CAll Us: +1 888-999-8231 Submit Ticket
What’s Wrong With Security By Obscurity For WordPress?

What’s Wrong With Security By Obscurity For WordPress?

What's Wrong With Security By Obscurity For WordPress?

Photo by iAmMrRob on Pixabay

We instinctively hide the things we find valuable. It makes sense: if thieves and other bad actors can’t find our valuables, how can they take them? In the digital age, we act on the same instinct. A common security precaution taken by WordPress site owners is to move the login page to a different location; if hackers can’t find the login page, they can’t launch a brute force attack against it. Hiding things, moving them, making it difficult to figure them out — these are examples of security by obscurity.

When I talk to WordPress hosting clients about security, the concept of security by obscurity comes up all the time. Among the common misconceptions I hear is the belief that owners of low-traffic sites don’t need to worry about security — their site is obscure, so it’s inherently secure. In fact, automated scanners regularly check through a large proportion of the web’s IP space looking for vulnerable sites. An insecure site is likely to be hacked even if it’s never had a single visitor. Criminals like sites with large audiences, but they also like any vulnerable site with storage and bandwidth.

An example of the application of security by obscurity from more sophisticated WordPress site owners is changing the default Administrator username because they know criminals will target it.

But there’s a problem with relying on security by obscurity: all it takes is for someone to find what you’re hiding and it’s game over. If your website has a security vulnerability, you might reason that because it’s difficult to find, there’s no point putting in the effort to fix it. If few people visit your site, why update it regularly; even if there is a vulnerability, who is going to be looking for it? If your site is a blog and there’s no obvious financial motive to compromise it, can’t you just cross your fingers and hope for the best?

Security by obscurity does nothing to fix the underlying problem. You might want to continue to use an abandoned WordPress plugin, but if you simply hope that no-one notices you’re using a vulnerable plugin, you’ve done nothing to mitigate the underlying issue. It’s a time-bomb that could go off at any moment.

But as renowned security expert Bruce Schneier points out, “security by obscurity sometimes works.” Security by obscurity isn’t bad per se, but it should be a small part of a site’s security processes. Deleting the “admin” user and choosing a less easily guessed username will make your site a little safer from automated attacks and attacks by inexperienced criminals, but implementing two-factor authentication solves the problem.

Moving your WordPress site’s login page to a non-standard location is likely to confuse bots and reduce the number of brute-force attacks your WordPress site has to cope with, but installing a rate limiting plugin will — for the most part — make life much more difficult for brute force attackers while preventing bots from consuming your site’s resources.

Security by obscurity should not be relied on to keep WordPress sites safe. It should be in the mix, but obscurity is no substitute for security best practices.

Posted in:
Security, WordPress

Source link

Do Retailers Need To Switch From Magento 1?

Do Retailers Need To Switch From Magento 1?

Upgrading To Magento 2: Do Retailers Need To Switch From Magento 1?

Photo by Mediamodifier on Pixabay

Magento 2 was released almost two years ago and we’ve offered Magento 2 hosting since day one. But many Magento eCommerce retailers have a long history with Magento 1 and aren’t eager to switch, although the process of upgrading isn’t onerous.

I’d like to take a look at some of the reasons retailers should consider moving to Magento 2, and whether those who prefer to stick with Magento 1 are likely to face problems in the near future.

Why Upgrade To Magento 2?

Magento 2 was a long time in the making. Its developers learned a lot of lessons from their years building and supporting Magento 1, lessons that profoundly affected the development of Magento 2. Magento 2 is an eCommerce platform for the modern web.

Enhanced Performance — A lot of attention went into making Magento 2 as fast as it could possibly be. Improvements to Magento 2 include considerably more performant indexes, better Varnish integration, and full-page caching.

An Improved Shopping Experience — For Magento 2, the shopping experience was streamlined, providing a more intuitive interface, a simplified checkout experience, and enhanced capabilities for mobile shopping.

More Efficient Admin Experience — The admin panel is now fully touch-friendly, allowing users to manage their stores from phones and tablets. Additionally, the admin panel is now more logically and intuitively organized, cutting down on the complexity of carrying out everyday store maintenance operations.

Easier Updates — Updates are an essential part of Magento security, and Magento 2 makes it easier than ever to install updates, move between versions, and install the Magento application.

That’s just a fraction of the features available in Magento 2. Retailers who have upgraded to the most recent version of Magento have found the gains to be well worth the move. Magento 2 is the future of the Magento project, and retailers will have to upgrade at some point, but is moving to Magento 2 urgent?

