WordPress In 2021 (A Glimpse Into The Future)

18+ Top Black Friday And Cyber Monday WordPress Deals 2020

What Is Google Web Stories WordPress Plugin?

Google announced that its Web Stories WordPress plugin is out of beta and available at the WordPress Plugin Repository. This plugin makes it easy for WordPress publishers to create content in the Google Web Stories format, enabling publishers to attract more visitors.

The plugin was previously available at GitHub as a beta version. It is now available as a full WordPress plugin.

What is Google Web Stories?

According to Google Developer's knowledge base, a Web Story is a visual storytelling format in Google Search results that immerses the user in a tap-through full-screen experience. Web Stories can also appear in Google Images, Discover, and the Google app.

Why does Google Web Stories matters?

What is Google Web Stories
~What is Google Web Stories?

Google Web Stories is a function that allows website owners to generate more traffic (for free) through interactive, news-like content. By using Google Web Stories, website owners can now easily tap into additional web resources including showing up on various Google applications such as Google Images, Discover and Google app.

How do I create a Google web story in WordPress?

How To Create Google Web Stories In WordPress
~How to create Google Web Stories in WordPress?

The recent launch of Google Web Stories plugin makes it extremely easy for WordPress users to create stories on Google.

Here's how it is done.

Step 1: Download and install Google Web Stories WordPress plugin

Google Web Stories WordPress Plugin
~Google Web Stories WordPress plugin

Head over to WordPress admin » Plugins » Add New. Key in "Web Stories" in the search bar and look for the plugin whose developer is Google.

Click on Install Now and followed by Activate.

Step 2: Setup Web Stories by Google plugin

The next step involves creating your first story. Head over to WordPress admin » Stories » Dashboard. Here, you will be able to configure and setup web stories by Google plugin.

Web Stories Templates
~Web Stories templates

Web Stories comes with several templates that you can use simply by clicking on the template and import it.

Step 3: Customize Web Stories

Finally, customizing web stories is easy with the inbuilt visual builder. Here's how it looks like on the backend.

Web Stories Visual Editor
~Web Stories visual editor

Based on our tests moments earlier, the visual editor is rather basic. While it is not buggy, the amount of customizations that you can do to it is rather limited in many ways.

Since this is just the first version since the public listing of the plugin, we expect it to be flexible and feature-rich in the coming months.

Summary: Google Web Stories WordPress plugin

There is no doubt that this plugin is an excellent addon especially for website owners who are serious of generating more traffic to their website.

Overall, Google Web Stories WordPress plugin is an easy to use plugin with close to zero setup or configuration required.

Ghost vs WordPress: A Comparison Like No Other

Ghost vs WordPress. Which is the best content management system for website owners? In this article, we will go through a detailed introduction on both Ghost and WordPress to give you a clear comparison between both of these awesome publishing platforms.

Ghost vs WordPress - Summary

FeaturesGhost CMSWordPress CMS
Hosted solutionYes, starts at $29 per monthYes, free plan available and paid plans start at $4 per month
Self-hosted solutionYes, for freeYes, for free
Recommended forPublishers and membership sites (paid content)Publisher, eCommerce, landing pages and membership sites (paid content)
Ease of use / Beginner-friendlyStraightforwardStraightforward with advanced features available
Coding skillsRequired (for theme customization)Not required, but it is an added advantage
PopularityPopular among publishersExtremely popular among various industries

An introduction to Ghost CMS

What is Ghost CMS? Ghost vs WordPress
~What is Ghost CMS? Ghost vs WordPress

Ghost.org is a popular publishing platform that looks very familiar with Medium. The Ghost CMS is very geared towards publishers, thus, you are getting more of a publisher platform (that allows you to create content fast) instead of those advanced features to customize a site.

Ghost.org Features

From content writers to podcasters to video creators, Ghost.org had been a valuable piece of software that allows you to showcase your content quickly and beautifully ... without a single line of code.

