Category: WORDPRESS ROLES

WordPress parent Automattic has built a plugin for Facebook Instant Articles that will soon allow everyone in its user base to easily post content on the social media platform’s walled garden.

Instant Articles delivers content on mobile devices at blazing fast speeds. Come April 12, Facebook will open up Instant Articles to everyone, from small-time bloggers to major publishers anywhere in the world. Rather than requiring publishers to manually format each article, the plugin for WordPress users will automatically optimize stories to appear as Instant Articles. Users will essentially have to check a box, but nothing more, for content to load to Facebook as an Instant Article.

Facebook said it worked with Automattic to build the open source plugin for Instant Articles. WordPress powers many websites around the world, according to the company.

“We’ve worked with a small group of publishers on WordPress to beta test the plugin as a seamless way to adapt web content for the Instant Articles format, with a built-in suite of interactive tools that help stories come to life on mobile,” Facebook said in a blog post Monday.

Facebook’s announcement comes nearly two weeks after WordPress said it had built a similar plugin for Google’s Accelerated Mobile Page initiative. AMP is Google’s version of Instant Articles and Apple News, in that it serves up web content at high speeds in the company’s preferred forum; while Facebook wants people staying on Facebook and Apple wants consumers to stay in its ecosystem, Google wants everyone to spend more time on the open web.

Many tech giants are ramping up their efforts in delivering content for mobile devices at much faster speeds. While consumers will surely benefit and enjoy getting faster content, some publishers are spending more money to keep track of where all their traffic is coming from.

Facebook made a wide roll out to its Instant Article that already reached its release date, the social media is now attempting to implement a WordPress plugin aiming at the millions of publishers using the known revenue.

Like Us on Facebook

Facebook noted on a blog post by introducing the feature, claiming that the open source of WordPress publishing revenue has now powered more than 25% of sites on the web. The new plugin now offers its content creators an easily adaptive format to their articles such as blogs or media houses for mobile reader on Facebook.

The social media hopes that the new feature plugin would help soothe down any deficiencies publishers might have experienced in terms of the technicalities they had using Instant Article in the past.

Facebook provided an illustration with two examples in regard to how the plugin is used to optimize the creation of visuals and media for the articles that included a piece from the magazine of Foreign Policy.

Facebook’s partner of engineering team Chris Ackermann said, “Publishers that use standard WordPress templates can activate the plugin out-of-the-box to create Instant Articles,” also adding, “Publishers that want a more customized production experience can extend the plugin to support additional elements.”

The social network is also eager to know a publisher’s perspective on the feedback of developing the feature plugin. A site, called GitHub, allows them to directly post their opinion and thoughts on the feature or issuing a problem.

Instant Article was launched last year for people of Facebook that was designed to create a quick and immersive experience for publishers and other publishing partners such as Washington Post, New York Times. And it offers major perks for creators of contents, such as the advertising platform Facebook has to offer through its electronic publishing feature.

How likely are you to stay on a slow-loading website?

If you’re like most of us, the answer is, “not very.” Today’s web surfers expect pages to load quickly. In fact, KISSMetrics says load time should stay under 2 seconds, and that 40% of web surfers will leave a site that takes longer than 3 seconds to load.

Search engines expect fast load times, too. In fact, Google includes page load speed in its ranking algorithms, so if your page loads too slowly it will drop in the search engine results.

So how do you know if your site is rabbit fast or snail slow? There are online tools available to provide that information. The two I like are Pingdom and GTMetrix. Just plug in the URL you want to test, and they’ll provide reams of information.

Pingdom starts with results that look like this:

You’ll see:

• Page grade (out of 100)
• Number of external server requests to load the page
• Total load time
• Total page size

Scroll down for even more detailed information. Or click the Performance Grade tab to see where you can make improvements. Click the Settings button to choose the server location to test from, because a test on the server in Sweden will usually take longer than a test on the New York server if you’re in the US.

GTMetrix provides similar information, although they present it differently. They also don’t give you a choice of servers.

Now that you’re armed with objective results, you can measure improvements as you make changes to your site.

Here are the areas to work on.

#1. Hosting

Hosting is the first place to look when you want to improve your site speed.

