SEO Articles

Google expands its core web vitals and page experience update FAQs

Google updated its FAQs around the Core Web Vitals and the page experience update. This page is accessible in the Google support forums and was initially posted in December 2020 but was updated today with a lot more details.

What is new. Quite a bit has been updated compared to the original version. You can compare the old to the new by scanning both documents. Malte Ubl, Technically a Software Engineer at Google, said on Twitter, “We published an FAQ on Google’s page experience ranking answering questions like: Where does the Core Web Vitals data come from? How is a score calculated for a URL that was recently published & hasn’t yet generated 28 days of data? …and many more.”

“In December last year, we published a set of Core Web Vitals & Page Experience FAQs based on the questions you wanted us to answer. We received a lot of positive feedback, and many wrote to us saying they found the answers helpful. We are back with more answers to the questions we received meanwhile.  We’ve organized the questions in this post into three sections: Metrics & Tooling, Page Experience & Search, and AMP.  We hope you find these useful,” said Google.

What stands out. The one big item that stands out to me is the one on how Google will still rank the most relevant content despite how poorly it might do with its core web vitals scores. “Our systems will continue to prioritize pages with the best information overall, even if some aspects of page experience are subpar. A good page experience doesn’t override having great, relevant content,” Google wrote.

Google also said that those pages are still “eligible for Top Stories carousel if my webpage is not clearing Core Web Vitals.”

Why we care. With the Google Page Experience Update coming in May, we are all getting ready to ensure our sites fair green with this update. We are not sure how big of a ranking factor this will be, but even if this is a small ranking factor, making these user experience changes to your site can help make for happier users and potentially increase site conversion rates and performance.

The FAQs: Here are some of the top FAQs we think search marketers should focus on today:

Q: Where does the Core Web Vitals data that Search considers come from?

A: The data comes from the Chrome User Experience Report, which is based on actual user visits and interactions with web pages. To be clear, the data is not computed based on lab simulations of loading pages or based on the visits of a non-human visitor like Googlebot.

Q: A 3rd Party service I utilize (such as client-side A/B Testing, Social Embed, Personalization Engines, Comment Systems etc.) is slowing down my site.

A: Sites may choose to utilize a variety of third-party code and services. Core Web Vitals metrics don’t make a distinction in these choices but only look at the total observed experience of the page as seen by the end-user. Like all other features on a page, it may help to regularly assess the impact of third-party components of the experience on the Core Web Vitals. There may be an improved form of integration or configuration that improves the user experience and will be reflected with improved Core Web Vitals metrics. Check out these resources from web.dev on how to optimize third-party JavaScript on your pages.

Q: Why does Google’s guidance use the same thresholds for CWV for all types of pages? For example, a home page for a newspaper is not the same as an article and not the same as a comments page.

A: Core Web Vitals are meant to be foundational metrics that apply to all types of pages. To determine the threshold ranges, we analyzed a wide variety of pages and drew upon research that focused on core user experience requirements agnostic of the page type.

Q: What is the page experience update and how important is it compared to other ranking signals?

A: The page experience update introduces a new signal that our search algorithms will use alongside hundreds of other signals to determine the best content to show in response to a query. Our systems will continue to prioritize pages with the best information overall, even if some aspects of page experience are subpar. A good page experience doesn’t override having great, relevant content. 

This is similar to changes we’ve had in the past, such as our mobile-friendly update or our speed update. As with those signals, page experience will be more important in “tie-breaker” types of situations. If there are multiple pages of similar quality and content, those with better page experience might perform better than those without.

In short, publishers shouldn’t worry that when we begin using page experience, that they may suffer some immediate significant drop, if they’re still working on making improvements. But publishers should be focused on making those improvements a relative priority over time. This is because as more and more sites continue to improve their page experience, it will be the norm that publishers will want to match.

Q: Are Core Web Vitals a ranking factor when using Google Search on non-Chrome browsers?

A: Yes. Page experience ranking signals, based on Core Web Vitals, are applied globally on all browsers on mobile devices.

The post Google expands its core web vitals and page experience update FAQs appeared first on Search Engine Land.

Read More

6 Ways to Bring Empathy Into Your Marketing Strategy (in 2021 and Beyond)

6 Ways to Bring Empathy Into Your Marketing Strategy (in 2021 and Beyond)

Posted by Nadya_Khoja

The events of 2020 have shown us just how important empathetic marketing is for businesses both large and small. The world has changed and businesses need to adapt to the new needs of their customers if they want to grow. The best way to do that is through empathy.

What is empathetic marketing?

Empathy is the ability to see events and situations from another’s perspective — to put yourself in their shoes. For brands, empathetic marketing is about seeing the world through the user’s point of view. It helps you place the customer at the center of your marketing strategy and work outwards.

But it’s important to remember that being empathetic also means being genuine — you can’t create emotional marketing campaigns for the sole purpose of manipulating customers.

Empathy is believable when it creates authentic connections between brands and users. You have to build trust and organic relationships throughout the customer journey.

Source: Venngage

Yes, increasing conversion rates is the ultimate goal of every marketing campaign, but brands need to change their mindset about how to achieve those conversions.

