WP Upgrader launches GDPR Consent Plugin for WordPress

WP Upgrader launches GDPR Consent Plugin for WordPress

With the General Data Protection Regulation (GDPR) about to be enforced, many website owners are also challenged: How do you make sure your website is compliant with these new rules? We have already discussed how you can make your website GDPR-proof with diverse WordPress plugins. Still, we kept missing one crucial plugin.

In order to meet the new, ‘privacy by default’ rule, WordPress plugins are only allowed to gather user data after your visitors have given you permission to do so. In other words, your website has to be accessible without personal data being gathered by default. The easiest solution for this — a cookie wall for your entire site — will no longer be allowed. So, how do you activate these WordPress plugins after your visitors have given their explicit consent?

GDPR Consent Plugin (€ 39/year)

For WordPress websites in Europe, WP Upgrader introduces the GDPR Consent Plugin: a plugin for WordPress that allows you to ask your customers’ permission before other WordPress plugins (and scripts) start gathering personal data. This way, you stop your site from gathering personal information before visitors actually allow you to do this.

How does the GDPR Consent Plugin work?

Step 1:
After having purchased the GDPR Consent Plugin, you have to determine which sections of your WordPress website gather personal data. Think in terms of plugins, but perhaps it may also apply to several scripts in your footer and/or header. You can sort this out by making use of the free GDPR-checklist for your WordPress website.
Personal data that is gathered, can be categorize in separate permission groups, such as ‘Statistics’, ‘Adverts’, and ‘Functional’. Inform yourself of the types of permission groups below this article.

Step 2:
Place the [gdpr_consent_settings] shortcode on the page where your visitors are allowed to edit their privacy settings. Then, activate the ‘Consent Bar’.

Step 3:
From this point onward, visitors will be shown a slim bar at the bottom of their screen upon their first visit informing them of their rights. On the privacy settings page they can now indicate whether or not they want to allow additional data to be gathered. For instance, to receive customized advertisements. Only when they give permission, will these plugins be activated for this particular visitor.


[/av_textblock]

Tip

View the demo here: demo.wpupgrader.com

Does this make my WordPress website GDPR-proof?

The GDPR Consent Plugin is a tool to assist you in making your WordPress website GDPR-proof. This doesn’t mean that, by simply installing the plugin, your website will be automatically compliant.

Inform yourself on the impact of the GDPR on your WordPress website to get an impression of the additional aspects you have to take into account. Consider a solid privacy-statement on your website, ‘I agree’-tick boxes for contact forms, and a handling agreement with your hosting and administrative party. Also, take note that the GDPR will impact your entire organisation (for instance due to the right to have data erased from all records in your organization). Logically, such things are not solved by merely building a plugin into your website.

What kind of permission groups are there?

Common permission groups (‘Consents’) are groups such as ‘Functional’, ‘Statistics’, ‘Social media’, ‘Adverts’ and ‘Remarketing’. Certain organizations may set up specific labels for themselves. NPO.nl, for instance, makes a separate request for allowing ‘NPO Recommendations’.

You can define your own permission groups (‘Consents’) within the GDPR Consent Plugin. Some WordPress websites will use a Facebook pixel, remarketing plugins, etc., and then list them all under the ‘Adverts’ group. Others may prefer to split these into separate groups, like ‘Adverts’ and ‘Remarketing’.

Whatever your approach, it is important that you define your permission groups in such a way that visitors are not forced to activate plugins they do not necessarily need. Should a visitor agree to becoming part of statistics, for example, then this does not give you free range to automatically place cookies for social media sharing.

Celebrate consent!

Few visitors will explicitly give their consent to flooding them with ‘Adverts’ and ‘Remarketing’. This is why you will have to thoroughly explain what the added benefits are for doing just that. Terms like ‘Functional’, ‘Statistics’, ‘Social media’, ‘Adverts’, and ‘Remarketing’ are very technical in nature.

However, instead of having visitors mark the ‘Adverts’ and/or ‘Remarketing’ tick boxes, you can approach things from an entirely different perspective. Once you explain to them that you can optimally facilitate special offers, you may find the ones that do give permission, to be a smaller, but more committed target audience for your organization.

10 WordPress plugins to increase your conversion rate

10 WordPress plugins to increase your conversion rate

In this article, we’ll talk about WordPress plugins that can substantially improve the conversion rate of your website. Please note: it’s no use installing ALL plugins. Consider which WordPress plugins actually lead to the kind of conversion you want. In case you need help with this, then read our tips on how to determine your online strategy.

We’ve divided the WordPress plugins into four common calls to action (some plugins appear in more than one category):

WordPress plugins for newsletter subscriptions

Do you want visitors of your WordPress website to sign up for your newsletter? Then we’ve listed the best WordPress plugins for newsletter subscriptions for you.

1. Ninja Popups ($ 25)

Ninja Popups is still one of our favorite plugins when it comes to collecting e-mail addresses on your website. The plugin is flexible, you can choose from many different pop-ups and you can choose the exact moment to show the pop-up (for example when the visitor is on your website for more than 30 seconds, when he’s scrolling, or rather right when opening the page). Also, you can send the new e-mail subscriptions directly to your favorite e-mail marketing software (like MailChimp or CreateSend). Make sure the pop-up is not full screen, because Google doesn’t like pushy pop-ups.

2. Elegant Bloom Email Optin ($ 89 per year)

Elegant Themes gives you one year access to a lot of plugins and themes for $ 89 per year, among which there’s Bloom Email Optin. You can choose from many beautifully designed pop-ups, opt-in bars and banners to let visitors subscribe to the newsletter. The nice thing about Bloom Email Optin is that you can also place the call to action as a widget in the sidebar or footer. This is something Ninja Popups does not offer. Bloom Email Optin is in comparison a rather pricy alternative, but worthwhile, if you also want to make use of the beautiful themes and the Divi content builder that Elegant Themes offers.

3. ConvertPlug ($ 21)

With ConvertPlug, you can choose from many different pop-ups for very little money. Subscriptions to your newsletter can be linked directly to your favorite e-mail marketing software, and there are flexible options to set up the pop-ups. The design of some of these pop-ups is in detail not always that great, but if you have some knowledge of CSS, then ConvertPlug is a good and cheap solution.

4. Thrive Leads (one time $67)

Thrive Leads is our most favorite plugin, because it is the most extensive one, and offers all the features of the above-mentioned plugins. You can make all kinds of pop-ups, but also do A/B testing, create Content locks (content is made available after you’ve given your e-mail address), Multiple Choice forms, etc. A big advantage of this plugin is that you get free updates for life after one single purchase. When you are a WpUpgraders customer, you can try out this plugin for free for a year.

WordPress plugins for forms

Sometimes catching someone’s e-mail address is not enough; for example, when the purpose of your website is to collect warm leads that want to be called back. In that case, you want at least a name and phone number, and a contact form with a flexible configuration is what you’re looking for. We’ve listed the best forms plugins for WordPress for you.

1. Gravity Forms ($ 39 per year)

Gravity Forms is still our favorite forms plugin for WordPress. The plugin has been around for years, it has a good reputation and is very well maintained. This is important, because collecting customer data requires a well-secured plugin. Granted; when it comes to design, there are other forms plugins for WordPress that look much more modern, but if your theme includes support for Gravity Forms – or if you’re pretty good with CSS – then this is still the plugin you want. Gravity Forms saves the subscriptions for you in WordPress, but you can also have them forwarded to e-mail addresses, external CRMs or marketing software.

2. Formidable Pro ($ 49 per year)

Formidable Pro is somewhat more complicated than Gravity Forms, but it also allows you to make simple applications. You can make forms entries publicly searchable, which allows you to, for example, create a review system on your website. In case you will be needing this kind of system on your website in the future, then Formidable Pro is a nice two-birds-with-one-stone plugin that’s worth buying.

3. Contact Form 7 (free)

The most well-known and widely used WordPress plugin for contact forms is still Contact Form 7. This plugin is completely free and has all the basic requirements; you can create forms, and visitors can fill them out. However, the entries are not saved on the website (so, if you don’t receive them by e-mail then they’re lost) and there’s no link to third parties included in the standard package. On the other hand, there are hundreds of add-ons for Contact Form 7 that offer such extensions. But if you think you’ll be needing those, we’d rather recommend one of the above-mentioned plugins; they have proven to be very reliable – with OR without add-ons.

WordPress plugins for direct contact

When we say direct contact, we mean the possibility to contact you with just one click. Contact forms (or newsletter subscriptions) are not included in this category, because the visitor has to do more than just clicking once. Depending on the branch you’re in, offering direct contact on your WordPress website can be very attracting (or even necessary). Think of websites for car dealers, but also web stores, real estate agents, etc. There are several plugins that create the possibility to make direct contact on your website.

1. LiveChat (free trial, then from $ 16 per month)

With LiveChat visitors can start a chat session on your website with just one click. With the LiveChat app on your phone, you can also respond while travelling. Are you not available? Then the chat will not be visible on your website. The WordPress plugin LiveChat is integrated into your WordPress website with just a few clicks. Plus, you can try out the service for free the first 30 days.

2. YITH Live Chat (free)

The YITH Live Chat plugin requires a little more configuration than the previous one, but a limited version is available for free. You do have to integrate the plugin using Firebase, a Google service for mobile applications. This service has a limited free version, but you have to pay once you start using it more frequently. If you like playing with settings options, you should definitely try YITH Live Chat.

3. Really Simple Click To Call Bar (free)

Did you know you can link buttons on your WordPress website to a phone number? When you click it, your device will directly call the phone number. For laptops and desktops this is, of course, of very little use, but for mobile visitors it can be very useful to be able to call you with just one click. The plugin Really Simple Click To Call Bar does exactly what its name implies; for mobile users, it adds a bar at the bottom of the website with a clear button: ‘Call us’. When you tap it, you immediately make the call.

WordPress plugins for social media conversion

Social media can be used in different ways to increase the conversion rate of your WordPress website. This works on two levels; first of all, you can convince the visitors of your WordPress website to follow you on social media (e.g. ‘Follow us on Facebook’. Secondly, you can use your WordPress website to feed your social media channels with new content, so you keep attracting your visitors to your website. Note: always keep step 1 in mind: does the integration of social media serve your strategy and objective?

1. Ninja Popups ($ 25)

Ninja Popups is not only good for e-mail marketing, but you can also use it to gather followers on social media. For example, you can show pop-ups on specific pages where you invite visitors to follow you on Facebook. It helps when you briefly explain to them the advantages of following you. For example, being informed on interesting offers or relevant messages.

2. ConvertPlug ($ 21)

ConvertPlug also offers social media integration beside e-mail marketing. The nice thing about ConvertPlug, is that you can also use pop-ups to tell your visitor about certain messages you’ve shared on social media. So, the plugin can be used to get more followers, but also to increase your range among your followers!

3. Jetpack Publicize (free)

Jetpack Publicize makes it easy to automatically share recently placed messages on your WordPress website with your social media channels. This is very practical when you want to efficiently increase your range of your WordPress website. There are very many WordPress plugins like Publicize, but we still find Publicize the easiest to work with. Publicize is part of Jetpack; a free plugin package that allows you to activate or deactivate different functionalities (so, you can install the package, but only use Publicize).

6 Plugins to Make Your WordPress Website GDPR-Proof

6 Plugins to Make Your WordPress Website GDPR-Proof

As the new privacy law — the General Data Protection Regulation (GDPR) — is about to come into effect, all sorts of plugins are marketed to help you get GDPR compliant. In this article we cover six practical WordPress plugins that enable you to make your WordPress website GDPR-proof!

