Category Archives:
Wordpress Archives

WordPress hosting is complex. Every WordPress site depends on a stack of software and hardware created by companies and communities with standards and values that are difficult to understand from the outside. This gives rise to misunderstandings and myths, especially where security is concerned.

In this article, we look at some of the most pernicious WordPress hosting myths, with a particular focus on myths that lead to security mistakes.

Small Sites Don’t Get Hacked

The media often reports on significant security breaches where the attacker’s goal seems obvious. The victims store gigabytes of personal data that can be used for identity theft. Many store credit card numbers, which are stolen for obvious reasons. Some attackers are engaged in industrial espionage.

None of that applies to smaller websites with a handful of user accounts: not much useful personal data there. They rarely store credit card numbers, wisely opting to use a payment processor. So why would a criminal invest the effort to hack a small site?

First, it isn’t much of an effort. Most hacking is automated: bots trawl the web for vulnerable sites, compromising them with pre-programmed attacks. The attacker sets his bots loose and waits for the IP addresses to come rolling in.

Second, even a small site is valuable. It has an audience, who can be infected with malware. It can be dragooned into the attacker’s botnet and used to compromise other sites or to take part in DDoS attacks. It can be used for SEO spam. Every website represents a package of bandwidth, storage, and processing power — all of which are useful to criminals.

If It Works, Why Upgrade?

People who don’t spend their lives staring at code on a screen are quite satisfied when technology does what it’s supposed to. They may feel that updates, which bring changes, are an unwelcome disruption. WordPress isn’t hard to learn, but it’s hard enough that the thought of change worries some of its millions of users.

People who use WordPress every day become accustomed to it. They prefer to avoid change for the sake of change, and so they are often reluctant to update. After all, why alter what works.

The developer’s answer to this is two-fold. Software never stands still and has to change to keep up with changes in the world. And, more importantly, updates fix bugs that cause security vulnerabilities. A site that has not been updated for a few months is almost certainly vulnerable. In the previous section, we talked about botnets and automated hacking. It is unpatched content management systems that those bots seek. Eventually, they will find an unpatched site, and it will be hacked.

I’d Know If There Was A Problem

What does a hacked website look like? For the most part, it looks like a website that hasn’t been hacked — especially to its owner. As we have discussed, bad actors breach a website because they want its data, resources, visitors, or SEO potential. If the site owner finds out they have been hacked, the bad actor loses access to those resources. So, they’re sneaky. They try to hide.

If you’re looking closely, you might notice spikes in bandwidth or memory use. If you regularly scan for malware, you might find their malicious code. But if you use the site normally, you’re unlikely to see anything is amiss.

Take SEO spam as an example. When a site is compromised, links to sites the attacker wants to promote are injected into its content. Those links are visible to Google, and they might be visible to ordinary visitors, but they are hidden from people logged in to the site.

That’s why it’s a good idea to regularly scan your site with a tool like Sucuri or Wordfence. They spot malicious code and let you know about it. If you don’t scan, then you are most likely to find out about an attack when Google starts warning your audience that your site is unsafe.

SSL Keeps Your Site Secure

SSL certificates have two jobs. They encrypt data traveling over the network from a server to a browser and back again. And they are used by browsers to verify that they are connected to the host they expect. That’s all SSL certificates do. They are an essential security and privacy tool, but they don’t protect data stored on the site’s server. Nor do they protect a site from attackers seeking to exploit vulnerabilities.

Every WordPress Plugin Is Free

This is a pernicious myth that causes people to download malware-infected plugins. Most WordPress plugins are open sourced under the GPL license. When the developer distributes the plugin, they also distribute the source code. They are required to do so by the license.

Often, open source software is free. It doesn’t cost any money to use. WordPress itself is open source and free. But some open source software is not free to use. Premium WordPress plugins are in this category: they are open source, but the developer expects users to pay a license fee to use the plugin.

When users pay the fee, they get the source code, as required. But open source doesn’t mean the developer has to give everyone the source code — just the people to whom the plugin is distributed, the people who have paid. This is commonly misunderstood. It is perfectly legal to take the code of a premium theme and give it away for free once you have paid for it, but this is discouraged in the WordPress community, for obvious reasons.

You might be wondering what this has to do with security. Bad actors know that people want to use premium plugins without paying for them. So, they take the plugin, add a sprinkling of malware, and give it away for free. These “nulled” or “pirate” plugins contain backdoors and other malicious code. When an unsuspecting WordPress user installs the nulled plugin, they give control of their site to an attacker. Installing pirate plugins on your site is a bad idea.

We’ve covered five common WordPress hosting myths in this post, and there are many more that we might have included. If you’d like to see a follow up post that dives into more WordPress hosting myths, let us know in the comments.

