to increase user confidence Easy search of place and instantly show reviews Nofollow, target=”_blank” links Zero load time regardless of your site Works even if Google is unavailable The plugin does what it claims and creates a nice display in your sidebar of up to 5 reviews. The current free version is a bit quirky. I hadn’t really promoted my Google My Business page for this site other than registering some basic information (the cobbler’s shoes phenomenon) so I only recently started supplying the Google Reviews link to clients). When I first installed it, there were only two reviews and the plugin grabbed and displayed those just fine in the sidebar. However, when a third review was added, the plugin didn’t pick that up, even though obviously I was well within the 5 reviews limit. An email to the plugin support page was answered promptly on Monday morning, instructing me to add a sec0nd instance of the widget to force an update (see below) and then delete it once the reviews in the database were updated. This worked, although of course it would be a pain to have to do that repeatedly. I’m not certain whether the authors were suggesting this as a fix if the plugin gets stuck or whether this is a known bug that might get fixed in a future update. According to their support forum, Both plugins (free and paid) use the Google Places API
I recently upgraded a forum to Xenforo 2. This was a major upgrade with a bit of a learning curve to convert everything from the previous version, Xenforo 1.5.21. I won’t pretend it wasn’t challenging but it was made a lot easier by the help and support from four individuals in particular who went out of their way to help during this process and to provide fast support, even on the weekend and late at night to get the forums back online. First, I need to thank two people from Xenforo, for providing advice and support beyond the call of duty: ChrisD and Slavik. Second, Russ from Pixel Exit. Pixel Exit are the designers of some excellent Xenforo forum themes or styles. Russ never seems to sleep! It seems like no matter what day of the week or what hour of the day or night I submitted a question in a support ticket, he was back with a solution usually within an hour or two and sometimes within a matter of minutes. And third, but by no means least, AndyB, the author of numerous addons at XF2 Addons which we are using both currently and in the previous forum software version to add extra features to the forum.
With recent browser updates, it appears that the popups asking whether you want to allow Push Notifications from websites you visit have become more aggressive – or perhaps it’s just that more websites are using this feature. We have nothing enabled on this site to use these popups but here is how to disable these annoying popups in the three major browsers for Windows. Disable all push notifications in Chrome How notifications work By default, Chrome alerts you whenever a website, app, or extension wants to send you notifications. You can change this setting at any time. If you’re browsing in Incognito mode, you won’t get notifications. Allow or block notifications from all sites On your computer, open Chrome. At the top right, click More > Settings. At the bottom, click Advanced. Under “Privacy and security,” click Content settings. Click Notifications. Block all: Turn off Ask before sending. Block a site: Next to “Block,” click Add. Enter the site and click Add. Allow a site: Next to “Allow,” click Add. Enter the site and click Add. Choose to block or allow notifications: You can also block any sites or apps from sending you notifications. Disable all push notifications in Firefox Open up Firefox, click on the Menu button at the top right, and click Options. Click on Privacy & Security in the left pane. Scroll down to Permissions > Notifications. Click on Settings to the right of Notifications. If there are any websites already listed as okay, click on Remove All Websites. Check the box next to Block new requests asking to allow notifications. Click Save changes. Disable all push notifications in Edge Start Edge and click on the More button at the top right. Scroll down to View Advanced Settings. Scroll down to Website Permissions. I think you
Google Public DNS turns 18.104.22.168 years old by Alexander Dupuy, Software Engineer, Google Online Security Blog August 11, 2018 Once upon a time, we launched Google Public DNS, which you might know by its iconic IP address, 22.214.171.124. Sunday, August 12th, 2018, at 00:30 UTC marks eight years, eight months, eight days and eight hours since the announcement. Though not as well-known as Google Search or Gmail, the four eights have had quite a journey—and some pretty amazing growth! Whether it’s travelers in India’s train stations or researchers on the remote Antarctic island Bouvetøya, hundreds of millions of people the world over rely on our free DNS service to turn domain names like wikipedia.org into IP addresses like 126.96.36.199. Read more… If you haven’t tried Google DNS or other DNS alternatives like OpenDNS, there is a free small utility called DNS Jumper that makes it easy to scan and identify the fastest DNS server in your area, with speed comparisons to all the others tested switch to the DNS server of your choice switch back to your original default DNS server (usually the one used by your Internet Service Provider or ISP) at any time Download DNS Jumper 2.1 for Windows at: Download DNS jumper 2.1 (Free) for Windows
