Malicious code in previously trusted WordPress plugins is now a reality.
In case you missed it, three widely-used WordPress plugins were recently found to have malicious code included with recent updates. Display Widgets, Fast Secure Contact Form and SI CAPTCHA Anti-Spam were each removed from the official WordPress Plugin Repository due to SEO spam discovered by users.
One thing each plugin has in common was that they were all previously trusted and generally considered secure. More recently, they were sold by their original authors to a new developer, who used these popular plugins to spread payday loan spam posts. In fact, security plugin company Wordfence recently reported that up to 9 plugins have been found with malicious code added through various means.
While many web designers and developers have become more proactive in securing their sites against typical threats like brute force attacks, etc. – malicious plugins appear to be a whole new ballgame. We’re used to defending against security holes, but not authors who are intentionally trying to propagate malware. And in the case of the plugins mentioned above, immediately updating to the latest version was the worst thing we could have done since that was how the code was installed.
The question now becomes, what can be done to prevent this from happening again?
A Matter of TrustThe team in charge of vetting WordPress plugins in the repository has a really difficult job. There are currently over 52,000 free plugins available and it’s darn near impossible to continually scrutinize each one for security. Why, just think of the sheer amount of updates to those plugins that occur on a daily basis. It’s undoubtedly difficult enough to vet just the new plugins that come in – never mind checking out each and every subsequent update that is released.
Still, we’ll often just trust that whatever we download to our sites is safe. There are always worries about outdated code that would allow a hacker to do some damage – but how many of us ever thought to question the motives of the author themselves?
In the open source community, there is a great deal of good will. Code is shared and improved on a regular basis. There are so many outstanding people who give their time and talents to make the web a better place. While this spirit of giving is a wonderful thing, it also leads to some complacency on our part. We don’t stop to think that someone out there may not really be looking to do us a favor.
Even worse, in this case the attacker took code that had been trusted for years by scores of users and turned into something else entirely. And the truth is that only hardcore WordPress news junkies had any idea what was going on after the fact.
Sadly, it seems to be a reasonable assumption that the vast majority of folks using these plugins have absolutely no idea that they were removed from the repository. If they do notice it’s missing, they may not know why. That’s got to change.
Finding a Way to Warn UsersThe issue of a malcontent purchasing a previously-trusted plugin and turning it into a tool of destruction is (hopefully) not a common occurrence. But plugins are routinely removed from the repository and the average user probably will never hear about it.
While the team responsible for the repository has some ideas (here and here, for example) on keeping users better informed, I think it needs to go even further. In my view, security issues like this should be displayed on the WordPress plugin management page within each installation. This is the same area that tells us when a plugin requires an update, and it makes sense that a message could be placed in that same area – perhaps with a link to a more detailed explanation.
It’s understandable that there is concern about just blurting out major security holes or malicious code. That information could certainly be used for the wrong reasons as well. But how does that balance out with the risk of essentially telling no one about the issue?
True, these particular plugins were spewing SEO spam – not necessarily a matter of life and death. But what if something out there starts deleting database tables or spreading ransomware?
We’ve reached a tipping point. There must be a way to disseminate this type of security information to sites that have these plugins installed.
Stranger DangerIt’s truly a shame that someone took advantage of the trusting nature of the WordPress community. But maybe it’s the wakeup call that we needed to realize that malicious attacks come from both the inside and outside of a WordPress install.
I don’t envy the people who have to make decisions on how best to let users know what’s going on. It seems like no matter what path they choose, there are serious risks involved. But it feels like some sort of action is needed.
If the new reality is that what we install on our websites isn’t always going to be on the up and up, then we need to be informed of any found dangers. For me, this all started with the Display Widgets plugin, which I had installed on a few sites. The Wordfence plugin alerted me to the fact that it was removed from the plugin repository. From there, I had to do some research to find a forum post that explained the situation (and it was not easy to find since the plugin page had been removed).
Web Professionals work with WordPress on a daily basis and write about it quite often. If we've had a hard time finding information regarding this incident – how is the average site owner supposed to find out? It’s a situation that seems untenable for the future.-by Eric KarkovackCourtesy of SpeckyBoy
Instead allow users to read content and get acquainted before asking for anything. Give them the chance to decide on their own instead of forcing it on them. This could either be a subtle pop-out after reading the page, or a popup modal before the user clicks off the page.
2. Social Integration
Sharing on social media should be an organic experience, not a forced one. A user will want to share your content more if they are not patronised into it, so limit your widgets and consider using a pleasant message at the end of the content asking them to give it a quick tweet if they enjoy your work.
3. Page Preloaders
If you are having speed issues, load in the lighter elements of the page first—like the navigation—and use a loader for the heavier content, instead of leaving the user on a blank screen staring at a cute animation. This way the user doesn’t feel like you’ve stood them up on a date, and that you are still there.
4. Mega Menus
If you don’t want your site’s navigation to resemble a game of Where’s Waldo, you can split up the different links into sections. You could also swap out some of the text links for imagery to make it less mundane. Lastly, for the sake of all humanity, please stay well away from hover activated dropdowns.