Posted in:
WordPress

It’s easier to get started with WordPress than any other leading content management system, deliberately so because WordPress was designed to make publishing on the web as intuitive as possible. However, your introduction to WordPress will go more smoothly if you understand a handful of key concepts. In this short glossary, we’re going to look at nine concepts that are important to understanding how WordPress works, concepts that will prove useful to you as you write, publish, and manage your WordPress site.

Posts And Pages

WordPress organizes web pages into two groups: posts and pages. Posts are, essentially, blog posts, although they might be used to publish videos, podcasts, or other media. The most important thing to know about Posts is that they are displayed in reverse chronological order on the posts page, which is often the homepage of the site.

A page is any other webpage on your site: the About page, or a landing page, for instance. Pages are not displayed in blog listings, but they typically appear in navigation menus.

Open Source

WordPress is open source software. That means WordPress is distributed with its source code, which can be modified by anyone. WordPress development is a collaborative effort between developers working in the open. Because WordPress is open source, it is also free, and it will remain free forever.

User Roles

Each WordPress user has a user role. User roles control what the user has permission to do on the site. The site owner and perhaps other trusted accounts are assigned the Administrator user role. They have permission to change settings, publish and unpublish content, install plugins and themes, and more. Other roles include Editor, Author, and Contributor. An account assigned the Author user role can publish and manage their posts, but they can’t manage other people’s posts or install plugins.

User roles are a key security feature: account holders should be given a user role that grants only the permissions they require. A writer shouldn’t be given admin privileges, and the number of administrator accounts should be as small as possible.

Taxonomies

Taxonomies organize the content on a WordPress site. There are two types of taxonomy, categories, and tags. Categories organize content into groups, often by subject matter. A post can belong to one category. A food blog might have categories for recipes, tool reviews, and tutorials. Categories are frequently used in a WordPress site’s navigation menu, and each category has an associated category page that displays all posts in that category. You can see the categories for this blog in the sidebar, or beneath the article list on mobile browsers.

Tags are a little different. There is no limit to the number of tags a post can have. They are more flexible than categories and are often used to group posts with similar topics. Our example food blog has a “recipes” category, but a recipe for guacamole might also have tags for avocado, dip, salad, and Mexican.

The way a site uses taxonomies affects its information architecture, search engine optimization, and user experience, so it is worth taking the time to devise a logical and coherent category and tag structure.

Database

WordPress is a dynamic content management system. Rather than storing web pages ready-made on a hard drive, WordPress generates them on the fly, running code that gathers data to construct an HTML page the browser understands. The data is stored in a database, a program that organizes and indexes data so that it can be retrieved efficiently. On your Hostdedi WordPress hosting account, the database is a performance-optimized variant of MySQL, the most popular open source database on the web.

As a WordPress site owner, you rarely interact with the database directly, but it is useful to know that content, plugin and theme data, configuration data, and information about users are stored in the database. When you backup a WordPress site, both the files and the database should be copied; it is a common mistake to copy only the files, and that is only a fraction of what makes a WordPress site.

Static Front Page

WordPress started life as a blogging engine, and, although it has since developed into a full-featured content management system, it retains some of the qualities of a platform intended primarily for publishing blog posts. This can be seen in the default configuration for the homepage, which displays a reverse chronological list of posts. That’s good for a blog, but not for a business site, where a landing page or traditional homepage is more appropriate.

The Static Front Page setting, which can be found in the Reading Settings section of the Admin menu, replaces the blog listing with a page of the site owner’s choice. In WordPress parlance, a Static Front Page is just a homepage that doesn’t display the blog listing.

Plugins and Themes

WordPress is a modular system: it has a central core that can be augmented with the addition of software packages. These come in two varieties, plugins and themes. Plugins add extra features and enhancements to WordPress. A plugin may make a small tweak to an existing feature; it may introduce a set of related features, such as with a caching or security plugin; or it might transform a large swath of WordPress’ functionality and user experience, as with a plugin like WooCommerce. There are tens of thousands of free plugins to choose from as well as premium plugins with advanced features and support.

Themes govern how WordPress looks and features related to its appearance. Every WordPress site has a theme that determines its front-end color schemes, typography, and page layouts. Basic themes provide a simple set of appearance configurations whereas more complex themes are packed with features such as sliders and drag-and-drop page builders. As with plugins, there are thousands of free themes and a large market for premium themes.

Caching

As we discussed in the database entry, WordPress is a dynamic content management system: it generates pages as they are requested. Dynamic content generation is key to WordPress’ ability to show different content to users, but it is slower than serving pre-generated content. Caching allows content that was generated in response to a previous request to be served more than once; if the content doesn’t change, it is a waste of resources to generate it for every request. Caching can make WordPress site much faster while consuming fewer server resources.

Caching can occur at many points during the process of serving pages. At Hostdedi, we equip WordPress sites with the W3 Total Cache plugin and install Memcached on all WordPress hosting plans.

WordPress Hosting

Hosting puts a WordPress site on the web. It provides the server that runs WordPress’ code and that supports the database. It also provides a network connection to the internet. There are many different types of WordPress hosting, from shared hosting to dedicated server hosting and cloud hosting.

