How to Add Random Header Images to Your WordPress Blog

Do you want to add random header images to your WordPress blog? Most WordPress themes come with built-in support to add header images. These images can completely change your site’s look and feel. In this article, we will show you to how to add random header images to your WordPress blog without writing any code.

How to add random header images in WordPress

Most free and premium WordPress themes come with custom header support. Custom headers in WordPress are a theme feature which allows WordPress themes to designate a header area showing an image.

Header image in WordPress

Custom header is different than background image feature which allows you to set a cutom background image on your WordPress site.

Having said that let’s take a look at how to add random header images to your WordPress blog.

Method 1. Random Header Images Using WordPress Theme Customizer

This method is easier and is recommended for most WordPress users.

You need to head over to Appearance » Customize page to launch WordPress theme customizer.

Changing header image in WordPress

Next, you need to click on ‘Header’ tab to expand it. The header option can also be labeled as header image or header media in your theme.

You will see your site’s current header image, and any other header images available to use.

You need to click on the ‘Add image’ button to upload the images you want to use as header images.

Once you have uploaded a few images, they will appear under recently uploaded images.

Randomize header image

Now you need to click on ‘Randomize uploaded header’ button under recently uploaded images and then save your changes.

You can now visit your website and reload it to see header images change randomly.

Method 2. Add Custom Header Images on Select Pages Using Plugin

This method is more flexible and gives you more control on how to show different or random header images for WordPress posts, pages, category, or tag archives.

First thing you need to do is install and activate the WP Display Header plugin. For more details, see our step by step guide on how to install a WordPress plugin.

Upon activation, you need to edit a post or create a new one. You will notice a new meta box labeled ‘Header’ below the post editor.

Random header for single post and pages in WordPress

Here you can select a previously uploaded header image to your theme and use it as a header for this post. You can also check the ‘Random’ option to randomly display a background image from your uploaded header images.

If you want to add more header images, then head over to Appearance » Customize and click on the Header tab.

Add more header images

Next, you need to click on the ‘Add image’ button to upload more header images. You don’t need to change the header of your theme just upload the images and exit the customizer.

The plugin also allows you to change header image for your category and tag archive pages.

You will need to go to Posts » Categories page and then click on the Edit button below category you want to change.

Editing a category

On the category edit screen, you will notice the new header section where you can select a header image or show random header images.

Random or fixed header image for category archive page

Don’t forget to click on the ‘Update’ button to save your changes.

That’s all, we hope this article helped you learn how to easily add random header images to your WordPress blog. You may also want to see our guide on how to boost WordPress speed and performance.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Add Random Header Images to Your WordPress Blog appeared first on WPBeginner.

DigWP Site Redesign

After rocking our site's previous design for nearly four years, it was time for a refresh. Actually complete overhaul is more like it, a top-to-bottom restructuring and streamlining of

Going into the redesign, the goal was twofold: 1) visually keep things as focused and clean as possible, and 2) under the hood, unify everything and simplify down to an absolute minimum. As with any eight-year-old website with over 400 posts and integrated e-commerce system, there was an enormous amount of work required to get the job done.


Matt Mullenweg Responds to Security Rant: Digital Signatures for WordPress Updates Are Important but Not a Priority

Scott Arciszewski, Chief Development Officer for Paragon Initiative Enterprises, who is most widely known for his cryptography engineering work, published a post on Medium criticizing Matt Mullenweg, co-creator of the WordPress open-source software project, for not caring enough about security. Arciszewski has since retracted the post but you can read it via the Wayback Machine.

Arciszewski is working on a project known as libsodium, a core extension to PHP 7.2 which allows for encryption, decryption, signatures, password hashing and more. Its goal is to enable developers to build higher-level cryptographic tools.

WordPress’ automatic update system is handled through Since updates do not have a digital signature, if were compromised, attackers could send malicious updates to thousands or millions of sites. This scenario was at the forefront of people’s minds late last year after Wordfence published details of a complex security vulnerability that could have compromised the update servers.

Arciszewski suggests offline code signing and elliptic curve cryptography as solutions, “The key that can produce a valid signature for a file isn’t stored on the server (only the file itself and a valid signature are), so even if the server gets hacked, attackers can’t just add trojan horse malware to the file,” he said.

OpenSSL is an extension of PHP and is commonly used as public-key cryptography but it only supports RSA which Arciszewski deems inadequate. Since WordPress is written in PHP and supports versions 5.2-7+, Arciszewski needed to create a solution that was as compatible. This inspired him to create sodium_compat that adds Ed25519 signature verification to WordPress’ automatic updater.

Arciszewski submitted a number of patches to WordPress but was told by Dion Hulse, WordPress core developer, that the sodium_compat library could not be merged into core until it passed a security audit by a third-party. Audits can cost a lot of money so Arciszewski’s plan was to see if Automattic could take on some of the cost or crowd-source the funds. However, his project was put on hold after Mullenweg informed Hulse to stop working on the feature as it’s not related to the three core focus areas of the Editor, Customizer, and the REST API.

Arciszewski described the decision as irresponsible and that every user has a reason to be alarmed, “The WordPress team has shown that they are not responsible enough to govern their impressive ownership of the Internet (with the exception of some folks powerless to correct the organization’s course),” he said. “This act of negligence will put the rest of the web in harm’s way.”

Update Signing is Important but Not a Priority

Mullenweg responded to the post on with one of his own and reiterated the WordPress development team’s commitment to security.

“Everyone involved takes their responsibility very seriously, and the growth of WordPress has meant many thoughtful, hard-working people have gotten involved and think of the security of WP sites holistically, from every angle,” he said.

Mullenweg also clarified what attacks would be stopped by implementing digital signatures to WordPress updates.

“It could stop a man in the middle attack, where someone modifies the update files on the network in between your blog and, or it could stop a situation where the part of .org that serves the update is compromised but the signing part isn’t, and someone decided to send out updates even though they know they’ll be rejected,” he said.

The team is unaware of any WordPress sites that have been attacked this way. While the possibility exists, the extent of the damage would likely be limited. The update servers are monitored around the clock and since many large webhosting companies automatically scan their customer’s sites for malware, the malicious update would likely be discovered quickly.

Mullenweg describes what would happen if an update server was compromised.

“We would turn it off really quickly, notify the world there was an issue, fix the problem, turn it back on, and notify the specific sites or hosts as able,” he said. Although WordPress powers 27.5% of the top 10 million sites tracked by Alexa, it’s highly unlikely that number of sites would be compromised.

He goes on to say that there are easier ways to compromise a WordPress site and listed the biggest issues to WordPress security based on impact.

  1. Sites not updating core.
  2. Sites not updating plugins.
  3. Sites not updating themes.
  4. Weak passwords, without brute-force protection or two-factor authentication.
  5. Hosts (professional or ad-hoc) not scanning and fixing sites.
  6. Hypothetical issues not seen in practice, which distract from the above existing priorities.

Mullenweg confirms that he offered to donate to the audit of sodium_compat a day before Arciszewski published his post. Even if the library passed an audit, the code couldn’t immediately be added to core, “You would also need to do some significant work on the server-side to isolate the signing from the update server, so it’s worthwhile in the first place,” he said.

And if the code were added to core, only the sites that updated to the version that has the cryptographic library and the update checking would be able to take advantage of it. would still need to send updates to older versions that don’t have update checking. These sites would still be vulnerable to receiving a malicious update.

Mullenweg says that digital signatures and update signing will end up in WordPress eventually but it’s not a priority as there are other security issues in front of it, “We are prioritizing those issues above a nice-to-have, defense in-depth effort,” he said.

“A good approach would be to build the server-side first, because doing that properly, say with an HSM, is the difficult and important part; then get the packages signed; then test out verification in a plugin because we don’t want to break auto-updates; and then finally merge into core and set the client to reject non-signed updates. On the client side we need to pick a cryptography library, and get it audited.”

Mullenweg ended his post explaining why he published his response on Medium instead of his personal site. “Seems to be the most popular place for rants like this. I also wanted to try out the famous Medium editor,” he said.

What’s Next For sodium_compat

While the prospects don’t look good for his library being added to WordPress in 2017, Arciszewski says there are plenty of other PHP projects that could benefit from it, “For their sake, I’m still strongly inclined to pursue an independent third-party cryptography audit, and attempt to crowd-fund the cost,” he said.

How to Properly Switch From Wix to WordPress (Step by Step)

Looking to switch from Wix to WordPress? Wix is a drag-and-drop website builder that lets you create a simple website. However, many Wix users soon realize that their options are limited, and adding extra features can become quite expensive. If you want more features and flexibility without the high costs, then switching to self-hosted WordPress is the best choice. In this article, we will show you how to properly move from Wix to WordPress.

wix to wordpress migration

There are various ways to switch from Wix to WordPress. After reviewing all the methods for transferring your site from Wix to WordPress, we believe the easiest way is by importing your blog posts via RSS.

In this step by step guide, we will walk you through the process of transferring your Wix website to WordPress. Depending on how many pages you have on your Wix site, the migration can take up to an hour.

Here are the steps to migrate from Wix to WordPress:

  1. Sign up for WordPress web hosting
  2. Setup your new WordPress site
  3. Customize your site’s style and appearance
  4. Import your blog posts via RSS
  5. Convert your Wix pages to WordPress
  6. Create your main navigational menu
  7. Redirect Wix to WordPress

Ready to transfer Wix to WordPress? Let’s get started.

Step 1: Sign Up for WordPress Web Hosting

To start a WordPress blog, the first thing you’ll need is a web hosting account for your website. Web hosting is your website’s home on the internet. This is where all of your files and data is stored.

You will also need a domain name (such as This is your website’s address on the internet.

When you use Wix, they host your website for you which is also the reason why it’s quite limited. On the other hand, WordPress is a free software, so you’ll need a place to install it. That’s why you need to purchase web hosting and a domain name.

We highly recommend that you use Bluehost because they are an official recommended hosting provider. They have also agreed to give our users a free domain and over 60% off discount on web hosting (special Bluehost coupon for WPBeginner users).

→ Click here to Claim this Exclusive Bluehost offer ←

If you want to look at more options, then we have a list of the best WordPress hosting providers that you can choose from. Some other companies that we recommend are SiteGround and HostGator.

In this tutorial, we’ll use Bluehost for screenshot and examples.

If you’ve already registered a domain name with Wix, that’s no problem. When signing up with Bluehost, you can enter your existing domain under the “I have a domain name” option.

