CAll Us: +1 888-999-8231 Submit Ticket
Load Testing: Asking the Right Questions

Load Testing: Asking the Right Questions

In this short series, Kevin Schroeder explains how to keep your website on the rails with proper load testing. Kevin owns consulting firm 10n Software, LLC, and has written several testing frameworks for Magento, Gmail, Twitter, and other applications.

Welcome to Asking the Right Questions, my three-part series about all things load testing. Specifically, it will cover how to prepare your site to weather the eCommerce storm, covering concurrency, types of load tests, and how to build and run them. I will include code samples, real-life examples, and how to best address common pitfalls.

It’s a common occurrence for developers. The owner of a website anticipates a spike in web traffic, perhaps due to an upcoming promotion. They ask the natural questions, “Can my site handle the increased traffic? How many thousands of users can my site handle?”

Owners want sites that can “handle X visitors” because more users equal more revenue. This is understandable, but a proper load test measures how well their server handles high numbers of concurrent requests, not just the number of web browsers pointing to the server.  It’s a classic case of what they want distracting them from what they need.

A quick-and-easy way to load test is to check how many people visited the site in the last 30 minutes, and then view peak concurrency in the log with:

grep -v "skin|js|media|static" access.log | awk '{ print $4 }' | uniq –c

That command filters the access log to remove all static content, which is not a scaling factor and counts the number of completed requests in a given second.

The results give you enough to calculate average concurrency over a time period:

(average response time in ms)*(peak requests per second) / 1000 

For example, if your average response time is 500ms, and you have 50 requests per second peak in your log files, your concurrency is about 25 requests.

However, this method only shows average concurrency over a period and lacks key specifics. Are the responses clustered in the first 100ms of the second, or in the last? Are there stretches of high concurrency occasionally disrupted by disastrous performance?

Given the missing details and the lack of good tools to find them, one solution is to double your result to account for the missing data. For most websites using somewhere between two and ten servers, this doubling will help account for unknown data, thus creating a more accurate estimate of performance.

And yet it’s far from ideal, and the reason is entropy. Or more precisely, the lack of it.

The problem is that load tests skew to the positive when they’re too neat and orderly. Load tests are usually built to follow a particular pattern. In Magento, this pattern is the home page, category, product page, add-to-cart, and checkout. Often, it’s also the same page each time. This has the effect of “cheating” on the load test.

Too much predictability tends to balloon performance and produce inflated results. It makes life too easy for your database, caches, and file systems. The more consistent your data, the better the system can optimize itself. Your job when writing a proper load test is to “sabotage” those optimizations with entropy.

Introducing entropy requires a fair amount of work and a developer skill set, and I have three favorites:

  • Use XPath or CSS post processors to extract category and product URLs from the page, which will retrieve random pages.
  • Add cache-busting random query strings to a certain percentage of requests.
  • Use random pause timers in your test threads to make requests occur at non-predictable times.

Websites don’t run in a vacuum, and users, as much you need them, spread chaos. As a developer building a useful load test, it’s your job to simulate that as best as you can.

Keep an eye out for Part 2 and 3 next week. I’ll look at two types of load tests – sizing validation and concurrency validation – and explore the dangers of just throwing hardware at your performance woes. 

Posted in:
Webmaster

Source link

What Does rel=noopener Do In WordPress Posts

What Does rel=noopener Do In WordPress Posts

What Does rel=noopener Do In WordPress Posts

Photo by JJ Ying on Unsplash

With the release of WordPress 4.7.4, there was a change to the way links are created in WordPress posts and pages. If you flip over to the “text” view in the WordPress editor, you’ll see that links you’ve told to open in a new tab are now tagged with rel=“noopener”. Many WordPress users have wondered what this attribute means, why it’s being added to their links, and, in particular, whether it has an impact on search engine optimization in the way that attributes like rel=“nofollow” and rel=“noindex” can.

In fact, rel=“noopener” is added to links that open in a new tab as a security precaution. When a link opens a new tab, the page that opens in the second tab is able to exert some control over what appears in the original tab. This ability is conferred by the JavaScript window.opener object, which gives JavaScript running on the child tab access to the contents of the parent tab.

The window.opener can be used to “hack” the contents of the parent tab. That’s bad news if the original tab contains sensitive information or forms that could be used to input sensitive information. You can see an excellent demonstration of this process on the “about rel=noopener” site.

