"Mr Branding" is a blog based on RSS for everything related to website branding and website design, it collects its posts from many sites in order to facilitate the updating to the latest technology.
To suggest any source, please contact me: Taha.baba@consultant.com
Wednesday, May 31, 2017
How to Get More Followers on Instagram: A Guide to Earning Your First 1,000 Followers - infographic
[ This is a content summary only. Visit our website http://ift.tt/1b4YgHQ for full links, other content, and more! ]
by Irfan Ahmad via Digital Information World
Are Your WordPress Themes Flexible or Fast?
This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.
If you've developed WordPress themes for mass distribution, you might have come across the problem of finding the perfect balance between building performant themes and building feature-rich, media-heavy products for your customers.
Let's look closer into what the tension might be all about and how you can find ways to compromise between creating fast loading themes and giving users the flexibility and easy customization options they love and expect.
Are Flexibility and Performance At Odds When Coding WordPress Themes?
I will start by saying that my discussion is not going to be about performance in relation to an entire WordPress website, which might include a number of different factors like finding a great hosting provider, implementing caching mechanisms, leveraging both back-end and front-end techniques, etc.
Also, the topic is not about the performance of WordPress themes you code from scratch either for your own use or for a specific client. In these particular cases you tailor your themes to the specific needs of yourself or your individual client, which should make performance optimizations easy to accommodate.
Rather, my focus will be on WordPress themes you code for the general public, to be distributed on WordPress.org or an online marketplace. The scenario is one where you, as the theme developer, have no control over how your theme is going to be used and customized.
But why coding for performance could clash with coding themes for the public?
On the whole, performance requires you:
-
To stick to simple designs
-
To include a limited number of features into your themes (more features are likely to require more processing power and resources, all of which impacts on theme performance)
-
To add the minimum number of page templates for a theme to function (fewer templates require fewer resources, which is good for performance)
-
To perform as few database queries as possible (querying the database takes time)
-
To limit the number and size of images and other media, which are notoriously heavy files
-
To minimize the number of HTTP requests (each round trip to the server and back takes some time with obvious negative consequences on performance).
On the other hand, a considerable number of your themes users are likely more entrepreneurial than tech minded. Therefore, what they might be looking for is a product they can turn into pretty much anything without so much as one line of code, with lots of functionality out of the box, breathtaking photo and video assets, super delightful parallax and other animation effects, and such like.
To give theme users all the flexibility they would like could come with some performance costs. But, let's go into a few specific points that illustrate how this can happen and how you can find some middle ground for a successful outcome.
Themes Are for Appearance, Plugins for Functionality
Although a number of reputable WordPress experts have been throwing some well argued criticisms against the so called kitchen sink themes, that is, those multipurpose themes that can become anything to anybody by offering any functionality under the sun, the demand for them is still going strong.
Themes that give users the ability to easily add social media buttons, SEO features, contact forms, price tables, etc., while attracting a lot of attention from buyers, don't come without some serious drawbacks.
In particular, this kind of WordPress theme comes tightly coupled with plugins specifically built for it, or even integrated directly into the theme. This practice is widely frowned upon for the following reasons:
-
Some of the plugins that come bundled with a theme can have vulnerabilities that put theme users at risk. If the theme doesn't come with specific plugins installed it's less open to such risks
-
A super important drawback of tight integration between themes and plugins is what Ren Ventura identifies as theme lock. Here's his explanation of this problem:
Theme lock occurs when a WordPress user cannot change his or her theme without gutting most of the site’s functionality. Once the theme is deactivated, it deactivates things like shortcodes and custom post types that were registered by the theme. Without these features that the user has heavily incorporated into the site, things fall apart.
As a consequence, when you change theme, a lot of the stuff you thought it was part of your website content disappears with the old theme. For instance, if your theme offered the ability to add testimonials to your website, once you change theme all the content related to your testimonials will be gone. Not nice.
-
And of course, bloat and hence performace costs. Let's say you don't need a testimonials section on your website. Yet, all the code that makes that functionality work in the theme is still there: it takes up space on your server, which ultimately costs money.
A great maxim the Theme Review Team (i.e., the volunteers who review themes submitted on the WordPress.org themes repo) rightly enforces is: keep functionality separate from appearance. Plugins deal with functionality, themes with appearance. Getting rid of all the complication will improve theme performance and at the same time make it easier for users to install and configure WordPress themes.