Users of Magento 1 Enterprise Edition don’t have anything to worry about. Support for Magento 1 Enterprise Edition was originally scheduled to end three years after the release of Magento 2. But, earlier this year, Magento announced that it has no plans to end support for Magento 1 Enterprise Edition. Support — including security updates and bug fixes — will continue for the foreseeable future.

The situation is less clear for Magento 1 Community Edition. It’s likely that support for the community version of Magento will end in the near future. However, because Magento 1 remains so popular, it’s possible that the Magento Community will fork the project and continue to provide support. Nevertheless, if your company depends on Magento Community Edition, it’s probably wise to at least make plans to upgrade.

Magento 2 is a fantastic eCommerce application, but if you prefer to remain with Magento 1, it’s unlikely to cause serious problems for the foreseeable future. Hostdedi Magento hosting customers can choose between Magento 1 and Magento 2 when setting up their hosting account, and we continue to support both versions.

Posted in:
Magento

Source link

Six Of The Best Magento Educational Resources

Six Of The Best Magento Educational Resources

Learning Magento: Six Of The Best Magento Educational Resources As eCommerce platforms go, Magento isn’t challenging to get to grips with, but there is a learning curve. In this article, I’ve collected some of the best Magento educational resources. Each of them has helped me in the past, so hopefully you’ll find them useful too.

Magento U

If you are looking for an in-depth introduction to building and managing a Magento eCommerce store, Magento U should be your first port of call. Magento U was created by the folks behind Magento, and it offers top-class training from some of the most experienced Magento experts in the world.

Magento U has courses to suit almost every role in the eCommerce industry, including retailers, designers, developers, and marketers. Courses take a variety of forms, from traditional class-based teaching and online training from a certified Magento professional to on-demand instructional resources. Magento U is also the best way to gain official Magento certifications.

If you’ve tried Magento U before and found it wasn’t your cup of tea, you might want to take another look. The experience recently underwent a significant redesign, with a simplified user interface, improved course tracking, and more reliable media streaming.

Magento Books

If you prefer to learn at your own pace from books, there are plenty to choose from. I’m going to highlight a couple of the Magento-focused books that I have found particularly valuable.

Learning Magento 2 Administration is a comprehensive guide to running a Magento store that covers everything from product creation to search engine optimization in an easy-to-digest style. If you’re new to Magento (and to eCommerce) this is the book for you.

For those who want to dig deep into Magento’s code and learn how to build custom Magento sites and extend Magento’s core functionality, the Magento 2 Developer’s Guide is a great place to start. It covers the basics, before moving on to more complex topics, including back-end and front-end modification and data persistence.

MageStore

MageStore offers a series of Magento tutorials that focus on the practicalities of managing a busy Magento store. Written by experts who know what they’re talking about, the range of topics reflects issues that will arise for many new eCommerce merchants. Among my favorites are Automating Your eCommerce Store To Save Time And Money and How To Create A Magento 2 Widget.

Magento Stack Exchange

Stack Exchange is an essential resource for anyone who uses Magento. Stack Exchange is a question-and-answer site, but unlike many such sites, Stack Exchange has excellent moderation and high standards. If you have a question to ask about Magento, the chances are that someone on the Magento Stack Exchange has a detailed answer.

Before you post your own question on Stack Exchange, I’d encourage you to use Google and the Stack Exchange search to find out if anyone has asked the same question already.

The Magento Developer’s Cookbook

The Magento Developer’s Cookbook from Firebear Studi is one of my favorite sources of practical solutions to Magento development problems. It’s not a tutorial, but a collection of code snippets that solve problems many developers and Magento users encounter. If you’re having trouble figuring out how to add a particular bit of functionality to a Magento theme or extension, take a look at the recipes in the Magento Developer’s Cookbook.

Posted in:
Magento

Source link

Don’t panic Black Friday is here!

Don’t panic Black Friday is here!

Don’t panic Black Friday is here! For the past 10 weeks, we’ve been offering tips and techniques to help gear you up for the holidays. Hopefully, you’ve already adopted some or all of these measures to make sure your site stays alive and kicking for the upcoming season.

If you haven’t yet, then don’t panic. After this weekend, you still have options for

 

 

Holiday-proof your site with a CDN

If you use a popular web applications like Magento, WordPress, or something comparable, we’ve made this easy for you. Expand your geographic reach by setting up copies of your server assets worldwide. It won’t matter if your visitor is from London, San Francisco, or Sydney. Your CDN routes those visitors to a copy on a local data center that stores copies of your site’s key assets, accelerating their experience.

