Monday, February 29, 2016

CTB-Locker ransomware encrypts WordPress sites and holds them hostage

A fresh strain of ransomware called CTB-Locker has popped up online, and it encrypts WordPress websites rather than users' computers. So far more than 100 sites have been affected.

The ransomware, also known as Critroni, operates more or less in the same way as traditional ransomware when it encrypts a user's files and demands fee in bitcoin to decrypt and return the data. In the case of CTB-Locker, which is a PHP program, it instead targets a website.

The culprit will usually hack a website that is poorly secured and replace its index.php or index.html files with different files that encrypt the site's data with AES-256 encryption, and will also display a warning message on the homepage demanding money along with instructions on how to buy bitcoin.

"Decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the decryption key," says the message. It demands .4 bitcoin to return the website to working order.

View photo

.ctb-locker

This latest iteration of ransomware was discovered by BleepingComputer's Lawrence Abrams. He found that the CTB-Locker even comes with a live chat function, so you can actually message the hacker about paying the ransom, and this version of the ransomware has been signed with stolen certificates.

Related: Ransomware attacks spread like wildfire internationally, threatening schools, churches, and hospitals

Abrams points out in his report that, as per usual, the only way to restore your files other than paying up is to use a back-up.

It appears that there are about a hundred sites infected with CTB-Locker. A Pastebin document has been created that lists many of the sites that appear to have been compromised. No major, big name sites are included.

If you're a website owner who is concerned about this, you should check to make sure that you're using the latest version of WordPress. Most of the sites targeted so far were poorly managed and used outdated versions or had installed vulnerable plug-ins.

CTB-Locker looks like a pretty specialized experiment from the author and it may not be a massive threat in the near future. However, it is the latest mutation of ransomware. We've seen several cases of infections coming up over the last few weeks with businesses and organizations like hospitals and school districts getting infected and paying the ransom.

Also watch: Asus ROG GX700 Hands On Please enable Javascript to watch this video
  • Apple's top counsel: Our customers are 'better protected from thieves and terrorists'
  • Ransomware attacks spread like wildfire internationally, threatening schools, churches, and hospitals
  • Hollywood hospital pays $17,000 to ransomware hackers

  • Source: CTB-Locker ransomware encrypts WordPress sites and holds them hostage

    Funio Launches First #WordPress #Hosting Service Using Container Technology, Powered by Kubernetes and Docker

    Funio Launches First WordPress Hosting Service Using Container Technology, Powered by Kubernetes and Docker MONTREAL, Feb. 22, 2016 /PRNewswire/ -- Funio, part of Internap Corporation (INAP), a provider of powerful, safe and managed hosting solutions, today announced the availability of its Managed WordPress Hosting solution, a new generation of web hosting ... read moreFunio Launches First WordPress Hosting Service Using Container Technology, Powered by Kubernetes and Docker MONTREAL, Feb. 22, 2016 /PRNewswire/ -- Funio, part of Internap Corporation (NASDAQ: INAP), a provider of powerful, safe and managed hosting solutions, today announced the availability of its Managed WordPress Hosting solution, a new generation of web ... read more

    Funio Launches First WordPress Hosting Service Using Container Technology, Powered by Kubernetes and Docker MONTREAL, Feb. 22, 2016 /PRNewswire/ --Funio, part of Internap Corporation (NASDAQ: INAP), a provider of powerful, safe and managed hosting solutions, today announced the availability of its Managed WordPress Hosting solution, a new generation of web ... read moreFunio Launches First WordPress Hosting Service Using Container Technology, Powered by Kubernetes and Docker MONTREAL, Feb. 22, 2016 (Canada NewsWire via COMTEX) -- Funio, part of Internap Corporation INAP, +11.95% a provider of powerful, safe and managed hosting solutions, today announced the availability of its Managed WordPress Hosting solution, a new ... read more

    Buy AutoTrafficRSS script now for $27 only!

    We will send the script to your PayPal email within few hours,Please add FullContentRSS@gmail.com to your email contact.
    Source: Funio Launches First #WordPress #Hosting Service Using Container Technology, Powered by Kubernetes and Docker

    Scheduled Backups for WordPress for Free in 5 Minutes

    No matter how many times you read about it on the web, you just haven't got around to backup your WordPress website, despite all the hours you've put into it. There are tons of reasons for you not backing up – it's too expensive, takes too long to setup, if your server gets hacked your backups might be lost as well, etc. – you get the picture. But hackers and server hardware issues won't listen to you whining about how long you worked on your website, and once it gets hacked, it's pretty much gone forever without backups.

    And that's why, you need to take action NOW. Setting up scheduled backups in WordPress can be surprisingly easy. What if I told you that there was a way to backup your website for free, with the backed-up files stored outside your server in a secure cloud environment, that can be setup in 5 minutes? You're in luck. I present to you, the WordPress Backup to Dropbox (WPB2D) plugin.

    Advantages and Disadvantages of WordPress Backup to Dropbox

    Many WordPress experts might point out that there are many other more robust backup applications, as well as many powerful paid options. However, for most users, WPB2D is more than enough. The WPB2D plugin is great in that it's incredibly easy to setup and also very easy to use. I set it up on one of my WordPress sites 2 years ago, and it has never had an issue ever since. It's great for setting up once, and just leaving it there. Here's an image of the plugin in action:

    WordPress Backup to Dropbox Plugin

    WordPress Backup to Dropbox plugin

    However, WPB2D does lack more powerful features such as 1-click restores and backing up to different cloud services. If you're looking for something more advanced, try something like Updraft Plus, or check out our previous article that compares the best WordPress backup plugins.

    Configuring WordPress Backup to Dropbox
  • Head over to Plugins > Add New in your WP dashboard.
  • Type in the search bar, "Backup to Dropbox".
  • This is the one you should install:Backup to Dropbox install
  • Install and Activate the plugin.
  • Go to WPB2D > Backup Settings in your WP dashboard.
  • The first thing you need to do, is to authorize your Dropbox account to be used with this plugin. I'd recommend creating a new Dropbox account per site just to be safe (and since it's free anyway).Backup to Dropbox authorizeWordPress Dropbox allow backups
  • After you allow access for the plugin, go back to the backup settings page and press Continue.
  • There you can access some basic settings for you to get started. You can chose how often to store a new backup. Do note that if you chose daily backups and you're on a small, slow server, it could slow the server down especially when your site is bigger.
  • You can also exclude which files to exclude from backing up. For example, if you have a directory filled with movies that are several GB in size each, you would probably want to exclude them from the backup as Dropbox only gives you 2GB for free.
  • Press Save Changes at the bottom of the page, and that's it! You've just setup daily/weekly/monthly backups to Dropbox. That's about as secure as you can get, as Dropbox isn't going anywhere soon.
  • You can head over to Dropbox to see your backups. The plugin creates a folder named Apps > wpb2d.
  • That's it! If you have any questions, feel free to ask below.


    Source: Scheduled Backups for WordPress for Free in 5 Minutes

    Joomla Sites Join #WordPress As TeslaCrypt Ransomware Target

    Joomla Sites Join WordPress As TeslaCrypt Ransomware Target Exploit kits infecting thousands of WordPress websites are setting their sights on the open-source content management system Joomla in a new campaign spotted by a researcher at the SANS Institute's Internet Storm Center. "The group behind the ... read moreRansomware springboards from WordPress to Joomla domains Strains of ransomware have been ... have shifted from the traditional target of websites supported by the WordPress content management system (CMS), and instead, have graduated to also hunt down vulnerable Joomla CMS Web domains. Back in January this ... read more

