Blogger vs WordPress Blog: October 2017

Tuesday, October 31, 2017

Security Haiku: WordPress 4.8.3

WordPress Halloween. We patch the tricks, 4 8 3 You get the treats. Boo!

There is nothing spookier than a WordPress security release, the 4.8.3 patch addresses an SQL injection vulnerability in WordPress core which could be exposed by insecure coding practices found in some plugins. This release hardens the WP Core code to protect the sites who may harbor an insecure SQL query that trusts user input, sanitizing the input before it's passed along to the database server.

More information on this release can be found on the WordPress blog, details on the changes and how it modifies the return value of of esc_sql() have been posted by Gary Pendergast on the Make WordPress Core developers blog.

Thanks goes out to the reporter of the vulnerability (Anthony Ferrara) for working with the WordPress security team. And a special acknowledgement to our own Arman Zakaryan for the Haiku this time around.

Source: Security Haiku: WordPress 4.8.3

Monday, October 30, 2017

Is WordPress Secure?

The question of whether or not WordPress is secure is complicated. While it's obviously a secure enough platform for roughly a quarter of all websites around the world that are powered by WordPress, it's not without its flaws.

So, who is responsible for keeping WordPress secure? Of course, some of that responsibility ultimately falls on your shoulders. That's why it's essential to be aware of and abide by WordPress security best practices in order to keep every site you build as secure as possible.

However, the team behind WordPress does have some responsibility in all this, too. After all, there's nothing you can do to protect the underlying core of WordPress yourself.

If the matter of WordPress security nags at you as much as it does pretty much everyone else trying to conduct business online, then keep reading.

I'm going to cover some of the history around WordPress security issues and what the WordPress Project is doing about them.

Want to know more? Check out our detailed step-by-step tutorial, The Ultimate Guide to WordPress Security.Read more A Brief History of WordPress Security Issues

Did you know that "[h]ackers attack WordPress sites both big and small, with over 90,978 attacks happening per minute"?

The issue isn't necessarily that WordPress is a weak content management system, prone to hacking attempts and security breaches. It's more likely a problem of visibility. WordPress is the most popular CMS around the world, so of course, it's going to be an easy target for hackers.

WordPress is commonly discussed online (in blogs, forums, podcasts, and so on) so, consequently, the weaknesses of the platform are well-known. It would make sense then that hackers would primarily target WordPress websites, right?

Security is a major topic of discussion for any WordPress or web development blog, WPMU DEV included. That's not to say that we're to blame for publicly sharing WordPress's flaws. In our community, this is mostly just common knowledge anyway. However, all this published information does make WordPress's vulnerabilities painfully clear.

According to the WordPress Project (the team responsible for managing security for the platform), they issue security patches all the time. You know those automatic update notifications you receive when you log into the admin area? "WordPress has been updated to 4.7.2" or something like that? Well, usually when you see those minor versions go out, it's because the team had to fix a security issue.

And these happen often:

The Panama Papers data breach from 2016 was, in part, traced to a vulnerability in a WordPress slider plugin.

This rundown from WPMU DEV covers a number of other documented WordPress security exploits. They might not all be as high-profile as the Panama Papers one, but it's still concerning to know that, despite the WordPress Project's best efforts – as well as the developers responsible for maintaining their plugins and themes – hackers are still finding a way in.

That said, it is reassuring to see how WordPress handled a very recent and far-reaching security breach stemming from the REST-API.

Here's how things went down:

In January of 2017, WordPress released update 4.7.2. Nowhere in the list of updates or patches was the security patch mentioned.

About a week later, WordPress notified users that there indeed was a security flaw detected and patched in that update.

The reason they gave for the delay in notifying users? Because they wanted to give them time to update the core before attackers were aware that WordPress was aware of and fixed the problem.

Of course, that didn't stop hackers from defacing 1.5 million WordPress sites in the meantime. There are also those WordPress users who never updated the CMS (or did it too late) who remained vulnerable to the attack.

So, even though a patch was eventually issued by WordPress and they handled the announcement of it with much-needed tact, over a million sites were harmed in the process. And, worse, many website owners continued to be unaware of this defacement even after it happened.

Security patches seem to be coming out more frequently, with 2015 receiving the brunt of the abuse. As more and more of these occur, it's important for you to know who is responsible for securing WordPress and what you can do from your side of things to ensure those threats stay out.

What You Need to Know About the WordPress Project (and Security)

Here is what you need to know about the WordPress Project and what they are doing to maintain the security of the core.

The WordPress Security Team

First, let's talk about the WordPress Project. This security team is comprised of about 25 individuals, all of whom are experts in WordPress development or security. Currently, half of the people on the WordPress Project work for Automattic.

This team of experts is responsible for identifying security risks in the core. They are also responsible for reviewing potential issues with third-party-submitted themes or plugins and making recommendations on how they can harden their tools or patch known breaches.

While they typically work on their own to identify and resolve these issues, they do, from time to time, consult with other experts in the field, especially those from security and hosting companies.

How WordPress Identifies Security Risks

As you'd expect, the WordPress Project team works like a well-oiled machine. Here is how the security risk identification and resolution process works:

An issue is identified either by someone on the security team or from outside the team. Non-Project members can communicate these detected issues by emailing [email protected]

A report is logged and the security team acknowledges receipt of it.

Team members then work together on a walled-off and private server to verify that the threat is valid.

This is where they track, test, and repair any security flaws detected.

The security patch then gets added to the next minor WordPress release.

For less serious repairs, WordPress simply notifies users within the WordPress dashboard whenever an automatic release occurs.

For more urgent issues, the release will go out immediately and WordPress.org will announce it on the News page of the website.

Of course, as we've seen with 4.7.2., WordPress doesn't always immediately announce these security patches (for valid reasons), though they do always take immediate action to resolve them.

A Note About Automatic Updates

As of version 3.7, WordPress has had the ability to push minor updates automatically to all websites. This ensures that the WordPress security team can get urgent patches out in a timely fashion and not have to wait around for users to accept and make the update on each of their websites.

However, it is possible for WordPress users to opt out of these automatic core updates. If this is the case for you, please be aware that this may put your site at additional risk, especially if you don't have the time to diligently monitor all your sites for the latest and greatest update.

WordPress Plugins and Themes Security

Much like how it's your responsibility to provide visitors with a secure website experience, WordPress plugin and theme developers are responsible for keeping their users (i.e. you guys) safe as well. While WordPress cannot manage the tens of thousands of plugins and themes out there, they can at least keep a close eye on them to ensure nothing seriously insecure slips through the cracks.

The WordPress Project is the team responsible for working with developers when a security issue is detected. Before that, however, there is a team of volunteers assigned to review each and every theme or plugin submitted to WordPress. That team will work with developers to ensure that best practices are followed.

Nevertheless, security vulnerabilities may still arise and that's when the WordPress security team needs to step in to:

Provide documentation for WordPress developers on plugin and theme development and security best practices.

Monitor plugins and themes for potential security flaws. Any issues detected will then be brought to the attention of the developer.

Remove harmful plugins or themes from the directory if the developers are unresponsive or uncooperative.

WordPress will then notify its users via the WordPress admin when those security patches (or the removal of bad plugins and themes) are available.

OWASP's Top 10

The Open Web Application Security Project (OWASP) Foundation was created back in 2001 with the purpose of protecting organizations from software and programs that could potentially do them harm. What you may be surprised to learn is that the WordPress Project aims to abide by OWASP's Top 10 at all times.

The Top 10 is a list comprised by the OWASP of known and very serious security risks. Having familiarized themselves with this list, the WordPress security team uses those trends to define their own top 10 list of ways to defend the core. Currently, their goal is to protect the core from the following risks:

User account management abuse

Unauthenticated access requests to the WordPress admin

Unwanted or unauthorized redirects

Exposing users' private data

Requests for access to direct object reference

Server misconfiguration

Unauthorized code injection

Cross-site scripting from unauthorized users

Cross-site request forgeries whereby hackers misuse WordPress nonces

Corrupted third-party plugins, themes, frameworks, libraries, etc.

WordPress Security Requires Your Vigilance

Having reviewed all this, it does put my mind a bit more at ease to know that there is a dedicated team working to keep the WordPress core secure at all times. However, that doesn't mean I (or you) should be lulled into a sense of complacency.

As we've seen – even as recently as this past January with the 1.5 million defaced websites – no matter how good the WordPress Project is at monitoring and securing the platform, hackers will find a way in.