Enter your existing Wix domain name on the right

Later on in this guide, we’ll walk you through how to transfer your domain when your new WordPress site is ready.

Step 2: Setup Your New WordPress Site

After purchasing your new hosting plan, you’ll need to install WordPress. Bluehost offers an easy 1-click installation tool for WordPress inside the cPanel.

Simply login to your account and scroll down the website section where you will see the WordPress icon.

Install WordPress icon in Bluehost's cPanel dashboard

Click on the install WordPress button and follow the onscreen instructions. For detailed instructions, see our step by step tutorial on how to install WordPress.

Once you have installed WordPress, it’s a good idea to set your WordPress permalinks.

Your permalink settings will determine the address of each blog post. For example, instead of publishing a blog post to:

You can publish it to:

You can change your permalink settings by navigating to Settings » Permalinks in your WordPress dashboard. Once you have selected the structure you want, click on the Save Changes button at the bottom.

Set your WordPress permalinks before importing Wix

For more details about permalinks, you can check out our post on SEO-friendly URL structures in WordPress.

Step 3: Customize Your Site’s Design

Next, you can customize the appearance of your website. It’s easy to do that using WordPress themes. WordPress themes are used to define the appearance and display of a WordPress powered website, just like Wix templates.

There are hundreds of themes available for WordPress, both free and paid. Some themes are very basic and minimalist, while others will add lots of new features to your site.

As a WordPress beginner, you may want to start with a simple theme that’s easy to use. We have a list of recommended simple WordPress themes you can take a look at to get started.

Wondering how to decide on a theme? You can check out our article on selecting the perfect WordPress theme for tips and advice.

If you just want to get started quickly, we recommend Sydney, a very popular free multipurpose theme. There’s also a premium version available with more features called Sydney Pro.


Remember, you can easily change your theme in the future, so it’s important that you don’t spend too much time on this step. You can even use the default WordPress theme and start with the migration process. Because the most important part is moving all of your content from Wix to WordPress.

Step 4: Import Your Wix Blog Posts to WordPress

In this step, we’ll transfer your Wix blog posts over to your new WordPress site.

Wix is a closed platform, and they don’t provide an easy way for users to migrate their content away from Wix. But we can still automate the process by importing your Wix RSS feed, instead of recreating each blog post manually.

To get started, you’ll need to download your Wix RSS file.

You can locate the file by adding /feed.xml to your Wix website URL. If you don’t have a custom domain with Wix, then you can find your RSS feed at, where “username” is your Wix username and “blogname” is the name of your blog.

If you have a custom domain such as, then you can find your RSS feed at

After navigating to the proper URL, you should see a page full of code. Go ahead and right click anywhere on the page and click Save As to save the file in your computer.

Wix RSS feed

Now that you have your RSS file, you can log in to your WordPress dashboard and click on Tools » Import.

Next, click the Install Now link under the RSS heading.

wix to wordpress migration using RSS

After a few seconds, you’ll see a link at the top of the page to Run Importer. Go ahead and click the link.

Run the RSS importer to export wix to wordpress

Now click the Choose File button and select the feed.xml file you just saved to your computer. Then you can click the Upload file and import button.

Click the upload button to transfer wix to wordpress

If you have a lot of blog posts to import, then it may take a few moments to import them all. When it’s done, you’ll see a confirmation message.

Your Wix blog posts have been transferred to WordPress

To check on your blog posts and make sure they were exported from Wix correctly, you can navigate to Posts » All Posts and click View underneath each post.

View each post to double check your wix to wordpress migration for errors

At this point, the content of your blog posts has been transferred, but there’s one problem: any images in your post are still hosted with Wix.

You can see this for yourself if you edit a post and click on the Text tab to view the code.

blog post images are still hosted with Wix

Luckily, there’s an easy way to fix this and move your images over to WordPress. All you need to do is install and activate Import External Images plugin.

Plugins are like apps for WordPress that allow you to add new features. We have a step by step guide on how to install a WordPress plugin.

After installing and activating the plugin, you can navigate to Media » Import Images and click the Import Images Now button to get started.

import images from wix to wordpress

Depending on how many images you need to import, the process may take a few moments. When it’s finished, you’ll see a confirmation message that says “Import Complete.”

Step 5: Import Your Wix Pages to WordPress

After you have imported your blog post, next we’ll need to transfer your Wix pages over to your WordPress site.

Wix doesn’t provide any automated way to do this, so we’ll have to recreate each page in WordPress one by one.

First you can navigate to the Wix page you want to transfer to WordPress. Highlight all the content (except for the page title). Then you can right click and click on Copy.

Copying wix to wordpress

After that, you need to login to your WordPress dashboard and navigate to Pages » Add New to recreate the page. At the top of the page, you can type in the page title. Then you can right click and and click on Paste as plain text to recreate the content.

Paste content from Wix to WordPress

Using Paste as plain text instead of just Paste will keep any unnecessary junk code from cluttering up your site. But it also strips all the formatting. This means you’ll need to recreate any links, colors, and styles.

For help with styling your pages, you can check out our article on tips for mastering the WordPress visual editor.

When you’re finished styling your page, you can click the Publish button to publish your page on your new WordPress site.

Publish your new WordPress page

Now that you’ve converted all your content, it’s a good idea to carefully review your posts and pages to make sure everything is working right and looks the way it’s supposed to. If you have a lot of content, you might want to speed up the process by using Broken Link Checker to fix any broken links.

Step 6: Create Your Main Navigational Menu

Next you’ll want to make sure your visitors can easily navigate through your new website using your primary menu.

You can create a navigational menu by going to Appearance » Menus. Type in a name for your menu, and click one of the Create Menu buttons.

Creating the main menu in WordPress

Now you can select whichever pages you want to add to your main menu, and click the Add to Menu button. When you’ve added all the pages you want, click the blue Save Menu button on the right.

Adding pages to your WordPress menu

Now your menu has been created, but you still need to place it on your site. To do that, click the Manage Locations tab.

The locations shown will be different depending on your WordPress theme. In the default WordPress theme Twenty Seventeen, the Top Menu location is the main menu that displays at the top of the page. In other themes, it might be called a different name such as “Main Menu” or “Header Menu.”

To place your new menu in the Top Menu location, click the dropdown field and select the name of your menu. Then click the blue Save Changes button.

Adding the new menu to your site

Step 7: Redirect Wix to WordPress

Now your new WordPress site is complete, and you’re ready to let your readers know about your move.

It’s important to not only announce your move to your readers, but also set up proper redirection. You want any visitors to your old site to land on exactly the same page on the new site. This will also let search engines know that your old site has moved to a new location.

Note: You can only redirect users to your new WordPress site if you had a custom domain on Wix. Unfortunately, if you were using a wixsite subdomain, then you cannot redirect users to your WordPress site.

First you need to open a plain text editor like Notepad and paste this code:

var hashesarr = { 

for (var hash in hashesarr) {
    var patt = new RegExp(hash);
    if (window.location.hash.match(patt) !== null) {
        window.location.href = hashesarr[hash];

In this code we have added three example URLs in the following format:


The first part of the line looks for a string in the URL. This will be the URL your Wix users will be coming from. The second part in the line is the WordPress slug for the same page.

Unfortunately, you will have to manually add each URL in this format. Once you are finished, you need to save this file as redirects.js.

Now you need to upload this file to your WordPress theme’s /js/ directory using an FTP client.

If your theme does not have a /js/ directory, then you need to create one.

Now you need to edit your theme’s functions.php file and add this code at the bottom of the file:

function wpb_wixjs () { 
wp_enqueue_script( 'wixredirect', get_stylesheet_directory_uri() . '/js/redirects.js', array(), '1.0.0', true);
add_action('wp_enqueue_scripts', 'wpb_wixjs');

Don’t forget to save your changes.

That’s all, you can now try visiting a URL from your old Wix site to see the redirect in action.

Note: These redirects will not redirect search engines and are not very SEO friendly.

Lastly, don’t forget to inform your readers of your new address. You can do this by announcing your move on social media, writing a blog post about it, and sending out a notice to your email newsletter.

Step 8: Add Essential WordPress Plugins

WordPress plugins allow you to add more features to your site. Plugins work like Wix apps. There are hundreds of plugins available, free and paid. You can check out our archive of articles about the best WordPress plugins if you’re not sure where to start.

We have a list of the must have WordPress plugins for all websites.

We also have a list of all the plugins we use on WPBeginner in our blueprint that you can check out. Lastly, don’t forget to check out premium WordPress plugins built by WPBeginner team.

That’s it! We hope this tutorial helped you switch from Wix to WordPress without a lot of hassle. We would like to welcome you to the WordPress community. To get started with WordPress, please take a look at our beginner’s guide section and our WordPress beginner videos.

If you have a friend still using Wix, then you can show them your new WordPress site and our comparison on WordPress vs Wix and convince them to switch over.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Properly Switch From Wix to WordPress (Step by Step) appeared first on WPBeginner.

WordPress REST API Vulnerability is Being Actively Exploited, Hundreds of Thousands of Sites Defaced

photo credit: stevendepolo hypodermic needle IMG_7418(license)

At the end of January, WordPress 4.7.2 was released to fix four security issues, three of which were disclosed at the time of the release. These included a SQL injection vulnerability in WP_Query, a cross-site scripting (XSS) vulnerability in the posts list table, and the Press This feature allowing users without permission to assign taxonomy terms. The fourth and most critical issue, an unauthenticated privilege escalation vulnerability in a REST API endpoint, was fixed silently and disclosed a week after the release.

Contributors on the release opted to delay disclosure in order to mitigate the potential for mass exploitation, given that any site running 4.7 or 4.7.1 is at risk. This allowed time for users to update manually and for automatic updates to roll out.

“We believe transparency is in the public’s best interest,” WordPress Core Security Team Lead Aaron Campbell said. “It is our stance that security issues should always be disclosed. In this case, we intentionally delayed disclosing this issue by one week to ensure the safety of millions of additional WordPress sites.”

WordPress worked with Sucuri, the company that discovered the issue, along with other WAF vendors and hosting companies to add protections before the vulnerability was publicly disclosed.

The vulnerability has been public for less than a week and is now being actively exploited. Thousands of WordPress sites have been defaced with messages like “Hacked by NG689Skw” or “Hacked by w4l3XzY3” or similar. Googling for information about these particular hacks returns thousands of other hacked sites in the results.

