Can't Speak Geek

Technology and social media in simpler terms

WordPress 101

The Need For Maintenance

I get asked all the time “what is the big issue with maintenance? My site is online. Why should updating or backing up the site matter?”

First websites are not build them and forget them like many people think they are. Too often when a site is built by someone else, they forget to tell the site owner that there are certain things that need to happen once they turn the site over to the user. This can end in bad news for the site owner later down the road. Maintenance can take just a few minutes each month and can save you a lifetime of headache in the long run.

Backups are essential!

I tell clients and new users all the time “nothing is every permanent if you have a backup.” This should be learned back in the high school paper writing times and then carried with you for the rest of your life. Remember staying up late writing a paper and then closing down your machine without saving to find out the next morning the paper was gone? Imagine that happening when you are working on your website. Any time you are adding a new plugin, editing any of the files, or changing any functionality of the site, it is crucial to make a backup first. This is for when things break, you always have a backup to revert to. Plugins like BackWPUp, BlogVault, Jetpack, and Backup Buddy can help you to setup automatic updates of your site. Just remember to have them sent to a place other than your server for safe keeping. Most plugins have a cloud option or you can have them sent to a Dropbox account or AWS S3 storage canister.

Updates are crucial!

A major line of defense from hackers is updates. Security experts preach often about the necessity of updating a site. They are not wrong.

Updates are made for three reasons.

  1. The Release of New Features
  2. To Fix A Bug/Outdated code
  3. To Fix A Security Vulnerability.

Updating the core, plugin, and theme files when they come through will keep known vulnerabilities at bay. It is always best to update your site on a staging environment to test before making the live changes. If you do not have the option for a staging site, always run a backup before updating for if you need to revert the site back due to conflicts.

Remove any unused plugins and themes

It goes along with the old saying, “if you are not going to use it, get rid of it.” If there are plugins that are sitting in “deactivated” mode, it is best to delete them and then re-add them when you need to use them again. The WordPress Plugin Repository has a fantastic feature where you can save your most liked plugins as “favorites” in your profile. That way you never have to search for the ones you like to use.

As for themes, it is best practice to only keep the theme in use and the most recent WordPress default theme to use for conflict checks if needed. All the other plugins should be removed from your site.

Inspect your site regularly

You know your site better than anyone else. Take the time to look at the front end of your site to ensure that everything is working properly. Definitely do this after running updates on your site. Look for any console and visual errors on your site. Doing this regularly can close the gap from any issues on your site being noticed by your visitors before you know they are there.

Change Your Password

With all passwords, you should be changing them every 6 months to a year. Your password is your first defense at keeping unwanted people out of your site. You can see more of what Can’t Speak Geek thinks about passwords by reading Preaching About Passwords. Also, make sure your passwords are unique and not easily remembered. The harder to remember, the harder it is for password crackers to guess.

Keep up with the commenting

Spam comments can fill up a database very quickly these days. Using something like Akismet can keep unwanted comments off your site and out of your database. It is still good measure to check on your comments often and approve them to share the conversation on your blog posts.

Check your forms

Your forms are what can connect a first time visitor of your site into becoming a customer. If your forms are not working, then your leads from your forms will stop as well. We recommend making a test submission to your forms monthly to ensure they are working properly.

Test your e-Commerce portals

Every so often, we recommend monthly, run a test purchase through your site. The last thing you want is to find out you have lost sales due to your checkout not working. If you are testing your checkout on a regularly basis, you will know before your customers do if something is wrong and can fix it before you lose any sales.

Performance Testing

How is your site holding up? Make sure that it is not suddenly slowing down or performing horribly due to changes on your site. Google still looks at site speed as a very important piece of where you will be in their list. I suggest using Pingdom and GT Metrix for performance testing.

Put 404’s to rest along with Broken Links

If a user tries to go to a place on your site that does not exist, it will cause a 404 to happen. Now, 404 errors that happen because a reader accidentally mistyped an address are normal and nothing to be worried about, but when 404 errors happen due to a page that is no longer available can cause bad user experience and people to leave your site.

Broken links happen when you have links to outside sites that no longer work. We see this often when linking to other blog posts and/or YouTube videos.

It is a good measure to check on 404’s and broken links to ensure that all links work on your site. The plugin Broken Link Checker does. great job in taken care of both issues. If you need to make redirects for your site, I would recommend the plugin Redirection.

