Free Alternatives to Avada WordPress Theme

free alternatives to Avada WordPress Theme

Are there any Free Alternative Themes to Avada Theme?

Free Demos that come with Avada
Free Demos that come with Avada

The short answer is no but keep reading. Avada is the best selling theme in the history of WordPress for a reason. This theme has been around for seven years now and has been in full and constant development the whole time. The team behind Avada is ThemeFusion and they have mostly concentrated on Avada that whole time. At the time of writing there have been 523,508 sales and at about $60 a sale that means this theme has generated $31,410,480 USD for ThemeFusion. That is why they can concentrate on this theme and make sure that with every update of WordPress the theme will work perfectly. ThemeFusion can afford to make sure all the plugins work perfectly with the theme with every update of WordPress. They can also afford to bundle lots of great third party plugins with the theme itself.

With the kind of income Avada generates Themefusion can also afford to develop many different Demos which form a great base for any new or established websites. As well as using Avada Classic, some of the free demos that come bundled that we have used for our clients are Avada Salon, Avada Gym, Cafe and many more. All have imported perfectly and have maintained stability after every WordPress and plugin update. That is a hard thing to achieve in the WordPress theme space. Developers who make free themes just don’t have that monetary incentive that ThemeFusion has so it will be hard for them to keep up.

So what are the Free Alternatives to Avada in 2019?

As we have pointed out above technically there are no free alternatives to Avada but there are some great free themes in their own right. the ones we are featuring here are all from WordPress.org but there are some great alternative free themes to the ones on WordPress.org out there but we cover them in another article. The themes below are in no particular order, all five will work great for you and all are responsive.

1. Avant

Avant free theme
Avant free theme

Even though we have said we aren’t putting these themes in any order Avant is easily one of our two favourite free themes of all time.  The other theme being Twenty Seventeen which will not make it onto this list. An explanation of this will come later. Why do we like Avant? It has an Avada feel while obviously not being Avada. It has great SEO settings and often we won’t bother with a dedicated SEO plugin when using this theme. It has five blog layouts,  Seven header layouts and three footer layouts. Which gives you 105 different variations, a surprising amount for a free theme. It works well with WooCommerce and is a great platform to build a eCommerce store around. It also works extremely well with page builder plugins like Elementor and SiteOrigin’s Page Builder.

2. Futurio

Futurio is  a great theme that we have had a lot of success

Futurio free WordPress theme
Futurio free WordPress theme

with. It is lightweight, very customizable and fast. With a little tweaking we have managed to get Google PageSpeed insights scores in the high 80s for sites using this theme. This was achieved on a cheap server. the theme works well with all the page builder plugins like Elementor, Gutenberg and Visual Composer. Every SEO plugin we have used has worked well with it and so have all the caching plugins.  In fact all the major WordPress plugins like Contact Form 7, jetpack and WooCommerce work well with it. Definitely a great theme to try out.

3. Hestia

Hestia

Hestia WordPress theme
Hestia WordPress theme

has been around a few years now but is still one of the best free WordPress themes on WordPress.org. At the time of writing Hestia has 100,000+ downloads and for good reason. This theme like Avant above is trying to be somewhat Avada like. It is aimed at creatives, small business and startups but can be used for any small standalone website. It is also great for one page sales landing pages. Like the others above it works perfectly with all the most popular plugins and page builders. Hestia is SEO friendly and works well with parallax sliders. While it is not as customizable as Avant, it is still very flexible and can be used for many different industry websites.

4. Astra

Astra Theme
Astra Theme

Astra is an extremely popular theme with 300,000+ downloads and for good reason. It has excellent SEO integration and comes with Scheme.org implemented natively which is rare for free WordPress themes. One thing we don’t like about the theme but will probably be appreciated by most installers is that the theme comes with AMP native integration. We don’t like AMP because we like to be in control of our content but for most people AMP is a good idea. Astra is also fast loading and lightweight. like the others mentioned in this list it works well with all the page builders and we haven’t come across a popular plugin it hasn’t worked with.

5. Shapely

Shapely WordPress theme
Shapely WordPress theme

Even though we kept Shapely for the last in this list it is by no means the least. This theme is awesome and while not Avada like it is definitely only a few steps away from being a good premium theme. Customization is this themes middle name and has beautiful base design that can be built up with plugins and page builders to make an extremely good looking website. We have used this theme for landing pages, business sites , portfolios, eCommerce stores, local business sites and with a little tweaking we have used them on personal blogs, magazine sites and tech sites. Once again as all the themes in this list it is SEO friendly and responsive. It makes mobile sites look the best of any in this list although it is a bit heavier and slower than most of the others.