Modern publishing

  • A beautiful, powerful editor
  • Simple content management
  • Email newsletters built-in
  • SEO features included automatically

Membership business

  • Free member registration & login
  • Launch paid publications & newsletters
  • Subscription payments with Stripe
  • No transaction fees, you keep your revenue
  • Turn any subscriber list into a members site

Developer friendly

  • Headless CMS with Node.js REST APIs
  • Over 19x faster than WordPress
  • Secure & independently audited
  • Custom theme or any JAMstack front-end

Ghost.org Pricing

Basic
A good option for bloggers
$29
/mo
  • 100k views/month
  • 2 staff users
  • 1,000 members
  • SSL+CDN included
Standard
When publication gets serious
$79
/mo
  • 500k views/month
  • 5 staff users
  • 8,000 members
  • Priority support
Business
High volume, performance-focused
$199
/mo
  • 1M views/month
  • 15 staff users
  • 35,000 members
  • 99.9% uptime SLA

An introduction to WordPress

What is WordPress CMS? Ghost vs WordPress
~What is WordPress CMS? Ghost vs WordPress

WordPress doesn't require much introduction (to be honest). This is by far, one of the most popular CMS in the world. Last we check, it is powering over 35% of the world's website (which is fairly huge).

Unlike Ghost.org, WordPress is geared more towards a multipurpose CMS tool that allows you to build a website based on a wide number of criteria including membership sites, business blogs, landing pages, sales pages and many more.

Plus, WordPress comes with visual builders that allow you create customized WordPress designs without coding skills.

WordPress Features

WordPress CMS is a multi-purpose content management system for both beginners and advanced website owners.

Ease of use

  • 1-click install almost everything
  • Drag and drop website builders
  • Plugins make customizing WordPress sites easy
  • Extremely easy for beginners

Absolute control

  • Control everything on your site
  • Easily create membership subscriptions
  • Integration with marketing tool
  • International support

Developer friendly

  • No coding skills required
  • Drag and drop everything
  • Many ready-made themes and plugins
  • Fast and secure

WordPress Pricing

Host Solution
Worry-free and great for beginners
$4
/mo
  • Hosted on WordPress.com
  • Excellent support
  • Scalability and security
  • SSL + CDN included
Self-Hosted Solution
Performance and control
$4
/mo
  • A wide range of web hosting solutions
  • Easy to setup
  • Costs under $3.99 per month
  • Scalability and control

Summary: Ghost vs WordPress

If you are a publisher, course creator or having a subscription-based model, Ghost is an excellent choice to go with.

If you are looking for a full-fledged website CMS that gives you performance, stability, control and customization, there's nothing beating WordPress CMS.

What's your choice? Leave a comment below and tell us what you think!

WordPress News: WordPress 5.5 Update

WordPress 5.5 is now live and before you even think of pushing the 'Update Now' button, here are some very important things you need to know. Failing to take some steps before updating your WordPress may lead to disastrous effects, including unable to login and a broken WordPress site all together. But apart from the bad news, WordPress 5.5 is a fresh and and high anticipated WordPress update that is very timely (to say the very least).

What is the WordPress 5.5 update?

WordPress 5.5 Update Core Features
~WordPress 5.5 Update Core Features

Every major WordPress update is given a nickname and WordPress 5.5 is known as “Eckstine”.

At this point in time, we had successfully updated over 50 of our clients' sites to WordPress 5.5 and it is also important to state that there were around 8 to 10 sites that failed to update badly (we did prior backups before updating the core files).

So, what is WordPress 5.5 update all about?

WordPress 5.5 update is all about the new looks, features and overall usability in WordPress. The most distinctive thing about WordPress 5.5 is the Gutenberg blocks that had gone through a rather complete overhaul (display, UX and UI). Apart from that, WordPress 5.5 also offers automatic plugins and themes updates which are very timely too especially in keeping your WordPress site updated with the latest files.

WordPress 5.5 developer features (that you might like)


How to update to WordPress 5.5?

Updating to WordPress 5.5
~Updating to WordPress 5.5

The quickest way to update WordPress 5.5 is to do it via the wp-admin. Here's how do you it.

Head over to wp-admin » Updates » Install Updates.

By default, WordPress will send you a reminder to a full website backup before updating and we highly recommend you to do so. If you are using cPanel hosting, head over to your cPanel daskboard, search for "Backup" and click "Backup full site." Depending on the size of your website, it would take anywhere from a few minutes to a few hours for the backup to complete.

If you are using hosting control panels as we do, you can do it manually via the backend dashboard. We use RunCloud.io (here's our RunCloud.io review) and you can perform a full backup including database by heading to RunCloud.io » Backups » Create Backup.