That's why it's important to play your role in all this and keep your sites secured from every angle. The Defender security plugin is a good place to start.

For more tips, don't forget to subscribe to the WPMU DEV blog as this topic of "Is WordPress Secure?" and what you can do to better protect it will continue to come up time and time again.

Source: Is WordPress Secure?

Saturday, October 28, 2017

Beautiful & Simple WordPress Themes for Writers

5/5 (1)

Contents:

Why do we love to write

How should a writer's web page look

Choosing the best writer WordPress theme

Is it all we can offer you?

Why do we love to write

This is a question that I often ask my fellow writers and authors that prefer to express themselves by writing articles, e-books or any other kind of content. Let's call us the content makers. I believe that someone who writes books and is well known for his/her talent will have more substantial things to say about their writing passion, but since I am a content maker and a copywriter, I will express my very own feelings on this topic trying not to make it look prettier than it is.

Writing is something you must enjoy and love with all your heart. I know a lot of people who approach it as a regular day to day job, and they fail. That's because writing is all about your personal feeling towards the act of expressing yourself to the audience/people.

So, it is simple: we write because we want to express ourselves, we want to tell our story, and we want it to reach our audience, we want it to reach the people and bring something meaningful to their life.

That's a primary reason why you start your Medium blog, standalone blog or a WordPress site becoming an internet writer/blogger who tells stories about this and that or showcase their eBook.

How should a writer's web page look

Nowadays it's unusual to see a writer or a content maker without a site. Even the oldest scribblers have their page. Of course, all templates they usually put on look awful and tasteless, because they don't have time to watch out for the trends and to follow them.

So, let's say you are a writer or considering yourself as one. As any person who offers products, you need your web page. And I don't think that it's all about marketing and money. The rule is quite simple: If you are not on the internet, you do not exist. That's the central principle of our new world. So, I don't care how old are you or how conservative you are; you've got to get yourself a personal page.

No worries, you don't need a fancy functionality, just do what you can - tell the world about yourself. Your website should look simple and have a minimalist design; there is no need to overweight it with some weird widgets and sidebars.

Choosing the best writer WordPress theme

The best way for you to skip the most difficult part of your website development is trying out our premium WordPress theme. This is how you create a website without the coding skills. WordPress CMS is a good choice for those who want to build a simple one or a few page website.

Our templates will serve as a useful billet for your future site, let me show you what kind of WordPress themes for writers will suit you.

Jack Baker - Writer Responsive WordPress Theme

Purchase | Live Preview

Writers who want to get a website don't have time to learn coding or some problematic customization options. That's why this theme lets you build your site by merely moving the blocks. It comes with powerful Elementor drag and drop page builder; you will be able to quickly add, edit and remove any object and manage your website. Build and customize your template with our custom widgets. This theme also includes premium plugins.

Our theme documentation will help you figure out the ins and outs of this template.

House Press - Publishing Company WordPress Theme

Purchase | Live Preview

This is more like a publisher website, but you can customize and make the author website out of it. The installation of this one will take only 5 minutes max, and you're ready to go. The standard skin is already neat and has a fully responsive design, but we still offer you multiple layout options to try out. Are you ready to hear the most useful feature for the writers? If promoting and selling is your goal, buy this theme, it can easily sell it. It Ecwid ready, so it will be easy for you to add the eCommerce part to your website.

BookGroup - Book Publishing WordPress Theme

Purchase | Live Preview

What's more important than the fact that your work is easy to find on the internet and buy your book or read your story? Check out this template, we tried to create the most SEO-friendly theme in this niche, and we believe that we did that. SEO is essential for your future website; it will help you gain the highest positions in the search catalogs and reach the bigger audience, promote your book. Isn't that the most important thing for the book authors? And of course, the drag-n-drop developer and other cool features like custom widgets are in there. It's packed and created with love and care!

P.S. Don't forget about the responsive layout!

One Page E-book Landing WordPress Theme

Purchase | Live Preview

This is a one-page theme so that it will work well for the presentation of your work. For example, this WordPress theme can even advertise your book, provide your website visitors with all the needed information to grab their attention and sell them your story. Give them all the brief info they need: reviews, descriptions, directions and links, this is your showcase. And this showcase is packed with the most beautiful typography.

It is easy to customize the theme, and the custom widgets will become the best tools to do that. For example, we have here: simple slider, carousel, and social media widget. The live customizer will be your best friend and a guide to the world of the customization freedom.

Education Hub WordPress Theme

Purchase | Live Preview

This template is the best proof that the main feature you need to look for is the simplicity. That's because this is not a theme for writers, it's just some educational theme. But look how clean and responsive it is! The minimalist design along with an excellent demo content presentation do an excellent job for the best product or services presentation around.

Here are the key features you get along with this WordPress theme: great homepage slider, a stick-to-top menu that provides you with the navigation directions everywhere, visual editor and multilingual readiness. There is nothing more important than keeping the contact with the whole audience around the world, with this one you will be able to turn your website into a functional blog.

Is it all we can offer you?

The templates designed for authors are not our only products. Do you want to see the whole catalog of our best website templates? Make sure to stop by and check it out; we have plenty of products for you!

Once you've built your website, check out our WordPress developers contest, how about trying your luck with your newly created site? The prizes are tasty, and our goal is to prove that anyone can create a website with WP!

Beautiful & Simple Free WordPress Themes for Writers 2017

Best Writer Apps for Bloggers & Writers: Your Writer-Friendly Tools

5 Ways to Get Your Blog Noticed Quickly and Easily

Source: Beautiful & Simple WordPress Themes for Writers

Friday, October 27, 2017

Results From the 2017 WordPress User Survey Are Not Guaranteed to Be Shared

As November edges closer, the countdown to WordCamp US begins. One of the annual traditions that's part of the event is the WordPress User Survey. The survey is used to gauge who and how people use WordPress. Although the survey says results will be presented at WordCamp US, that hasn't been the case the last two years.

Astute readers may remember that results from the 2015 survey were not shared. When asked why, Matt Mullenweg replied, "Lots of data to go over, but basically more people are using WordPress, app development is growing, lots of people are making their living with WordPress, and other great trends are showing up," he said. "We'll try to do a blog post about it."

That blog post was never published. Additionally, results from last year's survey were not shared during the State of the Word or in a blog post.

Thousands of people take the survey providing insight into trends, how people use the software, and demographics. If users voluntarily provide this data to WordPress.org, sharing the results with the public whether it's a blog post, separate session, or during the State of the Word, would be a nice way to return the favor.

Like this:

Like Loading...

Source: Results From the 2017 WordPress User Survey Are Not Guaranteed to Be Shared

Thursday, October 26, 2017

Cryptocurrency Miners Exploiting WordPress Sites

This entry was posted in Research, WordPress Security on October 26, 2017 by Brad Haas 6 Replies

During the last month, the information security media has paid a lot of attention to cryptocurrency mining malware. The Wordfence team has been monitoring the situation, and we are now starting to see attacks attempting to upload mining malware, and site cleaning customers that are already infected.

In this post, you'll learn what cryptocurrency mining is, what's in it for the attackers, how to check if you have this issue and what to do about it if you do.

Cryptocurrency Mining Attacks on WordPress

For those of you who aren't up to speed, cryptocurrencies are digital currencies that can act as an alternative to traditional currencies. Examples include Bitcoin, Litecoin, Ethereum and Monero, among many others. Cryptocurrency mining is a computationally intense process that contributes to the operations of the cryptocurrency network while generating new currency. It takes a massive amount of computer resources to generate meaningful income. People interested in cryptocurrency mining generally need to invest in expensive equipment and solve for the power consumption and heat generated by hardware.

Recently online platforms have emerged that allow website owners to harness the computing power of their website visitors to mine cryptocurrency. Website owners simply sign up for an account and add some JavaScript to their site. The downside is that their visitors' experience is likely quite poor as their computer resources are then put to work mining. It is debatable whether website visitors will ever view this practice favorably, but it will be interesting to watch the trend evolve.

We saw the first attack on a WordPress site attempting to embed cryptocurrency mining code on September 17. Attack volume has been very low and unsophisticated so far. However, our Security Services Team is starting to see hacked websites with this malware, so the attackers are starting to have some success.

The attacks we have analyzed are all trying to exploit well-known security vulnerabilities that have been around for a long time; for example, the Gravity Forms exploit from mid-2016, or the Joomla com_jce exploit from early 2014. We have also seen quite a few attempts to insert mining code using compromised WordPress administrator accounts, as well as some attacks using compromised FTP accounts.