A simple application of this hack would be to embed a link in a WordPress page that opens a new page in a new tab. Code in the new page could then be used to change the contents of the original tab to a fake login page, which would then transmit the user’s login details to the malicious third-party. If the parent and child tabs contain pages on different domains, there are greater restrictions on the window.opener object, but the child tab is able to redirect the parent tab to a different page. It’s easy to imagine a situation in which an attacker spams malicious links that redirect the parent tab to a phishing site.

As you can see, the window.opener object presents a security risk without adding much that’s useful for the vast majority of WordPress sites. The rel=”noopener” attribute tells web browsers to disable the window.opener object. Without access to that object, there’s no way a child tab can influence its parent.

Does rel-noopener Hurt SEO?

The short answer is no. The rel=”noopener” attribute has nothing to do with search engine optimization. Search engine crawlers ignore it, and it doesn’t impact the pages they crawl or how they rank and index pages.

Although rel=”noopener” removes the security risk, WordPress hosting clients should think twice before forcing pages to open in new tabs or windows. If users want to open tabs in new windows, their browsers make it easy to do so. Forcing pages to open in new tabs is an unnecessary imposition on the expected user experience of the web.

Posted in:
Webmaster, WordPress

Source link

Eight Reasons Your New WordPress Site Isn’t Ranking In Google

Eight Reasons Your New WordPress Site Isn’t Ranking In Google

Eight Reasons Your New WordPress Site Isn't Ranking In Google

Photo by Benjamin Dada on Unsplash

You launch a new business website and write a few pages of content, publish a handful of blog articles, and share content on Facebook and Twitter. But after a few months, your site is nowhere to be seen in Google search results. What’s the problem?

There are many reasons a new site might fail to rank in Google, but, in my experience, there are a few pitfalls many new site owners fall into.

Thin Content

The most common reason for failing to rank is that your content simply isn’t good enough. Google wants to send its users to high-quality, informative content. If your product or service pages are bare of useful information and your blog isn’t much better, the chances of your site’s pages finding their way onto the first page of the SERPs are low. On today’s web, quality is just as important as keywords.

The Competitions’ Content Is Better

Ranking is relative. Even if your content is reasonably well-written and informative, it won’t make a good showing in the SERPs if Google judges your competitions’ content is more valuable to searchers.

Your aim should be to publish the best content on the web. That might sound like a lot to ask, but the richer and more compelling the content, the higher it will rank.

You’re Targeting Highly Competitive Keywords

A new site is unlikely to rank well if it’s competing against established sites for very popular keywords. There’s no chance a new WooCommerce store that sells shoes is going to rank for “shoes”. You’ll have to get a little more creative with long-tail keywords. Try “red stilettos by Manolo Blahnik” for example.

No Incoming Links

Incoming links are still the single most important search ranking signal. As a new site, your link profile isn’t going to be competitive with established sites in the same niche. Among the most effective link building techniques are publishing great content and sharing it on social media, publishing guest blogs on other sites, and reaching out to bloggers in your niche (but don’t offer to pay them for links).

Over Optimization

Too much of a focus on SEO can be counter-productive. I have suggested that you should target long-tail keywords, but if you publish content that’s a thinly veiled excuse to stuff as many keywords as possible onto your site’s pages, you won’t get anywhere.

Be frugal with the use of keywords and embed them in high-quality content only when it appears natural.

Poor Performance

Slow sites don’t do well in the SERPs, and they do even worse in mobile search results. To be competitive with other sites in your niche, focus on reducing latency and page weight. One of the best ways to improve the speed of your WordPress site is to use a WordPress hosting company that offers performance-optimized hosting. If you don’t have great hosting, other performance optimization strategies aren’t going to make a lot of difference.

Your WordPress Site Turns Search Engines Away

Discourage search engines from indexing this site

A simple configuration error can cause your WordPress site to disappear from the SERPs altogether. In the WordPress Dashboard, select the Read menu item under settings and make sure the “Discourage search engines from indexing this site” option is unchecked.

Your Site Has Been Hacked

If your site has been hacked, Google will remove it from its index. It’s entirely likely that if your site has been hacked, you’ll know nothing about it until Google pulls the plug. Take a look in Google Webmaster Tools to see if Google thinks your site is infected with malware.