If your marketing strategy is focused on the hard-sell approach, it’s time to rethink your campaigns for 2021.

Why is empathy important in marketing?

We’ve outlined how empathy works in marketing, but there are numerous reasons why it’s important, especially in 2021 and beyond.

Emotion and connection are more necessary now than ever before. The way we live and work has changed in ways we couldn’t have imagined. “Business as usual” is a thing of the past, because a lot of emotion is being generated about the future — and these emotions impact how consumers react to marketing campaigns.

The range of human emotion is massive, from positive emotions like joy, interest, and amazement, to the more negative, such as fear, anger, or sadness (anger, especially, can be a powerful motivator for sharing content). Campaigns need to be geared towards evoking and connecting with these real emotions.

While brands still want to sell products and services and bring in revenue, the way they move users through the funnel has to change. And this approach needs to be from the ground up.

Adapt your content marketing, re-examine the customer journey, and educate your employees about the benefits of evoking emotion across marketing channels.

How to use empathy in marketing (+examples)

Brand marketing has been on one trajectory for a long time: sell products and amplify your brand image by emphasizing the characteristics of your company.

This mindset is ingrained in us, which makes it difficult to understand how to use empathy in marketing. But the world of marketing has had to adapt before, and we can do it again. Here are the best ways to switch to an empathetic marketing mindset.

1. Understand your audience’s pain points

We’ve mentioned the importance of walking in your audience’s shoes to get a feel for what they need right now. This is the time to update your buyer personas to reflect the new realities your customers are experiencing.

Source: Venngage

How can you do this? By understanding that customer empathy works in two ways:

What are the customer pain points in the real world?What are the customer pain points regarding your business?

The real world, at the moment, is still reeling from the pandemic. That means your audience is missing out on traveling and meeting people, and is dealing with loneliness and uncertainty.

If your brand can step in to help with these feelings — such as offering virtual classes or providing entertainment — you’ll be able to make a powerful connection with your audience.

JetBlue has done a good job of understanding customers’ current pain points — how to travel safely in the pandemic in an emergency — and created videos addressing those issues:

When it comes to customers’ pain points with regards to your brand, you need to do a bit more digging.

Analyze your traffic and conversions each week and note the biggest movers, up and down. This is a great way to find out what aspects of your brand are attracting customers.

Use social listening to understand the sentiment around your brand. But don’t engage in every conversation, even if you’re feeling defensive. If customers aren’t happy with your brand, you should be learning why that is and how you can fix it.

Of course, nothing beats talking to your customers directly. Schedule a call or send out a short survey and ask them a few questions:

Are they happy with your brand?What product/service has benefited them the most?What would they like to see improved?

Don’t make any promises, but use this as a learning exercise to improve your customer interactions.

Once you’ve collated this information, you can design a customer traffic report that will help you adapt the direction of your marketing.

Source: Venngage

Another important component that brands need to keep in mind: avoiding confusion.

This goes hand-in-hand with marketing strategies, but clarity often goes out the door when you’re trying out a new mindset. If you’re selling a complex service that will eventually help customers, you don’t want to lose them in jargon or multi-step process.

Share comprehensive guides that they can follow during the user onboarding process. Make it as visual as possible by sharing screenshots, video walkthroughs, or use a timeline template.

Onboarding guides are a good way to show customers that you care about them and are willing to take them through every step of the process. This will help to build trust and strengthen connections between customers and brands.

2. Adapt to audience needs

Now that you know what your audience needs from the world and from your brand, you need to adapt your business model.

eBay’s Up & Running program is a good example of this adaptation:

With so many small businesses struggling during the pandemic, eBay scaled back fees, made some services free, and offered more support to sellers.

There are lessons here that brands can take into their own campaigns. You may not be able to offer discounts, but how about opening up your premium tier to all audiences?

Take smaller steps, like adapting how front-facing employees handle customers. Design job aids, like this example, to remind teams how to display empathetic behavior towards customers.

Source: Venngage

It’s also worth looking into your current customer service process to ensure your wording and tone are more empathetic.

3. Capture everyday life

A key component of using empathy in marketing is capturing the wonders of everyday life. Major life moments are on hold for the foreseeable future, so why aren’t more businesses incorporating the little moments into their content strategies?

Brands can showcase their empathy by creating content around simple scenarios: the joy of a video call with a loved one, baking a great pie, or replicating an outdoor experience inside. For example, people aren’t going to movie theaters right now, so a video about recreating the theater experience at home would successfully tap into customer empathy.

That’s exactly what Verizon did with their short video on responsive lighting:

The video is instructional and fun, and it features a real person from the company who loves the movie theater experience enough to want to recreate it at home. Human connection, right there.

Brands sometimes believe that content marketing means high-definition video quality and expansive stories. But you have to take the world as it currently is into account. Consumers aren’t living high-end lives, so the brand message needs to reflect that. Customers are home, and will be working remotely for a while longer. Choose the home as a setting when sharing your brand story to create that real-world connection.

