The Ultimate WordPress Security Guide – Step by Step (2017)

WPBeginner, a website for beginner guides to WordPress, has published an updated and comprehensive guide to WordPress security – “The Ultimate WordPress Security Guide – Step by Step (2017)“.  Most of the things are well known to seasoned WordPress users – keep things updated, use strong passwords, remove unnecessary plugins, make sure to pick the right hosting, add security enhancing plugins, etc.  But it’s a good place to start for  people who are not too technical and those who don’t think about security implications of having a publicly accessible website on a daily basis.

There are plenty of questions, answers, simple explanations, and links to other resources in the article.  So even if you are an experienced WordPress user, you might find a useful thing or two in there.

You might also want to checkout my earlier blog posts:

WordPress : Supercharge your ecommerce

Supercharge your ecommerce is a collection of reviews of some of the best ecommerce plugins for WordPress.  It covers a variety of options from the most famous like WooCommerce to some less known ones.  Here’s a list of of what’s reviewed:

 

 

WordPress Plugin : Image Processing Queue

As described in “Introducing WP Image Processing Queue – On‑the‑Fly Image Processing Done Right“, Image Processing Queue plugin tries to solve several issues with On-The-Fly Image Processing (OTFIP) in WordPress.  Some of the things that it improves are:

  • Response times for pages with non-yet generated thumbnails.
  • Server CPU spikes for pages which use a lot of images on sites with a lot of configured thumbnail sizes (49? really? WOW! I don’t think I’ve seen more than 10 in the wild, which is still a lot).
  • Server disk space issues caused by removed images and leftover thumbnails.

This is a very useful direction and I hope all the necessary bits will make it into the WordPress core.  But even for those who don’t use WordPress, the whole discussion and implementation are a handy reference.

WordPress Plugin : WP-CFM – manage and deploy WordPress configuration changes

WP-CFM is a WordPress plugin which helps to manage and deploy WordPress configuration changes between different sites.  I haven’t tried it myself yet, but it looks super useful as it allows to separate the configuration options from the content, both of which are stored in the database.  The cherry on top here is the support for WP-CLI, command line interface to WordPress, which is frequently employed for automatically deploying WordPress to different servers and environments.

I have a feeling this plugin will be making its way into our project-template-wordpress setup pretty soon.

Page builders and multilingual WordPress websites

WPML.org, the web home of the WordPress Multilingual Plugin runs this blog post about the upcoming support for WordPress page builders.  Apart from the good news themselves, there are some insightful results of the survey that the team did, trying to understand who uses page builders and how.  I found the stats on which page builder solutions people use the most interesting:

q2-which-page-builder

At work we are primarily using Divi (when we are not building our own themes), but we’ve also done a few sites with Enfold.  I’ve also seen Avada in the wild.  But I can’t tell you which ones are better, because when it comes to using page builders, I’m mostly not involved.  These tools are so awesome these days that they can be easily used by a non-technical person.  Which is exactly what we do ;)

WordPress Plugins : Demo Data Creator

Here is a useful plugin for all of you, WordPress developers – Demo Data Creator.   It generates a whole lot of test / demo data and populates your WordPress site with it.  No more lengthy copy-pastes of Lorem Ipsum into posts and pages, single user (hi admin) installations, and senseless “foobar” and “foobar2” categories.  Now you can populate your test or development environment with lots of data to help with previews, and all those issues around search, pagination, and things like that.

demo-data-creator

If you’d rather avoid the plugin and automate this kind of work yourself, make sure to have a look at WP-CLI – command line interface for WordPress, which, among others, has the “wp post generate” command.

WordPress Plugin : Ultimate Social Media

If you are one of those dinosaurs, who still prefer to post content to your own web space and then share it on social media (much like yours truly), then here’s the Ultimate Social Media WordPress plugin (you are using WordPress, right?) that helps will those buttons, sharing, animation, and more.  You can even choose how your site’s buttons will look like from 16 different designs.

social buttons

WordPress Plugin : Typecase Web Fonts

Disclaimer: I’m not much of a fonts guy, but once in a while I just want to be.

I was reading the “Best Practices for Designing a Pragmatic RESTful API” article, when I realized I liked the font it was written in very much.  I liked it so much that I immediately wanted to have it on my blog too.  Chromium Inspector tool helped identify it as Ubuntu font family.

I have no problem editing WordPress themes’ CSS files, but I prefer to avoid it whenever possible.  So a quick Google search later I found this blog post, which describes how to customize fonts in the Twenty Fifteen theme, which is coincidentally what I’m using currently.

The blog post recommended Typecase Web Fonts plugin.  I installed it and started playing around with it, and I have to say it’s pretty amazing.  Basically, it provides a font search tool in the WordPress admin.  Once you find the font, it shows you the preview text and some font details.  You then add CSS selectors on which you want this font to apply.  It took me literally 3 minutes to figure it all out.  You can even add multiple fonts.  For example,  since now I had sans-serif font for the blog content, I wanted to use a serif font for the headings – boom! – and I have Roboto Slab font to compliment Ubuntu.

The plugin is so easy to use and is so handy that I think we’ll be using it at work now too.  Check it out.

Best WordPress Plugins – Over 40 Hand-Tested Plugins!

wp-help

Best WordPress Plugins is an excellent collection of plugins for all sorts of things – from posts and comments management to podcasting and security.  Some are free, others – commercial.  I’m sure that even if you’ve been running a WordPress site for years, you’ll still find something new for you here.

Packaging third-party plugins with your WordPress theme

wordpress theme plugins

Many a time I’ve been involved in building a custom WordPress theme, which relied or benefited from some plugins being installed and activated.  I’ve always had an ad hoc solution to the problem, with my own installation scripts, WP-CLI mockery, etc. “Packaging third-party plugins with your WordPress theme using TGM Plugin Activation library” covers a much more elegant solution.  I haven’t tried it yet, but it does look very promising for my next WordPress project.