APRIL 17, 2019/TIMMY CRAWFORD – https://woocommerce.wordpress.com
Today we are excited to announce the availability of WooCommerce 3.6. The latest release of WooCommerce has been in development since November 2018, and during that time, 3.6 has had 2279 commits from 122 contributors.
3.6 is a “minor” release; this version should be backwards compatible with sites running versions of WooCommerce greater than or equal to 3.0. We do of course recommend ensuring your extensions and themes are compatible before upgrading, and making backups for peace of mind —please see this guide for more details.
For store operators and builders, one of the biggest additions in WooCommerce 3.6 is the introduction of our new Product Blocks for the WordPress block editor.
For all sites running WordPress 5.0 or higher, you will have access to build rich landing pages using the following blocks now available in WooCommerce 3.6:
Products by Category
Best Selling Products
On Sale Products
Products by Attribute
To learn more about what you can do with the new Product Blocks, and how developers can customize them, check out this post.
Customers and Store Owners will experience a noticeably faster experience due to extensive performance enhancements that improve both admin and frontend page load times. For full details around the performance enhancements that are available in 3.6, please be sure to read our developer post which takes a deep dive into the technical side of things.
A few quick highlights of the improvements on the front-end for sites running WooCommerce 3.6 are:
A 62% improvement in the load time when ordering and filtering products
Reduced overall load time by bypassing inactive webhooks
Reduced the load time for pages with category or product attribute lists
Reduced load time of product pages with attributes
In addition to the new Product Blocks and Performance Improvements, you will find the following enhancements in WooCommerce 3.6:
The ability to increase/decrease stock options via the bulk edit form.
Accessibility improvements on the shop order-by selector.
When adding/editing/deleting items manually from orders, the corresponding product stock will be updated to reflect the event, and an order note will also log the action.
Added suggestions for official extensions.
Store attribute values as post_excerpt for variations to support easier searching for variations.
Customer notes containing URLs now automatically converts to clickable links.
Allow states in zones to be searched by country name.
Added registration success notices to account pages.
Beyond these enhancements, the release also contains some tweaks, new hooks and various fixes – all of which you can find out about in the readme.
Upgrading to 3.6
3.6 is a minor update and should be compatible with sites running any version of WooCommerce greater than or equal to 3.0. We still recommend testing and backing up prior to upgrading just to be safe.
Note: There are a few post-update database upgrade routines that need to run after updating. These may run for a while if you have a large amount of data in your database. On very large databases we recommend running the upgrade routine with the WP CLI command wp wc update instead of through the admin interface.
If you’re a developer and missed the beta and release candidate (RC), the following information may be useful:
Deprecated in 3.6
wc_get_min_max_price_meta_query – removed in favour of lookup tables which remove the need to filter via post meta.
Term meta helper functions – deprecated in favour of WP core term meta functions such as https://developer.wordpress.org/reference/functions/get_term_meta/. These have not been needed since WP 4.4.
WC_Country::load_country_states – States are now loaded on the fly as needed.
WC_Cache_Helper::delete_version_transients – Transients are now versioned within the value negating the need for cleanup.
WC_Background_Updater – We’ve switched updates to the ActionScheduler queue.
Simplify Commerce – This gateway has been deprecated for several years and hidden in the UI. The code has now been removed.
Template File Changes in 3.6
content-product.php Passing $product to wc_product_class() to avoid re-read of product
content-single-product.php Passing $product to wc_product_class() to avoid re-read of product
single-product-reviews.php Support for wc_review_ratings_enabled()
cart/cart-shipping.php Verbiage changes
checkout/form-billing.php Update _e usage to esc_html_e
checkout/form-shipping.php Update _e usage to esc_html_e
emails/admin-cancelled-order.php Copy reworded, double escape fix
emails/customer-note.php Made note clickable
global/form-login.php Updated order of remember me and submit buttons.
global/quantity-input.php w3C validation fixes
loop/orderby.php Added aria label.
loop/rating.php Star rating bug fix.
myaccount/form-edit-address.php Added names to nonces, setting country value bug fix
myaccount/form-login.php Added actions woocommerce_before_lost_password_form and woocommerce_after_lost_password_form
single-product/product-attributes.php Added filter woocommerce_display_product_attributes to give full control of output
single-product/rating.php wc_review_ratings_enabled() support
single-product/review-rating.php wc_review_ratings_enabled() support
How 3.6 was tested
3.6 beta was released on March 15th 2019 and remained in beta until the RC on March 28th 2019. During this time we:
Tested internally, tested our own extensions and themes.
Tested popular premium themes.
Did some managed updates for actual customers on staging sites to pick up on any conflicts or bugs before the public release.
Tested and updated WooCommerce.com itself to be running 3.6.
Article originally from:
We are in 2019 and the Internet is growing faster than anyone would’ve imagined. As of now, there’s 4.1 billion people with access to internet out of a total population of 7.5 billion.
The Internet has literally changed the way we live our lives. It has changed the way we interact with one another and it has become our favourite communication channel. Almost everything we do in real life has an exchange in one way or another with the internet. Buying a pizza, buying a laptop, renovating a house, sharing special moments with our family and friends and even daily communicating with our loved ones.
Erin Huebscher | February 1, 2019 BY: Namecheap.com
93% of online experiences begin with a search engine.
This statistic isn’t meant for shock value. Rather, it’s meant to emphasize just how much our everyday lives rely on search engines such as Google to supply us with useful and relevant content.
And, because Google’s entire existence is built around creating an index of all the world’s information and making it accessible to all, it’s no wonder why they value content that real people (aka their customers) are looking for.
As a writer, however, the question remains: how do you write copy that Google loves—or put another way, how do you optimize it for search engines?