How Attackers Profit From Cryptocurrency Mining Malware

Attackers are embedding Javascript code from Coinhive on websites they have compromised. Coinhive provides a way to mine a cryptocurrency known as Monero. Monero differs from other cryptocurrencies like Bitcoin, in that it does not give miners who use GPUs or other specialized hardware a significant computational advantage. That means it is well-suited to use in web browsers, executing as JavaScript on consumer CPUs.

Site owners who place the Coinhive code on their websites earn Monero currency. The Coinhive code uses site visitors' computational resources to mine Monero. An attacker can place the Coinhive code on thousands of websites and earn Monero from the mining that happens in site visitors' browsers.

The following is an example of embedded Coinhive code that will mine Monero currency:

The research team at Checkpoint analyzed the profit potential for an attacker planting this malware. They concluded that an attacker successful enough to average 1,000 concurrent users across all infected sites would generate $2,398 in monthly revenue.

We think these attacks will grow in popularity very quickly given how lucrative they are. Attacks that attempt to embed cryptomining malware are currently unsophisticated, but we expect to see an increase in the sophistication of attacks as word gets out that this is a lucrative enterprise. We also expect these attacks to target higher-traffic websites, since the potential to profit increases greatly with higher numbers of concurrent site visitors.

How to Check if Your Site Is Infected With Cryptocurrency Mining Malware

The Wordfence firewall blocks attacks attempting to infect sites with this malware. We have added detection capability to Wordfence for cryptominer scripts. This means that the scanner will warn you if it detects this type of script on your site. It also means that the Wordfence firewall will block any uploads that contain the script.

Wordfence Premium customers currently already have access to this detection capability. Free users will get access to this capability on November 24 via the Community version of the Threat Defense Feed.

It is important to make sure you detect an infection quickly if an attacker should manage to slip through your defenses. Below is an example of a scan finding that would indicate this infection exists on your site.

We have also added detection capabilities to Gravityscan. To run a scan on your site, simply go to the Gravityscan website and run a scan. For best results we recommend that you install the Gravityscan Accelerator.

Below is a scan finding example from Gravityscan.

(If you have intentionally added a cryptominer script to your site, of course, you can simply ignore the finding on either platform.)

Some cryptomining malware may be more hidden or obfuscated, so always pay attention if many of your visitors start reporting poor performance by their browser or computer while visiting your site.

A few hackers have adjusted the miner settings so that it only uses only a portion of the available CPU power, or so that only one instance of the miner script can run at a time (even if it's open in multiple tabs).

But many of them are still set to use 100% of available resources, no matter what.

Changes in Attacker Business Models

New business models are constantly emerging for attackers. Historically, attackers would use compromised websites to generate spam content or spam email. In the past decade, ransomware has gained popularity among attackers, as it allows them to extort money from victims. More recently, using stolen computational resources to mine cryptocurrency has emerged as a way for bad actors to profit from compromised systems.

This emerging business model has now made its way into the WordPress ecosystem as a way for attackers to profit from compromised WordPress websites and the computational resources of website visitors. It is imperative that WordPress site owners deploy a firewall and malware scan on their sites to quickly detect this new threat and ensure that their site visitors' resources are not hijacked to mine cryptocurrency.

What to Do If Your Site Is Infected With Cryptocurrency Mining Malware

The most reliable way to recover if your website is hacked is to use our site cleaning service. Our team of experts will clean your site and get it back online as quickly as possible, and the service includes a detailed report and a 90-day guarantee. You can also use the Wordfence site security audit to do a comprehensive security inspection of your website.

If you prefer to try to fix any infection yourself, you can follow our guide to fixing a hacked website with Wordfence.

Did you enjoy this post? Share it!

4.33 (15 votes) Your rating:

Source: Cryptocurrency Miners Exploiting WordPress Sites

Wednesday, October 25, 2017

AFTER I POST AN AUTOMATIC EMAIL GETS SEND OUT BY WORDPRESS, HOW CAN I CANCEL THIS?

Hi there,

theinsiderscloset.com is a wordpress.ORG software install on paid hosting, hosted by Unified LayerName Servers:ns2.bluehost.comns1.bluehost.com

This is WordPress.COM support and that site is not on our servers. Our WordPress.COM support docs do not apply to it. You are posting to the wrong support forum. For hosting issues contact your web host. For software support read on.

WordPress.COM and WordPress.ORG are completely separate and have different username accounts, logins, features, run different versions of some themes with the same names, and have separate support documentation and separate support forums. Read the differences here http://en.support.wordpress.com/com-vs-org/

We do not provide support for local installs of WordPress.ORG software, or for WordPress.ORG software installs on paid hosting, linked to WordPress.COM accounts with the Jetpack plugin so they display on the My Sites WordPress.COM account page.

The wordpress.ORG support forum is at http://wordpress.org/support.The wordpress.ORG login link is here https://login.wordpress.org/If you do not have an account yet then click Create an account https://login.wordpress.org/register/ and if you have lost an account password click Lost password? https://login.wordpress.org/lostpassword/WordPress.org support docs are at https://codex.wordpress.org/Main_Page

Some Jetpack solutions are here http://jetpack.com/support/Others are in the Jetpack support forum at WordPress.orghttp://wordpress.org/support/plugin/jetpackHowever, if help cannot be found at either one then they can file a Jetpack support ticket here > http://en.support.wordpress.com/contact/?jetpack=needs-serviceSee also https://apps.wordpress.org/support/ for app support.

Source: AFTER I POST AN AUTOMATIC EMAIL GETS SEND OUT BY WORDPRESS, HOW CAN I CANCEL THIS?

Tuesday, October 24, 2017

Moving from WordPress to Self Hosted - Need Redirects to Changed Permalinks

Hi,

WordPress.com sites, including custom domains, are always encrypted.

To move your WordPress.com site to a self hosted site, you may consider looking at the guides given here: https://en.support.wordpress.com/moving-a-blog/

For redirection, refer this: https://en.support.wordpress.com/site-redirect/

Once it is redirected to a self-hosted WordPress site, you have to buy SSL certificate and install it on the server to have a HTTPS site. For more details on this, consider looking at this guide: https://make.wordpress.org/support/user-manual/web-publishing/https-for-wordpress/

Also, for more understanding on this, I suggest you raise this query on WordPress.org support forum (https://wordpress.org/support/) as this forum is for solving WordPress.com queries.

Hope this helps!

Source: Moving from WordPress to Self Hosted - Need Redirects to Changed Permalinks

Monday, October 23, 2017

Hosting a WordPress site on AWS at low costs

WordPress is the worlds most popular CMS with over half of all websites using it. It is easy to use and there are tons of themes and plugins to set up your site just the way you want.

So what is there not to like about it? Well, quite a few things actually. The first issue is security. WordPress has a long history with security flaws in the core system and in different plugins. More than one site has been compromised over the years.

Another issue is scalability and performance. To get good performance from a heavily used WordPress site is something that requires expertise and resources. We are talking clustering, database replication and caching.

But what if I told you that there is a way to host a WordPress site that is secure, fast, cost-effective and can be setup by simply following the instructions in this blog post? Lets have a look!

AWS Architecture

What I am aiming at is to set up 2 separate environments. The first one is the development environment. Here I will be using WordPress as a CMS to create my website. The other environment is the production environment where the content will be served to the users.

The development environment can be set up wherever you prefer. It could be running on your laptop. On your companies onsite servers. Or as in my example, on an AWS EC2 instance.

Using an EC2 instance is very convenient. It won't have to be a very powerful instance as only the editors will ever be accessing it. I can even shut it down when I am not editing. All this helps to keep the costs at a bare minimum. And access can be restricted using Security Groups.

Once I am done editing my site I use the plugin Simply Static. What this plugin does is export the WordPress site into a static HTML site. This static site is what I will be presenting to the users in the production environment.

Once I have my static HTML site downloaded I can upload this to AWS S3. S3 is a highly scalable online storage service. This allows me to have a place that will serve my static site. And I don't have to worry about maintaining any host server.

I could leave it at only using S3. But it can be made faster and more secure. Serving the website with a CDN allows users to connect to servers geographically close to them. This reduces latency and improves the experience. I also want to secure the site using SSL encryption. This secures that the content showed is truly coming from my site. And as a bonus it also helps in Google rankings. AWS has a CDN service called CloudFront that integrates nicely with S3 and allows for SSL encryption.

