Site: US UK AU |
Nexcess Blog

Take Control Of Your WordPress Writing Experience With These Applications

March 13, 2018 0 Comments RSS Feed

WordPress’s builtin editor has improved enormously in recent versions: it’s a genuine pleasure to write in WordPress, which is not something I’d have been able to say with a straight face a few years ago.

But, as someone who spends most of my day writing, I prefer to use a text editor native to my operating system. Having my writing as Markdown files on my device allows me to automate some mundane writing tasks and organize my work in a way that makes sense to me. Read more

Posted in: Nexcess, WordPress

What Caused Your Site’s Search Rank To Crash?

March 12, 2018 0 Comments RSS Feed

I don’t encourage site owners to spend their time obsessively scrutinizing search rankings: there are more positive ways to increase traffic to your site. Nevertheless, a drop in search position can have a substantial impact on the number of visitors your site receives, and hence on revenue.

Every site is different, and there’s no one-size-fits-all solution to the problem of declining search position, but, in my experience, these are the five areas that you should focus on if your site has recently tanked in the SERPs. Read more

Posted in: General

Do eCommerce Retailers Need Native Mobile Applications

March 9, 2018 0 Comments RSS Feed

Once upon a time, building a website that provided a responsive and intuitive eCommerce experience was next to impossible for all but the simplest stores. Today’s web is different. Many of us use desktop-class applications in our browsers every day. Browsers are faster than ever before, especially where JavaScript is concerned, and the web platform itself benefits from improved client and server side technology and developer-friendly frameworks. Read more

Posted in: eCommerce

How Do You Encourage eCommerce Shoppers to Leave Positive Reviews?

March 8, 2018 0 Comments RSS Feed

Social proof is a vital part of eCommerce conversion rate optimization. Unlike in brick-and-mortar stores, customers can’t inspect products in person. Shoppers can’t know for sure that they’ll get what they expect. Social proof, in the form of positive reviews, lets customers know that other people were happy with their purchase.

But few shoppers leave positive reviews — and why would they? Taking the time to write a positive review does nothing for the customer. They already have the product they paid for and they have nothing to gain from reviewing it. Read more

Posted in: eCommerce

Using Docker to Build Local WordPress Development Environments

March 7, 2018 0 Comments RSS Feed

Over the years, we’ve looked at several different systems for setting up local development environments, from applications like MAMP to a Varying Vagrant Vagrants workflow. I’m always looking for the most efficient way to create new WordPress instances, both for development and because I need an easily replicable WordPress environment for testing plugins and updates I want to write about. Read more

Posted in: WordPress

Magento Releases Important Security Fixes And Feature Enhancements

Towards the end of last month, Magento released a number of updates that contain patches for security vulnerabilities in Magento 2. Magento eCommerce merchants should install the security updates at their earliest convenience. The patches fix cross-site scripting vulnerabilities and remote code execution vulnerabilities that could be used by an attacker steal sensitive data or target the store and its customers with further attacks. Read more

Posted in: Nexcess

How to Provide Secure Access to Your WordPress Site

March 6, 2018 0 Comments RSS Feed

WordPress site owners sometimes need to give a third-party access to their site. Once a site grows beyond a certain size, it’s impossible for one person to do all the work, even if they have the necessary skills. Bringing a professional on-board is a smart move.

But giving someone that don’t know well access to your site is a daunting proposition. It’s unlikely they will turn out to be malicious, but incompetence and carelessness cause just as many problems. No one wants to have their site hacked because a contractor used an insecure password or because a developer wasn’t as careful as they should have been.

Site owners should follow one simple rule when giving third-parties access to their site: provide the least access compatible with getting the job done. In the security world, this is called the Principle Of Least Privilege, and most of us intuitively understand its implications. When you pay a vendor, you don’t send them your bank details so they can withdraw any amount they want, hoping they’re honest: you send them a check or use a credit card that authorizes them to claim exactly the amount they’re entitled to.

What does that mean in the context of WordPress?

Granting Access To Your WordPress Site

WordPress provides a collection of user roles that determine the capabilities of a user account.

  • Administrators have complete control over the site. There is really no restriction on what an administrator can do.
  • Editors can publish and manage the posts of other users.
  • Authors can only manage and publish their own posts.
  • Contributors can upload posts, but they can’t publish them.

No one should be given administrator privileges on a site unless it’s absolutely essential. If a service provider needs admin access, they should not be given the authentication credentials of the site’s owner or other trusted users. An admin account should be created for their use and deleted once they no longer need it.

If you have contracted a writer and you want to check their work before it’s published, don’t give them an Author account because they don’t need access to the publication features.

Always give accounts the smallest amount of power you can.

Granting Access To Your Server

Occasionally, a developer or designer may need access to your server or hosting account. Once again, the Principle of Least Privilege applies.

Firstly, and most importantly, never provide root access to your server to someone you don’t absolutely trust. In fact, it’s better to give no one root access and to disable root logins.

If you can, you should do any work that requires privileged access to your server. If a designer asks for access to upload some files, you or someone you trust should upload them if it is at all feasible.

If not, create an FTP or database account for them, and then delete the account when they no longer require access.

If a developer or designer is likely to use FTP over an insecure connection, use a secure VPN to ensure that the data can’t be intercepted.

If you rigorously adhere to the Principle Of Least Privilege, you will be able to give vendors and service providers the access they need without putting the security of your WordPress site at risk.

Posted in: WordPress