An SEO Refresher
Search Engine Optimization, aka SEO, is that ubiquitous term people in the industry just love to throw around.
“It’s just not SEO-friendly enough…”
“I think we need more SEO.”
“Are you taking into consideration SEO?”
Without getting too technical, Moz describes SEO as the practice of increasing the quality and quantity of traffic to your website through organic search page results (SERPs). And when we say “organic,” we don’t mean Whole Foods-organic. Organic traffic simply refers to any sort of traffic that you don’t have to pay for. Meaning? That traffic comes naturally.
In order to receive this “natural” traffic, your copy needs to be optimized. In fact, the better optimized your website copy is, the better Google ranks your website in their organic search page results. So, using SEO means you’re doing everything you can to make sure that your website ranks higher on that neverending list of page results.
But why does optimizing your copy actually matter? Because you’ll receive more clicks, more shares, more likes, more engagement, and you guessed it, more conversions.
SEO Copywriting v. “Normal” Copywriting
Make no mistake, writing copy for the web is nothing short of an art form; an art that undoubtedly requires talent but most importantly, the ability to write optimized content that resonates with users. Remember, even if you’ve written fantastic copy, if no one can find your website, then all those beautiful words of yours will be hidden from view.
To clarify the difference between SEO copywriting and “normal” copywriting, Namecheap’s Senior SEO Content Manager Kevin Church eloquently sums it up:
“With ‘normal’ copywriting for an article or print ad, you’ve probably already got the audience’s attention in some way or another—it’s in a magazine they read, there’s an attractive image, etc.—but with SEO copywriting, you have to think about how they’re going to find your piece through Google or another search engine. You’ll want to do keyword research and create a strong outline based on actual interest versus what you think readers want.”
More on keywords later but in essence, SEO copywriting is primarily driven by metrics, meaning you’re specifically creating content to attract search engine traffic while at the same time appealing to your users.
As Liam Barrett, Namecheap’s On-Page SEO Specialist, explains:
“The best copywriters use the best of both worlds. For example, ‘normal’ copywriting can tell a great story and keep a user engaged, but may not reach the correct audience. By adding SEO research into your content, you can refine your content to get more visibility.”
Prioritize Keyword Research
If you really want the copy you write to rank well in Google, you’ll have to roll up your sleeves and do a little research—keyword research.
Think of it sort of like preparing for a first date with someone you really like. You tend to do your homework before meeting them, don’t you? It’s the same rationale with keywords. Knowing which ones will pique your audience’s (ahem, date’s) interest and take notice of you.
Proper keyword research ultimately means understanding your audience. More specifically, it’s knowing what they need and/or what particular problems they’re they looking to solve. When doing keyword research you may notice that people describe their problems in a variety of ways.
For example, let’s say you’re looking for an inexpensive hotel in Italy. While you may type in, “cheap Italian hotels” others may search for, “inexpensive places to stay in Italy” or “affordable accommodation in Tuscany.”
If you can begin to understand and anticipate which words/phrases your readers are most likely to use to describe their problems or queries, you’re well on your way to writing more compelling copy (and ranking higher in Google). Quicksprout, an online marketing resource, does a great job of identifying what keyword research can reveal to you.
Now that you know the importance of keyword research, it’s time to make keyword research tools your best friend.
Rand Fishkin over at Moz gives an excellent tutorial on how discover and prioritize the best keywords. His advice? Don’t limit yourself to one source when searching for keywords. His top picks on the best online keyword tools are: Adwords, Google Suggest, SEMrush, and KeywordTool.io.
Once you’ve got your prioritized list of chosen keywords, try to avoid “stuffing” those keywords throughout your copy. To keep your keywords in check, Barrett recommends wordcounter.net, which is a helpful tool to ensure you’re not over or under optimizing your written content.
“When you have written your headline, you have spent eighty cents out of your dollar.”
Headlines should always be what attracts your users’ attention, encouraging them to click and read more. A mediocre headline, accompanied by stellar copy, unfortunately, does very little for your click-through-rate (CTR).
This is why successful SEO copywriters write their headlines before writing the rest of their content. As a general rule of thumb, if your headline is clickable, attractive, and under 72 characters, you’ve got yourself a keeper. (Exceeding 72 characters sends the hint to Google that you’re only writing for search-engine purposes, not your users.)
According to Conversion XL, headlines with numbers always work. So, if a numerical figure applies to what you’re writing about, go ahead and include that number in your headline. And, if you happen to use WordPress, Yoast SEOis a fantastic plugin that helps with optimizing your website copy so you’ve got content that not only ranks high in Google but also attracts clicks from potential users.
Write Quality Meta Descriptions
Contrary to popular belief, meta descriptions—snippets of copy that summarize a page’s content in less than 155 characters—are not used for Google rankings. They are, however, used by readers like you to help better understand what topic a website is about.
Using our previous search example regarding cheap hotels in Italy, here’s what a well-written meta description might be written like:
Discover affordable and charming hotels, right in the heart of central Italy. Search and book your inexpensive Italian accommodation with us today!
When you see a meta description that includes the words and phrases you’ve already been searching for, you’re far more likely to click on it since you assume it’s relevant to your search query. And, although there’s no direct correlation between meta descriptions and Google rankings, Google will indirectly reward websites with a high click-through-rate.
What does this mean, exactly? Well, the more people who click on your search result (and read your relevant meta description), the more Google considers your page to be “good,” subsequently moving your position up their ranks. Not a bad deal.
Link It Up
Consider links, both internal and external, as the basic building blocks of your website.
When you link out to other useful sites and pages (including your own), this sends the signal to Google that you value content others create. Doing so aligns with Google’s aforementioned mission of making content accessible to everyone, everywhere.
