Page 25 – WPBeveiligen

CSS4 – When can we expect it?

14 July 2023/0 Comments/in NewsFlash

I also fell for it and looked it up, when is CSS4 coming?

It turns out that it will never come, CSS3 has mainly become “a thing” because it has been widely discussed as the new revolution in the CSS world.

CSS3 is an adaptation of CSS2, with many individual adjustments. But because they were so successful, many people talked about it as a completely renewed and improved CSS.

Some features of CSS3 were:

border-radius – Finally, nice rounded corners without the need for a PNG image
gradients – Color gradients without having to create images
animations and transitions – Previously, jQuery had to be used for this
transforms – Easy rotation or distortion
box-shadow – Add shadows to elements

Because the new CSS adjustments and innovations were significant improvements for certain problems, such as rendering on different devices, and because some cool features were added, CSS3 became a thing in itself.

CSS3 mainly brought financial benefits to programmers and website builders, as they could persuade their clients to “get on board” with the technology.

If in the future there is talk of CSS4 or CSS5, it will mainly be a term used by programmers who might give the new updates a distinct name.

Don’t expect it to be released officially!

Source: [CSS-Tricks.com](https://css-tricks.com/css4/)

WooCommerce gets its own tables in the database

13 July 2023/0 Comments/in NewsFlash

We all know WooCommerce as the miraculous plugin that turns WordPress into a full-fledged online store.

WooCommerce (created by Automatic, just like WordPress) heavily relies on the WordPress structure, especially in the database.
In the past years, products have simply been stored as Custom Posts in the post and postmeta tables of the database, where pages and posts are also stored!

This has been working well for years, allowing you to build and run even the largest online stores without issues.

However, there has been a request from many developers, plugin builders, and even regular users to store WooCommerce data in separate tables in the database.

Why move WooCommerce data to separate tables?

It provides better organization in the database, making modifications easier to handle.
It becomes easier to create backups of the online store and restore them without including unnecessary information.
It has the potential to make the website, particularly product loading and information retrieval, faster.

The online store in dedicated tables – a significant change!

This is a major modification, and the WooCommerce developers are aware of it.
There are hundreds, if not thousands, of plugins that rely on the current structure.
Think of filters, coupons, descriptions, images, and more!

For this reason, transitioning to specific tables will be OPTIONAL in the initial phase. If your online store is not ready, you don’t have to make the switch just yet.

What’s the timeline for the new tables?

They plan to start with orders first. The goal is to have them in their own table by the third quarter of 2022.
Remember: the transition is initially optional, according to the WooCommerce developers.
Other elements of the online store will follow in subsequent steps.

Source: [Developer.woocommerce.com](https://developer.woocommerce.com/2022/01/17/the-plan-for-the-woocommerce-custom-order-table/)

Don’t lose your visitors!

12 July 2023/0 Comments/in NewsFlash

When writing posts in WordPress and including links to other websites, it’s important to always check the “Open in new tab” option while creating the link. Otherwise, the linked page will open in the same browser tab, causing visitors to navigate away from your website.

Never let visitors leave your site when redirecting!

The “Open Links in New Tab” plugin makes it easy for you! After installing and navigating to Settings > Links in new tab, you can select the option to open ALL external links in a new tab. From then on, you won’t have to manually check this option for each link.

Convenient, isn’t it?

By keeping visitors on your website for longer and preventing them from losing your site when they click on a link, you enhance the user experience.

Uptime control

11 July 2023/0 Comments/in Services

You would expect a website to be available 24/7. However, that is not always the case, as there are various issues that can cause your website to go down!

Some problems we occasionally encounter include:
– Using shared web hosting.
– Outdated/unreliable hardware of the web host.
– The data center is located abroad (e.g., GoDaddy).
– DDoS attacks targeting the server.
– The website has become too heavy with all the plugins for the hosting package.
– A loop/error causing server overload.
– Sudden spikes in website traffic.

These are not all problems; sometimes, your website is simply successful, and you need to upgrade to a larger hosting package.

Regardless of the reason, when your website experiences frequent outages, it costs you visitors and customers. In the worst case, it can even harm your Google reputation when the search engine bot repeatedly encounters a non-loading website.

It is essential to prevent your website from becoming unreachable.

That’s why we use an uptime monitor to ensure that your website is accessible day and night. The monitoring measurements show if there are any interruptions in accessibility or if there is a recurring issue. It’s crucial to know this in a timely manner since visitors often won’t bother reporting such issues; they will simply move on to another website! And you certainly don’t want that.