Fixing the eight SEO errors we’ve discussed today won’t guarantee you a place in the SERPS, but they will lay a foundation for future optimization and give you fighting chance against the competition.

Posted in:
Webmaster, WordPress

Source link

The 5 Best Online Image Compressors for Improving Your Loading Speed

The 5 Best Online Image Compressors for Improving Your Loading Speed

The 5 Best Online Image Compressors for Improving Your Loading Speed

Photo via Pixabay

It’s the age-old conundrum: how to have your cake and eat it too. You want a gorgeous, rich website full of high-quality images, but you want it to load as fast as possible for the best UX. Some will say you have to choose one or the other, but the truth is you can have both — and quite easily — with online image compressors.

Image compressors reduce the file size of any image without harming image quality (at least not to the naked eye). And, what’s more, you can do it all online… and for free.

But which of these web builder’s little helpers works best? Today, we discuss the 5 best online image compressors.

Optimizilla

A good go-to in the field of online image compressors, Optimizilla offers all the standard features and acts as a reliable benchmark.

Optimizilla only works with JPEGs and PNGs, but for those file types it’s one of the best free image compressors. You can control how much or how little quality reduction you want on a scale of 1-100, a feature that lets you find the perfect balance required for your site.

Another nice advantage is its bulk compression, allowing up to 20 images at one time. You can download compressed images individually, or together in a ZIP folder.

Kraken.io

Similar to Optimizilla, Kraken.io still offers the basics of online image compressors, but with a few slight variations.

For example, Kraken.io simplifies the process for new users with its “Lossy” and “Lossless” options. Lossy slightly reduces the image quality in a way that’s still hard to notice, while Lossless retains the pixel positioning for zero quality loss (but less file size reduction). On top of that, you can still choose “Expert,” which allows you to customize the quality reduction on a scale of 1-100, as well as preserving metadata and personalizing chroma subsampling.

Other features include resizing images, bulk uploading, and downloading as a ZIP. The only glaring drawback is that the free account is only temporary — after 100MB, you’ll have to buy one of their plans to continue usage.

Resize Photos

Somewhere between online image compressors and photo editors is Resize Photos. For starters, as the name suggests it’s one of the compressors that also resizes images (good for when your free account on Kraken.io runs out). But what really sets it apart are its dime-store photo-editing options.

Don’t expect anything glamorous from Resize Photos’s photo editing — there’s little you can’t do on Instagram. Still, quick fixes like rounded corners, drop shadows, borders, and basic filters (sepia, black-and-white, negative, etc.) can be implemented right away. Our favorite feature is the caption tool, which can be great in certain situations like memes, but could negatively affect SEO if used too much.

If you’re looking for a quick, and free, solution, and already need an image compressor anyway, Resize Photos is a great time-saver.

Convert Image

Don’t let the ugly interface fool you: Convert Image is one of the most advanced free image compressors available.

Convert Image’s crowning achievement is that it accepts more formats than most other online image compressors: JPEG, PNG, TIF, BMP, PCX, PSD, PSB, XCF, PDF, and even GIF. The standard compressor turns everything into a JPEG, for better or worse, but the site also offers a host of other features, including a file converter.

It’s worth exploring the site’s secondary features, located on the right side of the screen. There, you’ll find options for resizing, scaling, and basic photo editing. Convert Image has some interesting effects other image compressors lack, like sketch drawing filters and disco light overlays. But on a more professional level, you’ll probably be more interested in its options for favicon conversions and watermarks.

TinyPNG

One of the oldest and the best, TinyPNG is another staple in online image compression. They offer the basic options an image compressor should: JPEG and PNG compatibility, bulk uploads up to 20, 5MB max. per image. The paid Pro plan offers even more options for only $25 per year.

What we’re excited about most are its expansions into other tools. TinyPNG has a plugins available for WordPress and Photoshop CC 2017, adding even more convenience and removing extra steps if you use these platforms. On the horizon is compressing animated PNG images, with a beta version available on the site now.

Posted in:
General, Webmaster

Source link

Looking for Fast WordPress Themes? Here’s Three!

Looking for Fast WordPress Themes? Here’s Three!

Looking for Fast WordPress Themes? Here's Three!

Photo by Igor Miske on Unsplash

The tortoise may have beaten the hare in a foot race, but it wouldn’t last long in the world of web development. Speed is the name of the game in today’s digital industries; not only do users expect sites to load quickly (and bounce if they don’t), but loading speeds also factor into Google search rankings — including mobile.