Church wholeheartedly agrees, especially when it comes to internal linking.“You’ll want to make sure that you link to your new page from other pages on your website.” Meanwhile, Barrett recommends “linking/referencing other articles on your site (with relevant keywords)” and not being “afraid” of adding in some external links.
Thanks to the folks over at Boostability.com, here’s how to recognize what makes a good link.
As any SEO pro would advise, the best kind of website copy follows the KISS (Keep It Simple Stupid) principle.
This doesn’t necessarily mean your copy has to always be short and sweet. In fact, according to Barrett, lengthy content is encouraged. His advice, however? “Try cutting unnecessary words or sentences and focus on a simple goal or set of keywords.” A helpful tool Church likes to recommend for constructing those easy-to-read sentences and paragraphs is the Hemingway editor.
Writing great SEO copy, Church explains, should ultimately be “invisible,” and naturally incorporates the terms that people type into their search engines, making it both readable and informative.
So, what have we just learned? That the best type of copy resonates andincludes SEO, keyword research is not just a suggestion—it’s mandatory, headlines under 72 characters always score, meta descriptions must be relevant, and linking means you care about awesome content.
Whew. Now, are you ready to make Google fall in love with your words?
Article originally posted by https://www.wordfence.com
WordPress 5.0 is being released tomorrow, December 6th. This release contains a major change to the WordPress editor. The new editor, code-named Gutenberg, is a substantial leap forward in functionality. It uses a new block-based system for editing which allows you to embed a wide range of content in your posts and pages, and gives you a lot of flexibility in laying out those blocks on the page.
Once Gutenberg and WordPress 5.0 have stabilized, they will provide long term benefits to WordPress users and the community. But in the short term, this change may introduce challenges for some WordPress site owners. In this post we will discuss a few points that will help you decide when to upgrade to WordPress 5.0, and to formulate a successful strategy for making the transition.
Why is WordPress changing the editor?
The WordPress core development team has been talking about Gutenberg for quite some time. The goal, according to Matt Mullenweg, is “to simplify the first-time user experience with WordPress — for those who are writing, editing, publishing, and designing web pages. The editing experience is intended to give users a better visual representation of what their post or page will look like when they hit publish.”
Overall, we agree that Gutenberg will be a giant leap forward in using WordPress to create content online. But, as Matt stated, the goal is to simplify the experience for the first-time user. For the rest of us who have assembled a number of tools to fill the gaps in the older editor’s shortcomings, this will be a period of adjustment.
Potential Problems With Legacy Plugins and Themes
WordPress has been around for over 15 years, and in that time millions of websites have been created using the current editing framework. Often, sites are created and never updated to more modern themes. There are a large number of abandoned plugins installed on WordPress sites – plugins that are no longer being actively maintained by their developers. No one is testing these abandoned plugins or older themes to see how they will behave with Gutenberg.
Adding to the complexity, many of these sites may be hosted on managed WordPress hosting services that will auto-update to the new WordPress version.
Some WordPress site owners may be unable to effectively edit pages they had previously published. Some may be unable to access their edit screen. There may be server 500 errors or white screens for some users. Or everything may run smoothly, even with legacy plugins and a legacy theme.
With over 60,000 unique plugins in the WordPress plugin directory, it is not feasible to test all of the plugins with the new editor. Actively maintained plugins are, for the most part, being tested by the plugin authors. Abandoned plugins will not have been tested, so it is up to you to test whether WordPress 5.0 will work with these plugins.
The same applies to themes. Many themes are actively maintained by their authors. In other cases, a theme may have been created as a single project for a customer or created for the community and then left unmaintained. These unmaintained themes have not been tested with Gutenberg and WordPress 5.0.
If you do anticipate compatibility problems with WordPress 5.0, you can keep the current WordPress editor by installing the WordPress Classic Editor Plugin. We recommend you do this ahead of time, rather than try to use the new editor with incompatible code. But it’s also worth pointing out that Gutenberg and WordPress 5.0 are a significant step forward in editing power and flexibility. So it is worth investing the time to make your site compatible, modifying it if needed, and then reaping the benefits of a brand new block-based editor.
Will Wordfence work with Gutenberg?
Yes. Wordfence does not interact with the editor, so it will not be impacted by Gutenberg. Our QA team has thoroughly verified that Wordfence is ready for Gutenberg and WordPress 5.0.
Because you do have Wordfence installed, you will receive a notification that WordPress is out of date and requires an update. Please keep in mind that this is no ordinary update. This is a major change to your content management system, and we recommend that if you’re not ready for the new editor, wait to update WordPress. Yes, you will receive security warnings from Wordfence because the basic premise has always been to keep open source software updated. If you are not entirely ready for WordPress 5.0, however, there is no harm in staying on the current version while you get ready.
The current version of WordPress core is 4.9.8. If you remain on this version, you will continue to receive security updates from the WordPress core team. The current policy of the WordPress security team is to back-port security fixes to all auto-update compatible WordPress core versions. That means that all versions of WordPress core will continue to receive security updates all the way back to WordPress 3.7. This is not an open-ended policy and may change in the future.
How do I know if I am ready?
Do you have a testing environment for your website? Have you tried the new Gutenberg editor? Are you using a modern version of PHP? Great, you’ll likely be prepared for WordPress version 5.0. As with all major releases, we recommend updating your test environment first to look for problems.
Look for anomalies with all of your page layouts. It also makes sense to go back in time on your test environment and review older posts and pages to ensure they’re ready for the new editor.
As always back up both your site files and your database prior to any update, especially an update of this magnitude.
If your hosting provider auto-updates
If you’re on managed WordPress hosting, your hosting provider will automatically update WordPress for you. Your managed WordPress provider should be taking backups for you. Check with your hosting provider to see what support they will provide for the new WordPress editor and when they will be updating to WordPress 5.0. Some hosting providers, like Page.ly, are waiting until January of next year to do the update.