Your Users Don't Need Tons of Theme Options (But They Might Not Know This)
Until not long ago, WordPress themes included rather complicated theme option pages to enable users to make all sorts of modifications with a button click.
These days, thanks to a momentous decision taken by the Theme Review Team on WordPress.org in 2015, most themes offer theme options using the WordPress Customizer, which makes possible live previewing the changes as they're being made by users.
Unfortunately, the kitchen sink mentality that ruled the old theme option pages has started to migrate to the Customizer, which you can now see as also starting to get filled up with all sorts of settings.
Although non technical customers love theme options to make changes to their themes, sometimes too many options available bring more problems than they seemingly solve:
-
Too many options can paralyze users who are not too familiar with core principles of website design
-
It can take more time than expected to set up and configure a theme
-
It's easy to make mistakes like choosing the wrong colors, making text unreadable, etc.
-
Users might add too many fonts to their themes, thereby spoiling the design and slowing down the website
-
More options means adding more functionality to the theme, thereby impacting on its performance.
Although your customers might not accept this at first, you are the theme designer, therefore you should be the one who is best placed to make the important design decisions for your theme.
A well-calibrated number of theme options should be sufficient to let your customers make some targeted and carefully predefined (by you) modifications to personalize the theme and make it their own.
Implement Smart Graphics Optimization Techniques
Images are likely to put the heaviest weight on theme performance compared to template files, scripts and styles. Just run any theme through the Pingdom's Speed Test tool to verify this.
However, a generous use of full-screen, bold images is hardly surprising. Images add huge aesthetic value to themes and customers are drawn to a theme largely on the basis of its visual impact.
Continue reading %Are Your WordPress Themes Flexible or Fast?%
by Maria Antonietta Perna via SitePoint
How to Think about Website Security as an Admin
Website administrators, especially those in smaller businesses or organizations without people dedicated to the job and large IT and web arms, often overlook quite a few basic tenets of website security. This can be quite dangerous, in the modern era of not only directed hacking, but the mass scripting attacks carried out against a seemingly endless and random pool of targets. No matter how small and relatively unimportant your site is, it can be a target. And whether you're the person who developed the site, or just the one managing it, you may not be familiar with a few of these basic tips for website security.
If you're an employee who's been asked to oversee a website and are reading this article, some security considerations might sound difficult, but remember that everything you need to know you can learn. There are plenty of resources out there (including our own SitePoint Premium) that can help you with website development and administration. The important takeaway from this article, I hope, is for you to spend a few moments and really think about your site's security.
Password Security
Good password security is one of the most important considerations for your website's security. As an administrator, you may be responsible for a variety of important passwords. The hosting account management, FTP access, SSH access, MySQL databases, your site's control panel, WordPress admin panel, etc. All of these need to be different passwords (never re-use a password) and long. Pass phrases are better than passwords in that regard. Complexity helps too, but it should be something that you can remember, or you should use a password manager to assist you.
User Access Levels
Another thing to consider is the access of administrative users to your website. If your organization will require more than one or two users to be administering a site, you should have separate accounts for things like admin panels. Those users should also have different access levels. In terms of content management systems, the users should be limited from website administrative settings, altering other people's content, or file management, unless they actually require those permissions.
Having user account levels and separated accounts will help to prevent accidental or malicious damage to your site, and using individual accounts will also help you track and log who makes particular changes, just in case any nefarious activity occurs (or a user is hacked). It will also help with removing users from the organization who leave your company - you can simply and easily deactivate their account without needing to reset shared passwords, if their account is their own.
Continue reading %How to Think about Website Security as an Admin%
by Jeff Smith via SitePoint
Managing State in Aurelia with Higher Order Components
This article was first published on Pragmatic Coder by Aurelia core team member, Vildan Softic. If you enjoy this, why not head over there and check out some of his other work.
We can't ignore the ever-growing importance of changing paradigms, no matter whether we're talking about social, political or software development matters. Of late, front-end web development has seen an increasing interest in predictable state containers, introduced by concepts such as Flux and made popular by Redux. Simultaneously, the trend towards a more functional style of programming — particularly component composition — has changed the way we think about building applications.
At first glance, neither idea may appear that important or world changing in its own right, but put together they can provide a great developer experience. I'm not going to judge whether this is a better approach compared to well-known concepts such as MVVM and classic services. Rather I'd like to share an approach which helps you to combine both concepts, so as to get the best of both worlds.
