Though the new features and technologies are exciting, Gutenberg has also caused a lot of controversy. One central issue is its potential to break existing WordPress sites as it is forced on anyone updating to WordPress 5.0.
Why are things changing?
The WordPress editor has seen incremental updates since its inception, but some argue it’s looking a little dated.
As the web evolves, more and more front-end frameworks are popping up, offering new ways to design and develop sites and web applications. Gutenberg aims to take advantage of some of these new technologies, such as Facebook’s ReactJS to give greater flexibility to WordPress users.
What does this mean?
As with any new development or technical evolution, there are teething problems.
In our initial testing, we found issues with three popular plugins – Yoast, Advanced Custom Fields (ACF) and WooCommerce. While these were all functional in their basic capacity, key features were broken. For example, WooCommerce is missing product categories, while ACF is missing the ability to hide the content editor.
At the time of writing, the Gutenberg editor is still in development with users able to install the new editor as a plugin to existing sites. However, in WordPress 5.0 it will no longer be optional. The existing editor for posts, pages and any other custom post types will be a thing of the past.
But all is not lost…
For plugins that aren’t compatible, there are already a number of methods for disabling Gutenberg. The WordPress Core development team have also promised an official plugin to return WordPress to its current status quo.
Steps to mitigate against Gutenberg issues
If you’re worried about the upcoming update, here are some steps to take:
- If you can, install the Gutenberg plugin on your site in a test or staging environment. Check that you haven’t lost any editing functionality.
- Check to see if automatic updates are enabled on your WordPress website. To avoid disruption, turn them off.
- If you use any third party themes or plugins that are crucial to your WordPress website, check with the developer to see if they plan Gutenberg support and what their roadmap looks like.
- If you’re using a specialised WordPress or managed hosted service it’s possible that you could be upgraded automatically by your hosting company. Contact them to make sure you’re not in for any unwanted surprises.
The WordPress Core team have not officially announced a release date for version 5.0, which will force users towards Gutenberg, but it’s rumoured for April. The official release date will be announced on their website soon.
Still worried about Gutenberg? Speak to a member of our team for more information and support on all things relating to WordPress.
If you’re reading this, you already know how important it is to have a good website. It provides information about your business, helps customers find you on Google, and differentiates you from your competitors.
We know it’s tempting to go for the best website money can buy. Sites built by an agency (like ours) are typically bespoke, hand-coded and tailored for SEO (Search Engine Optimisation). But just because we can build you a top-spec business website, it may not be right for you today. And here’s why…
You don’t know your target market
Many people who start a new business, ourselves included, begin by leveraging personal contacts. You might go to networking groups, get referrals and work with former colleagues.
This approach often succeeds, but it’s essentially an experiment. At the start, you make a lot of assumptions about your customers, and the best market for your products or services.
It’s not uncommon for life to work out differently to what you had in mind. Perhaps your customers are a different demographic, or maybe there’s greater demand in a different market to the one you initially targeted.
So you do the smart thing. You listen to your customers. You make adjustments, change your business model. Gradually, you move away from what you were doing a year or two previously.
Now imagine that you’d already spent a few thousand pounds on that bespoke website. Your business has changed so it’s now out of date, or maybe even plain wrong. You can fix it, but only by spending even more money.
So if most of your leads are likely to come from networking and referrals, there’s no point spending too much on your first business website. That way, if you need to change it later, it won’t cost you an arm and a leg.
Drag-and-drop builders
Fortunately, creating a simple website is cheap, quick and easy. You can do it yourself without any coding knowledge using a drag-and-drop builder like Squarespace, Wix or Weebly.
Weebly and Wix both offer free plans, although your site will include their branding. For a site free of branding, you’ll pay from £7.76 per month for Wix and £5 per month for Weebly.
Squarespace is slightly more expensive. It charges £10 per month for a personal site, and £15 per month for a business site with extras like e-commerce features.
The drawback to using Wix, Squarespace or Weebly is that you’re limited to fairly basic templates. If you need to change your site’s appearance or functions, your options are limited to what these tools can do.
WordPress
An alternative is WordPress. It’s a platform that’s often associated with blogs but in fact it’s a very flexible tool for building good-looking websites you can easily customise.
The underlying WordPress software is free, because it’s open source, but you’re not limited to the templates (called ‘themes’) supplied with it.
A third-party marketplace called ThemeForest offers over 41,000 professionally designed themes, giving you a wide selection to choose from. Good themes typically cost between $50 and $70.
To install a theme and get your site up and running, you can either do it yourself or hand it over to a freelance web developer or WordPress designer. It shouldn’t cost much or take very long.