Sucuri founder and CTO Daniel Cid said his team saw exploits in the wild less than 24 hours after the disclosure. The attacks are primarily simple defacements so far.

“There are some good bad guys updating the post excerpt with the message: ‘Update WordPress or you will be hacked,’ which is kind weird,” Cid said. “But overall we’re seeing just simple defacement attempts, using modified versions of the exploit that we shared publicly.”

Multiple Campaigns Have Defaced Hundreds of Thousands of WordPress Sites

Sucuri is monitoring multiple defacement campaigns, each with varying degrees of success. The company published an update on the active attacks as well as the IP addresses they are originating from.

“We are currently tracking four different hacking (defacement) groups doing mass scans and exploits attempts across the internet,” Cid said. “We see the same IP addresses and defacers hitting almost every one of our honeypots and network.”

One defacement campaign Sucuri is tracking already has more than 68,000 pages indexed on Google. After perusing the forums, the problem seems to have a much larger reach than Sucuri’s network has initially detected. For example, “Hacked by NG689Skw” returns approximately 200K indexed results. “Hacked By SA3D HaCk3D” returns more than 100K results. There are multiple permutations of this defacement in play on WordPress websites across the web. Not all results that share this same campaign structure are guaranteed to be associated with this vulnerability, but the few listed above were recent posts on the forum from users who failed to update to 4.7.2 in time.

“On our end, we are seeing a big growth on exploit attempts, specially for defacement,” Cid said. “But SPAM SEO is slowly growing too.”

Cid said the vulnerability allows attackers to inject content into a post or page by default, but defacement is the easy first step, along with SEO spam. If a site has a plugin like Insert PHP or PHP Code Widget installed, the vulnerability can lead to remote code execution. These two plugins have more than 300K combined active installs and there are others that perform similar functions.

“The core of the issue is people not updating,” Cid said. “Even with auto and simple updates, people still do not update their sites.”

Needless to say, if you haven’t updated to 4.7.2 and your site is running 4.7.0 or 4.7.1, you are at risk for content injection. For most sites that have been defaced, the simplest solution is to update to the latest version of WordPress and rollback the defaced post(s) to a revision.

Content Creation Is About More Than an Editor

Reid Peifer
Reid Peifer

This is a guest post written by Reid Peifer, Partner and Art Director at Modern Tribe. In this post, Peifer shares his experience, opinions, and things to consider as the content creation experience in WordPress is revamped.

Let’s imagine a world where the tools that we have don’t limit us, but instead enable us to create unique, contextual, and thoughtful content. We don’t fight with them, we don’t quibble over line breaks and margins.

We don’t argue about whether or not two images should line up. We’re not limited to bold, italic, underline, and bullet points to express our ideas. We’re not limited to taxonomies for our organization and obtuse relational algorithms to determine complementary content.

This is the reality that we should have. Content management should be more than TinyMCE and meta boxes. While WordPress has continued to grow into a mature platform, the focus on what should be its core mission has taken a second seat.

We (the WordPress community at large) have gotten so excited about making WordPress awesome, we lost sight of our charge – to enable WordPress to make awesome things. To democratize publishing. To get the stories out of people’s heads and hearts and out to the world.

We forgot about content. Without content, WordPress and all its bits and bobs amount to much ado about nothing. While it’s true that WordPress has grown to an almost unimaginable scale, the content it creates today isn’t going to support the needs of tomorrow’s web.

I couldn’t make it to WordCamp US, but I’ll admit that I sat slack-jawed with joy listening to the video calling for a focus on the editor in 2017.

The initial discussions happening on and within slack are incredibly encouraging. The community has taken this charge and is moving forward with a passion that reflects the importance of the task at hand.

While I absolutely applaud their effort, and think the conversation thus far has been valuable – it immediately went to the editor itself. What makes a good editor? The discussion is focused on the UI, what format the data should be stored in, should shortcodes be used etc. All good questions, but if we answer them first – we limit the scope of our inquiry.

The first question should be ‘what makes good content’? What is ‘content’? Does content only live on the post or the page? What are its essential elements? How do those elements interact and relate to each other? What’s the life cycle of content? Where and how does it surface throughout the site? Does content behave differently in different scenarios or positions?

If we start with these questions, their answers become our objectives for the UI. The question ‘what makes a good editor’ has a clear answer – one that makes achieving these goals delightful and effortless.

The Need for a More Robust Content Creation Tool Is Not New

Years ago, when ‘magazine layout’ was the new hot thing, we had the privilege of working with some large publications. In our design discovery, we learned how they thought about the presentation of their content, how layouts would change based on the content they were presenting that day.

The rigid templates of the web that we were used to building couldn’t possibly meet the strategy that they had employed for ages in print. The sports, business, and lifestyle sections all needed to be able to leverage different layouts and presentation depending on their immediate needs.

They needed to change day after day. We were going to toss out what we knew about building sites in WordPress. We were going to have to ditch the template hierarchy and start from scratch. The taxonomy term page in the admin wasn’t going to cut it.

Meanwhile, ‘art directed’ or ‘editorial posts’ became a thing. Folks like Jason Santa Maria and Trent Walton were pumping out beautiful, bespoke articles rich in editorial design. I’ve never been more excited about the web’s potential than when I saw those first Jason Santa Maria articles – I’m a sucker for good content design.

At some point shortly thereafter the NY Times published Snowfall, and everyone we talked to needed ‘long form’ (even if they had no idea why or what that could mean). I ran my own experiments trying to recreate that functionality in WordPress – at the time that meant full markup and a reams of custom CSS all cooked into the WYSIWYG. Beautiful output, crappy experience.

These are two really common (and old) examples of how the content needs more than the tool can offer.

We toiled away at these challenges over the years and have solved them for our particular use cases. Every project pushes our own solutions forward. Here’s some of what we learned.

(So we’re all talking in the same terms, below when I reference Content Creation I mean the act of creating a new piece of content. When I reference content management, I mean both the content model, and the organization and presentation of content throughout the site.)

We Should Learn From Modular Development & Atomic Design

We should be applying modular development and atomic design principles to both content creation and content management.

Atomic Design Principle by Brad Frost
Atomic Design Principle as Explained by Brad Frost

We’ve adopted a modular and systematic thinking to our coding practices, breaking once monolithic templates into smaller reusable parts. We’ve applied design systems thinking and atomic approaches to our UI/UX and visual design work.

Small pieces come together to create components, which come together to create pages which come together to create full experiences. It’s the LEGO blocks school of design and build. This is a refrain that many of us know well.

Extending That Philosophy to Content Creation and Management

While we’ve embraced this idea of systemic thinking in how we design and the infrastructure of what we build – we haven’t gotten to thinking about how to approach content creation and content management (content strategy) in a similarly modular fashion.

This is primarily because our tools won’t let us apply modular thinking to content creation and management. CMSs, including WordPress, are generally limited to predefined structures and organizational models.

The role of templating in the overall CMS architecture limits the flexibility of our content creators. Today, content strategy occurs before, and then is at the mercy of development. In a better world, our content strategy could use design and development to grow, adapt, and change over time gracefully. Our publishing tools could become the method by which our ongoing content strategy evolves.

Modular Content Creation

Let’s think about the idea of content on the web. Much of what we see on the web today is a logical baby step forward from print. Titles and headlines, paragraphs of copy, images, pull quotes. Those pieces are a 1:1 analog. Because it’s a digital medium, and we’re oh so clever, we’ve included videos, image galleries, those dang carousels, and whatnots as well.

For most of you, those elements are plopped onto a webpage using a WYSIWYG editor. You fight with TinyMCE for supremacy. Perhaps your theme or plugin has dedicated meta boxes for special elements. There may be a slide show or gallery at the top of the page.

When we look at most executions of content on the web, they are in fact less interesting, less engaging, and less beautiful than what our print counterparts have been doing for ages (and I mean literal ages).

We have all of the advantages but fail at creating anything more interesting than a preformatted spew of content. Our insistence that content and presentation need to be separate is an overstep – they are related at their very core. Was there an earth shattering news story yesterday? Too bad, you get the same 400px featured image slot that every other story gets.

I refuse to believe this is the best we can do.

TinyMCE is not the pinnacle of content creation tools.

The platform that can figure out how to make content creation engaging and powerful is the platform that is going to continue to grow. While Calypso is an interesting engineering feat and is a helpful model for future development, it did little to push forward what it actually means to create content within the WordPress framework.

Trying to fight this out in a single WYSIWYG sucks

Our content creation tools should allow us to approach content creation the same way that we think about design. What are the atomic elements of my content strategy? How can I remix, reassemble, and work with those elements to create interesting content?

It must be systemic. All of the elements and components must work as part of an overall structure and strategy to form a coherent whole. Just like our design work, and our development work. Our strategy, design, and development process is focused on identifying and creating patterns.

Throughout the content strategy and design portion of the project, we’re focused on identifying what those patterns are at their very core; how do we break them down into their smallest parts? Then, through design and development, we start putting those pieces together in a way that supports internal objectives and end-user objectives.

  • Elements – the simplest unit. Strings of text, single images, videos, a form input field or button
  • Components or blocks – groupings of elements that form a cohesive unit
  • Modules – groupings of complementary components to for a larger whole
  • Pages (or posts, or CPTS or whatever) – groupings of modules to form a complete piece of content

To push WordPress’ content creation tools forward, we must look at what those elements, components, and modules could be, how they relate to each other. Are they created on the fly, are they opinionated or flexible. Then how do we create them. How do they relate to themes and data sanctity. And on and on.

Modular Content Management (modular content strategy)

While there are enough visual references to start to imagine what a modular content creation tool looks like, modular content management is a bit tougher to visualize so hang with me.

Within modern CMSs we’ve got a couple of tools at our disposal. Tags and categories, coupled with parent / child relationships, are the primary organization structures cooked into WordPress. Of course those can be extended to include any number of taxonomical structures imaginable.

Tools like Post to Posts (P2P) provide and create an interesting peer-to-peer layer allowing you to create 1:1, 1:many, or many:many relationships.

That’s pretty much it. The mechanics of relationships are defined and subject to code. I can assign content into those defined buckets. I have fixed templates that display those buckets in predetermined ways. If I want to vary from that, if I want to create relationships and remix content as a content manager or a content creator, I’m outta luck.

Think about the category term screen within WordPress. What sort of content management tools do you have at your disposal there? What can you do? What can you manage? Not much at all. Look back over the history of WordPress releases – when has that screen changed?