If you’re using a page builder or premium theme
If your site uses a page builder like Visual Composer, Divi, Beaver Builder or any other tool that uses shortcodes, check with the developer to ensure that your tool is ready for Gutenberg. Many page builders come bundled with premium themes. You may need to check with your theme developer to ensure that you have the updated versions installed on your sites.
What are the security implications of Gutenberg?
We are not currently aware of any security issues with WordPress 5.0 or Gutenberg. The project is being moved into production at a rapid pace which increases the risk of a security issue emerging, because this reduces the amount of time available for testing and debugging.
At this phase in the evolution of WordPress, there are a large number of security teams globally that have eyes on the code and are actively conducting research to determine if there are vulnerabilities in new WordPress releases. As soon as an issue emerges, our team will react and release a firewall rule in real-time to protect our Premium Wordfence customers.
Once WordPress 5.0 is released, there will likely be a series of smaller releases that will emerge over the following weeks. We recommend that you monitor the official WordPress blog and if they announce a security update, upgrade as soon as possible.
Overall This is Good News
As mentioned above, Gutenberg and WordPress 5.0 are a major leap forward in the evolution of WordPress. Rapid innovation does not come without risk or inconvenience to a such a large user base. Our team is excited to embrace the new WordPress and to use it ourselves. By following our recommendations above, you can reduce the risk of this transition and migrate smoothly into 2019 with a powerful new editor for WordPress.
Gutenberg: the biggest name in WordPress right now.
No, not Johannes Gutenberg, the inventor of movable type that led to a printing revolution in 15th century Europe.
When we say Gutenberg, we mean the upcoming WordPress version 5.0 release.
In anticipation of this change, we dug into what Gutenberg will mean to WordPress users and why a change to the editor is the hottest topic in WordPress Land.
What Is Gutenberg, Exactly?
Gutenberg is a redesign of the WordPress WYSIWYG (what you see is what you get) editor. It’s named after the Gutenberg of printing press fame. Like its namesake, the goal is to revolutionize the way we create and distribute content.
While that might not seem like a big deal, keep in mind that we’ve been using pretty much the same TinyMCE Editor (the standard text editor) since WordPress 2.0 launched way back in 2005, and while it works, it’s pretty limited.
With the current editor, it’s pretty simple to create basic content. But as soon as you want to use special layouts or get fancy with your images or other media, it falls apart. As you’ve probably discovered if you’ve ever used WordPress, writing a simple blog post can require you to switch over to HTML to get things to look the way you want.
The good news is that with Gutenberg, all that changes. Rather than create content as one long chunk, Gutenberg will offer you the ability to incorporate “little blocks” of content that will enable more complex layout possibilities. This is truly movable type for the digital age!
Matt Mullenweg, one of the creators of WordPress, describes Gutenberg in this way:
“We’ve taken stabs at this before, if you imagine our previous efforts with post formats – to make it easier to do certain types of media or quote posts or things like that. That whole concept can now flatten to just being a block. Working all that in, it’s bringing things we’ve been thinking about for a very long time in WordPress.”
So at its core, Gutenberg is all about the little blocks.
The Magic of Little Blocks
With Gutenberg, the power of digital design will finally be in your hands as you create content for your website.
You won’t be constrained by long blocks of vanilla text. Instead, you’ll be able to play with lots of different layout options.
Some of the things you’ll be able to do easily with Gutenberg:
- Pull quotes
- Stylized headers
- Easy tables
- Drop Caps
- Clickable table of contents
- Choice of 2-4 responsive columns
- Flexible image styles
- Functional buttons
And the best part? Once you create a stylized content block, you can save it as a reusable block, so you can maintain consistency across your site.
Essentially you’ll start thinking of your articles more like you’re designing a magazine rather than typing a term paper.
Of course, some WordPress themes already have fun magazine layout options. What’s different here is that these options aren’t set by the theme, meaning you’re stuck with a handful of choices for all of your content. You’ll be able to make these decisions for each article or page as needed.
Right now, if you want to do some of the advanced layouts that will come standard with Gutenberg, you have to install a bunch of plugins (which can slow down your site) and use shortcodes (bits of code you insert within straight brackets (which can slow down the process of creation).
Confused? WordPress.org has a great page introducing Gutenberg, with examples of many of the bells and whistles that come with it.
So It’s Like the Divi Theme?
A common misconception about Gutenberg is that it’s trying to make WordPress native code more like Divi. A popular theme framework by Elegant Themes, Divi is a visual page builder that allows you to create content and design simultaneously. With Divi, you choose a basic design and layout and then you can move things around on the page and add new content in a WYSIWYG manner.
With the current version of WordPress, conversely, you create your content in the Dashboard, largely separate from your site design, and then you have to save the content and view it in a preview mode to see how it looks in your chosen theme.
What Gutenberg is (in the first iteration, anyway) is a new content editor as described above, not a new theme or a complete overhaul of the WordPress architecture. In fact, outside of the editor itself, WordPress itself doesn’t change.
As Chris Coyier of CSS-Tricks puts it, “Gutenberg replaces the WYSIWYG, TinyMCE editor with an SPA.” And by SPA, he doesn’t mean a hot tub and massage. In this case, SPA refers to Single Page Application, which allows the browser to update without having to make a bunch of calls to a server, making it fast and responsive.
Because of the way they’re coded in the database, content blocks should also work well with many themes. Coyier assures people that “a WordPress site [created] without Gutenberg won’t have any trouble with it, nor porting it elsewhere.”
Why Gutenberg Is—and Isn’t—a Big Deal Right Now
Gutenberg will introduce us to a new way to create our web content, and that’s huge.
