CAll Us: +1 888-999-8231 Submit Ticket

Keeping Your WordPress Site In Shape

WordPress HealthWordPress sites constantly evolve as new content is published, new pages are created, and plugins and themes are installed or removed. Most of the time, those changes are for the good and don’t cause any problems for the health of the site.

But WordPress is a complicated piece of software, and, as with any complex system, it’s hard to predict how the parts interact. Any modification can cause a regression, a change for the worse. That’s why I like to run through regular health checks on any WordPress site I’m managing.

If something is wrong, I want to know about it sooner rather than later, so it’s not enough to deploy a site that works wonderfully and leave it at that. Every month or so, I run a series of tests to reassure myself that all is as it should be.


Site performance can be affected by any number of factors. Perhaps a new plugin interacts badly with existing functionality, introducing latencies to page load times. Maybe a CDN the site relies on to load JavaScript libraries isn’t as quick as it once was.

I use Pingdom Tools to perform a comprehensive scan of the site’s performance from various locations around the world. Pingdom provides the information I need to identify performance regressions and their likely cause.


Last year, a security researcher published a list of eCommerce stores infected with credit card swiper malware capable of capturing card numbers and sending them to criminals.

Many of the stores had been infected for months.

It’s impossible to be completely certain that your WordPress site hasn’t been infected with malware or otherwise compromised. Prevention is better than cure, but if preventative measures have failed, I want to know about it as soon as possible.

There are several WordPress malware scanners available, but Sucuri’s free SiteCheck does the job quickly and well.


Links have a tendency to break and 404 errors are a common occurrence on sites that change frequently. They’re bad for both user experience and search engine optimization. I use the excellent Broken Link Checker plugin to scan for broken links so I can repair or redirect them.


I’m going to assume everyone reading this article makes regular backups of their WordPress site and keeps those backups for an appropriate amount of time.

But going through the motions of keeping a backup isn’t enough. Site owners should also verify that backups are actually being made and that they’re viable. There’s nothing quite so frustrating as trying to restore a site from an earlier backup only to find it empty, corrupt, or otherwise useless.

To check backups, I do a full restore of a recent backup on a brand new WordPress installation. It’s possible to do this manually or with your existing backup plugin. It’s not really important how you check backups, but not checking them can lead to nasty surprises.

Altogether, running through these steps takes no more than half an hour, and I find the peace of mind well worth the time invested.

Posted in:
Content, WordPress

Source link

Four Ways Small eCommerce Merchants Can Take Customer Service To The Next Level

eCommerce MerchantsCustomer service is a key differentiator for eCommerce stores. Only a retailer who cares about excellence in customer service can build a positive reputation and distinguish their store from the competition.

In an eCommerce market dominated by giants, many of which sell the same products as smaller stores, it’s vital to build a strong relationship with customers so they become brand ambassadors and return for future purchases.

Amazon, which the vast majority of eCommerce stores count among their competition, has established a well-deserved reputation for excellent customer service. To compete, smaller merchants have to be just as committed to making customers feel valued.

Customer service can be a major cost center for smaller eCommerce busineses, but it’s a necessary component of long-term success — it’s difficult in the extreme for an eCommerce business to recover if it develops a poor reputation for customer service.

Offer Multiple Ways To Get In Touch

Personally, I’m not a fan of talking on the phone, and if a retailer only offers phone support, I’m likely to go elsewhere. I prefer to contact retailers by email. My father, however, much prefers to be able to talk directly to a representative on the phone.

An excellent customer support experience takes account of its customer’s preferences and offers multiple contact channels. In today’s world, that means phone, email, instant chat, and social media at a minimum.

Many smaller eCommerce stores avoid offering customer support over the phone, because it can be expensive, and for some stores, it’s not necessary.

Stores that focus on millennial customers who often prefer not to make phone calls can probably do without phone support. However, retailers should make sure they have a clear idea about who their customers are before closing any line of communication.

Track Customer Service Interactions

The best customer service happens when there’s no need for the customers to reach out at all because their needs have been anticipated and pro-actively resolved.