4. Take a visually engaging, educational approach

Your content needs to be valuable to customers if it’s going to enhance their brand experience, so an educational approach might be necessary.

Audit your existing content to find pieces that are relevant to your audience. You can also update older pieces that may have outdated information, but can evoke the right emotions.

Over the past year, we’ve seen a lot of data-focused content being shared. Marketers can design content around key data to educate audiences. In fact, according to Venngage’s study into data marketing, most marketers are comfortable with data design.

This is the time to tap into data visualization skills and create data-related content to educate audiences. Customers want content that isn’t just attractive, but that also increases their understanding of the world around them.

Another way to educate audiences is to find the sweet spot between your business’ expertise and what your customers are interested in learning. That’s what Lush is doing with their “How It’s Made” YouTube series. It takes an educational and empathetic approach to showcasing their products:

This series works because customers want to know what’s going into the products they use. Lush has their experts explain the ingredients, and the overlap makes for great content.

When sharing educational content, create visuals that help tell your story. As a design solution, we’ve seen that visual storytelling can increase connections and conversions.

5. Add interactivity

Interactive marketing has been taking off over the past few years, since rapidly advancing technology (especially within social media) has made it more attainable for brands.

In the current global climate, adding interactivity in marketing content can be a great way to generate empathy in business models. As we have mentioned, consumers have had to give up on going out, meeting people, and traveling the world. If your brand can offer them solutions to these problems, then showcasing those solutions in your marketing should be a top priority.

And if you can make it interactive, like this BBC Scotland video, so much the better: 

The video works because of how simple the interactivity is. Users just need to use their touchpad to click through for more information and to change the direction of the video. Since people can’t travel right now and take in these sights in person, it has a great chance of engaging consumers.

According to recent video marketing research, YouTube not only draws in billions of monthly users, but it’s also the top purchase-driver among social media channels. So, if you have the resources to create interactive YouTube videos, you can showcase more brand empathy in your marketing efforts.

6. Utilize user-generated content

User-generated content has been a mainstay of social media marketing for a while now. But it’s also a strong tool for building brand connections with consumers.

What makes UGC stand out from other marketing strategies is how it bridges the gap between brands and customers. Users create content, either for their channels or for a brand contest, and that content is amplified on a company’s social media platform, website, or newsletters.

There are numerous benefits to UGC, the primary one being that your brand doesn’t need to create this content (though you will need to sort through entries to choose brand-appropriate content). Additionally, by showcasing users’ content, you can tap into their networks. People will feel happy about appearing on your brand’s platform and share the post or page with their circles.

Marketers should spend some time looking at the kind of content users are generating, as this will help them create a contest strategy that will appeal to their demographic, like Petco did.

Petco collected content from their customers about the little moments they share with their pets to create this video collage:

And there’s another benefit of UGC that is exemplified by Petco’s video: this kind of content acts as testimonials for the company. UGC shows that customers believe in a brand enough to send them their content. This proves to prospective customers that this brand is worth engaging with and purchasing from.

Conclusion: Use empathetic marketing to connect with customers in 2021 and beyond

The global situation has made empathetic marketing a top priority for businesses. It isn’t enough to talk about your product or the benefits of buying from your brand anymore. Brands now need to connect with customers on a deeper, more empathetic level. Show your audience that you understand their needs and are ready to adapt to them.

Including empathy in marketing campaigns is more of a mindset than a technique. And to instill that way of thinking in marketing teams, you need to follow these steps:

Understand your audience’s current pain pointsAdapt to their needsTake an educational approach in your marketingCapture everyday life in campaignsAdd interactive elementsUtilize user-generated content

Each step is vital because the changes we’re seeing now will have long-lasting effects. Taking an empathetic approach can take a bit of time to get used to, but it isn’t impossible.

Have other tips for incorporating empathy in marketing? Let me know in the comments.

Sign up for The Moz Top 10, a semimonthly mailer updating you on the top ten hottest pieces of SEO news, tips, and rad links uncovered by the Moz team. Think of it as your exclusive digest of stuff you don’t have time to hunt down but want to read!

Read More

10 Free Red Subscribe Buttons for YouTube

Download All Red Subscribe Buttons *Includes .ai, transparent .png, and .svg versions of each button We also have sets of yellow, white, purple, pink, green, blue, and black YouTube subscribe buttons.

The post 10 Free Red Subscribe Buttons for YouTube first appeared on Gotch SEO.

Read More

How To Backup A WordPress Site The Right Way

How To Backup A WordPress Site The Right Way

We have a saying here at WP Fix It when it comes to backing up your site. The saying goes “BACKUP BEFORE YOU CRACKUP“. We coined this saying because we have seen so too often people that own or manage a WordPress site be in a situation where a backup file is needed but does not exist. This is a really ugly place to be and we never like to see anyone there.