Because of the limitations of the content editor, a WordPress site can look a bit stodgy these days. With Gutenberg, you’ll be able to build much more attractive sites and better integrate different types of content.
While right now Gutenberg is just a new post and page editor, the future for Gutenberg is quite exciting. According to Edwin Toonen on the Yoast blog, the first Gutenberg release is just stage one. Later the developers will create new page templates, and the eventual goal is to have a full visual site builder.
For now, it’s a super exciting time to be a content creator because you’ll have access to all these new options right away. For WordPress developers, they’ll be able to offer clients a wider range of layout choices without having to write a bunch of customizations. And for theme designers, they’ll be able to grab the content blocks to do all kinds of cool design tricks that we can’t even imagine yet!
Just How Worried Should You Be about Gutenberg?
When you depend on software to run your business, it can be a bit terrifying to hear about a major update. That’s true when it’s your accounting software, your social media management tools, and your website.
Gutenberg will be the default editor when WordPress 5.0 is released. Sooner or later you’re going to have to deal with it.
So we understand that you might approach Gutenberg with trepidation, just like you would with any other major WordPress update. If you update, will it break your site? If you just figured out how to use WordPress, will you have to start all over again?
We won’t lie. Gutenberg represents a big change for some people (see our two special cases, below). And even if you’re confident about the launch, it still might take a little time to get used to. That’s why it’s a great idea to play with it before the official release and see what you think.
How You Can Give Gutenberg a Test Drive
Even though we don’t have an official release date for Gutenberg yet, the developers have your back. They want as many people to use the new editor as possible before they release it officially.
And getting it is easy.
If you build websites in WordPress, you may have seen an update to your WordPress Dashboard that invites you to test a beta version of Gutenberg:
You can also download Gutenberg as a plugin and install it on your site.
A caveat: Gutenberg is still considered “beta” software and has some bugs. It may or may not work perfectly with your theme and plugins. We do not recommend installing it on any site for which you don’t have complete database oversight, in case something breaks. We also would caution you against installing it on any important websites such as your main business or blog until the final version is released.
If you want the Gutenberg experience without taking the plunge, check out the live testing site brought to you by Tom Nowell from Automattic (WordPress.com).
Special Case #1: Content Management
As mentioned above, some people may be more affected by Gutenberg than others. Content managers are one group that will almost certainly be impacted. The new editor will force you to change your workflow, and that’s something you should understand before it launches.
In its current iteration, there are a few hiccups in the process of copying text from a Google Doc, for example, and dropping it into the Gutenberg editor, since it places everything as one large block.
You might also experience some funky formatting issues because of the hidden formatting code that comes from Google Docs and Word. For simple documents, this might not be an issue, but if you have a lot of formatting, things might get wonky when you transfer them over.
Until the WordPress developers figure these issues out, here are a couple of options that might help:
- Mammoth .docx Converter is a free plugin that converts .docx files to clean HTML that WordPress can better understand. This is great if you’re used to copying files from MS Word (and you should be using it now!) but can also help with Google Docs if you first save your doc as a .docx file.
- Wordable is software that connects your Google Doc account to your WordPress site, allowing seamless integration. It does have a monthly fee and you have to connect it to both accounts, which may not work in corporate environments.
If all else fails, you can always install a plugin that re-enables the familiar TinyMCE editor.
Special Case #2: Accessibility Issues
Web accessibility is important. People who have limited vision or mobility impairments, or who need assistive technology to use websites, may find Gutenberg unusable.
Accessibility experts and regular users alike have expressed concerns throughout the development and testing process. One of the biggest worries is Gutenberg’s reliance on hover technology, which can be difficult for many people to use effectively (and if you’re using a screen reader, it can be impossible).
Gary Pendergast, one of the lead developers and the person leading the merge of the code into the WordPress core in advance of its general release, recently told WP Tavern:
“While Gutenberg has always aimed to prioritize accessibility, both providing tools to make the block editor more accessible, as well as encouraging authors to publish accessible content, there are still areas where we can improve.”
If accessibility issues concern you, you may wish to review the other articles WP Tavern has published on this topic as well.
When Will Gutenberg Drop?
All signs point to the world meeting Gutenberg this month. According to WP Tavern, the tentative date is November 19, 2018.
Why ‘tentative’? The developers have a series of milestones that they need to reach before the update is ready to release. The developers also need to make sure the release is as stable as possible so that it will have the lowest negative impact on current WordPress users. They already have a backup release date in January in case they can’t get all of their proverbial ducks in a row for a November release.
For the latest updates, you can check out the Gutenberg Times for a better sense of where things stand.
Finally, what do you think about Gutenberg? Are you excited or worried? Have you tried it yet? Please let us know in the comments.
And if you’re not using WordPress on your site yet, be sure to check out EasyWP, Namecheap’s managed WordPress hosting.
Original Article from: https://themeisle.com – By JOHN HUGHES
Each time a new version of WordPress rolls out, we’re all excited about getting to play with its new features. However, few versions in the past have garnered as much buzz around them as WordPress 5.0 because of these two simple words: Gutenberg Editor.
No, we’re not talking about the German guy from the 1400s. Gutenberg is a complete redesign and re-imagination of the WordPress editor. Once WordPress 5.0 ships sometime later in 2018, the default way that people create content with WordPress will radically change.
Big changes to your favorite platform can be difficult to accept. However, even massively popular platforms such as WordPress need to adapt to the times, or risk losing market share. Gutenberg is a bold leap forward, and it’s not the only update that’s coming up.
WordPress 5.0 will be a bigger jump than recent major updates
If you’ve been using WordPress for a while, then you’ll know how much the platform has changed over time. Even individual updates often bring significant shifts. For example, the 4.9 ‘Tipton’ update enabled users to schedule design changes in the WordPress Customizer so they can go live at later dates, just like post drafts.