 

These basic maintenance steps are essential to keeping your site online and running properly. Site maintenance is key. In the event you would rather have someone else to take care of the maintenance of your site, there are companies that can help. Companies like WP Site Care, 13Core, and WP Buffs can help you with updates and backups so you don’t have to.

What I have found to handle GDPR Requirements

The EU’s GDPR (General Data Protection Regulation) is coming up pretty quick. May 25, 2018 will be here before you know it. This law was actually approved back in April 2016 however had a grace period of two years before it went into full effect. Trying to understand all of the information out there is about like trying to understand tax laws with its 11 chapters and 99 articles. Most of the time it leaves you cranky and your head throbbing.

The quick rundown of GDPR

  • Identifiable data is protected. Any data that can be used as identifiable for a visitor falls under the GDPR. This includes and not limited to name, email address, sex, race, age, address, phone number, and birth date.
  • It requires that consent is given. If you have the opt-in box checked by default, you need to change it so it is unmarked by default.
  • Parental consent will be required to process any and all personal data of children under the age of 16, can vary per member state in the EU (country) but it will not be below the age of 13.
  • It gives the visitor the right to know what information is being stored about them and why it is being stored.
  • It gives visitors the right to have their information to be removed at their request.
  • If any data is ever lost, stolen, accessed without permission, the authorities must be notified within 73 hours of the breach becoming known along with every single person whose data was accessed.
  • Any new site must be made with privacy in mind. Data requests should be strictly controlled and only given when required.
  • Data can only be used for the reason it was given at the time it was given. Then it must be securely deleted when the data is no longer needed.
  • A visitor can request their information at any time, transfer that data, or have it removed.
  • It also allows national authorities to impose fines on companies breaching the regulation.

While this is an EU law, it affects every single person on the web in one way or another. For all of us in the United States who feel that the DGPR does not apply to them, the first thing you need to know is that if your site has a form, e-commerce, blog subscription, comments, or even a contact me, you will need to have your site GDPR compliant. If your site can be reachable by someone in the EU and it is collecting any type of information, that means you! Also, please do not consider just blocking EU IP addresses as that does not really work either. With the help of VPN’s, your site can still be accessible to the EU and still falls in the realm of the GDPR regulations. If you fail to comply, the EU can still fine you up to €20 million per infringement or up to 4% of the annual worldwide turnover. That can put a small site/business out-of-order.

What you can do to become GDPR Compliant

First things first, please take a look at the information you are collecting. Inspect your forms, checkout pages, comments, Google Analytics, IP addresses, etc. Make sure you cover all the ways you collect information in your Privacy Policy.

Now, most of you already have a Privacy Policy on your site, or at least I hope you do. You can find my standard one here. I have adopted two now though as the other is the GDPR complaint Privacy Policy. Please make sure you review your Privacy Policy to ensure it is compliant.

If you have any opt-in boxes or forms with boxes, you must ensure that they are UNCHECKED by default.

Another item that all sites will need is a Data Viewing and Removal option for visitors. You can find mine on the GDPR Personal Data page. A visitor to your site will now be able to remove their data from your site at any given time.

If you have questions, talk to a lawyer. Find one that is well versed in GDPR. In the long run, it is always better to pay a lawyer a few hundred dollars than possibly millions in fines.

Tools to make compliance easier

In my research of how to handle the GDPR changes for my clients, I have found two options to assist in being GDPR compliant.

First, if you do not have a Privacy Policy on your site and you have no idea where to start, then I suggest this plugin: GDPR Framework. The first thing I noted with this plugin is you must be on at least PHP version 7.0 on your server. It is very easy to set up and gives you a compliant Privacy Policy. It is what I used to build the GDPR complaint Privacy Policy I have on Can’t Speak Geek. It also has the data removal form built-in as well. You will need to make both pages (Privacy Policy and the removal form page) but GDPR Framework will build the content for you. The data removal tool is auto built via a short code.

If you already have a rockstar of a Privacy Policy and just need the data request and tracker then I suggest using the plugin GDPR Compliance. It seems to be the most stable and is well supported. Their UI is very user-friendly and it will scan your site for any items on your site that needs attention to be GDPR Compliant. The plugin currently supports Contact From 7, Gravity Forms, WooCommerce, and WordPress Comments and claim on their site to support more at a future date.