GDPR Consent Plugin (€ 39 per year)

For WordPress websites in Europe, Sowmedia launches the GDPR Consent Plugin: a plugin for WordPress with which you first ask permission from your visitors, before your other WordPress plugins (and scripts) start collecting personal data. This way you prevent your website from already collecting personal data before your visitor has given permission for this. The GDPR Consent Plugin lets you define exactly which consents you want to request of your visitors, allowing you to present a clear overview of unique required and optional consents for your visitors to interact with. This GDPR Consent Plugin is the most complete WordPress cookie & consent plugin of all.

Delete Me (free)

The GDPR issues the ‘right to be forgotten’. This basically means that you have to be able to erase someone’s  personal data within a reasonable timespan upon their request. You could, of course, do this manually, but the WordPress plugin Delete Me offers your visitors to it themselves — that is, when it comes to data gathered by your website. Users can remove all their own posts and links, including their reactions to articles.

This plugin particularly comes in handy when you have a subscriber website or an active user group that regularly responds to your articles. Be aware, though, that this plugin will not remove data stored separately by additional plugins you may have added to your WordPress website.

Wider Gravity Forms Stop Entries (free)

The Gravity Forms plugin is our number one favorite plugin to build advanced forms for WordPress websites. Its form entries are stored in your WordPress site, but can also be mailed or forwarded to third parties, such as email marketing software. In case your entries are directly forwarded to another system, you may not need to additionally store these entries in your WordPress site.

The GDPR requires you to refrain from needlessly storing user data. This is why the Wider Gravity Forms Stop Entries is so convenient. This plugin removes entries immediately in your WordPress database, so form entries will only be stored in your external systems (or your mailbox). The only drawback is that you don’t have a backup of these entries any more in case you discover the link to your external system to be unresponsive, for instance. Alternatives to tackle this are the plugins below.

Gravity Forms Encrypted Fields ($ 27)

Do you store Gravity Forms entries within your website? Then you can protect these by encrypting them. The WordPress plugin Gravity Forms Encrypted Fields ($ 27) does this for you. User data is encrypted by this plugin within the database. Next, you can configure which persons are allowed to view specifically allotted entries. This may be required, particularly when you are gathering high risk personal data (like Social Security Numbers or medical information) that is not meant to be seen by all WordPress editors and administrators.

WP GDPR Compliance (free)

The GDPR demands ‘explicit consent’ of your visitors to allow you to process their data. Whether you want your visitors to subscribe to a newsletter, fill in a contact form, or react to a message, permission is required. Such explicit consent can be realized by virtue of providing a tick box for example. However, should a tick box be marked by default, then you are overriding the ‘privacy by default’ principle.

Forcing explicit consent in your WordPress website is largely done manually. Again, make sure that tick boxes aimed at having users agree with your terms, are not ticked by default. Fortunately, WP GDPR Compliance imbeds such tick boxes for you and supports plugins like Contact Form 7, WooCommerce and WordPress Comments. The author of this plugin has announced future support for other plugins as well.

Policy Genius (free)

An important part of GDPR compliance is making your privacy policy transparent. It is common practice to facilitate a link to a privacy policy in the footer of a website. Drawing up such protocols can be quite an endeavor. However, once you have constructed one that is explaining your policy in a clear and complete manner, you can then refer to it from any part of your website (for instance, places where you ask your visitors’ explicit consent).

The free WordPress plugin ‘Policy Genius’ helps you draw up a privacy policy in a few easy steps. This is no guarantee, however, that your policy then meets all requirements. It would be best to consult a lawyer to be safe.

The Impact of the New Privacy Law (GDPR) on Your WordPress Website

The Impact of the New Privacy Law (GDPR) on Your WordPress Website

As from the 25th of May, 2018, the new privacy law (GDPR) comes into force. From then onward, all of Europe will have to abide by the same privacy regulations. The Dutch Wbp will be suspended and replaced by new regulations for processing and editing personal data. These new rules apply to your WordPress website too should you have a contact form, make use of Google Analytics, or have a webshop. In this article we explain how the new privacy law operates and what applies to your WordPress website and, therefore, deserves your attention.

This is no juridical article and no rights can be derived from its content.

Moving from a user agreement to a handling agreement

The former privacy law already required a secure processing of personal data, which was to be defined in a user agreement. The new law requires every European organization to be able to account for a secure handling of all personal data, which is to be recorded in a handling agreement. This means that you, first of all, need to know exactly what kind of personal data your organization gathers.

Secondly, you need to be able to guarantee that personal data you share with third parties, is also protected; such as personal data you share with your accountant, with your CRM or within your email marketing software. This applies to software of non-European origin as well (e.g. software supplied by American companies). You are obligated to make agreements with all your suppliers. Practically, this means the GDPR has an impact on privacy policies of organizations worldwide.

You also need to make agreements with third parties that have access to your WordPress website; like your hosting party, editors, administrators and parties that can access personal data via a plugin.

What is personal data?

What is considered to be personal data? And, when is this data deemed privacy-sensitive? Basically, all data that can identify a person as an individual. For instance, when someone fills in a contact form on your WordPress website. Data like,

  • name
  • postal address
  • email address
  • location data (e.g. GPS coordinates)
  • IP-addresses

Keep in mind that company information (e.g. the name of an organization, email address, postal address, etc.) is not considered personal data.

When is personal data regarded as extremely privacy-sensitive?

On top of ‘standard’ personal data, there is an additional category: ‘privacy-sensitive’ personal data. Should you handle data within your organization that is categorized as such, then there are additional requirements. These requirements also apply to your WordPress website, when you gather data that involves,

  • Social Security Number
  • Race
  • Medical information
  • Sexual orientation
  • Religious / political preference

What rights do consumers have?

As mentioned before, the goal of the new privacy law (GDPR) is to protect the rights of the end user (consumer). This includes visitors of your WordPress website. But what exactly are their rights, and what can they demand from you as an organization?

Inform, permit and refuse

People have the right to be informed before their data is being gathered, edited and processed by your WordPress website. Users must give their explicit consent to this, too. This means providing a cookie announcement in the footer of your website, giving the option to sign up for a new letter via a tick box (that is not checked by default!). Ultimately, users must be given the option to withdraw their permission at any time, for instance by unregistering or reviewing the cookie settings again.

Easy access

Individuals you have gathered personal data from on your WordPress website, are allowed to request this data from you. Organizations have to deliver this data within a month and are, in principle, not entitled to charge any costs. In addition, there is the data portability right: personal data must be able to be inspected in a reasonable manner. Excel sheets or CSV files are relatively easy to open, but a direct database dump is not.

Edit, limit and remove

Consumers are entitled to ask you to rectify faulty information, as well as request to refrain from further editing of personal data (apart from storing it). Also, every person has ‘the right to be forgotten’. Put differently, upon request you will have to be able to remove people’s data completely.

The GDPR and marketing automation

Quite possibly, you make use of marketing automation in your WordPress website. This may consist of email marketing software reminding you to respond to a comment, or to send a follow up mail once the first email has been viewed. Or perhaps adverts that are shown based on customer behavior.

People have the right to demand from you that your software cannot make automated decisions based on their data and/or behavior, unless you have explicitly have asked their permission. Therefore, in case you use marketing automation, make sure you explicitly ask your visitors permission, as well as inform them that automated decisions are made based on their personal data.

How serious is all this GDPR stuff?

The penalties that can be imposed by this law are considerable. That is, fines can run up to € 20 million or up to 4% of the annual revenue. The provided ‘grace period’ that lasts until May 2018, foretells that the GDPR will be seriously upheld. Moreover, the GDPR is applies to every organization within Europe; not only the bigger ones or the multinationals.

Make sure your WordPress website is GDPR compliant

There are many aspects to take into account in order to make sure your WordPress website complies with the new GDPR regulations. Make sure you do a Checklist: Is Your WordPress website GDPR Compliant?

Checklist: Is Your WordPress Website GDPR Compliant?

Checklist: Is Your WordPress Website GDPR Compliant?

By May 25, 2018, every European organization has to comply with a new privacy law to be allowed to process and handle personal data. This applies to the personal data you gather via your WordPress website as well. We already posted an article on the impact the General Data Protection Regulation (GDPR) has on your WordPress website. In this article, we provide you with a clear-cut checklist to help you determine whether your WordPress website meets the GDPR requirements.

This is no juridical article and no rights can be derived from its content.

1. Inventory and document

To start off, describe the target group(s) that visit your website. Then make up a spreadsheet in which you document the kind of personal data your WordPress website collects for each group (inform yourself here on what the GDPR marks as personal data). As you specify per target group, you’ll reduce the risk of missing something. Complete this inventory by checking the following list:

a. Hosting & Administration

External service providers have access to your website as well. Check how they handle your data and if you have made the right agreements with them.

  • Hosting Party
    • Theoretically, your hosting party has access to all data on your website. For this reason, you will have to make a processing agreement with your WordPress hosting party.
  • Managed hosting, external developers and administrators
    • Which administrators have access to your WordPress website? Should you contract certain bureaus (or freelancers) to work on your WordPress website, then you will have to set up processing agreements with them as well.
  • Backup Locations
    • Where and how does your hosting party make backups?

b. Plugins

Log in as administrator on your WordPress website and answer the following questions to complete the list above. In WordPress, go to ‘Plugins’, then locate what data is being collected by each plugin and determine whether this data is being stored or not:

  • Contact forms (e.g. Gravity Forms)
    • What information do you require from your users? And where is it being stored?
  • Usernet plugins (e.g. Ultimate Member, BuddyPress, etc.)
    • What profile information is stored for each user? And, what else can possibly be deduced about your users through membership? Think in terms of political activity, religious preference, financial status, or sexual orientation.
  • E-commerce (bijv. WooCommerce)
    • E-commerce will contain basic personal data, such as names, addresses , and banking details. However, it also reveals the kind of products people order. Do you, for instance, sell magazines with a political affiliation?
  • Email marketing widgets (e.g. sign up via MailChimp or CreateSend)
    • Which information do you require? What will you do once you obtain it from your users, and to which service do you forward it?
  • Links with external services, like accounting packages
    • g. a link between WooCommerce and Exact Online
  • WordPress reaction plugins
    • g. Akismet, which filters spam based on data gathered from your users’ reactions, email addresses and IP-addresses. Or, Disqus, which stores such information as well.
  • Safety
    • Safety plugins, like Wordfence, process IP-addresses and user locations for instance.
  • Backup plugins
    • Complete copies of your site are privacy sensitive should they end up in the wrong hands. Where are backups stored and how are they secured?
  • Statistics
    • Like Google Analytics or Google Tag Manager: are you aware of which parts of your users’ data is being stored.
  • Logging
    • For instance, activity monitors that register user activity.

c. Services outside the EU

Check whether you make use of services outside the EU. For instance, American service providers, for instance, that may process data from your website. Verify if they are GDPR compliant.

d. Duration

Check how long personal data is stored and ascertain yourself that this is done no longer than necessary. The following step will help you consider whether this time span is justifiable.

e. Other

Which users have access to your website, and are their pass words up to par? Are you using marketing automation or A/B-testing? If so, have the subjects been informed?

2. Justify

You have to be able to justify reasons for all personal data you are storing on your WordPress website. Make sure your data gathering stays within the boundaries of the law. If you intend to store data on your WordPress website, then this is only allowed when meeting one of the following criteria:

  • Because it is by consent, backed up by an agreement
    Like paid subscriptions on your WordPess website for which you need users’ banking details.
  • Because you are obliged to record this by law
    Like customer data in your WooCommerce shop that you also need for your administration according as the Tax Administration demands.
  • Because you have been given explicit consent to do so
  • By virtue of a cookie announcement on your WordPress website or a registration form by which one subscribes to your newsletter. Make sure that,\
    • consent is freely given (users are not to be misled or forced)
    • consent is explicit (that means no tick box checked by default!)
    • consent needs to be given per component (e.g. someone registers for an event, and also subscribes for a newsletter)
    • users have to be able to withdraw their permission.
  • Because the gathering of this data is justifiable
    Like tracing the location of a logged in user as an additional safety check to determine if the user is logging in from a likely location on the planet. Of course, determining what is justifiable data gathering is somewhat of a grey area. All the more reason to explain in detail why you consider it justifiable. And, when in doubt, you may want to consult a lawyer.