There are 3 major reasons why backing up your WordPress website is so important and a Must Do Task

SAVES YOU MONEY
According to Fortune Magazine, data loss costs companies 1.7 trillion per year.
SAVES YOU TIME
Rebuilding lost data or design can take a massive amount of time depending on the quantity needed to recover.
SHOWS HOW SMART YOU ARE
This is an ABSOLUTE FACT!  If you are in a room of 10 website owners and you are the only one with a backup and restore strategy for your site, you are automatically the smartest one in the room.  Are you reading this because you do not currently have a backup and restore strategy for your site?  We are so glad you are here and we guarantee by the end of this you will be more intelligent than you were before you read this.

We live in a High Tech Low Touch world

What we mean by this is that the things that support our daily tasks require technology. And this technology is a collection of data specific to each person. If this data is lost or corrupted it can really wreak havoc in our daily lives.

Some of those things that store our data and would cripple us if lost are:

Email
Social Media
Phone Contacts
Text Messages
Calendars
Mobile Apps
Work Systems
School Assignments

Now with all this technology full of our specific data that we need to survive, imagine some of worst things that can happen.

We lose our phone
Our computer crashes
Our website gets hacked and modifies content or design
Or our website gets deleted or corrupted by a server error

The goal here is to make sure we are prepared for the worst. This will make certain to limit our fears and worries. Having a backup and restore strategy in these situations is critical to living a digital life of no worries.

The defined approach to creating a successful backup strategy for your WordPress site can be accomplished with 3 main actions

 

 

So who is responsible for backing up your site? Unless you are paying someone else to backup your site, YOU ARE RESPONSIBLE. Yep as if you need another responsibility right? Do not worry as the strategy that we will soon lay out will be a process that is automated and not managed.

THINGS THAT REQUIRE BACKUP/RESTORE

Hosting requirements – The foundation of your entire site.
Outdated WP version – Security issues and script upgrades
Plugin conflicts – About 80% of WP issues
Theme conflicts – Script conflicts or outdated files
Plugin / Theme updates – SO IMPORTANT
Malicious files on server – Malware and Infected files that run scripts to infect other files
Local computer settings – Browser and Internet settings
User errors – My favorite

Jarrett Gucci – Owner of WP Fix It

Here is a short story about something that happened to me in my life and relates to the topic of backing up your website.

When I was 17 I left school to start my own carpet installation business. I was doing pretty well and so I moved into my own apartment. Now when I say I was doing well, it meant I had enough money each month to rent a studio apartment in the North Side of Buffalo New York. This was not the worst neighborhood in the city but certainly was not the suburbs. I owned a work van which I used to haul job supplies and my tools. Each night when I would come home, I would bring all my tools inside and place them in the section of the basement that was assigned to me. Does anyone know what a basement is… During my living there, I joined a networking group to generate referrals and grow my business. There was a gentleman that I would see each week at the networking meeting who sold insurance. On one particular week, he was speaking about renters insurance and how affordable it was to have peace of mind with your belongings. I signed up and literally the day after my policy went into effect, the building I was in was broken into and the basement was emptied out. All of my work tools were gone. Because I had renters insurance I was provided money to rent tools and in less than 30 days had a check fully reimbursing the cost of the tools that were stolen.

Having a backup strategy for your WordPress website is very similar to having any type insurance. Insurance is a means of protection from financial loss. If you have a situation with your website that requires a backup file that does not exist you are not is a good place. I can not tell you how many times I have seen this.

 

Now before we dive into the meat of this article and share with you a proven backup/restore strategy our team has used for many years with no issues, it is important that we make it clear that we have no intention of communicating this way is the only way. You have been kind enough to give us your attention reading this post in hopes of learning something. And with that we take on the responsibility of sharing our experience with you. We are about to show you a plugin that can make your backup and restore strategy easy as apple pie.

The plugin that we recommend to all WordPress users to create a successful Backup and Restore strategy for their site is UPDRAFTPLUS!!!

Now there are many amazing backup and restore plugins available out there but as we are suggesting you use UpdraftPlus, awe must let know that there are actually 3 thing this plugin does that no other backup and restore WordPress plugin can do.

Automatic 1 Click Restore
With a simple click of a button you can complete a full restore of your site from any of your backup files.
Automatic Backups Pre-Update
This is very cool as you can have automated backups created before  you update your plugins, theme or WordPress core files.
Backup Encrypted Databases
If you are storing data in your database that must be encrypted, this is the only plugin that will back that data up.

Alright so all this talk about backup but nothing yet about exactly what to backup. Take a moment and think of the human body. What are the 2 things it can absolutely not function without? The heart and the brain. Now take this same concept as it relates to backup and think of the 2 things that a WordPress site has that are unique?

The heart of a WordPress site is the database and this is where all the data unique to your site is stored. The brain is the content of of your WordPress site. These are the actual files that exist in your wp-content folder of your active WordPress install. These are the 2 things unique to your site and the 2 things that should be backed up and are required to complete a restore.

Backing Up Your Site is a Movement Not Just Advice

Let us together as some of the most awesome people in the WordPress community start a movement educating others on the importance of backing up your site. Can you join in on this?

See our owner Jarrett Gucci give a presentation on this exact topic below.

Time To Put This Backup/Restore System in Motion

Okay we think you’ve done enough reading at this point. It’s now time to show you how to backup a WordPress site the right way. Follow the easy steps below to setup an automated backup system for free in minutes.