Setup WordPress on AWS EC2

Setting up WordPress on EC2 is as simple as spinning up an instance with an AMI that has WordPress preinstalled. I choose an image from Bitnami named bitnami-wordpress-4.8.php56-0-linux-ubuntu-14.04-x86_64-hvm-ebs.

Instance size doesn't matter as there will hardly be any load on it. The development server will not be accessed by the public. Therefore I can limit the security group so only my IP can access HTTP.

Once installed I can browse to the public IP of the instance and log in to WordPress using the default Bitnami username and password user/bitnami.

Simply Static plugin

Once in WordPress there are some plugins that have to be installed. The first one is Simply Static. This is the tool used to export the entire WordPress site into a static HTML site.

It is a very straight forward process to install this plugin. But one thing to consider is to configure the final domain name of the site. By default Simply Static will try to replace all links with relative URLs. This is a very flexible solution where you don't have to think about what domain you will use. But there are instances where it will be needed to have an absolute URL. That is why I changed the setting to use the static URL https://s3wordpress.deductivelabs.com. After that is setup it is possible to generate and download an static version of the site.

Comments and other dynamic content

The big downside with having a static site in place of a dynamic site is of course that you cant have any dynamic content. There is no server to process comments, forms or web shops. I am not planning to have a web shop on the site. But I would like to have a comment section. So how can I have a comment section without a server to process the comments. The answer is that I need to find someone else that is willing to process them for me. Luckily there are quite a few options to choose from. Such as Disqus, Facebook Comments and Staticman. For my site I picked Facebook Comments.

First I need to disable the regular WordPress comments. This can be done with another plugin. And then I install a Facebook Comments plugin to help insert the needed JavaScript on the pages. All I need to do to get the comments working is to register a Facebook app and enter the app ID into the plugin.

Upload to AWS S3

The static site is generated and exported. The site can be downloaded as an zip file. This makes it easy to download extract and upload to AWS S3. On S3 I have created a bucket with the same name as the site s3wordpress.deductivelabs.com. It doesn't have to have that name, but it makes it easy to keep track of the buckets that way. Something to keep in mind when uploading the files to S3 is to make sure that there are public read permissions. I also configure the bucket to be used as Static website hosting and enter the index.html as the index document.

AWS CloudFront as CDN

The site is now online and I could just point the hostname to the S3 endpoint. But to improve the latency for the end users and implement SSL I will also connect CloudFront.

CloudFront is the CDN of AWS. And what it does is to copy the data to over 90 Edge Locations around the world. By using different DNS replies the end user will be directed to the closest location with the fastest possible latency.

When I created my CloudFront distribution I did notice one peculiarity. When I direct and request for a directory on S3, such as https://s3wordpress.deductivelabs.com/hello-world, S3 automatically redirects this to the index.html object in the directory. This does not happen on CloudFront. And since this is exactly how my WordPress site is exported this is a problem. To solve this I was forced not to use S3 directly as the Origin, but instead to use the S3 Static website hosting endpoint. This allows S3 to redirect any requests for a directory to the index.html file. Which CloudFront then will cache.

As I want to use SSL, I will also select the Redirect HTTP to HTTPS option. And of course select the certificate for s3wordpress.deductivelabs.com that I have created in the Certificate Manager.

Once the CloudFront distribution is deployed I get the domain name d15tu1sbn9km0.cloudfront.net. I can now point my domain s3wordpress.deductivelabs.com as a CNAME.

The site is now online. It is fast, scalable and low cost. And the WordPress instance is securely tucked away on EC2. Far away from the end users.

Source: Hosting a WordPress site on AWS at low costs

Friday, October 20, 2017

Police Are Struggling To Get Racist, Threatening Blog Posts Taken Down Despite Complaints

British police forces have resorted to unsuccessfully asking a US-based online content platform to remove offensive and threatening content posted by British far-right trolls, because of the difficulties of policing online content hosted on foreign-owned websites.

According to correspondence seen by BuzzFeed News, in the last year three separate police forces, including the Metropolitan police and Northumbria, either asked Wordpress.com to take to take down offensive posts, or advised victims to ask the site themselves.

After a complainant contacted the Met about a blogger in the north of England who allegedly had posted pictures of her family online, one Met officer replied in March this year: "We will make a request for the WordPress site to be taken down. Regrettably we cannot force this."

The email continued: "Concerning the removal of websites, i.e. Wordpress and others, this issue was raised with Northumbria [police], however as many of the sites are overse as, this will involve lengthy court proceedings which may take years. In light of this Northumbria have agreed not to pursue this. It was agreed that this may involve a national strategy."

The blog was suspected to have been created by a convicted troll who has been jailed for sending anti-Semitic abuse and threats to public figures.

Wordpress.com is owned by Silicon Valley startup Automattic, which maintains that it operates under US law and is beyond the jurisdiction of UK courts. BuzzFeed News has seen multiple complaints sent to Wordpress.com about online abuse carried out against British citizens – but in each case, the company said it would only respond to legal requests from US courts.

In April the same victim had contacted Wordpress.com to ask it to take the offensive posts down. They were told that the company would only respond to a legal request served by a US court or enforcement agency.

The boilerplate emailed response said that in the event of such action the author of the blog would receive a copy of any legal papers and be given a chance to challenge the disclosure of their personal information through the legal process.

Wordpress.com also said it would charge an "administrative fee of USD $125/hour for compliance with validly issued and served civil subpoenas and reserve the right to review and object to any legal process we receive."

Eventually, the Wordpress blog in question was taken down in October after police intervention. The same victim has been sent pictures of knives and pictures of her family via Twitter messages in the past two years, which she suspects is related to the same pattern of abuse.

In a separate case, a person who complained to the police about allegedly being targeted by a blogger who was the subject of a police investigation for an alleged communications offence.

After being named on the blog, the victim's name then appeared on several far-right websites. She required counselling and treatment for depression for several months.

In February this year police replied to say that there was little they could do and that the victim should contact Wordpress. She did this and was told:

"Hi there, we do not remove content from WordPress.com sites unless it is a violation of our Terms of Service or we receive a court order or a valid DMCA [Digital Millennium Copyright Act] request. For more information on how to file a complaint, please see: http://en.wordpress.com/complaints/."

The victim forwarded this to police and added: "Why can't you issue a Harassment Order against them? What do they have to do to me before this is taken seriously? Do I, as a victim of harassment, not have any rights?" She received no reply.

Later, in March, the same victim contacted the police again to ask for an anti-harassment order to be made.

"Please I'm begging you to do something," she said. Again, she received no response.

BuzzFeed News is n't naming the victims of abuse mentioned in this article to protect their identity, nor the alleged perpetrators of the abuse, for legal reasons.

Mark Armstrong, a spokesman for Automattic, told BuzzFeed News: "We take reports of inappropriate activity very seriously, and we have teams of people dedicated to investigating any reports of abuse.

"WordPress.com has specific Terms of Service and User Guidelines outlining what is allowed. People can also report sites that they believe are in violation of those user guidelines."

Asked what British-based victims of abuse hosted on Wordpress.com should do, he said: "They should report the site to us – we have a process for reporting abusive content available to users worldwide (link) and we review and act on these reports as quickly as we can.

"If a site violates our policies, we'll immediately remove it. For some issues (like defamation for example) – there's often a question as to whether the site content is true or not. We aren't able to decide these cases ourselves and rely on the judgement of a court before taking any action."

The Wordpress.com terms of service tell users: "Do not post direct and realistic threats of violence. That is, you cannot post a genuine call for violence—or death—against an individual person, or groups of persons. This doesn't mean that we'll remove all hyperbole or offensive language."

Preventing online hate speech has become a serious challenge for police across the UK. This week marks National Hate Crime Awareness Week, which chief superintendent Dave Stringer of the Met said was "an opportunity for officers to continue raising awareness of hate crime and encourage victims to come forward."

Earlier this month the home secretary announced a new national hub to tackle online hate crime, set up to "ensure all online cases are properly investigated and will help to increase prosecutions for online hate crimes."

And in 2016, the Met set up a dedicated division with a £1.7 million budget to tackle the problem.

But despite police efforts, serious examples of online abuse remain online: A Wordpress site created by one of the UK's most notorious trolls, which was used to write hateful blog posts that landed him with a jail sentence for racially aggravated harassment, is still online.

Joshua Bonehill-Paine, 24, was jailed for two years in Decemb er for using the site to write a string of offensive blog posts about Luciana Berger, which are still online. One of them – titled "Is the Labour Party a Jewish Party?" – depicted Berger's head on the body of a rat.

