One of my favorite things about WordPress is how extendable it is. As I’m writing, there are currently 43,739 plugins available in the official directory, and, if you can’t find what you’re looking for there, you can always make it yourself. So, what plugins do we think are must-haves? Here’s our pick of 10 of them.
No self-hosted WordPress installation is complete without Jetpack, which brings all sorts of WordPress.com features to your personal blog or company website. You can build custom contact forms, display your portfolio, keep track of site’s stats, and automatically connect to the most popular social media sites. And that’s just a few of the 35 or so features Jetpack has to offer.
All In One SEO Pack
When they say ‘All In One,’ they really mean it. AIOSEOP is the Swiss Army Knife of SEO plugins, and allows you to manage individual posts, pages, and even custom post types. It also lets you verify your site with Google’s Webmaster Tools and Bing’s Webmaster Central, add the Google Analytics code to your header, and even build XML sitemaps for submission to search engines.
So, if you feel confused by all of the options the All In One SEO Pack has to offer, then Yoast SEO is the plugin for you. While the first focuses on those who already have a good grasp of Search Engine Optimization, Yoast is much more friendly to those still learning about SEO, and includes a powerful page analysis tool to help you write better content, and make your site more friendly to search engines.
It isn’t a secret that WordPress is frequently targeted by people wanting to do bad things; that’s what happens when you’re the most widely used content management system. While there are many security plugins out there, Wordfence is our choice, because it’s powerful and, once configured, will take care of most issues before you even get the chance to check on them.
There are almost as many backup plugins as there are opinions on which WordPress backup plugin is the best. Our choice is BackWPUp, because it’s easy to configure (even for those not that technically inclined), and can store your backups on remote FTP servers, Dropbox, have them sent to you via email, and many more.
Another great plugin by the folks that brought you WordPress in the first place. Akismet helps keep your blog spam free by running any new comments through their servers, and automatically marking the spammy ones as spam. It requires an API key, but for personal blogs, it’s free, provided you have fewer than 50,000 comment attempts a month. For a professional account, the cost starts at just $5.
WP Super Cache
One of the drawbacks of using WordPress is that serving the complicated PHP files takes more time (and more server resources) than a static HTML file. WP Super Cache takes some load off of your server by building a static HTML file for the dynamic PHP pages. Once a period of time of your choosing passes, the static page will be dropped and refreshed. It’s a good compromise between static and dynamic.
It happens to the best of databases: over time, they gather extra lines of information that will never be useful again, causing them to slow down bit by bit. WP-Optimize takes that less-than-perfect database and cleans it back up again, improving performance, reducing space, and keeping WordPress generally happy.
Safe Redirect Manager
Posts and pages sometimes come and go, leaving search engines guessing as to where to go when it can’t find something. Safe Redirect Manager gives them a bit of direction, in case you move, or completely remove, anything from your website.
OK, WordPress Importer isn’t something we keep installed on all of our WordPress sites, but it’s one of those that, when you need it, you really need it. It allows you to take a WordPress export file, and pull all of the posts, pages, categories, tags, and media files (or basically anything you need) into a new WordPress installation. Great for when you need a sandbox to test out theme or plugin development.
Well, there you have it: our 10 must-have WordPress plugins. What plugins do you find the most useful?
In the world of the Internet, computers don’t really have names. They have IP addresses, like 18.104.22.168 or 2001:4860:4860::8888. The problem with that is, people have a hard time remembering numbers, but we’re really good at remembering names. The solution is the Domain Name System, or DNS. DNS takes a domain name, like 10twebdesign.com, and resolves (translates) it to an IP address, such as 22.214.171.124.
So, what really happens when you type 10twebdesign.com into your web browser and press enter?
Maybe I Already Know Who That Is
First things first, your web browser might already know where 10twebdesign.com is located, because you may have visited it recently. If you have, your browser will cache (remember) the information for a certain period of time, so it doesn’t have to keep looking it up if you visit several different pages in a row. But the first time you visit a 10twebdesign.com page, your web browser has no idea where 10twebdesign.com is, so it starts the processes of trying to find out.
Let’s Ask Around
So your web browser tells your operating system, “I need to know where 10twebdesign.com is.” It’s possible that your OS already knows, and will just tell your browser, but chances are, it doesn’t know either. What it does know is the address of a preferred DNS server, which is usually owned by your Internet service provider and assigned automatically. So, your operating system heads out to your DNS server to find out where 10twebdesign.com is located.