With that in mind, we were curious about which WordPress themes performed best when it came to loading times. Drawing on Pingdom research conducted by Athemes, we picked out 3 of the fastest WordPress themes to give your WP site a head start right out of the blocks.

H-Code

  • Load Time: 1.14 s
  • Page Size: 2.6 MB
  • Price: $60
  • Performance Grade: 99 (A)

A Swiss-army theme for virtually any type of site, H-Code is a good theme to start with. Earning an near perfect performance score on Pingdom and a hasty loading time of just over a second, H-Code matches its impressive speed with equally impressive options for site building.

You can select your ideal setup from over 50 homepage demos, including both multi-page demos and even some single-page ones. Tons of pre-built content templates make this as fast to design as it is to load. The theme also supports your favorite WP plugins like WooCommerce, Yoast SEO, WPML, and Total Cache — an ideal theme for beginners and experts alike.

SociallyViral

  • Load Time: 0.68 s
  • Page Size: 402.7 kB
  • Price: $59 (sale)
  • Performance Grade: 100 (A)

Viral content waits for no one, which is why having a quick-loading page is no less than essential for widespread content consumption. That’s the heart of SociallyViral, a simple and speedy WordPress theme designed for digital marketing. With a perfect Pingdom score and a loading time easily under a second, this theme is perfect for shareability.

Don’t expect much depth with SociallyViral; it’s best for landing pages and smaller, targeted sites as opposed to mammoth enterprises. Still, for what it aims to do, it’s one of the best: it prioritizes its social sharing buttons, integrates easily with AdSense to take advantage of clickthrough rates, encourages email signups with nice opt-in forms, and lets you advertise your trending/popular posts with special widgets.

Pillar

  • Load Time: 1.4 s
  • Page Size: 2.7 MB
  • Price: $59
  • Performance Grade: 98 (A)

Last, we have another multi-purpose theme that assists a variety of industries. Pillar is incredibly malleable, with homepage demos for agencies, businesses, ecommerce, portfolios, landing pages — pretty much everything.

The theme comes with 110 ready-made templates for conventional and niche pages alike. You have your regulars like About and Contact, but also specialized pages like product pages or case studies. Over 140 content blocks let you further hand-tailor your site as you like with options for pricing tables, people profiles, testimonials, etc. As if that weren’t enough, there’s also eight site headers and four site footers to choose from.

All these options make Pillar one of the strongest choices for a robust WordPress site that’s not weighed down for speed.

Posted in:
Webmaster, WordPress

Source link

Here’s Why Forgetting To Renew Domain Names Is A Bad Idea

Here’s Why Forgetting To Renew Domain Names Is A Bad Idea

Here's Why Forgetting To Renew Domain Names Is A Bad Idea

Photo by mintchipdesigns on Pixabay

In the web hosting world, two tasks essential to keeping a site up and running are routinely forgotten, renewing SSL certificates and renewing domain names. Every once in awhile, we’ll hear about a big corporation that has somehow neglected to renew a domain name or buy a new SSL certificate. It’s happened to Google, to Microsoft, to thousands of less prominent site owners, and recently it happened to Samsung.

In 2014, Samsung retired an app called S Suggest, which communicated with its servers at the ssuggest.com domain. Although S Suggest isn’t maintained, it’s still installed on millions of older Samsung devices. Recently, the ssuggest.com domain expired, which means it was up for grabs by anyone smart enough to realize the implications. In theory, if a hacker got control of the trusted domain, they could have done all sorts of mischief. As it turns out, the domain was registered by security researcher João Gouveia.

Gouveia was able to observe traffic on the domain as over 2 million Samsung Android devices phoned home a total of 620 million times. According to Gouveia, if a malicious party had registered the domain, they could have rebooted phones or even installed malicious applications. Samsung disputes the seriousness of the problem, and, if those claims are true, they have bigger security problems than a forgetful executive, but the fact remains that letting a domain expire can have very bad consequences.

Can you imagine the consequences to your business if its domain expired, if a lucky domain watcher could replace your site with their own advertising, a drive-by download page, offer to sell it back to you at a vastly inflated price, or just redirect it to their own business?

It’s easy to forget to renew domains; that’s why it happens so often. If you register a domain for three years, it’s unlikely that you’ll remember when it’s time to renew without help. What can you do to avoid being put in the same position as Samsung?

