WordPress plugin review

How many WordPress plugins are just too many?

It is very common for us as a WordPress development firm to take over existing sites, and some of the most frequent questions we receive from new clients are related to plugins: “how many WP plugins should they keep in our site ?  how many are just too many? Is the site safe or vulnerable? scalable? Some people seem to be addicted to plugins. They enjoy finding the right plugin to solve a particular need. With more than 50,000 free plugins in the Plugin Directory alone, it’s easy to feel the thrill of trying them all, but what kind of result, can an excessive plugin addiction cause to your site?

  1. It is not always about quantity but quality: Each plugin is different and some could be poorly coded, outdated or use more resources than needed. This can affect the site in many ways (security, performance, load time, among others)
  2. Not all WP plugins are safe to install: Wp critics often say that WordPress is not  a safe platform, but the truth is that, like with any other CMS, WP is as safe as the component developers install. Yes, there are many plugins  with  serious vulnerability problems, and those may affect the site greatly. In particular, stay away from plugins that do not offer regular updates, or have reported vulnerabilities in the past. Read the reviews, before adding to your site, and test that the site works properly after activation.
  3. Compatibility Issues: Some plugins with outdated versions or not tested with the  current WordPress version, may affect greatly with anomalous functions. It is key to  test that each plug is compatible with the theme and WP code.
  4. Load time & Performance: There are plugins that may affect site’s performance. Some plugins may add  extra Javascript/jquery code impacting the site speed while backend plugins may effects the site by overloading with too many database calls and queries. Plugins that require querying large amount of data should be carefully vetted and tested on a regular basis.

In sum, there is is not really any exact number of plugins that may be too much for a site. You just have to make sure you are using just the tools you need, choosing effective plugins those will help rather than adding a  burden for your web site . If you notice that the site is slowing down, that would be a clear red flag that something is not ok, and plugins would be one of the first place to look for the solution.

WordPress plugin

Why WordPress plugins are great or your site’s worst nightmare?

A WordPress plugin can seamlessly expand functionality or add completely new features to your WordPress site. From E-commerce, to interactive calendars and even creating a full blown WordPress powered social network, plugins can offer, in many cases, instant gratification with little coding work. But when it comes to WordPress security, plugins can also be a back door to malware and cyber attacks. How can you minimize WordPress vulnerabilities and improve the security of your WordPress site?

Check reviews and ratings: Not all plugins are made from reliable sources. We always recommend to use premium or paid plugins developed by well rated development firms that offer regular updates and support. While there are certainly some great free plugins, in many cases, these come with a price as well. Updates are infrequent and not guaranteed. Sometimes developers take some shortcuts or write sloppy code. Premium paid plugins usually come with support and updates. They often have more features and the code is often clean and customizable.

Update, update, update! Even if you use premium plugin, you need to stay on top of updates. Many come with auto update features, so make that feature is enabled. Why is it so important to update or remove outdated plugins?

There are several key areas affected by outdated plugins:

  1. Security
  2. Performance
  3. Bug fixes & Compatibility
  4. Features

Security: Updates to WordPress plugins often increase security by patching vulnerabilities and strengthening against attacks. According to WPBeginner, 83% of hacked WordPress sites hadn’t been updated. According to page.ly’s stats, WordPress sites are frequently hacked due to “outdated versions of: PHP, WordPress, themes, or plugins”.

Performance: An updated site will perform better and often will improve the performance of WordPress itself, a plugin or theme.

Bug fixes & Compatibility: After a major WordPress release, many plugins will get an update to ensure compatibility with the new version, or to make use of new features.

Features: Keeping your site up to date also gives you access to new features. For example, recent releases of WordPress have included big improvements to the UX of the admin screens as well as accessibility improvements. Plugins can do this too, which means that keeping things up to date gives you access to the latest improvements.

AMP WORDPRESS

WordPress and Google join forces for faster content access

Automattic, the company running the popular WordPress CMS, has recently announced that it is enabling Google’s “AMP” by default for all WordPress blogs.

What is AMP?

According to Google, the “Accelerated Mobile Pages Project” is an “open source initiative that embodies the vision that publishers can create mobile optimized content once and have it load instantly everywhere.” The main goal of AMP is to speed up the mobile Web.

“The Accelerated Mobile Pages (AMP) Project is an initiative to improve the mobile web and enhance the distribution ecosystem. If content is fast, flexible and beautiful, including compelling and effective ads, we can preserve the open web publishing model as well as the revenue streams so important to the sustainability of quality publishing.”

How does AMP affect your WordPress site?

With this addition, WordPress users will much faster page loads when visitors come to their sites from Google results. In addition to WordPress, hosted sites, WP has also made a plugin available for self-hosted websites,  that automatically converts content as well. Since AMP does not allow things such as third-party JavaScript, you likely will not be able to have lead forms or on-page comments.

AMP is enabled by default for all WordPress.com users and you’ll start seeing speedy results in Google search results with a small lightning bolt next to them to indicate that they’ll load faster.

Is AMP compatible with Google Analytics?

The AMP WordPress plugin does now enable amp-analytics out of the box, but it’s fairly easy to enable.