We are not living up to our potential if we stop at a taxonomical organization as the be-all-end-all of content management.

The Loop is one of the central concepts of WordPress content management. While it is incredibly powerful and key to understanding how to think about your content, it’s the beginning, not the end, of content management. We cannot stop at the ‘list’ as the pinnacle of our content strategy.

Needs Change Over Time

We do a lot of work for universities and schools. Each and every one has a category landing page dedicated to current students. Throughout the year, they want to gather and surface all kinds of different elements, pieces of content, and tools for those students.

In WordPress terms, we’ve got pages, blog posts, events, tools, resources, key dates, applications and files, on top of video galleries and who knows what other CPTs your content strategy has formed.

The needs of those students change through the year – welcome materials in the fall, midterm information in the winter, job support and internship programs in the spring. If our university friends were tied to templates where those needs were articulated in code, they’d need to go back under the hood to update their content strategy and approach it at least quarterly.

Relationships Should Be Richer Than Taxonomy Terms

Real content management would enable content creators to package and present the things they’ve made in thoughtful and unique ways–where the relationships and connections have value beyond each individual piece. Together they become a cohesive whole. That’s a content strategy that’s worth a damn. If you can’t do that, your content strategy is really just a thoughtful list of categories and tags.

Our content management tools should enable and empower you to gather your content and present it how you need to. You shouldn’t be limited solely by lists and algorithms. We want our clients to be able to create unique cross-sections of content where they need, not where they happen to have pre-baked templates that allow them do so.

An example to help visualize: Sticking with our college student, imagine the registrar publishes a deadline for financial aid application. The residential life department has updated forms for getting a spot in the dorms.

The student life department publishes a list of events for new students to meet each other. Each piece of content lives in its own silo in disparate places on the university website. Now imagine you’re in the communications department, and you’ve been charged with ensuring that new students get the information they need.

Do you A: manually type excerpts to those pieces of content in a sidebar widget, hardcode some links trying to apply a specific class that makes the links look like buttons but you can’t remember if it’s .btn_round or .btnround or .round_btn_blue_large, and pray it stays in the same place OR B: create a ‘Key Info for New Students’ module by referencing each piece of content dynamically and dragging it at the top of the homepage displacing the out of date commencement gallery that you forgot to take down last spring?

Old school is option A. New School option B (and it’s not the cool old school, it’s the lame frustrating old school).

The Way Forward Is Modular

If you’re new the concept of atomic design, read this piece by Brad Frost first. If you want to see how we solved some of these problems specifically – there’s a couple of WordPress.TV talks where I harp on this stuff here and here.

We’ve got to strive for more than just an updated WYSIWYG editor. We’ve got to aspire to a bigger and broader understanding of what content is and could be. When we’ve got that vision, we’ll be able to build tools to help realize it.

WP Super Cache 1.4.9

There’s a new release of WP Super Cache out and it’s a security release to fix XSS problems in the settings pages. Those pages are only accessible by admin users so an anonymous visitor to your site can’t come along and enable it to steal your login cookies but along with those fixes come many bug fixes so it’s worth upgrading if you’re using an old version.

From the Changelog:

  • Fixed bug when not running sem_remove after sem_release. See
  • Fixed a PHP error impacting PHP 7.1.
  • Fixed a bug where we cached PUT and DELETE requests. We’re treating them like POST requests now.
  • Delete supercache cache files, even when supercache is disabled, because mod_rewrite rules might still be active.
  • Updated the settings page, moving things around. #173
  • Make file locking less attractive on the settings page and fixed the WPSC_DISABLE_LOCKING constant so it really disables file locking even if the user has enabled it already.
  • Added a WPSC_REMOVE_SEMAPHORE constant that must be defined if sem_remove() is to be used as it may cause problems. #174
  • Added a “wpsc_delete_related_pages_on_edit” filter that on returning 0 will disable deletion of pages outside of page being edited. #175
  • Fixed plugin deleting all cached pages when a site had a static homepage. #175
  • Make sure $cache_path has a trailing slash #177
  • Remove flush() #127 but also check if headers are empty and flush and get headers again. #179
  • Add fix for customizer #161 and don’t cache PUT AND DELETE requests #178
  • Check for superglobals before using them. #131

You can click through to each of the Github pull requests above to see discussion around each bug fix.

If you’re hosting many sites that use WP Super Cache and you’re seeing issues with semaphores it may mean that your users are using file locking. It’s really not needed and in #174 there’s a fix that went into this release. You can disable file locking completely by setting the constant “WPSC_DISABLE_LOCKING” in a global configuration file. The file locking simply slowed down how fast cache files were created and is a hold-over from WP Cache when that plugin used to write directly to the cache files. This plugin writes to temporary files before moving to the final cache files so that locking isn’t really needed, but some sites still use it which is why it’s still around.

I’ve already been working on the next release with efforts to move the legacy cache files into the supercache directories. This will make it easier to maintain them and improve performance. We really need to find a better name for this caching method however. It caches everything – page contents and http headers so it’s quite useful!
If you’re going to test that PR, try #176 too. The plugin only deletes index.html type files right now but this chunk of code cleans up various for loops in the plugin and also deletes any file in the named directory. There are some restrictions on it so it won’t delete anything outside the cache directory.

Thanks to everyone who contributed to this release!

Related Posts

Talking WordPress Retainers and Selling to SMEs With Curtis McHale

My friend Curtis has been innovating in the sales and marketing space for WordPress consulting for years, and he’s literally just started selling his latest book “Finding and Marketing To your Niche“.

His content is top-notch and I’ve personally been following his blog closely for quite some time now.

That said, we’ve been talking with Curtis on business and marketing strategies, and I joined his podcast “The Smart Business Show” in order to share more nuggets from our own philosophy at DevriX and what drives us to focus exclusively on ongoing retainers. For us, implementation wasn’t really the problem; it was understanding that retainers are the best option for both customers, and service providers, and simply discarding any fixed-fee opportunity as a viable option.

The show is less than 20min long and you can watch the full version here. Don’t hesitate to ask follow-up questions here in the comments area and I can reiterate on certain areas that we haven’t covered in the podcast.

The post Talking WordPress Retainers and Selling to SMEs With Curtis McHale appeared first on Mario Peshev on WordPress Development.

Tips for your local SEO content strategy

If you own a local business, you want to dominate the local search results of your niche. But how do you write content that’ll pop up in those local search results? On what aspects should you focus? In this post, I’ll give tips you can use in order to set up your very own local SEO content strategy.

Local SEO is for local businesses

When you’re aiming to rank for local search results, you want people in a specific neighborhood, village or town to find and visit your website. In most cases, your goal is not to sell directly through your website. Instead, your website probably invites people to come to your store, to your practice or to hire you for your skills. Websites focusing on a local audience are different from those focusing on a national or global audience. In most cases, when visitors are interested in your services, you’ll have a face-to-face interaction with them. Your competitors are the other local entrepreneurs in your specific niche. Perhaps you actually know your competitors.

Keyword research

Which local queries do your audience use when searching for your type of business? You should get inside the heads of your audience and figure out what they’re searching for. For most local search queries, people will actually use the name of the town or village when searching for something. For instance, they’ll type in [hairdresser Amsterdam] or [therapist New Hampshire]. But even if people do not use a local term in their search query, Google will probably recognize their query as a local search intent. Searching for [dentist] in my hometown Wijchen will give me similar (but not identical) results as searching for [dentist Wijchen]. Google will give search results based on your location, if they recognize a query as a local search intent. This also counts for near me searches.

Keyword research can be hard. But since you, as a local entrepreneur, regularly meet with your audience, you have a big advantage. Ask them about their search behavior! Ask your favorite customers what they were searching for when they first visited your website. Or what they would be searching for if they’d be looking for your type of business. That’s valuable information. Don’t stop there, though! Think about other search terms as well (as you might be missing out on an audience).

Read more: ‘Ultimate guide to keyword research’ »

Write ‘local’ headlines

Make sure that the snippet of your web page that Google shows in the search results is optimized for local SEO. You want to do that because Google will know you’re focusing on a local audience, but you also want to do that because your audience will recognize you as a local business.

Your audience is searching for that hairdresser nearby, the bakery around the corner, or that carpenter that’ll come to their house. They’ll click on those results that indicate that they are situated in their proximity. That’s important for local search. Make sure your snippet is clear about where your business is. Make sure the title of your posts and pages is clear about that. Use the Yoast SEO snippet preview to see what your snippet will (probably) look like in the search results.

Make an awesome first impression

Once you’ve convinced people to click on your snippet in the search results, you should convince them to stay on your website (and to not click away). A high bounce rate will eventually result in lower rankings, so you want to make an awesome first impression. When you’re a therapist, a doctor, a hairdresser or a carpenter, you basically have to sell yourself. People want to know who they are dealing with. A good picture is key in making a strong first impression. Your website should reflect your business. If you have a practice or a physical shop, make sure to publish some high quality optimized photos of your business – and perhaps your employees – on your website. Videos are also a great way to present your business to the audience.

Write about your business!

To rank in the local search results, you want to write content related to your local business. A blog is a great content strategy, also for local SEO. Write about what you know! If you’re a carpenter, you should write about your projects. If you’re a dentist, you should write about the most common problems concerning teeth. If you’re a florist, write about your beautiful bouquets! Write about your customers too! If people are exceptionally satisfied, they should surely be able to leave a review on your website. But perhaps their story could also be told in a blog post. Writing about local events is also a great content strategy for local SEO.

In any local SEO content strategy, you should make sure that your blog posts relate to your local community. And of course, optimize your post for the keywords you came up with in your keyword research.

Keep reading: ‘5 tips to get inspiration for your blog’ »


Facebook should definitely be part of your local SEO content strategy. People connect with others from all over the world but are most prone to connect with people in close proximity. We interact most with people we also see in real life. If you have a local business, you can benefit from this.

Make sure to keep your local audience informed with lots of Facebook posts. If you can write about your customers (of course check with them first!) that’ll increase chances your audience will share and engage with your posts.

Advertising on Facebook could also be truly profitable. You can narrow down your advertisements to a specific (local) audience. That could be a great method, as costs for local advertisements on Facebook aren’t very high.