First, put it on your calendar. Most of us use web-based calendar services these days, so even if you change to a different calendar application, you’ll get the reminder.

Next, make sure that the email address you give to the domain registrar is one you’ll definitely be monitoring a couple of years down the line. All respectable domain name registrars send repeated reminder notices well in advance of a domain’s expiry date. Presumably, somewhere deep in the bowels of Samsung’s IT systems, there’s an inbox full of domain renewal notices that no one ever opens. If you use a dedicated email address for domain name notices, forward it to your main email address so that you’ll be sure to get notifications.

Make sure a member of staff is responsible for checking the email inbox associated with your business’ domains. It’s all too common for the person who originally registered the domain to move on to a different company and leave the inbox unchecked.

Of course, if you really want to be safe, and your domain registrar offers the service, turn on auto renewal, so the registrar will automatically renew the domain when the time comes.

If giant corporations like Samsung and Google can neglect domain renewals, you can too, so perhaps it’s time to take stock of the domains you have registered and make sure you know when they expire.

Posted in:
Webmaster

Source link

Advertising Isn’t The Only Way WordPress Bloggers And Publishers Can Make Money

Advertising Isn’t The Only Way WordPress Bloggers And Publishers Can Make Money

Advertising Isn't The Only Way WordPress Bloggers And Publishers Can Make Money

Photo by Vitaly on Unsplash

Readers and viewers don’t like advertising. Few people visit a site because they want to see the ads. As loudly as the ad-tech industry argues otherwise, it hasn’t figured out how to display relevant, non-offensive, and non-exploitative advertising consistently. Malvertising attacks site visitors without the knowledge of the publisher. Advertising and its attendant tracking code inflates web pages by an order of magnitude. Advertising on WordPress blogs and web magazines in particular often offers a user-hostile experience. Users have acted to protect themselves with ad and script blockers.

Where the user goes, the big tech companies that rely on them for revenue go too. Apple introduced content blockers to iOS a couple of years ago. This year they previewed artificially intelligent tracker blocking on desktop Safari. Google Chrome will soon block “unacceptable advertising” by default.

Users and the companies that provide their conduit to the web are increasingly opposed to advertising, but advertising isn’t the only way to make money online. To be sure, advertising remains the easiest monetization strategy to pull off. Nothing is quite so simple as publishing SEO-optimized content, connecting your site up to AdWords, and watching the money roll in. But that’s not an experience any modern publisher can rely on — the web advertising gold rush is in the past.

That doesn’t mean you should remove all advertising from your site, but if your WordPress site relies entirely on advertising for its revenue, you might want to think about broadening its horizons.

Google Contributor

Google Contributor is a way for users to pay for an advertising-free experience. Users buy an “ad removal pass” from Google, and whenever they load a page from a participating site, money is paid to the publisher. Google Contributor isn’t new, but the original program was shut down and a simplified version released earlier this year.

While membership sites and paywalls are increasingly popular, asking users to sign-up for a paid membership to every site they want to visit isn’t scalable. Google Contributor provides a single service that offers an ad-free experience on multiple sites — and, of course, Google gets it cut, which it wouldn’t if people subscribed to each site individually.

If you’ve never used Google Contributor or haven’t used the newest iteration, it’s well-worth taking a look at.

Patreon

Many of the most popular bloggers and content creators have joined Patreon, a platform that allows users to pay money directly to content creators. Each “Patron” signs up to contribute to their favorite creators, often in exchange for early access, premium content, and other Patron-only benefits.

Patreon isn’t suitable for every site, and it relies on a large and relatively stable audience, but if that sounds like your site, it’s well worth a try.

Membership Sites

Finally, membership sites for niche bloggers have proven remarkably successful. MacStories, Ars Technica, and Matt Gemmell’s blog are among my favorites. There are many different membership strategies a publisher might take, ranging from a full paywall to premium content or ad removal. MacStories’ memberships offer an excellent newsletter to paying subscribers, for example.

Membership sites can be rewarding. But, as with Patreon, they depend on a loyal and committed audience who are willing to pay for content. If that description doesn’t apply to your site, you’re probably better off sticking with advertising.

For WordPress site owners, MemberPress is an excellent premium membership site solution, and Members is a capable free alternative.

