Top ArticlesManageWP.orgCloudflare Data Leak: How to Secure Your Site<img src=""><br />Cloudflare has experienced a data leak over a 5 month period that mixed sensitive data between websites and visitors. A visitor to one website using Cloudflare may have seen data from another website using Cloudflare that was being sent to a completely different site visitor. Some of the leaked data has been indexed by search engines who have been working over the past few days to try and remove the data from their caches. In this post I am going to explain in simple terms, what occurred and what you need to do about it. If you are a WordPress user and simply want to know how to secure your site, you can skip to the What Should I Do section below. I have included some information for non-WordPress site owners in that section too. Cloudflare provides a firewall and content distribution service. Their servers are between your website visitors and your own web server. Under normal circumstances, cloudflare returns the data each site visitor requested to that visitor. This may be public or sometimes private information and it is usually done over a secure channel. Each website visitor only sees the data they requested. From September 22nd, 2016 until February 18th 2017 (last Saturday),Truth matters. We’re getting behind journalists.<img src=""><br />I come from an immigrant family. Most of us do. My father immigrated from Quebec with his parents and 6 brothers and sisters in the 1940s. They were looking for better farm land and economic opportunity. The Lemieux&rsquo;s settled in Vermont, later spreading out through New England, and within a generation were successful Americans. They built businesses, raised families, and contribute to our collective endeavour with an incredible amount of tenacity and innovative thinking. And potatoes. They all still grow potatoes. I guess this makes me a first-generation American. My wife shares a similar story albeit one generation removed. Her great grandfather left Italy as a teenager aboard a ship bound for America. It embarked for Argentina (South America darnit!) where he learned to farm and later in life landed at Ellis Island with his Argentinian wife, children, and a dozen farm workers he couldn&rsquo;t bare to leave behind. Although I am a citizen, the new American war against immigrants still bothers me. It does so because I am a citizen. My family and millions like it have been offered the promise of America. It is our duty to offer the same to others &ndash; especially those who areHow to Become a Consultant For Your Clients<img src=""><br />The problem is you can quickly find yourself pigeon-holed as &ldquo;&rdquo; who updates the client&rsquo;s site. This means that client&rsquo;s see you as nothing more than someone who knows how to do tasks they either don&rsquo;t know how to do or don&rsquo;t have the time to do themselves.HTTP/2 - A Real-World Performance Test and Analysis<img src=""><br />Perhaps you've heard of HTTP/2? It's not just an idea, it's a real technology and slowly but surely, hosting companies and CDN services have been releasing it to their servers. Much has been said about the benefits of using HTTP/2 instead of HTTP1.x, but the proof the the pudding is in the eating. Today we're going to perform a few real-world tests, perform some timings and see what results we can extract out of all this. If you haven't read about HTTP/2, may I suggest you have a look at a few articles. There's the HTTP/2 faq which gives you all the nitty gritty technical details whilst I've also written a few articles about HTTP/2 myself where I try to tone-down the tech and focus mostly on the why and the how of HTTP/2. In a nutshell, HTTP/2 has been released to address the inherent problems of HTTP1.x HTTP/2 is binary instead of textual like HTTP1.x - this makes it transfer and parsing of data over HTTP/2 inherently more machine-friendly, thus faster, more efficient and less error prone. HTTP/2 is fully multiplexed allowing multiple files and requests to be transferred at the same time, as opposed to HTTP1.x which only accepted one single request / connection at a time. HTTP/2 usesZerif Lite Returns to after 5-Month Suspension and 63% Decline in Revenue<img src=""><br />In October 2016, Zerif Lite was suspended from the WordPress Themes Directory after failure to comply with the Theme Review Team&rsquo;s guidelines. The suspension left 300,000 users (including those using Zerif Lite child themes) without maintenance and security updates. After five months of fixes and several rounds of review, Zerif Lite has returned to the directory with the same functionality