To enable the AMP WordPress plugin to work with Google Analytics, edit the amp-post-template-actions.php (different file from that previously mentioned) file, either via FTP or within your WordPress Dashboard (go to Plugins > Editor and then select “AMP”), and add the following to the end of it:

 

add_action( 'amp_post_template_head', 'amp_post_template_add_analytics_js' );
function amp_post_template_add_analytics_js( $amp_template ) {
	$post_id = $amp_template->get( 'post_id' );
	?>
	<script async custom-element="amp-analytics" src="https://cdn.ampproject.org/v0/amp-analytics-0.1.js"></script>
	<?php
}

add_action( 'amp_post_template_footer', 'xyz_amp_add_analytics' );

function xyz_amp_add_analytics( $amp_template ) {
    $post_id = $amp_template->get( 'post_id' );
    ?>
	<amp-analytics type="googleanalytics" id="analytics1">
	<script type="application/json">
	{
	  "vars": {
		"account": "UA-XXXXX-Y"
	  },
	  "triggers": {
		"trackPageview": {
		  "on": "visible",
		  "request": "pageview"
		}
	  }
	}
	</script>
	</amp-analytics>
    <?php
}

 

 

Is WordPress Killing Web Design?

With every new invention there’s always a claim about the death of the previous paradigm.  TV and Cable are dead. Email is dead. How’s the rapid growth of WordPress and especially the use of thousand of easy to use and customize WordPress themes and plugins affecting the work of the web designer. Are WordPress themes killing the web design industry?.

Themes are a starting point (and a great shortcut in most cases)

Yes, it is true that with a WordPress theme you could have a cool looking page in a few hours, but it does not mean that the site will look and feel the way you want it, or that it will fit your client’s needs. The value of a web designer is to understand the needs of the project and create a site that works to fulfill those needs. If a theme can save some time, and provide some shortcuts, then there is more value for both the client and the designer.

WordPress can make web design a more efficient task

Most sites use some kind Content Management System (Drupal, Joomla, WordPress). These CMS provide a framework and templates that in many cases are just blank slates to implement any design that you can imagine. There’s also the possibility of creating a fully custom theme (many project we work in require that). However, there are many WordPress themes, that can be used as these framework to expedite the web design  process, and make the development task more efficient.  Many of these themes can be customized to a point where creating a custom theme would make no difference at all.

This may free up some resources to devote more time to custom graphic design work. Customers will feel they are getting more for their investment.

Not anybody can customize a WordPress theme

Doing a professional customization requires experience in both web design and WordPress. Yes, some themes make it easier for non experience users to create a decent site, but in most cases it will look exactly like a demo template with errors in configuration. In order to create and maintain a professional WordPress powered site you need to know about responsive layouts, design trends, plugins, security, and stay on top of updates.

Time is value

WordPress and the use of themes and framework can save time, and offer a faster turnaround time for projects. Providing a complete project in less time, can offer web designers the possibility to charge extra for expedited projects or to complete more projects in the time that used to take a single site.

In sum, WordPress could be a great tool for both designers and clients. It provides a framework that saves time and offers enough flexibility to create unique designs.

 

 

 

 

Automattic launching a Windows version

Automattic, the company behind WordPress, launched a windows version only two weeks after launching an OS X app. The new app combines web technology with native features like operating system integrations, offline features and notifications, you could say it’s like the Slack desktop app.

The editor is definitely one of the most important features creating an environment where “writing” is the center of the action, and that’s why Automatic has only a few  buttons on the screen.

With the extensive use of JavaScript, moving from one tab to another is pretty smooth. From the dashboard you can read the latest WordPress.com posts and from the reader view and manage your WordPress websites/blogs. The app auto-saves the work regularly and allows you to preview your posts in your site’s template.
Currently the new WordPress app works with any WordPress site using the Jetpack plugin and any blog hosted at WordPress.com.  A Linux version is coming soon.

WP security

WordPress 4.2. Is it safer?

Security breaches to WP have been for the most part related to plugins. However, this week a Finnish researcher has disclosed some details on a zero-day vulnerability he discovered in the WordPress 4.2 and earlier core engine that could lead to remote code execution on the webserver.

The vulnerability, present in WordPress version 4.2 and below,  could allow an attacker to inject JavaScript in the WordPress comment field.  The comment has to be at least 66,000 characters long and it will be triggered when the comment is viewed.  This data is truncated as it is written to the database, breaking safety checks that are supposed to filter out malicious code when the comment is displayed to visitors. Accroding to the researcher: “During this time all WordPress servers using default comment settings have been quite easily hackable,” he said. “Now it turns out they still didn’t get it right. It looks like the risk for WordPress users may be smaller and patches faster with full disclosure.”  On Monday, the company issued a “critical” security update, WordPress 4.2.1.

April has been an intense month with updates launching weekly to patch vulnerabilites found on some of the most popular WP plugins. If is key to keep up with update to reduce risks of an attack. Also keep a solid daily backup and restore platform in place.

If you have any questions on how to patch this issue or other WP related security questions please contact us to review your site.