Honourable Mention

Above we mentioned how Twenty Seventeen didn’t make this list. Why? We love this theme the most of any free theme we have ever used but it is not on this list because it is not for everyone. We use Twenty Seventeen on this site but we have customized it heavily and use it headless WordPress to run the article list on the front page. Twenty Seventeen is powerful because it is so simple and easily modifiable yet still has some nice default touches.

If after all of this you still don’t know what theme you want to use but know a good site that has a theme you might like use our WordPress theme detector to find the theme and try it.

How Do I Find a Great WordPress Theme?

How Do I Find a Great WordPress Theme

If there is a question we get asked more than any about Themes it would have to be What are the best WordPress themes?

Answer: The best theme is the theme that satisfies your needs and looks the way you want your site to look. OK, so that sounds like a bit of a cop out and it is.  What we are trying to say here is that there are literally thousands of awesome great themes and new amazing themes are being released daily.

The problem is that the above question is not the right question. There are a series of questions you need to ask yourself when choosing a theme for your website, brand and ultimately your business. in this article we will step through the question.

1. Do I need a Responsive Theme?

Yes you do. We have put this question first for a reason.  There is no longer any reason to not have a responsive theme. Almost all good themes free or premium are responsive. With Mobile devices becoming so ubiquitous the traffic on the web has changed from being primarily laptop/desktop based to becoming an even split with mobile and tablet. Whats does this mean? It means that as many people are viewing a site on a mobile device as there are viewing it on a PC.

Responsive WordPress Theme
Responsive WordPress Theme

Add to this that Google has put more emphasis on mobile in the search engine results and announcing that Google’s preferred method for handling mobile devices is responsive. There is no reason to ever touch a theme that is not responsive. Any good theme publisher will know this by now and either have remade an old theme or built a new theme using responsive technology.

Just in case you have missed it we will say it one more time “use a responsive theme”. If you see a site that you like and are unsure what theme it is using then use our WP theme detector to see what theme it is using and you will be able to check if it is actually responsive.

2. What Colors Do I Use?

Choosing a color for WordPress site
Choosing a color for WordPress site

Colors are important so give them plenty of thought. The colors to use will generally depend on the business logo. Try to match your site to logo. If you don’t have a logo yet then we recommend you select a color palette for the look for the website. There are a few sites online that can do this for you. One that we use a lot is https://paletton.com/. We like it because you can choose a base color and it will generate color schemes for you. Once again if you see a theme you like and it has the colors you would like to use then simply use our WordPress Theme Detector mentioned above to find it.

If you are a little confused about colors then a good point to start is to apply a little simple psychology to color selection. Consider your audience/customers and make a selection based on it. Here are some very simple guidelines do not use these as hard rules.

  • Women don’t like gray, orange, and brown. They like blue, purple, and green.
  • Men don’t like purple, orange, and brown. Men like blue, green, and black.
  • Blue is generally the color of trust.
  • Green is good for nature, outdoors and environment.
  • Orange is a fun color and although both men and women tend not to like it. Used correctly it can make a site stand out from the pack.
  • Yellow is used in warning signs and is a great color to grab attention just be careful with its application.
  • Black and other dark colors can be luxuriant. However the over use of these colors can make sites look bleak.
  • White is important because it ads negative space and negative space applied correctly can really make your calls to action stand out.
  • Use bright colors like pinks and reds as calls to action.

3. Choose a Theme With an Easy to Read Font

choose WordPress theme
choose WordPress theme

Font selection is important. Fonts have been tested for over a hundred years. Before  computers and the internet it was newspapers had already done much of the font testing. A newspaper could be made or broken based on its font selection. In the early days of home computing Apple in particular put a lot of research into fonts as the desktop publishing revolution came into being.

So the results are in and below we have a list of fonts that a site should stick to. Most are sans-serif mutations.

  • Roboto
  • Open Sans
  • Lato
  • Slabo
  • Oswald
  • Source Sans Pro
  • Montserrat
  • Raleway

We also recommend that you make the font size of about 16px. Why? The good people at Google.com have hinted that  small fonts can have a negative affect on SEO. It actually makes sense even if it is not a direct link between font size and SEO. What can happen is that user engagement metrics are negatively affected by small fonts.

4. Use a Premium or Free Theme?

There are some great free themes out there. This blog uses a modified version of a free the theme Twenty Seventeen. It is a great theme but very basic and that is exactly how we like it. The staff here at WordPress Theme Detector are almost all skilled php/java/jquery coders. We consider twenty Seventeen a good baser to start from. We are not looking for fancy things like sliders, popups, visual editors, etc.