Login to your site and visit Plugins>Add New
Type in UpdraftPlus and install and activate it
Once active, visit Settings>UpdraftPlus Backup/Restore
Click on the Settings tab and adjust as desired

That is it.  Your WordPress site now has a smooth running automated backup and restore system.

The post How To Backup A WordPress Site The Right Way appeared first on WP Fix It.

Read More

Yoast Local SEO 13.9: Primary location & shared properties

Yoast Local SEO 13.9: Primary location & shared properties

For local businesses, doing well in the local search results is essential. Luckily, the Local SEO add-on for Yoast SEO is a great help for your business. The plugin makes it much easier to get your site to perform better in Google. For instance, it helps you improve your local business’s contact page so customers can find or contact you. It also adds the structured data Google needs to understand your company fully. In Local SEO 13.9, we added two great new features on that front.

Local business structured data

Local SEO is essential if you want your business to do well in your local market. Luckily, we can help you get on the right track. We have ample articles, like our Local SEO Ultimate Guide and even a Local SEO training course in our Yoast SEO Academy. Also, we have a great add-on for Yoast SEO that helps you increase your local business’s visibility: Yoast Local SEO.

In Local SEO 13.9, we have a couple of great new features that make it easier to get your business data out there. To help Google figure out your business, you need to add LocalBusiness structured data. With this, you can describe to Google who you are and what you do. By doing so, you’re automatically helping them understand all about you, making it simpler for them to show your business in the local search results.

Set a primary location

At Yoast, we’ve been gradually expanding what we do with LocalBusiness. In Local SEO 13.9, we added two new features that help you describe your business. You can now set a location as your ‘primary location’ (e.g., a ‘head office’). We’ll make sure the correct structured data is added for the primary location and other locations.

You can now set a primary location for your business

Determine shared properties for multiple locations

For the second one, we introduce shared properties for businesses with multiple locations. You can fill out business information with shared properties that applies to more of your locations — for instance, opening hours, a phone number, or an email address. We’ll share this information with all other locations that don’t already have business information set. You can manually override shared properties per location in the Locations post type.

With shared properties, you can determine what business information your different locations share, like opening hours

To get you started with these features, we have updated help documentation:

How to set a primary location, How to work with shared opening hours, How to work with shared business information.

Yoast Local SEO 13.9 is out now

The Local SEO plugin is a great addition if you are trying to rank your local business in Google. It helps you set up everything you need to help both search engines and potential customers to find and understand your business. In this update, we added two new features that add the LocalBusiness structured data that Google likes. Now, you can set up your business data in such a way that you can define your main location and if these locations have shared properties like phone numbers.

Help your local business stand out

The Local SEO plugin by Yoast gives you everything you need to do well in the local search results pages!

Get Local SEO ▸Only $69 USD (ex VAT) for 1 site

The post Yoast Local SEO 13.9: Primary location & shared properties appeared first on Yoast.

Read More

Preventing WordPress Malware With 3 Simple Steps

Preventing WordPress Malware With 3 Simple Steps

Preventing WordPress Malware With 3 Simple Steps

Preventing WordPress Malware sounds like a great thing to talk about uh?

Hopefully you are comfortably interested in reading this post in an effort to proactively avoid dealing with a WordPress infection. If so this is great news because it shows that you take WordPress security seriously and you do not want to find yourself in the situation where you are dealing with a WordPress malware infection on your website that is causing it to either function improperly or be completely inaccessible all together.

We have a team of Agents that have been servicing flat fee WordPress support issues since 2009. One of the most popular services that we offer is our Infection Removal Service and we can tell you that over the years we have seen it all and conquered it all when it comes to WordPress infections.

While there are hundreds and maybe even thousands of different ways a website can become vulnerable and get infected there are three very common reasons why an infection could become present on your WordPress website. Avoiding these three often seen causes that lead to a WordPress infection will increase the level of security and stability on your website and decrease any panic or concerns that you may have in getting an infection on your WordPress site.

Our goal here is to fully outline in detail the three most commonly seen reasons that lead to a WordPress infection. By the end of this article you will have a full understanding of each reason and be able to jump into action on your own website to ensure that none of these things are in place which in turn will automatically limit the vulnerability of your website getting an infection. Simply watching out for these three very common causes will arm you with a strong strategy in preventing a WordPress malware infection.

UPDATE YOUR WORDPRESS SOFTWARE – Preventing WordPress Malware

One of the most impressive features of using WordPress as your content management system is that it is constantly being updated to not only provide better functionality but also to enhance its level of security and safe usage. It is extremely important that you manage and maintain the software updates on your WordPress website to limit not only security concerns but also any functionality conflicts that could arise from not completing your updates.

WordPress updates come in many different forms. Below are the different categories of updates that may be available on your WordPress website.

WordPress Core Update
This is the heart and soul of your entire WordPress installation. This is the core open source software that makes up the WordPress environment that you are using for your website. This software can be found and downloaded at the link below.
https://wordpress.org/

The WordPress core files are extremely important to stay up-to-date in order to comply with the ongoing web standards as well as any security concerns that  may make your website vulnerable to attacks. If you are not currently running the newest version of WordPress core, you are putting your website at risk and shouting out loud to hackers and other malicious software that exists on the internet looking for websites to do their dirty deeds on.

