You may have recently received an email from Google Search Console warning you that your website is being flagged as Non-Secure Collection of Passwords as can be seen below;
If you have been sent a message like this, you need to act before it is too late. You have received this message because your website is running over HTTP instead of HTTPS on pages that you collect sensitive information. Whenever either you or your users enter sensitive information on any website using HTTP, i.e. http://www.contradodigital.com/wp-login.php then this information can be seen in transit by anyone listening in on the network.
What you need to do
The solution to resolving these warnings is actually relatively simple. If you want to have a go at this yourself, then make sure you claim your free SSL certificate and update your website accordingly. If you need any help implementing this then get in touch and we can help you with the process.
Google Search Console, formerly called Google Webmaster Tools, has started to inform WordPress website owners when security updates are available. This is a great effort by Google to help website owners and businesses keep their websites safe and secure with regular WordPress security maintenance.
While this is a great step forward, as a business owner you must not wait until you see these kinds of messages from Google until you take action to update your WordPress website. These messages are purely focused at the WordPress Core files, which is only a small part of WordPress security. If you think of security like you would with a building, imagine WordPress Core files being your front door. Just because your front door is locked, it doesn’t mean that you haven’t left your windows, back doors, side doors and garage unlocked and open. It is the same concept with WordPress security. You must be taking proactive measures to protect your website against hackers.
If you aren’t sure how to go about dealing with WordPress security, then fear not, drop us an email and we can talk you through the options available.
WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. If you are unsure how to deal with WordPress security updates, get in touch and we can manage your WordPress security updates for you.
WordPress versions 4.7.1 and earlier are affected by three security issues:
- The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
- A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.
- An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint. Reported by Marc-Alexandre Montpas of Sucuri Security. *
Thank you to the reporters of these issues for practicing responsible disclosure.
Download WordPress 4.7.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.2.
Thanks to everyone who contributed to 4.7.2.
* Update: An additional serious vulnerability was fixed in this release and public disclosure was delayed. For more information on this vulnerability, additional mitigation steps taken, and an explanation for why disclosure was delayed, please read Disclosure of Additional Security Fix in WordPress 4.7.2.
It’s taken a good few months of organising everything in the background and we’re finally here. Blackburn WordPress User Group, BeeWUG is now officially starting which will be running on the first Wednesday evening every month in…. Blackburn at the College who are kindly supporting the local WordPress community.
BeeWUG is a free community event open to everyone wanting to learn more about WordPress. Whether you have an interest in WordPress, are using WordPress professionally or just want to come along and meet some great people, get involved. Look forward to seeing you there.
Head over to the BeeWUG website to find out full details and book onto the next free event which is on Wednesday 2nd November: https://beewug.uk/2016/10/17/beewug-2nd-november-2016/
Book directly onto the event here: http://www.meetup.com/Blackburn-WordPress-Meetup/events/234930231/
Follow us socially to keep up to date;
And make sure you sign up to the mailing list on the BeeWUG website.
We recently wrote about how awesome the new Accelerated Mobile Pages (AMP) technology is for improving page load times on your website. Well, yes it is, but something to bear in mind that we’ve just come across. Google recently wrote a blog post about how to set up Analytics on your AMP pages only 4 days ago, which quite frankly is a little slow since we’ve been using AMP technology for well over 4 months now and it has never been on our radar that this wouldn’t be tracked by default out of the box. Anyway, we’ll let this one slip.
The crooks of it though is that you’re probably not including tracking on any of these AMP pages that you’ve implemented which is a tad annoying. From a WordPress perspective, make sure you’re using the AMP Analytics plugin which will add Google Analytics tracking to your AMP pages when they are loaded by web browsers and Google. You could be missing out on a significant amount of tracking data when tracking the performance of your campaigns. For anything non-WordPress related, you’ll have to get into the tech to implement this manually within your web application which is certainly going to be a tad more time consuming. Drop us an email if you need any help with getting this set up on your own websites and web applications.
Something which has been on our own to-do list for far too long than I’d care to admit, we’ve finally got around to automating our email marketing campaigns. Firstly, if you aren’t on our mailing list yet, why, it’s awesome and we share some amazing content like this you’re reading now. Secondly, get signed up at the bottom of this page by entering in your email address.