WordPress hosting providers offer the same basic service, but they are not the same where performance, reliability, and security are concerned. To learn more about what makes a great WordPress host, take a look at how we optimize our WordPress hosting platform.

Posted in:
WordPress

WordPress contributor teams recently released Theme Sniffer and WP Theme Auditor, tools that help developers to create themes that adhere to coding and accessibility best practices.

There are thousands of free WordPress themes and thousands more premium themes. Some are excellent, and some are terrible, but most are somewhere in-between on the quality scale. Installing a theme that isn’t coded correctly can cause security or user experience problems, which is why the WordPress project is careful what it lets onto the theme repository.

However, the most diligent theme checkers can’t catch every problematic theme, so lower-quality themes sometimes make it through, especially on premium theme marketplaces that may not be as careful as the WordPress Repository team.

Developers don’t set out to make themes that cause problems. Most want to create a theme that is useful, beautiful, and secure. Problem themes are the result of less experienced developers who don’t understand what is required of a WordPress theme or don’t have the WordPress and PHP skills to create a theme that ticks all the boxes.

Poor-quality themes create a negative user experience, and that’s not good for the WordPress project, which wants interactions with WordPress to be as pleasant as possible. One way to achieve the goal of theme excellence is to provide high-quality documentation for developers. Another is to create tools to help developers spot issues and fix them before they become a problem to users.

Theme Sniffer was recently released by the Theme Review Team. It analyzes a theme’s code to see whether it adheres to WordPress coding conventions, a set of rules the WordPress project believes should be followed by anyone who develops a WordPress theme.

Image: https://ps.w.org/theme-sniffer/assets/screenshot–1.png?rev=2045224

The rules say how PHP files should be indented, whether single or double quotes should be used, how database queries should be formatted, and more. This might seem trivial, but coding standards help developers to maintain consistency throughout their projects, provide guidance about how to handle certain coding dilemmas, and make it easier for developers to collaborate — something that is particularly important for open source projects.

Accessibility is a particular problem for WordPress themes. Many themes that appear to be well-made pose problems for users with accessibility issues because the developer doesn’t follow accessibility best practices.

WP Theme Auditor is an NPM tool that examines WordPress themes with the aXe API, which includes tests to make sure a theme doesn’t provide a negative experience to people who have accessibility issues, including people who use WordPress via the keyboard or a screen reader.

Theme Check is a plugin that automatically tests themes for compliance with the official theme review standards. This one is particularly important because theme reviewers use it before allowing themes onto the official WordPress theme repository. If your theme doesn’t pass these tests, it may be rejected.

We’ve discussed the Theme Check plugin before, so take a look at our earlier post for a more in-depth discussion.

Automated testing helps developers to find coding and design mistakes before they’re released into the wild. The tools we’ve discussed make it easier for developers to create themes that are delightful to use.

Posted in:
WordPress

If you’re a news publisher, a news section is your bread and butter. If you’re a business, a news section provides a place to publish recent successes and upcoming events. If you’re an independent developer, a news section lets you keep your followers up to date on recent changes.

Regardless of who you are, a news section can add value to your site. The question is, how can you integrate it into your site in the best way possible.

WordPress offers a number of plugins to help improve click-through and reduce bounce rate on news items. Most of these come in the form of sliders, grids, carousels, and tickers.

We checked several different news plugins from the WordPress plugin directory to find out which work best. Keep reading to see a narrowed down list of the top six.

The first plugin on our list, WP News and Scrolling Widgets, is one of the more powerful and well known WordPress news plugins. It allows sites to create, manage, and display news content through widgets, sliders, and grids, in addition to being a news management tool separate from WordPress pages and posts.

Once installed, the plugin adds a News tab to the WordPress admin panel. In this tab, users can easily add, edit, and manage news content. The news editor itself is very similar to the standard editing interface you’ll find with WordPress posts and pages. It allows you to create content, set an excerpt and feature image, and select what categories and tags should apply.

Once you’ve created content, a range of shortcodes are available for site owners to make customized news widgets. The news widgets can filter content based on category, date, and type. Customizations can also be made to how content is displayed. A guide on managing this process can be found in the How It Works subheading.

By default, WP News does not offer a huge number of features, and its only real benefit is the management section. For customization, you’ll find just four shortcodes for displaying content in either grid or list views. If you pay and upgrade to pro, your options increase significantly.

Pro offers over 120 designs, along with 6 shortcodes, Visual Composer page builder support, a recent news display type, 100% multi language support, the ability to add custom CSS, and drag and drop ordering for content organization.

Pricing for pro starts at $149 for a personal, lifetime license. If news is a big part of your site, it may be worth paying for the added functionality. If you don’t want to spend anything, it’s probably better to stick with something else on this list.