Go through the inventory list (step 1) and check each item for its justification.

3. Confine

Remove personal data that you cannot legitimately gather and store in your WordPress website.

Deactivate plugins that can’t do so either, or search for alternative plugins that do comply.

4. Draw up Procedures

Record different protocols for situations that may occur in the future. Make sure it is crystal clear which information is to be found where, so you won’t have to figure that out later on. In any case, record the following procedures:

  • Personal requests
    Individuals may demand access to their personal data stored by your WordPress website, but may also want to edit or delete their data.
  • Safety
    Record how you will guarantee data to remain confidential, now and in the future. Think about a consistent update policy for your WordPress website, plugins and theme, but also a safe back up storage and a complex password policy for every new user that is added.
  • Data breaches
    In case of data breaches, you are required by law to inform the Personal Data Protection Authority within 72 hours. Therefore, make sure you have a phased plan ready, as speed is crucial in such cases.

5. Inform and ask for permission

Inform visitors of your WordPress website in a clear and transparent manner. This can be realized by clearly referring to a privacy statement, for instance in the footer of your website and in the cookie statement. Also, ask visitors of your WordPress website explicitly for permission of data handling activities as documented in your privacy statement. Make sure that you get their permission as described in step 2c.

Manual: Setting up Yoast SEO for WordPress

Manual: Setting up Yoast SEO for WordPress

With the free WordPress plugin Yoast SEO ((search engine optimization) you optimize your WordPress website for search engines. But how do you set up this plugin of Dutch origin? In this article, we’ll explain step by step how you can set up your WordPress website for the ideal search engine optimization.

In this manual

1. Install Yoast SEO plugin
2. Yoast SEO Configuration Service
3. Fine-Tune WordPress for SEO
4. Fine-Tune Yoast SEO
5. Link Search Console
6. Resolve Notification Issues
7. Write Content
8. Content Strategy

1. Install Yoast SEO Plugin


You’ll find the Yoast SEO plugin in the WordPress repository. In WordPress, go to Plugins -> New plugin and search for “Yoast SEO”. Click “Install now”, then click “Activate”.

2. Yoast SEO Configuration Service


Now that the WordPress SEO plugin has been installed, you’ll see a “SEO” button in your WordPress menu on the left-hand side. Click it to open the plugin’s Dashboard. You’ll probably already see some notifications and warnings, but we’ll ignore these for now. First click the “General” tab at the top, then click “Open the configuration service“, and then “Configure YOAST SEO”.

You’ll now run a wizard that will help you set up a large part of your website for SEO (search engine optimization). Many of these steps are self-explanatory, but we’d like to comment on some of them:

2a. Company or person? (step 4)

At step 4 you’re required to fill out whether you’re a company or a person. In both cases, you can still fill out the name of your company/person. We recommend you include your most important search term in your company name. For example, if you are a carpentry business with the name “Johnson LLC“, then fill out “Johnson LLC Carpentry”. And if your name is Vanetta Smith and you write a personal website on recipes, then call yourself “Food blogger Vanetta Smith”. Copy this text right away, because you’ll have to fill it out a couple of times.

2b. Social profiles (step 5)

When entering your social profiles, do not think: the more, the better. Limit yourself to using two or three social media channels, that you use well, instead of using eight which you totally neglect. Consider the social media channels that are most suitable for your target group.

2c. Visibility of the post type (step 6)

In every WordPress website there are three default post types: Pages, Posts and Media. Some themes and plugins add extra post types. A properties plugin for real estate agents, for example, can add the post type “Houses” to the website.

At this step, you can set up exactly which post types should be indexed by Google and which should not. All post types that you don’t use for the conversion goals of your website, can here be set to “Hide”. This does not mean that they won’t be used on your website. But only that the search engines won’t be instructed to index such posts.

In case you don’t have a blog/news archive, but only a few static pages, you can hide the post type “Posts”. The same often goes for media; the media library on your website is probably not setup with the purpose of attracting traffic that increases conversion; usually these media are used to, for example, placing images in your pages and posts, in which case you can simply hide “Media”.

In fact, some plugins put their settings in a post type. In that case, you might see something like “Extended framework” as a post type. If you have no use for this, then hide this too; the more unnecessary post types you hide, the better the other types will be valued by the search engines. Obviously, you’ll want to make sure you don’t accidentally hide a post type that you do need. Because then you’ll be throwing away a lot of valuable information for the search engines.

2d. Title settings (step 9)

At this step, you can fill out the website name. Here, you paste the text that you copied at step 4, or fill out your activities, and maybe even your location. For example, “Rotterdam Lawyers Friesinger & son”. Or “Architect Anna van der Molen”. You’ll need this text again later in this manual, so be sure to copy it again.

3. Fine-Tune WordPress for SEO

Now that you have run the configuration service, you’ll arrive back at the Yoast SEO plugin Dashboard. You’ll probably get some more notifications at this time. You can keep ignoring these, because first we’re going to run through some WordPress settings, that will probably resolve a large portion of these notifications.

3a. Site title and subtitle

Now, in WordPress go to Settings -> General. At the top, you’ll see the site title and subtitle. Many people use the name of their website or organization as a site title. This seems logical, but if you want your website to be easy to find in the search engines, it’s better to put your activity here, just like you did in the configuration service. So, again paste the title that you’ve used at step 2a and 2d here, e.g. “Furniture manufacturer New York – Donald McMillan”, or “Antique children’s toys – Web store ToyToy”.

Very often, the subtitle is still the default WordPress text: “Just another WordPress site”. Remove this line and enter a short description of your website. Try to use keywords that apply to your entire website and keywords that you want to lead visitors to your website. For example: “Web store for remanufactured chassis parts for Volkswagen Beetle.”

Now that you are on this page: be sure to scroll down and check if your website language is set correctly. Is your website in Spanish? Make sure your website language is also in Spanish. Because the language is also picked up by search engines. It says something about your target group.

Finally, click “Save changes”. Save or copy the title and subtitle, because you’ll need them again later.

3b. Update services

In WordPress, go to Settings -> Write. At the bottom of this page you’ll find a field to “Update services”. These are external webservices that need to be informed when you’ve made changes to your website, e.g. when you’ve written a new blog, or made changes to one. This makes sure that search engines are almost immediately informed of your new content, so they’ll include it faster in their search results. Make sure it says: “http://rpc.pingomatic.com/” under “Update services”. If it doesn’t, then paste this URL here. Pingomatic is an update service that informs all large search engines of your new content, so you don’t have to. Usually this is configured correctly, but it never hurts to check.

3c. Search engine visibility 

In WordPress, go to Settings -> Read. At the bottom of this page, you’ll find the “Search engine visibility” option. Make sure this box is unchecked, otherwise your website will actively inform search engines to NOT be included in the search results. Are you developing a website, or do you have a website that you, in fact, do NOT want showing up in search engines, then DO check this box. By the way, this is not a completely safe guarantee that your website will not show up in any search results; if you really don’t want to be found, it’s best to secure your website with a password. You can do this with a free plugin such as Password Protected.

3d. SEO for comments on your WordPress website

In WordPress, go to Settings -> Comments. Here, you can change the settings for comments on your website. It may seem strange to include this topic in a manual for SEO, but we’ve done this for a good reason. After all, comments on your website are content too! So, ask yourself whether comments on your website will help you be more findable to search engines, or that they would only add less relevant information to your webpage. If you’ve noticed that the comments on your articles lead to irrelevant conversations and discussions, then it might be better to turn off the option to leave comments on your website, or decrease the amount of comments under your blog. Or maybe you’ve seen that your blogs rarely get comments. In that case, you also better turn off the option to leave comments, because it makes your pages more compact. And with less irrelevant content, the rest of the content gets valued more by search engines and your visitors.

3e. Permalinks

With permalinks you configure the structure of your website’s URLs. This is very important for the SEO (search engine optimization) of your WordPress website, because the structure of a URL says a lot about the content of its page. As the term implies, permalinks are permanent; you configure them once, and then you never look at them again. Anyone who links to your website (search engines, social media, friends, etc.), will link to the URL as configured in your permalink.

In WordPress, go to Settings -> Permalinks. The default general permalink settings are year, month, day and name. This will result in URLs like www.furnituremanufacturer-newyork.com/2017/08/12/sanded-wood-with-discount/. But these data are probably not at all what you want in your URL. What you do want is to include the most important category of your blog in the URL (e.g. “Sale”). This way, you could get a URL like this: www.furnituremanufacturer-newyork.com/sale/sanded-wood-with-discount/. You can configure this, by choosing the “Customized structure” and then typing: /%category%/%postname%/.

Under the general settings, you’ll also find the “Optional” button. Below this, you’ll be able to change the category and tag archives structure. The permalink of the archive for the category “Dinner tables” by default would be: www.furnituremanufacturer-newyork.com/category/dinnertables/. But the word “category” is not relevant here (and thus a distraction for the search engines), so you could choose another word instead, for example: “furniture”. Please note that the category structure is the same for all categories; so, the “Sale” category archive will get the URL: www.furnituremanufacturer-newyork.com/category/sale/. In case you don’t know any good category structures, you can also turn it off altogether (see step 4e).

You’ll probably use several categories for most of your articles. The Yoast SEO plugin gives you the option to set one primary category, so that one will always be used in the permalink. To do this, click “Make Primary” next to the most relevant category, when creating/editing a post.

If you change the permalink structure afterwards, a lot of old links will probably become obsolete. This has great consequences for your findability; search engines don’t like it when pages in their search results are suddenly unreachable. It will cause you to drop fast in their search results. So, when you change your permalinks, check to see if existing links still work in the search engines. If not, then install a plugin like WordPress Ultimate Redirect Plugin ($ 29), that will automatically try to redirect as many “not found” pages (or 404 pages) to the right page. It’s like saying to the search engines: “The current page still exists, but has been moved to this new URL”. That way you transfer the accumulated value in search engines to the new pages on your website, and search engines will gradually adjust their index to your new permalink structure.

4. Fine-Tune Yoast SEO

Now that WordPress has been set up correctly for SEO (search engine optimization) and the basics for Yoast SEO have been configured, it’s time to do some fine-tuning in the Yoast SEO plugin.

4a. Activate advanced settings

To unlock additional functionalities in Yoast SEO, we first must change some settings. To do this, go to WordPress, SEO -> Dashboard and click the “Features” tab. Set the “Advanced settings pages” to “Enabled”. Then click the “Security” tab and also enable the “Advanced section of the Yoast SEO metabox”. Now click “Save”. In the menu on the left-hand side, under “SEO” you will now see additional options.

4b. Titles and metas

Titles and metas, are the title and description of a page/post, just as they are communicated to search engines. With this, you actually tell the search engine: “When you include this page in your search result, then show this title and description.” It’s obviously up to the search engine to do what they want, but if you use relevant texts, your request is usually honored.

Using good Titles and metas is very important, because you use them to give a first impression to your potential visitors, even before they visit your website. So, make sure you have attractive, relevant texts. The title is also shown in the tab/title at the top of your browser screen when visiting that specific screen.

Click “SEO” -> “Titles & metas” and open the “Homepage” tab. Here, you enter the title and subtitle that you’ve also filled out at step 3a. If you want, you can change the subtitle a little, by adding a call to action, to make it even more attractive to click on. For, example, if your subtitle is: “Web store for remanufactured chassis parts for Volkswagen Beetle”? Then your meta description could be: “Web store for remanufactured chassis parts for Volkswagen Beetle? Ordered today, delivered tomorrow!”.