but a significantly altered user experience. Users are now required to install a plugin for the features that were previously deemed to be &ldquo;faux custom post types,&rdquo; violations of the content vs. presentation guideline for themes. These include small custom content blocks that appear on the homepage for things like team info and testimonials. &ldquo;We will work on making sure it is all clear for people, but I still don&rsquo;t understand or agree with the requirement,&rdquo; ThemeIsle CEO Ionut Neagu said. &ldquo;I think Torsten phrased it better: &lsquo;Why do the guidelines of the Theme Review Team forbid the usage of Shortcodes/CPTs/etc. due to problems when switching themes, if, in the meantime, the Plugin Review Team explicitly allows those plugins whichThis WordPress Agency Turns Its Custom Plugins/Themes to A Recurring Income<img src=""><br />At Freemius, we work closely with our partners, so we get a unique opportunity to encounter some very interesting monetization use-cases and business models. Today I&rsquo;d like to share one specific example that can help many WordPress agencies (and freelancers) to increase their monthly bottom line with in-house developed plugins &amp; themes. This is the success story of Ryan Theis, a partner of ours. Ryan shares how they did it at their agency &ndash; BNG Design, an Inc 5,000 Web Design &amp; Marketing agency from Fargo. Ryan &ndash; thank you so much for taking the time to make this interview, I&rsquo;m sure many agencies &amp; freelancers will be excited to learn from your creative way of upselling custom developed plugins to your clients. Could you please start by telling us about &lsquo;BNG Design&rsquo;? &lsquo;BNG Design&rsquo; is a web design and marketing company based in Fargo, North Dakota. We started in 2012 as one of the four divisions of BNG Team. The thing that caused me to start BNG Design was seeing a gap in the local market that wasn&rsquo;t being filled. I had gotten into building websites and marketing online in 2007, shortly after starting with BNG. At thatIn-Depth Guide on Hosting Local Fonts in WordPress<img src=""><br />When it comes to hosting and using fonts on your WordPress site there are a lot of different options. You can host them locally, you can use Google fonts (most themes nowadays have Google fonts integrated), or utilize another 3rd party service like Adobe Typekit. Today we want to dive into a few reasons why hosting local fonts in WordPress can be advantageous. Not only can you have a larger selection of fonts, but there are sometimes performance benefits to this as well. Check out our in-depth tutorial below on how to host your premium fonts locally as well as any font family from Google fonts. Web Fonts When you browse to someone&rsquo;s WordPress site you see two types of basic fonts, web safe fonts or web fonts. Or they could also be using a mixture of both. Web safe fonts are fonts that are pre-installed on a device or OS. Some examples of web safe fonts include Arial, Times New Roman, and Courier New as well as generic font families like serif, sans-serif, and monospace. These are fonts you have seen for many years. See a full list of web safe fonts. Web fonts are fonts that are not pre-installed on a device and must be downloaded by the user&rsquo;s browser before being displayed.Memory leak caused by Cloudflare parser bug was big security Whoopsy!<img src=""><br />Last Friday, Tavis Ormandy from Google&rsquo;s Project Zero contacted Cloudflare to report a security problem with our edge servers. He was seeing corrupted web pages being returned by some HTTP requests run through Cloudflare. It turned out that in some unusual circumstances, which I&rsquo;ll detail below, our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines. For the avoidance of doubt, Cloudflare customer SSL private keys were not leaked. Cloudflare has always terminated SSL connections through an isolated instance of NGINX that was not affected by this bug. We quickly identified the problem and turned off three minor Cloudflare features (email obfuscation, Server-side Excludes and Automatic HTTPS Rewrites) that were all using the same HTML parser chain that was causing the leakage. At that point it was no longer possible for memory to be returned in an HTTP response. Because of the seriousness of such a bug, a cross-functional team from software engineering, infosec and operationsWhat to say when a potential client thinks you’re too expensive<img src=""><br />If you&rsquo;ve been in the design business for a while, you&rsquo;ve likely heard this from potential clients before, &ldquo;you&rsquo;re too expensive!