Fancy News is a simple and easy to use news slider plugin. Instead of adding a complex series of steps to the process of selecting what news is show, Fancy news provides a single, easy to use shortcode generator in the Tools section of the WordPress admin interface.

Unfortunately, this provides only a limited number of options for customization, as well as content curation. For example, recent news cannot be featured without the aid of an RSS feed to pull from. Design-wise, typical customizations can be made, including size, excerpts, speed, color, and links.

Fancy News is a great free editor, but doesn’t offer some of the functionality you’ll find with WP News and Scrolling Widgets.

WP News is a stable, easy to use news plugin that allows for news sites to create and display customizable sliders, carousels, and news tabs.

As far as news plugins go, WP News offers a no-frills, easy to manage news curation experience. By default, you’ll find six different WordPress widgets included, with each including its own style options. The customization here is limited, as can be seen by one of the features being “Unlimited Color Variation”.

Despite this lack of customization, the plugin itself is very lightweight and requires fewer server resources when compared with alternatives. Moreover, WP News comes with a unique feature you won’t find elsewhere on this list: it is an Elementor Addon.

Elementor is a custom WordPress page builder. Used by over 2 million sites, it provides users with a drag and drop interface for creating new content and optimizing old.

The WP News addon for Elementor means improved integration, so site builders can create complex user experiences more easily, while also implementing a lightweight news plugin for news curation.

WP News is available for free from the WordPress plugin directory.

Simple News is another lightweight news plugin designed to allow content creators to output unordered lists. It does this by adding a new post type called “News”.

In terms of customization, Simple News offers four image sizes, and a single style for the widget itself. It is possible, however,  to remove the default and insert your own CSS. Unfortunately, this isn’t as easy as some of the point and click customization interfaces offered by alternatives.

Overall, Simple News is great if you’re looking for something simple. Otherwise, it may be better to create your own custom news feeds with the coding knowledge you would put into custom CSS here.

Pros

• Adds a new post type “NEWS” to the WordPress editor
• Easy to use Shortcodes
• Easy to add widget
• Ability to filter results by Category ID

Cons

• Advanced Customization requires CSS knowledge
• Lacks functionality compared with alternatives

One of the best news tickers available, Ditty News Ticker lets site owners create customized news tickers across their site. An unlimited number of ticks can be added, with the ability to edit content, links, and destination (new or same tab).

From a design perspective, Ditty News Ticker also allows you to edit how the ticker appears in pages. You can change dimensions, speed, display type, and more. Once you decide on the ticker settings, you can easily insert into pages, posts, and widgets with either shortcode or a direct php function.

 

The ability to add unique ticker content is something you don’t find with several other news tickers, and means you can optimize content based around your goals, instead of just settling on the default.

Pros

• Great customization options compared with other tickers
• Ability to add custom shortcode easily

Cons

• Somewhat difficult to navigate

More lightweight than Ditty, PJ is a news ticker that does what it says on the package and little else.

Edits to the look and feel of the PJ News Ticker must be performed through the settings section of the WordPress interface. From here, it’s possible to edit the header, color scheme, speed, font size, and content.

Once you’ve decided on what you want the ticker to look like, you can easily insert it into your site with shortcode. This allows you to select custom post types, categories, or the 5 most recent posts.

PJ won’t give you the same level of customization as Ditty, but it does provide a solid, easy to manage news ticker capable of automatically delivering your most recent content.

Pros

• Easy to use interface
• Lightweight plugin that requires few resources

Cons

• Shortcode customization can be troublesome
• Lacks the customization options of other news tickers

Posted in:
WordPress

You’re reading this article, which means you clicked a link, a string of characters that uniquely identifies this document, one of the billions on the web. You might have clicked a link on the Hostdedi blog’s index page, or a page of Google search results, or a Facebook page. But wherever you came from, you got here in the same way, and that process is what we’re going to talk about.

The Domain Name System

When you click a link in a hypertext document, you ask the browser to download and display the associated content. Before the browser can download anything, it needs to know which of the millions of servers on the web has that page. The human-readable web address (URL) doesn’t encode that information in a way that is useful to machines. The web address must be translated into an IP address that can be used to route information around the web. That’s the job of the Domain Name System (DNS).

There are two types of DNS server: recursive and authoritative. Recursive DNS servers are responsible for finding out the IP address associated with a URL. They’re usually managed by the ISP that provides the internet connection a browser is using, although not always. An authoritative DNS server knows the IP addresses for a chunk of the web. Recursive servers ask authoritative servers for the relevant IP address.

Recursive DNS servers are like librarians: they know a lot, but not everything. Often they need to consult authoritative external resources to answer a question, and in the DNS system, that’s the authoritative DNS server.

The browser sends a request to the recursive DNS server. If it knows the IP address of the site, it sends it to the browser immediately. If it doesn’t, it has to ask authoritative DNS servers. Authoritative DNS servers are organized in a hierarchy, an upside-down tree. At the top are root servers that know which authoritative DNS servers are responsible for .com, .net, and so on.

