Use Transient to speed up WordPress

One of the features of WordPress is the ease of applying dropdown menus with access to posts & pages.

Applying menus in the header is a simply matter of including the following lines of code in header.php

wp_nav_menu(array(
‘items_wrap’ => ‘%3$s’,
‘depth’ => 3,
‘theme_location’ => ‘header-menu’,
‘container’ => false ));

However, this simple routine is pretty slow for complex or crowded menus and can result in a bottleneck as the page loads.
One solution is to cache the menus (which we presume chane infrequently), using WordPress’s “transient” command.

Effectively we test to see if we have a copy of the menu or whatever element in the cache.
If not, we add it to the cache, however if it does exist in the cache we grab it from there rather than creating it.

$cached_menu=get_transient(‘the_header_menu’);
if(false === $cached_menu){         
      $cached_menu =  wp_nav_menu(array( ‘items_wrap’ => ‘%3$s’, ‘depth’ => 3, ‘theme_location’ => ‘header-menu’, ‘container’ => false, ‘echo’ => false ));                 
set_transient(‘the_header_menu’, $cached_menu, 3600*5);    

    echo $cached_menu; 

 

Sample reset css file for web project

For developers working on projects, it can be frustrating to find odd and unexpected behaviour on the part of various html elements.

The best way to ensure you as the developer has complete control over all elements is to apply a base set of rules from which you can build your own set of rules.

Here is one example of a reset.css file that handle such instructions.

/* http://meyerweb.com/eric/tools/css/reset/
v2.0 | 20110126
License: none (public domain)
*/

html, body, div, span, applet, object, iframe,
h1, h2, h3, h4, h5, h6, p, blockquote, pre,
a, abbr, acronym, address, big, cite, code,
del, dfn, em, img, ins, kbd, q, s, samp,
small, strike, strong, sub, sup, tt, var,
b, u, i, center,
dl, dt, dd, ol, ul, li,
fieldset, form, label, legend,
table, caption, tbody, tfoot, thead, tr, th, td,
article, aside, canvas, details, embed,
figure, figcaption, footer, header, hgroup,
menu, nav, output, ruby, section, summary,
time, mark, audio, video {
margin: 0;
padding: 0;
border: 0;
font-size: 100%;
font: inherit;
vertical-align: baseline;
}
/* HTML5 display-role reset for older browsers */
article, aside, details, figcaption, figure,
footer, header, hgroup, menu, nav, section {
display: block;
}
body {
line-height: 1;
}
ol, ul {
list-style: none;
}
blockquote, q {
quotes: none;
}
blockquote:before, blockquote:after,
q:before, q:after {
content: ”;
content: none;
}
table {
border-collapse: collapse;
border-spacing: 0;
}

How important is https for my website

Google has been heavily promoting the fact that they want website owners to switch from http to the secure https protocol.  They have announced that they will name & shame sites that don’t support https, by displaying a message when clients try to use their online forms or showing a warning icon in the url bar.  
This is scary stuff for website owners.   To use https requires them to obtain an SSL certificate which can cost up to $1,500 a year, although there are actually free versions available.
So, if there are free versions available that Google recognises, one must wonder just how much security an SSL key and https in general offer websites.
The reality appears to be that on Google, should the search engine identify two compositionally identical pages, it will favour the one with the SSL key transmitted over https.
This secure transportation of data happens at a cost of speed, so in theory your superior page may be penalised for speed, then bumped.

My website doesn’t have a form or secure data
For the vast majority of sites, data is not intended to be secure and there is no technical requirement to have an SSL key, other than Googles warning.  

Paypal doesn’t require you to use https to make a payment
If you direct people to PayPal to make a payment you don’t need an SSL key.  The key is only necessary if you have an application that expects PayPal to return data to the application so it can run an event such as automated downloads or membership registration.
Of course, some people may prefer to work with sites that do show SSL certification, but given that you can obtain them online for FREE from sites such as LetsEncrypt, what exactly is their purpose anymore.

But what if you’re using secure PayPal as a payment gateway? Why do you have to wear the derogatory “Scarlet Letter” on your site’s address bar? Why does a site that’s collecting zero information from anyone need an SSL certificate? It makes no sense at all. If your web site doesn’t have financial transactions, why do you need an SSL certificate?
HTTPS  simply doesn’t care what’s transmitted. Infected websites distribute malware. HTTPS doesn’t do anything to ensure displayed information’s integrity. HTTPS will also deliver manipulated information to unsuspecting website visitors. Installing a Secure Socket Layer certificate prevents man-in-the-middle attacks, it doesn’t help if the original data was suspicious.