Uptime monitoring and notification during downtime are standard services we provide with our ongoing security packages.

Pagespeed monitoring

10 July 2023/0 Comments/in Services

We monitor the speed of your website. We do this automatically and daily, allowing us to continuously keep an eye on your website’s speed.

It is common for a website to become slower over time.

Some reasons why a website can slow down:
– The success of the website leads to increased visitors, which requires more server capacity.
– The cache becomes filled up and needs to be cleared.
– Large images are added to the website without lazy loading.
– The server is shared with others (shared server) and more users are added to it.
– Adding plugins increases the server load.
– Code errors cause delays.
– Missing files (404 errors) result in long loading times.
– Outdated PHP versions load websites slower compared to newer versions.

As you can see, there are various reasons why a website can slow down. This can happen gradually, making it difficult for you to notice it yourself.

The pitfall of a fast fiber connection

We often see websites being tested with a fiber connection, which can lead to the website size increasing significantly in megabytes, resulting in long loading times on mobile devices. Mobile devices account for 25-35% of all visitors!

Speed and your Google indexing

Keep in mind that Google measures both desktop and mobile speed when categorizing a website in the Google index. Slow websites on mobile networks will appear lower in search results for mobile searches.

What is considered fast?
The speed of a website should also be considered relative to the size and type of the website. An e-commerce store with product pages naturally loads more data and attracts more visitors.

We know how fast a website should be, how your competition is doing, and often, we can identify the causes of the slowdown.

Pagespeed monitoring is important for serving and retaining your visitors, as well as essential for websites that need to maintain a good ranking on Google.

We provide standard pagespeed monitoring with our security packages.

Reputation monitoring

9 July 2023/0 Comments/in Services

Did you know that Google scans websites in search results for malware on a daily basis? This is to provide visitors with the best and secure search results.

Google looks for:

Phishing – scripts attempting to steal payment information
Malware – scripts giving unwanted commands to visitors
Spam/unwanted advertising – for questionable products or services
URL redirects – redirecting visitors
And more..!

When Google detects any of the above issues on a website, it will display a warning in the search results:

This site may be hacked

You can imagine that visitors think twice before clicking on your website in such cases.

The Chrome web browser
If a website visitor uses the Chrome web browser (by Google), it goes a step further:

They will see a red screen indicating that the website is unsafe when opening it

Antivirus programs
Many antivirus programs have a similar feature, where they block visitors if they consider a website to be unsafe.

SafeSearch, Phishing protection, or similar services.
It goes without saying that it is not good if visitors are prevented from accessing your website.

Reputation monitoring prevents ignorance
What if you don’t know that your website is considered unsafe by major entities like Google and other antivirus programs (Eset, Norton, McAfee)? You could potentially lose visitors, customers, or buyers for weeks or even months, and they often won’t return.

We monitor your website’s reputation with the top 10 leading companies, such as Google, Norton, Eset, and more!

We do this daily and automated to ensure that visitors are not blocked.

What if your website is flagged as unsafe?
If we discover that your website is blocked or has a bad reputation and is blacklisted, we resolve the issue as quickly as possible and request a re-evaluation from the service until the website is considered safe again and visitors can access it without any problems.

And you know what? This service won’t cost you a fortune!
We provide this service as a standard feature with our security packages.

Checked updates

8 July 2023/0 Comments/in Services

Why do we perform periodic and controlled updates while many others let the system automatically install updates or perform updates every day?

Updating plugins, themes, and WordPress often causes problems, so we want to be present when updates are applied and take the time to verify them. This cannot be done if updates are automated and unsupervised by the system.

We, therefore, perform periodic updates, which also reduce the number of risk moments since continuously applying updates creates more opportunities for risks. Additionally, we can easily identify unseen problems related to a specific date and address them more efficiently or revert changes if necessary.

We update plugins with known security vulnerabilities immediately outside of the regular update schedule.

What can go wrong during updates?

Updates are deployed too quickly. Plugins and themes are sometimes updated too hastily without extensive testing, which may cause code errors to go unnoticed.
Server issues – If the server cannot handle the peak load during updates – meaning the processes are not processed quickly enough – the files may not be fully or properly updated. This can cause the plugins to freeze, and often the entire website crashes.
Htaccess modifications – Plugins sometimes modify the Htaccess file, where much of the shared code from plugins and WordPress itself resides. It happens that the permalink structure gets lost and all subpages stop loading, or the caching rules are removed, or the security settings are lost.
Multiple developers – Plugins are created by different companies, and therefore, many different programmers work on the plugins. Sometimes, multiple programmers within one company work on a single plugin. You can imagine that all these people use different techniques, which do not always align.
Same Ajax calls – Sometimes, plugin programmers, without knowing it, use the same code, Ajax calls, library, or functions that conflict with each other or with the theme. Javascript often breaks after changes, causing interactive functions to suddenly stop working.

