WordPress Continues to Take Over the Top 100 Blogs

Back in 2006 blogging was still in its infancy and I remember searching for a platform to launch my first blog.  TypePad and Blogger were both big at that time, WordPress.com was around and growing, and Moveable Type, Joomla, Drupal, and WordPress.org were also good options.  In fact there were so many good options that it was difficult to decide what foundation I would use for what I hoped to be my new job. 

For my first few months of blogging I actually went with TypePad, but quickly found that it was very limited and wasn’t a good fit for my needs. I went back to the drawing board at that point and knew I needed something that was flexible and was also going to be around for the long haul. At that time open source was really starting to take off in the mainstream and WordPress.org was leading that charge in the blogging niche, so I decided to align myself with the WordPress community and re-launched my first blog.  Between the WordPress plugins and both the free and premium WordPress themes available, I knew I had made the right choice and was able to quickly make a custom design with little work on my end. The flexibility and the excellent open source community was the key to creating a great experience for me, and many I talked to felt the same way. 

Fast forward 7 years and WordPress continues to meet my needs and validate my early decision. One report I use to determine this is released annually by Royal Pingdom, which has done a study of the Top 100 blogs each year since 2009 and recently published their 2013 report. This report shows WordPress continues to grow as the top choice among the most prominent blogs.  Initially back in 2009, WordPress was on 32% of the Top 100 blogs.  Last year it was up to 48%.  For 2013, WordPress is now on 52% of the Top 100 blogs, and I expect that percentage to continue to grow over the coming years thanks to its flexibility and the fact that it is very user friendly.

wordpress-top-100-blogs

According to Wikipedia, WordPress is used by over 14.7% of the top 1 million websites and manages over 22% of all new websites created as of August 2011, boasting a total of over 60 million websites.  Its hard to imagine what these numbers will look like next year or several years from now.


Google+ Comments for WordPress Plugin

google-plus-commentsFor many years now Facebook has had a very popular login feature and also offered the ability to easily integrate blog comments using your Facebook account. These options have proven to be very popular with all types of webmasters as they provide several convenient features and also help to discourage spammy or anonymous comments.

It always surprised me that Google wasn’t in this game, but the introduction of Google+ seems to offer Google the ability to offer these features to webmasters and be the ones collecting this information.  According to reports, apps that support Google’s login are now getting favorable search treatment and Google is starting to really push this feature.  Then last month, Google announced that Google+ comment integration is now available for Blogger users. So, what about WordPress users?

Not long after the Blogger integration was announced, the necessary code was discovered to do this manually using the following code:

HTML:

<script src="https://apis.google.com/js/plusone.js">
</script>
<g:comments
    href="[URL]"
    width="642"
    first_party_property="BLOGGER"
    view_type="FILTERED_POSTMOD">
</g:comments>

Valid HTML5 version:

<script src="https://apis.google.com/js/plusone.js">
</script>
<div
    data-href="[URL]"
    data-width="642"
    data-first_party_property="BLOGGER"
    data-view_type="FILTERED_POSTMOD">
</div>

Comments counter HTML (replaces < g:comments >):

<g:commentcount href="[URL]"></g:commentcount>

Valid HTML5 version (replaces < div >):

<div data-href="[URL]"></div>

Replace ‘[URL]’ with the URL of your web page and fit the ‘width’.

Link your web page to your Google+ profile to verify authorship.

Dynamic Google+ Comments HTML:

<div id="comments"></div>
<script>
gapi.comments.render('comments', {
    href: window.location,
    width: '624',
    first_party_property: 'BLOGGER',
    view_type: 'FILTERED_POSTMOD'
});
</script>

Google+ Comments Counter:

<div id="commentscounter"></div>
<script>
gapi.commentcount.render('commentscounter', {
    href: window.location
});
</script>

Google+ Comments for WordPress Plugin

Fortunately, the WordPress community has already come through with an easier solution, the Google+ Comments for WordPress plugin. This plugin makes the comment section tabbed by seamlessly adding tabs for Google+ Comments, Facebook, Disqus, WordPress Comments, and Trackbacks. Early reviews are promising and I manage this plugin will continue to evolve over time.

If you decide to give this plugin on your website leave us a comment and let us know how the setup went.


PSA: Massive Botnet Attacks on WordPress Installations

Over the past 24 hours it has come to our attention that a large network of over 90,000 IP addresses have ramped up their use of a brute force attack to target WordPress blog installations. According to several published reports, the botnet is attempting to gain access to WordPress installations by using the default Admin user name and trying multiple passwords. By default, WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.

