In this episode, John James Jacoby and I are joined by Jack Lenox, Software Engineer at Automattic, to discuss his new project, SustyWP. Lenox explains how he built the site so that it only has 7KB of data transfer, what sustainability on the web means to him, and the relationship between sustainability and optimization to create a better user experience. We end the show discussing the latest WordPress headlines and share information on how you can watch WordCamp EU for free.
BabaYaga: The WordPress Malware That Eats Other Malware
Ten WordPress Plugins By Multidots For WooCommerce Identified As Vulnerable And Dangerous
Plugin Detective Wins WordCamp Orange County’s 2018 Plugin-a-Palooza
Next Episode: Wednesday, June 20th 3:00 P.M. Eastern
Subscribe to WordPress Weekly via Itunes
Subscribe to WordPress Weekly via RSS
Subscribe to WordPress Weekly via Stitcher Radio
Subscribe to WordPress Weekly via Google Play
Listen To Episode #320:
Read Full Article Here
There’s no doubt about it: we’re living in a world of over-sharers. Bloggers, social media users, celebrity influencers… It seems like everyone wants to be a Kardashian these days; to give the world a close-up look into what’s happening behind the scenes of their lives or to share every thought that’s running through their head. […]
Read Full Article Here
Fortunately, user privacy isn’t an impenetrable topic. There are a few key elements you’ll need to consider, as well as some tools that can help you put the optimal policy in place. There’s the obligatory WordPress plugin solution, but also comprehensive third-party offerings that constantly update based on changes made to your site’s elements.
Privacy policies are part of the same family as ‘cookie notices’ (i.e. website banners displaying whether a site collects cookie information). This is because both are implemented to clearly inform users that their data is being collected, as well as why and how.
As you can imagine, privacy policies can run to either a few lines or reams of detailed legal verbiage (although that would likely hamper the reader’s understanding). In short, you’ll usually find the following:
- Clarification on what constitutes a user, the website, and any other relevant party.
- Information on how data is collected on your site.
- An overview of how the collected data is used once it’s been obtained.
- What the visitor can do to make sure their data is deleted.
You may find that some privacy policies don’t include some of this information currently. However, as we’ll explain, all websites will shortly be required to add these elements, with heavy penalties facing those who do not comply.
As we mentioned, the EU Cookie Law is almost a precursor to initiatives being introduced this year. The GDPR radically overhauls compliance for practically every website, and in contrast to the current Cookie Law, will include stiff penalties for those not complying with the directive.
It’s definitely a minefield, but one you will have to traverse if you want to stay on the right side of the law. Our advice is that if you’re considering this option solely based on the amount of work it will take to implement, it’s not a wise idea. The GDPR will mean authorities have the power to dish out millions of dollars worth of fines to non-complying sites. In short, the buck stops with you.
- Details on the information you collect, and how you do so.
- Why you’re collecting the information.
- Whether third-party services associated with your site collect information, and the details (such as ad networks).
- Clear guidance on whether users can opt out of data collection, and contact details in order to discuss things further.
In our opinion, iubenda is the most comprehensive and easy to use service available, and we really like the concept. Because many websites (especially WordPress-powered ones) are made up of many moving parts, you’ll likely have various data collection points throughout your site’s code. Keeping tabs on all of these could be difficult, but iubenda’s module-based system makes the process a breeze.
As for pricing, it’s incredibly reasonable at its core. Ultimately, while there’s a free plan, you’re likely better off purchasing a license starting at $27 per year for one site, or a multi-license for $9 per month.
It’s arguably the quickest and simplest solution available, which makes it great for Minimum Viable Products (MVPs) and startups in need of a quick launch. However, because it’s essentially a one-size-fits-all solution, it could miss out vital aspects of your site. In addition, it’s not WordPress-specific, so it won’t offer the same detail as other policies.
The main perk of TermsFeed is the vast number of different policies you can generate:
We’d arguably put this aspect ahead of iubenda’s, although both services are pretty similar overall. However, where TermsFeed falls down is its ambiguous approach to pricing. While there’s a clause-limited free service, premium policies require a one-time payment that is calculated upon creation. Because of this, it’s likely not going to be a solution for the budget-conscious.
- iubenda. A comprehensive service ideal for the vast majority of websites.
Featured image: mohamed_hassan.