This article talks about the theory, actual code and a full example can be found over at GitHub. Sources, including templates, are fully commented to explain design choices and the repo's README contains a recommended way to review the example. As such we won't waste time on implementation details, like the use of RxJS, but get straight to understanding the core concepts.
A Modern Development Approach
A modern development approach leverages a single store, which acts as a fundamental basis for your application. The idea is that this store holds all the data that makes up your application. The content of your store is your application's state — a snapshot of your application's data at a specific moment in time. In functional terms, if we were to represent our whole application with a single function renderApp
, the state would be the argument we pass in.
function renderApp(state): RenderedApplication
If we only wanted to produce static sites without any interaction, we'd already be good and could stop work here. However, most of today's apps provide a plethora of interactions. So if the state is a snapshot at a specific point in time, an event can be seen as the trigger that changes our state from current to new. Such a user interaction can be compared to a reducer, which modifies the current state by applying instructions from a certain action.
function userInteraction(oldState, ...actionInstructions): NewState
Modification though, is a dangerous game. If we change the original source, how will we know the difference between the new and old state? As such immutability is a key aspect of modern approaches, as it maintains the original source and creates a modified copy of your new state. So the current state becomes the old state and the interaction creates the next current state.
CURRENT STATE --> USER INTERACTION
--> NEW STATE
renderApp(currentState) --> userInteraction(currentState, ...)
--> renderApp(newState)
Past, current and the future are snapshots of state after a given amount of actions. Keeping this in mind we can move the current state backwards, by reversing actions and traveling back to a previous state.
NEW (aka CURRENT STATE) --> USER INTERACTION * -1
--> CURRENT (aka OLD STATE)
renderApp(newState) --> userInteraction(newState, ...)
--> renderApp(currentState)
The interesting point here is that the functional call sequence does not change — only their inputs do. As such we can conclude that a state is solely influenced by actions and that given a specific input, we can always expect the same output. This reflects the nature of pure components.
Continue reading %Managing State in Aurelia with Higher Order Components%
by Vildan Softic via SitePoint
Version Control with Magento and Git
This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible. Many developers may wish to use version control with their Magento site as they develop it, and perhaps continue doing so as they maintain and add to the live website. Here, we’ll focus […]
Continue reading %Version Control with Magento and Git%
by Jeff Smith via SitePoint
8 of the Best Plugins for Securing Your WordPress Site
How do you avoid getting hacked? Our last article detailed forty techniques for securing your WordPress site. This follow-up post is a quick reference of the best plugins that look after your security needs.
We’ve focused on highly-rated plugins that cover a range of security features, rather than one-trick-wonders. If your hosting provider doesn’t already have a comprehensive security solution (possibly including the use of these plugins), installing one would be a great first step in your security strategy.
Have we missed your favorite security plugin? Let us know in the comments.
1. WordFence
- Cost: Free, Premium from $99/year
- Active installs: 2+ million
- Rating: 4.8 out of 5 stars (3,048 reviews)
Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and we even check if your website IP address is being used to Spamvertize.
WordFence includes these security features:
- Firewall. WAF with automatically updated firewall rules that block common WordPress security threats.
- Blocking features. Real-time blocking of known attackers and malicious networks and other security threats.
- Login security. Two-factor authentication, enforced strong passwords, security to lock out brute force attacks.
- Security scanning. Scans core files, themes and plugins for malware and backdoors, and checks for files that have been changed.
- Monitoring. Monitors traffic in real time including bots and reverse DNS, monitors for DNS changes and disk space.
2. All In One WP Security & Firewall
- Cost: Free
- Active installs: 500,000+
- Rating: 4.8 out of 5 stars (669 reviews)
A comrehensive, easy to use, stable and well supported security plugin… It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
All In One WP Security & Firewall includes these security features:
- User accounts security. Change the default admin username, check for user display names that are the same as usernames, password strength tool, stop user enumeration.
- User login security. Login lockdown (brute force protection), log out inctive users, view failed login attempts, whitelist IP addresses, see who’s logged in, CAPTCHA.
- User registration security. Enable manual approval, CAPTCHA, Honeypot.
- Database security. Set the default WP prefix, schedule automatic backups.
- File system security. Identify and fix insecure permissions, disable file editing from WP admin, monitor system logs.
- htaccess and wp-config.php file backup and restore. Easily backup, restore and modify these important files.
- Blacklist functionality. Ban users based on IP address or range, or by specifying user agents.