Summary

We had been using WordPress 5.5 for over 6 hours now, and we find it rather quick, lesser bug and more importantly, it creates a very pleasant user experience especially when you are using Gutenberg to create your post. As a matter of fact, this WordPress news is created entirely using Gutenberg.

Have you updated to WordPress 5.5 yet? Leave a comment and tell us more about it!

What Happened To Astra WordPress Theme?

It has been two days since the WordPress community was divided. Astra WordPress theme that powers over 1 million WordPress blogs in the world, is being shut down (penalized) for 5 weeks for illegally injecting affiliate links in their free themes and plugins — without clearly displaying the disclaimer or terms. According to the WordPress auditing theme, they had been reaching out to Brainstorm Force (the parent company behind Astra WP) numerous times about the issue but received little or no reply/action to rectify the issue.

When the penalty took place, it hit the world by storm — some of us not knowing what happened while others started criticizing the company for the unethical move. Putting affiliate links without publicly declaring can lead to numerous problems with the law in some countries.

We are publishing this WordPress news as a hope to share the real news that happened, and ultimately, giving you some lights to the whole drama.

Astra WP, Popular WordPress Theme

Astra WP is a popular, freemium WordPress theme that powers over 1 million WordPress blog. It offers simplicity, clean codes and above all, low learning curve that is beginner friendly.

What happened to Astra WP?

On the 7th August 2020, there was a huge debate going on in the WordPress space, discussing about Astra and TRT Messenger (Theme Review Team Bot). Soon after, the TRT Messenger published an update on the Astra WP penalization and removal from WordPress repository.

The requirement disallowing affiliate links was put in place a year and a half ago. WordPress had discussions on their official Slack channel as well as on their blog for many weeks.

According to WordPress, Brainstorm Force had advanced warnings.

Official WordPress statement:

“18 months ago you started adding affiliate links in your theme.

…We have this requirement against this:

Themes are not allowed to have affiliate URLs or links.

We added this requirement more than 18 months ago, specifically for this kind of issue.

We also asked other theme authors to remove such links from their themes and discussed this topic, on Slack & the blog, for many weeks.

We don’t understand how you can miss something like this, and it’s also not the first time we have to come and tell you something is wrong with your theme.

Because of this, your theme will be suspended for the next 5 weeks (until September 11th, 2020).”

TRT Messenger (Theme Review Team Bot)

Brainstorm Force Astra Theme Response

Brainstorm Force, the publishers of the Astra theme, responded that they do not add affiliate links to the theme itself.

Thus, because there are no affiliate links in the theme itself, they asserted that the theme is technically complying with the WordPress rules.

Brainstorm Force did concede that the Astra theme used third party plugins to pass a referral code.

This is how they explained it:

“We however admit that we used filters available in third party plugins where we only pass our referral code.

But at the same time, we do NOT add any affiliate links or whatsoever as per the requirement.

We’re not sure if using the referral filter is against the requirement. But if it is, we’re happy to remove it immediately and submit the new version.”

Brainstorm Force team

Brainstorm Force was clear that they do not add affiliate code. They said that they only added “referral codes” via third party plugins.

In their announcement, WordPress linked to code within the Astra Theme that appears to show links from the popular LinkShare/Rakuten affiliate network.

Take a look at these screenshots:

Astra Theme Suspension is Live

The theme suspension is live. The theme is no longer available from the WordPress theme repository for download.

That means that over 1 million Astra theme users will not be able to update their theme via WordPress for five weeks.

Astra announced that it has released an update that removes the affiliate referral codes. They say that this new version complies with WordPress rules.

But the update has to be downloaded directly from Astra or from their GitHub repository.

WordPress has officially suspended the popular Astra theme. Brainstorm Force has requested to have the suspension lifted. Given how WordPress already tried to resolve the issue prior to the suspension, it doesn’t appear likely that Astra will be restored until the five week suspension is over.

Question: Did Astra WP team did a mistake?

They did a fair share of mistakes that led to this temporary suspension. Here's what we think.

  • Added affiliate links into products which is against the rules
  • Failing to express and declare the affiliate links
  • Astra compliance team probably didn't go through the fine prints
  • They probably though this could be debated out since every law has its own loop hole
  • Confusing public annoucements by the top management
  • Denying (literally speaking) that they did wrong

Question: Was Astra WP team did ethical?

