The last month was quite active from WordPress security front as well as Google SERP’s changes. Let’s talk all about it in this Blogging Monthly episode.
Blogging Monthly Episode 03
Hey Everyone, Welcome to another episode of Blogging Monthly Series. We have seen a lot of challenges towards WordPress Security in the last one month. There have been some vulnerabilities that have been identified and hackers are using it to gain unauthorized access to WordPress sites. We will talk about those in this episode.
We have also seen a lot of changes for Google SERP crawl and indexing. Mobile-first indexing is coming to every site across the internet. So if you are not aware of it, this is a good time to look at those changes and make sure your sites are ready for this.
So let’s start with the WordPress security issues. In the recent past, we have seen a flurry of WordPress plugins to get affected by security issues. The plugin includes Duplicator, ThemeGrill Demo Importer, Flexible Checkout Fields For WooCommerce, ThemeREX Addons, etc.
The good thing is that security patches are available for all the exploited WordPress plugins. So, you should update your WordPress installation and make sure you are running the latest version of the exploited WordPress Plugins.
Here is a list of WordPress plugins which you should look and update if you are using them on your site.
A WordPress plugin to migrate or restore your WordPress site. The security issue allows the attackers to upload the unauthorized file to a folder or export the database access credentials. This can give them access to complete sites including the database and they can insert malicious code easily to your site. ThreatPost has published a detailed article about this vulnerability on their site -> Check Here.
A plugin to provide many support functionality to ThemeREX WordPress themes. There has been an issue with the Addon plugin which can provide unprotected access to the REST API endpoint.
ThemeREX team has been fast to patch the vulnerability in less than a day and able to issue the update. Wordfence has a good detail article about the vulnerabilities of this plugin -> Check Here.
ThemeGrill Demo Importer
A plugin to import the demo content for the ThemeGrill WordPress themes. At the time of exploit going public, the plugin was installed at almost 200,000 sites. Since then many of the webmasters have uninstalled the plugin.
The exploit allows the remote user to wipe the database or restore it as a base install. After that hackers can access the site with the default ‘admin’ user and password. The exploit is also patched and you can update the plugin to get the fix. WebARX Security has a detailed article explaining the vulnerability -> Check Here.
My advice for the plugins like these which have limited functionality, you should uninstall them after the use. They are usually a one-time affair and should not be left installed on active sites. If you ever need them again, you can always install it at that point in time.
Flexible Checkout Fields For WooCommerce
This is another plugin that has security issues for the WooCommerce WordPress sites. Their setting screen was accessible without authentication which has allowed hackers to inject extra fields and scripts to WooCommerce checkout pages.
The vulnerability has been patched up and you should update the plugin to the latest version. You can read more about the security issue here.
SEO Plugin Issues
Not only for the security issues, the month was not good for the SEO plugins also. First, there was an issue with Google Analytics Dashboard For WP plugin. If you are using that plugin, please verify if your Google Analytics is showing the correct data.
Looks like ExactMetrics has redesigned the plugin but it has some issue which is causing the Google Analytics to show wrong data. The best way to look at the frontend and make sure your Google Analytics code is loading properly. If not, you can wait for an update or add the correct code manually to your theme.
Yoast SEO and Rank Math are also hit with an issue with Canonical URLs. For the non-English sites, if the URL contains Unicode characters, the canonical URLs added are wrong. This can create an SEO issue for your site. Again you can easily verify by inspecting the frontend in Chrome or Safari. Search Engine Land has a detailed article about it.
Elementor & Strattic Fund Raising
Now, let’s talk about some of the development of WordPress Themes. Elementor has been one of the big names in terms of Visual Page or Theme Builder. They are able to source the additional funding of $15M from Lightspeed Venture Partners. Check the announcement here. They are planning to invest that amount in additional development of Elementor. Here is what the CEO has said about this additional funding.
With Lightspeed’s backing, we plan to grow our operational capabilities and support our expanding community on the local and global levels. We intend to bolster our online training and learning programs, strengthen our infrastructures, and recruit more talent. At the same time, we will continue to develop new innovative product lines, thereby enhancing the Elementor platform.
On similar lines, Strattic has also secured additional funding of $6.5M. Strattic is a company that is trying to server WordPress sites as static pages rather than dynamic sites. The idea is to improve the delivery speed, reduce the database workload and save WordPress sites from many of the hacking efforts. If you are not aware of Strattic, go ahead and check the video below.
WordPress 5.4 Availability
The next update is around WordPress 5.4 availability. We are very close to seeing the official update rolling out to all the WordPress sites. This will be the first major release of 2020 for the WordPress CMS.
WordPress 5.4 combines major changes as part of this release. The major enhancement will be bundled for Gutenberg Editor including new blocks, keyboard shortcuts, etc.
WordPress 5.4 will introduce the new social icon block and button block. Social icon block will allow users to add the social media links with the logo of that social network. This is not compatible with the earlier version of social links block, so you may have to rework on the posts which are using social links block.
They have also introduced a new button block which will help in adding multiple buttons easily to a line. Many times I wanted to add multiple buttons to a post like an app download buttons from AppStore and Play Store. Earlier we need to add HTML to add an extra button but with this change, you should be able to do that easily.
There are other enhancements like default full-screen editing mode, Keyboard shortcuts, new shortcode addition like apply_shortcode which will be an alias for do_shortcode. You can check the complete list of changes at the official field guide for WordPress 5.4.
Google Mobile-First Indexing & Nofollow Hint Update
Google is ramping up its effort on the Mobile-first indexing and now they have finally announced that from Sep 2020 they will be moving to Mobile-first indexing for all websites.
According to Google, most of the websites in the search results are already good with mobile-first indexing and already been moved over. The remaining sites will be moved by Sep 2020.
So if your site is not ready for mobile-first indexing, it’s high time to act and enable the support for mobiles. This is an indication of the rise of smartphones and devices, the app economy. There are apps and games available for iOS or Android smartphone which makes it easy for users to look for any information. The best approach is to use responsive layouts which can automatically support any screen layout.
Google has also updated its policy for nofollow links. Till now they were not using them for crawling or indexing, from March 1st they will consider them as a hint to crawl or index. So you might see some changes in terms of how your links are processed.
So spend some time and review your links. If there are links that you don’t want to be indexed, make sure they have noindex meta tags. Otherwise, Google might decide to follow them. For affiliate links, they are asking users to mark them as sponsored along with nofollow / noindex.
Google Search Console Changes
Google is also making changes in the search console to make it easy for the Webmasters to see the site performance. They have introduced a new report in the Search Console to show the performance of review snippets of your site. In the new report, you can check the valid review snippets which are available on your site and performance of the page.
Performance report in the Google Search Console adds a new filter for review snippets so you can see the performance of the snippets in the search results. If you have implemented the review snippets and not seeing the report in the Search Console, you can check the page with the Rich Result Test tool to check the valid schema markups.
These new enhancements and reports will help you improve your search rankings. You can better understand your listings and take action. Here is a Google official announcement of the feature.
Understand the site visibility to Google and take action accordingly. Don’t fall for SEO myths and make sure that your site has all the valid schema markups to display it correctly in the search results.
Is there something else you would like to listen about or like us to cover as part of this Blogging Monthly series, please write to email@example.com. If you have any tips for the news around blogging, you can send it to us on firstname.lastname@example.org. You can always follow us on Twitter or Facebook for the latest updates.