Use live chat to boost sales

Live chat is like the salesperson we all wish worked in every physical store. It’s there when your visitors need it, without being overbearing or hard to ignore if they prefer to browse on their own.

Get your holiday social media strategy ready

Customers expect to visit your Facebook, Twitter, and Instagram pages to research your products, connect with other customers, and find exclusive promotions. For store owners, it’s the best opportunity of the year to grow your audience and increase your engagement with customers on social media.

We hope you have a great Thanksgiving and a fantastic season!

Save big on hosting with our own Black Friday sale! Use code BF17 to save 80% your first month on a new hosting service.

Posted in:
CraftCommerce, eCommerce, Magento, WooCommerce

Source link

GitHub Introduces Security Alerts For JavaScript Projects

GitHub Introduces Security Alerts For JavaScript Projects

GitHub Introduces Security Alerts For JavaScript Projects

Photo by Brandon Green on Unsplash

GitHub’s has introduced Security Alerts for JavaScript and Ruby-based projects, with more languages coming soon. The alerts use GitHub’s dependency graph feature, which was introduced last month to provide a visual display of the dependency hierarchy of compatible projects.

JavaScript projects in particular tend to have lots of dependencies, and, until now, there has been no easy way to check for security vulnerabilities in individual dependencies — projects have to trust the software they depend on. As JavaScript becomes increasingly important to the WordPress ecosystem, a tool like this will make it easier to build safe integrations.

Open source projects build on the capabilities of other open source projects. WordPress, for example, depends on Linux, Apache, MySQL, and PHP, among many others — all open source projects that WordPress uses to provide functionality that would otherwise have to be re-created from scratch. The web wouldn’t be what it is today without the ability to reuse code in this way.

However, security vulnerabilities in software can put every user of that software at risk, including other projects that depend on it. The JavaScript ecosystem is massive, with tens of thousands of small modules, each of which might depend on other modules, which depend on other modules, and so on down the line.

As any JavaScript developer knows, even a simple project with a couple of dependencies installed with NPM (the Node Package Manager) can pull in hundreds of dependencies. How does a developer know there isn’t a security issue with one of those packages?

The truth is that they don’t know. They trust the system to find and fix vulnerabilities. Outside of strict government and corporate software projects, no one has the time or the money to check the security status of every library used by their software.

GitHub’s Security Alerts are an attempt to address this problem automatically. GitHub knows about the dependency graph (the tree of packages a project depends on) and can cross reference that information with vulnerability databases. GitHub’s Security Alerts use the National Vulnerability Database of the National Institute of Standards and Technology.

The feature is turned on by default for public repositories, and will email project administrators when a vulnerability is discovered. It can be turned on by administrators of private repositories if they so desire.

There are already projects that promise to do something similar to GitHub’s Security Alert for JavaScript, including the proprietary Snyk and the open source Audit.js project. But GitHub’s scale — many popular open source projects are hosted on GitHub — gives it an advantage. And although we’ve focused on JavaScript in this article because of the WordPress connection, GitHub is in a good position to roll out the same tool for many different languages, including, eventually PHP.

Posted in:
Security

Source link

WordPress 4.9 Brings Customizer And Coding Enhancements

WordPress 4.9 Brings Customizer And Coding Enhancements

WordPress 4.9 Brings Customizer And Coding Enhancements

Photo by Marion Michele on Unsplash

WordPress 4.9 has been released just in time for the holiday season. Continuing the tradition of naming WordPress releases after jazz musicians, WordPress 4.9 is codenamed Tipton for band leader Billy Tipton. Some WordPress users won’t find a lot to be excited about in WordPress 4.9, but there are some great new features for WordPress professionals, developers, and designers.

Even if you aren’t interested in the new features we’re about to discuss, you should update WordPress unless you have a compelling reason not to. Alongside new features and improvements, WordPress 4.9 brings several security enhancements, including the mandatory sending of confirmation emails for account email address changes.

Theme Previews

One of the most useful additions for WordPress users is theme previews within the Customizer: users can search through thousands of themes and see previews without leaving the Customizer.

Painless Customizer Collaboration

Over the last few releases, the Customizer has evolved from a tool I never used to an essential part of my WordPress workflow. WordPress 4.9 continues the trend with developer- and designer-focused user experience enhancements.

