How To Revamp Your WordPress Site During The Pandemic?
The pandemic (Covid-19) had changed how businesses work and perform especially in the online space. Revamping your website during the COVID-19 pandemic should include the very basics and some very specific actions to better position you to serve your clients and target audiences. And, of course, keep your business thriving. What do we suggest? We’re glad you asked!
Improve the Online User Experience
These are basic things that you should do periodically, regardless of a pandemic or business as usual. Internet use in 2020 simply demands these things to be competitive with every other website. If you haven’t made these upgrades yet, now is the time.
So, what does UX means when it comes to revamping your WordPress site? Here's the list:
Publish high-quality content (over 1,500 words)
Create a secured website (HTTPS)
Make your WordPress mobile-friendly (including Voice Search)
Check all links for functionality (hint: broken links)
Master your on-oage optimization
Earn relevant and authoritative backlinks
Optimize your page speed
Focus on Improving Social Proof
Social proof, a term coined by Robert Cialdini in his 1984 book, Influence, is also known as informational social influence. It describes a psychological and social phenomenon wherein people copy the actions of others in an attempt to undertake behavior in a given situation (source: Wikipedia).
Social proof is testimony from actual users about your products, services, and overall customer service efforts. Good social proof strengthens your business reputation and makes it more likely that others will choose your business over your competitors. During this time as you make needed website changes, reach out to your clients, and ask for a review of your services to them or the products they have purchased.
Not sure where to start? Don't worry! Google My Business, Yelp! and written testimonials are great ways to start and you should implement them on your WordPress site.
Google My Business – If you haven’t already, claim your Google My Business page, personalize it, add some photos, and start directing users to it for testimonials.
Yelp! – Connects people with great local businesses. Claim your Yelp! Business Page, personalize it and share it with your clients when you ask for their reviews.
Testimonials – If you have a means for users to share reviews directly on your website, this can be a great way to gather testimonials. If not, ask for written comments when users visit your Google and Yelp! Business Pages.
Did you know?
Thrive Ovation is an excellent set-and-forget testimonial plugin for WordPress websites that is super easy to integrate and install. No coding skills required!
Offer Enticing Lead Magnets to Increase Traffic to Areas that Need Growth
Offering something of value for contact information is a great way to swap value for value, like an old-fashioned trading post. In order to really maximize their potential, lead magnets should:
Solve a real problem
Focus on one thing
Be easily understood and used
Offer high value to users
Be instantly accessible
Demonstrate your unique value proposition or expertise
The best lead magnets are simply too good to pass up for sharing a simple name and email address. They directly impact a genuine pain point of your target audience. This generates interest in the free offering and gathers you a new lead for your mailing list that is already interested in what services or products you provide.
Okay, we get it. You are running a business and you certainly doesn't have the time to figure out about lead generation magnets for your WordPress site.
OptinMonster is what we use and recommend. It is easy to use and it comes with many features, including ready-made templates that you can (almost) instantly use to create powerful lead magnets.
Let's take a quick moment to watch OptinMonster in action.
Lead Magnet (Finally) Done Right
OptinMonster is a powerful lead generation software that converts abandoning visitors into subscribers with our dynamic marketing tools and Exit Intent® technology.
There are many ways you can revamp your WordPress site better service and profitability. Do you have more tips and strategies that you use especially during this pandemic?
Share your ideas in the comments section!
Scalability In Hosting: The How's And Why's That You Need To Know
What does scalability in hosting means to you? In the general term, scalability represents the ability for you to scale in web hosting. In most cases, you are upgrading to a higher hosting plan in order for you to cope up with the growing traffic. It could also means that you are upgrading to higher plans for better features.
8 reasons why scalability is important for your online business
Growing website visitors count. When the number of visitors increases, you probably need a better website hosting to avoid any overcharges in traffic.
Processing power. The higher the web traffic, the more processing power you would need. In this case, the processing power is the ability for your web hosting server to perform tasks. The higher the processing power, the faster your website loads.
Security features. There are also instances where you need to scale your hosting plan because you require additional security features. Some web hosting companies provide better and more comprehensive security features on higher hosting plans.
Additional domains. If you are constantly flipping domains or adding domain ownership to your account, you might find yourself hitting the domain quota real fast. In this case, upgrading to a higher hosting plan will give you a larger domain quota.
Hosting features. Upgrading to different hosting plans also gives you more hosting benefits (as a whole). For example, higher hosting plans usually come with more CPU, RAM and dedicated environment which will help you in scaling your online business.
eCommerce store. Thinking of starting an online store? If you are using WordPress and WooCommerce, you probably need WooCommerce hosting to avoid resource hogging. Plus, having a bigger hosting plans means that you have more space for images and higher concurrent visitors' actions.
Moving host. Web hosting scaling doesn't always happen within the same web host. You could be moving from one host to another for better pricing or performance.
Hosting limitations. This happens more often than you can imagine. At times, some hosts will limit certain actions to ensure that the server is working at its peak. This is very common in the shared hosting space. Scaling your hosting plan will allow you to perform the tasks that you wan without any or much limitation.