Your DNS server handles requests from basically everyone in your area that all use the same Internet Service Provider that you do, so it’s much more likely that they might already know where 10twebdesign.com is, and can answer straightaway. Still, it’s more likely that no one has looked it up recently enough, and the DNS server needs to find out, too.
Going to the Source
Your DNS server will now start working backwards; it needs to find out who manages the ‘.com’ domain names. Chances are, it already knows the answer to that, because someone else has recently looked up some other .com domain name, and it would have cached the information, but for the sake of this article, let’s say it doesn’t know and needs to find out.
Your DNS server now resorts to asking a root name server, of which there are only 13 in the world. These servers, named with the letters A – M, are located all over the world and are owned by many different organizations, including NASA, the University of Maryland, and the U.S. Army Research Lab, just to name a couple. Everybody knows where these 13 root servers are, so they can always fall back on them when everything else fails. Your DNS server tells one of the roots, “Hey, I need to know who manages .com addresses,” and the root server responds, “It’s Verisign.”
You DNS server now caches the information from the Verisign server, so that next time someone looks up a .com domain name, your DNS server won’t need to bother the root servers; after all, they are pretty busy, and it would make more sense to just remember and go directly there. It then heads over and asks the Verisign server, “Can you tell me who knows where 10twebdesign.com is?” The Verisign server responds with “They are registered through this domain registrar.”
So, your DNS server now heads over to the domain registrar, and says, “I need to know the name servers (NS) of 10twebdesign.com.” The registrar responds with one of two or more servers that know where 10twebdesign.com is actually located.
At last, we know who to ask. Your DNS server now makes direct contact with one of 10twebdesign.com’s NS servers, and asks, “Where is 10twebdesign.com located?” Our NS server replies, “It is located at 126.96.36.199, and it has a TTL of 14,400 seconds.” Your DNS server takes this information, and caches it so that the next time someone looks up 10twebdesign.com, it can just tell it the answer of 188.8.131.52, and save a whole bunch of work.
Great, Now Everybody Knows
The only issue with this is that it’s possible that 10twebdesign.com might move at some time in the future. That’s where the TTL, or Time To Live, comes in. So, for the next 14,400 seconds, or four hours, you can find 10twebdesign.com at 184.108.40.206. After that, it might change. So, when your DNS server caches the information for 10twebdesign.com, it sets it to expire after the number of seconds specified in the TTL; once it expires in your DNS server’s cache, it will have to look up the information again.
Last, but not least, your DNS server returns the address of 10twebdesign.com to your operating system (that caches the information for the same length of time), and your OS passes the information along to your web browser (which also caches the information), so that it can look up the website hosted there.
The most amazing thing is that, if everything happens as quickly as it should, all of this happens in about a tenth of a second. Now that’s fast.
The Wanted List is powered by a WordPress plug-in created by 10T Web Design specifically for the Belmont County Sheriff’s Office. It allows officers to add pictures and basic information for people on their wanted list directly to their website, without the need to know anything about designing web pages.
It is one of several plug-ins we’ve created for their website, which we also design and help manage. Others allow them to list properties for their monthly Sheriff Sales and help to keep the people of Belmont County aware of the winter road conditions, both of which are managed by members of their staff.
Looking forward to continuing to work with the Belmont County Sheriff’s Office, who have been a client of 10T Web Design almost since we came into being.
Every time a company announces that they are going to stop supporting a piece of software, folks start asking me if they should upgrade. It happened with Windows XP, it happened with Internet Explorer 7, and now it’s happening with Internet Explorer 8-10.
OK, so, every time Microsoft announces they are going to stop supporting a piece of software, folks start asking me if they should upgrade. I’m not trying to be unfair to Microsoft here; at a certain point, you have to stop supporting your software, because continuing to maintain it takes away resources you could be using to create the next product.
Microsoft will stop supporting Internet Explorer versions 8, 9, and 10 on January 12th, 2016, and, let’s face it, if you are still running a web browser that was originally released when Oasis was still together, it’s time for you to upgrade.
Why Should You Upgrade
Well, the most important reason to upgrade is because Microsoft will longer be releasing updates to the outdated browsers. While that might not sound horrible, any time a security vulnerability or bug is discovered in a program, an upgrade is required to fix it. So, after the software is no longer supported, no one is fixing issues that could allow people with bad intentions to run nefarious code on your computer.