&rdquo; or something to that effect, anyhow. So what do you do? You&rsquo;ve got a few options! Here are some handy-dandy email scripts I&rsquo;ve created that you can copy+paste, and tweak to send to those potential clients! Note: These scripts are not intended to be used verbatim, but to be edited to fit your own situation and level of professionalism. Use these scripts as a starting point, but tweak them to work for you! Option One &ndash; Educate Her on Why You&rsquo;re Awesome Hey ____! I realize that this is a large investment, but I can assure you that I am delivering top-notch service that you won&rsquo;t receive with a low-cost alternative. My clients have seen results such as ____ and ____ because I work with you to really make sure that you&rsquo;re receiving a design that works for you and your brand. I&rsquo;m not just creating a _____, I&rsquo;m helping you achieve your goals. If you don&rsquo;t have the funds available at this time, I understand. Please keep me in mind for the future. If you are able and willing to investSome Handy WordPress Media Library Hacks<img src=""><br />The WordPress Media Library is a powerful tool that makes it easy to upload, edit and delete images and other media. Moreover, it allows to filter, select, include media into posts and pages, with caption, description and alternative text, generating the necessary HTML code. Most of times, the WordPress Media Library covers the most common requirements of a site administrator, and we don&rsquo;t have to add new functionalities. Anyway, in case we&rsquo;d need to enhance specific features, WordPress provides a number of functions and hooks that enable us to give more powers to the Media Library without the use of 3rd party plugins. So, in this post we will dive into these functions and hooks with four practical examples. WordPress Media Library Hacks Here is our table of contents: Attachment Post Type and Metadata Anytime we upload a media file, WordPress generates an attachment post type. Just like any other post type, attachments are registered into the wp_posts table, and the respective metadata into the wp_postmeta table. The wp_posts table stores data like post_content (attachment description), post_excerpt (attachment caption), post_author, post_title, post_status, post_mime_type.Official Nextgen Bootstrap/Load Feature Project For WordPress Core<img src=""><br />The bootstrapping process of WordPress Core (affectionately called the &ldquo;Bootstrap/Load&rdquo; component around here) is a critical piece of the system, and everything else depends on it being reliable and performant. However, developers and system administrators also need it to be flexible enough to adapt to the requirements of their differing projects or environments. Large-scale WordPress installations often require substantial customizations to adjust for scalability and redundancy. Considering the importance of this component, the documentation is not adequate, and very few people actually know what the exact flow is. More importantly, there isn&rsquo;t a wide understanding of why specific decisions had been taken, and how later code depends on the bootstrap process. This proposal aims to launch a feature project to work on the next iteration of the bootstrap component with a set of specific goals in mind. Goals To be able to guide the design process and have measurable success metrics, clear goals need to be defined. Here&rsquo;s an overview of what specific goals the project should aim for: The component has proper documentation for every step of the process. DocumentationWP Elevation and OSTraining resources are now free for GoDaddy Pros<img src=""><br />SCOTTSDALE, Ariz., Feb. 23, 2017 /PRNewswire/ -- GoDaddy Inc. (NYSE: GDDY), the world's largest cloud platform dedicated to small, independent ventures, today announced partnerships with WP Elevation, the world's largest business community for WordPress consultants, and, the world's #1 online and live training company for open source CMS's. As a result, web developers and designers have access to free, high-quality educational content. These partnerships reinforce GoDaddy's support for the WordPress community and commitment to help further the growth of WordPress users. The educational content provides resources and help for all skill levels &mdash; from beginner web designers working on side projects, to established developers looking to more efficiently run and grow their businesses. With WP Elevation, web designers receive business training on how to improve client communication, workflow and business practices through monthly webinars, videos and insightful