Now click the “Post types” tab. Here you’ll see the visibility for the post types, as you’ve configured them at step 2c. Good to know, if you ever have to change this in the future. Here, you can leave the title and meta templates as they are, because we’ll configure these per article/page later in this manual.

Now, click the “Taxonomies” tab. Taxonomies is the umbrella term for both categories and tags. So, on this tab you’ll find all the categories/tags of your WordPress website. Every taxonomy has an archive page in WordPress. It is passed on to search engines by default. Just like with the visibility of the post types (step 2c) you must ask yourself here which categories/tags you actually use. So, for example, if you have added no tags at all to your posts, then set the “meta robots” for that taxonomy to “noindex”. This way, you tell the search engines, that the archive pages for that taxonomy don’t have to be included by the search engines; because they are not relevant pages.

For the taxonomies that you do use, you can check out the title templates. By default, they are set up as follows: %%term_title%% Archives %%page%% %%sep%% %%sitename%%. The title for a post category called “Sale” would then be sent to search engines like this: “Sales Archives – Furniture manufacturer Rotterdam – Pieter de Heuvel”. Which is fine, but there’s room for improvement. If you make sure all your categories for this taxonomy are consistent, then you can change the template to for example: %%term_title%% of %%sitename%% %%sep%% %%page%%. With categories like “Sale” and “Portfolio” you’ll get nice-looking titles: “Sale of Furniture manufacturer New York – Donald McMillan”, or “Portfolio of Furniture manufacturer New York – Donald McMillan”. The meta description template can best be left empty here, we’ll run through that later on in this manual.

Now, click the “Archives” tab. Here you will see some additional options for archive pages generated by WordPress next to the taxonomies. Such as author pages, date archives, etc.

Author archives show all articles per author. This is usually unnecessary, because for search engines it is rarely relevant who wrote the article. In fact, author archives are only useful when you work with several well-known authors and you want to build up findable archive pages for them. For example, the Youp van ’t Hek columns on the NRC (news) website. You can probably turn off your Authors archives, though.

The same goes for date archives; these show all articles published on your website during a certain period (e.g. January 2017). Unless you publish news messages that actually describe current events, you can turn off these archives; your archive pages for taxonomies probably offer much more relevant content than this kind of archive pages.

You’ve now configured quite a lot, so don’t forget to hit “Save”!

4c. Social SEO

Go to SEO -> Social. Here, you’ll find an overview of the social media accounts you added at step 2b. Run through the various tabs and fill out all the required information for the social media that are relevant for you. The rest of the precompleted settings in these tabs are all perfectly set, so you don’t have to look at those.

4d. Sitemaps

Now go to SEO -> XML Sitemaps. Sitemaps are XML files, automatically generated by Yoast SEO, that give search engines a structured overview of all content on your WordPress website. Make sure that the settings under the “Post types” and “Taxonomies” tabs include only in the sitemap what you’ve configured as visible at steps 2c and 4b.

4e. Advanced

Now go to SEO -> Advanced. You start off at the “Breadcrumbs” tab. A breadcrumb trail shows on which page you currently are in the tree view of the entire WordPress website. Many WordPress themes already have a built-in crumb trail, but in case yours doesn’t, it is best to archive it here. You do, however, have to make some adjustments to your WordPress theme, so a little PHP knowledge is required.

When activating the breadcrumb trail, delete the text after “Prefix for Archive breadcrumbs”. And at the bottom, at “Taxonomy to show in the breadcrumb trail of the post types” select for each post type the richest taxonomy for that post type. When I say “rich”, I don’t necessarily mean the taxonomy containing the most terms, but that the terms in that taxonomy are full of posts. Categories are usually richer than tags; an average tag maybe contains two or three posts, an average category probably ten to twenty. Finally, click “Save”.

Then, click the “Permalinks” tab. In this tab Yoast SEO can make a few more changes beside the changes you’ve made to the permalinks in WordPress at step 3e. This way, you can turn off the category structure if you couldn’t think of any good category structures at step 3e.

Enable “Redirect attachment URLs to parent post URL” to prevent visitors from directly going from a search engine to one of your website’s attachment pages (usually containing only an image and a title). This feature makes sure that visitors are sent to the corresponding page where the attachment is used. This is generally more relevant.

Finally, under “Clean-Up Permalinks” choose “Remove” under “Stop words in the slug”. This way, words like “the”, “a” and “an” are automatically removed from your permalink when writing new articles. The rest of the advanced settings are good, so now click “Save changes”.

5. Link Search Console

You can link the Yoast SEO plugin to your Google Account. This way, you can load relevant SEO information and resolve warning notifications on the website. Go to SEO -> Search Console and click “Get Google Authorization Code”. Follow the steps, paste the code and click “Authenticate”. You then get an overview of the pages of your website that cannot be found by Google, but that are linked to on other pages (or used to). You can run through this list and check to see if you can restore them (by changing the permalink of a page, or by making redirects to the correct page).

6. Resolve Notification Issues

Go back to the Yoast SEO plugin Dashboard. Maybe you’re still getting a few notifications. These notifications point to your WordPress settings that need to be resolved to further optimize your website for search engines. Do not click the close icon on the right, but click the link on the notification. You’ll then be directed to the right page for the WordPress settings.

In the above-mentioned example, you’re redirected to the WordPress Customizer, where you can enter your site title and subtitle under “Site Identity”. By the way, if you’ve been following the steps of this manual, you’ll probably not get this notification, because we’ve already fixed this problem.
Resolving notifications is something you can do on a regular basis. The Yoast SEO plugin gives you a clear overview, so if you schedule this once a month, it’ll cost you very little time.

7. Write Content

Your website is pretty much set up for Yoast SEO. But you can still fine-tune Yoast SEO per page, post, category and even per tag. We’ll start with fine-tuning posts and pages.

7a. Titles and permalinks of your WordPress articles and pages

After typing the title of your post, WordPress automatically generates a permalink for you. This is not always the permalink you want, and sometimes you change the title afterwards, but the permalink stays the same. The main rule is: you can easily change your permalink as long as you haven’t published your post yet. Then, you best leave the permalink as it is.

What is a good permalink for your post or page? You only need to include the most important keywords. Say, as a furnituremaker, you’re writing an article in the category “import” called “Strong quality improvement of imported wood from Italy”, the permalink automatically ends with: “/import/strong-quality-improvement-imported-wood-from-italy/”. This can be made shorter and more relevant; the words “import/imported” are duplicates and some of these words are not relevant for the slug. How about: /import/quality-improvement-wood-italy/? Much better.

7b. Configure the Yoast SEO metabox

When you’ve finished writing your article, there’s a new block “Yoast SEO” under your text editor. Here, you’ll see an example of how Google will probably show your page in the search results, based on your title, permalink and text. An example of such a snippet below.

The content of this snippet is based on the settings we’ve configured in the previous steps. However, it is possible to make a few more adjustments for this particular article. In the above example, we see that the title is too long for the box, and the description underneath is too. Click “Edit Snippet” to change the title and description. By making the title and the meta description a bit shorter and more attractive, we’ve created a snippet that looks nice in Google:
You can edit the snippet for each and every post or page that is important for you in the search results. Also, you can edit your categories and tags to see per category what a similar archive page will look like in search engines. To do this, go to Posts -> Categories (or Tags) and select a category. At the bottom, you’ll find the Snippet. You can, for example, give the category “Import” a nicer description:

7c. Focus keyword

Under every snippet you’ll also find a “Focus keyword” field. Here, you can enter the most important keyword of the page. Under the focus keyword, the SEO plugin gives you an analysis of the page, containing suggestions to make improvements. Mind you, it is a technical tool; always ask yourself if the suggestions make sense. The analysis of an article with the focus keyword “jerseys” can turn out wrong, because the words “jersey” and “sweater” won’t be recognized. So, use the analysis as a guideline, not as hard facts. Furthermore, it is good to know that the focus keyword is only a personal analysis; the focus keyword won’t be sent to search engines as a search term, nor is it embedded in the code of your page.

7d. Cornerstone articles

When you’re editing pages or posts, there’s another option under the focus keyword: mark the article as “cornerstone content”. Cornerstone articles are the most important articles on your website. The ones you really want everyone to read. Say you write a lot of articles on the different aspects of DIY woodworking. But there is one article about the complete process of woodworking. In that case, this article is a cornerstone article; in a way, all the other articles are related to this main article. By marking the main article as a cornerstone article, Yoast SEO will make new suggestions; are there enough links to this article? And do these links contain the most relevant keywords for this article?

An average website can contain about five cornerstone articles. Choose them carefully and ask yourself; can I link to these cornerstone articles from all the other (non-cornerstone) articles? And make sure you do this; after the introduction of a non-cornerstone article, make a quick reference to the cornerstone article.

8. And from Now on: Content Strategy

If you’ve made it all the way to the end, your WordPress website has a great configuration for SEO! But you’re just getting started; make sure your website stays attractive, relevant and up to date. You do this, by regularly writing articles on topics related to your website. Make a content strategy and schedule, for example, one day a month to write and publish a good article.

How to remove malware from a hacked WordPress website

How to remove malware from a hacked WordPress website

In this article we will explain why and how WordPress websites are hacked. We will also give you a step-by-step plan for removing malware and cleaning up your WordPress website.

Why are WordPress websites hacked?

The most important motivation for most hackers is money. The hacked websites are used to promote commercial websites; particularly things like gambling, sex and pharmaceuticals. By hacking a website, for example, thousands of spam e-mails can be sent. Or links are placed on your website to mislead Google so that the commercial websites are placed higher in the search results. Every now and then hacks may be ideologically or politically motived.

How do you discover that your WordPress website has been hacked?

  • Various links appear on the website that don’t belong there. Often these are links to websites that have to do with pornography, gambling, drugs, illegal pharmaceuticals, et cetera. Sometimes the links are hidden in the color of the background of the website so that they are not visible to visitors, but can be found by search engines.
  • When you search for your own website via Google (for example ‘wpupgrader.com’ as search term), you find information about the website that isn’t yours.
  • Visitors to your websites are redirected to another website. Sometimes only mobile visitors.
  • Your website is being used to send spam. If this is the case you will usually get a message from your host company saying that an unusual amount of e-mail is being sent from your website.
  • Organic search traffic decreases because Google no longer shows your website in the search results.

How is it possible for your WordPress website to be hacked?

To gain control of your WordPress website hackers must find some way to upload or edit a file on your server. In general there are four possible ways for hackers to gain access to your website:

  1. Insecure passwords; most of the WordPress hacks that we come across could have been prevented by using more secure passwords.
  2. Update-policy; when you seldom or never update your WordPress, your plugins and your theme you greatly increase the chance that you will be hacked.
  3. Insecure themes/plugins; sometimes your website can be up-to-date, and still contain an insecure theme/plugin. Always purchase plugins/themes from a trustworthy website.
  4. Bad hosting; you may have protected your website well yourself, but if, for example, it’s possible for your hosting company to move files between different websites then your website is not properly secured.

How to make sure your WordPress website is hack free?

When a hacker has had access to your website, it is possible that files have been added/altered, passwords have been changed and possibly even new users added. If any one of these things are not detected and cleaned up then others steps will have no effect, because the hacker will still be able to gain access and cause damage once again. For this reason, clean up must be thorough.

We will try to explain all the steps as simply as possible, but some technical knowledge is required. Make sure that you have an administrators account in WordPress, that you have FTP access (and that your know how FTP works), and that you can access the database using a program like phpMyAdmin or Adminer. The steps we are going to take are:

Tip

If you know when the hack took place you can skip the clean up by replacing with a back-up from before the hack. It is possible you may lose a number of responses and web forms. Continue with step 5.

Backup your hacked WordPress website

You are going to clean up your WordPress website thoroughly. This means you may end up cleaning up too much and it might be better to start again. In that case it is always good to have a backup on hand. Make sure that you add both the files and all databases to your backup.