Mozilla’s new Firefox update puts user security at risk with TRR feature by AnkitGupta, TheWindowsClub.com August 7, 2018 Mozilla is all set to introduce two new features to its Firefox browser in its upcoming patch. Called as ‘DNS over HTTPs’ (DOH) and Trusted Recursive Resolver (TRR), Mozilla says that they are meant to enable additional security, with many security experts thinking otherwise. Signaling out TRR among the two, security experts at Ungleich say that this feature by default routes requests with a 3rd party service; thus making it less secure. With Trusted Recursive Resolver (TRR) turned on as default, any DNS changes that a Firefox user configured in the network will be overridden. This is because Mozilla had partnered with Cloudflare and will resolve the domain names from the application itself through a DNS server of Cloudflare located in the US. This allows Cloudflare to read user’s DNS requests. Lashing out on Mozilla for advertising TRR as a feature that ‘increases security’, the security expert at Ungleich mentions, “From our point of view, us being security geeks, advertising this feature with slogans like “increases security” is rather misleading because in many cases the opposite is the case. While it is true that with TRR you may not expose the websites you call to a random DNS server in an untrustworthy network you don’t know, it is not true that this increases security in general.” Cloudflare on its part, though commits to a ‘pro-user privacy’ policy and the detection of all personally identifiable data after 24 hours, there is no guarantee where a user’s data may finally end up. Mozilla’s TRR disables user’s anonymity With TRR allowing all DNS requests seen by Cloudflare, user’s anonymity stands completely destroyed. Government agencies always have the right to request data from the service owners,
WordPress 4.9.8 Released by Jeff Chandler, WordPress Tavern August 3, 2018 WordPress 4.9.8 is available for download and is a maintenance release. Headlining this version is the “Try Gutenberg” callout. Note that not everyone will see the callout. Its visibility is determined based on certain criteria. This update is rolling out now so check your dashboards. If you are one of those who is selected for the pretest and you do NOT want to pretest Gutenberg, just click the “Install the Classic Editor” button. As I mentioned in a previous post, there are already some plugins available to prevent Gutenberg and keep the classic editor so, for a while at least, you can avoid Gutenberg at all. But you will be nagged by WordPress because they are pushing this thing.
True to their word, Google today released version 68 of their Chrome Browser and, as promised, they have changed the way they warn users about potential issues with web sites. In previous versions, Chrome (and Firefox and most other browsers) alerted users to sites that were not using SSL with a red padlock next to the URL, and sites with mixed content displayed an orange padlock. Starting with version 68, Chrome now uses a stronger warning system. If you haven’t yet converted your site to HTTPS / SSL, now is the time to give it serious consideration. You should also check that your site correctly redirects from HTTP to HTTPS in case anyone enters just the domain name into the browser. On their Google Chrome Help page, Check if a site’s connection is secure, they preview what this now looks like to users: Check if a site’s connection is secure To see whether a website is safe to visit, you can check for security info about the site. Chrome will alert you if you can’t visit the site safely or privately. In Chrome, open a page. To check a site’s security, to the left of the web address, look at the security status: Secure Info or Not secure Not secure or Dangerous To see the site’s details and permissions, select the icon. You’ll see a summary of how private Chrome thinks the connection is. What each security symbol means These symbols let you know how safe it is to visit and use a site. They tell you if a site has a security certificate, if Chrome trusts that certificate, and if Chrome has a private connection with a site. Secure Information you send or get through the site is private. Even if you see this icon, always be careful when sharing
In a previous post from April 2018, Testing WordPress Performance and Site Speed, I discussed an article describing five online tools for testing the page load speeds for your website. Google PageSpeed Insights Pingdom GTmetrix WebPagetest YSlow Browser Plugin Most of these simply test a webpage from the URL submitted and report relative site speed of that page (it’s not always clear relative to what exactly – presumably all other webpages that tool has tested) and then make suggestions on how you can improve the performance of that page. Pingdom allows you to select from one of three locations to use to test your page load speed. WebPagetest expands on this by offering a choice of several locations around the world and in addition allows you to check your page speed with a choice of browsers and devices. More recently, I learned about a new online tool which is similar to those discussed above but with several significant improvements: Website Speed Test | Dotcom-Tools. Dotcom-Tools adds the following features to those offered by their competitors: Tests browser-based load time of all page elements Detects slow or missing elements Tests from your selection of Chrome, Firefox, Internet Explorer, or various mobile web browsers Provides a complete waterfall report with charts and graphs Displays results from nearly two dozen global locations all in the same report Conducts tests from each location twice, with the second visit cached to allow you to estimate the effectiveness of the various caching systems used by your page These tests are all absolutely free with no sign-up required. Dotcom Web Site Monitoring also offers a selection of various paid plans as well. In addition to the features of the free service described above, the Pro plans offer Website Performance Monitoring starting at $7.99 USD per month for