Critical Vulnerability Found In The Official MailerLite Sign Up Forms Plugin For WordPress
Update: The Official MailerLite Sign Up Forms plugin for WordPress had been updated to version 1.4.5 on 26th May 2020 which is said to patch the vulnerability. While the new version is out, it is important to update the plugin if you have it installed on your site. We also hope that sufficient notifications are delivered to the affected users to have them update the plugin as soon as possible.
A new and critical vulnerability has been discovered in the Official MailerLite Sign Up Forms plugin for WordPress (for versions 1.4.4 and below). The vulnerability allows an unauthorized attacker to perform an SQL injection and gain access to the administrative panel of the site. Also, the plugin is vulnerable to CSRF attacks.
Here are the details of the vulnerability:
Plugins with version below 1.4.4 are affected
Affected file: include/mailerlite-admin.php.
We recommend you to start scanning your sites immediately, rather than waiting for an automatic scan to run or to wait for an updated version of the plugin.
If you are using the Official MailerLite Sign Up Forms plugin, we recommend you to update it immediately.
Vulnerability Found In SiteOrigin WordPress Page Builder Plugin
On May 12, 2020, a critical vulnerability was found in the famous WordPress page builder plugin, SiteOrigin. This vulnerability threatens over a million websites that are using SiteOrigin.
According to researchers at WordPress, both security bugs can lead to cross-site request forgery (CSRF) and reflected cross-site scripting (XSS). They “allow attackers to forge requests on behalf of a site administrator and execute malicious code in the administrator’s browser,” according to Wordfence researchers, in a Monday posting.
They assigned both flaws a severity rating of 8.8 out of 10, but no CVEs have yet been assigned.
What Is This WordPress Vulnerability All About?
If exploited, both bugs could be used to redirect a site’s administrator, create a new administrative user account or inject a backdoor on a site.
The first issue lies in the built-in live editor within the plugin – this feature lets users update content and drag/drop widgets while gaining a real-time view of the changes on the given website.
“In order to show the modifications in real-time through the live editor, the plugin registers the is_live_editor() function to check if a user is in the live editor,” explained Wordfence researchers. “If the user is in the live editor, the siteorigin_panels_live_editor parameter will be set to ‘true’ and register that a user is accessing the live editor. The plugin will then attempt to include the live editor file which renders all of the content.”
This “live-editor-preview.php” rendering file thus updates the page preview with changes made, in real-time.
The problem is that there is no nonce protection to verify that an attempt to render content in the live editor came from a legitimate source, according to Wordfence.
The data associated with a live preview was never stored in the database, resulting in a reflected XSS flaw rather than stored XSS flaw, in conjunction with the CSRF flaw.
A second flaw is also a CRSF to XSS issue, this time in the action_builder_content function of the plugin, which is tied to the AJAX action wp_ajax_so_panels_builder_content.
“This function’s purpose was to transmit content submitted as panels_data from the live editor to the WordPress editor in order to update or publish the post using the content created from the live editor,” the researchers said. “This function did have a permissions check to verify that a user had the capability to edit posts for the given post_id. However, there was no nonce protection to verify the source of a request, causing the CSRF flaw.”
How To Know If Your WordPress Site Is Affected?
This WordPress vulnerability affects the Page Builder by SiteOrigin version 2.10.15 and below; to avoid full site takeover, admins should upgrade their plugins to version 2.10.16.
It should also be noted that an attacker needs to trick a site administrator into executing an action, like clicking a link or an attachment, for the attack to succeed.
Wordfence thanked the developer "for an extremely prompt response and for releasing a patch very quickly."
The latest version of the plugin, v. 2.10.16, has resolved the issues. At the time of writing, 66.6% of all users have updated their builds. It is recommended that users make sure they are up-to-date.
5 Things You Didn't Know About WordPress Care Packages (That Will Save You $1,000's)
WordPress care packages are great assets for large WordPress websites. Instead of spending an allocated sum of money each month to hire website developers, you can easily pay a smaller figure or a pay-as-you-go basis to WordPress agencies to maintain your website.
To give you an idea, here's what you can expect when it comes to maintaining a WordPress site, either on a daily, weekly or monthly basis.
Updating WordPress themes and plugins
< 15 minutes
~ 30 minutes
Clean and optimize database
~ 15 minutes
~ 15 minutes
> 30 minutes
Performing WordPress migration
> 3 hours
The above is just a simple list of tasks that you need to do to maintain a WordPress site. And if you are running a large site or eCommerce site, there are even more things you need to perform which will ultimately take up a lot of time.
Doing it yourself (DIY) isn't saving you more money if you don't have the needed expertise. Your time should be allocated to do things that generate you revenue or traffic instead.
3. Hiring Full Time vs Freelance / Pay As You Go
Hiring a full time WordPress developer is an excellent choice when you are making over 6 figures each month with your WordPress site. But if you are not achieving such, going the 'pay-as-you-go' route is a better option.