Close the doors

Make sure your WordPress website is temporarily inaccessible from the outside. Theoretically hackers could infect your website while you’re still going through these steps. This also prevents you from infecting your visitors with any malware that might be installed on your website.
You can usually block your website from your host company’s control pannel by way of a password or by using an IP filter. If you have access to your .htaccess file you can add the following code to allow one specific IP address (find our what your IP address is at WhatIsMyIPAddress.com):

order deny,allow
deny from all
allow from 123.456.789.123

Find the source of your WordPress website hack

It is important to find the source of the hack and the extent of the impact as soon as possible.  

  • Look for your plugins, themes and WordPress version in the WPScan Vulnerability Database and see if there are known vulnerabilities for the versions you installed on your website.
  • Do you use Google Webmasters? Go to your dashboard and see if there are any reports of malware.
  • Check your website in Google: http://www.google.com/safebrowsing/diagnostic?site=www.example.com
  • Many hosting parties make access logs available. This is a list of all requests for files, saved at server level. Files placed by hackers are usually requested using a ‘POST-request’. By looking for ‘POST’ in your access log you can filter a list of of php files to further examine. Later in this article we will explain what to look for when examining php files. These files may not necessarily be infected however; a POST-request is also used when you fill in a contact form or if you log in to wp-login.php.
  • We sometimes come accres situations where an old WordPress website is on the same server, for example in the file ‘old’. Often this installation will have been forgotten and no longer up-to-date, which makes the whole website vulnerable to all sorts of old security flaws.

Clean up the files on your hacked WordPress website

During a successful hack a hacker can potentially place or alter a file in every folder on your web server; not just the folder containing the infected plugin. This means that you should examine all your folders and files, and this is painstaking work. Thankfully you can limit this work to various steps. We explain how below.

  • Clean up WordPress core (wp-admin and wp-includes)

    Log in with FTP and go to the folder of your WordPress website. In the root of your WordPress website there are at least three folders: ‘wp-admin’, ‘wp-content’ and ‘wp-includes’. In the ‘wp-content’ folder all the specific changes to your website are saved, but ‘wp-admin’ and ‘wp-includes’ only contain files from the WordPress core; files that only change when a new version WordPress is released.

    To make sure in one go, that there are no files in your WordPress core that have been added or infected you can remove the ‘wp-admin’ en ‘wp-includes’ files and replace them with a clean version by downloading WordPress again.

    • Not sure which WordPress version you are running? Check in ‘wp-includes/version.php’ and you will find the version number on line 7.
    • Download a zip-file of this version from the WordPress release-archive and unzip it on your computer.
    • Remove the ‘wp-admin’ and ‘wp-includes’ using FTP from the root of your WordPress website.
    • Upload the ‘wp-admin’ and ‘wp-includes’ from the file you just unzipped.

    Along with folders there are also files in the root of your website. Replace these files – except wp-config.php (!) – with the files from the unzipped zip file.

    Are there other files and folders in the root of your website? Examine them critically and decide whether or not they are familiar to you; is there any other software running on your site? If not then they may have been placed by the hacker. When in doubt confer with your web host. Sometimes your web host will preinstall a folder like ‘stats’, ‘webstats’, ‘logs’ and ‘cgi-bin’ . Always take a look at these folders and look for files that end in ‘.php’. Because, normally speaking, they shouldn’t be there.

  • Cleaning up plugins (wp-content/plugins)

    Just like the WordPress core, you can find original clean versions of your plugins in the WordPress plugin repository. It is, however, possible that not all your plugins come from here; you may have purchased premium plugins, for example, elsewhere. Premium plugins cannot always be updated automatically. Either way, to be sure that your plugin folder is clean, you will have to locate all the originals.

    • This is a good time to remove inactive plugins and plugins that are used infrequently. Do this first.
    • The plugins from the WordPress plugin repository can only be removed via FTP. After removing them download clean versions from the repository and upload them via FTP. A plugin like Wordfence may be able to do this step for you.
    • It is also important get clean versions of plugins that do not come from the WordPress repository. Make sure you find these files and repeat the above step for these plugins. Can’t find the original plugin files? Then you will have to remove the entire plugin, because it is very possible that the plugin is (partially) responsible for the hack. More importantly, you will not be able to update the plugin in the future and that could be disastrous to the safety of your website in the future. Often you will be able find an alternative plugin for the functionality you are looking for.

    In this step you will update all your plugins to the newest version. That is safe, but may lead to conflicts if your WordPress core or theme, for example, is not compatible with the newest version of the plugin. In that case, replace it with an older version of the plugin or – better yet – update your theme (see the following step) to see if that will resolve the problem.

  • Update theme (wp-content/themes)

    WordPress themes sometimes contain customization done by you or your website builder. These modifications will be lost if you update the theme, unless the modifications are saved in a separate folder by using a child theme.

    Your WordPress website doesn’t use a child theme? Then you have the option to update your theme, as explained in the previous step, but any modification will be lost. Want to keep your modifications? Then you can use this opportunity to first save your modifications in a child theme. The child theme manual by WordPress will explain how (caution: it’s not simple).

    Does your WordPress website have a child theme? In that case you can update your WordPress theme as explained in the previous step. Afterwards you will need to make sure that your child theme folder is clean. If you have a local copy of your child theme you can replace it (sometimes an old backup will work just fine, as long as you know that the website wasn’t hacked at the time the backup was made). If you don’t have a copy then you will have to go through the folder containing the child theme by hand. Read the next step for more information.

    Finally, do not forget to remove any unused themes; this way you will decrease the chance you’ll run into problems in the future.

  • Checking remaining files (wp-content)

    You have now cleaned up as much as you can without have to look in detail, but there are always a number of files and folders that you will have to check by hand.

    • Look for .php, .asp, .exe, and .sh files in the wp-content/uploads files. These do not belong here and may have been placed by hackers. It takes time, but don’t forget to check all the subfolders. Many FTP programs allow you to search automatically within a folder.
    • Some plugins add their own folders to the de wp-contents folder. This is not necessarily bad, but go ahead and go through these folders for above mentioned files.
    • Are there php-files that you no longer have the original to, that you will have check by hand? Think about php files in the wp-contents folder (like object-cache.php), your child thema, or wp-config.php in the root. Follow these steps:
      • Open them in text editor and scroll in all directions; sometimes hackers put code in a file ‘out of sight’ by placing it very far to the right or really far down.
      • Keep looking for any worrying code. Look for terms like ‘eval’, ‘exec’, ‘base64’, ‘hash’, ‘decode’ and see if you find any code that doesn’t belong.
      • Not sure about something? Copy a section of the code and look it up in Google. Sometimes you’ll come across all kinds of malware forums and you’ll know that something’s not right.
  • Check wp-config.php

    Up until now you have left the wp-config.php file untouched, but you do have to check it. This file contains all kinds of basic configurations for your WordPress website. Do you have a backup available? Then we advise you use the wp-config.php file from the backup for your website. Edit the list under ‘Authentication Unique Keys and Salts’ by adding a few characters to each line of random code. This way you make sure that any users that are logged in (potentially hackers) will no longer be logged in.

    Don’t have a back up? Open your wp-config.php and fill in the values you see in the wp-config.php generator by following all these steps. Chose ‘Auto Generate’ in Authentication Keys & Salts . Click update after the last step and copy and paste the code to your wp-config.php. Then you know for certain that you have generated a clean wp-config.php.

  • Looking for .htaccess

    A .htaccess file makes it possible to configure a lot of server settings. If a hacker modifies these kinds of files it can lead to very destructive behavior. There is definitely a .htaccess file in the root of your WordPress website, but in theory there could be one in every folder in your website. Use an FTP program to look for ‘htaccess’ on your website.

    The .htaccess file in the root of your website will contain the following lines:

    # BEGIN WordPress
    
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    
    # END WordPress

    Is there more code in your .htaccess file? This could have been added by a plugin, but it could be a hack. If in doubt, remove all extra code from your .htaccess file; the plugin may no longer work optimally, but most plugins are able to add the necessary code to the .htaccess file automatically if need be.

    Find more .htaccess files?

    Go to the place where you found them. Are they in a plugin or theme folder? Then in theory they are safe, since you cleaned up all these folders in the previous steps. However, if you find any in your uploads folder, child theme etc. then it’s a good idea to take a closer look. Sometimes a .htaccess file is placed in wp-content/uploads to prevent visitors from going through your upload folders without permission. In this case you may come across the following line in your .htaccess file:

    Options -Indexes

    This is not a harmful line, so your can safely leave it as is.

Cleaning up users

Now that all the files have been cleaned up, hackers still may have access to your website. They could have made an extra admin account, for example, or have changed the password of one of the other users. Furthermore, it’s possible that the hackers got in because they were able to guess a weak password.
Go to ‘users’ in WordPress and remove any user who doesn’t belong. Set new (complex!) passwords for all other users. This way you know for certain that hackers cannot login using an existing account. Explain to existing users why it is necessary to use a complex password.

Check the database

The more advanced users among us can now take a look at the database. Using a program like PhpMyAdmin or Adminer it’s relatively easy to browse through your database.
First, you can have a look in the ‘wp_users’ table; do you still see any users that don’t belong here? Remove them by hand. Sometimes hackers are able to add an invisible user.
Then take a look at the structure of the table and compare it to the standard WordPress Database description; have any tables been added that you don’t recognize? Take a closer look. Some plugins add tables to your database. Only remove the tables that belong to plugins that have been removed.

Change all passwords

In the fifth step you changed the passwords of all your users, but hackers may have been able to discover other passwords as well. For this reason, at least change the password of your database, and your FTP account, host control panel, etc. as well. This way you don’t have to wonder if your website really is secure again. Fill in the new database password in ‘DB_PASWORD’ in the wp-config.php file.

Go live and test

Now you are ready to take your WordPress website live again. Remove the block from step one and check to see if your website can be accessed when you are not logged in, for example, by visiting your website from a different network or using your telephone without wifi.
You may still get a notification stating that your website contains malware. In this case your website has been placed on a blacklist, which means it also no longer comes up in Google searches. Use the options Google offers to put your website back in the search results.

  1. Google Diagnostic Center (replace www.example.com) in the url for your own domain). You can use this tool to see if your website is on the Google blacklist.
  2. Google Webmasters indicates if and when Google indexed a problem with your WordPress website.
  3. Submit a request via Google Reconsideration Tool to have Google reindex your WordPress website.

Update

Behind the scenes at WordPress there is a large community of developers constantly working on improving the code. The advantage of this is that any known leaks in WordPress, plugins and themes are often resolved quickly when a new version is released. That’s why you should always make sure your website is up-to-date. This way you greatly decrease the chance you will be hacked again and you can perform new updates very quickly because it’s usually just a small modification.

Links

Plugins

How do you get Google Maps working again on you WordPress website?

How do you get Google Maps working again on you WordPress website?

Google Maps stopped working

If Google Maps is no longer visible on your WordPress website, this is probably caused by the Google policy changes. This change may have caused Google Maps to stop working on your WordPress website. If you’re using a Google service (such as Google Maps) on your website, Google decided they want you to link these to your Google account by using a so-called Google Maps API key. In this article, we explain how you can get and install this API key for Google Maps, so you can get Google Maps working again on your WordPress website.

How does the Google Maps API work?

When you’re showing a map from Google Maps on a page of your website, a connection is made with the Google Maps API at every visit. It is a free service from Google that builds up this map for you, so it loads quickly. Excessive use of this tool costs Google a lot of money, because their servers have to make calculations every single time.

That is why Google is now limiting the use of the API. A connection can be made with the Google Maps API up to 25.000 times a day. When you exceed this limit, you have to pay. Most of the websites will never exceed this limit, so for most people, this service will remain free. You do, however, have to enter an API key on your website, so Google can keep score of the times your website is making a connection with the Google Maps API.