Here's the thing. Astra WP theme is a free theme (with Astra Pro being a paid version). Being "free" means that money needed from somewhere to keep the production running.

And we know for the fact that there are many people who are willing to go for "free" than paid, even if the paid version is much better.

In this case, we believe there are fine lines in the law and what Astra WP team was not ethical. They should have followed the rules — strictly no affiliate links.

With over 18 months of discussions, we see no reason how they could have this oversight.

Question: Was Astra WP team legally right to insert affiliate links?

If they are selling/promoting the theme on their own sites (out of the WordPress repository), then yes, they have all the rights to do so.

But since they are having the theme within the WordPress repository, they have to follow the rules, one way or another.

Question: How to update Astra WP manually?

GitHub

Head over to GitHub repository and download the latest Astra WP theme. Here's the link.
Step 1

Upload to WordPress

Head over to your WP-Admin and head to Themes » Appearances » Add Theme. Upload the Astra theme .zip file here.
Step 2

Activate

Lastly, click Activate once the theme had been uploaded. Now, you have the latest version of Astra!
Step 3

Critical Vulnerability Found In All In One SEO Pack WordPress Plugin

On 16th July 2020, we read a post by Wordfence on the critical vulnerability found in the All In One SEO Pack WordPress plugin (original article can be found here) and we are shocked. We went into a panic mode not because we use AIOSEO, but we know a lot of our maintenance clients do and we wanted to warn them (we are more of a SEOPress-type of fanboys and girls).

Thankfully a new patch was updated by the AIOSEO team and we recommend you to perform a 'check for update' if you had not done so.

This is considered a medium severity security issue that, as with all XSS vulnerabilities, can result in complete site takeover and other severe consequences. We strongly recommend immediately updating to the latest version of this plugin. At the time of writing, that is version 3.6.2 of All in One SEO Pack.

How the WordPress security exploit was detected?

All In One SEO Pack is a plugin that provides several SEO enhancing features to help rank a WordPress site’s content higher on search engines. As part of its functionality, it allows users that have the ability to create or edit posts to set an SEO title and SEO description directly from a post as it is being edited. This makes it easier for post creators to improve the SEO of posts as they are writing them. This feature is available to all users that can create posts, such as contributors, authors, and editors.

Unfortunately, the SEO meta data for posts, including the SEO title and SEO description fields, had no input sanitization allowing lower-level users like contributors and authors the ability to inject HTML and malicious JavaScript into those fields.

/**
 * Saves the data of our metabox settings for a post.
 *
 * @since   ?
 * @since   3.4.0   Added support for priority/frequency + minor refactoring.
 *
 * @param   int     $id     The ID of the post.
 * @return  bool            Returns false if there is no POST data.
 */
function save_post_data( $id ) {
    $awmp_edit = null;
    $nonce     = null;
 
    if ( empty( $_POST ) ) {
        return false;
    }
 
    if ( isset( $_POST['aiosp_edit'] ) ) {
        $awmp_edit = $_POST['aiosp_edit'];
    }
 
    if ( isset( $_POST['nonce-aioseop-edit'] ) ) {
        $nonce = $_POST['nonce-aioseop-edit'];
    }
 
    if ( isset( $awmp_edit ) && ! empty( $awmp_edit ) && wp_verify_nonce( $nonce, 'edit-aioseop-nonce' ) ) {
 
        $optlist = array(
            'keywords',
            'description',
            'title',
            'custom_link',
            'sitemap_exclude',
            'disable',
            'disable_analytics',
            'noindex',
            'nofollow',
            'sitemap_priority',
            'sitemap_frequency',
        );
 
        if ( empty( $this->options['aiosp_can'] ) ) {
            unset( $optlist['custom_link'] );
        }
 
        if ( ! AIOSEOPPRO ) {
            $optlist = array_diff( $optlist, array( 'sitemap_priority', 'sitemap_frequency' ) );
        }
 
        foreach ( $optlist as $optionName ) {
            $value = isset( $_POST[ "aiosp_$optionName" ] ) ? $_POST[ "aiosp_$optionName" ] : '';
            update_post_meta( $id, "_aioseop_$optionName", $value );
        }
    }
}

The SEO title and SEO description for each post are always displayed on the ‘all posts’ page as they appear in the far right column for easier quick editing access. Therefore, any values added to the SEO title and SEO description fields would be displayed here in an unsanitized format, causing saved JavaScript in these fields to be executed when any user accessed the ‘all posts’ page.