Berger, who declined to comment for this article, told BuzzFeed News after Bonehill-Paine's conviction that she still receives hateful abuse online.

Despite huge investment by police forces to tackle the problem – the Met alone has 900 hate crime investigators across its 32 boroughs – there remain practical and cultural challenges in combatting online abuse.

Another of Bonehill-Paine's victims told BuzzFeed last year that while the officer that responded to his complaint was helpful and attentive, he admitted to not knowing how to send an email, let alone how to investigate crimes carried out on social media platforms by people with multiple pseudonymous accounts.

Wordpress is one of several online platforms that have come under fire this year for hosting abusive and extremist material. Home secretary Amber Rudd said in March that the site could do more to combat terrorism while Theresa May told an international summit in September that sites including Wordpress should remove extremist content within two hours of it being posted.

A spokesperson for the National Council of Chief Police Officers said: "We w ouldn't be able to give details of the new [national online abuse] hub as it has just been announced and work is ongoing to define the role it will play.

"It will be established as a central point of contact for police forces so that we can enhance the intelligence picture around online hate crime as well as operationally linking in all forces and with internet companies.

"Our first goal is to improve reporting to police as the most recent experimental stats from the Home Office acknowledge that they under-record these offences."

Source: Police Are Struggling To Get Racist, Threatening Blog Posts Taken Down Despite Complaints

Thursday, October 19, 2017

I can no longer access my blog through wordpress

Hi there,

I see you are a Jetpack user. I checked your site on Jetpack Debug page (https://jetpack.com/support/debug/) for connection issue. The site quoted the following.

DebugCould not validate security tokenWe were unable to validate a security token for Jetpack communication. Please try disconnecting Jetpack from your WordPress.com account, and connecting it again.

If you continue to get this error, please check out our troubleshooting guide or contact support.

Try reinstalling Jetpack as suggested and check if you can access your site via WordPress.com account.

If the issue still persists then try contacting JetPack support team.https://jetpack.com/contact-support/

Hope this helps!

Source: I can no longer access my blog through wordpress

Wednesday, October 18, 2017

Speeding Up Search on Big WordPress Sites with Elasticsearch

Large sites with a lot of content can easily get bogged down when people try to find content.

Every time someone uses the "Search" box on your site, they're using MySQL queries to the database, eating up resources and slowing everything down.

Check out our post 27 Solutions to 14 Forgotten WordPress Page Speed Problems for more on that.

Fortunately, installing a dedicated search engine like Elasticsearch can speed up your site, and allow your visitors to quickly search for and find the awesome content that might otherwise be hidden away on your site.

In this article, we'll look at how to set up an Elasticsearch server, and two WordPress plugins that can help you manage Elasticsearch from the WordPress admin panel: ElasticPress from 10up, and Fantastic Elasticsearch.

Want to learn more? Check out "27 Solutions to 14 Forgotten WordPress Page Speed Problems."Read more Why Replace WordPress Search?

The built-in search function in WordPress is really just a direct query into the MySQL database. It works fine for a site with 100 posts of a few hundred words, but if your site is posting a dozen articles a day on a variety of topics, searching for a single word or short phrase in a database table will take time.

Your site may not be the same size as a globe-spanning news service with dozens of contributors, but it may be large enough where time matters. Time your site visitors don't want to waste.

Why Choose Elasticsearch?

Elasticsearch is a popular dedicated search tool used by giants like the Wikimedia Foundation, Facebook, Mozilla and Netflix. A site that runs on people's questions, Quora, also uses Elasticsearch.

Elasticsearch simplifies and enhances the Apache Lucene search engine. As with most software that simplifies things for the user, there's a lot of complexity behind it. The speed comes from the underlying structure of the system. All your content gets stored in "nodes" that can sit on any number of different servers.

As the size of the site's content grows, nodes can then be stored into clusters. At the other end, content in a node gets an index composed of "shards" of content. When someone searches your site, Elasticsearch checks the index for the search term, not the entire database each time.

Identifying an Elasticsearch Server Host

ElasticPress needs a server to store its information so before you install any plugins you should put an Elasticsearch server in place. This may be the most difficult piece of the puzzle.

Check with your web host first to see if they support Elasticsearch. Most Linux distributions include an Elasticsearch package.

You can get a Docker image for Elasticsearch too. See Building WordPress on Docker With Windows, Linux and OS X to learn how to set up Docker.

You can also choose from a variety of cloud solutions. Amazon Web Services offers up to 750 hours per month of Elasticsearch services for free. QBox's basic plan offers an hourly search plan for a little over US 5 cents.

Lastly, if you have a gigantic site with lots of traffic, 10up wants you to know they have ElasticPress.io to serve your needs. This requires a fairly big monthly fee, but may well be worth the expense.

Installing Elasticsearch 5.3

If you host your own instance of Elasticsearch, you will need to install the system on your server.

The engine components are written in Java, so you will need a 64-bit Java Development Kit (JDK), version 8 or later. You can get the get the latest official distribution here. OpenJDK is an open source option that will also work:

You will need the bulkier Java Development Kit because it comes with a Java Virtual Machine (JVM) that the more common Java Runtime Environment (JRE) lacks. Elasticsearch does all its work inside the JVM.

Elasticsearch is actually a package of these components, known collectively as the Elastic Stack:

Logstash: collects the data

Elasticsearch: The basic search engine

Beats: transports the search data

Kibana: The user interface that manages the system

Elasticsearch Hadoop: the engine that manages Big Data

X-Pack: A bunch of premium services from Elasti.co. Basic Monitoring is free of charge, but Security and other stuff will cost you.

Fortunately, all of these come in a single package, either as an archive (.zip or tar.gz) or Linux installation package (RPM or DEB).

Next, get Elasticsearch here.

Elasticsearch version 5.6 introduced a graphical installer for Windows that greatly simplifies the install. Sadly, at the time of this writing the ElasticPress plugin only supports Elasticsearch 5.3 and earlier. So you will have to use the command line installer to get Elasticsearch working with your WordPress site.

The following steps will install Elasticsearch from the Windows command line. The Linux packages should manage this for you.

Use your favorite archive tool (PKZip, 7Zip, WinZip and the like) to extract the Elasticsearch pack to a directory you have access to on the server volume you want to use. This will be the Home or installation directory. Be aware that the volume you choose must have at least 15% of its total space free to successfully install Elasticsearch.

Open a command line and point it to the installation directory. Type this command:

.\bin\Elasticsearch.bat

The installer will begin configuring the volume and identify an IP address for a localhost environment (likely 127.0.0.1:9200)

To run Elasticsearch from the Windows command line, type the same Elasticsearch.bat command you used to install.

To confirm it's running:

curl -XGET 'localhost:9200/?pretty'

To install the Elasticsearch service, so it runs in the background, type:

Elasticsearch-service install

Start the service with:

Elasticsearch-service start

The Elasticsearch online documentation is very helpful if you run into problems.

Installing ElasticPress

Next up is installing ElasticPress. Use the standard process to install and activate ElasticPress. When you're done, the plugin leaves a message at the top of the Plugin admin page indicating that you have a "quick setup process" to complete before your new search engine is running on your site.

That setup process is just pointing ElasticPress to your Elasticsearch server. The plugin will connect Elasticsearch to your WordPress database in the background. Get this from your searching host, if you didn't install the package yourself.

Otherwise, use the IP address for localhost (127.0.0.1:9200) that the installer identified in the last section. Your search capabilities will now use Elasticsearch.

Using Fantastic Elasticsearch Plugin

This plugin is a useful alternative to ElasticPress, allowing you a bit more flexibility on when to use Elasticsearch instead of standard WordPress search. If you're willing to trade off some speed for cost reductions for cloud server space and traffic, Fantastic ES is the way to go.

Once you've connected your site to the Elasticsearch server, identify the areas of your site that get the most search traffic. Then use the plugin to finetune what content you want to use this tool with. Go to Settings > ElasticSearch > WordPress Integration. You can choose specific category archives, custom post types, and tags.

If you're a search expert, there are many other settings that Fantastic Elasticsearch can configure for you.

Conclusion

Elasticsearch is an excellent solution to the problem of topic searches taking a long time to complete. Depending on your comfort level with storing data in the cloud, and finding an affordable solution for your storage, both ElasticPress and Fantastic Elasticsearch can simplify setup and management of Elasticsearch in WordPress.

Let's hope that ElasticPress will soon support the simpler graphical installation of Elasticsearch 5.6.