content &mdash; all for free. Additionally, in conjunction with OSTraining, GoDaddy sponsored a new WordPress Training video series for beginner web designers consisting of 40 episodes. The series covers a rangeAutomating Local WordPress Site Setup with Scripts Part 3<img src=""><br />In my last post in the Automating Local WordPress Setup series, I created a WP-CLI package for quickly installing and uninstalling WordPress. I&rsquo;ve been using this package for a while now, and have been itching to make it more useful for a typical development workflow. I recently switched from using a single virtual host to hold all of my development sites in subdirectories (i.e. http://localhost/example) to using a dedicated virtual host for each development site. There are several advantages to having it setup this way, but I had been using subdirectories to avoid having to manually manage each virtual host. I also still catch myself doing things that I know should be automated. Things like deleting unnecessary data, removing the default themes/plugins, and installing new plugins, are things that can be automated to make development easier. In this post we&rsquo;re going to take a look at some ways to make all that possible. Working with Virtual Hosts If you&rsquo;re not using them already, there are two main reasons for switching to virtual hosts for local development: You can have a different environment for each host, with each site running a different version of PHP The URLsHow to Create Front-End Edit Profile Form Page in WordPress<img src=""><br />By default, users can only edit their profile information in WordPress from the backend dashboard. A lot of WordPress powered website owners dislike this behaviour and would rather prefer users edit or update their profile their website front-end. In this tutorial, i will be showing us how to create a front facing or front-end edit profile form page using our ProfilePress plugin. Mind you, ProfilePress is a shortcode based form builder. It uses shortcodes to accomplish its form building. In light of this, the following shortcodes are available for you to create and design your website edit profile form to your heart content. Available Shortcodes for Front-end Edit Profile Form [edit-profile-username title=&rdquo;Username&rdquo; placeholder=&rdquo;Username&rdquo;] &mdash; displays hidden input field that contains users&rsquo; username. Note: username can&rsquo;t be edited nor changed. [edit-profile-email title=&rdquo;Email Address&rdquo; placeholder=&rdquo;Email Address&rdquo;] &mdash; displays input field for users to edit their email addresses. [edit-profile-confirm-email title=&rdquo;Confirm Email Address&rdquo; placeholder=&rdquo;Confirm Email Address&rdquo;] &mdash; displays inputWix has acquired DeviantArt, which may let artists license their work for the site builder<img src=""><br />DeviantArt, the online creative community, has been acquired by Wix for $36 million, reports TechCrunch. DeviantArt will continue to operate as a standalone company, and will put investments into building out desktop and mobile apps. In a blog post, DeviantArt CEO Angelo Sotir said joining Wix will allow its members to access the site builder&rsquo;s tools to help boost artists&rsquo; online presence and get their work featured in more places. Those places can include, of course, itself, if the artists agree to license their work. &ldquo;Deviants continue to own their own works,&rdquo; Sotir wrote. &ldquo;In the future, there's a possibility Wix might provide opportunities for you to license your work &mdash; only if you want to &mdash; to more people around the world.&rdquo; If, like me, you haven&rsquo;t been to DeviantArt dot com in a while, much of the site looks largely similar to when it first launched in 2000, bar a new company logo that unveiled in 2014. It still features an army-green layout with skeuomorphic buttons, and a Myspace-like comment wall where other users can leave shoutouts and compliments on your profile. It also kept the blog feature which, nowadays,Interview with Sallie Goetsch of WP Fangirl<img src=""><br />You can find Sallie on LinkedIn or Twitter. This is our recent interview with her, as part of our Kinsta Kingpin series. Q1: What is your background, &amp; how did you first get involved with WordPress? I&rsquo;m actually a classicist: I spent 5 years not getting a PhD in Greek and Latin language and literature. That&rsquo;s how I came to build my first website, too. My specialty was ancient theater in modern performance. It&rsquo;s a small field; practically everyone who does it knows everyone else. In 1993, with the help of a couple of