If the host’s web address is blog.nexcess.net, the authoritative DNS server that knows about .net addresses is asked which server knows about nexcess.net addresses. Then the DNS server that knows about nexcess.net is asked about blog.nexcess.net.

Our authoritative DNS servers know which IP is associated with blog.nexcess.net, so it tells the recursive DNS server the browser queried, which then tells the browser. At this point, the browser has the information it needs to send a request to the server hosting our blog.

A Note On Simplification

In this article, we’re focusing on DNS, HTTP, and TCP. These protocols and systems are the top of a deep stack of technologies, so our description is partial — we’re missing a lot out because it’s not relevant to most WordPress clients.

The HTTP Request

The browser knows the IP address of the server hosting our blog, so it sends the server a message announcing that it would like to open a connection. There is a bit of back and forth chatter between the browser and the server, following which a TCP connection is established between the two. TCP/IP is the network protocol one layer down from HTTP, the protocol of the web.

The server and the browser are talking to each other, so it’s time for the browser to get to the point. It sends the server a message that looks something like this:

GET /a-blog-article HTTP/1.1
Host: blog.nexcess.net

This asks the server to retrieve the resource /a-blog-article on the server at blog.nexcess.net. Assuming that such a resource exists, the server sends a response, which includes headers with details about what is being sent and a response body — the HTML of the article itself.

Now the browser has the HTML, but before we talk about the rendering process, let’s loop back to look at what happened on the server before the HTML was sent.

WordPress

WordPress doesn’t send the browser pre-made HTML. When the browser sends a request for a page on a WordPress site, the HTML is built on-the-fly in the milliseconds between request and response. WordPress is composed of dozens of files in the PHP programming language and its these files that build the page. When they run, the PHP files combine data from the database with templates to create a complete page of HTML.

It is this ability to generate HTML dynamically that makes WordPress so flexible and powerful. Each request can be answered with different content, providing a unique experience to each user. HTTP itself is stateless: it remembers nothing between requests, which would make a complex session-based web application impossible. But with session cookies and dynamic page generation, WordPress can provide an app-like experience from the server.

If you want to know more about how WordPress generates pages, take a look at What Is The WordPress Loop?

The Browser

The browser has the HTML document, but there is more to be done before it can render the page. A web page is made of more than just HTML. HTML controls the structure of the document and its textual content, but its appearance is determined by CSS. Many pages also include JavaScript for interactive or dynamic features.

CSS and JavaScript files are linked to in the <head> section of an HTML page. The browser sees those links, downloads the resources, and uses them to shape the final page. Once this initial data is downloaded, the JavaScript is executed, and it may want to download more resources from third-party servers. Each resource included in an HTML page kicks off a response-request cycle similar to the one we have already described: DNS, TCP connection setup, HTTP request, and so on. You can see why including lots of third-party resources makes for slow page-loads.

Once everything is fetched, the browser has what it needs to render the document and display it to the user.

Small Delays, Large Latencies

As you can see, a lot happens between a click and a rendered web page. Small delays at each stage add up to substantial latencies. The browser can’t do anything until the DNS server sends it the right IP address. If the web hosting server is slow to respond, the browser is left waiting. If WordPress doesn’t have the resources it needs to quickly execute PHP files and query the database, page rendering is delayed. Web pages that fire off a lot of additional requests and include multiple large JavaScript files introduce numerous delays. Geographic distance between the server and browser slows everything down.

Responsibility for optimizing each of these steps is split between the web hosting provider and the site owner. We take care of DNS performance, network optimization, server resources, and more, ensuring that we can deliver data as quickly as possible. But as a site owner, you are responsible for optimizing page sizes and the number of external resources each page loads.

Together, our performance-optimized hosting and a well-optimized front-end experience make for a fast and responsive user experience.

Posted in:
WordPress

As a WordPress hosting client, you don’t need to know how WordPress works behind the scenes. In fact, WordPress was created so that people could focus on writing and publishing, not on the technical details. But it’s useful to have a basic grasp of what’s happening under the hood of your WordPress site. It may help you to diagnose problems more easily and understand why WordPress behaves as it does.

The Building Blocks of a WordPress Site

Carl Sagan once said that “if you want to make an apple pie from scratch, you must first create the universe.” Something similar is true of a complex piece of software like WordPress. If you wanted to fully understand WordPress, you’d have to be a developer, a network engineer, a database administrator, and a designer. It would take (several) books to explain the WordPress universe from scratch, so let’s stick with the basic building blocks.

WordPress is a PHP application that relies on three key components: a web server, a database, and a programming language interpreter.

• Apache. Apache is a web server. It is responsible for listening for requests from a browser and sending a response – the web page – back. After Apache receives a request, it gives the URL and other information to WordPress, which then generates the web page.
• MySQL. MySQL is a relational database – it stores information in tables. All of the blog posts on a WordPress site are stored in a table called wp_posts, for example.
• PHP interpreter. WordPress core is a collection of files that contain code written in the PHP programming language. It is the execution of these files that generates web pages.