Read on: ‘How to optimize your Facebook reach’ »

And: the Yoast Local SEO plugin

Last, but not least: the Yoast Local SEO plugin makes implementing your SEO strategy easier. The local SEO plugin covers all kinds of technical things, like for local business, you need to be doing in order to rank in the local search results. On top of that, it will help you set up excellent local landing pages, and will allow you to add functionalities you’ll need as a local business, like a store locator, to your website.

Read more: ‘Improve your small business SEO today!’ »

WordPress Telemetry Proposal Addresses Long-Standing Privacy Concerns as GDPR Compliance Deadline Looms

At the end of October 2016, Morten Rand-Hendriksen created a proposal on WordPress trac for adding telemetry to core, an opt-in feature that would collect anonymized data on how people are using the software. He proposed that the new feature be displayed on first install or update, disabled by default in the admin with a control available under Settings->General. One option he suggests is shipping it as a plugin that auto-installs on opt-in and auto-uninstalls on opt-out. He also identified a few examples of core data that could be tracked, including number of themes and plugins installed, frequency of use of specific views (Settings, Customizer, etc), current version, update status, locale, and language.

“WordPress prides itself on being an application built by the user for the user,” Rand-Hendriksen said. “The problem is with the popularity and reach of WordPress today, the distance between the WordPress 1% (or even .1%) and the average user is becoming so vast we (the people who contribute to WordPress core) know almost nothing about the actual people who use WordPress or how they use the application.”

During the WordPress 4.7 development cycle, Rand-Hendriksen said he was involved in several conversations where participants assumed the use of features without any data to back up their opinions. He contends that WordPress contributors do not have the necessary data to know how users are interacting with the application and its features.

“The general argument was that based on the 80/20 rule, certain features should be added while others should be removed,” Rand-Hendriksen said. “I kept brining up the well known fact we don’t have a clue what features 80%, or even 20%, of WordPress users actually use so any claim of validity in the 80/20 rule is guesswork at best.”

His proposal states that all the data collected should be public for transparency and also made available to end-users in the admin and on

The idea has had a few months to marinate and has generated some discussion about what a prototype would entail. Core committer Ella Van Dorpe created an experimental wp-data standalone plugin for tracking a few simple interactions with the editor. Participants in the discussion recommended creating an Elasticsearch/Logstash setup for storing the data, technologies that the systems team have deployed before.

“I think a good summary is that there are a lot of hurdles in the way and currently no one has time to work on it,” Greg Brown, a Data Wrangler at Automattic, said in a followup discussion on the ticket three weeks ago. “Ultimately, I think the biggest blocker is getting someone with the time, inclination, and persistence to work on this. Getting it deployed onto .org is the right thing to do eventually, but I suspect it will take quite a while.”

WordPress lead developer Dion Hulse confirmed that WordPress is already tracking many of these stats and that creating a prototype on infrastructure would be the best option forward.

“It would also be valuable to see how our existing stats system can compliment or be replaced by the proposal here though,” Hulse said. “I mention this as most of the stats from the original description are already tracked, just not exposed in any form. The only new thing mentioned here is the Frequency of use of specific views (Settings, Customizer, etc) and transparency part (which would still probably only be anonymized summaries, not exact data).”

WordPress Telemetry Project Provides a Solution to Long-Standing Privacy Concerns

Moving WordPress’ current data tracking into a more transparent opt-in feature would also provide a solution to some long-standing privacy concerns raised by contributors in a six-year-old trac ticket. WordPress tracks the number of blogs and users in a given installation, along with the installation URL in the headers, in order to facilitate update requests that may become problematic, particularly in the case of large multisite installations.

“Even if a user knows that some data needs to be passed for a version check of core, plugins, or themes, the amount of data passed to remote is obviously more than needed to do the version check,” one contributor commented on the ticket. “But users should be made aware upfront so they can freely decide on their own if they want to instead of being forced to support the project with their usage-data. They could be offered an opt-in to do so.”

“The number of registered users I have on my site tied to the URL that is sent with tracking request gives out vital information on how well my business could be doing – information that is mine and mine only,” WordPress plugin developer Danny van Kooten said. “At the very least we could make it very clear that WordPress is tracking this information and what exactly it is doing with it. I really do not think there is any excuse for that.”

Developers can filter the data to satisfy their privacy concerns but it is somewhat inextricable from the update process for larger multisite installations. It’s also too big of a technical hurdle for most regular users who would be better served by a simple UI allowing them to opt out of data collection.

Rand-Hendriksen’s WordPress telemetry proposal gives the project an opportunity to formalize what data is being collected, state the purpose behind it, and allow users to choose if they want to be included.

Europe’s General Data Protection Regulation (GDPR) May Push WordPress Towards More Transparent Data Collection

Progress on both the Telemetry project and the ticket regarding privacy concerns has been slow. Neither seem to be a priority among contributors, but Europe’s General Data Protection Regulation (GDPR) may provide the impetus needed to push WordPress towards more transparent and responsible data collection.

The GDPR is an overhaul of data protection law in Europe with far more stringent requirements than the previous laws. It requires full disclosure for any data collection and standardized privacy notices to help users understand where and how the data is being used. Consent to have data collected must be confirmed and users have the right to access their own data. It also includes the right of erasure or “the right to be forgotten,” which allows users to remove their data from the web. The GDPR goes into effect in May 2018.

Heather Burns, a digital law specialist who consults and speaks extensively on internet laws and policies, encouraged WordPress contributors to frame the discussion regarding privacy concerns in terms of working towards compliance with a specific framework.

“For the purposes of this discussion, core should work to the GDPR standard for two reasons,” Burns said. “The first reason lies in cultural differences. The US does not have a single overarching data protection and privacy regulation, unlike Europe, where we have this data protection regime which applies to all personal data regardless of use, format, or sector. So GDPR gives developers – even those outside the EU – a robust, healthy, and very tough set of standards to follow. Given what we have seen coming out of the White House in the past week, GDPR also provides as good a starting point as any for defensive user protection.

“The second is that GDPR is extraterritorial. It applies to the personal data of anyone in Europe regardless of where the online service is located. If your business is in the US or Australia or Israel but you have European users, you have to protect their data to European GDPR standards.”

Pricewaterhouse Coopers recently surveyed 200 US-based multinational companies with more than 500 employees and found that 77% plan to spend $1 million or more on GDPR compliance. More than half of those surveyed cited GDPR readiness as the highest priority on their data-privacy and security agendas.

The hefty penalties of noncompliance are one of the driving factors behind American companies spending millions of dollars on satisfying the requirements of this new European regulation.

“GDPR is a complete overhaul of its dialup-era (1995) predecessor and one of the areas that has been beefed up is its teeth,” Burns said. “Businesses which are found to be in noncompliance by a European member state’s data protection regulator, whether that is your small app studio all the way up to Automattic, could face penalties of up to 4% of the business’s global annual turnover. Now there’s some solid context for the philosophical discussion.”

However, not everyone is convinced that the GDPR will be beneficial to consumers. Kitty Kolding, CEO and president of Infocore Inc, an international company that specializes in sourcing market data, told ExchangeWire that she believes the GDPR will undermine “the sanctity of consumers’ data privacy and security” and hobble marketing and advertising worldwide.

She contends that provisions like the “right to be forgotten,” which require customer data to be retained beyond the time that it’s in active use, will make that data more susceptible to hacking. Additionally, the enforcement body for the new legislation claims authority over companies, with the right to search and seize records, without any oversight or appeals.

“Every company everywhere that handles data on EU citizens is also automatically subject to this group’s absolute power – though it’s anybody’s guess how the EU believes they can enforce such a broad mandate outside its own borders,” Kolding said.

Currently, only two trac tickets mention the GDPR so it’s not yet clear how WordPress core will respond to the requirements of the new legislation. Burns recommends that WordPress core contributors go through the process of conducting a privacy impact assessment to determine the right way forward.

Regardless of WordPress’ response, companies and organizations that depend on the software will need to assume the responsibility of their own compliance, as these requirements extend far beyond core. The GDPR applies to anything added into a website or app that collects users’ data. For example, many contact form plugins store submissions inside the WordPress database and site owners will want to re-examine how users are notified of this.

“One of the main changes with GDPR is called the accountability principle,” Burns said. “Businesses collecting personal data must be completely transparent and accountable over what data they are collecting, how they are storing it and where, who it is being passed to (such as third parties), who has access to it, and how long it is retained. Users also have the right to request that any data collected about them must be deleted.”

There’s no WordPress plugin that will instantly make a site GDPR compatible. Drupal has a GDPR module that aims to make sure the site follows the guidelines and legislation set by the EU, but it doesn’t cover all requirements. Automating an assessment of privacy impact for a site using a CMS and potentially dozens of third-party extensions is a complex endeavor. This is one regulation that will require business owners to educate themselves and implement privacy practices that put users’ interests first.

With the deadline for compliance closing in, WordPress has an opportunity to re-evaluate how the project handles user privacy and make steps towards greater transparency. If contributors are looking into collecting more data to assist decision-making on features, as outlined in Rand-Hendriksen’s telemetry proposal, this project provides an avenue for working towards GDPR compliance. These privacy concerns are especially important to address when considering WordPress for government, healthcare, educational institutes, and other data sensitive websites.

Burns views the GDPR’s compliance deadline as a fresh opportunity for WordPress to build better privacy structures and legal certainty using the regulation as a healthy baseline for all users.

“Everyone needs to be working in implementations for their own businesses and sites in any case ahead of deadline day, in addition to any changes that need to be made in the WP code,” Burns said. “It’s important to remember that GDPR compliance is not a tick box you can squeeze in next April. This is about your processes, your workflows, and your systems of accountability. Start now.”

Yoast SEO 4.2 adds another new language: Dutch

In our quest to speak more of the world’s languages, we’ve now added our mother tongue: Yoast SEO 4.2 premium supports Dutch in its entirety. Our Dutch users can now use all of our innovative features, like Insights and Internal linking suggestions, in their own language. More languages will follow soon.

Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »

Yoast SEO for WordPress pluginBuy now » Info

Insights into more languages

As you might know, the release of Yoast SEO 4.0 saw the introduction of our new Internal linking feature. At that time, this revolutionary tool that helps you build an effective site structure quickly was only available in the English language. Just a couple of weeks ago, we added support for the language of our neighbors to the east: German. Now it’s time for Dutch, the language we know so well.

The text analysis tools of Yoast SEO checks the content of your posts and pages. It actively gives you advice on what to improve. The readability analysis gives you an idea how readable your post is for a regular person. Following the green bullet paradigm, you can see directly if your text is too hard to read. Or if it is littered with passive voice or uses too many words in a paragraph.