Many people also consider WordPress to be better for SEO purposes than the simple website-builder tools.
SEO and Plugins
In making things simple to edit and design, you inevitably make compromises in how the site is built which have a knock on effect in what is possible and realistic in respect of SEO.
WordPress is certainly a good platform for publishing content, and plugins like Yoast help you optimise every page for SEO.
Plugins, however, add weight to a website and could slow the time it takes to load. Loading time is one of many technical factors Google takes into account when it decides how highly your site should rank in search results.
Bespoke is the way forward
Which is why a bespoke business website, tailored to your exact requirements, and technically optimised for Google, is the way to go if you really care about SEO – and the time to care about SEO is when you’re confident in the direction your business is taking. By then you could be playing on a bigger stage, with national and maybe international growth ambitions.
At this point, you’ll need a website that’s finely tuned for beating your competitors in search results, and that’s where we come in.
Everything that is bad about your WordPress website
Your servers can’t handle your audience
Not all hosting is created equal. If your website is painfully slow and users are being turned off by long loading times, the problem may be that there simply isn’t enough horsepower to serve your level of users. Generally there are 3 types of hosting:
Shared hosting:
You share one server with loads of other websites. This can cause problems in that if one user breaks the server with their site, your site can suffer. It basically means the resources of the server are shared between sometimes hundreds or thousands of users with no real guarantee as to which of those resources go to your website. If one website is using 90% of the server’s memory, the remaining sites only have 10% to play with. In order to prevent this “bad neighbour” effect, most hosting providers will severely restrict what users can do. This can lead to you being unable to update software or use custom scripting languages.
Cloud / Virtual Private:
On a cloud or Virtual Private (VPS) server, you are essentially still sharing the server with other users. However in this case, resources will be allocated in advance. This means if you are paying for 1GB of memory you should always have access to the entire 1GB. The virtualisation process means that you should be able to use the server like a dedicated machine. This allows you to install what you want on the server and configure it in a completely custom way.
Dedicated Server:
A dedicated server is exactly that, a dedicated machine that’s sole purpose is to serve your website. This gives you the most freedom but also comes at the greatest cost. It is also important to consider specifications when buying a cloud, virtual or dedicated server. Servers are just computers with an internet connection, the better the computer and the better the internet connection, the more reliable and fast your website will be.
You’re not secure
We think that securing your website with an SSL certificate is so important, we already wrote an entire article about it! Bottom line is, using an SSL certificate on your site makes it more SEO friendly, and instils more trust in your users.
Security doesn’t end with a certificate though. If your WordPress site, any of its plugins or themes are linking to or using resources from an insecure source, then it can cause problems. For example, if you embed an image in a blog post from a plain website (http instead of https), Chrome will identify your website as either secure with errors, or secure with mixed content, and won’t display the reassuring green padlock.
You’re not responsive
There really are very few excuses for your website not being responsive in 2017. Back when the web was fairly new, you could probably rely on all of its users having similar 15″ CRT monitors to view your website. This meant you could take the risk of settling on one page size. These days, users are logging on with everything form phones, tablets and smaller laptops to huge all in one machines, all with wildly different screen sizes and densities.
A responsive website should gracefully resize its content for fit and look good across all current screen sizes. Images should also be crisp enough to appear smooth on high density or retina screens. If your website doesn’t, it is going to stick out, and not in a good way.
You’re not pleasant on mobile
Now we’ve already covered responsiveness, but just because your website fits on a mobile screen doesn’t mean it plays nicely with mobile. Common problems with websites can include:
- Laggy or hanky scrolling
- Hit targets that are too small for touch
- Too much content, user’s fingers get tired just trying to read through all of your site.
You use too many plugins
What is wrong with having loads of WordPress plugins? Nothing in theory. A website could tun hundreds of plugins without seeing any degradation in speed or introduction of security flaws. The problem is that WordPress plugins are created by users, and aren’t regulated. This means that for every highly-optimised well written plugin, there are potentially many more that slow your website down or introduce security issues.
You’re not keeping WordPress up-to-date
Security:
With every WordPress release, the community strives to deliver better. Better speed, better security and more bug fixes. If you’re happy with the speed and how your site works however, you should still be concerned about security. WordPress is the most popular CMS platform out there, and can attracts a lot of malicious people. Generally, when security holes are found, the WordPress community is usually pretty quick in patching them. However, if you don’t install the updates, the holes are still there to be exploited.