Any JavaScript injected in the SEO description field would also be executed when visiting the page directly if a closing tag was inserted by an attacker before adding their own script. For example, it could look like </script><script>alert(0)</script>. This was due to the fact that the tag would close out the SEO description’s original script tag and inject an additional script directly after.

Due to the JavaScript being executed whenever a user accessed the ‘all posts’ page, this vulnerability would be a prime target for attackers that are able to gain access to an account that allows them to post content. Since Contributors must submit all posts for review by an Administrator or Editor, a malicious Contributor could be confident that a higher privileged user would access the ‘all posts’ area to review any pending posts. If the malicious JavaScript was executed in an Administrator’s browser, it could be used to inject backdoors or add new administrative users and take over a site.

Fortunately, in the patched version, the plugin developer has added sanitization to all of the SEO post meta values so any HTML characters supplied will be escaped and unable to become executable scripts.

~A quick video by Wordfence team on the WordPress exploit

Summary

We recommend you to update all your plugins especially All In One SEO Pack to ensure that you are not 'opening doors' to unwanted hackers or code injections.

How To Revamp Your WordPress Site During The Pandemic?

The pandemic (Covid-19) had changed how businesses work and perform especially in the online space. Revamping your website during the COVID-19 pandemic should include the very basics and some very specific actions to better position you to serve your clients and target audiences. And, of course, keep your business thriving. What do we suggest? We’re glad you asked!

Improve the Online User Experience

These are basic things that you should do periodically, regardless of a pandemic or business as usual. Internet use in 2020 simply demands these things to be competitive with every other website. If you haven’t made these upgrades yet, now is the time.

So, what does UX means when it comes to revamping your WordPress site? Here's the list:

  • Publish high-quality content (over 1,500 words)
  • Create a secured website (HTTPS)
  • Make your WordPress mobile-friendly (including Voice Search)
  • Check all links for functionality (hint: broken links)
  • Master your on-oage optimization
  • Earn relevant and authoritative backlinks
  • Optimize your page speed

Focus in having a intuitive UX design to improve the visitor's experience
~Focus in having a intuitive UX design to improve the visitor's experience

Focus on Improving Social Proof

Social proof, a term coined by Robert Cialdini in his 1984 book, Influence, is also known as informational social influence. It describes a psychological and social phenomenon wherein people copy the actions of others in an attempt to undertake behavior in a given situation (source: Wikipedia).

Social proof is testimony from actual users about your products, services, and overall customer service efforts. Good social proof strengthens your business reputation and makes it more likely that others will choose your business over your competitors. During this time as you make needed website changes, reach out to your clients, and ask for a review of your services to them or the products they have purchased.

~Social proofs are great ways to increase your trust and authority level
~Social proofs are great ways to increase your trust and authority level

Not sure where to start? Don't worry! Google My Business, Yelp! and written testimonials are great ways to start and you should implement them on your WordPress site.

Google My Business – If you haven’t already, claim your Google My Business page, personalize it, add some photos, and start directing users to it for testimonials.

Yelp! – Connects people with great local businesses. Claim your Yelp! Business Page, personalize it and share it with your clients when you ask for their reviews.

Testimonials – If you have a means for users to share reviews directly on your website, this can be a great way to gather testimonials. If not, ask for written comments when users visit your Google and Yelp! Business Pages.

Did you know?

Thrive Ovation is an excellent set-and-forget testimonial plugin for WordPress websites that is super easy to integrate and install. No coding skills required!

Offer Enticing Lead Magnets to Increase Traffic to Areas that Need Growth

Offering something of value for contact information is a great way to swap value for value, like an old-fashioned trading post. In order to really maximize their potential, lead magnets should:

  • Solve a real problem
  • Focus on one thing
  • Be easily understood and used
  • Offer high value to users
  • Be instantly accessible
  • Demonstrate your unique value proposition or expertise
Generate more potential leads using lead magnet
~Generate more potential leads using lead magnet

The best lead magnets are simply too good to pass up for sharing a simple name and email address. They directly impact a genuine pain point of your target audience. This generates interest in the free offering and gathers you a new lead for your mailing list that is already interested in what services or products you provide.