What is a good professional looking free theme? There are quite a few but one that is a very popular in our office is Hestia. To borrow directly from its page on wordpress.org:

It has a multipurpose one-page design, widgetised footer, blog/news page and a clean look. It is compatible with Flat Parallax Slider, Photo Gallery, Travel Map and Elementor Page Builder. The theme is responsive, WPML and Retina ready, SEO friendly, and uses Material Kit for design.

However if you really want to get serious about the look of your then you will probably want to look into a premium theme. Premium themes can afford to be a little better than free themes precisely because they offer their authors a way of making an income, which in turn allows the author to put more effort into the development and support of the theme. The theme author can also afford to bundle premium plugins into the theme bundle.

What are the Best Premium Themes?

Here are the 5 we use most and a short reason why.

  • Avada A truly all purpose WordPress theme. This is the most popular premium theme ever sold
  • The7 Possibly the most customizable theme on the web at the moment
  • X the Theme Also customizable and powerful but a bit easier to use
  • The Fox A personal favourite of the team here at WP The Detector
  • Be Theme This theme comes with a huge database of pre-built sites

If you use any of the themes above you will end up with a truly amazing site.

WordPress SEO Plugins 2019 Comparison

WordPress SEO plugin comparison

What is the Best Free SEO Plugin?

The SEO Framework is now the best free SEO Plugin for 2019. That is a huge claim so I guess we better justify it. This plugin might not do everything that the big wigs in the WordPress SEO space do but it is not far off. Install it now but continue reading if you want our justifications for this claim. At the time of writing The SEO Framework has had 90,000+ active installs, 800,000+ downloads 190+ five star reviews. So the plugin has well and truly moved past the untested phase of plugin development and moved into stable release. To make it easier to find what plugin a site is using, we will be adding a plugin finder to WordPress Theme Detector very soon.

1. the SEO Framework

The SEO Framework WordPress Plugin

 

What do we like about the SEO Framework? It works well and it works every time. The reliability of this plugin is something that we haven’t encountered in a long time in the WordPress world. We have tested this plugin by installing multiple different themes onto our test bed and many different plugins that have clashed with other SEO plugins and have not managed to make the website fall over. This is something we cannot say about almost any other SEO plugin we have tested. So if lack of plugin conflicts is important to you then use this plugin. If not then you need to change your attitude to conflicts.

This plugin is so lightweight the test site hardly knew it was there. Modern plugins tend to be bloated with ads, premium upgrades and nonsensical functionality. Sybre Waaijer the author has a personal philosophy of sticking to what is functional. He is well known and respected in the WordPress community, not just for this plugin but the many projects he has had a hand in.

Just because it’s lightweight doesn’t mean it hasn’t got most of not all features you would want in an SEO plugin. Like most good SEO plugins it can be left to its own devices. It can be left in fully automated mode. Just install and forget. The AI that has been built into the plugin saves so much time. It tweaks pages based on WordPress signals and in most situations it does a great job. In auto mode it will enable and optimize breadcrumbs, generate titles and descriptions that follow Google guidelines and has a built in sitemap generator.

The SEO Framework feels like what All in One SEO felt like the first time we encountered it many years ago. I remember installing All in One on client sites and getting an almost instant boost in Google traffic. While those days are gone TSF brings back that feel. There have been a few sites we have installed it on and seen an immediate increase SERP

OK so we have established that The SEO framework is lightweight and automates almost everything but is it customizable? Yes it is. It has all the options that “All in One SEO” and most of options of the free and premium version of “Yoast SEO” but we will talk about this later.

List of some of the customizations:

  • SEO Framework pluginTitle/description
  • Social media settings
  • Visibility (nofollow, noindex, canonical, etc.).
  • Basic schema markup like breadcrumbs and Google sitelinks
  • The automatically-generated XML sitemap
  • Social media
  • variety of free and premium modular extensions
  • Much more

SEO Plugin Comparison
One final feature before move onto the other SEO plugins. The SEO optimization column in the All posts list is so useful and easy to understand. All modern plugins should have quality of life features like this. It makes life easy for us SEO and WordPress professionals but what we really like about it is that clients can look at it and quickly get an understanding of what the possible problem with a post could is. When you have a worried client on the phone it is nice to be able to talk them through looking at this list and slowly make changes that positively affect their SEO.

2. Yoast SEO

Yoast SEO was the former king of the hill when it came to WordPress SEO plugins. We are not even going to bother with download and and install statistics. This is one of the most installed plugins in WordPress history and the reviews are very positive.