For example, our monthly WordPress care package pricing comes with a generous 5 hours of work per month for only $50. This means that you save at least $300 per month on WordPress maintenance works.
4. Website Downtime Is Bad For Reputation And Sales
When was the last time your WordPress site was not accessible to the public? Let us guess.
You reached out to the web hosting support and was told that they couldn't do much because it was 'your mistake'? Yes, we hear this one too many times.
Every downtime your website experiences, the higher chances you are in losing potential sales and revenue. Of course, it is just fine if you are making $5 or $10 per hour. Imagine losing $100 or $500 per hour.
That's a whole different story.
5. Better Be Safe Than Sorry
Subscribing to a WordPress care package could mean spending $50 a month and keeping your WordPress site safe (that's if you are subscribing to our monthly plan). WordPress is a popular CMS but it is also not bulletproof especially with vulnerabilities and security threats.
Critical Zero-Day Vulnerability In Elementor Page Builder Pro Plugin
We hate to break this to you, but a new critical zero-day vulnerability was found in the famous Elementor Page Builder Pro plugin (source). The vulnerability allows an attacker to upload an arbitrary file, which could lead to remote code execution.
Apart from that, this new vulnerability is actively exploited and Element Pro users are urged to update their Elementor Pro plugin immediately. At this point of writing, Elementor Pro plugin had been updated to version 2.9.4 which is free from the exploit.
Here are some information about the vulnerability in Elementor Page Builder Pro plugin:
The vulnerability affects versions before 2.9.4
The affected file is modules/assets-manager/asset-types/icons/custom-icons.php.
Threats found on your website may leads to SEO results degradation in Search Engine Results Page (SERP), blacklist or other sanctions. Therefore, it is extremely important to update your Elementor Pro plugin right now.
WordPress 5.4 Will Add Lazy-Loading To All Images
At this point of time, WordPress 5.4 is said to release on March 31, 2020. It is important to take note that the date is subject to change depending on how ready the release is. Based on previous statistics, WordPress has been very good about meeting their deadlines.
Official WordPress Announcement
“The implementation seeks to enable lazy-loading images by default, providing the loading attribute with value lazy on the following img tags:
Images in post content Images in post excerpts Images in comments Images in text widget content Individual images rendered via wp_get_attachment_image() Avatar images rendered via get_avatar()
Note that loading=”lazy” will only be added if the respective tag does not yet include a loading attribute. In other words, to prevent an image from being lazy-loaded, it is recommended to specify loading=”eager”.”
The developers at Oxygen started investing the disclosed vulnerability and while creating a security patch update, they encountered an additional related vulnerability that was not initially reported to us.
Until date, these vulnerabilities have not been exploited in the wild and therefore, Oxygen users would have some time to update Oxygen Builder to the latest version.
Oxygen 3.1.1 is a security patch specifically for these vulnerabilities and contains no other changes. We are not releasing a changelog or any more details until Oxygen users have had sufficient opportunity to update their sites.
We recommend all Oxygen users to update your Oxygen sites to version 3.1.1 immediately. Here's how you can do that easily:
Automatically Update Oxygen Builder Plugin
Check The License Keys
Go to Oxygen » Settings » License and make sure your license key is entered. Once your key is entered (and even if it was already present), click “Submit” and ensure you see the “valid” response next to the input box. This is an important step to ensure that you are able to update to the latest Oxygen Builder plugin.
Get The Latest Version
Head over to Dashboard » Updates in the WordPress admin panel and, if the Oxygen update isn’t already visible in the plugin update section, click “Check Again” until the update appears. By default, you don't have to request a check again as it is automated.
Updating Oxygen Builder
Once you are prompted with the upgrade, tick the box next to Oxygen in the plugin update section and click “Update Plugins”.
Here's the last step. Head over to the Plugins page in the WordPress admin panel and verify that Oxygen’s version number is 3.1.1.
In the list of purchases, find your Oxygen purchase and click “View Details and Downloads”.
Download The Relevant Files
Under the “Products” heading, find the download link for Oxygen 3.1.1 and download the zip file (if you use Safari, please switch to Chrome or Firefox to download the file to avoid the file being unzipped automatically).
Login to WP Admin
Log into your WordPress site and go to the Plugins page in the WordPress admin panel.
Disable Old Oxygen Builder
Find Oxygen and click “Deactivate”, then “Delete”.
Install The Latest Oxygen Builder
At the top of the Plugins page, click “Add New”, and then “Upload Plugin”.
Upload Oxygen Builder
Click “Choose File” and select the Oxygen 3.1.1 zip file you just downloaded.
Activate Oxygen Builder
Once the plugin is finished installing, make sure to activate it.
Clear WordPress Cache After Installation
Lastly, remember to clear your WordPress cache to ensure that all old files are removed and a new cache is generated for your site. Read this guide on how to clear WordPress cache if you need any assistance.
What Is The Cost Of Having A Fast WordPress Site?
Critical Vulnerabilities Found in Divi Builder by Elegant Themes (And How To Fix It)