Getting a Google Maps API key

Step 1

  • Go to the Google Maps Developers page.
  • Click the blue button ‘Get a key’.
  • Login with your Google account (if you are not yet logged in). It’s best to login with the same account as the one you’re using for example for Google Analytics.

Step 2

  • Select ‘Create a project’.
  • Click ‘Continue’.
  • Wait until you are led to the next screen. This can take several minutes, so don’t close the window and don’t click away while waiting. The next page will open automatically.

Step 3

  • Enter a clear description, under ‘Name’, e.g.: Google Maps for yourdomainname.nl.
  • Enter the domain name for which you want to use the API key, under ‘Accept requests from these HTTP referrers’. Enter it like this: *.yourdomainname.nl.
  • Enter any other domain names in the same way, if applicable.
  • Click ‘Create’.
  • You now see a screen with your API key. Copy the key and save this in a safe place.

Installing the Google Maps API key on your WordPress website (easy)

Make sure WordPress, your plugins and the theme on your website are up to date. Check which WordPress plugins and themes show the maps from Google Maps. Check their settings to make sure you can now paste your Google Maps API key. If not, you can contact your plugin or theme developer, because they should fix this immediately for all their users.

Paste the API key in the option field and save the changes. In the example on the right, you see how you can install the Google Maps API key for the newest version of the WordPress theme Enfold.

Installing the Google Maps API key on your WordPress website (advanced)

Does your website run a customized version of Google Maps, or does your plugin or theme no longer get support? Then find an alternative plugin, because using unmaintained code leads to serious safety risks for your website. In the meantime, you can take these steps temporarily – provided you know how to use an FTP program and a code editor:

  1. With your FTP program, go to the folder of the plugin or theme that’s using Google Maps.
  2. Download the folder to your computer and search through all the files in the folder for “maps.googleapis.com”.
  3. Open the files (one or more) that show up in your code editor with this search term.
  4. Scroll to the place/places with “maps.googleapis.com”. You will probably see a longer address, like “https://maps.googleapis.com/maps/api/js?callback=initMap”.
    • Check whether you see a question mark in the URL. In that case, paste the following, directly after the URL: &key=YOUR_API_KEY
    • When there is no question mark in the URL, paste the following directly after the URL: ?key=YOUR_API_KEY
    • Replace YOUR_API_KEY with the API key you got from Google.
  5. Save the files and upload them with FTP back to your website.

 

Tips and tools for professional WordPress website development

Tips and tools for professional WordPress website development

We see more and more often that internet businesses choose to use WordPress as standard CMS to build websites. We also come across many freelancers, just starting out, who place their focus entirely on WordPress. In this article we will make an summary of the best tools, techniques and plugins for developing WordPress websites that we have picked up over the years – and that we wish someone had shown us ten years ago when we first started working with WordPress.

Content

  1. WordPress development tools
  2. Standard plugins
  3. Developer plugins
  4. Cheatsheets
  5. Team work
  6. Stay up-to-date
  7. Finally

WordPress development tools

Over the years we’ve tested, used and thrown away lot of development tools. Which tools do we still use for developing WordPress websites?

  • Google Chrome
    Google Chrome has a powerful set of development tools that come standard. You can make CSS changes from the element-inspector, which means that you see the effect immediately before you make any changes in the css files. You can view existing JavaScript variables from the console or run new scripts. You can also view saved cookies, check the headers to see if your page is being cached and more. Mozilla Firefoxis a good alternative as well and offers many similar functions.
  • SublimeCoda
    Everyone has their own favorite text editor, but there are two that really stand out for us: Sublime and Coda. An important advantage of Sublime (Windows / Mac) is that it is that it is easy to expand, while Coda (Mac) is already very complete. In both editors it’s possible to change files directly on the server. This makes doing small, quick changes very easy.
  • FileZilla
    Maybe obvious, but maybe not at all. We use Filezilla daily for quick and secure FTP connections with our customer’s servers. Easy to use and ideal for quick changes. We do advise setting up a good version managed GIT workflow for bigger projects.
  • Browserstack
    You can use Browserstack to virtually test a website on any imaginable device. Like all desktop browsers on multiple Windows and OSX versions, but also all known Android devices, iOS devices and tablets. This is ideal for responsive tests, because simulations for mobile devices in desktop browsers tend to lack details. Browserstack also offers a Chrome extension, that you can use to simulate any website you visit on a different platform.
  • Ghost Inspector
    This fantastic Chrome extension makes it possible to record a numbers of steps on your website (for example: “visit homepage, click on ‘contact’, scroll down, fill in form”). The operations in these records are then regularly run by Ghost Inspector. If there are any abnormal results (for example a page is missing or the layout is different) you will receive a notification.
  • Photoshop
    Although you can do a lot in WordPress itself, Adobe Photoshop remains indispensable to our work. This is the favorite software package of everyone of our team members who works on design.

Standard plugins

Although every website is different, there are a few plugins that we use for every project. That is why we always install them for a new project. If we end up not using them we can always remove them:

  • Avia Framework
    This visual block builder is not available as separate plugin, but built into the Enfold theme (Dutch link). Very user friendly and makes it possible to build up content quickly.
  • Gravity Forms
    The most comprehensive form building plugin we know, with conditional logic, import/export function, various notifications etc. Many themes take this plugin into account in their styling.
  • io
    Make sure you have this plugin running before you upload your first image. That way you keep everything optimized.
  • Akismet
    Reduce spam on your website. Really a must-have.
  • Yoast SEO
    Helps you fine tune your SEO settings globally, and to easily make changes per page, to things like title and meta-description.

Developer plugins

There are many plugins for WordPress that simplify the development of your website. The most common plugins are listed here.

  • Password protected
    Protect your website with a password to prevent search engines and unwanted visitors from taking a look at your website before it’s ready.
  • Debug Bar
    Want to dig a little deeper into the code? The debug bar adds a button to your admin bar you can use to read various server variables, warnings,errorsqueries and requests. The Actions and Filters Addon makes it possible to see which hooks were triggered on your page.
  • Query monitor
    This plugin offers many of the same functionalities that the Debug Bar does, but also makes it possible to do targeted searches of the queries that were carried out, for example per plugin or kind of query, as well as sluggish performance.
  • Custom Post Types UI
    With this plugin you can easily make extra custom posts types. WordPress offers a number of posts and pages, but you may need an extra post type at times, for example ‘books’ for a kind of library. When you have set up the post type this plugin will have to remain active. To keep the number of plugins at a minimum and thus your website performance optimum we prefer adding post types via GenerateWP(see the ‘Cheatsheets’ below).
  • Advanced Custom Fields
    By default, you have a limited number of fields at your disposal in a message, page or custom post.Advanced Custom Fields (ACF) adds all sorts of extra fields; date planners, color pickers, taxonomy links, fields for extra images, you name it. ACF also works very visually and intuitively, so that you can prepare even complicated custom post constructions without using a single line of code. To then be able to use all the custom fields and show them on a page you can use short codes, or change the templates.
  • FacetWP
    This plugin allows you to create different filters to expand the search option for messages, pages and custom posts. This way your visitors are not only able to fill in key words in the search bar, but can also click on taxonomies (categories or tags) in a drop down or a selection box, to further specify the search results. Very interesting for large databases, with, for example, thousands of articles. You can put FacetWP to work, just like ACF, by using short codes and templates.
  • SearchWP
    Would you rather improve the standard search function in WordPress? Then SearchWP is our favourite This plugin indexes all of WordPress so that the results can be shown quicker. You can set the index to your own preferences. Choose, for example, which types of posts will be searched, which fields in a post are important or in fact irrelevant, whether or not to search for partial matches and much more.
  • P3 Profiler
    Is your website getting slower and slower? Use the P3 profiler to measure which plugins have the most impact on your load time. Sometimes it can help to get rid of a few plugins, to improve your website speed. Another solution is to choose super fastPremium WordPress hosting (Dutch link).
  • Broken link checker
    Before going live check to see if all the links on your website still work. Not missing anything, all external pages still available? You’ll get an e-mail if a link doesn’t work. You can even choose to have the check done regularly.
  • Redirection
    When you place your website online will you be replacing an old website?The older website has built up value in the search engines. To maintain as much of this value as possible you can redirect all the URL’s from the old website to the corresponding pages on the new website. This is a lot of work, but it is worth it. You can use the Redirection plugin, but in some cases a .htaccess file as well. Sometimes you can use one redirection rule to reroute multiple pages by using regular expressions (see the ‘Cheatsheets’ below) Dutch link.

Cheatsheets

There are many resources online dealing with developing websites, CSS procedures,  WordPress tweaks, typography etc. Below you will find a handy overview of cheatsheets we’ve saved in our favorites. Always good to have on hand.

  • Golden Ratio Typography Calculator
    Can’t figure out why your text is not very readable? Check your line spacing and font size with this tool. It will calculate the best line spacing, font size etc. based on things like the width of your content area.
  • Can I Use
    Just found a nice new CSS-feature? Want to use HTML5? Usecom to check and see which browser can/can’t use this code. Sometimes caniuse.com even gives fallback tips for older browsers. Look up ‘border-radius’ and then check the tab resources for an example.
  • comRegExr
    Website finished and you want to quickly add a few redirect rules to your htaccess file? Or are you programming and need to filter by pattern? If you are not familiar with regular expressions they can be headache inducing. txt2re.com helps by entering a string you want to match (for example an e-mail address, URL, telephone number or just a sentence). The tool generates suggestions of what a regular expression should look like. RegExr turns it around: input your regular expression and a piece of text and the tool shows you which parts of your example text match.
  • com
    A fantastically simple website that gives you the HTML code to embed things like YouTube URLs responsively. Also works for Vimeo, DailyMotion, Google Maps, Instagram, Vine, Getty Images and a normal iFrames.
  • w3.org
    Is the syntax of your website built according to the standards? The validator from W3 helps answer this question. Don’t let all the warnings scare you, a website that is 100% perfect is still just an illusion, especially when you work with themes and plugins. And yet, making fewer mistakes in your code makes your website more findable by search engines. A first tip: tick the box in WordPress ‘Automatically correct invalidly nested XHTML’ under General > Writing.
  • GenerateWP
    Need an extra custom post type for your website? Or want to add additional taxonomies to your page? GenerateWP walks you through a wizard and then gives you the code to place in the functiphp of your theme, super simple!
  • WordPress Code Reference
    The first place to go to look for hooks, functions and classes within It’s thephp.net for WordPress.
  • WordPress API’s
    A helpful overview of all API’s available for the WordPress core. Your code will be much more durable if you use these kinds of APIs. For example, by writing and and reading files via WordPress’s File system API your code will be better compatible with various server platforms.
  • io
    This website makes an attempt to inventory all the hooks for WordPress. You will also find all the actions and filters from a growing number of plugins and theme’s. This website has become a great resource for the better known plugins.
  • WcomWP Sniffer
    These two tools help you browse other peoples WordPress sites. You can see which theme is activated and what kind of plugins are running on the website. The picture it paints is not always complete, but it can help you find a underlying theme you like.
  • Google FontsAdobe Typekit
    A few years ago it wasn’t possible for all web browsers, but these days, in theory, it is possible to use almost every font on your WordPress website (which doesn’t mean that all fonts are ideal, load quickly or are readable on your website). Google fonts offers a growing selection of free fonts that you can use. If you are looking for a very specific font then Adobe Typekit may be a better option. You will pay an annual price, depending on the font. Lastly, you can turn your own fonts into web fonts. With the Webfont generator by Font Squirrel, for example.

Teamwerk

To keep the ball rolling for larger projects there is almost no escaping teamwork. The following tools really help us develop our WP websites in team.