- Firewall. Add firewall protection via htaccess, firewall rules that stop malicious scripts.
- Brute force login and attack prevention. Cookie-based login prevention, CAPTCHA on login form, rename login form URL, Honeypot.
- Whois lookup. Get full details of a suspicous host.
- Security scanner. File change alerts, scan database tables for suspicious strings.
- Comment spam security. Block IP addresses of spammers, add CAPTCHA to comment form.
- Front-end text copy protection. Disables right click, text selection and the copy option.
3. iThemes Security
- Cost: Free, Pro: 2 sites $80/year, 10 sites $100/year, unlimited sites $150/year, Gold $297 lifetime.
- Previously called Better WP Security
- Active installs: 800,000+
- Rating: 4.7 out of 5 stars (3,812 reviews)
iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.
The free version gives you some protection, but the Pro version includes these security features:
- Two-Factor Authentication. “Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you.”
- WordPress Salts & Security Keys. “The iThemes Security plugin makes updating your WordPress keys and salts easy.”
- Malware Scan Scheduling. “Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details.”
- Password Security. “Generate strong passwords right from your profile screen.”
- Password Expiration. “Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed).”
- Google reCAPTCHA. “Protect your site against spammers.”
- User Action Logging. “Track when users edit content, login or logout.”
- Import/Export Settings. “Saves time setting up multiple WordPress sites.”
- Dashboard Widget. “Manage important tasks such as user banning and system scans right from the WordPress dashboard.”
- Online File Comparison. When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.
- Temporary Privilege Escalation. “Give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.”
- wp-cli Integration. “Manage your site’s security from the command line.”
Continue reading %8 of the Best Plugins for Securing Your WordPress Site%
by Adrian Try via SitePoint
6 Tips for Managing Your Site with cPanel
If you use shared hosting for your website, chances are good that you are managing your site with cPanel. The cPanel software is the prevalent administration panel for a significant number of hosting companies out there, but many people who use it don't stop to check out the features that it offers. With cPanel, depending on what your host offers and what your hosting package includes, you can manage domains that are attached to your account, email accounts, files and databases, and many other administrative tasks, all made easier with a single interface.
In this article, we'll walk through six tips for managing your site with cPanel, that you may or may not have seen in your own hosting adventures. Experienced users may already know about these items, but newer users, expecially those who haven't taken the time to really look through their cPanel interfaces, may not have seen these options. In fact, sometimes even experienced users can get bogged down in routine and forget some of the options available to them, so it's worth a look!
The first two items are not default features of cPanel, but rather available "cPanel Apps", meaning that some hosts may have them, some may not, and some may have more than one option. They're still mentioned here because of how common they are, and how incredibly useful.
Autoinstallers
Autoinstallers (such as Softaculous Auto Installer) are exactly what the name says. They provide a way to perform quick and painless installations of platforms that you may need in order to build a new website, such as WordPress, Joomla, Drupal, PrestaShop, forums platforms, and a variety of other content management systems, frameworks, and scripts. With a click or two you can have the platform you need installed on your new hosting and ready to go, rather than manually setting up databases, uploading files via FTP, and running through setup processes, troubleshooting issues as you go. It's a great feature that is sometimes overlooked, and saving time is something that even veteran site administrators can get behind!
SSL Certificates
Another app that you may find in your cPanel is one that provides you with the ability to install an SSL certificate for your website, such as the LetsEncrypt cPanel app. If you're not very familiar with SSL certificates, and the growing need for every site to use HTTPS, you should take the time to learn about it. Many hosts, including SitePoint's partner, SiteGround, provide these certificates free, via the cPanel, for all, or at least some payment tiers, of their customers. And if you're using a CMS such as WordPress, here are some tips for getting set up with an SSL certificate
Securing your site with HTTPS will make it easy for all visitors to see that security is important to you, as any modern browser will indicate with a green lock when a site is HTTPS and secure. The growing pressure from Google and others to force all sites to become HTTPS only makes it more urgent, and that much greater of a feature that you can set one up right from your cPanel.
Continue reading %6 Tips for Managing Your Site with cPanel%
by Jeff Smith via SitePoint
#292: 11 Things I Learned Reading The Flexbox Spec
|
by via FrontEnd Focus
Feel
by Rob Hope via One Page Love
How Can I Use WordPress for eCommerce?