Online retailers have access to a lot of information about customers. Data about previous customer support interactions can be used to identify common pain-points in the eCommerce journey. Retailers can design processes and informational resources that give customers what they need before they ask for it.

Self-Service Support

Most customer service interactions are the result of customers seeking information. Is this product suitable for me? Does it do what I want it to? What are your return policies?

Smart eCommerce merchants anticipate these questions in advance and create content that answers them in the form of blog posts, FAQs, tutorials, and so on.

Support content has the added benefit of being an excellent SEO resource.

Set Response Goals And Take Them Seriously

There’s little benefit to offering multiple channels of contact if no one is there to answer customer queries. There’s nothing quite so frustrating as waiting on hold for half-an-hour for a response to a simple query. Ignoring user email for several days will not endear you to the sender or incline them to make future purchases.

If you offer multiple support channels, set response targets for each channel, measure the speed at which customer service operatives are able to respond to customer requests, and focus on improving response times.

Much of the above is common sense, but for online retailers focused on marketing and promotion, customer service is often not a priority. That’s a mistake: recurring custom is less expensive than attracting new customers, and the cost difference frequently makes it worthwhile to spend a little more on keeping current customers happy.

Posted in:

Source link

Three Reasons Your Business’ WordPress Site Needs Live Chat

Live ChatNot so long ago, if we wanted to talk to a company, we’d pick up the phone. Today, many companies have retreated behind their websites. From the company’s perspective, this is a money-saving measure: phone support and sales are expensive. But it’s not just companies that have changed; millennials aren’t too fond of calling either, preferring to email, text, or Tweet to companies.

But there are definite benefits to the immediacy of a phone conversations, even if customers would rather not talk. Live chat is an excellent solution to the problem of immediate interaction. Customers and leads visiting your website can get in touch on-the-spot without having to call.

Act Immediately On Customer Intent

When a lead visits your website, they’re ripe for conversion. They’ve expressed a clear intent, but that intent can easily change to doubt if they can’t find the information they need.

Thoughtful information architecture and copywriting can make a huge difference here, but it’s impractical to foresee and respond to every possible stumbling block in advance.

Live chat lets leads satisfy their need for information, and lets companies present precisely tailored information immediately. The result: increased conversions and happier customers.

The same questions could be answered in an email conversation, but email doesn’t have the same feeling of responsiveness and immediacy. By the time your support or sales team has responded to an email, the lead may well have moved on.

Increased Customer Loyalty

Nothing begets a customer’s loyalty like the feeling a company is prepared to respond personally to their needs.

Live chat creates the impression of immediate personal communication: your company is there for them, and cares enough to take the time to talk them through their journey to making a purchase.

Reduced Costs

As I mentioned earlier, front-line phone sales and support are expensive. Live chat is more economical while producing much the same result.

I don’t suggest you abandon phone support altogether: many people still prefer to talk on the phone. But offering a live chat service allows an agent to service several leads simultaneously; something that’s obviously not possible over the phone.

Live chat also lends itself to automation, a factor that will be of increasing importance as conversational interfaces and AI become a prominent part of how we communicate with leads.

Implementing Live Chat On Your WordPress Site

WP Live Chat Support is a free live chat plugin (although it offers a premium version for extended functionality). WP Live Chat is easy to integrate with most WordPress sites, and offers niceties like desktop notifications, unlimited simultaneous live chats, and a responsive chat interface.

ZenDesk Live Chat is a premium plugin that offers a huge range of features. One of the most useful is custom triggers: users can configure when they want the chat box to appear to visitors, which helps ensure that agents engage in high-value conversations.

Additionally, the service behind this plugin offers both iPhone and Android apps, which means you don’t have to be sitting at your desk with your WordPress site open when you respond to customers.

Live chat is a powerful tool for connecting with leads on your website. Giving leads the ability to talk directly to a member of your team can increase conversion rates and customer satisfaction.