Major upgrades usually happen two or three times a year and minor releases happen as needed. Depending on where your site is hosted, some hosting companies will automatically update your WordPress core. Below is a tentative update schedule for 2020 through 2021.

For a full list of every single WordPress core release that has ever been available you can visit the release archives at the link below.
https://wordpress.org/download/releases

 Let us take a brief trip down memory lane for a moment.

Just for some fun facts here I wanted to include a brief WordPress history lesson. In 2002, Matt Mullenweg, a college student at the time, installed the b2 or cafelog blogging system for personal use. Unfortunately, the original creator of b2/cafelog had to give up updating his creation because of personal matters and the project and its community were left without a leader.

On April 1st, 2003, Matt created a new branch of b2 on SourceForge by forking the original b2/cafelog system to create his own version with the help of Mike Little. Matt’s friend, Christine Tremoulet recommended calling it WordPress and that’s the name they stuck with. After hundreds (maybe thousands) of commits to the official SVN repository, the first version, WordPress 0.7 was released on May 27th, 2003.

WordPress 1.0 was released in January 2004: otherwise known as the ‘Davis’ version. Mullenweg has an affinity for jazz greats. He names all updates after Jazz greats from the past and today. In addition, Matt used to include a plugin called Hello Dolly in every release. This plugin is a long-standing tribute to Louis Armstrong.

Below is a great short video that explains the uber importance of why you should update WordPress when an update is available. You can also check out another great article at the link below explaining the features and benefits of updating WordPress.
https://www.wpbeginner.com/beginners-guide/why-you-should-always-use-the-latest-version-of-wordpress/

WordPress Plugin Updates
Plugins, plugins, plugins and did I mention plugins? WordPress plugins are the best friend and confidant in any WordPress environment. Plugins enhance and create functionality which adds value to your website.

So I’m sure you already know this by now that there are tons of plugins out there and on average any given WordPress website is usually running 10 or more active plugins. With the installed plugins that are actively being used on a WordPress website there are updates that happen frequently.

Now before I get into detail about these updates and what to look for and how to manage them it is important to understand that plugins need to be broken up into two subcategories.

1. Free Plugins
These are the plugins that are most commonly used on a WordPress website. The majority of these types of plugins are either downloaded from wordpress.org or installed directly from the administrative area in your WordPress website.  These plugins like any plugins, are maintained and updated by the developer as they see fit to improve on the functionality of their plugin or adapt the code within the plugin to stay up-to-date with the changes to WordPress core itself. As the developer makes updates to their created plugin, these updates are then pushed out as notifications to WordPress users that there is a new version of the plugin that they have installed on their website.

According to wordpress.org there are over 58,000 free plug-ins available for download. See at https://wordpress.org/plugins. I guarantee that this number below changes often as there are constant additions added to the wordpress.org plugin directory because of the many talented and generous developers out there that create plugins to improve and enhance the WordPress experience.

The below image is a very familiar view for many WordPress users. You will see a bubbled number next to the word updates and plugins in your WordPress administrative area when there is a pending update that needs to be completed on a free WordPress plugin.

2. Premium Plugins
Now let’s talk about premium plugins. A premium plugin is going to be a plugin that you have paid money to use. In most cases this is an upgrade to a free plugin that you are already using. The premium version of the free plugin will enable you to additional features that the free version does not include. The updating process for premium plugins can sometimes be different than the process you are used to with free plugins. Some premium plugins will require you to actually manually upload the newest version of the plugin which you can have access to in the account where you purchased the plugin. On the other hand some premium plugins will have the same update process that you do for free plugins.

So now that I have explained the two subcategories of plugins let’s get back to the main topic at hand here of preventing a WordPress malware infection. Failure to complete the updates that your plugins have pending is one of the most common reasons a WordPress website can become infected. The majority of plugin updates that become available will include security improvements that limits the vulnerability of your website to malicious activity. This is why completing your plugin updates is so extremely important. Not to mention that  failure to complete your WordPress plugin updates can lead to functionality conflicts that would cause your website not to work properly.

Below is a short video showing you the easiest way and foolproof way to update your plugins on your WordPress website. Read about EASY updates at the link below.
https://www.wpfixit.com/update-wordpress-themes-and-plugins

WordPress Theme Update
Your active WordPress theme is the group of files that make up the actual design of your website. Just like I talked about earlier with plugins there are both free and premium themes.

Currently at the date of this post, there were actively over 8000 free WordPress themes available at wordpress.org.

Updates to themes will be visible in the WordPress administrative menu under Appearance > Themes. You can also find any theme updates under the WordPress administrative menu Dashboard > Updates. If you are using a free WordPress theme the update process will be pretty straightforward. You will be able to click an update now hyperlink in the appearance area of your WordPress administrative menu or in your General > Updates area. You can see an example of each one of these areas in the images below.