So, you love WordPress, and want to launch an eCommerce site. You can do just about anything with WordPress. Should it be used for eCommerce, or is it better to use something designed from top to bottom for online shopping, like Magenta, Prestashop or OpenCart?
There are a wide range of eCommerce solutions out there, both hosted and self-hosted that are worth considering. But by adding an eCommerce plugin to WordPress, you get the same range of online shopping features, plus the familiarity and power of WordPress.
For most people, there are two WordPress eCommerce solutions I recommend. Many people would agree with me, since they’re two of the most popular options out there, powering half of the world’s online stores. They’re different, and appeal to different people—and one of them will likely appeal to you.
But they’re not the only options. If your needs are a little different, or you don’t like to follow the crowd, or you prefer to research all the options before making a choice, I’ve included a list of other alternatives.
So, which WordPress eCommerce solution is for you? Read on to find out.
Continue reading %How Can I Use WordPress for eCommerce?%
by Adrian Try via SitePoint
Why Prototyping with Adobe XD is the Most-Complete Design Solution
Even though Adobe XD is still relatively new, the reception has been terrific. So I thought we’d do a quick-but-fun tutorial that illustrates how designing and prototyping with Adobe XD is wonderfully rolled into a single tool, without making the app feel too bulky. In fact, Adobe XD is pretty minimal and it's really easy to use once you know how.
Not too long ago, I compared Adobe XD vs. Sketch. While Sketch is still a brilliant choice for designing user interfaces, Adobe XD came off as the clear winner for those switching from other Adobe apps such as Photoshop or Fireworks.
With Sketch you’ll need to install extensions and quite possibly subscribe to third-party services to add any prototyping functionality, whereas Adobe XD offers these tools natively.
Plus, if you already have an Adobe Creative Cloud subscription, then you'll already have the entire feature-set of XD at your disposal! Design + prototyping + feedback all rolled into a single app, what more could you ask for?
It’s also available for Windows now!
Let's dive right into Adobe XD by designing and prototyping two screens in a mobile app.
Note: the examples used in this tutorial are based on the free Cactaceae UI kit for Adobe XD.
Prototyping with Adobe XD: Low-Fidelity Wireframes
Adobe XD makes it super-easy to quickly mockup a low-fidelity wireframe. Being able to design low-fidelity wireframes quickly means that we can make huge strides towards to creating a layout that offers a terrific user experience, while not having to worry about the visuals too much (at first). Let's illustrate our first idea so that we can receive feedback from our teammates ASAP — ideas develop faster when there are more brains on deck.
Everybody has a design workflow that works for them — when designing low-fidelity wireframes I have a strict rule of using only text and shapes (unless absolutely necessary). What’s the use of designing icons, sourcing images and defining styles for a layout that we might not move forward with? Here are the vital keyboard shortcuts that you’ll need right now.
- Select Tool (V)
- Rectangle (R)
- Ellipse (E)
- Line (L)
- Text (T)
- Artboard (A)
Lets mock-up an idea.
Start by creating an artboard (A) and selecting the “Android Mobile” artboard from the inspector on the right-hand side.
Now, using the toolbar on the left-hand side, or the keyboard shortcuts mentioned above, draw some shapes on the canvas to construct your layout. If it adds further clarity, or if there’s any space unaccounted for that makes the layout look confusing, then add maybe one or two images that depict what that space will be used for, as I've done below.
Very basic icons are fine too, as long as you aren’t wasting copious amounts of time illustrating them. Remember, our aim here is to validate our idea with feedback, only after that should we allocate more time to making it look appealing.
If you’re interested to see how rapid iteration compares with Sketch, check out my comparative overview.
Prototyping Interactions and User Flows
We now have our rough idea mocked up. It’s time to demonstrate how these two screens might link up — how would the user flow from one screen to the next? I mean, that’s what user interfaces are all about, right? Helping the user from A to B?
Switch to the “Prototype” workspace using the tab in the top-left corner. You’ll notice that this workspace doesn’t differ too much from the Design workspace; the main difference that there is no inspector, and when we select objects on the canvas, we’re given the opportunity to link the tap target to another artboard instead of styling them (hence why no inspector).
If you’re following along with my example, select the “Explore now” button, where you’ll notice that a blue, draggable handle appears on the right-side side of it. Drag this handle into the neighbouring artboard. Awesome, you’ve created a user flow!
In a very short moment we’ll learn how to test this user flow in a real device, but for now, let's specify the type of transition that the user will experience and how long the animation will last for.