Million WordPress sites could be affected by a vulnerability in WP Super Cache plugin

The WP Super Cache plugin is a very popular plugin used by over one million sites.  This week was reported by Sucuri that site using this plugin could be susceptible to a cross-site scripting (XXS) vulnerability that would allow an attacker to inject a backdoor or even add a new admin user. This could be potentially very dangerous for your site & content. Luckily a new update of th eplug has been release with a patch to fix this issue. If you are using the WP Super Cache plugin, make sure it is updated to the newest version, 1.4.4. AS of this week,  Sucuri has listed the security risk as “dangerous;”, meaning that is “very easy” to remotely exploit, giving it an 8 out of 10 DREAD (Damage, Reproducibility, Exploitability, Affected users, Discoverability) score.

An attacker could leverage the vulnerability and use a query to inject scripts into the plugin’s cached file listing page, according to Marc-Alexandre Montpas, a researcher with Sucuri, who described the issue in a blog post Tuesday morning.

WP Super Cache is generally used to optimize WP sites by converting dynamically generated pages into static HTML files that are then served to visitors. This can be reduce server resource and bandwidth consumption. However, replacing PHP-generated pages with static, cached copies has its downfalls. The biggest one is that whenever there are changes to a page, the corresponding cached file needs to be regenerated. This is a  free plugin and generally delivers a decent performance boost and reduces the load on a server.

As we always recommend our clients, users would be advised to make sure that they are using the most recent version of the CMS, as well as making sure that their plugins are all updated to the latest version.

3 Myths about WordPress

  • WordPress isn’t safe enough for large businesses

    Any website, regardless of the CMS, can get attacked or hacked (as we have seen latety with Target, Godaddy, etc)  Large corporations have large dedicated teams focusing exclusively on preventing information stored on the Internet from being stolen, and even some of them got hacked. Is WordPress an easier target than other CMS or platform?

    The answer is that WordPress IS safe – so long as you take some basic precautions.

    The biggest threat is not WordPress itself, but how you use & maintain, in particular when it comes to plugins. Plugins run with administrator rights on your site, so if you run outdated plugins or developed by unreliable sources, the site will indeed become vulnerable. When you install a plugin you have to make sure that it was developed by a well ranked company, with great reviews. If you install for example a plugin with no updates since 1890, it is very likely that the code you are adding to your site will, indeed, open the door for hackers. WordPress plugins are as reliable as the authors behind them. Some plugin writers are careless hacks, but many are professional-grade coders who pay attention to standards and aim to support their projects for the long haul. The WordPress plugin rating system make it fairly easy to find the best plugin for a task.

  • WP can be slow for large quantity of database queries when too many users visit the site

    Cheap hosting providers can be slow. WordPress sites can be ultra fast . An optimized site and security so go with private hosting to eliminate these problems. If you have any doubts you can check large portals like techcrunch.com or Amex open portal, both powered by WordPress CMS.

  • WordPress is just for blogging.

    WordPress is a dynamic content management system. It is true that it started as a blogging platform, However, it has matured into a full content management system capable of everything from a small blog to enterprise-level web sites. Just ask AMEX, CNN, BBC America & Best Buy, to name a few.

Top 5 established and successful companies using WordPress

For those who argue that WordPress can not power-large platform or large businesses here are a few example of companies using the power of WP to create large portals to engage with their users.

1. American Express is one of the most renowned financial companies in this world. They have selected WordPress to run and manage the Open Forum Community portal where users can register with the American Express Card.

2. TechCrunch, a popular online magazine with 15 millions of monthly visitors each month uses  a CMS WordPress based platform (they also use the high end VIP hosting provided directly by WordPress).

3.  GE Reports.  General Electric (GE)   primary press & news release platform is on …you guess right…WordPress.

4. Samsung. One of the leading companies dealing in electronics, Life Insurance, and other fields. Its USA News Portal is built upon WordPress. With a simple design, this portal has J2EE, jQuery, Thickbox and Image Map.

5. NFL. If you want to talk about big, we can not leave the NFL about.  This site have integrated Facebook, jQuery and IE Pinning framework with different analytics tools.

A few other companies using WP that you may have heard off…

  • CNN
  • CBS
  • TED
  • PEOPLE 
  • SONY
  • MTV

 

WordPress now powers 50% of sites hosted on Godaddy

In case you were wondering how busy we are at wordpress-boston and ntamtter, with WordPress user base growing exponentially each year, the need for reliable and pro WordPress developers is bibber than ever.

WordPress founders are also working in raising new capital to expand the operation. “According to Fortune magazine, Automattic, the company that runs blogging platforms WordPress.com and WordPress VIP, is out raising between $100 million and $150 million in new venture capital funding, according to multiple sources familiar with the situation.

Based on the last stats released WordPress now powers 22% of the world’s websites, up from 19% last July., and powering 50% of all sites hosted on Godaddy, on of the largest hosting providers in the wold.

A few more interesting stats:

  • WordPress blogs are viewed bymore than 400 million people monthly, and
  • Wsers create more than 44 million posts each month.
  • At the service’s peak, roughly one year ago in March, that number was more than 49 million monthly posts.