My favorite 4.9 update is the ability to draft and schedule customizations. I’ll often make changes in the Customizer that I don’t want to apply immediately. Sometimes I’d like to work on changes over a few sessions, rather than all at once. In the past, this sort of workflow has been awkward, but with the addition of drafts and scheduling to the Customizer, it’s possible to save customizations and schedule them to go live at a time of my choosing — just like WordPress posts.

A consequence of the ability to save customization drafts is that we can now share those drafts via a URL. That can be a huge time-saver. Designers and WordPress professionals often need approval from clients before going live, and we’re constantly collaborating with other professionals. Design Preview links makes it a breeze to share and collaborate on customizations.

On-Site Developer Features

You probably find yourself tweaking CSS files or HTML code within WordPress, especially following the introduction of the Custom HTML widget. That gets a lot easier and less error prone now that WordPress includes decent syntax highlighting and error checking. Botched CSS and HTML edits are responsible for many a white screen of death, a problem that will be substantially reduced by WordPress’s new error checking. WordPress developers will receive a warning if they try to save faulty code.

Many of the coding improvements are possible because of the integration of the CodeMirror code editor into WordPress’s CSS and HTML editing functionality. CodeMirror is a sophisticated JavaScript text editor that provides syntax highlighting, linting, and auto-completion.

As always, you can download the most recent version of WordPress from WordPress.org or update your existing WordPress site from the WordPress Dashboard.

Posted in:
WordPress

Source link

Google Chrome’s Ad Blocker Could Be Good News For WordPress Bloggers And eCommerce Merchants

Google Chrome’s Ad Blocker Could Be Good News For WordPress Bloggers And eCommerce Merchants

Google Chrome's Ad Blocker Could Be Good News For WordPress Bloggers And eCommerce Merchants

Photo by schoithramani on Pixabay

After a couple of weeks of rumors, Google announced that it will add an ad-blocker to the Chrome web browser next year. Chrome is the most popular browser on the web with a market share of over 60%, and the introduction of always-on, activated-by-default ad-blocking will have a substantial impact on the advertising and publishing industry.

Publishers have—perhaps surprisingly—greeted Google’s announcement with cautious enthusiasm, because the company doesn’t intend to block all advertising, only the most user-hostile and unpleasant advertising.

Although Google has its fingers in many pies, by far the biggest chunk of its revenue comes from advertising, many billions of dollars per year. So why would Google want to give users an ad-blocker?

“In dialogue with the Coalition [For Better Ads] and other industry groups, we plan to have Chrome stop showing ads (including those owned or served by Google) on websites that are not compliant with the Better Ads Standards starting in early 2018.”

No one denies the advertising and web publishing industry has a problem. Everywhere we turn, intrusive advertising competes for our attention and degrades our experience of the web. Some of that advertising goes beyond annoying and poses a real security risk to web users. Malvertising, malware delivered via advertising, has been growing in prominence over the last couple of years, affecting the readership of publishers of all sizes. In short, the web advertising industry is a mess. Market pressures and declining advertising revenues force some publishers and networks to go over the top with advertising, but that’s not a persuasive argument to the average web user.

Content creators, publishers, web hosting providers, and the rest of the multi-billion-dollar online economy depends on advertising, but the advertising industry has destroyed the goodwill of the people on whose attention it depends to generate revenue.

Users block advertising in greater numbers than ever before, aided by a growing — and not entirely trustworthy — ad-blocking industry and companies like Apple that care more about user experiences than publishers’ bottom lines.

Google Chrome’s forthcoming ad-blocker is intended to stem the movement of users towards full-scale and undiscriminating blocking of all advertising. Installing an ad-blocker usually means all ads are blocked. Users can whitelist sites they consider valuable, but only a tiny proportion ever do.

Google is grasping the nettle and introducing an ad-blocker that will remove the worst advertising from the web in the hope that it will prevent users from pursuing the nuclear option of blocking all advertising.

What counts as bad advertising? The Coalition For Better Ads has introduced some guidelines about what it considers unacceptable. You should take a look at the guidelines to see what Google and the Coalition For Better Advertising considers bad, but it’s really just common sense. Anything that blocks users’ access to content or provides a particularly negative web experience is considered an unacceptable ad, including ads that distract, interrupt, or clutter web pages.

If you’re wondering whether the advertising on your sites fits the bill, you can use the Ad Experience Report to get an idea of how Chrome’s ad-blocker will affect what your visitors see.

