WordPress Design & Development Blog

WordPress 4.7.2 Security Update is Released

WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo). A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team. An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint.

Common Mistakes Small Business Owners Make Online

All small businesses need to know how to create a consistent online presence. 54% of small businesses currently have a website, but this isn’t nearly enough if you want to create an effective web presence in order to approach potential customers. Often small business owners can feel overwhelmed when trying to explore the most suitable online opportunities. So to help out, here are some of the most common mistakes they can avoid in 2017. 1) Ignoring local SEO 97% of Internet users search for local businesses online, which means that a business cannot afford to ignore local SEO and its potential benefits. Local SEO helps you attract customers who perform searches for a particular location, such as “sushi in NYC”. By optimising your site for local queries, you are helping customers discover your business and your services. Therefore reaching a new audience that’s interested in the most appropriate search results […]

Google testing new look for local inventory ads in place of local pack

Google appears to be running a limited test for local inventory ads (LIA) on mobile that looks like a shopping ad-ification of the Local Pack. Spotted on mobile by Mike Blumenthal on a search for “engagement rings Buffalo,” the result shows a map with a couple of LIAs below it where local pack results would typically show. I have been able to replicate the result in the Google mobile app. Here the ads are for two different rings at two different Kohl’s locations in the area, signified by the respective shopping icons on the map above the ads. Clicking on either ad takes the user to the local inventory ad landing page hosted by Google.   For comparison, here’s the result I see using Safari on mobile for “engagement rings Rochester” (the same search with “Bufflalo” looked similar). The result shows an all-organic local pack with listings for three independent jewelry […]

WordPress 4.7.1 Security and Maintenance Release

Everyone should update their WP installations. This was released for immediate download today, and has started auto-uploading where enabled. WordPress versions 4.7 and earlier are affected by eight security issues: Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was reported to PHPMailer by Dawid Golunski and Paul Buonopane. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean. Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team. Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam. […]

The SEO Fundamentals for your Kansas City Business

SEO fundamentals have become important for business, and I hope this list of search engine fundamentals will help your Internet marketing in 2017. SEO Basics First, let’s first admit the salesperson is no longer the expert. People come to your business armed with information, they’ve researched your product, and right or wrong, they are now the expert. By the time most consumers have opened the door to your business, they’re nearing the end of the purchasing journey and it’s safe to assume that they already know what they want. So why then, are they visiting your website in the first place? Your customers are searching for answers, not sales literature. Modern customers are turning to the Internet long before they’re stepping foot in a local business, and they’re searching for answers to their questions to help them make decisions on their own. Instead of thinking of this as a negative part of […]

Yahoo! to be renamed Altaba after Verizon purchase

While Yahoo’s core internet business was being sold to Verizon for $4.8 Billion, the remaining portions of the company left behind is renaming itself to Altaba Inc, which marks the sad ending of one of the most familiar brand names on the internet. In a public filing with the Securities and Exchange Commission (SEC) on Monday, the company announced that after the planned sale of its core business to telecom giant Verizon, the leftover would change its brand name to Altaba. So, the company’s branding you are familiar with will integrate with Verizon, and it is possible that the telecom titan may continue to use the Yahoo brand for some of the services that it will acquire in the deal.   The remaining company under the new name Altaba Inc. is hanging on to its 15% ownership of Alibaba and 35.5% stake in Yahoo Japan, which is a joint venture […]

WordPress is CMS of the Year, Again…. x 7

The always fun t0 read list ‘Web Technologies of the Year 2016’ was released today, and once again, for the seven straight years, WordPress earned the coveted spot as CMS of the year. WordPress sits long other leading web technologies, like Google Analytics, Ubuntu, and Amazon, and CloudFlare. The list is determined by the largest increase in usage in the last year, in which W3Techs “compared the number of sites using a technology on January 1st, 2016 with the corresponding number on January 1st, 2017.” WordPress has more than doubled since it first took the spot of CMS of the year in 2010, demonstrating unstoppable growth and dynamic ability as a full-service application – long before the REST API was determined to be in core. At the start of 2016, WordPress was used by 25.6 percent of all websites and by the end was used by 27.3 percent — experiencing a 1.7 percent growth. For perspective, […]

How WordPress Took Over The Internet in 2016

WordPress is the most popular CMS in the world and is used by nearly 75 million websites. According to WordPress, more than 409 million people view more than 23.6 billion pages each month and users produce 69.5 million new posts and 46.8 million new comments every month. It also powers more than 25% of the world’s websites. Whether it’s personal blogs or major magazines and news organizations such as The New Yorker and the BBC, WordPress is gradually eating the internet and it’s not stopping. In 2017 its ubiquity is expected to increase further and it may even eat the world.  Even more importantly it is the CMS that Forbes itself uses. For contributors to this site such as myself, it is a publishing platform that allows me not only to write easily, it also has simple bells and whistles (as well as more complicated ones) that add content to my work, add links to appropriate places and has the facility to include images and […]

WordPress Only Recommending Hosting Companies Offering Default SSL

In October, Let’s Encrypt was managing more than 10 million active SSL certificates. That number doubled to 20 million in November as large  providers continue to partner with the organization to manage their customers’ certificates. In 2014, Google announced that HTTPS is a ranking factor. Earlier this year, the Google Chrome security team announced that Chrome 56 will mark HTTP sites that transmit passwords or credit cards as insecure. In 2017, managed WordPress hosting companies will have one more reason to enable SSL by default for new accounts. In a post on the WordPress.org blog, Matt Mullenweg, co-founder of the open source WordPress project, explains what the project is going to do to encourage HTTPS by default across the web. “Early in 2017, we will only promote hosting partners that provide a SSL certificate by default in their accounts,” Mullenweg said. “Later we will begin to assess which features, such as API authentication, would benefit the most […]

Why You Should Redesign Your Business Website in WordPress

Your website serves as the digital storefront for your business. If it doesn’t look appealing, load quickly or even have a mobile version, customers are going to keep walking. Many small business owners rely on their website to bring in a steady stream of leads and educate potential customers on what they offer. However, when it comes to designing and developing a website, most of those same small business owners think they can’t have all the bells and whistles that larger businesses have. But that’s not true. Why? Meet WordPress. WordPress is a free platform that powers the back end of your website. It’s commonly referred to as a “content management system” because of its ability to let you easily create and organize all of the pages and media you upload to your site. Interested in learning why it’s the best option for your small business’ website? Keep reading . . […]