Conclusion?
Given that you can obtain an SSL key for free, perhaps it’s a good idea to use one.  However, there will be a speed issue and data is encrypted and unencrypted at both end and who knows what Google’s ultimate endgame is.
However, be aware that an SSL makes your website not more secure from an attack that previously.

 

Recent updates to Google search results explained

FRED:   March 2017
The latest of Google’s confirmed updates, Fred targets websites that violate Google’s webmaster guidelines. The majority of affected sites are blogs with low-quality posts that appear to be created mostly for the purpose of generating ad revenue.

How to adjust: Review Google Search Quality Guidelines and watch out for thin content. If you show ads, make sure the pages they are found on are high-quality and offer relevant, ample information. This is basically it: Don’t try to trick Google into thinking your page is about something when it really is a gateway page full of affiliate links. Most publishers make money off ads, and that’s totally legit as long as you are not cheating.

 

POSSUM: September  2016
The Possum update ensured that local results vary more depending on the searcher’s location: the closer you are to a business’s address, the more likely you are to see it among local results. Possum also resulted in greater variety among results ranking for very similar queries, like “dentist denver” and “dentist denver co.” Interestingly, Possum also gave a boost to businesses located outside the physical city area.

How to adjust: Expand your keyword list and do location-specific rank tracking. Local businesses now need to be targeting more keywords than they used to, due to the volatility Possum brought into the local SERPs. As you check your rankings, make sure you’re doing this from your target location (or, better yet, a bunch of them). You can do this in Rank Tracker under Preferences > Preferred Search Engines. Click Add Custom next to Google. Next, specify your preferred location — you can make it as specific as a street address.

 

 

RANKBRAIN: October 26 2015
RankBrain is part of Google’s Hummingbird algorithm. It is a machine learning system that helps Google understand the meaning behind queries, and serve best-matching search results in response to those queries. Google calls RankBrain the third most important ranking factor. While we don’t know the ins and outs of RankBrain, the general opinion is that it identifies relevance features for web pages ranking for a given query, which are basically query-specific ranking factors.

How to adjust: Optimize content for relevance and comprehensiveness with the help of competitive analysis.

Example of working print.css file

Very often developers create the most elaborate websites and user interfaces (UI).  However, it the excitement of creating fantastic looking web pages, they neglect to think about the printed page.

Whilst print is not major factor for a lot of websites, for others it can be a major design consideration.

At the very least, what we’re trying to avoid is forcing people to print out heavy images, page breaks that don’t work on printed pages, links that appear on the page as urls, incorrect page widths, unnecessary headers, footers & navigation bars.

Here is  a working example that will help set the basic print rules and which can be used as a starting block for  rules that are relevant to individual websites.

/**
* Print Stylesheet fuer Deinewebsite.de
* @version 1.0
* @lastmodified 16.06.2016
*/

@media print {

/* Inhaltsbreite setzen, Floats und Margins aufheben */
/* Achtung: Die Klassen und IDs variieren von Theme zu Theme. Hier also eigene Klassen setzen */
#content, #page {
width: 100%;
margin: 0;
float: none;
}

/** Seitenränder einstellen */
@page { margin: 2cm }

/* Font auf 16px/13pt setzen, Background auf Weiß und Schrift auf Schwarz setzen.*/
/* Das spart Tinte */
body {
font: 13pt Georgia, “Times New Roman”, Times, serif;
line-height: 1.3;
background: #fff !important;
color: #000;
}

h1 {
font-size: 24pt;
}

h2, h3, h4 {
font-size: 14pt;
margin-top: 25px;
}

/* Alle Seitenumbrüche definieren */
a {
page-break-inside:avoid
}
blockquote {
page-break-inside: avoid;
}
h1, h2, h3, h4, h5, h6 { page-break-after:avoid;
page-break-inside:avoid }
img { page-break-inside:avoid;
page-break-after:avoid; }
table, pre { page-break-inside:avoid }
ul, ol, dl { page-break-before:avoid }

/* Linkfarbe und Linkverhalten darstellen */
a:link, a:visited, a {
background: transparent;
color: #520;
font-weight: bold;
text-decoration: underline;
text-align: left;
}

a {
page-break-inside:avoid
}

a[href^=http]:after {
content:” <” attr(href) “> “;
}

$a:after > img {
content: “”;
}

article a[href^=”#”]:after {
content: “”;
}

a:not(:local-link):after {
content:” <” attr(href) “> “;
}

/**
* Eingebundene Videos verschwinden lassen und den Whitespace der iframes auf null reduzieren.
*/
.entry iframe, ins {
display: none;
width: 0 !important;
height: 0 !important;
overflow: hidden !important;
line-height: 0pt !important;
white-space: nowrap;
}
.embed-youtube, .embed-responsive {
position: absolute;
height: 0;
overflow: hidden;
}