  • Google Apps
    The complete suite of Google services is also provided for companies under the name ‘Google Apps’. E-mail, agenda’s, hangouts, analytics and contacts all run on user-friendly Google software, but under your own domain. Various extensions for Gmail (like Labelizer) make it possible to share e-mails within your team by using labels. We use this tool as task system at the moment.
  • LastPass (Enterprise)
    Indispensable when it comes to the safe keeping of your login details and those of your clients. Thanks to LastPass Enterprise we can also easily share logins within the team or change them safely. Very affordable and used by large companies like MailChimp and
  • GitLab
    To keep self-written code orderly and simple, we use GitLab as a version management system. GitLab is really a kind of open source GitHub alternative you can host yourself. By using GitLab multiple team members can work on the same project without getting in each other’s way.
  • Toggl
    A good timesheet isn’t just something your customers will appreciate; it helps you get better at estimating where the most time goes in a project. That’s why we use Toggl to track the hours we spend on a project. That way we can see, per project, if we are on schedule with our hours or if we need to make changes. Above all, customers gain insight in the time that was spent and how. Time tracking isn’t fun to do, but it is important.
  • Teamwork Projects
    For project management we used to use Basecamp Classic, a relatively old system (in internet terms). At a certain pointBasecamp Classic stopped meeting our needs because it wasn’t further developed. Teamwork Projects made it possible to transfer our entire archive from Basecamp Classic, so that we could keep all the history of our projects. Colleagues and customers can get access per project. There are to-do lists, where each task can be assigned to a colleague or customer.  You can confer with all involved parties per task. You can share files, messages and important milestones.

 

Stay informed

The WordPress landscape is constantly under development. To stay informed regarding new features, as well as upcoming changes, we recommend you put these websites in your bookmarks or subscribe to their mailinglists.

To close

Now that we have covered all kinds of tools, techniques, plugins and tips for WordPress, we would like to emphasize the most important tip we like to give WordPress professionals: keep it simple! Especially when you’re thinking of using a technically clever solution, always ask yourself: ‘is this not already lying around somewhere?’. Often the answer is yes, and your customers will be happy they don’t have to pay for re-inventing the wheel.  This will also enable you to spend more of your budget on making sure the content of the WordPress website is just right, and that is often more valuable to your client.

Do you use tools we haven’t named? Let us know in a response below!

Thrive Themes: conversion-focused WordPress platform

In one week, three different people enthusiastically suggested ThriveThemes to us. It was time for a review: did we miss something? (Yes, we did!)

ThriveThemes is a company that offers themes and plugins that help you achieve a higher conversion on your website: like inviting your website visitor to become a reader of your newsletter. This way, you build a relationship with your readers, which allows you to convince them to become one of your customers. This makes ThriveThemes a good provider, especially if you want online results and you’re not afraid to do a bit of marketing. Below we will briefly discuss their themes, content builder ad leads plugin. These three elements form a complete and conversion-focused WordPress platform.

Some links in this article contain affiliate code. When you are a customer of Sowmedia you can use Thrive for free. 

ThriveThemes

The themes from ThriveThemes have simple designs, and focus on conversion. If you are looking for a theme that contains the latest innovations in design, then ThriveThemes is not what you are looking for. Are you looking for a fast website, that is easily made and focusses on online results? Continue reading.

The advantages of a Thrive theme:

  • Light code and automatic image compression that allow your website to load faster. They use Kraken.io for this, which normally costs $9,- per month, but is included, so it’s a nice cost reduction and one plugin less.
  • You can indicate “targeted focus areas”. This means, elements that stand out, such as a special offer to your visitors. Or forms that generate more clicks, which you can link to your favorite mailing list.
  • The readability of the themes has been optimized with enough white space and large, clear, legible letters.
  • The themes contain a landing page in the same design style, but without any of the website items. So, the header, navigation, links, sidebars and footer widgets don’t show, to keep the visitor from being distracted.
  • Completely mobile responsive and suitable for retina. Fonts, columns and icons scale nicely when changing screen size.
  • Fast loading social sharing buttons
  • Fast loading related messages, because they don’t generate while visiting the message, but while saving the message
  • Good integration with the Thrive Content Builder.

Thrive Content Builder

The Thrive Content Builder allows you to edit your website at the front end. This means, you can see what a text is going to look like while you’re typing. So, What You See is really What You Get. At first, it takes a bit of fidgeting to get the element in the right place. But practice makes perfect. You can use the Thrive Content Builder in any theme, so also when it’s not a theme from Thrive. For people with HTML knowledge, it is possible to see the entre code in HTML. You don’t really need this, but it can give you more insight, which is nice if you know how to work with HTML. The HTML code is very clean, by the way.

The elements included in the Thrive Content Builder are:

  • Lists with bullet points in various designs
  • Columns
  • Embedding Responsive Video
  • Easily building HTML tables
  • Feature Grids (blocks with images or icons)
  • Content Tabs & Toggles
  • Option to add Google Maps code
  • Stars for reviews
  • Countdown Timers
  • Opt-in Forms
  • Automatic table of contents in a page
  • Adding your own HTML & CSS

As you can see they have again chosen to not offer every functionality imaginable. If you are looking for a content builder with more and more enhanced functionalities, we always recommend Enfold or one of the themes from Elegant Themes. Are the abovementioned elements enough to show all your content, then the Thrive Content Builder is definitely recommendable. The great advantage of the Thrive Content Builder is that you immediately see the result. So, you don’t have to switch back and forth between the front and the back end. Also, it’s nice that the Thrive Content Builder offers several landing pages. These are pages without the regular elements, that focus entirely on getting results (for example: signing up for a course, newsletter, etc.). Sadly, it is not very extensive and the design can be a bit plain. So, I particularly recommend the Thrive Content Builder to those who are now using a rather user-unfriendly theme that doesn’t offer any nice conversion-focused elements.

Below I will show a short video on how to make a new page with the Thrive Content Builder.

Thrive Leads

With Thrive Leads you can create different opt-in forms and/or special offers with a drag and drop editor. Even if you are not using a Thrive Theme or Thrive Content Builder, this can be a very nice supplement to your current WordPress website. With Thrive Leads you can generate leads more easily by using ‘forms’. There are various forms:

Popup Lightbox
tl-form-type-1

A lightbox that opens on your page

“Sticky” Ribbon
tl-form-type-2
At the top of your page a clear deal or offer.

In-Line Forms
tl-form-type-3
A form at the bottom of your page.

2 step opt-in form
tl-form-type-4

This form will show in a light box, when you click a button.

Slide-In
tl-form-type-5
This form slides into your page.

Opt-In Widget
tl-form-type-6
This way you place a form in a widget.

Targetting with Thrive Leads

targeting-3hrough targeting, you can indicate where and when you want a form to show. For example, with all messages/pages, or just with a certain message category or only with a certain message/page. This is convenient, because you can create an offer that is relevant to the content shown. In Thrive Leads, you can see which are your most important messages (the ones that create the most traffic) and for those messages you can make a specific offer (also called “content-upgrade”).

A/B testing with Thrive Leads

With the A/B testing engine you can test different forms/offers. You can test different designs & content. You can test triggers, for example a popup after 3 seconds, or when the visitor as scrolled down 50%, or when it looks like the visitor is about to leave the page. Also, you can test the results of different form types. For example, a lightbox popup vs. a Slide-in form. The great thing is, that you can configure this all at once and then Thrive Leads automatically lets you pick a winner, as soon as enough data has been collected. In the video below, Thrive Leads is explained further.

Want to try ThriveThemes?

The proof of the pudding is in the eating. Do you want to try ThriveThemes, Thrive Content Builder and/or Thrive Leads? When you are a customer of Sowmedia, you can use the whole package for free. Call us (010-4654444) or send us an e-mail. Not yet a customer? Get our premium hosting and you too will get the whole package for free. This way you save $147,- per year. Place a comment on your experience with Thrive below. We’d love to hear from you!

18 Tools for WordPress Hosting, Maintenance and Management

18 Tools for WordPress Hosting, Maintenance and Management

When hosting, maintaining and managing hundreds of WordPress websites for our customers on a daily basis, you’ll need to guarantee stability for all these websites. To have them operate smoothly and safely you can use of a variety of tools. In this article we will go over the most important techniques and explain how we keep everything in-sync.

Note: Some of the provided links have an affiliate code.

WordPress hosting and maintenance: the ultimate worry-free solution

Our goal is to completely unburden our customers when it comes to WordPress. Practically, this means we take care of all the technical hassle so our clients only have to focus on the content of their website. This way, they don’t have to worry about WordPress hosting, updates, security or speed, because we got it all covered. Now, what tools do we use to accomplish all this?

Hosting

Managed WordPress hosting

We buy our hosting from the best Premium WordPress hosting parties, and continually and carefully look at the safety, stability and speed of their servers, and the quality of their support. Should we be able to guarantee a better speed on a different server, we may transfer websites between hosting parties.

Currently, we buy Premium WordPress hosting from WpEngine (starting at $29 pm) and Kinsta (starting at $100 pm for 1 website), among other hosting parties. In any case, we make sure we get the best match, which will depend on the specific requirements and requests of our clients.
[/av_textblock]

Managing

Making Sites Maintenance ready

Many clients that want us to maintain their website, have modified their WordPress theme. This often results in an inability on our side to update their theme without loosing the modifications they have made. This is why the first important step to prepare websites for our maintenance program, is to split the modifications into a parent theme (the original theme) and a child theme (the modifications made to the theme). This makes it safer and easier to update the parent theme without losing the modifications set in the child theme.

Once new clients are added to our program, we thoroughly verify whether or not hackers have had access to the installation. We also double-check if all users make use of complex passwords. Thirdly, we check if the installed plugins are malware free, non-conflicting and up-to-date. At times we may advise our clients to give up a certain plugin in exchange for a more solid solution.

InfiniteWP

Our update policy is an important aspect of our service. By virtue of performing controlled, daily updates, we guarantee the safety of our WordPress websites. All safety updates of plugins, themes and WordPress itself, are directly executed by us. For this daily taks we make use of  InfiniteWP (free, with add-ons at extra cost), enabling us to access and manage all of our WordPress websites within one interface, regardless where a website is hosted at that time.

In this central control system we can see how many updates are ready to be installed per website, and can perform these updates directly from a central admin panel without having to log into each separate website. We also check the impact of each update, and whether changes have an effect on the performance of the corresponding website. This way we resolve any issue that a new update may cause. All this is part of our service.

Other than that, InfiniteWP gives us the ability to clone a website, make backups, login directly, perform malware scans, install and activate multiple plugins at once, and much more. To cut a long story short: InfiniteWP is the linchpin in our centralized WordPress management system.

Plugins

Kraken.io

Images on a website are prone to take up a lot of loading time. By making use of image optimisation, we aim to limit file sizes to a minimum. For this we use Kraken.io (starting at $ 5 pm), a service that optimizes GIF, JPG, PNG and SVG files without any visible loss of quality. We use the Kraken Image Optimizer (free) plugin on every website, which automatically compresses every uploaded image, causing images of our clients to load over 50% faster.

Gravity Forms

Contact, sign up or request forms are indispensable for virtually every website we manage. There are but few WordPress form plugins that offer as many options as Gravity Forms (starting at $ 99 per year for multiple sites). Our clients use this plugin for many purposes. This is why we have a Developer License for Gravity Forms, enabling all of our clients to make use of this versatile plugin.

Akismet

Akismet (starting at $ 50 pm for multiple sites) is a spamfilter for WordPress websites that checks responses and form submissions. For this plugin we also have an Enterprise license, automatically filtering all comments, responses, requests and form submissions of all our clients.

Yoast SEO

We also install the Yoast SEO plugin (free) plugin for all websites of our clients. Another vital plugin to improve the findability of your website. With this plugin you can indicate each page’s title and a summery, and then immediately view how this would show up in Googles search results.

Monitoring

Uptime Robot

Uptime Robot (starting at $ 5,50 p/m) is an online service set up to verify whether a website is still up. Every website we host is being monitored via Uptime Robot. As soon as a website shows downtime, we are notified and can immediately investigate what is causing the site to be down.