And more…

Over the years, it has become evident that many things can go wrong during updates. I won’t bore you with the details of everything that can go wrong.
The key lesson learned here is control, and not relying on daily automated updates performed by the system without anyone checking if they were successful.

Once again, for emphasis: we promptly update plugins, themes, or WordPress versions with known security vulnerabilities. We don’t wait for the regular update schedule to address those issues.

Controlled updates are a standard practice and service provided with all our security packages.

What services do you get with a security package?

7 July 2023/0 Comments/in Featured Newspage, Internet and more

Within our security package, we provide the following services:

1. Securing your website against hackers and malicious scripts.
2. Keeping your website up-to-date, including plugins, themes, and WordPress itself.
3. Continuously monitoring your website for security vulnerabilities.
4. Performing daily backups to ensure data integrity in case of server issues.
5. Monitoring your website’s status on security service lists.
6. Monitoring website speed, uptime, and log files.
7. Resolving issues that may arise during updates without disturbing you.
8. Restoring hacked websites if a controlled plugin or WordPress itself becomes compromised.

In summary, we handle everything related to the security of your website.

If any issues occur during an update, we will resolve them at no additional cost. Sometimes, certain plugins may no longer be compatible, a plugin developer may introduce a coding error, or server updates may cause problems. We usually discover these issues during post-update checks and resolve them without bothering you.

However, it’s important to note that we do not offer graphic design modifications or develop new features for your website. For such tasks, you would need a web designer or web agency.

Regarding service, we strive to provide as much assistance as possible within the security package. You can ask questions about your website’s functionality, request backup restoration or data recovery, request a staging environment for testing, ask us to coordinate with your web developer or provide information, seek guidance on hosting, and occasionally ask technical questions.

There are no additional costs beyond the fixed monthly fee. While some sites may require more work to ensure their security, we rarely, if ever, send extra invoices. We aim to keep it that way by focusing entirely on the security and updates of your website.

Uptime monitoring

7 July 2023/0 Comments/in Services

In this post, we wrote about Uptime Monitoring, a standard service included in all our security packages. But what good is it if we only monitor if the website is still online… while the website is currently offline?

That’s where Uptime Assistance comes in!

If we receive a notification that your website is offline/unreachable, we investigate the cause. If it’s due to an error, we attempt to resolve it. We simply enable debug mode and try to bring the website back online and visible.

This may involve certain actions:

Updating a plugin causing an error
Temporarily deactivating a plugin causing an error
Manually re-uploading the WordPress Core
Notifying you that a plugin is no longer functioning correctly and you may need an alternative (e.g., plugins no longer supported by their creators)
Sometimes assisting with finding an alternative, although we generally do not interfere with the plugins you choose to use

If it turns out that the issue is caused by the web host, we inform you so that you can notify your web host about the problem on your website.

How do we know it’s the web host’s fault?

We see typical server errors (blank pages with error messages)
Even a txt file is no longer accessible (license.txt)
Txt files are accessible, but PHP is no longer executed (Apache error)
We see an error 500
And more… there are many indicators!

Note: Web hosts sometimes experience brief outages. That’s why we sometimes wait before notifying you. Sometimes it’s just a matter of waiting until the web host gets their service back up and running.

What Uptime Assistance is NOT

It is not intended as support for someone actively making changes to the website. If you have messed up the website yourself, we can help by restoring a backup, but we won’t fix the mistakes (unless you pay us extra).

Uptime Assistance in recent years

Our Uptime Assistance has prevented a lot of worries for website owners in recent years. In many situations, we have resolved the issue before the website owner even notices.

Through experience, we usually quickly determine what’s wrong (sometimes a hosting outage) and what steps need to be taken to get the website back online.

This is crucial for websites, especially for online shops!

Uptime Assistance is included as standard in our security packages.

Tutorial – Secure your WordPress website properly with the free iThemes Security plugin

6 July 2023/0 Comments/in Anti Virus

You want to secure your WordPress website against hackers and malware, right? That can be done in many ways, but we assume you don’t want to incur any costs.

We will now show you step by step how to install the free version of iThemes Security and, more importantly:

how to optimize the settings of iThemes Security for WordPress

Let’s start with the installation. We assume that you haven’t activated any antivirus plugins on your website. If you have, it is recommended to remove the old one since having two security plugins can adversely affect the speed and functionality of your website.