5. Infinite Scrolling
Just like mega menus, infinite scrolling has great potential if implemented correctly. Blend the pattern with traditional pagination and allow the user to choose to continue scrolling with an action. This will help keep your footer accessible. In order to fix the issue of users losing where they were up to, have the URL change whenever the page loads up another section.
Wrapping UpA quick disclaimer to bear in mind is that although the above UX patterns are insanely annoying, that doesn’t mean that you should avoid them like the plague. While they are not the best option, some of them might work for your website depending on your requirements.
However, try empathising with your users and think before you employ any of these patterns.-by Nick HileyCourtesy of Web Designer Depot
Apple is opening up its digital ecosystem to PayPal from today, with customers now able to use the omnipresent payment platform to purchase goods through iTunes, iBooks, Apple Music, and the App Store.
Kicking off in Canada and Mexico, PayPal payments will be slowly rolling out to other markets — including the U.S. — “soon after,” according to a statement issued by PayPal today.
In real terms, this means that rather than simply setting your credit or debit card as your default payment mechanism, you will now also have the option of selecting PayPal.
Apple has already embraced other third-party payment methods in some markets. Last year, for example, the company opened to Alipay, a service that is effectively the PayPal of China.
This latest integration also opens up PayPal to Apple’s voice-activated digital assistant, Siri, meaning you will soon be able to ask Siri to make a payment using the PayPal app directly.
Notably, this also opens up PayPal’s One Touch payment smarts to Apple devices, meaning you will be able to purchase goods on compatible sites and mobile apps.
It’s worth noting here that this isn’t the first time Apple has embraced PayPal payments. Apple used to offer PayPal’s Credit service in the U.S. to enable consumers to finance physical products, such as Macs and iPhones, but this was discontinued in 2015 — though it is still available in some markets, including the U.K.
-by Paul SawersCourtesy of Venturebeat
Social media has become an integral part of daily life, but some business owners are still not using this marketing channel to its full potential. Posting inconsistently, sharing too many promotional messages and allowing accounts to become inactive can hurt your results.
Social Media has become such an important part of our everyday lives. People of all ages across the globe use Social Media. It has become a major source of news, local information, business information, consumer research, as well as a place to keep in touch with old friends and new or to stay in contact with family that may not be nearby.
However, one of the most important aspects of Social Media has been the opportunity for businesses of any size, in any location, and any industry to reach an audience of consumers. Marketing and Advertising on Social Media has become a necessity for businesses.
Unfortunately, there are still business owners and marketers who either do not understand how it is supposed to work or they are still using it as though it were 2010.
Social Media Marketing has changed drastically over the past several years, and it continues to change. It also requires knowledge and experience to do it correctly and effectively.
Here are 6 things business owners need to know about using Social Media to market:
1. Posting an update whenever you think of it may hurt your business.Each Social Platform has an algorithm. An algorithm is “a set of rules that precisely defines a sequence of operations.”
In Social Media, this algorithm determines what people see, what information gets out to specific people. If you are only posting sporadically your updates are likely not showing in many News Feeds, if any at all. Thus, your updates are not generating any views or interest and basically are not worth the time you took to post.
In order for your updates to be effective you must post consistently, every day, a few times a day, as well as posting content that is relevant and interesting to your audience.
2. Posting anything, at any time will not work.Social Media Marketers educate themselves on what to post, when to post it, how many times to post each day, what to share, etc. There is a definite method to the madness, and it involves more than just posting a link to one of your products.
3. Posting only company or sales information is not an effective strategy.People are not using Facebook or Instagram to see sales messages from businesses. Sure, they are using Social Media to research their purchases, but they are doing so on their own terms. They are seeking out the information, they do not want the information coming at them when they don’t want or need it.
Social Media Marketing is about developing your brand and improving your visibility. Sharing information that users want to see, articles related to your business, links to relevant information they can use, posting reviews from current customers are all useful and not annoying or overwhelming.
Unless you are Amazon or another big box retailer or large company, sharing only company-related information is not a good strategy.
4. Running an ad does not mean people will be clamoring to buy your products/services.In the history of advertising there has never been a guarantee that an ad will generate sales. In the old days, traditional newspaper ads or television ads were sold based on the number of people that would see your ad. These ads were no guarantee that a sale would be made.
Advertising is an audio or visual form of marketing communication that employs an openly sponsored, nonpersonal message to promote or sell a product, service or idea.
Social Media Advertising is a more direct way to reach people and this is where it is acceptable to directly display your products and services. The overall goal is to reach people and make them aware of your products or services so when they make their purchasing decisions (when THEY are ready to purchase) they think of your business first.
5. Just having an account on the Social Platforms is not enough.If you are going to establish accounts on the Social Sites it is necessary to keep those accounts active and monitor them for comments and questions. Opening an account and listing the icon on your website is not enough. In fact, if you do have accounts on the Social Sites and you are not using them, updating them, or watching for comments it can have a negative effect on your business.
An inactive account on Social Media sends the message that you don’t care. Additionally, people seeking out your page only to find it has not had an update in weeks or months may think your business is closed. Either way, an inactive page with updates from weeks or months, or even years, ago signals your business doesn’t care and negatively affects your reputation.