WordPress 4.8, on the other hand, brought us plenty of widget updates. For example, if you wanted images in your widgets in the past, you had to add them manually. Now, there are three dedicated media widgets for image, audio, and video files.
However, all the changes we’ve mentioned so far are pretty incremental. They’re useful, but not exactly game-changing. Most WordPress updates have been more about taking small steps forward rather than major leaps – that is, until WordPress 5.0.
What to expect from WordPress 5.0
WordPress 5.0 is kicking “incremental” to the curb with some pretty major changes. The biggest is the aforementioned Gutenberg Editor, which we’ll talk more about in a moment.
But WordPress 5.0 also marks a change to how the platform handles releases. It used to be the case that you could count on getting two major WordPress releases per year, with plenty of mini-updates in the meantime.
Now, the WordPress core team is planning on moving away from that scheduled release model. The idea is that by removing the pressure of predetermined deadlines, the platform will be able to take more significant leaps, and we won’t get updates that feel as though they lack in meaningful content.
Aside from that, here are a few of the other significant changes we’re likely to see once WordPress 5.0 is live:
- The platform’s focus is moving towards a more intuitive site-building experience. WordPress already leads the pack in terms of market share. And by improving WordPress’ site-building functionality, the core team aims to hold that market share against the rise of hosted website builders.
- We’ll see some improvements to the WordPress Rest API. The WordPress Rest APIhelps developers create more feature-rich products by making it easier to send and pull data from your website. This update means developers will be able to more easily create applications using the platform as a framework.
- Building custom themes will become easier. In the past, you needed at least a simple development background to put together a WordPress theme. With Gutenberg, theme creation will become much more accessible thanks to blocks.
- Page builder plugins might lose some relevance. There are a lot of fantastic page-builder tools that you can use with WordPress, some of which rival professional platforms. Gutenberg won’t be a match for them at first, but it might dissuade people from using them in the long run.
What the Gutenberg editor means for you
The launch of Gutenberg means that you’ll need to get acquainted with a whole new editing experience. Right now, WordPress 5.0 is still poised to ship in 2018, but no one knows exactly when. When that happens, you can expect a lot of activity for a few weeks, as everyone learns to contend with the new editor.
However, you can get a head start and find out exactly what you’re in for. Right now, you can test a beta version of Gutenberg by installing a simple plugin. Or, if you just want to play around with the Gutenberg Editor without installing the plugin, you can use the Frontenberg site:
For more details about how the editor works, you can check out our complete Gutenberg Editor guide. Keep in mind, though, that there’s still some time before WordPress 5.0 ships, so there are likely to be more changes to the editor.
Gutenberg will affect themes and plugins, too
Aside from your own editing experience, Gutenberg will also bring important changes to a lot of your favorite plugins and themes. For example, we’ll probably see the emergence of a lot of Gutenberg-friendly themes, which will be designed to take advantage of all the new features the editor offers.
Similarly, you’ll see changes with some of your favorite plugins. A lot of plugins interact with the WordPress editor directly, whether that’s to add new functionality or include shortcodes. Those plugins will need to become Gutenberg compatible, unless they want to alienate a large part of their user base. Years from now, it might even be common to find plugins that only support Gutenberg.
When is the WordPress 5.0 release date?
Unfortunately, because of that change in approach we highlighted earlier, we don’t know exactly when WordPress 5.0 will be released.
For now, the official answer is basically “when it’s ready”, which probably won’t be until near the end of 2018 at the earliest.
Get ready because the times they are a-changin’
Each major release of WordPress brings changes to the way we use the platform. However, even before it’s out, we can say with complete certainty that 5.0 will fundamentally change the way most people interact with WordPress because of the Gutenberg Editor.
If you’re old-school, you’ll be able to stick with the classic WordPress editor for the foreseeable future. However, if you plan on adapting, you’ll want to start reading up on how Gutenberg works right away. This will give you a leg up on the competition once WordPress 5.0 is live, and will help you determine which of your themes and plugins may be most affected.
Article Origin https://www.wpbeginner.com
WordPress security is a topic of huge importance for every website owner. Each week, Google blacklists around 20,000 websites for malware and around 50,000 for phishing. If you are serious about your website, then you need to pay attention to the WordPress security best practices. In this guide, we will share all the top WordPress security tips to help you protect your website against hackers and malware.
While WordPress core software is very secure, and it’s audited regularly by hundreds of developers, there is a lot that can be done to harden your WordPress website.
At WPBeginner, we believe that security is not just about risk elimination. It’s also about risk reduction. As a website owner, there’s a lot that you can do to improve your WordPress security (even if you’re not tech savvy).
We have a number of actionable steps that you can take to improve your WordPress security.
To make it easy, we have created a table of content to help you easily navigate through our ultimate WordPress security guide.
Table of Contents
Basics of WordPress Security
- Why WordPress Security is Important?
- Keeping WordPress Updated
- Passwords and User Permissions
- The Role of Web Hosting
WordPress Security in Easy Steps (No Coding)
- Install a WordPress Backup Solution
- Best WordPress Security Plugin
- Enable Web Application Firewall (WAF)
WordPress Security for DIY Users
- Change the Default “admin” username
- Disable File Editing
- Disable PHP File Execution
- Limit Login Attempts
- Change WordPress Database Prefix
- Password Protect WP-Admin and Login
- Disable Directory Indexing and Browsing
- Disable XML-RPC in WordPress
- Automatically log out Idle Users
- Add Security Questions to WordPress Login
- Fixing a Hacked WordPress Site
Ready? Let’s get started.
Why Website Security is Important?