It doesn’t matter how many tweaks you make, if your site is hosted on a slow or misconfigured server, it will be slow.

Here are the hosts we recommend for shared hosting.

#2. A Great Theme or Framework

Changing your theme can make a big difference in your page load speed. That’s because a well coded theme requires the server to do less work to serve the page. Make sure you choose a theme from a highly rated, reputable source.

Read this if you’re unsure about how to choose a theme, or a theme framework.

#3. Size, Optimize and Compress Images

Images use a lot of bandwidth. Sure, you can put an enormous image into your WordPress Media Library, and when it shows up on the web page it looks fine. WordPress will size it appropriately. But, every time that image shows up on a web page, the server first loads the full size image, then scales it down.

Oversized images can cause your site to take a big hit in the speed department, so before you upload an image into the library, size it appropriately.

Recommended for YouWebcast: Agile Marketing: Pour Gas on Your Growth Fire

Once the image is in the library, optimize and compress it. For this you can use a plugin like WPSmush.

Then, when inserting an image into a post or page, make sure image dimensions are specified.

#4. Plugins

If you have any inactive plugins, delete them. Even if inactive, all installed plugins are parsed by WordPress, which slows your site. And, of course, hackers like to attack plugins. They aren’t immune just because they’re not active.

Then, check to see if any of your plugins are slowing the site down. If they are, find ways to improve their performance, or find a better option.

To do this, install the P3 plugin. “P3” stands for Plugin Performance Profiler. It will scan your plugins and show you which plugins are slowing things down.

If you have a plugin that’s hogging too much time on the server, find an alternative that’s less demanding.

#5. Optimize the Database

It’s a good idea to regularly optimize the WordPress database. WB-DB Manager is a good choice.

#6. Lazy Load

Especially if your site uses lots of images, the Lazy Load plugin will speed load time for the user. The portion of the web page that’s in the browser window will load first, while images lower down on the page will only load as the reader scrolls.

#7. Turn Off Pingbacks and Trackbacks

You might be surprised by how much faster your page will load when you turn off pingbacks and trackbacks. This is a simple checkbox setting at Settings/Discussion in the WordPress Dashboard.

Uncheck the box next to “Attempt to notify any blogs linked to from the article” and “Allow link notifications from other blogs (pingbacks and trackbacks) on new articles.”

#8. Page Caching.

This is not quite as simple as the other options discussed, but can make an enormous difference in load times. First, some background.

WordPress doesn’t show “pages” the way we think of, say, a printed page. Instead, it puts together elements each time the browser navigates to that specific URL. Elements can include a header, footer, sidebar with one or more widgets, text, images, and whatever else is supposed to go on that “page.”

This requires multiple interactions with the server. With caching, the reader sees a stored version of the page in its entirety. This requires one call to the server instead of many, so it’s faster. The cache is refreshed regularly, so you don’t have to worry about a reader seeing last week’s version of a page.

The best caching plugin is WP Rocket, which is a premium plugin. If paying for caching isn’t in your budget yet, WP Super Cache and W3 Total Cache are both good options. (Note that if you install WP Rocket, you will not need the Lazy Load plugin, above, as WP Rocket handles that for you.)

You do need to be careful when setting up your caching plugin, though. Misconfiguration can actually slow your site rather than speed it up.

#9. GZip Compression.

With GZip Compression, all of your site’s files are zipped, then they’re unzipped in the reader’s browser, improving site speeds.

Both WP Rocket and W3 Total Cache include GZip compression, but WP Super Cache does not. If you’re using WP Super Cache, look for a GZip plugin like Check and Enable GZip Compression.

#10. Use a Content Delivery Network.

A CDN (Content Delivery Network) deploys servers in many locations, and serves content from the server located closest to the browser, speeding up load times. According to Wikipedia,

“The goal of a CDN is to serve content to end-users with high availability and high performance.”

Max CDN and Amazon Cloudflare are paid CDNs. Cloudflare is a no- or low-cost alternative, and some hosts include Cloudflare with their shared hosting accounts.

#11. Disable Hotlinking.