When you drop the handle into the target artboard, a modal will appear. You'll see the following settings:
- Target: we already specified the target
- Transition: the effect that occurs when the user flows from one screen to the next (“None” is the default option for websites, whereas “Slide Left/Right” is pretty standard for native mobile apps)
- Easing: the acceleration of which the animation occurs (ease-out animations for example will be faster at the beginning, then slow down as the animation comes to a halt)
- Duration: how long it takes the animation to complete
Check out my article on easings and animations if you’re interested to know more about them!
In our case, choose “Slide Left” for the Transition setting and leave the other settings with their default option.
Sharing Prototypes and Gathering Feedback
When you’re ready to share your wireframe and receive some feedback, hit the share icon in the very top-right corner of the Prototype workspace window, then click “Create Link”.
Next, share this link with your teammates, who will then be able to view the mockup in their browser, make comments on it, and even use their mouse to click through the prototype like a real user.
Desktop Preview vs. Device Preview
“Do I have to create a share link to test the prototype?”.
Of course not! You can test the prototype to make sure that all of the screens are linked up properly at any time — simply hit the “Desktop Preview” icon (the play icon) and click away. If it's just you, Desktop Preview is more than ideal.
Continue reading %Why Prototyping with Adobe XD is the Most-Complete Design Solution%
by Daniel Schwarz via SitePoint
Earthluck International
by Rob Hope via One Page Love
How to Choose a WordPress Caching Solution
You know you need a fast website. Your visitors don't want to wait, Google rewards speed, and you just want to create the best site you can.
We previously talked about some strategies for speeding your site in our article How to Optimize Your WordPress Site’s Performance. One key strategy we covered in that article is caching.
Once you start googling the topic, you find that it becomes quite complex, and there are a lot of caching solutions out there. Which one should you choose?
In this article we’ll explain the options and help you make a decision.
How Does Caching Speed Up My Site?
There are a lot of benefits to using WordPress for your website. It’s easy to add new posts, tweak the way your site looks, and add new functionality. It’s definitely the way to go, and why it’s the most popular CMS in the world, powering almost 75 million sites, or over 25% of the web.
But all of that convenience comes at a price. Your web site has more work to do when someone visits your site, making it slower. Scripts need to be run, your database accessed, your theme displayed, your plugins run.
Caching changes all that.
A cache is a place to store temporary data. It takes your dynamic, easy-to-change website, and stores it as static HTML files, which are much faster to read. Each time your site is modified, the cache needs to be cleared and regenerated, which is normally triggered by a WordPress plugin.
What Are the Benefits of Caching?
There are three major benefits to using a WordPress cache:
- Caching enhances the speed and performance of your website, particularly page load times. Your visitors will spend less time waiting, and more time reading.
- Caching reduces the load on your web server. Your database doesn’t need to be accessed as often, and less system memory is used. This can make a big difference on a limited shared hosting plan.
- You will rank better on search engines. All other things being equal, Google punishes slow sites by ranking them lower in search results. Your site will become more discoverable, which may lead to an increase in traffic.
So, should you be using a WordPress caching solution? For most people the answer is a resounding “Yes!” It’s the one thing you can do that give a huge performance boost to your site, especially when you have high traffic.
When shouldn’t you use a cache? When you want your site to display differently to each visitor. One example is an ecommerce site, where the shopping cart will be updated differently for each user.
But these are special cases. For most WordPress sites a cache is a great idea.
So where do you get one? There are two options: pre-packaged, or roll your own.
Continue reading %How to Choose a WordPress Caching Solution%
by Adrian Try via SitePoint
Parallel Lite
The Pro version has additional features like drag-n-drop section ordering, intro slider or video background, WooCommerce integration, 500 Google Fonts, Clients section and more project display options.
by Rob Hope via One Page Love
#160: Production Progressive Web Apps with JS Frameworks
|
by via Mobile Web Weekly
The Facebook Algorithm Demystified: How to Optimize for News Feed Exposure
Are your posts reaching fewer people on Facebook? Wondering how to appear in more people’s news feeds? Facebook’s algorithm dictates who sees your content and who doesn’t. In this article, you’ll discover how the Facebook algorithm works, and how marketers can optimize their posts for maximum news feed visibility. #1: How Facebook’s News Feed Algorithm Ranks [...]
This post The Facebook Algorithm Demystified: How to Optimize for News Feed Exposure first appeared on .