Read Full Article Here
With over 30 million monthly brute force attacks, it’s crucial to use strong passwords everywhere. But creating and remembering unique strong passwords across all your accounts can feel like an impossible task. A password manager can help…or can it?! While using and enforcing strong passwords is strongly recommended especially on your WordPress website, not all […]
Read Full Article Here
It’s a situation that we’ve all been through. You’ve just set up your WordPress page, everything looks great and you’re ready to go live and unveil your awesome website or blog.
Instead of loading, you get the following message: Error establishing a database connection
WordPress is a slick and intuitive system, but sometimes, errors can happen. And it’s dealing with those errors that can be frustrating for website owners and bloggers who just want their WordPress website to work. Fixing those errors should be your priority as visitors won’t be understanding towards a site that is slow, unresponsive, compromised, or even non-existent.
Lucky for you, a lot of the problems that affect WordPress can be fixed. And, it can be fixed easily as well. However, in order to quickly resolve these issues, it’s best to understand the root of the problems, so that you can solve them effectively.
Read on to understand the server issues that affect WordPress and what you can do about them.
Your pages are loading slowly
You’ve optimized your website and you’ve done all you can to speed up WordPress. You’ve checked the internet connection (with a speed testing tool) on your end and it’s not the reason for your website being slow.
Odds are, you might be suffering from hosting server issues.
What you should do then is to check on the server status of your current hosting company. Any issue that gets reported by your hosting company will most likely affect your website, or even take it down altogether. So, it’s best to keep an eye on the status of your hosting company.
Every host providers should have a “Server Status” or “System Status” page where you can check if there’s anything wrong with the servers.
If the hosting company are the ones causing the issue, then you should contact them immediately to know when it will be resolved. However, if you notice a pattern to the slow-downs, contact customer support to see if a neighboring website is affecting your server. Should that be the reason, then you might want to consider upgrading to a VPS or cloud hosting plan.
There is an “Error Establishing Database Connection”
One of the terrifying things to see when you load your website is the message, “Error Establishing Database Connection.” It can be frustrating for anybody to see that message, doubly so if you have to debug and fix it yourself.
Technically, a lot of the issues that can cause this message tend to occur from within your database. So, the first thing to do is to make sure that all of your data are correct. Check and confirm the information in your wp-config.php file, look at your username, password, and hostname fields. Make sure all of it is correct, then update, save, and check your site.
Should the problem still persist and you’ve made sure everything’s fine on your end, then it’s most likely that you’re looking at a security breach or you’ve been disabled by your hosting company.
To check whether your WordPress website has been breached, you need to use a security plugin such as WPscans or Plugin Security Scanner to run a scan. If there was no breach, then you might need to contact your web host as they might have temporarily disabled your database due to excessive use or for contractual infringement.
The “server does not exist” situation
If visitors load up your website and are greeted with a blank page and a message that says “Server does not exist,” then you need to contact your hosting provider immediately!
This tends to happen when a hosting provider has placed some sort of suspension on your account and your website. There could be many factors to this, such as domain names or hosting plans that have not been renewed and exceed the bandwidth and storage limitation of your hosting plan.
Regardless of the reason, the only way to get your website back online is to contact them immediately and resolve the issue.
Your email does not seem to be working
Most of the hosting plans will offer you the ability to create an email; in fact, you can even have your own branded email hosting with your domain name. For example, with a website called awesomeblog.com, you can create emails such as [email protected], [email protected], or even [email protected]
The problem comes when you’re not receiving your emails even after you’ve connected all of your forms to those emails and have published the address on your WordPress website. Assuming that visitors are not misspelling your email address (and neither did you), then there are a few ways that you can troubleshoot the issue.
First things first, test whether the address is working properly or not by emailing it using different accounts. In fact, try to have a number of people do it at the same time. If no one receives any message about the inbox being full, then you can rule out maxed-out server space as an issue.
Those that have set up the hosting emails to forward them to another account, you might want to check whether they’ve been configured properly. Check the email settings on your account and look at the email accounts and forwarding section. Make sure that your hosting email is listed there.
Finally, you can check whether the emails are coming through to your hosting provider by looking at the hosting account’s inbox. If there’s no mail, then it’s likely to be a configuration problem and you have to talk to your hosting provider to solve the issue.
It keeps showing “connection timed out”
When the server memory limit of your website has overrun, then you will probably see the “connection timed out” message when you load up your website.
There can be many causes for your website to exceed its memory limit. You might have experienced a surge of traffic in a short period of time, use too many plugins that eat up your server resources or even apply themes that are not fully optimized.