The PHP files can be divided into two basic groups: template files and files that contain functions – reusable chunks of code – and constants that are used in templates and elsewhere in WordPress’ code. WordPress is a content management system, so the template files are the most interesting from our perspective. They generate the web pages.

Generating a HTML Page

When the Apache web server receives a request for a page, WordPress first runs a number of set-up scripts, including the wp-config.php file that provides information such as which database WordPress should use.

After the set-up phase is complete, WordPress starts the process of generating an HTML page by executing a template file. The template files are a mixture of HTML and PHP. The role of the PHP code is to fetch data from the MySQL database and to process it into HTML. Exactly which HTML is output depends on various factors: the available data, which user is logged in, the time of day, and more. Other functions are executed on template pages, but the ultimate goal is to dynamically generate an HTML page that can be sent to the requesting browser.

There are many template files and which one is executed depends on a complex set of rules, but is primarily determined by the URL of the request. For example, if the URL is the site’s home page and the site is configured to display a list of blog posts, the home.php file is executed, unless there is a front-page.php file, in which case that is executed.

The full template hierarchy for the front page looks like this:

There are templates for posts, pages, tag indexes, category indexes, the 404 page, and more. Most of them are provided by the site’s theme.

Hooking In

You might have noticed that we haven’t mentioned plugins yet. Plugins can change the HTML that is rendered on a page, but their code does not live in the template files. Instead, WordPress provides a number of hooks onto which people can hang their own code. Hooks are the foundation of an event-based system for extending WordPress. Developers can register code to be executed when an event occurs. There are dozens of events developers can hook into, such as wp_loaded, which runs after WordPress is fully loaded, and pre_get_posts, which runs before a database query.

Hooks come in two varieties: action hooks and filter hooks. The difference between them is not important for our explanation of how WordPress works. It is enough to understand that the code associated with hooks can carry out actions and change the HTML that is output. For example, a hook can be used to add a widget to a page.

WordPress plugins use hooks to integrate their functionality with the HTML rendering process, and they’re one of WordPress’s major strengths. WordPress would be much less powerful if it didn’t provide a mechanism for developers to extend its functionality.

As we said at the beginning of this article, there is a lot more happening beneath the hood of a WordPress site than can be explained in a blog article, but we hope that reading this has given you a useful understanding of what happens when someone loads a page on your WordPress site.

Posted in:
WordPress

Whether you’re using them for lead collection, a means of contact, or registration pages, forms are an important part of your site. They help you manage leads and visitors more effectively, and – when done right – help to create incredible user experiences.

So, the question you should be asking is: What’s the best form plugin for WordPress? We’ve crawled through the list of over 9,000 plugins that appear when you type “form” into the WordPress plugin directory, to bring you 5 of the best.

You could just opt for the first one you see, but then you’ll probably miss out on some of the functionality and flexibility that come with alternatives. The plugins you’ll find below have been judged based on their effectiveness, user-friendliness, and ability to create a great looking form.

A powerful form plugin with a free version available for those who don’t need added features. Overall, a great form builder with a powerful interface, but the price starts to rise once you need access to its premium extensions.

Pros

One of the biggest advantages of Ninja Forms is that its free version is already incredibly well equipped to manage most form builds. Under the hood you’ll find integration capabilities, field control, and a translation service. Moreover, being free, you can download and install Ninja Forms on as many sites as you want.

If you’re looking for added functionality, Ninja Forms has established itself as a leading provider of form extensions. You can purchase modules for Salesforce integration, SMS notifications, and a campaign monitor.

Another advantage of Ninja Forms is its community. There to help and guide new users, it’s also comprised of a large number of devs who can help you to create custom functions easily.

Cons

Ninja Forms is a great plugin for versatility and, in general, is very easy to use. However, once you start working with action hooks and filters, the form builder can become very complicated.

Moreover, if you’re looking for specialist features such as Salesforce integration, you’re going to have to pay for it. But this is true with almost any form builder.

 

Another powerful form builder with some great functionality included for free. By far one of the most popular form plugins for WordPress, but also with additional fees if you require more.

Pros

You would be forgiven for thinking that WP Forms is the official form building plugin for WordPress – the name, the quality, and its simplicity. But it’s not. It’s just a really easy to use and well made form builder.

The free version is powerful and will suit most user’s needs, with paid extensions available for those who want to do more. Once you’ve installed the plugin, you’ll find geolocation functionality, form abandonment, conditional logic rules, the ability to connect the form for user-submitted content, login and user registration, and more.

WP Forms also come with the Surveys and polls add-on. We’ve found this to be an incredibly powerful and versatile add-on that allows you to easily generate interactive surveys and generate real-time reports. Highly recommended.