Updates:
If you run an early version of WordPress, for example anything before 4.0, should you go ahead and update? There are clear benefits in you updating your WordPress site. Yet it’s highly likely that if you’ve got a theme and plugins running for an ancient version of WordPress, things are going to break when you upgrade. It’s always beneficial to try upgrades in a staging or local development environment before upgrading on a live site. If you’re not sure, it’s always better to have an experienced professional audit your site first.
Plugins:
Keeping the core WordPress installation up to date is important of course. However, to truly take advantage of all the latest technologies in security, features and speed, you need to also keep an eye on themes and plugins. Plugin updates should show in the “Plugins” section of the WordPress CMS. Keeping themes up to date is more nuanced. This is because there is a high chance your theme has been customised in some way.
Stripping a WordPress site right back to it’s core, most websites can benefit highly from updating PHP, the scripting language that powers WordPress. Upgrading from PHP 5 to 7 can deliver huge speed benefit, see our article
When a website has an SSL certificate installed it needs an authoritative body to basically “vouch” for them. Every secure website using an SSL certificate will have a certificate authority that has ‘authorised’ their certificate. You can learn more about SSL security here.
Symantec also own and operate a number of other Certificate Authorities such as VeriSign and GeoTrust. Google have proposed that all certificates using Symantec or it’s subsidiaries as a certificate authority will gradually be distrusted. Each new version of Chrome will significantly reduce the amount of time a Symantec certificate can be valid for. This will reduce the period of time a Symantec certificate is valid to 9 months by early 2018.
For websites that use “Extended Validation” certificates, meaning that they display the green bar in Chrome and offer the highest level of validation, Google suggests untrusting Symantec certificates immediately. Meaning that the next Chrome update could potentially break any website using Symantec EV certificates or label them as “untrusted” to end users.
Why is this happening now?
An investigation where Symantec was unable to produce data on how it’s partners were validating companies is cause for concern. The security giant has also admitted to mis-issuing 127 certificates. In 2015 Symantec employees were fired after it was found they were issuing rogue SSL certificates for internal use. But for Google it’s too little, too late. Digital security is entirely based around absolute true and Google feels that they can no longer trust Symantec. In particular when it comes to validating requests for SSL certificates.
When will this happen
Google propose not trusting any EV certificate from Symantec or it’s subsidiaries, but it hasn’t happened yet. There are still a number of websites using Symantec issued certificates which have an expiry of longer than 9 months. These websites are still working fine in the latest development version of Chrome. Symantec has said it will reissue all certificates, effectively curbing to Google’s demands. This won’t be an easy fix however, as Symantec certificates make up around 30% of all those on the web. It also means website administrators will need to install the new certificates, potentially creating hours of work for agencies and web developers.
Beyond Chrome, Mozilla, the company behind the popular Firefox browser are also discussing the issue and are making a similar noise. Apple and Microsoft generally follow Google’s lead when it comes to this kind of issue so when the new rules come into effect in Chrome, we expect to see Firefox, Edge and Safari follow suit soon after.
What does this mean for Web Administrators?
If you’re using one or more Symantec EV SSL certificates, we recommend you act soon. Your choices are;
- To work with Symantec as they reissue new certificates which comply with Google’s new rules and install a new Symantec certificate
- Install a certificate from using a different provider, to circumvent the issue entirely. COMODO and GoDaddy are both
For any other Symantec SSL certificate, be aware that you may need to install a new certificate sooner than expected.
Using this you can see for that for example; Chrome 61 will not accept any Symantec certificate that is valid for more than 21 months or 651 days. The approximate release calendar is available here.
What does this mean for Business Owners?
If Appeal managed your website, it will use SSL certificates that are authorised by COMODO, the global leading brand for SSL security. This issue won’t affect your website.
Unsure if your website is using an Symantec certificate? Do note that Symantec does operate under other names. If you’re unsure, get in touch with us and we’d be happy to check your website security.
If you’re a business owner with a website that isn’t currently using any certificate, please be aware that as of January this year Google Chrome will flag your website as “Not Secure” to your users! We’d recommend maybe steering clear of Symantec for now but definitely investing in SSL security for your website.
What does this mean for Everyone Else?
Things may get a bit choppy for a while. The “Secure” address bar is secure enough for websites that don’t take sensitive information such as payment and bank details. However you should always look for extended validation (company name in the address bar) when handing over payment information or other private data. A number of genuine sites could suffer from Google’s new rules, but there’s also a very high probability that scammers will jump at the chance to take advantage.
You can read the original Google Groups message from Ryan Sleeve here.
And Symantec’s response was available here.
What is PHP?