Another important reason to upgrade is that old browsers can make websites difficult or impossible to use. We simply don’t design web pages the same way in 2016 that we did in 2009. Many frameworks (like Foundation) don’t even work in IE8, so you might not even be able to use the website you are trying to use.
Finally, maybe the best reason to upgrade, is that Internet Explorer 11 is a pretty good browser. It isn’t my personal browser of choice, but it’s far better than any other version that Microsoft has ever released. Give it a chance.
Why Should You Not Upgrade
It’s what I always hear from folks that say they can’t upgrade their version of Internet Explorer. Because the new version will be incompatible with some web application that they have to use, they are stuck with IE8. Or, (the horror) IE7.
I won’t get into all the reasons that I think this is a awful reason to not upgrade your browser, but I will say that if the web application being used requires a web browser that no longer has security support, then the web application is likely to have security issues as well.
If you find yourself caught in this trap, I highly recommend finding out exactly what applications you are using that require the outdated web browser, and then only using the web browser for those applications. For everything else, give Firefox, Chrome, or any other up-to-date web browser a try. Either of these two are easy to download and setup, and will at least provide you with the updated security that an unsupported version of Internet Explorer won’t.
Beyond “Compatibility Issues,” there would also be the possibility that your computer doesn’t have the recommended resources for running IE 11, but they are fairly low; it’s pretty likely that if your computer doesn’t have the resources that Internet Explorer requires that Windows has ground to a halt already.
There is a new security vulnerability in the wild: Venom. For those of you that remember Heartbleed, this one is even more frightening:
“Heartbleed lets an adversary look through the window of a house and gather information based on what they see,” said Geffner, using an analogy. “Venom allows a person to break in to a house, but also every other house in the neighborhood as well.”
I have verified that 10T Web Design’s server has already been patched and is no longer vulnerable to Venom, however, this is a wide-spread issue. If you are concerned that your server is vulnerable, just contact me with the name of your hosting company, and I’ll be happy to find out for you at no cost, even if you are not currently a client.
Happy Security Sunday! I found this article the other day on Network World, pointing out studies on the dreaded ‘password strength indicators’ that many websites use to nudge folks into using stronger passwords (and generally annoy most everyone).
“Overall, password strength gateways are inconsistent, with some allowing all letters and others requiring different character sets to gain approval, the researchers found. That sends a mixed message to online users accessing many different websites.”
I agree with the article that the overall intention of the strength indicators are good, but for some the execution falls short, and there are significantly easier ways to keep your passwords secure.
I’ve long been a supporter of password managers such as KeePassX (available for Windows, Mac, and Linux; Free) as one of the best ways to keep your online accounts secure. A 20-character long string of random letters, numbers and symbols is incredibly difficult to break, and password managers allow you generate and keep track of them. In addition:
you don’t need to have little pieces of paper laying around with all your passwords on them;
they keep you protected from key-loggers;
every account you have can a different secure password;
and you don’t have to remember them;
honestly, you never have to see them: just copy and paste.
Easy to install, free, and super secure. If you haven’t, give it a try.
With the folks over at WordPress getting ready to release the latest and greatest version, I’ve been taking it for a test drive to check out some of the new features.
There has been a lot of arguing back and forth about Focus Mode, but, personally, the improvement on ‘Distraction Free Writing’ is my favorite feature in the new release. I love distraction free in WordPress, but find it cumbersome to keep turning on and off. Now, you can set it to activate and deactivate automatically whenever you start typing or move the mouse. No need to turn it on and off.
Another nice new feature is the ‘Visual’ image mode. For new users, one of the least intuitive tasks to complete in WordPress was getting your images aligned the way you wanted them. With Visual Mode, clicking on an image will provide you with a floating menu that allows you to quickly change where the image is positioned in the post. You can also open up an edit dialog to change the image’s size, too. I thought that the previous method of aligning images was fine, and wasn’t initially excited when I heard about this change, but after having tried it out, I have to admit it’s handy.
Language Pack Installation
One of the great things about WordPress is how many different languages it’s been translated into, but it’s always been a pain to install language packs. With WordPress 4.1, language packs can be installed directly from the settings page; all you need is the proper write permissions (which, chances are, you have), and installing a new language is a breeze.