Posted in:

Source link

Chassis Is A GUI Tool For Creating WordPress Development Environments

ChassisSetting up local WordPress development environments is an everyday task for WordPress professionals. Local development environments, which include WordPress and the full stack of software it needs to run, let WordPress pros work on sites without having to deal with the latencies and complications of working on remote staging or development installations.

Local development environments are great for developers, who will typically create environments for each of the projects they’re working on, but site owners with only one or two sites also benefit: local dev environments are useful for testing plugins, themes, beta versions, and site modifications without making potentially breaking changes to a production site.

As you might imagine, setting up a WordPress development environment on your Mac or Windows machine isn’t straightforward, a problem that tools like VVV — which we’ve written about before — are intended to solve. Chassis is a graphical tool that does much the same job as VVV, but with an intuitive user interface that’s more friendly to developers and site owners who aren’t comfortable with the command-line.

Chassis is a cross-platform application that hides much of the complexity involved in creating development environments. When you first launch Chassis, it will take care of installing the components it needs to build virtual machines to install WordPress on. Under-the-hood, Chassis uses VirtualBox, a popular free virtual server management application, and Vagrant, a tool used by developers to create configurable dev environments.

Once the basics have been installed, Chassis pulls down an Ubuntu disk image and builds a virtual machine, onto which the full software stack and configuration required by a WordPress site will be installed. Users can either create a virtual machine and WordPress installation from scratch, or use an existing virtual machine. Because the end result is just a WordPress site running on a server, site owners can replicate their production site in the same way they any other staging site.

The end result is a fully configured WordPress site running locally on your machine that you can interact with in your browser, just as you would with a remote WordPress site.

One of the nicest features of Chassis is its extension system. Extensions, which are installed from GitHub, let Chassis users add software to the virtual machine running their local WordPress site. Available extensions include Memcache, Redis, PHPMyAdmin, and Composer.

The extension system exemplifies one of the reasons you might want to try out Chassis even if you already use a tool like VVV for creating development environments. Chassis creates minimal dev environments containing only the software you need to get a WordPress site up and running, in contrast to the “everything you might possibly want” approach of related tools.

It should be noted that Chassis is still in beta, and the process of building virtual machines and installing WordPress isn’t as smooth as I would like, but once the wrinkles are ironed out, Chassis will be an excellent addition to the toolkit of WordPress site owners and developers who prefer to avoid the command line.

Posted in:
Content, WordPress

Source link

Keyy Is A Clef Replacement For Intuitive WordPress Two-Factor Authentication

KeyyMany WordPress users were disappointed to hear that two-factor authentication provider Clef is shutting down. Clef was popular with WordPress site owners because it let them add an extra layer of security to their site without the complexity associated with other two-factor authentication systems. With over a million installations, the loss of Clef was a serious blow to WordPress site owners.

In March, the team behind the UpdraftPlus backup service announced that they planned to step into the space vacated by Clef. Their brand new two-factor authentication service, Keyy, is now live, and it has many of the same features as Clef.

For those who are unfamiliar with two-factor authentication, it allows site owners to demand an identifying credential in addition to the usual username / password combination. Username and password combinations can be very secure, but in the real world they tend to be a liability. Users often fail to choose a secure password, they may use the same password on more than one site, or otherwise make the life of criminals easier than it should be.

To take a common example, simple passwords can often be quickly cracked by brute-force bots. Many WordPress sites are compromised because an admin user picked “pa55word” as their password, or an equally guessable combination.

The second factor of authentication is typically associated with an item in the possession of a user: a smartphone or dedicated device that displays a one-time code. In addition to their username and password, the user has to enter the code presented to them by the authenticated object in their possession.

It’s much harder for attackers to compromise a site using two-factor authentication, but many users find the process of logging in with two-factor authentication overly burdensome. Clef, on the other hand, was supremely easy to use, as is Keyy.

With Keyy, users don’t have to enter usernames, passwords, or one-time codes. Instead, when they are ready to log in, users are shown a graphic which they scan with the Keyy app on their phone. Keyy works in essentially the same way Clef did. The app on the user’s smartphone creates a public key pair, the private part of which remains on the device, while the public key is shared with Keyy’s server. When the user wants to log in, the Keyy service generates an image tied to the session. The app scans that image and signs it with the private key before sending it to the Keyy servers, which verify the user has possession of the private key and logs them in using OAuth.