- Your Guide to the Social Media Jungle
by Paul Ramondo via
WordPress Development, Freelancing, and Taking Time Off, with Lara Schenck
In this episode of the Versioning Show, David and Tim are joined by Lara Schenck, a freelance web consultant and educator. They discuss making a living as a freelancer, productivity and the art of procrastinating, networking and answering emails, self teaching and gaining experience, using metaphors to explain things, understanding what clients really need, taking time off, saving money, and progressively enhancing babies.
Continue reading %WordPress Development, Freelancing, and Taking Time Off, with Lara Schenck%
by M. David Green via SitePoint
40 Ways to Keep Your WordPress Site Secure
Hackers. Vulnerabilities. Brute-force. Malware. Denial of service. Man-in-the-middle. Phishing. All scary words. We live in a dangerous online world!
Has your site been hacked? I have, and we’re not alone. In 2012 more than 70% of WordPress sites were vulnerable to attack, and not much has changed since. What have you done to protect your site?
In this article we’ve pulled together security tips from previous SitePoint articles, our own experience, and from around the web, and organized them in a way I hope you find useful and understandable. And most importantly, easy to act on.
All-in-one WordPress security plugins are useful (and we’ll be covering them in our next article), but security requires more than just installing a plugin and walking away. It requires a careful strategy and constant vigilance. Be proactive, not reactive. In other words, don’t assume your site is safe—work out a security plan before you are hacked!
That being said, there is no such thing as 100% security. What you can achieve is risk reduction, and find the balance (for you) between security and convenience.
Security is not about perfectly secure systems. Such a thing might well be impractical, or impossible to find and/or maintain. What security is though is risk reduction, not risk elimination. It’s about employing all the appropriate controls available to you, within reason, that allow you to improve your overall posture reducing the odds of making yourself a target, subsequently getting hacked.” — codex.wordpress.org
Where should you focus your attention? In an article last year, WP White Security reported the following statistics about hacked websites:
- 41% were hacked through a security vulnerability on their hosting platform
- 29% were hacked via a security issue in the WordPress Theme they were using
- 22% were hacked via a security issue in the WordPress Plugins they were using
- 8% were hacked because they had a weak password
That's where the holes are in your defence. Keep that in mind while you're creating your security strategy.
OK. With all that in mind, here are 40 ways you can keep your WordPress site secure. Choose the ones that make sense for you and your site.
Secure WordPress
1. Keep WordPress Up to Date
The latest of WordPress is most likely more secure than the last one, and has less vulnerabilities. So keep it up to date—it’s a one-click operation. Make sure you back up your site first!
WordPress updates rarely cause problems, but if you like to be careful, update it on a test server first. Or, if you’d just like WordPress to auto-update itself, apply the following code to your wp-config.php
file:
#Enable all core updates, including minor and major:
define ( 'WP_AUTO_UPDATE_CORE', true );
2. Back Up Your Site Regularly
Make sure you make regular backups of your WordPress site. A backup of WordPress data and files can play a crucial role in an emergency. If all else fails, you won’t have to start from scratch!
Schedule your backups so you won’t forget them, and do a test restore from time to time.
Further reading:
- 5 WordPress Plugins for Backups and Migrations
- The Best WordPress Backup Plugins Compared
- How to Manually Backup Your WordPress Website
- Your Regular WordPress Maintenance Checklist
3. Enable SSL for WordPress Data Security
Enable SSL to secure your WordPress site. A Secure Sockets Layer encrypts all information sent to and from your site, keeping it private and preventing man-in-the-middle attacks where a third party listens in or modifies the communication between the client and the server. As a bonus it can also boost your Google PageRank.
The address of an SSL-certified site will start with an HTTPS, while a site that’s not SSL certified will begin with HTTP. It’s best to activate HTTPS before installing WordPress, but it’s possible to update your WordPress settings if you add it later. Hosting providers like SiteGround offer free SSL certificates.
Further reading:
4. Secure wp-config.php
Lock down wp-config.php
—it’s one single location that contains a wealth of critical data regarding your database, username, and password. Only you should have access.
To deny access to this file, you should add the code below at the top of the .htaccess
file:
<files wp-config.php>
order allow,deny
deny from all
</files>
5. Move wp-config.php
Move the wp-config.php
file into the folder above your WordPress installation. This will make it inaccessible to anyone using a browser, meaning a cracker has less chance of locating it.