A hacked WordPress site can cause serious damage to your business revenue and reputation. Hackers can steal user information, passwords, install malicious software, and can even distribute malware to your users.
Worst, you may find yourself paying ransomware to hackers just to regain access to your website.
In March 2016, Google reported that more than 50 million website users have been warned about a website they’re visiting may contain malware or steal information.
Furthermore, Google blacklists around 20,000 websites for malware and around 50,000 for phishing each week.
If your website is a business, then you need to pay extra attention to your WordPress security.
Similar to how it’s the business owners responsibility to protect their physical store building, as an online business owner it is your responsibility to protect your business website.
Keeping WordPress Updated
WordPress is an open source software which is regularly maintained and updated. By default, WordPress automatically installs minor updates. For major releases, you need to manually initiate the update.
WordPress also comes with thousands of plugins and themes that you can install on your website. These plugins and themes are maintained by third-party developers which regularly release updates as well.
These WordPress updates are crucial for the security and stability of your WordPress site. You need to make sure that your WordPress core, plugins, and theme are up to date.
Strong Passwords and User Permissions
The most common WordPress hacking attempts use stolen passwords. You can make that difficult by using stronger passwords that are unique for your website. Not just for WordPress admin area, but also for FTP accounts, database, WordPress hosting account, and your professional email address.
The top reason why beginners don’t like using strong passwords is because they’re hard to remember. The good thing is you don’t need to remember passwords anymore. You can use a password manager. See our guide on how to manage WordPress passwords.
Another way to reduce the risk is to not give any one access to your WordPress admin account unless you absolutely have to. If you have a large team or guest authors, then make sure that you understand user roles and capabilities in WordPress before you add new user and authors to your WordPress site.
The Role of WordPress Hosting
Your WordPress hosting service plays the most important role in the security of your WordPress site. A good shared hosting provider like BlueHost or Siteground take the extra measures to protect their servers against common threats.
However, on shared hosting you share the server resources with many other customers. This opens the risk of cross-site contamination where a hacker can use a neighboring site to attack your website.
Using a managed WordPress hosting service provides a more secure platform for your website. Managed WordPress hosting companies offer automatic backups, automatic WordPress updates, and more advanced security configurations to protect your website
WordPress Security in Easy Steps (No Coding)
We know that improving WordPress security can be a terrifying thought for beginners. Specially if you’re not techy. Guess what – you’re not alone.
We have helped thousands of WordPress users in hardening their WordPress security.
We will show you how you can improve your WordPress security with just a few clicks (no coding required).
If you can point-and-click, you can do this!
Install a WordPress Backup Solution
Backups are your first defense against any WordPress attack. Remember, nothing is 100% secure. If government websites can be hacked, then so can yours.
Backups allow you to quickly restore your WordPress site in case something bad was to happen.
There are many free and paid WordPress backup plugins that you can use. The most important thing you need to know when it comes to backups is that you must regularly save full-site backups to a remote location (not your hosting account).
We recommend storing it on a cloud service like Amazon, Dropbox, or private clouds like Stash.
Based on how frequently you update your website, the ideal setting might be either once a day or real-time backups.
Best WordPress Security Plugin
After backups, the next thing we need to do is setup an auditing and monitoring system that keeps track of everything that happens on your website.
This includes file integrity monitoring, failed login attempts, malware scanning, etc.
Thankfully, this can be all taken care by the best free WordPress security plugin, Sucuri Scanner.
Upon activation, you need to go to the Sucuri menu in your WordPress admin.
The first thing you will be asked to do is Generate a free API key. This enables audit logging, integrity checking, email alerts, and other important features.
The next thing, you need to do is click on the Hardening tab from the Sucuri Menu. Go through every option and click on the “Harden” button.
These options help you lock down the key areas that hackers often use in their attacks. The only hardening option that’s a paid upgrade is the Web Application Firewall which we will explain in the next step, so skip it for now.
We have also covered a lot of these “Hardening” options later in this article for those who want to do it without using a plugin or the ones that require additional steps such as “Database Prefix change” or “Changing the Admin Username”.
After the hardening part, most default settings of this plugin are good and doesn’t need changing. The only thing we recommend customizing is the Email Alerts.
The default alert settings can clutter your inbox with emails. We recommend receiving alerts for key actions like changes in plugins, new user registration, etc. You can configure the alerts by going to Sucuri Settings » Alerts.
This WordPress security plugin is very powerful, so browse through all the tabs and settings to see all that it does such as Malware scanning, Audit logs, Failed Login Attempt tracking, etc.
Enable Web Application Firewall (WAF)
The easiest way to protect your website and be confident about your WordPress security is by using a web application firewall (WAF). The firewall blocks all malicious traffic before it even reaches your website.
We use and recommend Sucuri as the best web-application firewall for WordPress. You can read about how Sucuri helped us block 450,000 WordPress attacks in a month.
The best part about Sucuri’s firewall is that it also comes with a malware cleanup and blacklist removal guarantee. Basically if you were to be hacked under their watch, they guarantee that they will fix your website (no matter how many pages you have).
This is a pretty strong warranty because repairing hacked websites is expensive. Security experts normally charge $250 per hour. Whereas you can get the entire Sucuri security stack for $199 per year.
Sucuri is not the only firewall provider out there. The other popular competitor is Cloudflare. See our comparison of Sucuri vs Cloudflare (Pros and Cons).
WordPress Security for DIY Users
If you do everything that we have mentioned thus far, then you’re in a pretty good shape.
But as always, there’s more that you can do to harden your WordPress security.
Some of these steps may require coding knowledge.
Change the Default “admin” username
In the old days, the default WordPress admin username was “admin”. Since usernames make up half of login credentials, this made it easier for hackers to do brute-force attacks.