Source: Speeding Up Search on Big WordPress Sites with Elasticsearch

Monday, October 16, 2017

8 Ways to Stay Focused When Writing a Blog Post

Blogging can be a fun, interesting, entertaining, helpful, and fabulous experience for both bloggers and their readers.But, what blogging often isn't is quick. It's usually not a done-in-a-jiffy type of activity. It requires the ability to stay focused when writing because there's no shortage of people and things that can take you away.

And, then there's editing. And, sourcing images. And, editing those images. Let's not forget about the things you need to do after you've hit the publish button (like promoting your content).

It is a process with several steps, but before you do them all, you first have to focus on writing.

Staying Focused Isn't Easy

It sounds fairly simple and easy, right? All you have to do is sit down and write.

But, with a barrage of bright, shiny things always popping up in front of you, you might find that you're spending your writing time watching videos on YouTube (because you're doing research, yes?).

Or, checking out your Facebook newsfeed (because you're trying to stay up on current events).

Or, even washing the dishes (because you can't write when there are dirty dishes in the sink!).

Or, maybe you spend hours and hours sourcing the perfect image for your post and then you spend even more time manipulating it (because your post must have the most perfect graphic!).

In addition to all the distractions that come up, it can be really tricky to stay focused during your blogging time especially when you're not so fond of, well, writing (Look! Squirrel! And, babies! … holding puppies!).

See what I mean?

8 Ways to Stay Focused When Writing a Blog Post

If you find yourself being distracted often or if you're trying to set the stage so you can be productive, the tips below can help keep your mind on your blogging and your blogging on your mind.

1. Write your subheadings and bullet points FIRST.

Usually, readers benefit the most from subheadings and bullet points because it breaks up the text and helps them scan the main points of your post (instead of reading every word).

But, it can help you, too. If you have trouble writing the meat and potatoes of your piece, try writing your subheadings and bullet points first.

You might find it easier to write these shorter, more direct portions first which can be used like an outline (just like when you wrote essays in high school). Doing this might also create a few brain sparks that motivate you to write more details and (later on) add some data.

2. Write your Introduction, Conclusion, and Calls to Action FIRST (or after your subheaders or bullets).

Consider writing the core pieces of your content first, like the:

Introduction

Conclusion

Calls to Action (CTAs)

Doing this will help you to focus on specific pieces of your content. Instead of looking at the entire post as a whole, you can segment it so that you don't get overwhelmed and get the sudden desire to walk the dog, even though you don't have a dog.

3. Pick one main theme or point per post.

Sticking to one main point per post has many benefits. First, you'll likely have less to edit because you won't have extra words and paragraphs that are not relevant to your current post.

Also, writing about one main point keeps things clear. When you start going off on tangents, you might find that you get confused and lose focus about what you intended to write in the first place. If you get confused, guess who else might get confused? Yep, your readers.

Tangents and irrelevant information (no matter how important) will also eat up your writing time, so stick to your main point and sequester those tangents in Evernote.

4. Do non-writing related activities LAST.

So, blogging is about writing. And, as I mentioned already, it's more than that, too. It will probably include activities like:

Researching hard (statistics) and/or soft data (e.g., quotes)

Editing content

Finding, editing, placing images

Promoting your content

Planning your next month of content

If your goal is to focus on writing, you'll need to work on those other tasks after the writing has been completed. Venturing off into another direction (though valuable) will pull you away from the task at hand.

So, write first and leave placeholders for where research and images are needed. Then, go back and add those pieces in afterward.

If you get another idea for a different post, make note of it and save it for later.

5. Turn off the pings, dings, bells, whistles, and jingles.

Any audible or visible notifications that you have configured on your laptop or phone should be disabled when you are writing your blog posts. No matter how strong your desire may be to finally write that post, you might have a moment of weakness and FOMO might kick in when you least expect it.

Even if you ignore the notifications, those pings and dings are still interruptions. It can take around 25 minutes to get fully focused on your original task each time you are interrupted (here's some information that backs that up).

Recommended for You

Webcast, October 19th: Triple Your Revenue Through Event Marketing

So, do yourself a favor, and turn 'em off and use reinforcements, like Leechblock (Firefox only), Freedom, Focal Filter, and StayFocusd (Chrome only), when the going gets rough.

6. Use a timer.

A timer is a great focusing tool. It can tell you when to start and when to stop working on a specific activity. Why not use it when you're writing?

To begin, decide how much time you'd like to spend writing. Perhaps you have a certain amount of time that translates into an average number of words. Set your timer for that amount of time, start writing, and then stop when it goes off.

If you decide to write some more, go for it! Just set the timer again, stop when it goes off, and then re-assess whether or not you should keep writing. Lather, rinse, repeat.

You can use a regular kitchen timer or a timer app on your smartphone. And, you can boost your writing time by using a timer with The Pomodoro Technique. Together, they can prove to be an excellent combination to help you stay focused when writing your posts.

Here's how it works:

One Pomodoro is 25 minutes. After writing for 25 minutes, you can take a 3-5 minute break and then go back to writing again for another 25 minutes. If you stop writing or allow any distractions to pull you away after you start the timer, you will need to start a new Pomodoro or cycle of 25 minutes … even if you only have a short time left on the timer.

Consider completing two or more Pomodoros in a row for greater productivity. And, check out Pomodoro timer apps in the App Store (like Focus Time) and Google Play (like Clockwork Tomato).

7. Use a writing app.

Writing apps can put you in the blogging mood and help you translate your thoughts into lovely pieces of content.

Here are a few for you to check out:

FocusWriter not only provides a distraction-free writing environment, but it also has built-in timers and alarms. That's a two-fer. Win!

WriteMonkey comes with a built-in Pomodoro timer as well as a feature called "Segment Focus." Segment Focus only shows you the current portion (or segment) that you're working on and hides everything else. This can help you chunk your writing and keep your brain from wandering to sections that you just have no business (at least not yet) working on.

Evernote is a great app for writers that also offers a distraction-free writing space. You can hide the editing toolbar and turn it back on when you need it. You can also add reminders to your notes so that you don't forget to finish writing! Of course, Evernote is chock-full of other features, but writers will find it super simple and easy to use.

Of course, you could just use WordPress — yes, WordPress. It doesn't come out of the box with a timer app (or plugin), but it can offer you a minimalist writing space. If you don't like seeing all the sidebars in the visual or text editor or you get easily distracted, you can toggle to "Distraction Free Writing."

When you start a new post, simply click on the toggle button (under the visual/text editor links) to turn it on.

Once you start writing, the left and right sidebars will fade away. If you move your mouse outside the writing space, the sidebars reappear. You can also kick things up a notch by enabling full-screen mode using the keyboard shortcut Ctrl+Shift+F (Chrome & Firefox).

8. Play music.

Music can motivate you to do things you don't want to do AND help you feel enthusiastic about doing them. Ever wonder why you always hear music every time you walk into a gym?

Certain types of music will make you get up and go or hunker down and get stuff done. It all depends on what works for you, but the folks at Focus@Will say that you have to listen to the right music to be productive.

Scientists have discovered that depending on your personality type, there is a specific type of "music" that when engineered just right, puts your brain into a "flow state" making you hyper-focused and exponentially more productive. ~Focus@Will

Focus@Will offers music tracks that are scientifically chosen to increase your productivity. Take the 1-minute quiz to figure out your "focus music" and use the free 14-day trial to test it out.

All you need to do is start the music player and begin writing. Though you don't get to choose the particular tracks you want to listen to (you can choose your genre), it likely won't matter if you get good results.

Recipes to Help You Focus While Writing

Crafting your blog posts can get easier when you use the right strategies to help stay focused. Check out the blog writing recipes below and try one (or two) to see if they enhance your current way of doing things.

Or, think about combining a few of the techniques above to create an entirely new recipe of your own.

Recipe #1: Timer (45 min) + Music

Turn off audible and visible notifications

Set the timer for 45 minutes

Play music

Write subheading and bullet points first

No apps are required for this recipe.

Recipe #2: StayFocusd + Pomodoro (25 min) x 3 + WriteMonkey

Turn off audible and visible notifications

Activate StayFocusd (or other website blocking app)

Set the timer for 25 minutes

Use the Pomodoro Technique

Use WriteMonkey's Segment Focus

Write your Introduction, Conclusion, and Calls to Action

Repeat this recipe to start writing a new segment during your next Pomodoro. Complete three Pomodoros and then take a 15-30 minute break.