    Joomla targeted in WordPress campaign that delivers TeslaCrypt The cyber-gang behind the ongoing WordPress ... Joomla sites – as we did with the WordPress campaign." The sites are compromised by malicious code attached to the end of JavaScript files and the exploit kits generally deliver the TeslaCrypt ransomware ... read moreGamers targeted by TeslaCrypt ransomware: $1,000 to decrypt games, mods, Steam Encrypting all these games demonstrates the evolution of crypto-ransomware as cybercriminal target new niches ... people are currently being infected with TeslaCrypt. An unnamed compromised website, based on WordPress, is serving up malware via redirecting ... read moreHewlett Packard Enterprise Identifies Top Risks for Businesses Today: Application Vulnerabilities, Patching and Malware Monetization Annual Cyber Risk Report Reveals Attack Sophistication on the Rise While Organizations Struggle to Keep Pace With Dissolving Perimeter and Diversifying Platforms PALO ALTO, CA--(Marketwired - Feb 17, 2016) - Hewlett Packard Enterprise (NYSE:HPE) (NYSE: HPE ... read moreDropbox phishing scam uses compromised Wordpress site Dropbox users may be the target of a new phishing scam that utilizes a compromised Wordpress site, according to a post Tuesday by Johannes B. Ullrich on the SANS Internet Storm Center InfoSec Community Forums. In the post Ullirch, SANS Technology Institute ... read moreCryptoLocker Variant Has Been Created Specifically to Target Japanese Users The researchers say that the Japanese variants of the ransomware are distributed through compromised websites, most of them hosting blogs. "However, it is also possible that the attacker is renting an exploit kit [RIG EK] to automatically compromise ... read moreBlogs, other content management sites targeted by password thieves Dubbed "Fort Disco" by the researcher, it's using 25,000 infected Windows machines to support attacks on more than 6,000 Joomla, WordPress and Datalife Engine sites. What attackers are finding is that login credentials for many sites running popular CMS ... read more'Fort Disco' Botnet Behind Attack Campaign Against Thousands Of Sites Researchers at Arbor Networks have uncovered a crafty attack campaign that has compromised thousands of sites powered by Joomla, WordPress, and Datalife Engine ... the attacker actually used them to target visitors to the compromised sites, Bing tells ... read more

    Buy AutoTrafficRSS script now for $27 only!

    We will send the script to your PayPal email within few hours,Please add FullContentRSS@gmail.com to your email contact.
    Source: Joomla Sites Join #WordPress As TeslaCrypt Ransomware Target

    Sunday, February 28, 2016

    Grenade: Small agency, big boom

  •   0
  • by Herman Manson (@marklives) You know the story. Creative meets suit, and they launch an agency. It's rare for a team to emerge from the media world to do the same — as happened with two friends with extensive experience in publishing launching digital agency, Grenade, in 2012.

    Colin Daniels was digital strategy manager at Times Media Group (then Avusa), later becoming the publisher of TimesLIVE; he also served as head of digital at Trader Media Group. While completing his MBA, Daniels launched his own digital publishing consultancy, More Than Media. This was the forerunner of Grenade. His business partner, Robin Pietersen, had worked with Daniels at Times Media Group as a designer and developer before joining him at Trader Media Group. He was also a partner in More Than Media.

    We are Grenade. Africa's Digital AgencyPrimary launch product

    Once Daniel's MBA was done, the duo decided to build up their business and Prefix (today Everlytic, recently acquired by Vox Telecom) was brought on board as a shareholder and partner. Their primary product was a propriety content management system (CMS) called Predator. which provided the business with a revenue stream. But within a year of their launching, WordPress, the free open-source CMS, had become a dominant force, and the business had to reorient itself as its model became increasingly obsolete.

    Initially, Daniels and Pietersen had thought they could build Predator into a product well-suited for challenges facing publishers in emerging markets. They had also started building a mobile publishing solution. When you can't beat them, join them, says Daniels, and soon the agency was building client sites using WordPress, evolving into a custom WordPress design-and-development agency. Ironically, it was now helping publishers move their sites from systems such as Predator to WordPress.

    Today, its client list includes Naspers, MultiChoice (including Idols, Mzansi Magic, kykNet, Africa Magic and Carte Blanche, among others) to Times Media Group (Sunday Times, BDLive, TimesLIVE and SowetanLIVE), Cerebra, the Mail & Guardian, Creamer Media, VOX Telecom and Fedhealth.

    Grenade logoToday's offerings

    Grenade today offers WordPress design-and-development services, setup of ecommerce stores, mobile development, newsletter strategies, broader digital strategy, branding and SEO. It is also building custom apps for WordPress which it will be releasing commercially in the near future. Its white-labelled mobile publishing offering, AmplyFire, is doing well for the agency both in SA and several other African markets.

    Even though its a small agency (employing seven people), its clients tend to be large companies and active in the media business. Grenade effectively competes with much-larger agency businesses (a fight it seems to be winning, thanks to the founding partners' expertise in publishing and content). According to Daniels, the agency is lean but employs senior, multi-skilled personnel to manage projects.

    The agency is currently driving WordPress app development which it wants to release into the international marketplace; what with exchange rates in dollar-dominated app marketplaces favouring SA developers, he hopes this will make the business less-reliant upon project revenue. The agency is also focusing upon building its credentials in the mobile and ecommerce space.

    Daniels' five tips for agency entrepreneurs
  • Networks: "We relied heavily on existing relationships and networks for business when we launched Grenade and it's unlikely that we would have survived without this. Networks, referrals, and word of mouth are still big drivers of new business for us."
  • Cashflow: "This is a critical and well-known aspect of running any business, especially during the first 12–18 months of operation. It's particularly important for agencies and companies who are dependent on project revenue to manage their cashflow with an iron fist as this can sink you quickly."
  • Diversification: "There are many experts who believe that you should rather focus on delivering one or two products/services exceptionally well in order to be a successful business but we've found that having multiple revenue streams has helped us to get through tough times and capitalise on growth opportunities. As an agency, it also allows you to retain a direct relationship with your customers; with the only caveat being that you need to be able to deliver on all your promises, otherwise you risk damaging your reputation with customers."
  • Company culture: "This is something that is often snubbed by companies outside of Silicon Valley but, if you want to attract and retain the best talent, you need to have a great company culture where people look forward to coming to work in the mornings, during the good times and the bad. We focused on building a strong company culture from the outset and it has resulted in a low staff turnover. which has helped us to punch way above our weight as a small agency."
  • Innovation: "This has become a rather clichéd word but we've found that constantly looking at new ways of improving your business operations, optimising your existing products and services, and identifying opportunities to develop new products and services keeps you moving forward and allows you to compete with much larger companies where bureaucracy and red tape often make this difficult."
  • Herman Manson 2015Herman Manson (@marklives) is the founder and editor of MarkLives.com. He was the inaugural Vodacom Social Media Journalist of the Year in 2011 and has, over his 20-year-plus career, contributed to numerous journals and websites in South Africa and abroad, including AdVantage magazine, Men's Health, Computer World and African Communications.

    — MarkLives' round-up of top ad and media industry news and opinion in your mailbox every Monday and Thursday days. Sign up here!

    Related
    Source: Grenade: Small agency, big boom

    Pirlo warns Chelsea about what to expect from volatile Conte

    Pirlo warns Chelsea about what to expect from volatile Conte | AutoTraffic Pirlo warns Chelsea about what to expect from volatile Conte Notice: wp_deregister_script was called incorrectly. Scripts and styles should not be registered or enqueued until the wp_enqueue_scripts, admin_enqueue_scripts, or login_enqueue_scripts hooks. Please see Debugging in WordPress for more information. read moreHe's A Beast With Two Wives' – Andrea Pirlo Warns Chelsea Players About Antonio Conte's Volatile Aggro Streak Having played under him at Juventus for several years, hirsute pass-master Andrea Pirlo was wheeled out and asked what the Chelsea gang can expect with Conte at the helm. While generally singing his former gaffer's praises, Pirlo also warned that Conte ... read more

    Buy AutoTrafficRSS script now for $27 only!

    We will send the script to your PayPal email within few hours,Please add FullContentRSS@gmail.com to your email contact.
    Source: Pirlo warns Chelsea about what to expect from volatile Conte

    Pirlo warns Chelsea about what to expect from volatile Conte

    TURIN, ITALY - OCTOBER 02: Juventus FC manager Antonio Conte celebrates the victory with Andrea Pirlo at the end of the Serie A match between Juventus FC and AC Milan on October 2, 2011 in Turin, Italy. (Photo by Marco Luzzani/Getty Images)

    AC Milan and Juventus legend Andrea Pirlo has warned Chelsea of what to expect from former coach Antonio Conte, describing him as an independent beast with two wives.

    The current Italy boss is believed to be a front-runner to permanently replace Jose Mourinho at Stamford Bridge and the New York City midfielder has spoke of his admiration for someone who lives and breathes football.

    "I love the man," he was reported as saying by the Mirror. "have nothing but respect and admiration for him.

    "If you let him get on with things and follow his methods, then you will have a team that plays attractive football and will, without doubt, be successful.

    "But if you sign him as your coach and then, as the owner, you want to start making ­decisions, he is not the coach for you.

    "His life is football. I know he is up until 3 to 4am in the morning; studying videos, looking at errors, ­studying the opposition of the next game.

    "It is a good job Elisabetta is such an understanding wife. If he takes the Chelsea job then she will have plenty of time to enjoy London because he has two wives – Elisabetta and football."

    In addition to this previous praise, Pirlo also revealed Conte's aggressive nature when he is with his players, although insisted that his anger only contributes to his coaching ability.

    "The man can be a beast," Pirlo added. "A dressing room when he is angry is one of the most dangerous places you can be.

    "But I can say that Conte is a genius and like all men who possess genius, he is a little mad."


    Source: Pirlo warns Chelsea about what to expect from volatile Conte

    Saturday, February 27, 2016

    Impending ‘Michael’s Law’ to prohibit bartenders, bouncers, patrons under 21

    michaels lawMelanie Gibson & Garrett Cummings, Staff Writers

    In lax college towns across Georgia, Michael's Law is in the process of being implemented. The bill's provisions will take effect July 1 of this year.

    It is the product of the 2014 death of Michael Gatto, a Georgia Southern freshman who was assaulted at the door of Rude Rudy's, a Statesboro bar notorious for underage alcohol consumption that has since closed.

    Under this law, establishments whose profits are made 75% from alcohol will be prohibited from admitting patrons under 21. Bouncers and bartenders will also have to be 21.

    "This law isn't really going to do a lot in the long run," Armstrong student Kevin Fischer, 21, asserts. "Underagers will always find ways around authority."

    The WordPress page for Michael's Law argues that if "18-year-old[s] [are] too young and immature to drink, how can we put them in a situation to diffuse situations with [people of drinking age]?" in regards to being a bouncer.

    Similarly, "if 18-year-olds are not old enough or mature enough to drink, how can we possibly put the responsibility of safely pouring drinks on them?" in regards to being a bartender.

    Armstrong student Drew Swinson, also 21, views the new law as an "advantage," explaining that "it will help eliminate the risky immaturity that goes hand-in-hand with underage drinking."

    The new law is a disadvantage, however, to the 18 to 20-year-old employees who are at risk of losing their jobs.

    Sharon Routhier, 19, reasons that "all the law does is make it harder for underage people to get out and have fun, which usually ends in stupid stunts to get in bars or clubs with fakes."

    Routhier believes having an 18+ club would keep some of the "in-between aged people" out of trouble by providing a legal space for them to dance in.Savannah's Club Elan, which opened last February, was one of few 18+ clubs. Since news of Michael's Law, the club's employees have already shared the news via social media that they were no longer admitting 18+ attendees. Further confirmation of this news came when the club agreed to reimburse anyone under the age of 21 who purchased tickets for upcoming events online.


    Source: Impending 'Michael's Law' to prohibit bartenders, bouncers, patrons under 21

    #WordPress goes all-in with #Google's speedy pages project, enabling it for everyone

    Wordpress goes all-in with Google's speedy pages project, enabling it for everyone Click on any of the articles and it will come up immediately, with no wait. Globally introduced in October past year, the Accelerated Mobile Pages (AMP) project has been described as an open-source initiative that embodies the vision that publishers can ... read moreGoogle's quick-loading AMP pages arrive in mobile search Wordpress goes all-in with Google's speedy pages project, enabling it for everyone Basis research data has shown that people abandon websites after just three seconds if the content doesn't load quickly-which is bad not just for people trying to get what ... read more

    Google Search Results Start Highlighting AMP Pages Facebook has become an important source of news for people across the world. Downloading mobile websites can be a tedious experience plagued by pages that are built with too much code, which annoys viewers and ultimately hurts Google's ad business. read moreSFO: Sikh comedian Jus Reign forced to walk without turban in airport Wordpress goes all-in with Google's speedy pages project, enabling it for everyone The AMP framework does not affect searches in Microsoft Bing, Apple Safari, or other search engines. AMP is an initiative to make fast loading mobile webpages. read moreS. Korea, US delay official missile shield talks-Seoul Wordpress goes all-in with Google's speedy pages project, enabling it for everyone When you search for something on Google , you'll see pages that use AMP highlighted in a card and using an AMP lightning bolt. It is clear that faster loading content ... read moreLatest in Perry case: Ruling: Veto can't be curbed by courts Wordpress goes all-in with Google's speedy pages project, enabling it for everyone Consumers can now can add bold, italic, underlined, colored and highlighted text to their emails-all from inside the mobile app. Even now, Facebook's Instant Articles are ... read more'World Of Tanks Blitz' Guide - Tips For Winning Without Spending Real Money They all have relatively light armor, which makes them vulnerable but speedy. It may feel like you can't do much ... No matter what your role is, cover is your best friend. Don't go running out into open areas unless you're trying to attract attention. read morePressy Review: I Had No Clue Something Could Suck This Badly So Kickstarter was the way to go, because a bunch of unsuspecting saps would readily throw money at the project's promises, all of which sounded incredible at the time. And really, that's the problem with selling hardware on Kickstarter in the first place. read moreInside RIM: An exclusive look at the rise and fall of the company that made smartphones smart "Every year, Jim Balsillie and COO Dennis Kavelman would take all the executives to Redtail golf course for a day of R&R with great meals, great VIP service, and every year one executive would not ever go." Mike could not understand why everyone would ... read moreWhy is Chrome so important to Google? It's a 'locked-in user' Google's Chrome browser historically has looked like just another side project for the company. Sure Chrome is a speedy browser ... ends up with an equivalent or better ROI than us having to go to partnership deals. Sometimes you'll see that our TAC ... read more

    Buy AutoTrafficRSS script now for $27 only!

    We will send the script to your PayPal email within few hours,Please add FullContentRSS@gmail.com to your email contact.
    Source: #WordPress goes all-in with #Google's speedy pages project, enabling it for everyone

    How To Get Started With Accelerated Mobile Pages (AMP)

    google-amp-speed-race-fast-ss-1920Google's Accelerated Mobile Pages (AMP) project is being launched today. Are you ready for it? In today's column, I'll give you an overview of the offering and show you how to get started with it.

    What Is AMP?

    This past October, Google announced Accelerated Mobile Pages (AMP), a very accessible framework for creating fast-loading mobile web pages. The open-source initiative is designed to enable publishers to easily improve speed (and consequently, the user experience) for their mobile readership without sacrificing any ad revenue that they may rely upon.

    Although experienced developers can often achieve similar results through intensive performance optimizations, publishers often neglect this due to resource constraints. AMP allows these optimizations to be easily achieved without altering the primary mobile web experience.

    There's also the added benefit of its future usage by Google and other prominent web technology companies, who are encouraging its use by integrating it heavily into their respective platforms.

    How Does AMP Work?

    Essentially a framework for creating mobile web pages, AMP consists of three basic parts:

  • AMP HTML: A subset of HTML, this markup language has some custom tags and properties and many restrictions. But if you are familiar with regular HTML, you should not have difficulty adapting existing pages to AMP HTML. For more details on how it differs from basic HTML, check out AMP Project's list of required markup that your AMP HTML page "must" have.
  • AMP JS: A JavaScript framework for mobile pages. For the most part, it manages resource handling and asynchronous loading. It should be noted that third-party JavaScript is not permitted with AMP.
  • AMP CDN: An optional Content Delivery Network, it will take your AMP-enabled pages, cache them and automatically make some performance optimizations.
  • How Will You AMP Your Site?

    For starters, you will have to maintain at least two versions of any article page: The original version of your article page that users will typically see, and the AMP version of that page.

    Since AMP doesn't permit things such as form elements and third-party JavaScript, you likely will not be able to have lead forms, on-page comments and some other elements you may be used to having on your page in a standard implementation. (Although there is currently a hack using iframes that provides a solution to this. Thanks to Conrad O'Connell for helping me verify the hack.)

    It is also likely that you will have to rewrite your site template to accommodate the restrictions. For example, all CSS in AMP must be in-line and be less than 50KB. Due to loading-intensiveness of custom fonts, they must be loaded using a special amp-font extension, in order to better control that loading.

    Multimedia must be handled specially. For example, images need to utilize the custom amp-img element and must include an explicit width and height. (When converting a legacy website to an AMP template, this can be a major pain if the width and height attributes aren't already being used). Additionally, if your images are animated GIFs, you need to use the separate amp-anim extended component.

    Like images, there is a custom tag that must be used to embed locally hosted videos via HTML5, called amp-video. For embedding YouTube video, however — which the majority of web videos are — there is a separate extended component, amp-youtube.

    There is also support for things such as slideshows via amp-carousel and image lightboxes via amp-image-lightbox, as well social media embeds for Twitter, Instagram, Facebook, Pinterest and Vine via their own extended components.

    These tag and extended components aren't difficult to use; they just require some planning in your site design.

    In order for Google (and other technologies supporting the AMP Project) to detect the AMP version of your article, you will need to modify the original version of the article page. The original article page must include the following tag, essentially a canonical tag for AMP pages:

    <link rel="amphtml" href="http://www.example.com/blog-post/amp/">

    The AMP Discovery page also mentions that some platforms that support AMP will require Schema.org meta data to specify the content type of the page. (Currently, "article," "recipe," "review" and "video" are listed as page type examples on GitHub.)

    Moreover, it also indicates that Schema.org meta data "is a requirement to make your content eligible to appear in the demo of the Google Search news carousel." So if you're trying to get a future benefit from Google by implementing AMP, make sure you get your schema right!

    How Can I Monetize With Ads In AMP?

    The increased rise of ad blockers has made it difficult for publishers to monetize their websites. For some users, improving website load time has been an incentive to use ad blockers, which can aid in improving browsing speed. AMP may be seen as a response to this issue, with the project stating:

    A goal of the Accelerated Mobile Pages Project is to ensure effective ad monetization on the mobile web while embracing a user-centric approach. With that context, the objective is to provide support for a comprehensive range of ad formats, ad networks and technologies in Accelerated Mobile Pages.

    As a result, a number of the most popular ad networks are currently using the amp-ad extended component (with more compatibility likely on the way):

  • Amazon A9
  • AdReactor
  • Google AdSense
  • AOL AdTech
  • Google Doubleclick
  • Flite
  • Taboola
  • Adform
  • DotAndAds
  • plista
  • Smart AdServer
  • Yieldmo
  • If you want to see what these look like, examples for each ad network are provided within the .md files on AMP's GitHub page.

    If your monetization is more complex — utilizing paywalls or subscriptions — there is documentation available for implementing it within AMP, as well, using the "AMP Access" extension.

    Does AMP Have Analytics?

    Yes. In fact, analytics in AMP is very smart. To prevent multiple analytics tracking from slowing down a site, they implemented the philosophy of "measure once, report to many." There are two paths to enable analytics functionality with AMP for your website:

  • The Amp-Pixel Element: This is a simple tag that can be used to count page views as a typical tracking pixel would, using a GET request. There are a number of variables that can be passed through it, such as DOCUMENT_REFERRER and Title.
  • The Amp-Analytics Extended Component: This is a little bit more advanced than the amp-pixel. It is likely what you'll use to implement analytics on your site because it allows for a greater level of configuration for analytics interactions.
  • If you aren't trying to get Google Analytics working, amp-analytics is the way to go. You will need to add the necessary JavaScript library in the <head> and then configure it via some JSON markup in the <body> section of your page.

    If you are interested in Google Analytics in AMP, check out the Google's AMP Analytics section on their developer page. It has several examples of implementations.

    What Will AMP Look Like On Google?

    Google has provided a demo of what an AMP feature would look like in the SERP. You can try it out by navigating to g.co/ampdemo on your mobile phone (or emulate it within Chrome Developer Tools). Then, search for something like "Mars." You will see a carousel toward the top with AMP articles.

    Click on one for a reading experience embedded in the SERP. You can swipe right or left to read another AMP-enabled article. It's a different experience from simply navigating to a publisher's AMP page.

    example of accelerated mobile pages in serp, provided by Google

    Several major publishers can be found within the demo, such as The Guardian (example AMP page) and The Washington Post (example AMP page).

    How Do I Get Started With AMP In WordPress?

    One of the easiest ways to get your hands dirty with AMP right now is to implement it on a WordPress website. An official plugin is being developed by Automattic/WordPress, and it is frequently being updated on GitHub.

    Step 1: Install The Official WordPress Plugin

    To get started, head over to the amp-wp GitHub page and click the "Download ZIP" button.

    download amp wordpress plugin from github

    You can install this on your WordPress site just as you would any other WordPress plugin.

    Once it's installed, you simply need to append "/amp/" to an article page (or, if you don't have nice permalinks, you can alternatively append "?amp=1").

    Step 2: Validate & Tweak

    Eventually, the Google Search Console should pick up on the AMP version of your articles via the rel="amphtml" tag appended by the plugin, allowing easy validation of articles in bulk. The only problem with it, in my experience thus far, is that it doesn't detect changes very quickly. If you fix something, the correction may not show up for days.

    example of validating accelerated mobile pages using google search console

    I recommend using a combination of the Search Console and Chrome validation process. To use the Chrome validation process, go to one of your AMP pages in Chrome and append "#development=1" to the end of the URL. Hit Control + Shift + I to open Chrome Developer Tools and head over to Console.

    You may need to refresh the page, but once you do, it will either say "AMP validation successful" or give you a list of issues to fix.

    using chrome developer tools to validate accelerated mobile pages

    More than likely, simply installing the WordPress plugin will not be enough, and you will have to go through and validate all of the pages you'd like to benefit from Accelerated Mobile Pages.

    Depending on how your articles are formatted, you may need to make some changes in order to get the AMP pages to validate. The most common problems I personally experienced were with specifying height and width attributes for images and correcting old YouTube embed codes that weren't using https.

    Step 3: Get Schema Markup To Validate

    As previously mentioned, it is also important to have valid schema markup on your AMP pages. To test your pages for valid markup, you can use Google's Structured Data Testing Tool. I had some issues with WordPress not displaying a publisher logo and needed to make the following modification to the plugin.

    Edit the class-amp-post-template.php file, either via FTP or within your WordPress Dashboard (go to Plugins > Editor and then select "AMP") and change:if ( $site_icon_url ) {$metadata['publisher']['logo'] = array('@type' => 'ImageObject','url' => $site_icon_url,'height' => self::SITE_ICON_SIZE,'width' => self::SITE_ICON_SIZE,);}

    to:$metadata['publisher']['logo'] = array('@type' => 'ImageObject','url' => 'http://domain.com/wp-content/uploads/logo-60.png','height' => 60,'width' => 170,);

    Make sure to replace the URL with a path to your own publisher logo and to specify height and width in pixels. You can find information for relevant markup here, which specifies that "ideally, logos are exactly 60px tall with width <= 600px."

    Step 4: Getting Google Analytics Working With The AMP WordPress Plugin

    What good is a website if you can't track it with analytics? The AMP WordPress plugin doesn't enable amp-analytics out of the box, but it's fairly straightforward to enable.

    To enable the AMP WordPress plugin to work with Google Analytics, edit the amp-post-template-actions.php (different file from that previously mentioned) file, either via FTP or within your WordPress Dashboard (go to Plugins > Editor and then select "AMP"), and add the following to the end of it:

    Make sure you change UA-XXXXX-Y to represent your website's Google Analytics property ID.

    Now, re-validate your AMP pages, and you should have a basic AMP setup with tracking enabled for your WordPress website.

    Conclusion

    AMP provides a relatively easy way to improve the speed of mobile websites for publishers. With the end of February approaching, and the Google News Lab conducting regular office hours via Hangouts, we can expect to Google to roll out its integration soon. In what appears to be a response to the AMP Project's momentum, even Facebook may be reacting. It recently decided to open Instant Articles to all publishers.

    Are you a publisher? If so, you need to start thinking about Accelerated Mobile Pages.

    Exciting new tech is coming. Are you AMPed?

    Some opinions expressed in this article may be those of a guest author and not necessarily Search Engine Land. Staff authors are listed here.

    About The Author Paul Shapiro is an Organic Search Director for Catalyst in Boston. Paul loves to get down and dirty with innovative SEO strategies. He also enjoys watching old horror movies, programming, collecting ancient artifacts, and writing about SEO on his blog, Search Wilderness. (Some images used under license from Shutterstock.com.)
    Source: How To Get Started With Accelerated Mobile Pages (AMP)

    Elegant Themes #WordPress Theme Author Fixes Dangerous Vulnerabilities

    Elegant Themes WordPress Theme Author Fixes Dangerous Vulnerabilities Elegant Themes, a company that provides WordPress themes and plugins, has issued a security alert regarding two of its themes and three plugins that would allow attackers to change site content or plugin settings. An unnamed security researcher discovered ... read moreICYMI: WordPress XSS flaw, costly breaches & the return of Snooper's Charter This week a flaw was found in the genericons WordPress package which creates vulnerabilities in any plug-in or theme which uses ... we aren't seeing much dangerous mobile or IoT malware because it's not profitable", said report author James Moar. read more

    The Last Mission The memo's theme was one of Holbrooke's obsessions ... Sign up for the daily newsletter.Sign up for the daily newsletter: the best of The New Yorker every day. read moreHackers attack zero-day flaw in WordPress themes Malicious hackers have pounced on a zero-day vulnerability in a widely used image-resizing utility that ships with themes for the popular WordPress blogging platform. The timthumb utility, used to handle cropping, zooming and resizing web images ... read moreSwarm of WordPress plugins susceptible to potentially dangerous exploits More than a dozen WordPress ... to patch vulnerabilities that allow attackers to inject potentially dangerous commands into the browsers of people visiting trusted websites. Administrators responsible for WordPress sites should make sure the fixes are ... read moreMicrosoft pushing fix for dangerous Sandworm vulnerability. Reminder: Don't open attachments from untrusted sources According to iSight Partners, who announced the vulnerability in conjunction with Microsoft, Microsoft will be pushing out a patch today. Sandworm has been used to attack computers in NATO and across the European Union. It is considered very dangerous ... read moreWordPress Releases New Major Update 'Clifford' Following Redesign A major improvement is that WordPress users can now create responsive images, without the need for third party plugins. Until now third party plugin or themes were needed ... These updates will fix security vulnerabilities as and when they are discovered. read moreThe Top 10 WordPress Security Tips bug fixes and security fixes. These help your site remain safe against easy-to-exploit vulnerabilities. 2. Run the Latest Versions of Themes and Plugins However, running the latest version of WordPress is not enough – your site's plugins and themes ... read moreFirefox 41: Mozilla modifies how icon fonts are handled by the browser Many websites use icon fonts, Font Awesome or Octicons, to display icons. The WordPress theme used here on Ghacks uses Font Awesome for some icons, the comment bubble for instance. If the font is not downloaded when the site is accessed in the browser ... read moreRants and Raves: Lisbeth Salander This isn't so much a rant as it is an observation. I want to highlight the difference between how the character of Lisbeth Salander was presented to us in the Swedish film "The Girl with the Dragon Tattoo" (2009) and how she is being represented by Rooney ... read more

    Buy AutoTrafficRSS script now for $27 only!

    We will send the script to your PayPal email within few hours,Please add FullContentRSS@gmail.com to your email contact.
    Source: Elegant Themes #WordPress Theme Author Fixes Dangerous Vulnerabilities

    Friday, February 26, 2016

    10 Helpful Tips for the New Blogger

    This is my second time writing this post because I didn't save it the first time...so my first tip for the new blogger is save early and save often! 

    February 21 was my official 1 year Blogiversary. I've been celebrating all month by writing a blog series in February. Hopefully 5 Reasons I Blog and Why You Should Too has convinced you that you have a unique story to share with the world. Here are simple step by step instructions for how to start a blog.

    There are a lot of mistakes and times when I have felt overwhelmed this past year. Hopefully these 10 helpful tips for the new blogger will save you time and prevent headaches!

    10 Helpful Tips for the New Blogger

    *Some of the links below are affiliate links, meaning, at no additional cost to you, I will earn a small commission if you choose to make a purchase. Thank you for your support in this way!

  • WRITE DOWN ALL PASSWORDS
  • You know the common advice - Don't write down your passwords? They were not bloggers. As you enter the world of blogging, there will be many, many username and passwords. Write them ALL down! Trust me, you won't remember them. Start with writing down your BlueHost* and WordPress Admin usernames and passwords.

  • SET UP YOUR SOCIAL MEDIA ACCOUNTS
  • Once you've figured out the name (ex: Setting My Intention) and tagline (ex: Simplifying Life One Step at a Time) for your blog, set up your blog social media accounts. You shouldn't try to be active on all social media accounts at once, but you do want to claim the names that go with your blog. The main ones are usually Facebook, Twitter, Pinterest, and Instagram.

  • CHOOSE 1 PLACE TO WRITE ALL YOUR NOTES AND IDEAS.
  • I started blogging with a mostly unused marble composition book...then it became two. Now I have notes all. over. the. place! The problem was I was listening to podcasts while walking, or working, and didn't have my notebook with me - so I wrote on post-it notes or a piece of paper. It's out of hand.

    I've finally printed out a blogging binder and I'm determined to keep all notes in one spot. I've found I needed a place to jot things down I learn from podcasts, webinars, or books I'm reading; blog post ideas; passwords; and monthly blog statistics. Most blogging binders have those pages and much more.

    There are some really nice free blogging printables. I have a board on Pinterest specifically for free blogging printables here. You can print them out and put them in a binder so everything will be in one place.  Tanya at Mom's Small Victories has a lovely free electronic blogging binder for those of  you who want to go paperless.

  • SPEND SOME TIME ENVISIONING WHO YOUR TARGET READER IS.
  • I was first encouraged to do this by Kat Lee's podcast - How They Blog. It was helpful to think through who I was writing for. Are you writing for moms? professionals? DIYers? singles? students? What is their life like? What problems do they have in their life? What will they gain by reading your blog? Your content will be more focused if you know who you're writing for.

  • FOCUS ON BUILDING GREAT CONTENT.
  • This is stressed over and over again for beginning bloggers and for good reason. Don't worry about the numbers of people who are visiting or how many comments you have. Just write great posts that help people in some way. You may help someone by giving them tools to start meal planning,  by making them laugh, or simply by making them feel less alone.

    I've heard people say they try to have 5-10 posts written before "going live" with their blog. I jumped in and hit publish after my first blog post. However, I didn't let family and friends know about my blog until several months had passed.

     6. MAKE AN ABOUT PAGE

    This is the place where you can let readers know a little more detail about yourself and your blog. Just the act of writing this page will help you to think through what the purpose is behind your blog. Throw in some fun facts about yourself and let your personality shine!

  • BE CONSISTENT IN POSTING
  • Figure out ahead of time how frequently you can commit to new posts and let people know in your About Page. Don't start out saying you'll be posting 5 days a week and only post once a week. Start out with a conservative number and change it later if you find you're able to post more frequently.

  • TO SHARE OR NOT TO SHARE ABOUT YOUR PERSONAL LIFE
  • On Setting My Intention, you won't see many photos of my family or their names and that's an intentional choice. I've chosen to blog, but they haven't. One of my sons is adamant about NOT being shown on the blog. I respect that. Figure out what feels right for you.

  • LIMIT THE NUMBER OF FACEBOOK BLOGGING GROUPS YOU JOIN
  • There are a lot of groups for bloggers. They are a great resource, but they can also be overwhelming and distracting! There are groups for asking questions and there are groups for sharing each other's content.

    I've found The SITS Girls,  Inspired Bloggers Network, or Learn to Blog great resources for when you have questions for more experienced bloggers. Each of these groups has free resources that are SO helpful. It's also a great way to make connections with other bloggers. Start with only one though! You'll get overwhelmed if you join more than one when you're just beginning.

  •  INSTALL GOOGLE ANALYTICS
  • You can get a unique code here that needs to be installed on your blog. WordPress for Beginners has a tutorial to do that here. I happened to use a plugin which did it for me, because I did not want to mess with code.

    Eventually if you want to monetize, you will need Google Analytics (GA) to know your numbers and figure out how much to charge based on traffic to your blog.

    After a year of blogging, these are 10 tips for the beginner blogger. I'm constantly learning new things everyday - and that's what makes blogging fun!

    If you're a blogger, what advice would you pass on from your first year?

    Angela is a wife, mom, and works part time outside of the home. Not a minimalist by nurture or nature, but seeking to simplify life one step at a time. She blogs at http://settingmyintention.com


    Source: 10 Helpful Tips for the New Blogger

    Funio Launches First #WordPress #Hosting Service Using Container Technology, Powered by Kubernetes and Docker

    Funio Launches First WordPress Hosting Service Using Container Technology, Powered by Kubernetes and Docker | AutoTraffic Funio Launches First WordPress Hosting Service Using Container Technology, Powered by Kubernetes and Docker MONTREAL, Feb. 22, 2016 /PRNewswire/ -- Funio, part of Internap Corporation (INAP), a provider of powerful, safe and managed hosting solutions, today announced the availability of its Managed WordPress Hosting solution, a new generation of web hosting ... read moreFunio Launches First WordPress Hosting Service Using Container Technology, Powered by Kubernetes and Docker MONTREAL, Feb. 22, 2016 /PRNewswire/ -- Funio, part of Internap Corporation (NASDAQ: INAP), a provider of powerful, safe and managed hosting solutions, today announced the availability of its Managed WordPress Hosting solution, a new generation of web ... read more

    Buy AutoTrafficRSS script now for $27 only!

    We will send the script to your PayPal email within few hours,Please add FullContentRSS@gmail.com to your email contact.
    Source: Funio Launches First #WordPress #Hosting Service Using Container Technology, Powered by Kubernetes and Docker

    Google On AMP As a Ranking Signal

    Google has been talking up Accelerated Mobile Pages (AMP) for months, promising a February launch date for when it would start sending search traffic from Google results to pages using it. Many are no doubt wondering if utilizing AMP will give them a ranking boost. Well, Google addressed that.

    Have you set up AMP for your site yet? How was the experience? Discuss.

    Earlier this week, Google began showing AMP results in search results. In fact, this came a day earlier than expected and earlier than when Google actually made the announcement. We posted about it prior to the announcement, but let's take a moment and look at what Google has said since then.

    The announcement came on Wednesday. Google said:

    In just over four months, AMP has come a long way, with hundreds of publishers, scores of technology companies and ad-tech businesses all taking part in this joint mission to improve the mobile web for everyone. And starting today, we'll make it easy to find AMP webpages in relevant mobile search results, giving you a lightning-fast reading experience for top stories.

    Now when you search for a story or topic on Google from a mobile device, webpages created using AMP will appear when relevant in the Top Stories section of the search results page. Any story you choose to read will load blazingly fast—and it's easy to scroll through the article without it taking forever to load or jumping all around as you read. It's also easy to quickly flip through the search results just by swiping from one full-page AMP story to the next.

    According to the company, pages built with AMP load an average of four times faster and use 10 times less data than equivalent non-AMP pages.

    The company didn't mention AMP as a ranking signal in the announcement. Word around the industry was that Google would likely make it one. At launch, however, it is not. Still, that doesn't mean it won't become one.

    During a recent webmaster hangout, Google's John Mueller was asked about this. Here is what he said (via Search Engine Roundtable):

    AMP a ranking signal...At the moment, it's not a ranking signal. So it's obviously one way to make mobile friendly pages, so that might be an option where I've already seen some sites where they've moved their whole website to the AMP format, and obviously that's a mobile-friendly set-up, so that kind of gets that mobile-friendly boost, but just AMP itself is not something that we have as a ranking signal at the moment.

    Mobile-friendly was of course announced as a ranking signal roughly a year ago. Even if AMP isn't directly a ranking signal on its own, it will naturally put you on the path of another ranking signal.

    In fact, stands to reason that it will help you out beyond just mobile-friendly, but also with page speed, which Google announced as a ranking signal quite some time ago.

    This week, WordPress.com sites began supporting AMP automatically, and there's a new plugin for self-hosted WordPress sites. From the WordPress.org plugin directory:

    With the plugin active, all posts on your site will have dynamically generated AMP-compatible versions, accessible by appending /amp/ to the end your post URLs. For example, if your post URL is http://example.com/2016/01/01/amp-on/, you can access the AMP version at http://example.com/2016/01/01/amp-on/amp/. If you do not have pretty permalinks enabled, you can do the same thing by appending ?amp=1, i.e. http://example.com/2016/01/01/amp-on/?amp=1

    Note #1: that Pages and archives are not currently supported.

    Note #2: this plugin only creates AMP content but does not automatically display it to your users when they visit from a mobile device. That is handled by AMP consumers such as Google Search.

    You can find an FAQ page for AMP here.

    Do you intend to support AMP with your site? Do you already? Let us know in the comments.

    Image via Google/AMP

    Comments
    Source: Google On AMP As a Ranking Signal

    #WordPress joins movement toward HTTPS encryption

    WordPress joins movement toward HTTPS encryption The popular blogging platform WordPress is about to make its corner of the Internet more secure as it begins to enable encryption by default on 600,000 custom Wordpress.com domains. The move to embrace HTTPS encryption – the secure form of the Internet ... read moreWordPress joins movement toward HTTPS encryption The popular blogging platform WordPress is about to make its corner of the Internet more secure as it begins to enable encryption by default on 600,000 of its Wordpress.com-hosted sites. The move to embrace HTTPS encryption – the secure form of the ... read more

    Who's Right In Apple's Fight with the FBI? However, encryption technology is blocking the government from accessing ... For more on the case's implications for privacy and national security, we invited two experts to join us for a debate. James Andrew Lewis, director of the strategic ... read moreTwitter Attacks Clinton's Record With #WhichHillary But the hashtag isn't just being fueled by the Black Lives Matter movement. It's also getting ... My message before the debate. Join me tonight for my Twitter Town Hall! #GOPDebate https://t.co/B9PQnm8Y7k It looks like Paul's protest worked out ... read moreAre FTP Programs Secure? If you're not familiar with the term chroot, it's a way of limiting user movement ... that encryption requires. However, switching to FTPS does come at a cost (and a price). Using FTPS involves generating either a self-signed SSL certificate, or ... read moreAutomattic will secure all WordPress.com subdomains with SSL by the end of the year WordPress creator Automattic ... in Reset the Net, a movement that asks the Web community to fight exploitable holes in encryption software by providing better cyber security — this includes the use of SSL encryption standards. read moreU.K. Gov't: No End-To-End Encryption Please, We're British… "There is an alarming movement towards end-to-end encrypted ... So current U.K. government policy on encryption can be summed up as: no encryption ban, no government-mandated backdoors, but no end-to-end encryption please, we're British… In short ... read moreMicrosoft study finds everybody wants DevOps but culture is a challenge He also says that you know, users of the Microsoft platform are uniquely positioned to better join the movement toward agile, flexible development and management thanks to the extensibility of Microsoft tools on the Microsoft platform, especially once ... read moreWhy Donald Trump Isn't Going Away Britain's Labour Party has been devastated by the rise not only of the leftist Scottish National Party, but also by UKIP, a movement of the right that has been growing at Labour's expense by campaigning against mass immigration, and by largely ... read more

    Buy AutoTrafficRSS script now for $27 only!

    We will send the script to your PayPal email within few hours,Please add FullContentRSS@gmail.com to your email contact.
    Source: #WordPress joins movement toward HTTPS encryption

    Thursday, February 25, 2016

    Elegant Themes #WordPress Theme Author Fixes Dangerous Vulnerabilities

    Elegant Themes WordPress Theme Author Fixes Dangerous Vulnerabilities Elegant Themes, a company that provides WordPress themes and plugins, has issued a security alert regarding two of its themes and three plugins that would allow attackers to change site content or plugin settings. An unnamed security researcher discovered ... read moreICYMI: WordPress XSS flaw, costly breaches & the return of Snooper's Charter This week a flaw was found in the genericons WordPress package which creates vulnerabilities in any plug-in or theme which uses ... we aren't seeing much dangerous mobile or IoT malware because it's not profitable", said report author James Moar. read more

    The Last Mission The memo's theme was one of Holbrooke's obsessions ... Sign up for the daily newsletter.Sign up for the daily newsletter: the best of The New Yorker every day. read moreHackers attack zero-day flaw in WordPress themes Malicious hackers have pounced on a zero-day vulnerability in a widely used image-resizing utility that ships with themes for the popular WordPress blogging platform. The timthumb utility, used to handle cropping, zooming and resizing web images ... read moreSwarm of WordPress plugins susceptible to potentially dangerous exploits More than a dozen WordPress ... to patch vulnerabilities that allow attackers to inject potentially dangerous commands into the browsers of people visiting trusted websites. Administrators responsible for WordPress sites should make sure the fixes are ... read moreWordPress Releases New Major Update 'Clifford' Following Redesign A major improvement is that WordPress users can now create responsive images, without the need for third party plugins. Until now third party plugin or themes were needed ... These updates will fix security vulnerabilities as and when they are discovered. read moreMicrosoft pushing fix for dangerous Sandworm vulnerability. Reminder: Don't open attachments from untrusted sources According to iSight Partners, who announced the vulnerability in conjunction with Microsoft, Microsoft will be pushing out a patch today. Sandworm has been used to attack computers in NATO and across the European Union. It is considered very dangerous ... read moreThe Top 10 WordPress Security Tips bug fixes and security fixes. These help your site remain safe against easy-to-exploit vulnerabilities. 2. Run the Latest Versions of Themes and Plugins However, running the latest version of WordPress is not enough – your site's plugins and themes ... read moreFirefox 41: Mozilla modifies how icon fonts are handled by the browser Many websites use icon fonts, Font Awesome or Octicons, to display icons. The WordPress theme used here on Ghacks uses Font Awesome for some icons, the comment bubble for instance. If the font is not downloaded when the site is accessed in the browser ... read moreFast PHP Routing with PHRoute router->post('book', function(){ $db = getPDOInstance(); $bookData = $_POST; $sql = 'INSERT INTO table_name (id, title, isbn, year, pages, author_id, category_id) VALUES (NULL, :title, :isbn, :year, :pages, :author_id, :category_id);'; $params = array ... read more

    Buy AutoTrafficRSS script now for $27 only!

    We will send the script to your PayPal email within few hours,Please add FullContentRSS@gmail.com to your email contact.
    Source: Elegant Themes #WordPress Theme Author Fixes Dangerous Vulnerabilities

    Better WordPress Development Workflow with WordPlate

    Composer is a fantastic tool that is widely used in modern PHP development to handle your project dependencies. It helps to install and update all related packages or dependencies of your project. Although it is not primarily used in WordPress core yet, as developers we can still take advantage of Composer to bootstrap our WordPress applications.

    For references and documentation on using Composer alongside WordPress, I cannot recommend highly enough Rarst's Composer site. It is a great resource to learn how Composer can be integrated to WordPress in many different ways. Recently, there has also been a few projects that aim to simplify the WordPress setup using Composer such as WP Starter and WordPlate.

    According to the official WordPlate website, WordPlate is described as a:

    WordPress framework built with Laravel and Symfony components. With a familiar setup for every Laravel enthusiast. Following the don't repeat yourself principle.

    WordPlate

    WordPlate is a WordPress boilerplate that takes the idea of managing your WordPress site completely with Composer, and eases up various parts of the development with popular packages from Packagist such as PHP dotenv and Symfony components. The rest of the article will focus on WordPlate, specifically the latest release version of 3.1.0 at the time of writing.

    This tutorial assumes that you have a working web server, either locally or remotely with SSH access to use the command line. You are also expected to be comfortable working on command line to follow the tutorial.

    Prerequisites

    WordPlate requires at least PHP version 5.5.9 with mbstring extension, so for older PHP installation, an update is required. To check on your installed PHP version, simply run the command:

    php -v

    and it will show whatever version of PHP you currently have.

    There are also few other things that need to be installed beforehand which are:

  • Composer
  • Node.js and gulp.js
  • Installing Composer

    To install Composer on Linux or Unix system, simply type the command

    curl -sS https://getcomposer.org/installer | php mv composer.phar /usr/local/bin/composer

    The second line is optional, so that you can simply reference composer in your terminal instead of php composer.phar when using Composer. For other systems, please refer to Composer documentation.

    To verify you have installed Composer correctly, type in this command in your terminal, and you should be able to see the installed version of Composer with all available commands.

    composer -v Installing Node.js and gulp.js

    Node.js can be downloaded, or installed from the source code depending on your operating system by visiting the Node.js download page while gulp.js can be installed by simply running this command:

    npm install --global gulp

    npm should be available to use once you have Node.js successfully installed. You can find more info on installing gulp.js on their documentation page.

    Now, typing in node -v should return the correct version of installed Node.js if everything goes well.

    Installation

    Now that you have got all the required dependencies out of your way, let's take a look at actually installing and using the WordPlate itself. Type in the command:

    composer create-project wordplate/wordplate

    This will tell Composer to download WordPlate into the current directory. You should see the output similar to this:

    Installing wordplate/wordplate (3.1.0) - Installing wordplate/wordplate (3.1.0) Downloading: 100% Created project in /srv/www/wordplate > php -r "copy('.env.example', '.env');" Loading composer repositories with package information Installing dependencies (including require-dev) - Installing johnpbloch/wordpress-core-installer (0.2.1) Loading from cache - Installing composer/installers (v1.0.22) Loading from cache - Installing vlucas/phpdotenv (v2.2.0) Loading from cache - Installing symfony/polyfill-mbstring (v1.0.1) Downloading: 100% - Installing symfony/var-dumper (v3.0.1) Downloading: 100% - Installing symfony/finder (v3.0.1) Downloading: 100% - Installing psr/log (1.0.0) Loading from cache - Installing symfony/debug (v3.0.1) Downloading: 100% - Installing symfony/console (v3.0.1) Downloading: 100% - Installing johnpbloch/wordpress (4.4.1) Downloading: 100% - Installing doctrine/inflector (v1.1.0) Loading from cache - Installing illuminate/contracts (v5.2.7) Downloading: 100% - Installing illuminate/support (v5.2.7) Downloading: 100% - Installing illuminate/container (v5.2.7) Downloading: 100% - Installing illuminate/filesystem (v5.2.7) Downloading: 100% - Installing illuminate/config (v5.2.7) Downloading: 100% - Installing filp/whoops (2.0.0) Downloading: 100% - Installing wordplate/framework (3.1.0) Downloading: 100% - Installing roots/soil (3.6.2) Loading from cache symfony/var-dumper suggests installing ext-symfony_debug () symfony/console suggests installing symfony/event-dispatcher () symfony/console suggests installing symfony/process () illuminate/support suggests installing jeremeamia/superclosure (Required to be able to serialize closures (~2.2).) illuminate/support suggests installing paragonie/random_compat (Provides a compatible interface like PHP7's random_bytes() in PHP 5 projects (~1.1).) illuminate/support suggests installing symfony/polyfill-php56 (Required to use the hash_equals function on PHP 5.5 (~1.0).) illuminate/support suggests installing symfony/process (Required to use the composer class (2.8.*|3.0.*).) illuminate/filesystem suggests installing league/flysystem (Required to use the Flysystem local and FTP drivers (~1.0).) illuminate/filesystem suggests installing league/flysystem-aws-s3-v3 (Required to use the Flysystem S3 driver (~1.0).) illuminate/filesystem suggests installing league/flysystem-rackspace (Required to use the Flysystem Rackspace driver (~1.0).) filp/whoops suggests installing whoops/soap (Formats errors as SOAP responses) Writing lock file Generating autoload files > php plate salts:generate WordPress security salts set successfully.

    With a single command, various tasks have been done including downloading the latest version of WordPress, downloading all required packages such as Soil, PHP dotenv and a bunch of Symfony and Laravel packages.

    Since WordPlate uses Elixir for frontend assets compilation, all dependencies in the package.json need to be installed as well. Run this command in the terminal, within the directory of WordPlate, to tell npm to install all dependencies.

    cd wordplate npm install

    When that is done, you should have all required dependencies, both from Composer and Node.js downloaded into the vendor and node_modules directories respectively.

    Directory Structure

    It is a good idea to familiarise yourself with the directory structure within WordPlate since you won't find the default wp-content, wp-admin, wp-includes and all the other related wp- file in the root directory of your project.

    If your installation works correctly, this is what you should be seeing inside the main working directory.

    - bootstrap/ - config/ - node_modules/ - public/ - resources/ - vendor/ - .editorconfig - .env - .env.example - .gitignore - composer.json - composer.lock - gulpfile.babel.js - LICENSE - package.json - plate - README.md

    Let's go through each folders and files, and see how each of them is related to WordPlate.

  • bootstrap – Contains autoload.php that does the autoloading of Composer package, as well as instantiating the WordPlate app.
  • config – Contains several files that affect how the WordPress site works, which will be discussed more in next section.
  • node_modules – Automatically created directory by npm that contains all Node.js dependencies.
  • public – The actual site, which contains files that you would expect from a normal installation of WordPress, with a slight tweak due to Composer usage. Themes defined in composer.json will be installed to public/themes/ directory, and plugins will go into public/plugins directory as per the configuration in composer.json. WordPress is contained in a separate directory of public/wordpress.
  • resources – Contains all the scripts, styles and images that will be processed by Elixir into a specified output folder, usually the theme assets folder.
  • vendor – Automatically created directory by Composer, that stores all dependencies defined in composer.json.
  • .editorconfig – Standard editor config file that can be loaded into your favourite text editor. Learn more at editorconfig.org.
  • .env – Used by phpdotenv to store all general site configuration. Here you can define the WordPress database access, mailer settings and salt keys.
  • .env.example – Provide a sample .env of expected configurations in case we need to create another .env file based on a different environment.
  • .gitignore – Standard .gitignore file. By default, it ignores node_modules, vendor and few other files that have sensitive information like .env file. Note that the public plugin, theme and WordPress folder are also excluded from being tracked by Git since they are all managed via Composer.
  • composer.json – Standard composer.json with a few settings adapted to WordPress configuration. All themes and plugins should be defined here in order to be installed.
  • composer.lock – Used internally by Composer to keep track of the dependencies.
  • gulpfile.babel.js – Provides configuration for Elixir to manage the assets compilation inside the resources folder.
  • LICENSE – A copy of MIT license.
  • package.json – Node.js dependencies are defined here, mostly gulp related packages that are used by Elixir.
  • plate – Provide basic command to manage WordPlate via CLI.
  • README.md – Project README file.
  • Configuration

    At this point, you will have WordPress and all other dependencies downloaded, but the WordPress site is not installed yet. Before configuring it, we will need to:

  • Point the document root of your http server (nginx, apache or others) to the WordPlate public folder.
  • Create a database for WordPress to use with user that has privilege to said database.
  • Once you've done both, change the database access appropriately located in the .env file. You wouldn't need to touch the wp-config.php file since it will all be managed inside this single file instead. You can then proceed to the usual process of WordPress installation by selecting the preferred language, and few other site details in the installation wizard.

    Upon logging in into the WordPress dashboard, you will notice that the dashboard has been stripped down to bare essentials.

    Here are some screenshots of what you're supposed to see in WordPress dashboard out of the box.

    Theme page:

    WordPlate Theme

    Dashboard:

    WordPlate Dashboard

    Installed plugins:

    WordPlate Plugins

    Add new post:

    WordPlate

    Configuration via .env File

    .env file located in the root directory provides a site-wide configuration specific to your installation. As you saw before, this is the place where we can put in the database access details. The WordPress salts should also have been configured for you and stored. Things that can be configured inside the .env file are not limited to what is stated in the .env.example, as you can always introduce your own configuration key inside it.

    I will not go into detail about how phpdotenv works, but essentially, you can access the configuration settings via env function, or the $_ENV and $_SERVER superglobals. There are a few examples in the wp-config.php file on how the configuration is loaded.

    There are 10 files located inside the config folder that determines how your site works. Each of them already contains helpful comments as to what they control, but it is a good idea to go through them one by one for clarification.

  • dashboard.php – Controls which widgets are enabled on the dashboard. Comment the specific line to enable the widget (disabled by default).
  • editor.php – Controls how the new post screen looks. You can customize the TinyMCE toolbar, media compression settings as well as which metaboxes that should appear on this screen.
  • footer.php – Controls the text at the footer.
  • login.php – Can be used to change the logo on login page, as well as error message on failed login.
  • mail.php – Configures how WordPress sends out your mail, by default it is configured to send all mail via mailtrap.
  • menus.php – Controls both the admin sidebar and admin menu bar links, as well as disabling Help and Screen Options tab by default. Comment to re-enable preferred links.
  • options.php – Only controls one option for now, which is permalink structure of the site.
  • plugins.php – Set auto activation of plugin when installed by default, and can be changed accordingly.
  • themes.php – Usually the main file that you will need to configure. Controls the site description, timezone and other useful settings.
  • widgets.php – Contains list of built-in widgets that are disabled by default by WordPlate. Comment specific line to re-enable the widget.
  • All files in config directory are well documented, and should be sufficent to understand how it works.

    Plugins and Themes

    By default, WordPlate requires roots/soil package that is used in the default WordPlate theme for various frontend cleanup tasks. Other than that, you are free to install any other plugin as usual, via Composer since WordPlate already configures WordPress Packagist for you.

    For the uninitiated, WordPress Packagist is a mirror for the official plugins and themes directory, with the difference being that all plugins and themes from WordPress Packagist contain composer.json file which means, all of them are available to be installed normally via Composer.

    Managing plugins and themes installations and updates via Composer means that the backend administration for managing themes and plugins won't be used anymore.

    Installing Plugins and Themes

    All you need to do is to define your desired plugins/themes to be installed inside the require section of the composer.json. There is already an example of roots/soil being included which is installed by default.

    For example, to install Yoast WordPress SEO plugin, simply append the require section with the name of plugin and specific version to install.

    ... "require": { "php": "^5.5.9 || ^7.0", "wordplate/framework": "3.1.*", "roots/soil": "^3.6", "wpackagist-plugin/wordpress-seo": "3.0.7" //new addition } ...

    Note that composer.json needs to be a valid json, so the comment in the example above is only to illustrate the change that needs to be done. Then, in your terminal, simply run composer update and Composer will fetch the plugin for you.

    The same concept is applied for installing and updating themes. For example, to install the latest version of Twenty Sixteen, add this line into your require section of composer.json and run composer update again.

    ... "require": { "php": "^5.5.9 || ^7.0", "wordplate/framework": "3.1.*", "roots/soil": "^3.6", "wpackagist-plugin/wordpress-seo": "3.0.7", "wpackagist-theme/twentysixteen": "1.1" //add new theme } ... WordPlate Default Theme

    In addition to that, WordPlate also ships with a custom themes. There is nothing much out of the box, with no styling at all. It is because the theme serves a purpose as a starting point that you can use to develop your theme from, with nice defaults. It also demonstrates the use of roots/soil package inside the theme's functions.php file.

    Plates CLI

    Plates CLI offers another way to manage some aspects of your site via command line. At the time of writing, it is quite limited but surely the list of available commands will grow in the future.

    Here are three commands available to be used.

  • php plate list – Lists all available commands, and few other options also come with it.
  • php plate help <command-name – Displays helpful information for a given command.
  • php salts:generate – Generates WordPress security salt keys which are defined inside the .env file.
  • Conclusion

    Composer is a useful tool that has been adopted by developers for many years now to develop modern PHP applications. Although it is not supported natively by WordPress core yet, there is no reason to not start using it as it offers a powerful development workflow with thousand of packages available to be used alongside WordPress itself.

    Integrating Composer with WordPress requires a bit of work, but WordPlate has already provided a nice starting point without too much hassle to get you started.


    Source: Better WordPress Development Workflow with WordPlate