Posted in:
WordPress

Source link

Here’s Why Forgetting To Renew Domain Names Is A Bad Idea

Here’s Why Forgetting To Renew Domain Names Is A Bad Idea

Here's Why Forgetting To Renew Domain Names Is A Bad Idea

Photo by mintchipdesigns on Pixabay

In the web hosting world, two tasks essential to keeping a site up and running are routinely forgotten, renewing SSL certificates and renewing domain names. Every once in awhile, we’ll hear about a big corporation that has somehow neglected to renew a domain name or buy a new SSL certificate. It’s happened to Google, to Microsoft, to thousands of less prominent site owners, and recently it happened to Samsung.

In 2014, Samsung retired an app called S Suggest, which communicated with its servers at the ssuggest.com domain. Although S Suggest isn’t maintained, it’s still installed on millions of older Samsung devices. Recently, the ssuggest.com domain expired, which means it was up for grabs by anyone smart enough to realize the implications. In theory, if a hacker got control of the trusted domain, they could have done all sorts of mischief. As it turns out, the domain was registered by security researcher João Gouveia.

Gouveia was able to observe traffic on the domain as over 2 million Samsung Android devices phoned home a total of 620 million times. According to Gouveia, if a malicious party had registered the domain, they could have rebooted phones or even installed malicious applications. Samsung disputes the seriousness of the problem, and, if those claims are true, they have bigger security problems than a forgetful executive, but the fact remains that letting a domain expire can have very bad consequences.

Can you imagine the consequences to your business if its domain expired, if a lucky domain watcher could replace your site with their own advertising, a drive-by download page, offer to sell it back to you at a vastly inflated price, or just redirect it to their own business?

It’s easy to forget to renew domains; that’s why it happens so often. If you register a domain for three years, it’s unlikely that you’ll remember when it’s time to renew without help. What can you do to avoid being put in the same position as Samsung?

First, put it on your calendar. Most of us use web-based calendar services these days, so even if you change to a different calendar application, you’ll get the reminder.

Next, make sure that the email address you give to the domain registrar is one you’ll definitely be monitoring a couple of years down the line. All respectable domain name registrars send repeated reminder notices well in advance of a domain’s expiry date. Presumably, somewhere deep in the bowels of Samsung’s IT systems, there’s an inbox full of domain renewal notices that no one ever opens. If you use a dedicated email address for domain name notices, forward it to your main email address so that you’ll be sure to get notifications.

Make sure a member of staff is responsible for checking the email inbox associated with your business’ domains. It’s all too common for the person who originally registered the domain to move on to a different company and leave the inbox unchecked.

Of course, if you really want to be safe, and your domain registrar offers the service, turn on auto renewal, so the registrar will automatically renew the domain when the time comes.

If giant corporations like Samsung and Google can neglect domain renewals, you can too, so perhaps it’s time to take stock of the domains you have registered and make sure you know when they expire.

Posted in:
Webmaster

Source link

Advertising Isn’t The Only Way WordPress Bloggers And Publishers Can Make Money

Advertising Isn’t The Only Way WordPress Bloggers And Publishers Can Make Money

Advertising Isn't The Only Way WordPress Bloggers And Publishers Can Make Money

Photo by Vitaly on Unsplash

Readers and viewers don’t like advertising. Few people visit a site because they want to see the ads. As loudly as the ad-tech industry argues otherwise, it hasn’t figured out how to display relevant, non-offensive, and non-exploitative advertising consistently. Malvertising attacks site visitors without the knowledge of the publisher. Advertising and its attendant tracking code inflates web pages by an order of magnitude. Advertising on WordPress blogs and web magazines in particular often offers a user-hostile experience. Users have acted to protect themselves with ad and script blockers.

Where the user goes, the big tech companies that rely on them for revenue go too. Apple introduced content blockers to iOS a couple of years ago. This year they previewed artificially intelligent tracker blocking on desktop Safari. Google Chrome will soon block “unacceptable advertising” by default.

Users and the companies that provide their conduit to the web are increasingly opposed to advertising, but advertising isn’t the only way to make money online. To be sure, advertising remains the easiest monetization strategy to pull off. Nothing is quite so simple as publishing SEO-optimized content, connecting your site up to AdWords, and watching the money roll in. But that’s not an experience any modern publisher can rely on — the web advertising gold rush is in the past.

That doesn’t mean you should remove all advertising from your site, but if your WordPress site relies entirely on advertising for its revenue, you might want to think about broadening its horizons.

Google Contributor

Google Contributor is a way for users to pay for an advertising-free experience. Users buy an “ad removal pass” from Google, and whenever they load a page from a participating site, money is paid to the publisher. Google Contributor isn’t new, but the original program was shut down and a simplified version released earlier this year.