What you need to do is uninstall plugins that might be causing memory issue. Disable your current theme and revert back to the default WordPress theme to rule out any theme-related causes. You should also consider upgrading your hosting plan to handle more traffic.
Finally, you can also try to increase the maximum execution time in your php.ini file by contacting your web host provider or try doing it yourself by following WordPress Codex’s guide.
When something goes wrong with WordPress and your website ends up with an error, it definitely sucks. Especially if the problem is something that’s beyond your control. Here are more common WordPress errors you can study.
We know it’s impossible to cover everything that can go wrong with WordPress but with the server issues we’ve detailed above, you should have a better idea of how to tackle most of them. Even if you’re not able to fix it by yourself, you’ll at least have the knowledge to get the right help.
The post Server Issues That Affect WordPress (And What to Do About Them) appeared first on Torque.
Read Full Article Here
One of the most pernicious myths about WordPress is that it is vulnerable to hackers. As the most popular Content Management System, running almost 60% of all websites that use a CMS, there will always be some WordPress sites that are no longer actively maintained or whose owners are simply unaware of what they need to do, so, yes, we will keep hearing about WordPress sites that have been hacked.
The truth is, however, that the huge and extremely active WordPress community, who follow the latest security trends and spring into action whenever a vulnerability is discovered, make the most secure CMS if you follow a few simple steps.
Read Full Article Here
The best thing about attending WordPress meetups is when you chat with someone who has been working with WordPress for only a year or two, and you are able to tell them about a tool that will instantly solve a problem they have been struggling with every day. The look on their face as what you are telling them sinks in is always a joy to behold.
Read Full Article Here
Keeping an activity log of everything that happens on your WordPress websites and multisite networks is a vital security measure. As such, it’s important to understand how the new General Data Protection Regulation (GDPR) will impact the way you use your security and activity log. With the GDPR set to roll out soon, you’ll want to ensure that you are following it to the letter.
Fortunately, WordPress plugins such as WordPress Security Audit Log can help you move towards compliance for your website, and for your security log itself. The GDPR stipulates that you must keep a log so you can remain aware of potential tampering on your site, and so you can make sure that only authorized people have access to sensitive data. To help you maintain compliance with this particular aspect of the GDPR, the WordPress Security Audit Log can be an invaluable tool.
In this article, we’ll explore what the GDPR means for your site. Plus, we’ll introduce some strategies you can implement to make sure your WordPress security and activity log, and your website as a whole, adheres to its requirements. Let’s dive in!
What the General Data Protection Regulation (GDPR) Is (And How It Affects You)
The General Data Protection Regulation (GDPR) is a European Union initiative. It’s designed to give users greater control over the way their personal data is collected and used online. The stipulations of the GDPR are applicable to all website owners who have visitors from within the EU.
To ensure that you are compliant with the GDPR, you’ll need to ensure that users have:
- Right to Access: This means you will need to be as transparent as possible about how you’re using personal data. Users will also have the right to access and port their personal data.
- Right to Be Forgotten: If a user wishes for their data to be completely erased from your site, you’ll need to comply.
- Right to Be Notified of Data Breaches: Should a breach be detected on your site that has the potential to compromise the ‘rights and freedoms’ of any users, the relevant parties will need to be notified.
Failing to comply with the GDPR could mean incurring hefty penalties. Before you hit the panic button, however, rest assured that help is at hand.
How Keeping a Security Log Can Help You Ensure GDPR Compliance (4 Key Features)
As the name suggests, a security audit log (or WordPress activity log) is a record of all the activities that have occurred on your site within a particular time frame. WordPress Security Audit Log makes creating and managing this record simple, giving authorized administrators a clear overview of when and where all actions have occurred.
Since the GDPR states that your business must inform authorities and all affected users of any data breach within 72 hours of its occurrence, a log is a powerful forensic tool. It will enable you to better understand what has occurred, which security hole was exploited (so you can close it), and what information (personal data, customer data, or otherwise) was accessed.
The following is a rundown of four crucial ways an audit log can help your site remain GDPR compliant.
1. Improved Monitoring
Using a security log, you can monitor the specific actions being taken on your site. This can include actions by staff, customers, and all other visitors. The GDPR stipulates that any breach needs to be acted on immediately.
WP Security Audit Log offers a number of advanced features that make the process of monitoring (and breach detection) simple. You can immediately see who is logged in, as well as who has logged in previously and when. Plus, you can view the changes users have made on your site, and even immediately terminate login sessions you deem suspicious.