Further reading:
6. Hide the WordPress Version Number
Some versions of WordPress have known vulnerabilities. Someone familiar with those vulnerabilities can discover which version you’re using because it’s shown in the HTML head of every page.
Remove that information by adding the following line to your theme’s functions.php
file:
remove_action('wp_head', 'wp_generator');
You should also remove the readme.html
file, which also contains the WordPress version number.
7. Remove WordPress References from Your Theme
Someone will only try to hack WordPress if they know you’re using it. So keep it a secret! Remove all references to WordPress from your theme files.
Find and delete the references from the header.php
that look like this:
<meta name="generator" content="WordPress" />
8. Disable PHP Error Reporting
Hackers can use error messages to their advantage. For example, an error from a theme or plugin might display your server path.
To disable error reporting, add the following code to your wp-config.php
file:
error_reporting (0);
@ini_set ('display_errors', 0);
9. Change the Default Secret Keys
When you install WordPress, four secret keys are written to your wp-config.php
file. They improve encryption of information stored in the user’s cookies and make it harder to crack your password.
Use WordPress’ Secret Code Generator to get some new keys, and copy them into your wp-config.php
file.
Continue reading %40 Ways to Keep Your WordPress Site Secure%
by Adrian Try via SitePoint
Tuesday, May 30, 2017
Check CSS Animation Performance with the Browser’s Dev Tools
This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.
CSS animations are known to be super performant. Although this is the case for simple animations on a few elements, add more complexity, and if you didn't code your animations with performance in mind, website users will soon take notice and possibly get annoyed.
In this article, I introduce some useful browser dev tools' features that will enable you to check what happens under the hood when animating with CSS. This way, when an animation looks a bit choppy, you'll have a better idea why and what you can do to fix it.
Developer Tools for CSS Performance
Your animations need to hit 60 fps (frames per second) to run fluidly in the browser — the lower the rate the worse your animation will look. This means the browser has no more than about 16 milliseconds to do its job for one frame. But what does it do during that time? And how would you know if your browser is keeping up with the desired framerate?
I think nothing beats user experience when it comes to assess the quality of an animation. However, developer tools in modern browsers, while not always being 100% reliable, have been getting smarter and smarter and there's quite a bit you can do to review, edit and debug your code using them.
This is also true when you need to check framerate and CSS animation performance. Here's how it works.
Exploring the Performance Tool in Firefox
In this article I use Firefox Performance Tool, the other big contender is Chrome Performance Tool. You can pick your favorite, as both browsers offer powerful performance features.
To open the developer tools in Firefox, choose one of these options:
- Right-click on your web page and choose Inspect Element in the context menu
- If you use the keyboard, press Ctrl + Shift + I on Windows and Linux or Cmd + Opt + I on OS X.
Next, click on the Performance tab. Here, you'll find the button that lets you start a recording of your website's performance:
Press that button and wait for a few seconds or perform some action on the page. When you're done, click the Stop Recording Performance button:
In a split second Firefox presents you with tons of well-organized data that will help you make sense of which issues your code is suffering from.
The result of a recording inside the Performance panel looks something like this:
The Waterfall section is perfect for checking issues related to CSS transitions and keyframe animations. Other sections are the Call Tree and the JS Flame Chart, which you can use to find out about bottlenecks in your JavaScript code.
The Waterfall has a summary section at the top and a detailed breakdown. In both the data is color-coded:
- Yellow bars refer to JavaScript operations
- Purple bars refer to calculating HTML elements’ CSS styles (recalculate styles) and laying out your page (layout). Layout operations are quite expensive for the browser to perform, so if you animate properties that involve repeated layouts (also known as reflows), e.g.,
margin
,padding
,top
,left
, etc., the results could be janky - Green bars refer to painting your elements into one or more bitmaps (Paint). Animating properties like
color
,background-color
,box-shadow
, etc., involves costly paint operations, which could be the cause of sluggish animations and poor user experience.
You can also filter the type of data you want to inspect. For instance, I'm interested only in CSS-related data, therefore I can deselect everything else by clicking on the filter icon at the top left of the screen:
The big green bar below the Waterfall summary represents information on the framerate.
A healthy representation would look quite high, but most importantly, consistent, that is, without too many deep gaps.
Let's illustrate this with an example.
The Performance Tool In Action
Continue reading %Check CSS Animation Performance with the Browser’s Dev Tools%
by Maria Antonietta Perna via SitePoint