/* Unnötige Elemente ausblenden für den Druck */

#header-widgets, nav, aside.mashsb-container,
.sidebar, .mashshare-top, .mashshare-bottom,
.content-ads, .make-comment, .author-bio,
.heading, .related-posts, #decomments-form-add-comment,
#breadcrumbs, #footer, .post-byline, .meta-single,
.site-title img, .post-tags, .readability
{
display: none;
}

/* Benutzerdefinierte Nachrichten vor und nach dem Inhalt einfügen */
.entry:after {
content: “\ Alle Rechte vorbehalten. (c) 2014 – 2016 TechBrain – techbrain.de”;
color: #999 !important;
font-size: 1em;
padding-top: 30px;
}
#header:before {
content: “\ Vielen herzlichen Dank für das Ausdrucken unseres Artikels. Wir hoffen, dass auch andere Artikel von uns Ihr Interesse wecken können.”;
color: #777 !important;
font-size: 1em;
padding-top: 30px;
text-align: center !important;
}

/* Wichtige Elemente definieren */
p, address, li, dt, dd, blockquote {
font-size: 100%
}

/* Zeichensatz fuer Code Beispiele */
code, pre { font-family: “Courier New”, Courier, mono}

ul, ol {
list-style: square; margin-left: 18pt;
margin-bottom: 20pt;
}

li {
line-height: 1.6em;
}

}

Using negative keywords in Adwords

Maintaining a relevant list of negative keywords & phrases is a great way to ensure that you Adwords spend is being used wisely.
However, you need to be sure that you’re not adversely impacting your campaign by selecting the word ‘negative’ words.

1. Make negatives phrase match unless you have a well thought out good reason not to even if it is just one word.
If you use the broad term ‘free’ without being a phrase match you might stop freedom or freelance. 

2. Don’t just make something a negative because you think it is irrelevant.
It could be relevant and you just don’t know why. I never assume I understand searchers. It could be you should be making a new ad group, not a negative. Remember, not everybody thinks like you. 

3. Audit your negative list every once in a while. Things may have changed. Keywords that used to not work might work now. 

4. Be very careful when using conversion data to pick negative keywords. If you ever go look in your “Top Conversion Path” report in Google Analytics and set it to “search query” you will see that many times people try lots of different keywords before they buy something.  The important thing is to make sure any keyword you set as a negative was not part of a chain. It is ok to break the chain if it is a bad chain. Just make sure you have all the information before you ban that keyword. 

5. Use a lowest common denominator approach. Don’t do exact match negatives that are long. Find 2 or 3 words that are clearly bad as a phrase or broad match and use that. It will help keep your list manageable. You can block a thousand search queries by just using a good phrase match.

How risky are WordPress plugins

Risky, badly written plugins are the main way that attackers gain access to WordPress sites. Reducing your plugin security risk is one of the most important aspects of protecting your site. There are a number of things you can do to limit this risk.

Use as Few Plugins as Possible

You need to remember that every plugin you add to your site requires you to trust that the unknown person has written secure code, responses quickly to vulnerability reports and keeping your best interests in mind.

Only Download Plugins From Reputable Sites

If possible we recommend that you limit your plugin downloads to the official WordPress.org plugin directory. A great team of volunteers manages it, alongside a large community of users and security researchers helping out.

If you need to download a plugin from another site, you can use these tips to help determine whether the site is reputable:

  • The site should pass the “eye test”: professionally designed and using clear language to describe the plugin.
  • Look for a valid company name in the footer.
  • Terms of service and a privacy policy readily available.

Choose Reputable Plugins

The WordPress.org plugin directory makes it really easy to evaluate plugins by providing a nice summary that gives you almost everything you need. Here’s what we suggest you pay attention to:

  • The more recent the last update, the better.
  • Check the number of active installs the plugin has. Some reliable and useful plugins have low install numbers, but you should still examine a plugin carefully if it has a low install base (below 1,000 active installs). It may not be maintained.
  • It should be compatible with the current version of WordPress, though please note that immediately after a WordPress core release, a lot of reputable plugins will show a “Test up to:” value that is behind, as authors finish testing their plugin with the latest WordPress version.
  • The average plugin rating should be high enough to instill confidence. The higher the rating, the better, obviously.

You should also periodically review your installed plugins to make sure they have maintained their good standing.