2. Automated Email Alerts
Since it is usually impractical to devote hours to poring over a monitoring screen, an effective security log should send automatic emails whenever an important change on your site occurs. Notification emails can help you identify and resolve potential breach situations rapidly, ensuring that user data is protected in accordance with GDPR stipulations.
With WP Security Audit Log, you can configure triggers so that you receive an automatic email notification when specific events or changes happen on your website. You are also given the option to edit the email template and content to match your specific business requirements.
3. Automated Reports
GDPR compliance requires knowing which users have accessed what personal or customer data (and when). This means that your security log should generate automated reports, to give you a rundown of all actions that have taken place on your site. That way, you can rapidly identify discrepancies and potential breaches.
Using WP Security Audit Log, you can have automated reports emailed directly to you on a monthly, weekly, or even daily basis. You’ll also have the ability to specify the criteria of the reports to meet your specific requirements. These reports can prove invaluable for anticipating, as well as resolving, security issues. As such, they are ideal for helping you adhere to GDPR data protection requirements.
4. Search For Specific Activity
When it comes to breach detection, certain user actions and changes will be more indicative of suspicious behaviors than others. Although reports can give you a picture of what’s happening on your site, it helps to have a more immediate means of searching for specific kinds of problematic activity.
With WP Security Audit Log, the processing of identifying breaches and finding out when they happened is sped up considerably. This is thanks to the search feature, which lets you type in any term associated with a potential breach, and get a comprehensive readout of related actions. You can also filter these security alerts, and view the IP addresses associated with them.
3 Ways to Ensure That Your Security Log Is Protected
So far, we’ve been talking about how to use your security log to ensure to help you move towards GDPR-compliance. However, it’s equally important to ensure that the log itself is protected and compliant. If unauthorized people gain access to your log, even if they are well-intentioned, that constitutes a breach of personal data. What follows are three ways you can optimize the security of your WordPress activity log, and ensure that only authorized personnel can access it.
1. Maintain Restricted Access
Keeping your log secure will mean restricting access only to personnel who have the necessary role and associated permissions. This will enable you to establish accountability when it comes to protecting user data for GDPR compliance.
WP Security Audit Log makes the process of restricting access to the log streamlined and intuitive. All you need to do is navigate to Audit Log > Settings. Once you check the Restrict Plugin Access box, you can proceed to add the roles (or specific users) who will be able to access the log. It is highly recommended that only admins, or staff with relevant data processing authorization in your agency, be given permission to view your log.
2. Follow Optimal Logging and User Notification Practices
Of course, it’s equally important to ensure that admins are only collecting and monitoring the user data they are entitled to. With WP Security Audit Log, you can exclude the monitoring of custom fields and IP addresses, to better maintain privacy. You can also manually select what changes the plugin should keep a record of.
Since the GDPR states that data can only be kept and used to fulfill a particular purpose, that data will need to be deleted once its purpose is fulfilled. WP Security Audit Log enables you to customize your audit log retention as required and automatically deletes information after a set amount of time. This handy feature also presents a way of ensuring that users’ right to be forgotten is upheld automatically.
3. Store Your Log In an External Database
It is crucial to store your log in an external database. This is to ensure that, in the event that your WordPress site is compromised, hackers will not be able to access or tamper with your activity log. Securing your log externally will also help ensure that users can safely port it, in line with GDPR guidelines.
The premium version of WP Security Audit Log enables you to move your log to an external database in just a few clicks. In addition to heightening security, this process can also improve loading times on your site. You are also given the option to export your log to external central logging systems, including Papertrail, or to your server’s syslog file.
Ensuring that your WordPress site’s security and activity log adheres to GDPR requirements may seem intimidating at first. However, as we have seen, there are a few simple methods you can use to make the process much easier.
A quality security log plugin like WordPress Security Audit Log, for example, lets you see and track everything that is occurring on your website. This helps you significantly reduce the risk of a breach occurring in the first place. In the unlikely event that a breach still does occur, your WordPress security log will give you the information you need to determine whether or not you need to notify users – well within the mandatory 72-hour time limit.
Of course, you’ll also want to ensure that the security log itself is protected and compliant. You can do this by:
- Maintaining restricted access.
- Following optimal logging and user notification practices.
- Storing your log in an external database.
Do you have any questions about ensuring that your security log is GDPR compliant? Let us know in the comments section below!
The post How Your WordPress Security and Activity Log Can Help You Move Towards GDPR Compliance appeared first on Torque.