More and more themes and plugins up-to-date

/0 Comments/in

In WordPress 5.5, the jQuery Migrate script was removed, and a new version of jQuery was introduced in WordPress 5.6. As a result, many themes and plugins were not prepared or updated, causing issues with websites.

During that time, the jQuery Migrate Helper plugin was installed on many websites to compensate for the missing jQuery Migrate functionality.

Fortunately, we have seen that many themes and plugins have made the necessary adjustments, rendering the temporary solution of the jQuery Migrate Helper plugin unnecessary.

If you have updated your themes and plugins, it is likely that you no longer need the jQuery Migrate Helper plugin and can remove it from your website.

WPML still often unused

/0 Comments/in

WPML is a plugin that allows you to display your website in multiple languages.

It is noticed that WPML is activated on many websites even when it is not actually being used. Why is the plugin installed but not used?

There could be several reasons for this. Sometimes the translation is not completed, or issues arise with translating elements in the theme, such as widgets in the sidebar and footer.

It is also possible that certain plugins do not work well with WPML, preventing the translation of specific components.

In any case, if you have WPML installed but haven’t used it for years, it is recommended to remove the plugin, especially if you are using an older version that contains a vulnerability.

If you are actively using WPML, make sure it is up-to-date, along with its accompanying extensions such as WPML Media, WPML String Translation, and WPML Translation Management. Keeping all components updated is important for security and functionality.

The desired loading time of a site is getting faster and faster

/0 Comments/in

In the years 2015-2020, you could get away with a website that loaded within 5-7 seconds, but now you’re already penalized if your website takes 3-5 seconds to load.

In fact, there are tests indicating that a website with a load time of 2.8 seconds is “not fast enough” for mobile visitors. Users browsing on their smartphones have little to no patience and a short attention span.

Internet speeds have been increasing for years, even for mobile users. We’ve seen the transition from 3G to 4G, and now 5G is being rolled out as of the time of writing.

Secretly, expectations for websites are also rising. If a video can start playing within 1 second, why should a webpage take 5-7 seconds to load?

We have all been spoiled by speed, but we have also become more impatient.

Anyway, this piece of news has gone on for too long. Time to scroll on!

Wix makes attempt to mock WordPress

/0 Comments/in

WordPress is free to use and has an open license, allowing you to use it for any purpose you want. WordPress, therefore, doesn’t have a sales team, doesn’t send invoices, and as far as I know, doesn’t engage in advertising to convince you to use WordPress.

It’s peaceful and non-binding.

It’s a different story with WIX, another CMS for creating websites. With WIX, it’s all about the money, profit. This often leads to the commercial gimmicks you frequently see with companies focused on revenue.

In addition to regular advertising, WIX has taken a peculiar path. They have created ads that mock WordPress, adopting an Apple versus Windows idea.

You can watch one of the ads here: [link to video]

Matt (Founder of WordPress) blogs about it [here](https://ma.tt/2021/04/wix-dirty-tricks/) and gives a little pushback.

Normally, the WordPress landscape is very calm because there is little to no competition since WordPress is free. This is a peculiar turn of events, like a soap opera.

I’m curious to see what the future holds. Although WIX has a small share in the online world and is not a real competitor, it does bring some excitement to the scene.

Secretly, these videos where companies try to one-up each other can be quite entertaining.

W3 Total Cache leaked again

/0 Comments/in

W3 Total Cache is a plugin that helps improve website loading speed. One would expect that nothing can go wrong with it. However, as of mid-2021, there have already been 3 vulnerabilities found in W3 Total Cache.

The plugin had multiple vulnerabilities in 2019, and in 2016, a staggering 8!! vulnerabilities were discovered.

For us, this is a reason to avoid using this plugin on WordPress websites.

In the past, these vulnerabilities allowed hackers to place files on the server, read usernames and hashes, and execute commands on the server.

You simply don’t want to take that risk with a business website, so it’s best to avoid using this plugin or replace it with Autoptimize or WP Rocket.

Autoptimize – created by someone in Belgium – is a free cache plugin that has only had 5 vulnerabilities registered, compared to over 20+ vulnerabilities in W3 Total Cache.

If you want to be completely secure, according to WPScan – an authority on security issues – WP Rocket has only had 1 vulnerability (at the time of writing). However, this is a premium plugin that requires annual payment.

Remember that you need to properly configure any of the mentioned plugins to effectively speed up your website.

And no, using two cache plugins doesn’t make your website twice as fast 😉

Wordfence expands their services with Wordfence Care & Wordfence Response

/0 Comments/in

![wordfence](https://wpbeveiligen.nl/wp-content/uploads/2022/02/worfence-uitbreiding.jpg)

Wordfence FREE is well-known, right? It’s the free security plugin from Wordfence, currently used on at least 4 million websites.

Then there’s Wordfence Premium, which currently costs $100 per year. Premium offers enhanced security with faster firewall/threat updates.

And now, Wordfence has introduced two additional services:

Wordfence Care

Installation and configuration of the Wordfence plugin, monitoring, and security issue resolution. These services are provided during office hours.

It currently costs $490 per year.

Wordfence Response

This is Wordfence Care, but with faster service within 1 hour, 365 days a year!

For this, you’ll pay $950 per year.