Hotlinking happens when another site links to an image on your site within their content. This places the bandwidth burden on your site instead of on theirs. You can disable hotlinking by adding some code to the root .htaccess file.

Note: This is a strategy for advanced users only. If you have to ask, “what’s an .htaccess file,” you shouldn’t do this.

Use this tool to generate the code you’ll need.

#12. Add Expires Headers.

Have you ever noticed that some sites load much more quickly when you’ve visited them before?

Expires headers instruct the browser whether to get a file from the server or from the browser’s cache. Getting the file from cache is much faster.

Adding expires headers also requires modifying your .htaccess file. This page walks you through the process of creating the code for your site, or use WP Rocket.

#13. Control Post Revisions.

By default, WordPress saves any change you make to a post or page. When a reader clicks to open that page, WordPress loads every version before displaying the most recent one. If you’ve made changes a few times, that can slow down the page load speed.

There are plugins that will limit the number of post revisions saved, but a simpler way to do it also involves adding code to wp-config.php. This one is relatively simple, and it’s only one line.

Place it near the end of the file, just above

This tells WordPress to save 3 revisions. If you want to save a different number, just change “3” above to the appropriate number.

You don’t need to implement all 13 strategies to see a big improvement in your site’s load time. But the more you can do, the faster your page will load and the happier your visitors (and the search engines) will be.

Want more advice like this, and to see what it takes to turn that blog into a successful online business?

The precise number of websites out there running on WordPress may not be known, but one thing is for sure — there are a lot of them. Two reasons for the popularity of WordPress are the ease of set up and the availability of a huge range of plugins. One popular plugin, Custom Content Type Manager (CCTM), has just been pulled from the WordPress Plugin Directory after a backdoor was discovered.

The plugin has been installed on thousands of websites, and a recent update — automatically installed for many users — included a worrying payload. In the hands of a new developer, Custom Content Type Manager made changes to core WordPress files, ultimately making it possible to steal admin passwords and transmit them in plaintext to a remote server.

Security site Sucuri was alerted to the problems by a user, and immediately launched an investigation. A new file, auto-update.php, was discovered. Analysis of the code revealed it to be a backdoor that could download files from the suspicious-sounding wordpresscore.com. Another file, CCTM_Communicator.php, includes code that intercepts usernames and URLs of sites that have the plugin installed.

Custom Content Type Manager had laid dormant for 10 months, but new owner, wooranker, was making use of an established install-base. It’s not clear whether the change of ownership was legitimate or the result of an account hack. Towards the end of last month, wooranker started to use the backdoor to deliver additional files to users who started to notice that their sites were being hacked.

Custom Content Type Manager has now been pulled from the WordPress Plugin Directory, but if you still have it installed, you need to take action. Version 0.9.8.8 of the plugin is the updated version that includes compromised code, but the previous version — 0.9.8.7 — contains a separate security flaw. As such, the last version considered safe is 0.9.8.6. If you’re reliant on the plugin, the advice is to roll back to this version. Sucuri suggests the following steps:

1. Deactivate the Custom Content Type Manager plugin.
2. Check consistency of all core WordPress files. You can reinstall WordPress to achieve this. At least, make sure that the following three files are not modified (For WP 4.4.2 you can get the originals here):
   1. ./wp-login.php
   2. ./wp-admin/user-edit.php
   3. ./wp-admin/user-new.php
3.  Now that you removed the credentials stealing code in the previous steps, change passwords of all WordPress users.
4. Don’t forget to delete users that you don’t recognize. Especially the one with the support@wordpresscore .com email.
5. Now remove wp-options.php in the root directory.
   1. Delete the Custom Content Type Manager plugin. If you really need it, get the last good version 0.9.8.6 here and disable automatic plugin updates until the malicious plugin versions are removed from the Plugin Directory. By the way, don’t install CCTM versions older than 0.9.8.6 either. They have a known security hole, and we see hackers checking websites for this (along with many other vulnerabilities).
6. You might also want to scan all other files and the database for “wordpresscore”. Just in case.

Photo credit: bannosuke / Shutterstock

WordPress is a very popular solution on the web, and this is probably what explains why it is often the target of hackers and hackers of all stripes. Experts from Sucuri come from elsewhere to detect a new critical vulnerability. This time it is not the CMS that is in question, but an extremely popular plugin: Custom Content Type Manager .