Cons

The main idea behind WP Forms is that it’s user friendly. To do that, it sacrifices some of the more complex form building features you’ll find in the other options listed.

Moreover, as far as free versions go, WP Forms’ free offering is powerful but lacks some of the versatility you’ll find in competitors like Ninja Forms.

 

A form plugin designed to make creating forms as easy as possible with a drag and drop interface and some advanced functionality.

Pros

This might just be the simplest form builder for WordPress.  Everest forms allows you to create forms by dragging and dropping the elements you want, where you want. This makes the form creation process easy. Inside the form builder, you’ll find support for multiple columns, spam protection, multiple email recipients, and a huge array of possible form fields.

Everest forms also allows you to insert forms into your pages and posts by using shortcode – making page creation a lot simpler.

Everest comes with several form design templates to choose from, so you don’t have to start from nothing. You can also view form entries directly from your dashboard, instead of having to open the plugin every time.

Cons

Its drag and drop functionality makes Everest one of our favorite form builders for beginners looking for simplicity. However, that simplicity comes with the sacrifice of flexibility. There are some features you won’t be able to implement with Everest that you would with some of the alternatives on this list. Great for small and medium sized sites, but maybe not the right tool for bigger ones.

Easy forms for Mailchimp is designed so you can add unlimited Mailchimp sign up forms to your website. The only problem is you’ll need a Mailchimp account to run it properly.

Pros

Coming from Mailchimp, Easy Forms has a great pedigree. You can expect a premium and easy to manage experience, and a powerful toolset for list management. Moreover, with the ability to connect Easy Forms to you Mailchimp account, you’re able to better organize and coordinate your landing page and form experiences.

Easy Forms gives you easy form building functionality with the ability to use built-in CSS classes or add your own. It also allow for multiple fields, customizable success and error messages, and spam protection.

Easy Forms also allows for you to view all of your list statistics from your WordPress dashboard, a great feature for streamlining your list building efforts.

Cons

One of its biggest advantages is its biggest downfall. If you don’t have a Mailchimp account – or don’t want one – this is immediately not going to be the right plugin for you and your site.

 

The oldest and wisest of the contact form plugins. As the most downloaded contact form plugin in the WordPress plugin directory, Contact Form 7 holds a special place in the hearts of WordPress CMS builds everywhere. Unfortunately, it hasn’t kept up with the times and may be better served as a piece of nostalgia than a production site plugin.

Pros

It’s free and you can install it on as many sites are you want. That means it’s perfect for use with dev sites where you don’t need to test the form capabilities (or don’t want to pay for your license to be extended).

That being said, there are several extensions available on the WordPress plugin market for you to expand functionality. For instance, you can easily add conditional fields with a free extension.

Cons

Unfortunately, that’s about where the pros stop. Contact Form 7 may be the grandad of form plugins, but age doesn’t always come with functionality. We are more likely to recommend the alternatives on this list if you’re looking for a powerful, production ready form builder.

What Is the Best WordPress Form Plugin?

If you’re looking for the best free form plugin for WordPress, then we highly recommend either WP Forms or Ninja forms. Both of these offer powerful free versions that provide great form building options. Contact Form 7 is also a good option, but doesn’t quite make it into the our top pick due to not having a great UI.

If you’re looking for something easy to use, then we would recommend Everest Forms. The UI is great and the drag and drop interface makes building any form simple.

Posted in:
WordPress

Is WordPress really a good choice for SEO? The short answer is yes.

As an application that powers over 32.5% of the internet (we’ve got stats), WordPress has to be optimized so search engines can easily find, index, and rank content. Many professionals even recommend WordPress for SEO purposes.

If you’re a site owner and on the fence about which CMS you should be managing your content in, keep reading for 10 reasons why WordPress will improve your search engine optimization strategy.

 

1.WordPress Makes Crawling Easy

Crawling is when a search engine combs the web for new content and indexes it for when people search. It does this by reading the code that a web page is based on. If the code is messy or hard to read, crawling can be a problem. If your site isn’t crawled properly, it’s almost impossible for it to begin ranking for the search terms you want.

WordPress sites are designed so the code looks standardized across all pages of a site, making it easy for Google’s spiders to find, index, and rank pages. You just have to put in your content.

2. Site Speed

While site speed itself isn’t a ranking factor, a slow site can lead to a decrease in conversions, a higher bounce rate, and other issues that can affect your search ranking. If you’re running a WordPress site and it’s running slowly, there is likely something wrong with how you’ve optimized your CMS or with your hosting infrastructure.

In general, WordPress sites are fast and lightweight because WordPress itself uses up limited resources. You can check your site speed by using lighthouse. If you find that your site is slower than it should be, it may be a good idea to check in with your hosting provider and see if they have any advise, or try optimizing your site for yourself.

3. Social Media Integration

In one report, 82% of agencies said that their social strategy was highly integrated with their SEO strategy. With Google’s modern focus on engagement and intent, this shouldn’t be surprising. Multiple studies have indicated that social media engagement leads to improved rankings. And the higher your ranking, the more you’re expected to engage with others.