To give you correct insights into your writings, we need to fully understand a language. This process takes time, and we’re slowly, but surely adding new languages. After Dutch in Yoast SEO 4.2 premium, it is time to work on support for prominent words and link suggestions in Spanish. Looking past that, we’d like to add support for French.

If you’d like to read up on how we developed the internal linking suggestions tool and the big part language plays, we’d like to recommend this post by our linguist Irene. You can read more about the philosophy behind it in this post by our CTO Omar.

What else is new

Besides adding a new language, we’ve fixed a couple of bugs and made some necessary enhancements. We’ve moved the translations from to To tighten things up, we’ve made sure the settings page and left sidebar are more responsive, so they should accurately scale. In addition to that, we’ve cleaned up the meta box a little and enhanced the styling of the featured image warning screen.

As always, we hope you enjoy this new release. If you need more information, please find the complete changelog on

Read more: ‘Why you should use Yoast internal linking’ »

Plugin Guideline Change

With the advent of the new directory being on the horizon, which allows us to easily hard-limit the number of plugin tags displayed, we have taken the time to change the guidelines.

While minor updates to the guidelines (with regard to spelling, grammar, etc) are common, major changes are rare and we are striving to be more transparent about them. Hence this post 🙂

Guideline 12 (readme links) clarified to cover spam and tags.

The guideline now reads as follows:

12. Public facing pages on (readmes) may not spam.

Public facing pages, including readmes and translation files, may not be used to spam. Spammy behavior includes (but is not limited to) unnecessary affiliate links, tags to competitors plugins, use of over 12 tags total, blackhat SEO, and keyword stuffing.

Links to directly required products, such as themes or other plugins required for the plugin’s use, are permitted within moderation. Similarly, related products may be used in tags but not competitors. If a plugin is a WooCommerce extension, it may use the tag ‘woocommerce.’ However if the plugin is an alternative to Akismet, it may not use that term as a tag. Repetitive use of a tag or specific term is considered to be keyword stuffing, and is not permitted.

Write your readmes for people, not bots.

In all cases, affiliate links must be disclosed and must directly link to the affiliate service, not a redirect or cloaked URL.

The previous version had the title of “… may not contain “sponsored” or “affiliate” links or third party advertisements” which was too specific and yet not direct enough as to what the intent was. We sincerely mean “Do not use your readme to spam.” Tag abuse, keyword stuffing, and blackhat SEO practices are all spamming.

While we still ask you to use no more than 12 tags, once we move to the new directory, we will simply not display the overage. You should clean that up now. The code is such that there will not be a way to grant exceptions. This is by intent. You don’t need 30 tags, folks.

Guideline 13 (formerly number of tags) now references using included libraries

Since we no longer needed a separate guideline for tags, we have completely changed this guideline to address an issue of security.

13. The plugin should make use of WordPress’ default libraries.

WordPress includes a number of useful libraries, such as jQuery, Atom Lib, SimplePie, PHPMailer, PHPass, and more. For security and stability reasons, plugins may not include those libraries in their own code, but instead must use the versions of those libraries packaged with WordPress.

For a list of all javascript libraries included in WordPress, please review Default Scripts Included and Registered by WordPress.

This issue has become incredibly important when you consider that roughly 90 plugins had to be contacted and closed regarding the use of PHPMailer. They had included the entire library and not kept it updated. I’m aware that we use a forked version of that specific library and I have raised core trac ticket #39714 to address this issue.

While we do not (yet) have a public page to list all 3rd party libraries, I’ve raised meta trac ticket #2431 to hopefully get this sanely documented.


5 handy WordPress plugins for your blog

Every WordPress website owner occasionally stumbles upon a problem that could probably be fixed in a heartbeat with a handy WordPress plugin. That’s what makes WordPress great, right? I recall a friend of mine asking about the possibility of an answering machine on his website. There’s a plugin for that. Need to add testimonials in an orderly way? There’s a plugin for that as well.

Plugins range from large, like our Yoast SEO plugin (which every website needs) to really small, with almost Hello Dolly-like impact. No matter what the size, plugins can come in really handy, especially when you’re not a developer or you lack the capacity. In this post, I’ll go over a number of plugins that really saved my day in the past!

Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »

Yoast SEO for WordPress pluginBuy now » Info

Auto Post Thumb Pro

Especially webmasters that have had their sites for ages will recognize this issue: a lot of themes you can find in the WordPress theme repo just look a lot better with a post thumbnail, but not all of your posts have that thumbnail. It doesn’t matter if your theme allows for a list of recent posts or if it includes excerpts on your archive pages, chances are that they will include post thumbnails. That just looks so nice, right?

The legacy of your old posts without a thumbnail makes that the alignment of a collection of posts (f.i. in a widget) looks off. It looks messy. In comes Auto Post Thumb Pro. When I wanted to repost Instagram images on a website, this plugin made sure there was a thumbnail for every post. And (re)generated thumbnails for every older post. After installing this plugin, I can use any theme I wanted to use that displayed these thumbnails on (almost) every page.

By the way, if you are looking for a new theme for your blog, I can recommend Anders Noren’s themes. I’ve used a few and really like the clean designs and easy-to-use setup.

Easy Custom Auto Excerpt

One of the things we come across in our SEO consultancy is duplicate content caused by displaying entire posts on taxonomy pages (like category pages). WordPress has plenty of ways to display excerpts instead of full posts. Usually, one of the requirements is using a <!-- more --> tag in your posts. Include that tag by clicking the icon in the Insert More tag | Handy WordPress pluginsimage, located at the styling options on the Edit pages in WordPress. If you feel that that’s too much of a hassle, the Easy Custom Auto Excerpt plugin will help you out. It’s one of those plugins that you install, configure and forget about, simply because it works.

The Easy Custom Auto Excerpt plugin allows you to automate that more tag by, for instance, adding it after a number of characters or after the first (or first two) paragraphs. It allows you to do some basic tweaking of how that excerpt looks like (alignment of the thumbnail for instance). In the premium version, you can also fine tune the Read more button – a feature that convinced me to purchase a license – and disable excerpts for certain post types (like posts that just contain an awesome photo). Of course, this depends on the type of blog/site that you have. Go see for yourself how this handy WordPress plugin can help you out.

Responsive Lightbox

What to say about this handy WordPress plugin? If you’re a bit like me, you installed, removed and re-installed your share of lightbox plugins. The horror! They either don’t work out of the box, add fancy stuff to that pop-up or simply ignore your galleries. And how about those previous/next buttons that are too small to click. Not to start about how crappy things look on a mobile device, right?

Responsive Lightbox | Handy WordPress plugin

I found Responsive Lightbox to be a nice solution. If you are sick and tired of your current lightbox plugin, install this plugin and see for yourself.

Simple Custom CSS

Sometimes you want to do just a little design tweak and not worry about it being overwritten the next time you update your theme. You have two options:

  • Create a child theme, which might be a bit of a hassle for that tiny little tweak, or
  • simply add some lines of CSS code via this little plugin: Simple Custom CSS.

It does just that. I really like it. There are more handy WordPress plugins that do this, but I found this one to be both the less bloated (I just want to add CSS, not learn CSS) and the one that works without the constant need to add !important to my declarations.

Yoast Comment Hacks

Last but not least, I’d like to add this little gem Joost developed: Yoast Comment Hacks. If you have a WordPress blog and receive a lot of comments, use this plugin to add some smart extras to your comment maintenance toolkit. Among others, it allows you to thank first-time commenters by redirecting them to a thank you page. It also allows you to set a minimum comment length, for instance. Go check for yourself how this little handy WordPress plugin can make maintaining your comments just a bit easier!

I’d love to hear about your favorite handy WordPress plugins in the comments!

Ask Yoast: Old static website, move to WordPress?

Imagine, you created a website a few years ago. It’s still out there, but you didn’t make any changes or updates ever since. So, your site probably needs a major – SEO – update. If you have a static website, you might consider to move your site to a CMS, like WordPress. What’s the best choice? I’ll help you out and explain in which case it would be better to start all over using WordPress.

In this Ask Yoast, we’ll answer a question from Richard Millstein:

“My website was created 10 years ago in HTML, it needs a major SEO update and has other issues. I think it would be better to start over using WordPress. What do you think?”

Check out the video or read the answer below!

Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »

Yoast SEO for WordPress pluginBuy now » Info

Major SEO update

Read this transcript to learn more about choosing a CMS or not, when your website needs a major SEO update:

“Well, you get plus points for using WordPress, of course, no questions asked. Also, if your website was created 10 years ago and not much has happened to it since, then, you really need to think about, “Okay, what will I do once I re-create it? “Will I not do anything with it again for 10 years or will I keep updating it?”

If you want to keep updating it, then yes, you should really go for WordPress, because that makes that an awful lot easier. Of course, with WordPress you also get Yoast SEO and a lot of other advantages or things that you don’t have to build, that will work automatically for you. So, yes, you should probably do that.

The funny thing is, the output from WordPress will still be HTML, so you could probably get your theme of your site to look like your old site very easily. If you just hire someone to copy that into a WordPress theme and maybe do some optimizations as they do that. So, it could be a very simple job on Upwork or some other rental site, where you just go in and say “Hey I want you to change this theme to a WordPress theme and then input my content in it.” That could be a very simple job for someone and might save you an awful lot of time.

Good luck!”

Ask Yoast

In the series Ask Yoast we answer SEO questions from followers! Need help with SEO? Let us help you out! Send your question to

Read more: ‘WordPress SEO’ »

How to Include Category and Subcategory in WordPress URLs

Recently one of our readers asked us how to include category and subcategory in WordPress URLs. Categories and subcategories allow you to sort content on your website. They also allow your users to easily browse the topics they are most interested in. In this article, we will show you how to include category and subcategory in WordPress URLs.

How to Include Category and Subcategory in WordPress URLs

Including Category to SEO Friendly URLs in WordPress

WordPress comes with two built-in taxonomies to sort your content. They are called categories and tags.

Categories are typically used for more broader topics and can have subcategories. See our guide on how to add categories and subcategories in WordPress.

However, if you are using the default WordPress URL structure, then your categories and subcategories are not included in the post URLs.

Some websites use categories and subcategories in WordPress URLs for their posts. For example, at WPBeginner we include category in the URLs of our posts like this:

Some websites that use subcategories display both parent and child categories in the URL.