Recipe #3: WordPress + Word Count + Focus@Will

Turn off audible and visible notifications

Set a word count goal (e.g., 300-500 words)

Compose in WordPress distraction free mode

Play music via Focus@Will

Write your Introduction, Conclusion, and Calls to Action

No timer is required for this recipe, so write for all long as it takes to get to your word count goal.

Final Word

Once you have chosen a recipe that you want to try, really give it a go. Test it out for several weeks and keep note of how helpful it is and make necessary adjustments. Of course, if the process you're currently using works just fine, keep it.

But, don't keep it to yourself! Please share in the comments any specific steps you take to help you stay focused when writing your blog posts.

Author: Deb Lee

Deb is passionate about productivity, coffee, apps, Wordpress, blogging, & social media ...not necessarily in that order. She's a Digital Business Coach, appaholic, blogger, speaker, and an Evernote Certified Consultant. Deb takes great delight in helping entrepreneurs and business teams leverage technology to increase productivity.… View full profile ›

Source: 8 Ways to Stay Focused When Writing a Blog Post

Sunday, October 15, 2017

Can I Make WordPress App arrange my drafts by their original creation time?

All support docs are here https://en.support.wordpress.com/

Please see https://en.support.wordpress.com/show-your-posts-in-chronological-order/

Blogs are essentially a reverse chronological order publishing tool wherein the most recent published post will display on top. You cannot change this order on a free hosted WordPress.com blog. There is no upgrade that allows you to change this post order on a free hosted WordPress.com blog. It's designed to serve your visitors as they come to read the most recent posts and will not be inclined to trawl through hundreds of posts to locate it.

See here for the option of creating a book-like structure > http://en.support.wordpress.com/write-a-book/ Perhaps that will work for you.Or you could use a single sticky post as an index page > http://en.support.wordpress.com/posts/post-visibility/#sticky-postsOr you can falsify every date-stamp before publishing.Creating a page and using the display posts shortcode https://en.support.wordpress.com/display-posts-shortcode/ on it will apply only to 100 posts.

Additional information:

The default timezone is UTC time. You can reset your timezone here > Dashboard > Settings > General.

http://NAME_OF_BLOG.wordpress.com/wp-admin/options-general.php

*Replace NAME_OF_BLOG in that URL with the actual name of your blog.

Select the closest city to you in the same timezone in the drop-down menu you see there and then click "save changes".

Edit the post, change the datestamp in the Publish module, and click Update.

All Posts are found here > Dashboard > Posts > All Posts

http://NAME_OF_BLOG.wordpress.com/wp-admin/edit.php*replace "/NAME_OF_BLOG" with the actual name of your blog

You hover over the title of the post and click the Edit link, then edit the datestamp in the Publish module and click update.

Note that you can examine these images so you see how to edit posts and change datestamps and timestamps where required.https://en.support.wordpress.com/posts/schedule-a-post/Note also that if you create sticky posts they will always be on top https://en.support.wordpress.com/post-visibility/#sticky-posts unless or until you edit and remove the sticky designation.

If you still have an issue then please type modlook into the sidebar tags on this thread for a Staff follow-up. How do I get a Moderator/Staff reply for my question? https://en.support.wordpress.com/getting-help-in-the-forums/#how-do-i-get-a-moderatorstaff-reply-for-my-question Also subscribe to this thread so you are notified when they respond and be patient while waiting. To subscribe look in the sidebar of this thread, find the subscribe to topics link and click it.

Source: Can I Make WordPress App arrange my drafts by their original creation time?

Saturday, October 14, 2017

Using Categories, Tags and Taxonomies Properly in WordPress

Categories, tags, taxonomies, and terms in WordPress can be confusing. When you first start out with WordPress, you'll no doubt happily use categories, and possibly tags, but then as you start to delve into the system more and use it as a CMS, then custom taxonomies will come into play.

But what's the difference between them all? And how can you use them on your site?

In this post, I'll attempt to demystify categories, tags, taxonomies and terms, and identify uses for each of them. I'll give you some examples of how to use them and look at how our own plugins use them to add extra functionality to your site.

Categories, Tags, Taxonomies and Terms: Definitions

Let's start with some definitions, so that we know exactly what we're talking about. The first thing to define is a taxonomy, as that's the broadest of the terms we're dealing with.

What is a Taxonomy?

Taxonomy isn't a word that's specific to WordPress. The Oxford English Dictionary defines taxonomy as:

"A scheme of classification."

It's a term often used in science, to classify organisms. But that's not really very helpful.

The WordPress Codex gives us a more helpful definition:

"In WordPress, a 'taxonomy' is a grouping mechanism for some posts (or links or custom post types)."

That's more specific but doesn't really pin it down. Maybe it's easier to define taxonomy by providing some examples.

A taxonomy is a grouping system that you use to classify any kind of post in WordPress. For example category is just one taxonomy. As is tag. You can also create your own custom taxonomies which you apply to posts or to a custom post type. It's very common to create a custom taxonomy to classify posts in a custom post type, as this avoids any confusion between the custom post types and normal posts.

For example, if you install our Support System plugin, it will register two custom post types for you: Support Ticket and FAQ. It will also register two custom taxonomies: Ticket Category and FAQ Category. This lets you categorize your tickets and your FAQs separately from your blog posts, and from each other.

What is a Term?

A term is the grouping with in a taxonomy that you use to separate out your posts.

So for example if you were using the Support System plugin and you'd created categories for each of your support teams — maybe billing, sales and support — each of those would be a term in the Ticket Category taxonomy. You would set up different terms for the FAQ Category taxonomy, although they may be duplicates.

The Support System plugin in the WordPress admin

The Support System plugin registers two custom post types and two custom taxonomies

But as far as WordPress is concerned these are different terms and will be stored separately in the database. Even if you give them the same names.

What is a Category?

This brings us back to categories, which people frequently confuse with taxonomies. This is how categories work:

Category is a taxonomy.

An individual category that you add is a term in the category taxonomy.

So if you created categories of recent and featured for your posts, they would be terms in the category taxonomy, just as billing, sales, and support are terms in the ticket categories taxonomy.

So in That Case, What's a Tag?

A tag is similar to a category. It's a term in the post_tag taxonomy. So if you have WordPress and tutorials as tags for your posts, they are terms in the post_tag taxonomy.

(Don't ask me why tags are called post tags and categories aren't called post categories, I'm afraid it's one of WordPress's many mysteries).

But, you might be asking, what's the difference between a category and a tag? And why do we need them both?

Categories and tags differ in one crucial respect: categories are hierarchical, and tags aren't. You can create child categories of a parent category but you can't do the same with tags. This is why you're much more likely to use categories to structure your site than tags, as they have their own inherent structure.

When you register your own custom taxonomies (or when a plugin does it for you), these can either be hierarchical or not – so they can behave like a category, or like a tag.

Phew! I hope that all makes some sense now.

Creating Taxonomies and Terms

Now that we've identified what a taxonomy and a term is, let's take a look at how you create these.

WordPress has a few built-in taxonomies. These are:

Move Subscribers from Old Blog to New

Hi singleguysays,

I've moved your subscribers from manvsloneliness.wordpress.com, to singleguysays.wordpress.com.

Your email subscribers will continue to receive email notifications however, WordPress.com followers will only see new posts in the Reader. They will not receive email updates unless they subscribe to receive those on your new site.

Best of luck with your new site.

Source: Move Subscribers from Old Blog to New

Thursday, October 12, 2017

Fashion Blog WordPress Theme

Fashionate is a great looking free fashion blog theme for WordPress by ThemeExpert, it features a well structured and clean layout, an image slider under the top menu where you'll find buttons for contact, about, categories, etc, and a single column layout where you'll see the latest published posts.

Source: Fashion Blog WordPress Theme

Wednesday, October 11, 2017

Building WordPress.com Website Success: From the Fringe

Want to learn how to be a successful blogger? For the second portion of our three-part series, we're presenting a conversation with Suzie Marie, a UK-based blogger at From the Fringe. In this insightful interview Suzie speaks about her road to blogging success and shares expert insight on what it means to connect with your ideal audience. Suzy's best piece of advice: you can make a meaningful contribution simply by being yourself. Suzie received a Highly Commended mention at the UK Blog Awards for her first blog (with over 700 posts), which led to her current blog, From the Fringe. Suzie writes on all things joy, lifestyle, and feminist feistiness, while incorporating a light-spirited voice into her writing.

When did you start your blog?

