Website design & hosting | 07769 900262

Wordpress

WordPress 5.0 … to update or not to update, that is the question!

So WordPress 5.0 has finally been released (after may weeks delay), and so the question many clients are now asking is … should I update or not?

To answer that, there are a few questions to ask first:

  1. Can your website work with Gutenberg (the new editor that the 5.0 update brings, which replaces the exisiting text editor)
  2. Do you need to update?

Being a couple of weeks before Christmas, for many people now is not the ideal time to introduce a major change (although for you it may be the perfect time!). So the simple answer is that it’s probably worth waiting until:

  • You have time to carry out the update, and react to any issues which it may bring up
  • The initial patch releases which are bound to be issued have been released, which will mean the version you update to will be far more stable.

Gutenberg

The Gutenberg editor is the biggest change with this update. Most people will love this, and find it to be a fantastic development, but not all themes are ready to work with it yet, so check with your theme’s developer before updating. If not, you can install the Classic editor plugin before updating, to continue working with the previous editor.

Plugins

The other main element is plugin readiness. The major players (Yoast, Wordfence, Divi etc) have been plnaning for Gutenberg for a long tme and are fully ready, but there are a vast number of plugins which are not maintained, and some of these may break with the new update. Make sure you check that the plugins you use are ready, or at least will work with Gutenberg.

How to upgrade

When you do decide the time is right to upgrade to Word|Press 5.0, there is one golden rule – BACK UP FIRST! This is great advice for any update you carry out, but is particularly vital when carrying out such a significant update, and if you have a staging envirinment then use this (and if your website is critical to your business you should have one!).

Finally

So as long as you take the appropriate precautions, not may be a good time to update, but our general advice would be to wait until the New Year.

If you need our help or support with the update, or any aspect of web hosting, domain names, website building or maintenanace, please do get in touch … we’d be happy to help!

 

 

 

Is your website secure and are your plugins updated?

When managed effectively, WordPress is a fantastic tool and is well protected, but there are certain measures that any website owner must take to ensure their website and plugins remain secure.

In addition to the vital WordPress updates, you also need to be vigilant with the plugins which your website uses, and ensure they are also monitored and updated, as the recent incident we discuss below highlights.

Plugins need to be updatedNot confident in managing the security of your WordPress website and plugins yourself?
IJL Web Solutions offer a monthly plugins/security service as part of which we ensure that the WordPress, theme and all plugins are kept up to date. During this we first back-up the site to a remote location, perform the required updates and then test. If anything fails we restore the back up and discuss with you, to decide how to proceed. Often this will include replacing the plugin with an alternative (when one is delisted or no longer kept up to date). This provides peace-of-mind, ensures that you have the reassurance that all updates are checked and updated regularly. For more details please contact us.

A recent article from Wordfence, highlights a great example of where our plugins/security service would have been invaluable. Issues like this are picked up with our service, but can be missed by yourself.

 

“If you have a plugin called “Display Widgets” on your WordPress website, remove it immediately. The last three releases of the plugin have contained code that allows the author to publish any content on your site. It is a backdoor. The authors of this plugin have been using the backdoor to publish spam content to sites running their plugin.”

“This company and the individuals behind it appear to be responsible for injecting malicious code into a plugin used by over 200,000 websites.”

 

The WordFence blog covers article gives the full detail:
www.wordfence.com/blog/2017/09/display-widgets-malware/

XSS Vulnerability found in Product Vendors Plugin for WooCommerce

Do you use the ‘Product Vendors’ Plugin for WooCommerce on your website?

Important information of an  XSS Vulnerability found today

A reflected cross site scripting vulnerability has been reported in a premium WordPress plugin for WooCommerce called the ‘Product Vendors‘ plugin, which is used by nearly 30% of all online WooCommerce onl;ine shopping sites.

This affects Product Vendors version 2.0.35.

Website security

If you are using this plugin, you need to upgrade immediately to at least version 2.0.36, which includes the fix. The current version of Product Vendors is 2.0.40.

For more information and to keep informed of current web security issues, we highly recommend following the Wordfence website and blog

Free SSL/HTTPS encryption for every website we host

Have you heard talk about SSL certificates and how Google are penalising websites which aren’t secure?

Secure green SSL padlock icon shown by Chrome
The ‘secure’ green padlock icon, as shown when using the Chrome browser

Have you noticed the green padlock icon on some websites and not on others?

We offer free SSL encyrption with our shared hosting packages

Back in 2016 Google Chrome announced that it will be marking on-HTTPS websites as ‘insecure’. Anyone using the Chrome browser visiting a website which does not have an SSL certificate will see a red X over the padlock symbol, indicating that the site is not secure.

Green SSL 'secure' padlock in the Firefox browser
The green ‘secure connection’ padlock, as shown when using the Firefox browser

Firefox has also floowed suite and now willshow a green ‘secure’ padlock simbol only if the website has encryption in place and is delivering content via https

With search engines and browsers now pushing for SSL/HTTPS on all websites, all website ownersshould be updating existing sites and ensuring all new sites are built with SSL/HTTPS in place.

A major stumbling block so far has been the cost of buying SSLs and the limitations of installing SSLs on shared IPs. However, we are offering a free solution to all our shred hosting ciustomers , with a free SSL certificate issued via “Let’s Encrypt”.

Enable https for your website or to find out more

Getting started with Let’s Encrypt

Using free Let’s Encrypt SSLs could not be easier:

  1. Sign up to our Web Hosting
  2. Configure your site to use SSL/HTTPS (we can help)
  3. DONE! You are now running over SSL/HTTPS

read the full article …

WordPress Backups are critical – so who does yours?

Cloud WordPress backupsIf your WordPress site is compromised or your server fails, having access to a recent WordPress backups can make your life considerably easier. The fastest way to recover from a hacked website is to restore the latest version of the site that existed prior to the hack. You will still need to close the security hole the attacker used to compromise your site after your site is back up and running, but at least you’ll have your site back to working order in hours or even minutes.

 

How often should you back up your site?

The frequency with which you should back up your WordPress site should be determined primarily by how often your content changes. Sites that change infrequently may be able to get by with weekly WordPress backups. Sites with constant updates, like new users, blog posts and comments may need to be backed up hourly. Many websites will be somewhere in between.

 

How should I manage my WordPress backups?

The easiest way to manage your WordPress backups is via a plugin that meets your needs. There are a wide variety of options available, and depending on the cost and settings, some can perform regular automated backups. Backup location is also vital to consider – most solutions allow you to store your back-up in various locations, but it is crucial that this is carefully considered. Backing up up to a folder where your website is can be futile if your server crashes, and backing up to your laptop is pointless if your hard-drive fails. Its critical that backups are stored in a location separate physically and geographically from your website.

Contact us about our WordPress plugins/security service

 

read the full article …

Is your router is vulnerable to being used to hack WordPress websites?

Its been revealed that over 6% of all attacks on WordPress sites come from hacked home routers.

In one month alone, over 57,000 unique home routers we used to attack WordPress sites.

Those home networks are now being explored by hackers who have full access to them via the hacked home router. They can access workstations, mobile devices, wifi cameras and any other devices that use the home WiFi network.

Luckily the fabulous guys at Wordfence have provided an easy-to-use online tool, which can quickly check if the router you are using is vulnerable to this vulnerability.

For full details, a link to the tool and details of what to do if you do find you are are vulnerable follow this link: Wordfence Router Check

At IJL Web Solutions we take security seriously, and Wordfence is just one of the tools we use to help secure our clients websites, data and information. If you’d like more information on this, or we can help in any way regarding website development or management, please don’t hesitate to contact us … we love to talk!