Okay, we get it. You are running a business and you certainly doesn't have the time to figure out about lead generation magnets for your WordPress site.

OptinMonster is what we use and recommend. It is easy to use and it comes with many features, including ready-made templates that you can (almost) instantly use to create powerful lead magnets.

Let's take a quick moment to watch OptinMonster in action.

~OptinMonster is a great conversion optimization software for business websites

Lead Magnet (Finally) Done Right

OptinMonster is a powerful lead generation software that converts abandoning visitors into subscribers with our dynamic marketing tools and Exit Intent® technology.

Working on revamping your site

There are many ways you can revamp your WordPress site better service and profitability. Do you have more tips and strategies that you use especially during this pandemic?

Share your ideas in the comments section!

Scalability In Hosting: The How's And Why's That You Need To Know

What does scalability in hosting means to you? In the general term, scalability represents the ability for you to scale in web hosting. In most cases, you are upgrading to a higher hosting plan in order for you to cope up with the growing traffic. It could also means that you are upgrading to higher plans for better features.

Either way, scalability is an important factor when it comes to making the right web hosting choice.

8 reasons why scalability is important for your online business

Scalability In Web Hosting
~Scalability in web hosting
  1. Growing website visitors count. When the number of visitors increases, you probably need a better website hosting to avoid any overcharges in traffic.
  2. Processing power. The higher the web traffic, the more processing power you would need. In this case, the processing power is the ability for your web hosting server to perform tasks. The higher the processing power, the faster your website loads.
  3. Security features. There are also instances where you need to scale your hosting plan because you require additional security features. Some web hosting companies provide better and more comprehensive security features on higher hosting plans.
  4. Additional domains. If you are constantly flipping domains or adding domain ownership to your account, you might find yourself hitting the domain quota real fast. In this case, upgrading to a higher hosting plan will give you a larger domain quota.
  5. Hosting features. Upgrading to different hosting plans also gives you more hosting benefits (as a whole). For example, higher hosting plans usually come with more CPU, RAM and dedicated environment which will help you in scaling your online business.
  6. eCommerce store. Thinking of starting an online store? If you are using WordPress and WooCommerce, you probably need WooCommerce hosting to avoid resource hogging. Plus, having a bigger hosting plans means that you have more space for images and higher concurrent visitors' actions.
  7. Moving host. Web hosting scaling doesn't always happen within the same web host. You could be moving from one host to another for better pricing or performance.
  8. Hosting limitations. This happens more often than you can imagine. At times, some hosts will limit certain actions to ensure that the server is working at its peak. This is very common in the shared hosting space. Scaling your hosting plan will allow you to perform the tasks that you wan without any or much limitation.

Critical Vulnerability Found In The Official MailerLite Sign Up Forms Plugin For WordPress

Update: The Official MailerLite Sign Up Forms plugin for WordPress had been updated to version 1.4.5 on 26th May 2020 which is said to patch the vulnerability. While the new version is out, it is important to update the plugin if you have it installed on your site. We also hope that sufficient notifications are delivered to the affected users to have them update the plugin as soon as possible.

A new and critical vulnerability has been discovered in the Official MailerLite Sign Up Forms plugin for WordPress (for versions 1.4.4 and below). The vulnerability allows an unauthorized attacker to perform an SQL injection and gain access to the administrative panel of the site. Also, the plugin is vulnerable to CSRF attacks.

Here are the details of the vulnerability:

  • Plugins with version below 1.4.4 are affected
  • Affected file: include/mailerlite-admin.php.

We recommend you to start scanning your sites immediately, rather than waiting for an automatic scan to run or to wait for an updated version of the plugin.

Want to learn more about this WordPress vulnerabilities? Click here for more details.

Why should you care about this WordPress vulnerability?

This vulnerability will lead to massive WordPress security issues for your site. As a reminder, hackers will be able to create a backdoor to your WordPress site and doing tasks with administrative roles.

If you are using the Official MailerLite Sign Up Forms plugin, we recommend you to update it immediately.