Thankfully, WordPress has since changed this and now requires you to select a custom username at the time of installing WordPress.
However, some 1-click WordPress installers, still set the default admin username to “admin”. If you notice that to be the case, then it’s probably a good idea to switch your web hosting.
Since WordPress doesn’t allow you to change usernames by default, there are three methods you can use to change the username.
- Create a new admin username and delete the old one.
- Use the Username Changer plugin
- Update username from phpMyAdmin
We have covered all three of these in our detailed guide on how to properly change your WordPress username (step by step).
Note: We’re talking about the username called “admin”, not the administrator role.
Disable File Editing
WordPress comes with a built-in code editor which allows you to edit your theme and plugin files right from your WordPress admin area. In the wrong hands, this feature can be a security risk which is why we recommend turning it off.
You can easily do this by adding the following code in your wp-config.php file.
Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.
Disable PHP File Execution in Certain WordPress Directories
Another way to harden your WordPress security is by disabling PHP file execution in directories where it’s not needed such as /wp-content/uploads/.
You can do this by opening a text editor like Notepad and paste this code:
Next, you need to save this file as .htaccess and upload it to /wp-content/uploads/ folders on your website using an FTP client.
For more detailed explanation, see our guide on how to disable PHP execution in certain WordPress directories
Alternatively, you can do this with 1-click using the Hardening feature in the free Sucuri plugin that we mentioned above.
Limit Login Attempts
By default, WordPress allows users to try to login as many time as they want. This leaves your WordPress site vulnerable to brute force attacks. Hackers try to crack passwords by trying to login with different combinations.
This can be easily fixed by limiting the failed login attempts a user can make. If you’re using the web application firewall mentioned earlier, then this is automatically take care of.
However, if you don’t have the firewall setup, then proceed with the steps below.
Upon activation, visit Settings » Login LockDown page to setup the plugin.
For detailed instructions, take a look at our guide on how and why you should limit login attempts in WordPress.
Change WordPress Database Prefix
By default, WordPress uses wp_ as the prefix for all tables in your WordPress database. If your WordPress site is using the default database prefix, then it makes it easier for hackers to guess what your table name is. This is why we recommend changing it.
You can change your database prefix by following our step by step tutorial on how to change WordPress database prefix to improve security.
Note: This can break your site if it’s not done properly. Only proceed, if you feel comfortable with your coding skills.
Password Protect WordPress Admin and Login Page
Normally, hackers can request your wp-admin folder and login page without any restriction. This allows hackers to try their hacking tricks or run DDoS attacks.
You can add additional password protection on a server side which will effectively block those requests.
Follow our step-by-step instructions on how to password protect your WordPress admin (wp-admin) directory.
Disable Directory Indexing and Browsing
Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access.
Directory browsing can also be used by other people to look into your files, copy images, find out your directory structure, and other information. This is why it is highly recommended that you turn off directory indexing and browsing.
You need to connect to your website using FTP or cPanel’s file manager. Next, locate the .htaccess file in your website’s root directory. If you cannot see it there, then refer to our guide on why you can’t see .htaccess file in WordPress.
After that, you need to add the following line at the end of the .htaccess file:
Don’t forget to save and upload .htaccess file back to your site. For more on this topic, see our article on how to disable directory browsing in WordPress.
Disable XML-RPC in WordPress
XML-RPC was enabled by default in WordPress 3.5 because it helps connecting your WordPress site with web and mobile apps.
However because of it’s powerful nature, XML-RPC can significantly amplify the brute-force attacks.
For example, traditionally if a hacker wanted to try 500 different passwords on your website, they would have to make 500 separate login attempts which will be caught and blocked by the login lockdown plugin.
But with XML-RPC, a hacker can use the system.multicall function to try thousands of password with say 20 or 50 requests.
This is why if you’re not using XML-RPC, we recommend that you disable it.
There are 3 ways to disable XML-RPC in WordPress, and we have covered all of them in our step by step tutorial on how to disable XML-RPC in WordPress.
Tip: The .htaccess method is the best one because it’s the least resource intensive.
If you’re using the web-application firewall mentioned earlier, then this can be taken care of by the firewall.
Automatically log out Idle Users in WordPress
Logged in users can sometimes wander away from screen, and this poses a security risk. Someone can hijack their session, change passwords, or make changes to their account.
This is why many banking and financial sites automatically log out an inactive user. You can implement similar functionality on your WordPress site as well.
You will need to install and activate the Idle User Logout plugin. Upon activation, visit Settings » Idle User Logout page to configure plugin settings.
Simply set the time duration and uncheck the box next to ‘Disable in wp admin’ option for better security. Don’t forget to click on the save changes button to store your settings.
For more detailed instructions, see our guide on how to automatically log out idle users in WordPress.
Add Security Questions to WordPress Login Screen
Adding a security question to your WordPress login screen makes it even harder for someone to get unauthorized access.
You can add security questions by installing the WP Security Questions plugin. Upon activation, you need to visit Settings » Security Questions page to configure the plugin settings.
For more detailed instructions, see our tutorial on how to add security questions to WordPress login screen.
Fixing a Hacked WordPress Site
Many WordPress users don’t realize the importance of backups and website security until their website is hacked.
Cleaning up a WordPress site can be very difficult and time consuming. Our first advice would be to let a professional take care of it.
Hackers install backdoors on affected sites, and if these backdoors are not fixed properly, then your website will likely get hacked again.
Allowing a professional security company like Sucuri to fix your website will ensure that your site is safe to use again. It will also protect you against any future attacks.
For the adventurous and DIY users, we have compiled a step by step guide on fixing a hacked WordPress site.
That’s all, we hope this article helped you learn the top WordPress security best practices as well as discover the best WordPress security plugins for your website.