I started blogging back in 2011 when it was only a fraction of the huge community and market it has become today. It was a completely different world then, with most people just blogging about their lives and their stories.

Why did you start it?

I read a blog by Suzy Krause, and that inspired me to begin my own blogging journey. Her style was so unique and interesting, it made me want to write my own stories and share a little bit of myself with the world. I still read her blog today — she's a wonderful writer!

How did you grow your site?

Honestly, I still feel like a relatively small blogger, so it's weird for me to talk about growth. I don't feel that it's something I've really gained significantly! I think that winning Highly Commended at the UK Blog Awards in 2014 was a real boost to my confidence and definitely changed the way that I felt about blogging. I started to take it a little more seriously and really work on my writing, which is when my latest blog, From The Fringe, was born. It's all about community rather than followers for me, so I've just focused on reading and commenting on other people's blogs, sharing on social media, joining Twitter chats and blogging groups, that kind of thing.

Was there a specific event that significantly increased your site traffic?

I was featured on WordPress.com's Discover recently, which was pretty awesome and brought me lots of lovely new readers.

Was your site's growth strategic or organic?

My site growth has been a mixture of organic and intentional, I'd say. I think I'm definitely more savvy about how to accumulate traffic these days; however, I rarely follow the "rules," and I can't bear marketing myself constantly, so I tend not to do it! I promote my content online, but generally my followers are just people I've accumulated over the years like beautiful pieces of treasure.

How does social media impact your site's growth?

Social media can be massively helpful in growing a site. If, unlike me, you're willing to dedicate time and effort to it, social media is absolutely the key for getting your content seen by wider audiences. Pinterest and Twitter are both outstanding platforms for bringing your content to a large audience quickly, which can do wonders for your growth.

Have any of your posts received particularly positive feedback? How did it impact you, your site, and your community?

The post that was featured on WordPress.com's Discover, "A Mushy Love Letter About Blogging," has been my most popular post by far, and thankfully it has gotten really positive feedback. It was a post that I quickly penned on a train and didn't proof or plan — I just wrote it and pinged it out into the world. So the fact that it resonated with so many people and inspired those on their journeys into the blogging world was hugely gratifying to me. As I mentioned, the post brought me lots of lovely new followers, and it felt as though the universe was confirming my belief that blogging shouldn't be about numbers, but about love and passion.

Are you actively involved in the WordPress.com community?

This community is something that has only revealed itself to me recently, but it's brilliant! There are bloggers from all over the world writing amazing content, and it never ceases to amaze me how blogging has grown over the years. I'd love to be more involved than I am, but by managing two sites and a full-time job, I very often run out of time!

What has been the best tool to authentically engage with your community?

I really relish the opportunity to share such personal and emotional posts with the community, and replying to each comment is really important to me. I try to offer advice where I can, and I enjoy hearing other people's stories. I think the key to authentic engagement is just to be yourself — how much more authentic can you be?

How has the WordPress.com community positively impacted your blog?

It has given me the confidence to just be myself and do my own blogging thing. It's so easy to get sucked into thinking about followers and stats, and you very quickly find that the fun and joy of just the craft itself disappears. Having a post about exactly that be picked up and promoted on such a large scale has kept me on the right track and serves as a reminder to stop putting pressure on myself and to just enjoy it!

From the birth of your site until now, take us through the evolution of how it came to be. What was the experience like for you?

In 2011, I started a blog simply as a place to share my thoughts. I was in the middle of a master's degree and trying to work through all of the new concepts that I was learning about and the ways I was changing as a person. Over the years I honed in on my writing skills, developed a great community of people I now happily call friends, and began to gain confidence. I posted over 700 pieces to that site, something which just blows my mind! I constantly worked hard at blogging and started to gradually see improvements and collect positive feedback. In 2016, I started my new blog, From the Fringe, because I felt that I'd changed a lot since 2011 and needed something new to represent that.

It has been a truly joyous experience, and I don't think I've ever been as invested in a project for such a long period of time! Blogging has undoubtedly shaped who I am as a person, and I wouldn't change it for the world.

Any blips along the way? What helped you navigate those challenges?

So many blips! I've had times where I've barely posted a thing, times when the blog was the only good thing I had in my life, and times where I got tired of being part of the popularity competition that blogging sometimes generates. I've "quit" blogging a couple of times, too! I always come back to it, though, and to help me overcome the barriers, I try to remember starting all of those years ago and get myself back to that simple love of writing. That's always a great way to rejuvenate my interest and remove myself from some of the negative aspects of the blog race.

What decision-making process did you use to create a really impactful site with an extensive reach?

There's been a mixture of processes along the way. I'm very much about the words, so everything about the site is just about making the content the main focus. I have a huge title banner, and then it's straight into blog posts, so I guess I just wanted to keep things simple. Everybody wants to consume content quickly and fuss-free these days, so I've tried to facilitate that as much as possible.

How much content do you share, and how often?

I don't share content as much as I should because I hate scheduling with a passion! However, I use a content-scheduling provider called CoSchedule, which is so helpful. I tend to try and share at least one post per day and revisit old posts every now and then, or when something relevant comes up in current affairs that I've written about before. New content gets a specific schedule for a month after it was published. I only share on Twitter at the moment, but I'm also working on marketing on Pinterest (when I have time).

Did you have any epiphanies during the evolution of your blog?

Yes! Followers are absolutely not the only measure of success. Blogging brings so many amazing things — followers are just a tiny piece of the puzzle. Success can simply be you writing something you're really proud of, making a new friend in the blogging world, or getting the chance to do something interesting for your blog. I can't stress this enough. It's the most important thing that I realized!

What advice would you give to those beginning a WordPress.com blog or website?

Being yourself is the most important part of blogging. People want to read a relatable voice with heaps of personality, so what you're actually writing about is only part of keeping an audience interested. Make sure that your site is user-friendly and easy to read, and focus on the tiny things like spelling and grammar, which are vital for building credibility. Don't concentrate solely on followers (I told you I can't stress this enough), because there are other riches to be achieved. There will be times when you feel like it's pointless, and that you're never going to get anywhere because the market is so saturated. Just remember why you're doing it. Whether it's for a love of writing, to raise awareness about a particular issue, or to work through your own thoughts — that's what is important. Keep going with it.

What is the best way to connect with your audience?

Replying to comments, chatting to people on social media, and getting involved with Twitter chats or in-person meetups and events are all great ways to connect. The sense of community is one of the best things about the blogging world, so make the most of it! I have friends all over the world just from striking up conversations online — it's brilliant!

What are the overall benefits of building and running a blog like your own?

There have been so many benefits of blogging for me, I barely know where to start! On a fundamental level, it reconnected me with writing, something I love with a passion. This has given me strength and confidence in the hardest of times. I have been given brilliant opportunities such as attending an event at Parliament and delivering a lecture at a university. I started a magazine, The Olive Fox, with a fellow blogger, and we have amassed a team of 80 contributors from all over the world, and the community we have there humbles me every day. I have a voice for my feminism and my opinions, which is not something I take lightly. Blogging connected me to other like-minded, wonderful people. Honestly, blogging has been an incredible and sometimes unexpected force in my life. I hope it brings as much joy and happiness to my readers as it does to me! If I could make just one person feel like they have found a similar soul, I'd be delighted.

Tags: blogging, inspiration, spotlight, website traffic

Source: Building WordPress.com Website Success: From the Fringe

Blogger vs WordPress Blog

Search This Blog

Popular Posts

Blog Archive

Total Pageviews

Blogroll

Security Haiku: WordPress 4.8.3

Is WordPress Secure?

Beautiful & Simple WordPress Themes for Writers

Results From the 2017 WordPress User Survey Are Not Guaranteed to Be Shared

Cryptocurrency Miners Exploiting WordPress Sites

AFTER I POST AN AUTOMATIC EMAIL GETS SEND OUT BY WORDPRESS, HOW CAN I CANCEL THIS?

Moving from WordPress to Self Hosted - Need Redirects to Changed Permalinks

Hosting a WordPress site on AWS at low costs

Police Are Struggling To Get Racist, Threatening Blog Posts Taken Down Despite Complaints

I can no longer access my blog through wordpress

Speeding Up Search on Big WordPress Sites with Elasticsearch

8 Ways to Stay Focused When Writing a Blog Post

Can I Make WordPress App arrange my drafts by their original creation time?

Using Categories, Tags and Taxonomies Properly in WordPress

Move Subscribers from Old Blog to New

Fashion Blog WordPress Theme

Building WordPress.com Website Success: From the Fringe