In this example, news is the parent category and national is the child category.

Including category or subcategory to your post URLs makes them more user-friendly. It matches the breadcrumb navigation on your site and it includes more keywords and text which is also helpful for SEO.

Having said that, let’s see how to easily add category and subcategory in WordPress URLs.

Adding Category and Subcategory in WordPress Post URLs

First, you need to visit Settings » Permalinks page in your WrodPress admin. There you need to click on the ‘custom structure’ option under common settings area.

Adding category to WordPress post URLs

Next, you need to add /%category%/%postname%/ in the field next to custom structure.

After that, don’t forget to click on the save changes button to store your settings.

That’s all WordPress will now start including category and subcategory in WordPress URLs. You can see this in action by editing a post or creating a new one.

File that post under a category (and subcategory if you use them) and click on the update button.

Category and subcategory in blog post URL

You will notice category and subcategory included in the post’s permalinks.

Using Multiple Categories or Subcategories

Let’s suppose you file your blog posts into multiple categories or subcategories. WordPress will only include one category and one subcategory in the URL. If you didn’t choose a subcategory, then it will only show one parent category.

WordPress chooses the category alphabetically. For example, if you file a post in Apple and Technology categories, then WordPress will include apple in the URL because it comes first in alphabetical order.

If you file a post in ‘Apple’ and a subcategory under that called ‘Technology’, then it will include both of them in the URL.

If you selected a subcategory but didn’t specifically select parent category, then WordPress will still include parent category in the URL.

Another scenario is when you have a parent category, subcategory, and a sub-subcategory. WordPress will include all three of them in the URL.

We hope this article helped you learn how to include category and subcategory in WordPress URLs. You may also want to see our step by step WordPress seo guide for beginners.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Include Category and Subcategory in WordPress URLs appeared first on WPBeginner.

WordPress JSHint Adventure

NOTE: I found this draft originally written on December 19, 2013.  Not sure why I decided it should remain unpublished, but I did and then like many drafts, I forgot about it.  So here it is.

One of the features of WordPress 3.8 is something that users will never notice. In fact, it’s something that most developers will never notice as well. It was establishing greater standards with the core JavaScript and adding JSHint.

JSHint is a tool that detects errors and potential problems with JavaScript code. They range from the annoying ( trailing whitespace ), to the potential bug inducing ( code in a function after a return ), to the likely to break a browser we still support ( a trailing comma in an object ). Adding JSHint was initially discussed around the same time as the creation of, but it wasn’t until the start of the WordPress 3.8 that much progress was made. K. Adam White led the effort to create the initial .jshintrc (which is the configuration JSHint uses) along with the grunt configuration to make running JSHint easy.

Once the configuration was decided upon, the process of fixing up the files was relatively quick and straightforward. A list was built and maintained of all files, and then edited to note the person who signed up to fix it and the ticket number.  Overall, from publishing the post until the last file was cleaned up it took 7 days.

By going file by file, we minimized the churn and made it simple for committers to review. It also made it easy to find bitesize chunks. Overall, 13 individuals wrote patches in addition to the committers who assisted.

Yoast internal linking: the making of

A few weeks ago, we added Yoast internal linking to Yoast SEO Premium for English. We released the same feature for German earlier this week. In this post, I’ll explain how the earlier released Insights laid the groundwork for this feature, how we compose the list of linking suggestions, and why Yoast internal linking is currently only available for a limited set of languages.

So what does the internal linking tool do? While working on your post, our internal linking tool will give you suggestions on which posts you could consider linking to because they are about related topics. Linking to these posts will help you create a better site structure.


To know which posts we should show in the Yoast internal linking meta box, we first need to find out what all your posts are about. For this, we use the data we’ve already gathered for the Insights box, that you’ll find beneath the content analysis:

insights in yoast seo premium

But how do we get to this list of five words and word combinations? Let’s take a look at the steps we take when we analyze a post for its most prominent words.

Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »

Yoast SEO for WordPress plugin$ - Buy now » Info

Step 1: Getting all relevant single words

First, we want to know which relevant 100 single words are most frequently used in the post. We therefore start by making a list with all words from the text. Next, we remove words like ‘the’, ‘you’ and ‘to’ from this list. Articles, pronouns, prepositions and other function words are simply too widely used to be truly relevant to a text. If we wouldn’t filter out words like these, all posts would end up with roughly the same prominent words. Once we’ve removed all function words, we save the 100 most frequent single words and move on to the word combinations.

Step 2: Getting all relevant word combinations

Combinations of two or more words are often more relevant and information-rich than single words, because they are more specific. That is why we also look for the most relevant two to five-word combinations. We filter these combinations as well, because combinations like ‘headlines to be’ and ‘to rank and your’ are useless. We only want to keep meaningful combinations like ‘optimize your site structure’ and ‘writing clickbait titles’.

Step 3: Filtering on word density

Once we’ve retrieved and filtered all one to five-word combinations, we filter out everything with a word density of over 0.03. This means we remove all combinations from the list that comprise over 3% of the entire text. The rationale behind this is that words that are too frequent are seldom genuinely relevant, because they tend to be non-specific. This also serves as an extra safety net to catch all function words that we might have forgotten to remove during the previous steps.

Step 4: Calculating relevance scores

The final step is calculating which words and word combinations are most relevant to the post. Based on trial and error, we came up with a formula that uses the frequency, length and percentage of relevant words of the word combinations that does just this.

Length bonus

We start with determining the length bonus. As shown in the table below, the longer a combination is, the higher is the length bonus it receives. This means longer, more specific word combinations will eventually get a higher relevance score than shorter, less specific combinations.

Word combination length Length bonus
Single word 0
Two-word combination 3
Three-word combination 7
Four-word combination 12
Five-word combination 15

Relevant word proportion

We also calculate which proportion of each word combination is on the list of the 100 most frequent words. This is the list we drew up during Step 1. For example, if one word of a four-word combination is also in the top 100 frequent words, the calculated proportion would be 0.25. The idea behind this is that the more relevant words a combination contains, the more relevant the combination probably is.


Next, we calculate the so-called multiplier using the following formula: 1 + relevant word proportion * length bonus. For a four-word combination with a relevant word proportion of 0.25, this would result in a multiplier of  1 + 0.25 * 12 = 4.

Relevance score

Finally, we calculate the actual relevance score by multiplying the number of occurrences of each word combination by its multiplier. If the four-word combination of the above example would have a frequency of 3, its relevance score would be 3 * 4 = 12. Once we’ve calculated all relevance scores, we sort the words and word combinations from the highest to the lowest relevance. To keep the Insights box clear of clutter, we only show the top 5. However, we save a maximum of 100 words and word combinations for further use. 

Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »

Yoast SEO for WordPress plugin$ - Buy now » Info

Yoast internal linking

Once we have collected the most prominent words for all your posts, it’s time to compare them. To do this we take the top 20 prominent words of each post. However, for the sake of simplicity, I will illustrate the process with only five prominent words per blog.

Imagine you’re writing a post about Twitter Analytics. You’ve also written posts about Twitter Cards, homepage SEO and Instagram Analytics. You can find the top 5 prominent words from these blogs in the table below.

Twitter Analytics Twitter cards homepage SEO Instagram Analytics
Twitter Analytics Twitter cards homepage SEO Instagram Analytics
Twitter Twitter business name or brand Instagram
analytics Twitter account homepage followers
Twitter analytics dashboard account optimize your homepage analytics
Twitter cards data site name engagement rate

The more overlapping prominent words a post has with the current post, the higher its position will be in the list. Because the post about Instagram Analytics shares the prominent word ‘analytics’ with your post about Twitter Analytics, that post will show up in the linking suggestions. However, the blogs about Twitter Analytics and Twitter Cards have two overlapping prominent words: ‘Twitter Cards’ and ‘Twitter’. As a result, the post about Twitter Cards will end up higher in the list. Lastly, the post about homepage SEO doesn’t have any prominent words in common with the post about Twitter Analytics. For that reason we won’t suggest it to you.

We’ve decided to limit the number of suggested posts to twenty, because we don’t want to overwhelm you. Only the twenty posts that share the most prominent words with your post will be shown in the meta box. Check out what the result looks like in this video!

Language support

Now that we’ve built the above framework, we stand before the time-consuming task of making the linking suggestions available for languages other than English and German. Not only do we have to compose lists of function words for each individual language, but we also need to adjust the filtering for each of them. This has to do with word order differences. In English, for example, one describes an action with a verb followed by an object: eating cookies. However, in German, the object comes before the verb: Kekse essen (literally: cookies eat). As a result, we want to filter out English word combinations ending with a verb (he eats), but German combinations beginning with a verb (isst Kekse, literally: eats cookies).

The future of link suggestions

We’re happy to announce that we’ve released internal linking for German. But, maybe more importantly, we’d also like to let you know that you can help to make Yoast internal linking available for your own language! Please contact us if you’d like to help.

Read more: ‘Why you should use Yoast internal linking’ »

Ask Yoast: security measures new domain

There are several reasons to move your website to a new domain. Maybe you’ve gained access to a much stronger domain. Perhaps you’re changing direction or you’re rebranding. Or you’d like to start over with a new name and a new site. Assuming you have a good reason for moving your site to a new domain – other then “this name just sounds catchier” – there are some things to consider concerning security and SEO when moving your website to a new domain.

In this Ask Yoast, we’ll answer a question from Anbu Devilhunter:

“If I move to a new domain are there any security measures I should take?

Check out the video or read the answer below!

Optimize your site for search & social media and keep it optimized with Yoast SEO Premium »

Yoast SEO for WordPress pluginBuy now » Info

Security measures new domain

Read this transcript to learn more about SEO and security measures when you’re moving your site to a new domain:

“Well, yes. You should make sure that you have your old domain and keep it forever, so that you can keep the redirects from that old domain to your new domain. Because otherwise, at some point, someone else is going to use that old domain and you’ll lose your redirects. So you’ll lose a lot of links pointing to your site.

Any other security measures? Well, yes, everything that you need to do to a good domain. But I’d suggest talking to our friends at Sucuri, and see what they can do for you. We run their web application firewall in front of everything we do and I would suggest you do too.

Good luck!”