Uptime Robot enables us to swiftly take action in case a site causes trouble. This way, the actual time a website is unavailable is significantly minimised. Uptime Robot also builds its own history, enabling us to compare the amount of downtime of multiple WordPress hosting providers over an extended period of time. Added to this, we are given insight into which websites are downtime prone. This, then, helps us to zoom in on specific problems so we can solve them.

Broken Link Checker

Once a website is transferred or going life, we double-check the links used on the site by virtue of Broken Link Checker (free). In some cases, we keep this plugin activated to be able to perform routine checks. Whenever links on a website are troublesome or no longer active, this WordPress plugin will notify us instantly via email.

Visual Monitor

Sometimes a website may be available and operative, but certain elements cease to operate as they should, like a slider that doesn’t function or a widget that suddenly disappeared. Logically, Uptime Robot won’t pick up on such inconsistencies. For this reason we have an additional monitoring system set up, that makes multiple screenshot per day of each website we host. This system then compares each screenshot with the previous one, and notifies us promptly when it detects any visual discrepancies. As a result, we can investigate what is going on as soon as part of a site changes or disappears.

Maintenance Mode Monitor

‘Maintenance-mode’ is selected by default when WordPress is updated. During such an update, visitors are shown a white background with a notice that the website is currently under maintenance. This notification only last seconds, for as soon as the update is completed, maintenance mode is deactivated. However, once in a while, it may occur that an update cannot be completed, which then results in WordPress staying in ‘maintenance-mode’.

To counter this we have developed a ‘maintenance-mode-detection’ in our visual detection system, which alerts us as soon as unusual quantities of ‘white’ are found in a screenshot. This detection also traces other issues (like a website that refuses to load completely), making it a valuable addition to the visual monitor mentioned before.

Robots.txt monitor

Search engines look for a file called ‘robots.txt’ on every website. For example https://www.wpupgrader.com/robots.txt. The ‘robots.txt’ file dictates which pages of your site may or may not be indexed by search engines. WordPress automatically generates this file for you. This, however, also causes you to have little of no influence on changes made within this file. Should this file store the wrong kind of information, then search engines may by default ignore you when indexing the internet. This is, of course, fatal when you want people to find you easily and swiftly. Our ‘robots.txt monitor’ checks whether each websites is configured correctly and alerts us as soon as it detects changes in this file.

PageSpeed monitor

For search engine optimalization (SEO) Google measures speed and optimisation by virtue of a so-called PageSpeed score. For this reason a fourth monitor is installed for all websites: the Google PageSpeed monitor.

Several times a day we verify the Google PageSpeed score of a website. As soon as major shifts are detected, we are alerted so we can investigate the reason behind an irregular score. Particularly when the PageSpeed score drops drastically all of a sudden, it is crucial that we find out why as soon as possible. The PageSpeed monitor helps us to inform our clients promptly when the alterations they make to their site negatively affect their score.

Dashing.io

Dashing (free). With Dashing multiple widgets can be projected onto a dashboard. Such a dashboard gives us a clean-cut overview of up and downtime monitors, pending updates, and much more. Instant alerts are given when one of our sites is down, or when there is an outage.

Dashing is open-source, but definitely a must for programmers. Dashboard is written in Ruby, Coffeescript, HTML and CSS. Additionally, you will find quite an extensive list of widgets for Dashing on GitHub, many of which can be installed as is.

Optimisation

CDN

A Content Delivery Network (CDN) is a server network that stores and delivers static content. By saving static content (images, scripts) in a CDN, visitors are able to load your website much faster because different segments of your site are delivered simultaneously from multiple servers. We make use of several CDNs, in accordance with the demands of our customer. Widely used CDNs are MaxCDN (starting at $9 p/m) and CloudFlare (free with paid add-ons). MaxCDN can be easily installed with an optimalisation plugin (read below), while CloudFlare is a bit more complicated in set up.

Optimisation Plugins

To improve the speed of a WordPress website a proper optimisation plugin is indispensable. Such a plugin first of all offers proper caching; a technique that memorizes frequently visited pages in order to prevent them from having to be rebuilt by the server every single time, thereby cutting loading time short. There are Premium Hosting companies that will handle caching themselves.
An optimisation plugin can equally help to combine and compress HTML, JavaScript en CSS, causing a webpage to load faster as it then consists of fewer files.

Lastly, linking a CDN is another option. In doing so, the plugin automatically loads images and other static content (like scripts) via the CDN.

Generally, we use two different optimisation plugins: WP Rocket (starting at $99 p/y for multiple websites) or W3 Total Cache. WP Rocket is conveniently simple to manage, works out-of-the-box, and automates many things. For more complexer websites we use W3 Total Cache, as it has more configuration options, like for instance specific script handling.

8 front-end editors for WordPress

8 front-end editors for WordPress

When adding content to your WordPress website, it can be hard to determine what it is going to look like at the ‘front end’ of your website. This is because the WordPress editor is placed at the ‘back end’ of the website: the administrative part. However, in the past few years, more and more front-end editors for WordPress have been developed. You use these to edit the front end of your WordPress website directly, so you immediately see the end result. In this article, we will discuss eight front-end editors for WordPress.


Visual composer is one of the most commonly used WordPress content builders. This plugin works like building blocks with all sorts of elements that you can drag into your content: images, video, sliders, headers, text, widgets, etc. Also, with this plugin you can divide your content into several columns.

A year ago, the option to make these adjustments on the front end was added to the plugin. When clicking on an element, the editor opens in a popup on your screen. When you’ve finished making changes, you click on ‘Save changes’ and you will see immediately what it is

going to look like in the website. The advantage of this plugin, is that you can keep using the Visual Composer back-end editor that you are used to. However, you won’t immediately see what the changes you made are going to look like; you first have to click on ‘Save changes’.

Personally, we think the Visual Composer is only so-so. On one side, it can be a powerful means to set up a professional website, without any programming. On the other side, we’ve noticed that the Visual Composer is often too complicated for the average user. You have to invest some time in order to become good at it. Also, the Visual Composer has been developed so much in the past, that older versions cannot just be updated. Consequently, websites don’t update the plugin, leading to all sorts of security risks. So, we only recommend this plugin to professional users and experienced amateurs.

LayersWP (gratis)


A rather new initiative is Envato’s Layers. This plugin aligns the front-end editor with the ‘adjust theme’ functionality that is included standardly in a WordPress website. On the left side of your WordPress website a menu will appear where you can make all adjustments to your website. The changes you make will be implemented directly on your site. When testing this functionality, it was sometimes hard to find the desired adjustments in the left-side menu. So, it doesn’t seem to be fully self-explanatory, but that may be a question of getting used to.

A strong feature of LayersWP is that changes you make are immediately visible while you’re typing. On the downside, standard themes don’t work with LayersWP, so you need special LayersWP themes. So, the plugin is free, but you still have to purchase a WordPress theme. ThemeForest already offers a special category of LayersWP-themes, but the question is whether theme developers really feel like making many more. So, we’ll just have to wait and see if this initiative is really going to be a success.

Editus ($ 129)


A few months ago, the makers of Aesop Storytelling introduced the front-end editor Editus, that looks very attractive with its minimalistic interface. There are a few buttons for dragging text, images and other elements onto your page at the bottom of your WordPress website. It all works pretty intuitive, especially because after dragging the element of text, you type directly on the page. So, with every letter you type, you immediately see what it’s going to look like.

Editus is the most user-friendly front-end editor that we have encountered so far. It has the advantage that it works in most existing WordPress themes. Sadly, Editus does not offer as many elements as other front-end editors. For example, there’s no option to divide elements into various columns. So Editus is very practical for storytelling and writing blogs/news reports, but not so much for creating more complex pages.


The Live Composer is an attractive competitor to the Visual Composer and focusses – even more than its rival – on the front end. At the bottom of your website there’s a large blue bar from which you can drag all kinds of elements onto your website, e.g. text, images, video and sliders. Later you can divide these elements into columns. There are several WordPress themes (including Jade) that include the Live Composer as a standard.

Compared to the Visual Composer, the Live Composer offers more text elements that you can edit directly on your WordPress website (such as titles), but then when editing content in, say,

text blocks you do this in a popup. However, a large disadvantage is that with the Live Composer you can only edit your pages at the front end; there is no back-end editor.


The Frontend Builder is the least attractive plugin of the payed front-end plugins, but it is the cheapest one. With this plugin, you have a narrow bar on both the left-hand and the right-hand side of your WordPress website. With the left sidebar, you divide your page into columns, so you can add texts, images, video’s, etc. With the right sidebar, you can edit each element, e.g. by entering text, changing font size, changing color or uploading images.

The Frontend Builder offers the possibility to immediately see what your content is going to look like on different screen sizes, such as tablets and phones. Only it makes it harder to later edit the page at the back end. You can still see the texts and images of your page on the back end, but you can no longer change or edit columns. So, if you have created a page with the Frontend Builder, you’ll have to keep editing at the front end.


The free plugin WP Front-end Editor is on a list with plugins that might be integrated into WordPress in the future. The plugin is still in the developmental phase, so you might come across some unexpected problems on your own

WordPress website. With the WP Front-end Editor, you see a button called ‘Edit’ at the bottom of each page, if you’re signed in. When you click on it, you can edit the title and the text, as if it were a Word-document. When starting a new paragraph by clicking enter, you can either continue typing or enter an image or page mark.

The plugin does not work as intuitively as Lasso and offers a bit less possibilities, but it is a very nice, basic front-end editor for editing a text or title. Because you immediately see what it is going to look like, you can easily make a few quick changes. On the downside, the plugin is still at an instable stage, so some themes might cause unexpected problems. This definitely is a plugin that we should keep our eyes on.


The Front-end Editor has many similarities with the WP Front-end Editor, but the most obvious difference is that the ‘Edit’ button is not always on the screen. Only when you move your mouse over a title or text field you want to edit, then the ‘Edit’ button will appear next to the content field. When you click on it, you can immediately start editing the corresponding text on the page. Also, you can determine the font size and place headings between paragraphs.

A great advantage of this working method is that your page, after editing a text field, immediately looks the way it is visible to the public. Also, you can place images in your text. But sadly, you can’t use the WordPress media library for this, which is a real disadvantage of this plugin. So, you have to manually paste the image URL; not very user-friendly. This plugin looks suitable for basic websites when you’re not working with a content editor/page builder.


The WP Quick FrontEnd Editor plugin offers more or less the same functionalities as the Front-end Editor. After you have activated the plugin, the ‘Enable WP Quick Front Editor’ button appears in the black toolbar at the top of your website. When you click on it, lines appear on your page, around the editable text areas. Then you can click on the text and edit it. The editor interface looks a bit different than a standard text-editor you’re so used to finding in WordPress.

A strong feature of this plugin is, that you can also add images to your text from your own WordPress media library. While you’re editing text, you cannot see yet what your page is going to look like to visitors, which is a disadvantage.

Conclusion

When publishing text-oriented articles on your WordPress website Editus is by far the best plugin to use. This plugin is very user-friendly and it shows you what your content will look like while typing. Unfortunately, Editus doesn’t have a very attractive price model, so the best free alternative would be WP Front-end editor. However, Wp Front-end editor is still under heavy development.

Are you not that text-oriented and would you like more flexibility building your webpages, for example columns and media-elements? Than Visual Composer ($ 33, front-end ánd back-end) or Live Composer ($ 28, front-end only) are real recommendations. Keep in mind it will take you some time to get to know all the features these composers offer.

The free alternative LayersWP isn’t really free because it’s only useful when you also purchase the special LayersWP-theme.

To sum up, the more flexible editors are still not always able to immediately show what your page will look like on the front-end. All things considered, text-oriented front-end editors are better at their disposal.