APPEARANCE > THEMES

DASHBOARD > UPDATES

Many WordPress users are not running their website using a free WordPress theme. In the majority of WordPress installations there is going to be a premium theme that is running. Most premium WordPress themes require a license activation code to be able to have access to update notifications which allow you to update the theme to the newest version directly from your WordPress admin area.

There are some premium WordPress themes that do not have the ability for update notifications inside of your WordPress admin area. If this is the situation with the WordPress theme that you are actively using it will require you to manually upload and update the active theme on your website.

Below is an in-depth article walking you through the many different ways to update a WordPress theme.
https://kinsta.com/blog/how-to-update-wordpress-theme.

SUPER IMPORTANT
If there are additional WordPress themes installed on your website that are not being used, delete them immediately. There is no reason to keep inactive WordPress themes inside of your WordPress installation. Keeping these will definitely increase your vulnerability and decrease the ability in preventing WordPress malware.

So just to keep with the theme here of preventing a WordPress malware infection, keeping your WordPress theme updated to the newest version is always the best practice to limit the vulnerability on your website that hackers love to look for and target.

WordPress Staging Update
So we have talked about keeping WordPress core updated, updating all of your installed plugins and making sure that your active theme is updated. The last area of updating that we will touch on here may not apply to all WordPress users.

Many WordPress users will have a staging environment setup within the same hosting account as their production website which they use to test different functionalities of their website and complete updates on before pushing those updates to their production site.

Another common scenario is designing a new website or a development website on a subdomain within the same hosting account as a production site.

What we seen often in our many years of removing infections from WordPress websites is that these staging environments or development environments are left dormant and the creators of these environments never complete the software updates in them.  This can cause a very messy situation.

If you are not actively using your staging or development environment, delete it. If you are in need of your staging or development environment, make sure that you are maintaining all of the software updates in them just like you do on your production site. This includes all the update categories that we mentioned earlier in this article. Update WordPress core, update all of your installed plugins and make sure that the active theme is running the newest version.

We really cannot stress it enough that if you are not actively maintaining your staging or development area that it will surely leave your entire hosting account vulnerable and it is just a matter of time before an infection arises.

Check out the link below that will show you some valuable staging site best practices.
https://www.uncannyowl.com/wordpress-staging-sites

So hopefully at this point in the article you understand intimately the importance of completing all of your WordPress software updates. Doing this is the first simple step to preventing WordPress malware. Remember that these updates are there for a reason and should not be ignored. If you were driving your car and the engine light came on that is the car’s software telling you that there is a problem that needs to be attended to. The same thing goes for all of those bubbled update numbers inside of your WordPress admin area. You must manage and maintain these to ensure that you are limiting the vulnerabilities in your WordPress website.

RUN RECOMMENDED PHP VERSION – Preventing WordPress Malware

Not sure if you knew this but there are actually hosting requirements that WordPress needs to function optimally.

 

WordPress runs under PHP; for server side scripting language, and MySQL; for database management platforms and below are the requirements needed for the server environment:

– PHP (Versión 7 or higher).
– MySQL (5.6 or greater).
– URL Rewrite Capability; It is not required, but strongly recommended for a better URL friendly site.
– HTTPS; It is not mandatory but strongly recommended for secure communication between the server and your browser.

WordPress still gives support to PHP Version 5.2.4+ and MySQL Version 5.0, but because these versions have reached the official end of life support, they are considered a security vulnerability.

Source: https://wordpress.org/about/requirements

PHP has something called an EOL.  What this stands for is END OF LIFE cycle. What it means is a release that is no longer supported. Users of this release should upgrade as soon as possible, as they may be exposed to un-patched security vulnerabilities. Yes security vulnerabilities. If your WordPress installation is using a version of PHP that has reached its end of life cycle, you are really opening the doors and windows to hackers that want to get into your house and wreak havoc.

Below is a nice simple life cycle chart of PHP versions.

Source: https://www.php.net/supported-versions.php

Many of the popular and modern WordPress hosting companies are operating with the newest versions of PHP within their server environments. There are however still hosting companies out there that WordPress users are giving their money to each month which still do not provide the newest version of PHP as an option on the server.

How to Check PHP Version
You may not even notice the PHP version, when things are going fine. But some plugins need a certain version of PHP to work as intended. Let us take a popular WooCommerce plugin as an example. You need to have PHP version 5.6 or later in order to use the latest WooCommerce version. Otherwise your online shop may not work and you may lose the revenue.

There are many ways to find the PHP version of your WordPress site:

The simplest way is to ask your host.
Use a plugin like Display PHP Version to see the version number in your dashboard under “At a Glance” section.
Use php.ini or phpinfo.php file to view the PHP version.
Check your cPanel under the statistics sidebar or use apps like “PHP Config”, “PHP Variable Manager” or similar. Remember each folder on your account can have different PHP versions. Hence look for the folder on which you have WordPress installation.
Most of the commercial themes and some of the plugins will have the option to check the server status like PHP version, memory limit, etc. For example, if you are using WooCommerce, you can view the PHP version under “WooCommerce > System Status” menu as shown below:

Latest WordPress versions include a feature called Site Health. It will show a warning message in the Dashboard section when you use deprecated PHP like below.