Delete Plugins Immediately When You Stop Using Them

We have written at length about the fact that the best way to secure data is to get rid of it. The same concept applies to WordPress plugins: removing plugins reduces your risk.

Keep Your Plugins Up to Date

Security vulnerabilities are constantly being discovered in WordPress plugins. In many cases, the details of the vulnerability will be made public, meaning that the entire world is given the information necessary to exploit the security vulnerability. 

Many plugins like Wordfence include an auto-update feature. You should enable this in as many plugins as you can. For those for which you can’t, you should update to the latest version as soon as possible, especially if it includes a security fix.

Replace Abandoned and Removed Plugins

Have you ever started a project or hobby and gotten bored with it? That happens to WordPress plugin authors, too. In fact, it happens a lot.   Does that mean that they include a security vulnerability? Most likely not. What it does mean is that they represent a much higher risk than actively maintained plugins. We recommend that you not run plugins that haven’t been updated in over 2 years.

 

Modify the admin menu bar in WordPress

Recently we were asked by a client to simplify the presentation of the WordPress menu bar.

There are some nice plugins that you can use to achieve this such as “Admin Menu Editor Pro”.  This wonderful plugin offers lots of functionality, however, some of it’s best features are only available on the paid version of the site.

If you’re not in a position to buy a paid version, he is one way to manipulate the menu.
In this instance, the client had trouble remembering where to find the option to change the order of menu items on the front end of their site.  This is normally located at a submenu item of “appearance”.

We wanted to move it to the main menu so it would be easier to find  (less support for us).
So we added this routine to the “functions.php” file.

Please remember to back up this file before you every modify it, as even the slightest syntax error will cause your website to fail.

function change_menus_position() {

//   remove the menu item from the theme altogether
remove_submenu_page( ‘themes.php’, ‘nav-menus.php’ );

//  add it back to the main menu.
add_menu_page(
     ‘Menus’,
     ‘Menus’,
     ‘edit_theme_options’,
     ‘nav-menus.php’,
     ”,
     ‘dashicons-list-view’,
     68
     );
}

 

WS FTP Pro – Failed SSH Key Exchange

At Blue Lily Studios we use WS_FTP Pro to upload files to our webservers.
We’ve used the same product for over 10 years and stand by it as a wonderful tool.

Recently we found that due to a change in webserver configuration we could no longer connect to the server using secure SSH connections.

We encountered the following error
Expected GEX Group packet from server instead of packet type 3
Failed SSH Key Exchange

To resolve this issue, open the ssh-algos.txt file which is located in 
c:\users\<username>\appdata\roaming\ipswitch\ws_ftp

In the top ===ssh-kex section, move diffie-hellman-group-exchange-sha1 to the bottom of the list of kex algos, so the new list would look like:

diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
diffie-hellman-group-exchange-sha1

 

How much should we spend on corporate rebrand

We are frequently asked what the cost of rebranding an existing business should be.
In fact we’re often asked this question before we even get the opportunity to sit down with the business stakeholders and learn more about their business objectives.
It’s understandable that for many businesses, a rebrand will be a daunting prospect and unless they have done it before how do you place a value of the service.

As a business owner, would you like a one price fits all scenario.  For example, if all the business owner wants is a new logo, what should that cost.  However rebranding is more than a new logo and if that is the only expectation from both sides, it really isn’t a rebranding project in the first place.

It’s not possible to offer a one-stop fits all price for rebranding project.  Every business is different, their challenges are not identical and the business opportunities vary greatly.
If you are rebranding because there is an opportunity to be first to market with a new product or service that has a massive potential upside, you would want to spend a great deal more time (and hence money) on the making sure you get it right.

A very rough guideline for B2B companies is first of all determine what their annual spend is for marketing.   

As a general rule, a company generating $1,000,000 might set aside 7% for marketing expenses.    ($70,000 for the maths challenged among us).
Marketing expenses might be made up of

  • general marketing collateral,
  • social media and content,
  • staff wages & training and
  • market research.

So, if we expect to spend $70k every year on marketing, what might we be expected to spend to create or re-define a brand  (recognising that both exercises differ from one another.)
I rough guide would be double your typical annual marketing spent, but let’s round it down in this instance to 10% of annual revenue.
Which would give us an extremely rough guide of $100k

What would the $100k spend be made up of?

  • Market & Competitor research
  • Brand Audit & Strategy
  • Logos, names & taglines
  • Brand Identity
  • Corporate and/or product stationary
  • Keywords & Content
  • Website & Social Media
  • Photography & Video
  • Marketing Collateral
  • Style Guide
  • Launch