Under the Hood
Developers will find some new fun stuff, too, including improvements to the Query classes; the updates allow for nested queries based on date, metadata, or taxonomy. For example, if you had posts with ‘author’ and ‘genre’ metadata assigned to them, the following would grab all Horror by Stephen King and Tragedy by William Shakespeare:
Also worth mentioning is the release of the latest default theme, Twenty Fifteen. It is a blog-first design, featuring Google’s Noto Serif font, which displays nicely with a variety of language and devices. Very nice and clean; screenshots can be found here.
And that’s about it. Overall, a nice release, but no doubt some will find more use for the changes than other. I especially like that there are good improvements for both new users and seasoned developers. The 4.1 release candidate was released on the 11th; WordPress 4.1 is expected to ship on Tuesday, December 16th.
I love Twitter; it’s probably my favorite social website. Everything is right this second, what’s going on right now, and in 15 minutes a tweet is old news. Not to mention how interesting trends are.
There is one thing I don’t love about Twitter: It is really easy for someone to impersonate you, and there are just way too many accounts for Twitter to self-police.
So what do you do if, like me, you find out that someone is pretending to be your business?
First things first, you have to find out if someone is impersonating you. Use the Twitter search tool to do this:
Type in your business’s name (not your Twitter handle) into the search bar.
If someone is impersonating you, you are going to see more than just the one result. (If you have a common business name, you might have to click on ‘Search all people for…’ just to be sure.)
If your business is the only ‘you’ there, you are in good shape; it doesn’t seem that anyone is impersonating you. If there are multiple ‘yous’ there, make note of their Twitter handles (i.e. @10TWebDesign), as you’ll need them later.
Determine if any Twitter Rules Are Being Broken
OK, I know what you are thinking: They are pretending to be me, of course there are rules being broken!
Unfortunately, it isn’t that simple.
Parody accounts are fully protected at Twitter. If they are upfront with the fact that they are not the real you, provided that they are not using any images to which you own the copyright, there is probably very little you can do about it.
Fan accounts are also fully protected, again provided that they are not infringing on any image copyright.
Accounts that have a similar (or the same) name as your company, but are in no other way attempt to present themselves as your company (especially if they state they are not affiliated with you) are also not a violation.
If the offending account doesn’t fall into these categories, you have a good chance of getting the account deactivated, especially if they are using your profile and header images.
Filing the Complaint
Time to make the Head Twitter-birds aware of the copycat account. Twitter handles all impersonation complaints using this impersonation complaint form on their support pages. Some tips to make sure your complaint gets approved:
Be honest with your answers, especially the one about having a trademark. If you don’t have one, don’t tell them you do. Your complaint won’t be denied if you don’t have a trademark registered. Telling them you do and then not being able to give them proof will.
File the complaint from your company’s email address. It should be ‘firstname.lastname@example.org,’ not ‘email@example.com.’ (If you don’t have email set up at your business’s domain name, why not?) Filing it from a third-party email provider forces Twitter to verify you are the real you.
In the “How is this account pretending to be your brand, company, or organization?” section, don’t just click every box. Do the work to search through any only select the items that are really true. Clicking every box will likely get your complaint ignored, while selecting even just one box can be grounds to have the other account removed.
Wait for a Response
Give the good folks at Twitter time to work. Just because you filed the complaint at 8:32 AM doesn’t mean that the offending account will be down before your morning coffee break. Give it a few days, maybe a week. If you still haven’t heard back from them, shoot a tweet over to @Support and (politely) tell them that you had filed an impersonation complaint and ask (politely) if they have an update.
That Does It
It’s a good idea to check every month or two just to see if anyone is pretending to be you. Hopefully you won’t find anyone. If you do, feel honored that you are being impersonated, follow these instructions, and you should have no problems. If you have any questions, just drop me a line.
OK, I don’t often link to other web design companies blog posts, but this one was too good to not share. It’s from a web design company over in London, England called Four to the 4. The company’s owner, Geoff, takes a look at how discount website builders don’t give you your money’s worth, even when they are free.
His major points include:
Their designs are typically not very good and are usually built using outdated technology.
They use a very small number of designs for their customers, making thousands of websites look almost exactly like your website.
Free doesn’t usually mean free. It means free for the trial period.
10T Web Design is very happy to announce the relaunch of the Belmont County Recorder Office’s website. The site features a custom designed, fully responsive theme. It also has a CSS only slide show that displays correctly, even on mobile devices, not to mention links to the updated online deed lookup through the US Land Record’s website.