As its name suggests, this tool is used to easily create custom post type and therefore content with personalized display.

Faille WordPress
WordPress is facing a new flaw, this time related to a popular plugin.
It is not the only one to offer such functions, but he has earned a solid reputation among users and has been installed on more than 10 000 different sites.

Custom Content Type Manager is installed on more than 10 000 sites currently

It also means that there is now a little over 10 000 vulnerable sites on the web.

Basically, everything is gone an open ticket per customer Sucuri, a ticket on an infected site. In the cleaning, agency experts came across a file self-update.php placed in the folder wp-content / plugins / custom-content-type-manager .

They opened, and they realized then that this famous file was actually a backdoor able to download files from a weird area.

Downloading, but also send them directly into the plugin’s directory.

Listening only to their courage, they decided to dig a little and watch all changes to the plugin. There, they discovered that the file self-update.php was added to the extension on 18 February.

Strange, but it’s not over because the tool has also changed ownership at that date … It is now up to a user officiating under the moniker “wooranker”.

The plugin is highly rated by users

Continuing their investigations, our brave experts also determined that the plugin has not been updated for several months before it changes ownership. It is therefore possible that he was deliberately sold by its former developer.

But it is not over because they also found another file that was added to the extension in stride: CCTM_Communicator.php .

What is its purpose? Simple, it adds a bit of code to the index.php file of the plugin, a piece of code … quite problematic. It actually transmits to a remote server IDs of all people accessing the site on which is installed the extension.

In other words, if you use this plugin on your website or on your blog, then it is best to remove it immediately and change all passwords to your editors in stride.

If you want to know more about the investigation by Sucuri, then you can visit this page .

Now, this story proves once again how it is essential to pay close attention to plugins, including those broadcast via the WordPress platform.

Building your own website doesn’t require the coding expertise it used to. Thanks to user-friendly WordPress themes and tutorials, virtually anybody can create an eye-catching and enjoyable website – but where to start?

The options are nearly limitless, so TNW has put together a handful of premium deals at bargain prices to help get you up and running.

‘Certify Me’ WordPress certifications: $80

Get the attention of recruiters and potential employers, and set yourself on a path to promotions and raises through Certify Me’s WordPress Certifications. Once you pass the Certify Me WordPress exam, you can add the certificate logo to your CV, website, and more to set yourself apart, and give your clients and employers a certifiable trust in your abilities.

Enhance your credibility and win those big clients or that dream job, and give your CV, resume or pitch that leading edge with a personal or agency-wide certification.

➤ Get this deal

 

Monstroid Developer License: 40+ WP themes: $39

Learning how to code isn’t for everyone, with many people lacking the time or resources to dedicate themselves to learning a new skill. But we still want the ability to create a quality website from start to finish, without the need to hire a sub-contractor web developer, don’t we?

Luckily for us, there are WordPress theme builders out there that can make our lives a lot easier. A Monstroid Developer License offers 40+ very modern and interactive themes, with colorful sections and animated items. It comes with stunning visual elements, a full-width slider, and a full-screen layout. Monstroid offers an amazing scrolling experience and catches you in an instant.

➤ Get this deal

 

TeslaThemes WordPress Themes: Lifetime Subscription: $59

TeslaThemes are built with simplicity in mind and are designed to be as user-friendly as possible. Extensive documentation is provided for each theme, including step-by-step photos, to help you get up and running quickly.

Don’t let the simple, minimalist design styles that dominate most of the themes fool you: they boast some impressive functionality and customization options, thanks to the Tesla Framework from which each theme is built. Because of this, most of the themes are described as “multi-purpose” and have a wide range of uses.

➤ Get this deal

 

Premium Responsive WordPress Themes: Lifetime Subscription: $49

With this collection of premium themes, your site will perfectly showcase your brand and draw your visitors in.

Each one of these meticulously detailed themes are fully responsive, so they’ll look great on desktops and mobile devices. They’re also optimized for maximum visibility on search engines, and include video instructions for setting up and customizing your theme to suit your needs.

➤ Get this deal