Advertising will always be with us, but — largely due to the economics of advertising on the web — publishers have desperately grasped any advertising strategy, no matter how hostile it is to users. The inevitable backlash is in full swing, and smart publishers are making an effort to diversify revenue streams.

Posted in:
Webmaster, WordPress

Source link

5 Reasons to House Clean Your Database

5 Reasons to House Clean Your Database

5 Reasons to House Clean Your Database

Databases are bedrooms.

When tidy, you can find your socks, shoes, cellphone, and everything else you need within minutes. But when cluttered, it takes 10 minutes to remember your left your shoes on the stairs, and 10 more minutes to remember you left your cell in your shoes because your hands were full at the time.

Even if you don’t habitually store your cellphone in your shoes, your database needs regular cleaning if you expect efficiency. Over time, use diminishes performance. Log files and other undesirables will pile up in heaps like neglected laundry, and what was once timely becomes a foggy slog.

If the metaphor doesn’t motivate you, then here’s five more concrete reasons to perform regular database maintenance.

#1: Faster queries

Your database doesn’t need all of your data, and bigger is not better. Think of it as a library, and a query as a librarian. The fewer books in the library, the quicker the search, and maintenance will discard outdated files and clutter. Defragmenting your database is the equivalent of consolidating the same number of books onto few shelves. Ignore cleanup, and eventually, your librarian will lock up and crash.

#2: Reliable disaster recovery

Is there such a thing as unreliable disaster recovery? Maintenance allows you to check the timeliness and integrity of backups so your recovery operations won’t dead-end into corrupt or incomplete data.

#3: Lower costs

Prevent problems before they derail your website’s silky operation. Any cost of doing so is minimal compared to the cost of visitors giving up on your broken or sluggish site. And because prevention is easier than repair, it allows you to stay focused on other aspects of your business.

#4: Security

Neglect is the ally of online thieves and hackers. If you’re regularly auditing your software versions, user-access, and PCI compliance, then you’re a hard target. Mind you, not invulnerable, but far less attractive to predators that prefer the other sites relying instead on the good graces of the Internet.

Posted in:
Webmaster

Source link

How Do CAAs Make Your Sites Safer?

How Do CAAs Make Your Sites Safer?

Certificate Authority Authorization Records Explained: How Do CAAs Make Your Sites Safer?

Photo by Anthony Martino on Unsplash

Certificate Authority Authorization records prevent SSL certificates being issued to hackers and online criminals for domains they don’t legitimately control.

When you ask a Certificate Authority to issue an SSL certificate for a domain, you have to prove that you control that domain. For Domain Validated certificates, that often involves uploading a special file to a server connected to the domain. If the file provided by the CA appears on the server, they know you’re in control.

In most cases, that’s a valid way to show who controls the domain. But, if a hacker compromised a WordPress or Magento site, they might be able to upload a verification file. There’s a flaw in the system that can be used by malicious individuals to influence a Certificate Authority to issue a certificate for a domain they don’t have legitmate control over. They have control over the site, but that control isn’t legitimate. Certificate Authority Authorization records are intended to close that loop in the verification process.

Certification Authority Authorization (CAA) records are a “new” (the RFC for the proposed standard was technically released in 2013) DNS record type, which will be used by Certificate Authorities (CAs) to add an additional layer of security for domain holders in regard to SSL certificates being provisioned under their name.

The CA/Browser forum – a voluntary group of companies such as Google, Mozilla, and Comodo – took a vote on making the use of these records mandatory, which passed earlier this year.

This means that major browsers will only trust certificates if they’re issued by a Certificate Authority that checks CAA records as part of its process. If the domain owner sets the CAA DNS record, Certificate Authorities have to respect the contents of that record.

How CAA Records Work

In order to help explain this better I’ve provided an example below:

We’ll presume Acme Company, Inc. controls example.com and only uses Comodo as their CA. The admins for their domain/DNS zone create the following CAA record:

example.com.       IN      CAA     0 issue "comodoca.com"

When the admins for example.com submit a request to Comodo to create a new SSL certificate for their domain, Comodo then runs a lookup against the domain’s existing CAA records to determine if they are permitted to issue the certificate. Upon seeing that the record exists and references them, they proceed with the creation of the certificate.

It’s worth noting that CAAs don’t take the place of current verification/validation procedures for SSL provisioning, but rather add an additional layer to cover situations that were not handled under the existing processes.