Now let’s look at what we’ve recently got set up and how we’ve automated our entire email marketing campaigns so we can spend more time focusing on writing great content, running events and training courses and generally connecting with businesses and people much more efficiently. Why spend time doing something manually if you don’t need to, right?
What’s Wrong with Manually Sending Email Marketing Campaigns?
Ok, so let’s quickly cover this one. Firstly, if you are sending email marketing campaigns through something like Outlook, you are doing it all wrong. Head over to our Really Simple Guide to Email Marketing to understand why.
Now, we’re assuming you’re using an email marketing tool such as MailChimp. And do you know what, sending email marketing campaigns manually is absolutely fine. There is nothing wrong with doing this at all. But. If you are sending email marketing campaigns manually to share content such as Blog Posts or Events that you are running, you are wasting time doing this manually when you could automate the entire process. It’s all about saving time so you can be more productive in what you are doing.
So let’s look at how you can automate your email marketing campaigns with WordPress and MailChimp.
WordPress RSS Feeds
If you didn’t already know, virtually every type of content on your WordPress website has an automatically generated RSS Feed URL that can be accessed when you know where you are looking. Take a look through the WordPress RSS Feeds List for information on where to look.
For example, here is our main Blog’s RSS Feed URL if you want to take a look what this looks like;
Find the relevant RSS feed that you want to use to send email marketing campaigns to your audience as you’ll need this shortly.
Within MailChimp you can segment your Lists into different Groups based on what people have subscribed to. There are many way of organising your MailChimp subscribers, so we’re not going to cover that right now. For the purpose of this blog post, we’re going to use Groups to segment a single List based on what people are interested in which helps to keep everything easy to manage to avoid duplication.
To create a Group in MailChimp you navigate to your List, then click on Manage Subscribers then Groups which will allow you to enter in specific information about how you want to group people together.
The reason you want to create a new Group is so that you can allow your audience to subscribe to multiple different groups from the same Newsletter. This allows you to send emails to specific groups of people within your mailing list. Simply configure the relevant settings for yourself as this information will display when a user is updating their subscription preferences;
Ok, so now you’ve created a group, let’s start to join everything together. In the first instance you can even migrate people into specific groups should you wish.
Here is how the data you enter in this section will display when the user is managing their profile on your newsletter.
MailChimp RSS Campaigns
Create a Campaign
Firstly, create a new campaign in MailChimp but be sure to select an RSS Campaign as the campaign type as this comes with a few handy settings that have been automatically built in for you.
Confirm your RSS Feed Settings
Enter in all of the settings related to when you want to be sending your campaigns and where the data is coming from. In this example, we’re looking to send out content from the Developer Blog so we enter in this information here.
Select Your Recipients
Next you need to select who you are sending the emails to. Here you are going to want to send emails to a Group of users you have just created earlier. This could be for a specific set of content on your website or even a specific interest if your website has multiple interests on there.
There are a lot of options here so we’re not going to cover everything. Use the options that are best suited for your individual needs.
Personalise your Campaign Information as Usual
If you are reading this blog post, you’ll already be used to creating your campaigns as normal and personalising the relevant information so we’ll skip over this bit here. Just make sure you do this when you are creating the campaign.
Choose an RSS Template
Simplicity is key here which is why you should choose one of the default RSS templates which you can select. This will automatically include lots of handy information for you which will speed up your development for sending RSS campaigns.
Design your Email Template as Usual
Again, we’re not going to cover this part here. All of the pre-populated fields have been created for you when using an RSS template, so you’re all good to go. Simply personalise the look and feel of your campaign as you see fit.
Preview & Test
The next step is to preview and test your campaign. This is so important to do as you can really annoy people when you mess up a campaign and send it out with missing information and or incorrect information.
Start RSS Campaign
Then you’re good to go, start your RSS campaign running and you will never have to worry about manually sending email marketing campaigns again.
This really is just the starting point about what you can do when you start to automate your email marketing campaigns. Take the time to think through what you are doing, why you are doing is and what you are looking to get out of it. Automation can save you so much time when you think strategically about what you are doing.