colleagues, I started an online journal about the subject (reviews, listings, articles), published by FTP and Gopher. In 1994, someone showed me the World Wide Web. I found a Teach Yourself HTML book and got started. That publication would have been perfect for WordPress, but this was the &ldquo;Uphill both ways barefoot in the snow&rdquo; days of web development. There was no such thing as a content management system. (Didaskalia ( still exists, but alas, it&rsquo;s still not on WordPress.) At the end of 1998 I moved back to the US after four years in England and retired from teaching. I spent about 18 months just regaining my healthSolving the Mystery of How People Actually Use WordPress<img src=""><br />I&rsquo;m in favor of WordPress collecting more anonymized usage data that could help make informed decisions on changes or improvements to core, such as tracking changes to the WordPress user interface, which buttons or settings are used most often, etc. A good example of when this data could have come in handy is the recent removal of the justify and underline buttons from the editor in WordPress 4.7. During the discussion on whether they should be removed or not, a number of people questioned if there was any user data available that would indicate how much they&rsquo;re used and help gauge the impact of removing them. The only data available to help make an informed decision was provided by Mel Choyce. Choyce shared statistics from and its variety of editor interfaces that indicated Bold, Italic, and Links are used the most while Lists and Blockquotes are the second most used buttons. The Center and Left alignment buttons are used often, but the data doesn&rsquo;t determine if people are using them to align text or images. Information on which headings are used most was not available. The team did not have any usage data specific to the WordPress core editor. In theSucuri vs Wordfence - Which WordPress Security Plugin should I Get?<img src=""><br />If you're considering the choice between Sucuri vs WordFence, you already know that ensuring the best security for your WordPress website is one of your top priorities. You MUST use a dedicated WordPress security plugin to do that. There are too many WordPress hacking attempts going on. So far so good. But the problem arises when you want to choose a good WordPress security plugin. There are so many security plugins available with so many features and options that you become very confused about which one to choose. If that is your situation right now, you have come to the right place. In today&rsquo;s post, we will compare two of the most popular security plugins for WordPress &ndash; Sucuri Security and Wordfence Security. We will compare how these two plugins work and what features they offer, so that you can decide with all of the information in hand. By the end of this post, you will know which WP security plugin you should choose for your website. So we're going to pitch two of the most popular security plugins around - Sucuri vs WordFence. Sounds good? Let&rsquo;s get started with Sucuri. Let&rsquo;s get started with Sucuri. How Sucuri Security Works When it comes to web security,Ask WordPress influencers questions, get professional answers<img src=""><br />After the Christmas hype, and the New Year celebrations, skiing holidays, and endless afternoons cozied up with a hot chocolate, there is one more thing to look forward to this winter. It&rsquo;s better than your favorite TV show, it&rsquo;s season 4 of Ask Me Anything. This season we have a power line-up of business owners, WordPress core contributors, freelancers, designers, social media experts and WordPress enthusiasts. It&rsquo;s the season of all seasons, and it starts on March 8. If you want to find out a bit more about the idea of the AMA, and why it&rsquo;s important, have a look at Get Free Expert Advice From WordPress Influencers. For those who are interested in a deeper behind the scene&rsquo;s look, this is for you, Ask Me Anything: WordPress Influencers Answering Your Questions. One thing is certain, this season is promising to be the best one yet! Without further adieu, I want to introduce you to the main protagonists, our lovely contributors. Drum roll please! Kristina Romero Actress, Writer, Web Consultant, Business Coach, Rockstar Teacher. Kristina has lots of work experience and knowledge to share. If you need advice on starting a business, maintaining or creatingNew Elementor Feature - Flip Box (Including a Unique 3D Effect)<img src=""><br />Interactive design is all the rage now. Here in Elementor we have always strived to offer you a wide range of