Clef provided other services like single-sign on, which aren’t available yet with Keyy, but the company plans to launch an SSO service in the coming months.

It’s worth mentioning that Keyy is a very new service, and it may be subject to the occasional glitch as the team works out the kinks. But it’s great to see an established and sustainable WordPress company with a track record of successful WordPress services step up to provide such an important security service.

Posted in:
Security, WordPress

Source link

Does Your eCommerce Store Support Apple Pay?

eCommerceThe faster eCommerce merchants can get customers through the checkout process, the more likely they are to complete that process. Much digital ink has been spilled on the value of a fast checkout, and there’s little faster than a quick tap of the finger, which is exactly what Apple Pay offers.

Apple is generally in favor of the native-app approach for obvious reasons. When it first launched, the easiest way to give eCommerce customers the option to use Apple Pay at checkout was via a native app, and for many smaller online retailers, that’s not an option.

Apple Pay has been available on the web for a while now, but there are some requirements customers must meet to use it. The most intuitive way to use Apple Pay on a non-mobile device is with the new Macbook Pro with Touch Bar. The Touchbar includes a Touch ID fingerprint scanner and the Macbook has the requisite secure enclave.

Of course, almost no one has the new MacBooks, but that doesn’t mean they can’t use Apple Pay.

Anyone with a Touch ID-equipped phone and the most recent version of MacOS and iOS can use Apple Pay on the web via the Safari browser. Apple’s Continuity technology, which powers several integrations between devices running iOS and MacOS, has been adapted to enable desktop Safari users to make purchases with Apple Pay and verify their identify using either an iPhone or an Apple Watch.

From the customer’s perspective, it works like this: the customer choose the product they want to buy and clicks the Apple Pay payment option when they checkout. Their connected iPhone or Apple Watch will ask them to confirm and authenticate, and that’s it. Checkout doesn’t get much easier.

Whether it’s worthwhile implementing Apple Pay on your eCommerce store depends largely on who your customers are. If 99% of your customers are Windows and Android users, there’s not likely to be much upside. But if even a small proportion are iPhone or Mac users, it’s more that likely worth the minimal effort to deploy Apple Pay.

Apple Pay is relatively easy to add to a Magento eCommerce store. If a store uses the Stripe payment processor, integrating Apple Pay is straightforward.

Apple Pay isn’t the only game in town for fast payments, but Apple’s mobile devices are extremely common and it’s only a matter of time before more of Apple’s laptop and desktop machines are equipped with the necessary technology. Apple users tend to occupy demographic groups with disposable income, the same groups that include the biggest eCommerce spenders, so implementing Apple Pay is likely to prove attractive to the most valuable online shoppers.

As a side note, non-profit organizations can now accept donations via Apple Pay from supported devices, so it’s worth considering adding Apple Pay for the web support to non-profit WordPress and Craft CMS sites.

Posted in:

Source link

XSS Vulnerabilities Have Been Found In The Avada WordPress Theme

AvadaIt has recently come to light that several critical vulnerabilities were fixed in the Avada theme in April, although ThemeFusion, the developers of the theme didn’t widely announce the patched release until several weeks later. If you use the Avada WordPress theme on your site, you should upgrade to Avada 5.1.5 as soon as possible.

The Avada theme is among the most popular themes on ThemeForest, and its developers boast that it’s been the single most popular paid WordPress theme for four years in a row. That means tens of thousands of sites could be vulnerable until they update to the most recent version.

It’s unusual for a developer to release a fix for a known vulnerability and then to decline to publicize it. Although information about the patch was available in the release’s changelog, it’s unlikely that many of the theme’s users avidly read changelogs.