Conclusion

Good or bad: It’s great that they are offering these services now. For large companies already using Wordfence, this can be an interesting addition.

In terms of pricing: It’s not cheap, but it’s also not unaffordable for a medium-to-large company.

Let us know in the comments if you use Wordfence and if you’re considering using Wordfence Care or Response services!

iThemes 7.1 update brings back the import – export feature

/0 Comments/in

iThemes has brought back the import and export of settings that disappeared in the major 7.0 update!

![ithemes import export](https://wpbeveiligen.nl/wp-content/uploads/2022/02/import-export.jpg)

This is great news if you have multiple websites that you want to secure. There are quite a few settings to go through, so having the ability to import and export them is very helpful.

And it must be said, they have done a good job with it! You can now specify exactly which settings you want to export. This way, you can choose to include or exclude things like logs or blocked IP addresses.

![ithemes export settings](https://wpbeveiligen.nl/wp-content/uploads/2022/02/export-settings.jpg)

Poof – gone!

The disappearance of the export function (which is now thankfully back) is a typical iThemes move. In their haste to release a new feature, related functions that don’t cooperate are often temporarily deactivated or (in the past) even commented out in the code.

Either way, it’s great that it was temporary and that it’s now back and functioning well.

Hacked before you’ve even logged in yourself!

/0 Comments/in

That your website is vulnerable when you are highly visible on Google, and that more plugins increase the risk of being hacked, we know. But being hacked even before you have logged in yourself?

That happened to several websites that didn’t complete the installation quickly enough.

How is that possible?!

During a new WordPress installation, the first step is to choose a username and password. You would think that no one can interfere with a new installation. The domain name has sometimes just been registered… no one knows about it yet.

But that’s not the case. The Letsencrypt service used to request free SSL certificates has leaked information, allowing hackers and scripts to identify newly registered domain names and websites.

1, 2, 3 malware

Hackers immediately took advantage of this and if the installation was not completed quickly enough, they filled in a username and password using a script.

They installed a file manager (plugin)

And they uploaded their own malware.

Good practices

It’s a good practice to complete an installation right away, not just the part where you choose a username and password, but also by installing and configuring a security plugin.

If you don’t have the time or the knowledge to secure your website, let us take care of it!
Request a package in time, and we will be ready to secure your new website immediately.
Secure your WordPress website.

Source: [Security.nl](https://www.security.nl/posting/750062/Let%E2%80%99s+Encrypt-logs+vermoedelijk+gebruikt+voor+infecteren+WordPress-installaties?channel=rss)

CSS4 – When can we expect it?

/0 Comments/in

I also fell for it and looked it up, when is CSS4 coming?

It turns out that it will never come, CSS3 has mainly become “a thing” because it has been widely discussed as the new revolution in the CSS world.

CSS3 is an adaptation of CSS2, with many individual adjustments. But because they were so successful, many people talked about it as a completely renewed and improved CSS.

Some features of CSS3 were:

  1. border-radius – Finally, nice rounded corners without the need for a PNG image
  2. gradients – Color gradients without having to create images
  3. animations and transitions  – Previously, jQuery had to be used for this
  4. transforms – Easy rotation or distortion
  5. box-shadow – Add shadows to elements

Because the new CSS adjustments and innovations were significant improvements for certain problems, such as rendering on different devices, and because some cool features were added, CSS3 became a thing in itself.

CSS3 mainly brought financial benefits to programmers and website builders, as they could persuade their clients to “get on board” with the technology.

If in the future there is talk of CSS4 or CSS5, it will mainly be a term used by programmers who might give the new updates a distinct name.

Don’t expect it to be released officially!

Source: [CSS-Tricks.com](https://css-tricks.com/css4/)

WooCommerce gets its own tables in the database

/0 Comments/in

We all know WooCommerce as the miraculous plugin that turns WordPress into a full-fledged online store.

WooCommerce (created by Automatic, just like WordPress) heavily relies on the WordPress structure, especially in the database.
In the past years, products have simply been stored as Custom Posts in the post and postmeta tables of the database, where pages and posts are also stored!

This has been working well for years, allowing you to build and run even the largest online stores without issues.

However, there has been a request from many developers, plugin builders, and even regular users to store WooCommerce data in separate tables in the database.

Why move WooCommerce data to separate tables?

  • It provides better organization in the database, making modifications easier to handle.
  • It becomes easier to create backups of the online store and restore them without including unnecessary information.
  • It has the potential to make the website, particularly product loading and information retrieval, faster.

The online store in dedicated tables – a significant change!

This is a major modification, and the WooCommerce developers are aware of it.
There are hundreds, if not thousands, of plugins that rely on the current structure.
Think of filters, coupons, descriptions, images, and more!

For this reason, transitioning to specific tables will be OPTIONAL in the initial phase. If your online store is not ready, you don’t have to make the switch just yet.

What’s the timeline for the new tables?

They plan to start with orders first. The goal is to have them in their own table by the third quarter of 2022.
Remember: the transition is initially optional, according to the WooCommerce developers.
Other elements of the online store will follow in subsequent steps.

Source: [Developer.woocommerce.com](https://developer.woocommerce.com/2022/01/17/the-plan-for-the-woocommerce-custom-order-table/)