To dive into some specifics on how the records themselves are laid out, I’ve provided examples below for each “property tag” that can be specified:


issue

As shown above, the “issue” property tag specifies a specific CA that is authorized to provision certificates for the domain in question.

Example:

example.com.       IN      CAA     0 issue "comodoca.com"

issuewild

Exactly the same as issue, however this allows for wildcard certificates to be issued as well

Example:

example.com.       IN      CAA     0 issuewild "comodoca.com"

iodef

This property tag currently isn’t fully supported by all CAs, however its purpose is to provide further information such as E-Mail addresses, that can be used by CAs in situations where there’s an issue with the certificate itself or in cases where someone may have made an attempt to request a certificate be created that violates any other CAA record property tag rules.

Example:

example.com.       IN      CAA     0 iodef "mailto:[email protected]"

What Do CAAs Mean For Hostdedi Customers?

This is a good thing. There have been countless events in previous years in which malicious parties have been able to provision certificates for domains that they don’t have control over. This new enforcement tool provides companies and individuals with another layer of security for their domains and the certificates issued under them.

In addition to all of the above, CAs are only enforcing these rules if the records exist. If you’d rather not use them (though I’d highly recommend doing so) your interactions with CAs when purchasing a certificate will be the same as they always have.

We’re proud to announce that we’ve implemented full support for CAA records within Portal and you can log in and get started with creating those today.

As always, if you have any questions regarding these records or need assistance with creating them, you can contact the best Support Team in the world by opening a ticket, E-Mailing [email protected], or by contacting us via phone at any time.

Posted in:
Security, Webmaster

Source link

Revenue And Traffic Diversity Is Crucial For WordPress Publishers

Revenue And Traffic Diversity Is Crucial For WordPress Publishers

Revenue And Traffic Diversity Is Crucial For WordPress Publishers

Photo by Greg Sellentin on Unsplash

It’s no secret publishers are struggling to build sustainable content businesses. Advertising revenues were in decline before ad-blockers went mainstream, and since the advertising industry alienated a huge swathe of the online audience, it’s become even more difficult to make money from content.

But difficult doesn’t mean impossible — there are plenty of WordPress publishers, large and small, with thriving businesses. The secret to success is revenue and traffic diversity: not relying too much on any single platform to bring home the bacon.

It’s never a good idea to tie the fortunes of your business to someone else’s business, especially in an industry of rapid disruption where a sure thing can turn into a dud overnight. And yet, I often talk to publishers who have taken a massive hit to their bottom line because a platform they relied on for revenue or traffic has pivoted in an unhelpful direction. It happens time and again, and every time they’re surprised.

Medium has its upsides: not least the network effects associated with being on a platform with a huge audience. And so many publishers went all-in on Medium — a company that pivots faster than Excel. Soon after, Medium abandoned its planned monetization solutions and laid-off a third of its staff, leaving publishers in a pickle.

The same pattern can be seen with Facebook’s Instant Articles. Publishers have a love-hate relationship with Facebook. They’re loathe to give up the distribution of their content, but eager to get that content in front of Facebook’s billion-plus users. So everyone who is anyone started publishing Instant Articles. At the same time, Facebook was making plans that essentially rendered Instant Articles of no benefit to publishers.

Facebook thinks video is the future — and so videos get priority in the Newsfeed. Facebook thinks its users would rather see content from their family and friends, so news articles — including Instant Articles — are pushed out of the feed. Facebook thinks users want to see content they “interact” with, not content from publishers they’ve liked and followed, so publishers find it impossible to connect with their followers.

Earlier this year, Amazon announced cuts to its affiliate marketing program, decimating the revenue of publishers who had built a nice business sending customers Amazon’s way.

Any publisher that depended for a large chunk of its traffic or revenue on one of these platforms would find itself in trouble. Which is not to say that WordPress publishers shouldn’t use Facebook, Medium, and Amazon, in addition to as many other sources of traffic and revenue as possible. The point is not that these channels should be ignored, but that none of them is the savior of the publishing industry.

Smart publishers use all of these channels and more to hedge against the inevitable pivots and focus changes. People will always want high-quality content and there will always be viable publishing business models, but publishers have to move quickly and spread their bets.

WordPress hosting is a great solution for publishers who want to maintain platform and revenue independence. Control your site and content distribution, and take advantage of platforms without depending on them.

Posted in:
Webmaster, WordPress

Source link