Both plugins are free in the WordPress plugin repository and easy to configure. Please do your due diligence before choosing any option to become GDPR Compliant.

TL;DR: Get your website ready for GDPR. If you have questions, ask someone. Don’t just sit back and do nothing. It could become a very costly issue.

DISCLAIMER: Using my guide does not guarantee compliance to GDPR. This post gives you general information and ideas, but is NOT meant to serve as complete compliance package. Compliance to GDPR is a risk-based ongoing process that involves your whole business. Can’t Speak Geek is not eligible for any claim or action based on any information or functionality provided by this post or this website.

Passwords, Attacks, and Security oh my!

Michele got the chance to talk Beginner’s WordPress Security at WordCamp Montreal this weekend. WordCamp Montreal is always a great camp to go to and always has a great lineup of speakers.

Here are the slides from Michele’s talk.

Plugin Review: Give

Can’t Speak Geek decided to make a donations page and at first thought it would be best just to use a PayPal button and call it a day. Then Devin Walker from WordImpress said I should try Give. Since I will give almost any plugin at least one shot, I decided to give Give a try. [Read more…] about Plugin Review: Give

Vetting a Plugin

There are over 35,000 free plugins on the WordPress plugin repository right now with thousands of premium plugins that can be found across the web. With that many plugins, how does one know which plugin to choose.

11 SIMPLE QUESTIONS TO ASK WHEN CHOOSING A PLUGIN

  1. Does the plugin do what you want it to do? Make sure the plugin does exactly what you want it to do. You don’t need all of the bells and whistles, just what you need it to do.
  2. When was the plugin last updated?  If the plugin has not been updated in over two years, there will be a notice at the top of the plugin page. If it has been two years, the plugin is probably no longer supported and might not work with the current version of WordPress.
  3. Is this plugin still supported?  Check to see if any of the support questions have been answered. If they are not on the repository, check to see if their website has a support forum or a way to contact someone for support. If the plugin is no longer supported, it is best to find a more current and supported option.
  4. What has others said about the plugin? I always check the user feedback of every plugin before I download it. Make sure you read the feedback comments though. Many 1 stars are due to not reading the documentation or not understanding the plugin. However, if there are multiple 1 stars that states the author will not respond, or shuts down a site as soon as it is activated, it probably is not the plugin you want to use.
  5. Does the plugin have any known vulnerabilities at this time? All code is built by humans and humans do make mistakes. Vulnerabilities are being found in rapid speed in all things WordPress. Most times, when a vulnerability is found, the plugin author makes a patch and pushes out a new version. This is why it is preached to always run the updates as they come out. If a plugin (or theme) has a known vulnerability and has not made a patch, it is advisable to use a different, safer plugin.
  6. Will it work with my current version of core, theme, other plugins, and my server? In the bottom right of a plugin homepage on the repository will be a box that says if the plugin works with versions of core. Make sure the plugin will work with the version of WordPress you are running on your site.  Also, there are times that certain plugins do not work with other plugins or certain themes. There are also some plugins that will not work on a Microsoft server. Check the documentation before you download.
  7. Do you already have a plugin that does something similar already on your site? There are many multi-function plugins like Jetpack and iThemes Security that have many features built into one plugin. Also if you use two plugins with similar features, they might conflict with each other.
  8. Is there paid support available? Some have a paid installation option or their one -on-one support comes with a fee. Understand the support terms before you decide if that plugin is for you. If it has no option of support, try to find a comparable plugin that does offer some type of support.
  9. Is it a free plugin or does it have a free option? Many plugins have a free and a paid version. Sometimes all that is needed is the free version.
  10. Is the price per year or one time only?  Some freemium plugins have a yearly fee while others are one payment and you own it. Make sure you know before you buy.
  11. Does the price include support? There are some plugins that do not offer support within their fee. Check to make sure you can get answers to your questions if they arise.
Always do your due diligence before choosing a plugin. One of the top three reasons websites get hacked is due to plugin vulnerabilities.  Once you have chosen a plugin, always make a backup before installing or updating your plugin. Sometimes a plugin will not play well with another plugin or your theme.  If you still can not find the plugin you are looking for, ask around. All else fails, today might be a great time to build your first plugin.

%d bloggers like this: