Needless to say: if you are a WordPress website owner, you should update now, if you didn’t already. Also, be sure to backup your website, if you didn’t do it recently!
To Backup your website is always important before installing Core updates. This prevents issues (such as your website becoming broken or unbrowsable) from rising, especially with Plugins, as they may not always be 100% compatible with the new version.
Cross-site scripting vulnerabilities (XSS), mostly.
This is a short list of the main bugs that have been found and that the 4.8.2 update fixes, along with a brief explanation, where needed:
Cross-site scripting (XSS) vulnerabilities were discovered:
An open redirect was discovered on the user and term edit screens.
Through open redirects an attacker may successfully launch a phishing scam and steal user credentials. This can happen by redirecting the victim to links identical to the original site, so to have a more trustworthy appearance.
There are other 7 maintenance fixes. If you are interested, you can check the full Release Notes for WordPress 4.8.2 directly from their website.
We are available to chat with you over these and other WordPress related issues anytime. Contact us!
Let us help you find what you need! Fill our secure form!
As SiteLock shows, WP-Base-SEO does a very good job in faking legitimacy, providing references to the official WordPress Plugin Database and instructions on how to use the plugin properly.
Still, digging deeper in the main PHP files of the plugin, they found out a base64 eval request. It’s a PHP function very often used for malicious purposes and, as such, its use is disregarded by PHP.net. In this case, it opens up backdoor access to the website.
Just to provide an example, in April, 2016 an outdated version of WordPress RevSlider image slider plugin, was held responsible for 2.5 terabytes data leak that went under the name of “Panama Papers”.
How to increase your WordPress website Security?
As always:
Keep the WordPress Core updated to the latest version
Pay attention when installing a new WordPress plugin on your website: look for good ratings and legit feedback from the WordPress Plugin Database users
Keep your plugins updated to the latest version
If a plugin has not provided any update in the last few months, consider removing it from your website.
We at Handyweb have dealt with WordPress Security issues and can help you if you need solutions! Contact us!
Let us help you find what you need! Fill our secure form!
Codenamed “Bionic Butterfly”, this new version of the plugin has been in development since August 2016 and in beta since December 2016.
Let’s find out what’s new!
A new Product Gallery
This is probably the most visible improvement to both the end user and the administrator. The WooCommerce 3.0 Update comes with a new product gallery, providing a really clean, slick and intuitive user experience.
Mobile browsing of such product pages has been really improved: tap on a thumbnail to display the image in its true size, swipe to scroll, pinch to zoom, swipe up to close.
As you can see in the above video, the whole page is fully responsive without compromising design quality.
CRUD classes and new CLI for developers
WooCommerce 3.0 also introduces CRUD (Create, Read, Update, Delete) classes, to help developers retrieve data from the database more easily, and a new Command Line Interface powered by the REST API.
This is just a quick round-up of all the features and improvements included in the “Bionic Butterfly” Update. For more details you should check the official Blog post about it!
Backup before updating
You should always backup your website before an update, especially if it’s a Major Update such as this one.
We are experienced in WooCommerce setup and management, as many of our clients make use of the plugin for their eCommerce businesses. We can help you and guide you through the process of backing up and updating your WooCommerce installation.
Let us help you find what you need! Fill our secure form!
To backup your website is always important, especially before installing Core updates, so to prevent issues. Also, if your website has Plugins installed, these may not always be 100% compatible with the new version which can lead to your website becoming broken or unbrowsable.
This is a short list of the main bugs that the 4.7.3 update fixes, along with a brief explanation, where needed:
Cross-site scripting (XSS) via media file metadata. XSS is a kind of vulnerability used to bypass websites’ access controls.
Control characters can trick redirect URL validation.
Unintended files can be deleted by administrators using the plugin deletion functionality.
Cross-site scripting (XSS) via video URL in YouTube embeds.
Cross-site scripting (XSS) via taxonomy term names.
Cross-site request forgery (CSRF) in Press This leading to excessive use of server resources. CSRF is a type of malicious website exploit where unauthorized commands are transmitted from a user that the website trusts.
There are other 39 maintenance fixes. If you are interested, you can check the full Release Notes for WordPress 4.7.3 directly from their website.
We are available to chat with you over these and other WordPress-related issues anytime. Contact us!
Let us help you find what you need! Fill our secure form!
Services: Web and App Consultants, e-Commerce, Responsive Web Design, Search Engine Optimisation, Digital Marketing, Social Media, App Development, Online Payments, Online Business Automation
Apparently, no more than a week ago, when browsing Google News from a mobile device, just about 30% of the results were AMP. But, on January 29, AMP results increased up to 70%.
Is this event marking the beginning of a new trend for SEO? It’s probably too early to tell, but it’s better to be ready.
In an increasingly mobile-oriented world, page loading speed is more important every day.
So, the AMP Project‘s main purpose is to make mobile content available as fast as possible. It has been shown that about 40% of Mobile users leave a web page if its loading time is more than 3 seconds.
You can see that this is bad both for the user, who won’t see your content, and for you, because you will have lost a potential meaningful visit.
Test AMP search results with the demo provided by Google itself. Visit g.co/ampdemo from your mobile device.
If you talk to publishers about this, you will probably get them interested!
What is the difference between AMP and mobile-friendly pages?
The one on the left, is an example of non-AMP responsive design. You can see the header, the menu, the search box and other elements appearing.
On the right, instead, there is the AMP version of the same page, stripped down to mostly the actual images and content.
Even if AMP are indeed mobile-friendly pages, their difference lies in the amount of code used in the page itself.
A non-AMP mobile friendly page will most likely have code that makes animations, scrolling effects and popups appear on the screen. AMP pages get rid of that, without compromising the actual content: images, videos and text are left untouched.
Quoting Google itself: “We want webpages with rich content like video, animations and graphics to work alongside smart ads, and to load instantaneously”. So, it is worth noting that AMP does not necessarily mean no Ads.
AMP and non-AMP version of the same page can currently co-exist without causing Duplicate Content issues. Make sure that the AMP versions your pages have a rel=canonical tag that links to the non-AMP ones.
Is AMP going to be used as a Ranking Signal?
Again, it’s probably early to tell. It’s worth mentioning that back in February 2016, in a Google Webmaster Central Hangout, John Mueller said that AMP was not yet a Ranking Signal.
Still, considering the sudden growth of AMP results in Google News, and the fact that Google has been placing mobile experience first for a long time now, then it’s easy to imagine that it could happen. We’ll stay on the watch for any change.
Services: Web and App Consultants, e-Commerce, Responsive Web Design, Search Engine Optimisation, Digital Marketing, Social Media, App Development, Online Payments, Online Business Automation
On January 10, Google has updated its algorithm, applying the so-called Mobile Interstitial Penalty.
If your website pages features elements that make the content not easily accessible to your mobile visitors, your ranking on Search Results Page may suffer a backlash.
This should mostly target pages that appear on mobile search results.
Desktops popups and interstitials are still not penalised as much. I wouldn’t be surprised if this should change in the future, though.
How to avoid Google Mobile Interstitial Penalty?
If your website, when visited from a mobile device, features Popups, Modals or other Interstitials that:
Cover your content (even just by graying it out)
Cannot be removed unless you click the “X” to close them
Cannot be remuved unless a specific amount of time has passed (pretty much like some ads on mobile apps).
You should remove them right away.
Only exceptions, according to Google, are popups that serve a purpose such as displaying informations about Cookie Policy or Age Verification popups.
Like most of what is related to search engine’s ranking factors (and Search Engine Optimisation in general), think first and foremost in terms of user experience.
Ask yourself: will this feature slow my visitor’s ability to browse my content? If it does, you should remove it.
Examples of intrusive interstitials – Source: Google
These are examples of intrusive popups and interstitials, according to Google.
The first should be a Modal. The second and third ones are standalone interstitials.
As you can see, all of them cover most – if not all – of the content of a page. Also, they are advertising a paid service.
A visitor reaching the page from a mobile search results – will likely be far more interested in the actual content, rather than in stuff that gets in the way.
These are examples of interstitials that are less likely to get you penalised by Google.
The first one is an example of what a Cookie Policy popup may look like. The second one is an actual interstitial, covering the whole content, but for the purpose of Age Verification.
The last one is an advertisement, but it is included in a small, simple banner. It doesn’t really block the actual content of the website from being browsed.
So, yes! It is possible to have ads on a website’s mobile version without being penalised by the Mobile Interstitial Penalty. Just be reasonable!
Important information regarding handyweb.ie and cookies
By using this website, you consent to the use of cookies in accordance with the Handyweb.ie Cookie Policy
For more information on cookies see our Cookie Policy or close this banner.