While membership sites and paywalls are increasingly popular, asking users to sign-up for a paid membership to every site they want to visit isn’t scalable. Google Contributor provides a single service that offers an ad-free experience on multiple sites — and, of course, Google gets it cut, which it wouldn’t if people subscribed to each site individually.

If you’ve never used Google Contributor or haven’t used the newest iteration, it’s well-worth taking a look at.

Patreon

Many of the most popular bloggers and content creators have joined Patreon, a platform that allows users to pay money directly to content creators. Each “Patron” signs up to contribute to their favorite creators, often in exchange for early access, premium content, and other Patron-only benefits.

Patreon isn’t suitable for every site, and it relies on a large and relatively stable audience, but if that sounds like your site, it’s well worth a try.

Membership Sites

Finally, membership sites for niche bloggers have proven remarkably successful. MacStories, Ars Technica, and Matt Gemmell’s blog are among my favorites. There are many different membership strategies a publisher might take, ranging from a full paywall to premium content or ad removal. MacStories’ memberships offer an excellent newsletter to paying subscribers, for example.

Membership sites can be rewarding. But, as with Patreon, they depend on a loyal and committed audience who are willing to pay for content. If that description doesn’t apply to your site, you’re probably better off sticking with advertising.

For WordPress site owners, MemberPress is an excellent premium membership site solution, and Members is a capable free alternative.

Advertising will always be with us, but — largely due to the economics of advertising on the web — publishers have desperately grasped any advertising strategy, no matter how hostile it is to users. The inevitable backlash is in full swing, and smart publishers are making an effort to diversify revenue streams.

Posted in:
Webmaster, WordPress

Source link

Adding A JSON Feed To Your WordPress Site

Adding A JSON Feed To Your WordPress Site

Adding A JSON Feed To Your WordPress Site

Photo by mohamed1982eg on Pixabay

JSON Feed is a new feed format that provides the same functionality as RSS, but without asking developers to tangle with the complexities of XML, the format underlying both RSS and Atom. The creators of JSON Feed have released a WordPress plugin, which makes it simple to add a JSON Feed to an existing WordPress site.

The JSON Feed WordPress plugin isn’t in the official WordPress plugin repository yet, but it’s easy enough to install from its GitHub repository. If you want to take JSON Feed for a spin on your WordPress site, go to the GitHub repository in your browser, and click on the green “Clone or download” button. Choose “Download ZIP”, and then drop the resulting folder into your WordPress site’s /wp-content/plugins folder. Next, activate the plugin as you would with any other plugin. You should now have a JSON Feed available at http://yourdomain/feed/json.

Feeds have been central to blogging since its earliest days. The adoption and development of RSS was heavily influenced by the first bloggers in the late 1990s and early 2000s. Although social media streams like Twitter have supplanted RSS feeds for many users, they’re still an important part of blogging — not to mention being vital to podcasting. WordPress sites generate RSS feeds for posts by default, and many of the most engaged blog readers are heavy users of RSS.

But RSS has a problem. The decision to base RSS on XML makes it more complicated to implement than it should be. As anyone who has tried to build an RSS reader knows, that complexity causes no end of headaches. Non-standard and subtly broken feeds are everywhere, and RSS readers have to be able to handle a huge number of edge cases. Because of the prominence of social media streams and the challenge of implementing RSS properly, many publishers and developers don’t make the effort.

JSON Feed, which was created by Manton Reece and Brent Simmons, who created NetNewsWire, one of the earliest popular newsreaders, is intended to provide an alternative feed format without the headaches associated with RSS.

JSON is a lightweight data interchange format and it’s hugely popular. Originally developed for use with JavaScript, JSON is now a de facto standard for data exchange and APIs. Every programming language used on the web includes a JSON parser. Those of you who follow the WordPress world will be aware that the new WordPress REST API delivers data in JSON. Most importantly, the JSON Feed format is simple enough that correct implementation isn’t likely to be a problem.

JSON Feed is an excellent addition to the feed ecosystem, and it will hopefully see wide adoption. Many prominent feed readers have already integrated JSON Feed support, including Feedbin, Newblur, and Inoreader. However, if you choose to offer a JSON Feed on your site, don’t disable RSS. It’ll be a long time before the majority of services and applications that consume feeds adopt the JSON Feed format, if ever, so most sites will want to use both formats simultaneously for the foreseeable future.

Posted in:
WordPress

Source link