PHP is a web scripting language that is the foundation of many websites and web frameworks. If your website uses WordPress, it uses PHP. It enables you to run scripts and work with data on the server side of your website as opposed to the user side (which is covered by JavaScript). It’s not the only web scripting language of course, but it’s ease of setup, support by web hosts and adoption by the incredibly popular WordPress CMS make it one of the most popular ways to power a website.
PHP 7 has been out for a while now. Version 7.1 was introduced on 1st December 2016, bringing more improvements and new features for developers. With version 7.0 seeing release at the end of 2015. That means that there has been ample time for the new version to mature and become a stable, secure option for PHP web apps and sites.
What do I have to gain?
Although developers have quite a few new toys to play with when it comes to PHP 7, the huge performance improvements are something everybody can get excited about.
In many benchmarks PHP 7 comes out roughly twice as fast as previous versions and uses far less memory. This means that just upgrading your sites and web apps to run on PHP 7 can serve up to three times as many users and dramatically cut load times to your site.
Is it much of a hassle?
Unless you’re using very old code, or rely on legacy extensions, the chances are that your website and PHP 7 will get on fine. Having said that just blindly updating can cause problems. If you’re redesigning your website or creating a brand new site using WordPress or another PHP framework – use PHP 7. There’s no reason not too!
Is running an older version a risk?
Right now, if your web server is running the latest version of PHP 5.6, you’re probably OK. PHP 5.6 is still getting support for a while. Until 31st December 2018, PHP 5.6 will still receive security fixes, meaning that it’s still OK to use in production.
The problem is, a lot of websites aren’t even using 5.6. Web servers using 5.5, 5.4 and even older are still extremely prevalent and these versions have no longer receiving security fixes. This means a huge amount of WordPress websites currently live are potentially insecure.
What do I do?
If you’re maintaining your WordPress website yourself, your upgrade path will vary depending on how your website is hosted. Most hosting providers are now offering PHP 7 to their customers. It’s important to check the compatibility of your WordPress version and any plugins or themes you are using. If you’re unsure, it’s worth having an expert opinion and making backups before making the leap.
Back in August 2014, Google announced that websites using a Secure Hypertext Transfer Protocol (HTTPS) connection would be the beneficiaries of a minor boost in search rankings. This provided many business with the motivation to make the change and install an SSL certificate on their to meet modern security standards. Now things are changing again. As of January 2017 with the release of Chrome (version 56), Google will begin shaming websites that do not have SSL certificates in place with a ‘Not secure’ notice planted next to your URL in the browser bar.
What is an SSL certificate and why do I need one?
‘SSL’ stands for Secure Sockets Layer. It creates a secure connection between client and server to allow the secure sending of information. An SSL certificate contains information about a domain name and the owner of the domain name to authenticate the connection.
As a rule of thumb, you’ll know if a site has an SSL certificate installed if the site begins with ‘HTTPS’ instead of the simple ‘HTTP’ (the ’s’ stands for secure). Most browsers now also display a padlock icon or a visual indication that SSL is installed.
With SSL installed and correctly set up, visitors to your website can be confident that communication between their browser and the server is secure.
Without SSL, any data sent to or from your website or app can be intercepted by anyone with the skill or motivation to do so.
From a business point of view, this has some serious ramifications:
- You are risking your user’s privacy. If you collect user information and you don’t have SSL installed, you are taking a big gamble.
- You may be risking your user’s finances. If you run an eCommerce website without running SSL, we would implore you to stop! Hackers actively search for websites that are not secure and you are putting customer security at risk.
- You are risking user trust. Many users know that websites secured with a certificate are more trustworthy. Some of our clients have found that simply installing an SSL certificate has reduced their bounce rate.
- You are hurting your SEO strategy. Google have implicitly said that secure sites receive a ranking boost.
What is SSL Extended Validation?
For websites that serve basic information and don’t collect user data, a standard certificate is great.
But how does the user know that the certificate holder is who they say they are? Let’s explore a potential scenario:
A nefarious individual wants to trick users into paying for a service or product sold by another company. They could easily buy a similar domain to that company, for example (apple-products.com or adidaas.co.uk) as well as an SSL certificate. They can then run a phishing scam to lure users into paying for computers or clothing that doesn’t exist.
So how do you avoid this? Extended validation (EV) certificates. With Extended Validation, the company issuing the certificate does due diligence to ensure that the party buying the certificate is who they claim they are. These certificates generally appear as a green bar or green text in the URL bar of your browser.
Extended validation certificates are more expensive, and can be more complex to set up. But if you sell online or collect user data, Extended Validation is a surefire way to instil confidence in your customers and users.