6. An Office Manager, Assistant, Billing Manager, Intern, etc. cannot manage Social Media effectively.Just because the Social Sites are free and “anyone” can use them, does not mean that one of your employees or interns can provide an effective and successful campaign on Social Media.
Social Media Marketing requires experience and knowledge. If you want your marketing and advertising to be useful and profitable it needs to be done correctly.
Hiring a professional to manage your campaigns is the best way to ensure that your budget and efforts with Social Media are beneficial to your bottom-line.
-by Laura DonovanCourtesy of B2C
Videos are becoming increasingly important for B2B marketing. Companies with dedicated video marketing strategies generate more leads, earn more revenue, and enjoy better brand awareness than those engaging in all other forms of marketing.
Facebook, Twitter, and YouTube are great places to get eyes on your video content, but prospects aren’t necessarily in work- or buy-mode as they scroll through these platforms.
We do know, however, that 90% of B2B decision-makers use search to research business decisions. To reap the benefits of video marketing, your videos must be optimized for search. By following a few best practices for video SEO, you’ll enjoy more visible video search results and drive more organic traffic—and qualified leads—to your video content.
How Does Google Rank Videos?In its general search and video search functions, Google ranks videos using the same ranking factors as written content—content quality, number of backlinks, and RankBrain are the most important signals. When hosting videos on your site, the tasks for optimizing video content are similar to those for written content and images.
Similar, but not identical. Here are five steps you should take to improve your search rankings so your videos stand out in search results:
1. Transcribe Your Video ContentProviding both a video and transcription on a single page offers dual benefits: it caters to different reader preferences, and it makes video content more likely to appear in general Google searches.
Video transcriptions can be optimized for search in the same way as any other text-based site content. While this may seem to break duplicate content rules, transcriptions actually provide a good user experience by catering to different learning styles. While some visitors may prefer videos, others may prefer reading. In fact, 85% of business executives prefer reading over watching videos when making business decisions.
When transcribing video content, there are two approaches you can take:
- Provide a full, word-for-word transcription as Moz does for their Whiteboard Friday videos.
- Provide text highlights like Content Marketing Institute does for their This Old Marketing podcast.
2. Optimize Video File MetadataJust like general search results, titles and descriptions display in video searches. While Google will find something to display if this data isn’t provided, you’ll drive more views and rank higher in results if this metadata is optimized.
Video titles and descriptions should:
- Be compelling to encourage click-throughs.
- Be relevant and applicable to the content.
- Include keywords that match user intent.
- Feature titles that are 55 characters or less.
- Use meta descriptions that are 155 characters or less.
3. Implement Schema MarkupWhile some users conduct searches using Google’s video search function, many just use the general search tool. To help videos stand out in general search results, use schema markup (semantic vocabulary) to provide the information search engines need. With schema markup, general search results will appear in the same way as video search results, providing a video thumbnail and length.
At a minimum, you’ll need to add schema markup for the title, description, thumbnail, and either embed- or content-URL for each video. You may also want to include video length, upload date, and height and width dimensions. Google has a page describing exactly what it expects from schema markup for videos and allows you to validate schema markup with the Rich Snippet Testing Tool.
4. Submit a Video SitemapWhile Google’s crawlers will discover videos on your site, you can enhance discovery of site-hosted videos by creating a video sitemap and submitting it to Google Search Console. Create a separate video sitemap, or add video entries to an existing sitemap.
Entries in a video sitemap must include video title, description, play page URL, thumbnail, and raw video file URL, and must match the information included on your site. There are a number of optional pieces of data that can be included as well—video duration, rating, view count, category, and live status. While the optional fields do not need to be included in a video sitemap, they provide additional data Google can use to properly index video files.
5. Find Keywords That Populate Video ResultsThe best way to know if users prefer video content for certain queries is to conduct searches for targeted keywords. If video results appear on the first page of results, it signifies that users are typically satisfied with video content for that query. For example, conducting a Google search for the query “Twitter tutorial” results in a YouTube video in position two, just below the official Twitter support page.
Prioritize video creation for keywords that populate video results in general search and create videos that are higher quality or more comprehensive than those that are already ranking for relevant keywords.
The Most Important SEO Video Ranking FactorVideo content is held to the same standards as text content in search results—it must be high quality. Optimizing fluff videos isn’t a valuable use of your time because—like general content—engagement factors are important. If people are watching only a few seconds of your video and then leaving, your engagement scores will fall, and Google may determine that your video is either irrelevant to the query or low-quality.
Video content should cater to user intent, provide value to viewers, and have a high production value. That doesn’t mean you have to spend a fortune hiring actors or designing animations that make Pixar jealous, but it does mean that videos should be in focus, audio should be clear, and unnecessary pieces should be edited out.
Once you’ve created high-quality, engaging videos, upload them to your site, add transcripts, and optimize display in results with metadata, schema markup, and sitemaps. Completing these tasks will enable more visible—and higher ranking—search results for video marketing content.-By Nate Dame
Courtesty of Marketo