Yoast SEO plugin

For the longest time this was our go to plugin for SEO. We made all our clients install it and it worked incredibly well. The plugins focus on keyword analysis is what put it above the competition and to be fair, Yoast is still a little better than TSF at this. Yoast actually requires you to enter keywords to target and then formulates an analysis of the post around the entered data. Hardcore SEO types will stick to this plugin and for good reason. If you know what you are doing it takes out a lot of the guess work out of structuring a blog post for optimal SEO results.

Another amazing aspect to the Yoast plugin is the analysis of the readability of the post. Grammar has always been important but with Google improving its AI markedly in the last 5 years this has become more important than ever. Yoast provides color coding for readability and keyword focus which makes it easy to see what aspect of the blog post needs to be worked on.

So why don’t we recommend Yoast over TSF? TSF does almost everything that Yoast does and has a few unique aspects of its own. Also ease of use factors heavily in our decision to put TSF over Yoast. However the big thing that has made us move away from Yoast is incompatibility with certain themes and plugins. We have not only seen this on our own websites but many of our clients have reported weird incompatibilities with the Yoast plugin. It is a shame because this plugin is still truly an outstandingly good plugin. The readability and keyword targeting features are a god send but the fact that is bloated out with many unnecessary features and the upgrade to premium is a little intrusive for not a lot of extra value means we really can’t recommend it anymore.

3. All in One SEO

Before the Yoast SEO plugin came along All in One SEO reigned supreme in the WordPress SEO plugin space. I vividly remember installing “All in One SEO” to a small niche review site I had built back in 2011 and 8 days later reaching the top of the SERPS for many valuable keywords. This site went from making about US$400/month to US$3000/month and the only thing I did was install this terrific little plugin.

All in One SEO plugin

What a revelation that was. I did the same thing to a few other sites with varying success but never as good as that first site. Still it was this plugin that gave me a foothold into the niche website marketing trend at the time and help me build a great business. Those days are now long gone. Because of this I was devoted to this plugin for a very long time, probably to long. It requires much more effort than installing an SEO plugin to get to the top of Google SERPs these days.  Unfortunately this plugin has become long in the tooth. It has no analysis or readability features like Yoast SEO and is not lightweight and nimble and easy to use like The SEO Framework. It is a still a stellar performer and after all these years is still in the top 3 SEO plugins for WordPress.

Like Yoast SEO it is bloated and a little unwieldy and has the annoying upgrade path to a premium version. I could never recommend this plugin over the other 2 mentioned above.

Conclusion

If it isn’t obvious by now, we highly recommend The SEO Framework as the dedicated SEO plugin to use on a site. One plugin that we haven’t mentioned but we are keeping an eye on is SEOPress. We have heard very good things about it and have installed it on 3 new niche sites to see how effective it is. We will keep you informed of the results.

Getting Started With WordPress Theme Development

WordPress Theme Development

Why WordPress Theme Development?

WordPress is the most popular CMS currently available, so if you want exposure for your project why wouldn’t you develop it in WordPress. If you already know Java, HTML and CSS and already use those skills to make websites then WordPress could be the next logic step.

While knowing PHP is a bonus it is not actually required to build a WordPress theme. If you have some Bootstrap skills that can give you are slight advantage but once again it is not necessary. it is not to difficult to build a custom WordPress theme from scratch.

What is a WordPress Theme?

A WordPress theme is basically a template that changes the look of your website. Modifying the theme changes the look of your site externally but the way the back-end operates generally doesn’t change. This means that webmasters can move between WordPress sites without needing any extra training or knowledge to operate them. Yet the sites can all look differently. You can check out thousands of free WordPress themes at WordPress.org or premium Themes at Themeforest.net. If you have seen a site that you think looks interesting you can check it out with WP Theme Detector. You will be pointed at the theme.

Most developers don’t realize but you really only need two files to make a WordPress theme.

  1. index.php – the main template file
  2. style.css – the main style file

While this is strictly true, a developer who sticks to just these 2 files will usually end up with functional but quite basic theme.

GNU General Public License WordPressBefore we start we would like to mention the GNU General Public License (GPL). All WordPress themes are governed under this licence whether they are free or premium. The GPL four basic freedoms.

  1. Freedom to run the program for any purpose.
  2. Freedom to study how the program works and to change it, so it performs computing as you wish.
  3. Freedom to redistribute copies, so you can help your neighbor.
  4. Freedom to distribute copies of your modified versions, giving the community a chance to benefit from your changes.

However if you do not plan to distribute the theme then you will not have to adopt the GPL licence.