Ask Yoast

In the series Ask Yoast we answer SEO questions from followers! Need help with SEO? Let us help you out! Send your question to

Read more: ‘WordPress Security’ »

How to Change the Default Gravatar on WordPress

Do you want to change the default Gravatar on your WordPress site? By adding your own default gravatar image, you can make your comments section branded. In this article, we will show you how to change the default gravatar in WordPress and replace it with your own custom default gravatar image.

How to change default gravatar image in WordPress

What is Default Gravatar and Why Change it?

Gravatar is a web service created and run by WordPress co-founder Matt Mullenweg’s company called Automattic. It allows anyone to create a profile and associate avatar images to their email addresses.

This avatar image is then displayed on all WordPress blogs where users leave comments or write blog posts. For more details see our guide on What is gravatar and why you should start using it right away.

All WordPress sites come with built-in support for gravatars and automatically show users’ avatars when they write posts or leave comments.

However, if a user doesn’t have a gravatar image, then WordPress automatically shows the default gravatar image. The default option is to show an image called mystery man. It looks like this:

Default mystery person gravatar in WordPress

If you don’t want to use the mystery man as default image, then you can change it to your own branded image.

Having said that, let’s see how you can change the default gravatar image on your WordPress site, so you can use a custom default gravatar image.

Changing Default Gravatar Image in WordPress

First, you need to visit Settings » Discussion page and scroll down to Avatars section. This is where you can configure and change gravatar settings on your WordPress site.

Gravatar settings in WordPress

You will notice that there are a few choices available under the default avatar option. These avatars are used when a user does not have a gravatar associated with their email address.

Out of the box WordPress uses the mystery person icon as the default gravatar. You can change that to blank or gravatar logo.

There are few other options available as well. These are automatically generated images in different designs. These images use comment author’s name or email address to mathematically generate a unique gravatar image.

Don’t forget to click on the save changes button after changing your default gravatar.

Using Custom Default Gravatar Image in WordPress

WordPress also allows you to use your own default gravatar images. Here is how you can easily add your own custom default gravatar image in WordPress.

First you need to create an image that you want to use as the default gravatar. This image should be a square, like 250×250 pixels.

Next, you need to upload this image to your WordPress site. Head over to Media » Add New and upload your custom default gravatar image.

Upload and edit custom default gravatar image

After the image is uploaded, you need to click on the Edit link next to the image.

WordPress will now open your image for editing. You need to just copy the image file URL and paste it in a plain text editor like Notepad.

Copy file URL

Now you need to add some code to your WordPress site. If you haven’t done this before, then please take a look at our guide on how to copy paste code in WordPress.

Add the following code to your theme’s functions.php file or a site-specific plugin.

add_filter( 'avatar_defaults', 'wpb_new_gravatar' );
function wpb_new_gravatar ($avatar_defaults) {
$myavatar = '';
$avatar_defaults[$myavatar] = "Default Gravatar";
return $avatar_defaults;

Don’t forget to replace $myavatar value to the URL of the custom gravatar image you uploaded earlier.

You can now visit Settings » Discussion page and you will notice your custom default avatar added to default avatar choices.

Custom default gravatar image

Select your custom default avatar image, and then click on the save changes button.

WordPress will now use your image for users who don’t have their gravatar associated with their email addresses.

Custom default avatar image in WordPress

We hope this article helped you learn how to change the default gravatar on WordPress. You may also want to see our guide on how to set custom avatars for users in WordPress.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Change the Default Gravatar on WordPress appeared first on WPBeginner.

Emoji to show you are here

Screenshot of WordPress Dev ChatI don’t know how it started, but sometime after WordPress switched to Slack in 2014 the norms for checking in to a dev chat switched to emoji.  Many people 👋, some use slack specific emoji like the bowtie, and others change it up on a regular basis.

Like many traditions, this started completely organically and at this point it’s so normal, no one bats an 👁.

I feel like It’s important to have traditions in open source software, but it’s also important to make them easy to pick up.  It helps new contributors feel a part of the process.  If the traditions are too hard to pick up on, then you risk creating an us vs. them problem. Thankfully, emoji’s to show you are present is one that people can pick up on right away and immediately feel a part of the WordPress team.

WordPress 4.7.1 Fixes Eight Security Issues

WordPress 4.7.1 is available for download and fixes eight security issues that affect WordPress 4.7 and below. The PHPMailer library was updated to patch a remote code execution (RCE) vulnerability. WordFence reported the vulnerability last month as critical and that it affects WordPress core.

However, in the announcement post for 4.7.1, Aaron Campbell, WordPress’ new Security Czar says that, “No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release.” Dawid Golunski and Paul Buonopane are credited with responsibly disclosing the vulnerability.

WordPress 4.7.1 also fixes an issue where the REST API exposed user data for all users who authored a post of a public post type. This release limits this ability to only post types which have specified that they should be shown within the API. Brian Krogsgard and Chris Jean are credited with responsibly disclosing the vulnerability.

In addition to patching eight security issues, this release fixes 62 bugs. To see a full list of changes, visit the release notes page or you can view them on Trac. Sites should update automatically but if you’d like to update sooner, visit your site’s Dashboard, select Updates, and click the Update Now button.

User Trust Matters now available in Japanese

ユーザーとの信頼関係の重要性 – WordPress コミュニティにおける後方互換性という哲学

When I was summarizing my last month of daily posting, I mentioned a few ways I felt like my writing was having impact. I didn’t even consider that my work would inspire someone to translate what I wrote my writing into another language.  However, I was incredibly honored when Takayuki Miyauchi asked to translate my post about user trust. I’m going to add having an article translated to my list. If you would prefer to read in Japanese, the link to the post is above.

How to Add Title Attribute in WordPress Navigation Menus

Recently, one of our readers asked if there’s a way to add title attribute in WordPress menus? Title attribute allows you to provide extra information about a link. It often appears as tooltip text when the mouse moves over the link. In this article, we will show you how to add title attribute in WordPress navigation menus.

How to Add the Title Attributes in WordPress Menus

Why Use Title Attribute in Menus?

Title attribute is an HTML attribute that can be added to any element, but it is most commonly used with links and images.

It allows you to provide additional information about the link or the image. See our guide on the difference between what’s the difference between image alt text vs title.

Title attribute displayed as a tooltip for an image

Typically web browsers display the title attribute on mouseover. This allows users to see where this link will take them before they click on it.

Screen readers may also read title attribute, but many screen readers will ignore it and will only read the anchor text.

Some SEO experts believe that it is not useful while others claim it is useful for SEO as it allows you to provide more context.

WordPress removed title attribute from insert link popup in version 4.2. However, you can easily add the title and rel=nofollow options in insert link popup.

Having said that, let’s take a look at how to add title attribute in WordPress navigation menus.

Adding Title Attribute in WordPress Navigation Menu Items

First you need to visit Appearance » Menus page and click on the ‘Screen Options‘ tab in the top right corner of the screen.

Enable title attribute for navigation menus in WordPress

This will bring down a menu where you need to click on the check box next to Title Attribute option.

After that, simply scroll down and click on any menu item in your existing menu to expand it. You will now see the title attribute field.

Add title attribute to the menu item

You can now add the text you want to use as title and then repeat it for all menu items in your navigation menu.

Don’t forget to click on the save menu button to store your changes.

You can now visit your website and take your mouse to a link in navigation menu. You will see the title attribute displayed as tooltip.

Title displayed in tooltip

You can take title attributes even further with jQuery by adding fancy tooltips on mouseover effect.

We hope this article helped you learn how to add title attribute in WordPress navigation menus. You may also want to see our list of 15 best tutorials to master WordPress navigation menus.

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

The post How to Add Title Attribute in WordPress Navigation Menus appeared first on WPBeginner.

An alternative splitting algorithm for publishiza

My friend John built plugin for writing tweet storms in WordPress. I’ve now used it to tweet storm about salary negotiations and WordPress committer stats in 2016. I like it, but I wasn’t super happy with how it split up the the post into individual tweets. It essentially just splits it up so that each tweet is whole words and doesn’t exceed 119 characters. It also adds an ellipsis at the end of every tweet. So I decided to build my own version that prioritizes whole sentences.

My tweet splitting algorithm first splits the post by sentences.  It then tries to build tweets and prioritizes keeping sentences intact.  My thinking is that this helps the tweets stand on their own a bit more.  If you want to use this, download and activate both publishiza and the gist below as plugins.

User Trust Matters

Helen Hou-Sandi, in response to someone suggesting a large rewrite in slack wrote this:

Your plan as I understand it disregards a couple of core WordPress philosophies/practices: striving for maintenance of backwards-compatibility, and that an X.0 release is no more significant than X.1 or Y.9 (this is closely related to maintaining back-compat, in that something like semantic versioning is less meaningful for WordPress core).

Generally, the most successful refactorings in core have been done in support of features being built, whether that’s a user- or dev-focused feature. It’s not that core code can’t be improved (clearly it can), it’s that better decisions regarding back-compat and, more importantly, forward-compat for an API or other bit of code can be made when one eye is on practical application.

As a user centric project, WordPress chooses philosophies that put the user first.  There is also an unwritten philosophy point that many committers talk about which is that User Trust Matters. What that means to me is that users trust WordPress for running businesses, sharing content, and engaging with their own users. User trust must be maintained in order to provide features such as automatic updates.

User trust isn’t something you earn and then just get to keep forever. It’s a maintenance relationship.

Drew Jaynes

Trust is maintained by understanding that WordPress core is one piece of a WordPress website.  It doesn’t matter if it’s a plugin using an API in a novel way, a theme missing a needed CSS class, or an outdated version of PHP running on a server.  When a site running WordPress breaks, it’s WordPress that breaks and it’s user trust that is hurt.  It’s why WordPress has a beta and RC period with many calls for testing.  It’s why a field guide is published and plugin authors are emailed before a release.

It works for users now. When it stops working for them, it’s our fault and we lose their trust.

Andrew Nacin

Over the last 3 years, the underlining taxonomy code in WordPress has changed dramatically in order to support taxonomy meta.  In new versions though, WordPress still considers the case that data hasn’t been migrated.  At WordCamp NYC a few years ago, five contributors talked through how to best handle meta when a term hadn’t been split. By thinking through cases where things aren’t pristine, WordPress is stronger and users can trust it.

To design a spacecraft right takes an infinite amount of effort. This is why it’s a good idea to design them to operate when some things are wrong

Akin’s 2nd law of spacecraft design

WordPress can absolutely do a better job with maintaining user trust, but as long as it considers the fact that User Trust Matters, it will be a stronger project.