Typically, a developer wants as many people as possible to update as soon as possible when a security vulnerability is discovered, although they may choose not to disclose the exact details of the vulnerability. The average user may not scrutinze changelogs, but it’s a fair bet that hackers and criminals do, which means there’s little benefit to keeping quiet about the existence of a security problem.

But regardless of the wisdom of waiting, a full explanation of the vulnerabilities along with code examples is widely available now. The smart choice is to update all sites using the Avada theme before they’re targeted.

The details of the vulnerability can be read about on WordPress Hütte, but the nutshell version is that several cross-site scripting and cross-site request forgery vulnerabilities were discovered by a security researcher. Both are common critical vulnerabilities in web applications that can potentially be used by an attacker to take over a WordPress site or exfiltrate private data.

We’ve discussed cross-site scripting vulnerabilities on this blog before because they’re the number one security problem on the web. Cross-site scripting is caused by a failure to properly sanitize user input. The protoypical cross-site scripting attack occurs when an attacker submits code to a web form and that code is displayed somewhere on a web page without being rendered inert. When a browser loads the page, it executes the code, which is very bad news if the browser belongs to a user with admin privileges.

Cross-site request forgeries are a little more involved, but — as with XSS attacks — they can be used by an attacker to execute arbitrary code in the trusted context of a browser. Attackers often use CSRF vulnerabilities in conjuntion with social engineering attacks or phishing attacks against existing trusted users to make sites perform an action, like create an admin user with a password the attacker knows.

In conclusion, upgrade Avada now, because it won’t be long before hackers start looking for sites they can exploit with these vulnerabilities.

Posted in:
Security, WordPress

Source link

Custom Landing Pages Are A Vital Feature Of Any Lead Generation Page

Custom Landing PagesLet me ask you a question. Have you ever clicked on a link in a advert, on social media, or in a blog post, and been taken to the home page of a website with no clue how to find what interested you in the first place? You saw a link embedded in content that made you take an action, but that initial surge of interest was wasted.

That’s why custom landing pages are so important. Without a custom page tailored to the specific needs of a campaign, opportunities to convert are wasted. The ideal journey should be from interest, to engagement, to conversion. At no point on that journey should leads be made to work so they can move to the next stage. If they are, the conversion funnel will leak at every stage.

Custom landing pages give site owners the opportunity to display the right content at the right time.

What does a great custom landing page look like?


There’s no one-size-fits-all template for creating effective landing pages, but there are components that all good landing page share.

Prominent calls-to-action. A call to action is a short piece of copy that encourages a lead to take an action. Usually a CTA pithily expresses a value proposition and suggests an action that can be taken to realise that value: “Sign up here for a 10% discount”.

Short, relevant copy. Writing effective landing page copy is an art, but the basic idea is to describe a product and its benefits to the lead. It’s the copy that sells the product. Although most landing pages use short-form copy, there are many examples of landing sites that take the opposite route, including the one in the above images. When in doubt, keep it short, but don’t be afraid to go long-form if it fits the product and the campaign.

Lead-generation forms. The primary purpose of landing pages is to collect leads, and embedding a lead generation form into the landing page allows leads to express an interest immediately.

Visual impact. Effective landing pages take advantage of video, product images, and design to deliver information and display the product in a positive light.

Custom Landing Pages In WordPress

WordPress users can easily deploy custom landing pages and use links to those pages in marketing campaigns. You don’t need anything in addition to WordPress’ default capabilities to create custom landing pages, but there is some benefit to using a plugin that offers functionality to help you build the most effective pages.

One of the best free landing page plugins is WordPress Landing Pages, which lacks some of the features of its premium peers, but has everything you need to build effective landing pages, including a visual editor, custom landing page themes, conversion rate tracking, and simple A/B testing.

Among the premium cohort, Optimizely offers a comprehensive array of inbound marketing features, including themes and custom elements from which you can build landing pages. Optimizely is a feature rich inbound marketing platform with a focus on split testing and experimentations, something that’s key to building landing pages that actually work.

Whether or not you choose to use a premium plugins or go it alone with WordPress’ basic page-making features, creating custom landing pages is an essential step towards increased conversions.

Posted in:

Source link