features that add interactivity to your site. Hover and entrance animations, carousels, slides and toggles are just a few examples of widgets that involve visitor interaction. Now, comes a new widget, that adds another level of interactivity - the Flipbox widget. Forget everything you thought you knew about flipboxes. Elementor Pro's Flipbox gives you more design possibilities, as you will see in the examples below. A flip box is a box that flips over when you hover over it. You can choose from different animations, and customize the look and behavior of each flip box. Flip boxes can help make your content more interesting, improves the user experience and also allow you to accentuate your business features, products and services. With Elementor's new Flip Box widget, you get all the basic flip effects, including flip, push, slide, face, zoom in and zoom out. The flip animation effects work seamlessly, with no hiccups or stalls. You can add a captivating 3D effect to your content boxes and make them truly unique. The 3D option is available for all the flip directions and canMatt Mullenweg on WordPress and Update Signing<img src=""><br />No DescriptionWe made a free course on the key principles of WordPress development<img src=""><br />Make sense of WordPress development Learning WordPress development can be challenging, but it's a lot easier if you understand the core principles that make the software tick. In our free five-day course, we walk you through the most crucial concepts in WordPress development: &ldquo;WordPress is a factory&rdquo;: the key analogy that explains what WordPress is The WordPress template hierarchy The Loop functions.php WordPress hooks You'll learn how WordPress and its themes operate at their most fundamental level, and how your own code can change things at each step in this environment. This knowledge is your first step to becoming a bona fide WordPress developer. This is our distilled and friendly explanation of the building blocks of WordPress development. Start the free course today! &ldquo;I found each section well explained and easy to read. A great introduction to what is required to start as a WordPress developer.&rdquo; -Stephen, developerHow Many WordPress Plugins is Too Many? The Answer Might Surprise You<img src=""><br />If you&rsquo;ve used WordPress for a while, I&rsquo;m sure someone has told you that you &ldquo;shouldn&rsquo;t use too many plugins&rdquo;. It&rsquo;s obvious &ndash; using too many plugins will slow your WordPress site down, right? But is that actually true? I mean, people tell me I shouldn&rsquo;t swim after eating, but I&rsquo;ve done that my whole life and I&rsquo;m still alive and kicking! So is the common knowledge that &ldquo;too many plugins is bad&rdquo; good for WordPress? In this post, I&rsquo;m going to attempt to answer that question. So, if your admin sidebar is bursting at the seams with links to plugin settings pages, join me on this adventure into the world of plugin collecting. Is Having Lots of Plugins Always Bad? Let&rsquo;s start at the beginning. I&rsquo;m not a developer, but in my reading, I&rsquo;m fairly certain that I&rsquo;m accurate in saying that there&rsquo;s nothing inherently wrong with having lots of plugins. I mean, I remember reading somewhere that Pippin Williamson has over 80 plugins running on some of his sites! Pippin knows a thing or two about plugins, so I&rsquo;m going to trust him on this one. In a perfect world populated with perfect developers,Build a website the way you want to<img src=""><br />Get more videos like this: She asked about hiding the names of themes &amp; plugins she uses on her client projects, because she's afraid of the &quot;WordPress Police.&quot; &quot;You're doing it the wrong way. You should build it from scratch. Who uses a plugin to do that?!&quot; We've all heard it, and maybe even said it ourselves. But here's the deal: the market is changing and it's time to adapt. Page builders, and for the most part plugins that make building sites easier, are getting better and better. The companies behind them realize no one likes lag or bloat -- it won't fly -- so they work hard to optimize their software. Before you know it, WordPress core will have it's own builder-like features (, which will certainly flip that argument on to it's head for naysayers. In this video, I discuss where the problem *really* stems from, and what consultants AND clients can do to avoid it. Anyway, I'm sure my more seasoned colleagues may disagree, so I'm looking forward to debating in the comments or on Twitter! Thanks for watching! -- New version of Conductor Plugin is out! -- Check it out,