Popular hosting providers CloudFlare and HostGator are reporting that the scale of the current attack is much larger than what they typically experience, with some reports claiming that they are blocking 60 million requests per hour during peak times. After reviewing our logs we’ve already noticed several failed login attempts using the username Admin.

What can I do to protect my WordPress installation(s)?

  1. If your username is currently set as Admin, change it to something custom. The easiest way is probably by using something like the Better WP Security WordPress plugin.
  2. Change/strengthen your password. Your password should include capital letters and symbols (%+!#)
  3. Install a plugin to limit login requests.  We use the appropriately titled Limit Login Attempts WordPress plugin, but there are several other plugins with similar functionality.

Once that is done, sit back and hope for the best!

Update: HostGator has provided additional tips.


5 Common Mistakes When Backing Up WordPress

As a leading Content Management System for managing websites and especially for writing blogs, WordPress makes it extremely easy to back up your valuable content from the database and site files. There are a number of tools you can use that make life easy on website owners and bloggers, but don’t let the simplicity of backing up WordPress leave you with an inadequate back up plan. In fact, there are plenty of back up tools out there that don’t get the job done well enough. Here are five back up mistakes to avoid:

Only Backing up Your Posts

Your website has a lot more going on than just the posts on your blog. While losing your posts would be catastrophic, don’t forget that a true back up will include your pages, theme modifications, and WordPress plugins. These elements of your website make it functional, and losing them will be a major setback for your time.

A tool like Backup Buddy is designed to store all of your site’s information and to restore it all at once should any kind of loss occur. This means you won’t lose page views, advertising revenue, or potential customers when your site goes down. It will be up and running in no time.

Not Backing Up Frequently

If you only backup your website on a weekly basis, but you average about one post per day, you could cause yourself some major headaches if your blog goes down and you lose several blog posts. That means any inbound links, comments, or social media shares to those posts will land on your 404 page. While this may be a temporary setback, you will plant a seed of doubt in the minds of potential visitors about the quality and reliability of your website.

Relying on Manual Backups

There are plenty of online storage options from Amazon’s Cloud Drive to Dropbox, but managing the website backup process on your own is difficult to maintain for the long haul and can take up valuable time. Even if you’ve figured out a quick way to back up your website, it’s one more thing on your to do list that could be easily automated.

Backing Up Your Blog on Your Computer

If a hacker can access your website, there’s a good chance he may have already gotten into your computer and other files as well (For more about further protection from hackers, look at the services Passbook hast to offer). In addition, there’s no telling if the files on your computer have been corrupted with a virus when it’s time to restore your site. You could very well be uploading files with the same problems that took your site down in the first place. While you can use a service like Filezilla to back up your site on your own computer, it’s far safer to rely on an online backup site.

Never Testing Your Backups

A backup of your website is a safety net that will catch you when the worst case scenario happens on your website. However, what good is a safety net if it has a hole in it? By testing your backed up files, you’ll learn whether your website backup plan is adequate to meet your needs in a website emergency situation. Make sure you have the files you need in a format that you can easily access and restore to your site.

Your website has information that is far too valuable to leave your back up files in a state of uncertainty. If you don’t know about the security, scope, and viability of your website backups, it’s time to look into a reliable, automated WordPress back up option or to carefully test which back up plugin is right for you.


How Using Too Many WordPress Plugins Can Kill Your Website

There are many thousands of WordPress plugins you can use for free, and there are also more you can buy for different purposes. According to WP Beginner, as of September 2012 there were more than 21,000 free plugins in the WordPress plugins repository! The question is; do you have to use all of them? You have probably seen a sidebar of a blog with a mile long list of awards and a multitude of links to other pages. Some people go as far as including hundreds of flashy widgets. If you are thinking of using several plugins, you should first learn why using too many of them will impact negatively on your readership.

They May Slow Down Your Website

This is, perhaps, the most annoying feature of using too many WordPress plugins. This slow down occurs because every plugin you use sends a server request when each of your readers loads the site. Imagine the effect of having fifty plugins when ten users are on your site. What about a hundred plugins with a thousand users? Do you really want your site to be that slow?

Some WordPress Plugins are not Secure

Just because a plugin works well does not mean that it is secure. Some plugins, especially the free ones, can be exploited by hackers who can then hack into your site. For example, users of some plugins such as WP Total Cache and WPTouch have been asked in the past to update their passwords after it was realized they were not secure. Since it is not always easy to know upfront which plugin is safe and which one is not, you will be doing a great deal of service to your site by installing only the minimum number necessary.

[Continue Reading…]