Do you have WordFence? Cerber? Ninja Security? Well, then you’ll have to choose 😉
If it’s iThemes Security, then read on!

Backup

Before you get started, make a backup of your website.
You can use the free plugin UpdraftPlus to create a backup.

Installing iThemes Security

Go to your admin panel and navigate to “Plugins” -> “Add New”.
Type “ithemes” in the search field, and iThemes Security will appear.
Click on “Install Now”.
After that, click on “Activate”.

That wasn’t so difficult, was it?
But now the configuration begins.

Security Check

When you first install iThemes Security, you will see a screen with some default options.

You can click on the blue button to enable some default features. You will come across them later in this guide.

Many people think that everything is immediately set up correctly

But if you want to make the most out of your website security, there are several options that you can enable. In the next step, we will help you configure various important functions that are not yet enabled.

Configuring iThemes Security

Go to the “Security” -> “Settings” tab in your admin panel if you haven’t seen those options yet.

You will see several blocks there, with the light blue ones being active and the white/gray ones not yet.

Note: we won’t enable all the features. For example, the “Away Mode” allows you to make your admin inaccessible during the night… a nice feature, but just don’t do it 😉

Let’s start configuring!

First, go to the block: Global Settings

Scroll down until you see the bold sentence “Days to retain the database of logs“.
Change it from 60 days to 25 days.

Why: within 60 days, sometimes so many notifications are generated that your database becomes too burdened. While your database might be

10 MB in size with only a few posts, the logs can quickly accumulate to 125+ MB of data. This is not good for the speed of your database and, consequently, your website.

Now you’re done with that, and you can move on to the next block: Notification Center

By default, it is checked to send notifications to all administrators. This is not ideal. We assume that you manage the website, and in that case, it’s even risky to send all notifications to every administrator. Uncheck “All administrators” and check your own name instead.

It is recommended to uncheck the “Daily Security Update” and “Site Lockouts” options. We assume that you regularly monitor your website and/or check the logs. We will cover this in more detail later.

Why turn off notifications? Well, otherwise, you’ll receive an email every day for any activity on your website. For example, blocking attempted intrusions by bots. You may even receive multiple emails per day because bot intrusion attempts are quite common. While the security plugin blocks them, you don’t want to get nervous every time the plugin does its job.

Don’t forget to save the settings with the blue button at the bottom before moving to the next block.

404 Detection

Enable this feature. The 404 Detection keeps track of how many times a specific computer searches for non-existent pages. Bots, viruses, and malware generate a large number of requests in a short period as they search for vulnerabilities in plugins, themes, and your WordPress release.

If you have many files/images in your website that are not correctly linked, they can also generate 404 errors, potentially triggering false positives for legitimate visitors. Therefore, change the “Threshold” from 20 errors to 50 errors. This means someone would have to make a significant effort to trigger the 404 monitor.

Ps: The registration of 404 errors is not only passive but also active. If too many 404 errors come from an IP address, it will be temporarily blocked. If that computer/person/bot continues to visit incorrect pages, it may eventually receive a longer or even permanent ban, which means they won’t be able to access your website or cause any trouble.

And that’s what you’re aiming for – you don’t want hackbots to abuse the server’s capacity.

Database Backups

Decide whether you want to have a backup in your mailbox or set the “backup method” to store backups only locally. As mentioned before, iThemes Security is here to do its job but not to overwhelm you with email notifications and data.

Storing backups locally means that the database backup will be saved on the server. Change the “number of backups to keep” to 3 to 10, for example.

Ps: Check the “Schedule database backups” option at the bottom to enable automatic backups.

WordPress Contants

This information is more relevant to experienced programmers, and they wouldn’t rely on the site diagnosis tool for this information 😉

However, if you really want to, you can check here whether the “debug mode” is on or off, if “debug logging” is enabled, and if the paths to wp-content and plugins are correct.

File System Permissions

Those terms… which translator came up with them.
Anyway, here you can see if the most important directories, such as the root directory, wp-content directory, plugins directory, and some others, are writable.

Conclusion and Closing

If you have used the site diagnosis tool of iThemes Security before, let us know in the comments and whether it was helpful.

Honestly, this information is mainly for advanced programmers, and they would look directly at the places where the settings are located instead of using this diagnostic tool.

Security

The first thing a hacker does is gather technical information about a website. So, do you really want a code on your website that displays all the technical information? Not really!