You can go to “Tools > Site Health > Info” section to find the latest PHP version used on your site. You will see a warning message under “Status” tab when using the deprecated version.

We would like to just summarize and restate what we said in the beginning of this portion related to PHP updates. Running your WordPress website in a hosting environment that is using an end of life cycle version of PHP is a very dangerous game to play. This is an extremely vulnerable point of attack for any hacker or suspicious script that wants to get into your website files and database.

Make sure that you take action immediately to verify what version of PHP your hosting environment is running and based on that information take the appropriate steps to ensure that you are running on the newest version. Doing so will make sure that you are Taking a necessary step in preventing a WordPress malware infection.

MANAGE ACCOUNT ACCESS – Preventing WordPress Malware

There is absolutely no way we would let you escape grips of this article without talking about account access in relation to your WordPress installation. Now right away you may be thinking that this is just the login information to access your WordPress administrative area. Yes, that is one piece of managing account access but there are many other accounts related to your WordPress website that if you are not managing the access properly it can cause vulnerabilities and lead to a WordPress malware infection.

Let us break down the different levels of access that every WordPress installation has.

 

WordPress Admin Login
This is the area of your WordPress installation that you are probably most familiar with. This is the place where you actually log into the administrative area of your WordPress website to manage your content and your website settings.

WordPress uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site. A site owner can manage the user access to such tasks as writing and editing posts, creating Pages, creating categories, moderating comments, managing plugins, managing themes, and managing other users, by assigning a specific role to each of the users.

WordPress has six pre-defined roles: Super Admin, Administrator, Editor, Author, Contributor and Subscriber. Each role is allowed to perform a set of tasks called Capabilities. Below is the breakdown for the six predefined roles that are included in WordPress.

Super Admin – somebody with access to the site network administration features and all other features. See the Create a Network article.
Administrator – somebody who has access to all the administration features within a single site.
Editor – somebody who can publish and manage posts including the posts of other users.
Author  – somebody who can publish and manage their own posts.
Contributor – somebody who can write and manage their own posts but cannot publish them.
Subscriber – somebody who can only manage their profile.

Check out the link below for a detailed breakdown of WordPress user roles.
https://themeisle.com/blog/wordpress-user-roles/

Hosting Account Login
Your hosting account is the company that you pay to store and serve the files and content of your WordPress website. It is important that you have this information and have control and access to your hosting environment. It is also equally important that there are not any other users that have this access without your knowledge as this gives an individual full control over every aspect of your website.

FTP Credentials
FTP stands for a file transfer protocol. This is a process of connecting to your server so you can access the files that are located in the hosting environment. Many times FTP credentials will be created when your hosting account is setup.

FTP access is also a very dangerous place for anybody to have the ability to edit change or delete files on your server. It is so important that you understand where these credentials are located and also manage who actually has access to them.

Database Credentials
Your database is the area of your website that stores all of the content which is displayed on your WordPress website. This is also the area where all the settings for the functionality of your website and the design seetings are stored.

Most hosting environments offer a phpMyAdmin interface to manage database entries. These credentials should always be kept private and only given access to individuals that are trusted and will not cause any harm.

Enforce Strong Passwords
One of the biggest vulnerabilities and reasons why a WordPress website can get hacked is because of the use of weak passwords. We cannot tell you how many times we have seen WordPress users that have their passwords set to the actual word “password“.

Just taking a simple common-sense approach to creating strong passwords will enhance your WordPress security tenfold. Doing this simple step is key in preventing WordPress malware.

There are many free online tools that will generate strong passwords for any account that you have. One of our favorites is a tool by LastPass which you can check out at the link below and generate highly secure passwords.
https://www.lastpass.com/password-generator

Schedule Password Changes
Another very simple and powerful password strategy that you can do in preventing WordPress malware is to schedule password changes. What we mean by this is perhaps every three months or an interval of your choice you can change the passwords of the accounts related to your website. This will add another level of security behavior to your WordPress installation.

If you are running an e-commerce website or a social networking website where you have many users that have accounts within your WordPress installation, you can use a mass password change plugin to have the passwords of all your user accounts changed. You can check out the details of this free plugin at the link below.
https://wordpress.org/plugins/mass-users-password-reset

Let Us Summarize – Preventing WordPress Malware

We really hope that the 3 simple actions below that we have outlined in this article in preventing WordPress malware has given you a higher comfort of security for your WordPress website. 

UPDATE YOUR WORDPRESS SOFTWARE
RUN RECOMMENDED PHP VERSION
MANAGE ACCOUNT ACCESS

If you have any questions at all about what you have read here please drop us a comment below and we will get those questions answered quickly.

WE CAN REMOVE YOUR INFECTION RIGHT NOW!!!

This very detailed service will make sure your WordPress site is fully cleaned and secured to prevent future infections. We will start cleaning right away.

SEE SERVICE DETAILS

The post Preventing WordPress Malware With 3 Simple Steps appeared first on WP Fix It.

Read More