Social media is also a great tool for analyzing and iterating on what works and with who. Built-in audience insight tools such as Facebook’s Audience Insights, make defining and discovering new audiences simple. Measuring engagement with your social content then makes finding the best and most relevant content even easier.  If you haven’t started getting active on social, then it’s probably about time you did.

4. Meta Data

Meta data is information that will not be shown on a page but is associated with it. Title tags, meta descriptions, and URLs are good examples of meta data. This information is actually coded into the page itself, so it can be delivered to search engines and crawlers. While not always a direct ranking factor, meta data does influence a number of other factors that can lead to a higher or lower rankings.

WordPress makes meta data simple, especially if you download and install a WordPress SEO plugin.

5. Permalinks

Permalinks are the URLs on your site. You can easily edit permalinks through your WordPress dashboard, giving them the format your want.

Permalinks can affect your rankings through the keywords that they contain. The click-through rate on them also has an influence. The less they are clicked, the lower they will be ranked. As permalinks are shown in Google search results, users may be put off by something that looks overly complicated or irrelevant, thereby leading to a lower click-through rate.

The ability to customize WordPress permalinks is an incredibly powerful feature, and one that can help a site in danger of being lost to low rankings get back on top.

6. User Experience

Good user experiences can lead to sites that do exceptionally well. The opposite is true as well. A good user experience (UX) is more complicated than just making it easy to navigate a site; it means optimizing site speed, streamlining the buyer’s journey, and more.

And these factors do contribute to a site’s ranking. If on-page content is optimized around a searched-for keyword but the bounce rate is high, it’s a clear indicator that a site’s UX isn’t up to scratch. Similarly, if a site has a less than stellar time on page, there’s probably an issue with the page’s content or the experience a user has.

WordPress makes user experience a little easier with its pre-built themes. These generally follow web design best practices and make important elements of your site clear and easy to find. All you have to worry about is on-page content.

7. Blockable Spam Comments

One of WordPress’ strengths is the ability for visitors to leave comments and communicate with one another. This functionality increases engagement, time on page, and can have a positive effect on reducing bounce rate. However, not all comments are positive. Enter the dreaded spam comment.

Spam comments can have a detrimental affect on SEO by including keywords and content that are irrelevant to a page’s keyword goals. A spam post that tries to promote baby shoes on a tech blog is not what you want.

WordPress makes preventing spam comments easy through a combination of three steps:

1. Akismet – the WordPress stock comment checker for automatically removing and blocking spam.
2. Cookies for Comments – Detects bots and stops them from posting spam in the comments section.
3. “Nofollow” to links in the comments – By default, WordPress makes links in the comments section “Nofollow”, meaning you don’t have to worry about passing PageRank to negative sites.

8. Optimized for Mobile

Mobile is a big deal for site owners. In 2018, 61.2% of internet users accessed websites using a mobile device. Unsurprisingly, Google and other search engines have suggested that responsive design is a ranking factor, with numerous professionals having felt that it is one of the more important factors since 2015.

WordPress, if you’re running on the latest version and taking advantage of an up-to-date theme, is responsive out of the box. This means that instead of having to focus on design that includes mobile users, you’re able to focus on your content. WordPress will do the rest.

9. SEO Optimized Images

How can an image be optimized for SEO? Easy, by being quick to load and including relevant “alternative text”.

WordPress makes alternative text easy by having a box dedicated to it in the image details screen. For optimized images, installing an image optimization plugin will help you to provide site visitors with images that are quick to load while also maintaining image quality.

10. WordPress SEO Plugins

One of the reasons WordPress can be a good CMS for getting started with SEO is the collection of SEO plugins available to help content creators optimize their posts and pages. Plugins like Yoast and All In One SEO make adding meta data, keywords, and tags simple.

There are also a number of other useful WordPress plugins available that can help with SEO indirectly.

• W3 Cache is a great plugin for optimizing site speed and improving user experience.
• Nested Pages is great for optimizing your URL structure and making content easy to navigate.
• Speed Booster Pack helps to increase your site’s speed quickly and easily.

Remember, too many plugins and your site can become too slow. If that happens, you’re more likely to end up losing rankings as opposed to gaining them.

Improving Your WordPress Strategy

If you came to this page wondering whether WordPress is bad for SEO, you now know that it’s not. In fact, between stock features, feature-filled plugins, and a huge number of content and UX possibilities, WordPress may be one of the best CMS applications if you want to focus on SEO.

That doesn’t mean that you should stop here though. There are a number of optimizations you can implement yourself to make your site rank number 1; from optimizing your site for conversions to employing a hosting foundation that helps you to deliver the performance visitors expect.

Wonder what hosting solution is best for you? See what other users have to say by reading 2019’s State of Hosting. Download it for free now.

Posted in:
WordPress