Set Up a Local Development Environment

Try to make sure the local development environment is identical to the final destination production server. A local development environment is preferable for a few reasons.

  1. Speed of development.
  2. Testing is easier.
  3. lack of internet connection will not hamper development.
We recommend your local development environment be made up of.
  1. Linux, Ubuntu or (if you really have to) Windows
  2. Apache or Nginx
  3. MySQL or MariaDB
  4. PHP
  5. A good text editor (we recommend Notepad++ or PhpStorm)

External WordPress Development Tools

You will need an internet connection for these but we are assuming that eventually you will want to upload your theme anyway.

  1. A good introduction to WordPress debugging https://nacin.com/2010/04/23/5-ways-to-debug-wordpress/
  2. WordPress.org Theme Unit Test Data is an XML file containing dummy test data that you can upload to test how themes perform with different types and layouts of content.
  3. Debug Bar is a plugin that provides debugging in the WordPress admin area.

There are other tools but these 3 are a good start.

Where to Start?

We recommend that you start by looking at some of the default themes that come with WordPress. At this point I have to come clean about something. I have never actually started a WordPress theme from scratch. I have always started with a default theme and modified from there. These days I have highly modified and unrecognisable versions of default themes that are my starting point for new projects. I figure why reinvent the wheel. A great way to start is download one of the themes listed below and just start hacking.

Here is a list of default themes.

If you are an experienced developer and don’t want to deal with inbuilt biases in the above listed themes then a great way to start is to generate your self an underscore theme. Just navigate to Underscores’ website and enter a name for your theme. You will be prompted to download a skeleton for a WordPress theme.

Upload the theme to /wp-content/themes in your WordPress installation. You can now start tinkering with the look and feel of your Theme.

This is just a quick starter guide and not meant to be an in-depth expert instructional on how to make a WordPress theme. Stay tuned that article is coming.

 

 

 

WordPress Security Update and Features – Vulnerabilities Have Been Plugged

WordPress Security Update and Features

As of May 7th, WordPress’ content management system (CMS) has a brand-new set of security features which adds a higher level of protection lots of its users say they wanted years ago. These new provisions were added along with the official release of the updated WordPress 5.2, which came out on the same day.

WordPress Site Health StatusThe security provisions include support for the following: updates that are cryptographically-signed,  modern cryptography library, a section for the backend of the admin panel for Site Health, as well protection for the dreaded White-Screen-of-Death (WSOD), which will allow website admins admission to the site’s backend if some sort of catastrophic PHP error occurs.

Since WordPress is loaded onto more than 33 percent of Internet websites, the new provisions are expected to ease website owners’ fears regarding cyber-attacks.

Updates that are Cryptographically-Signed

Perhaps the largest and most vital of the new security components is the one for the offline digital signature system on WordPress. Now, WordPress can sign update packages digitally using the new Ed25519 public-key signature system, which makes it possible for local installations to confirm the update is authentic prior to installing it.

This feature is a vital step for preventing cyber-attacks like a supply chain attack onto every WordPress website. Security companies have been warning WordPress users about this kind of threat for over 2 years.

According to Scott Arciszewski, who is the Chief Development Officer for Paragon Initiative Enterprises, prior to this WordPress update, all that was needed to be able to attack all the websites using WordPress was to hack into the WordPress update server.  Arciszewski is one of the people who helped develop the security for the WordPress update system, as well as some of the other new security features.

He added that now that the new security update is in place, a cyber attacker would have to find a way to steal WordPress core development team’s signing key. Thus things are much more secure.

WordPress Acquires a More Modern Cryptographic Library

Another part of Arciszewski’s efforts to make WordPress more secure was to replace its old cryptographic library with one that is more modern and up to date. With the new update, WordPress’ CMS supports the Libsodium library for every type of cryptographic operation. Previous it used mcrypt, which is now gone.

Libsodium has been added to WordPress’ CMS source code. Another addition is the sodium_compat library, which acts like a polyfill to support older PHP servers which do not support Libsodium. This addition puts WordPress in the same company as other web development tools that already supported Libsodium natively such as Magento 2.3+, Joomla 3.8+ and PHP 7.2+.

Additionally, with this added to WordPress’ CMS core, now theme and plugin developers may begin to support it too.

For more information on that, WordPress theme and plugin developers can read more on using the new security feature in a blog post Arciszewski has published with info on how they can use Libsodium to replace older mcrypt cryptographic roles.

New Section for Site Health

Likely the first of these new security additions most users will notice is the new section for “Site Health” located in the Tools menu in the admin panel. It involves 2 pages, Site Health Info as well as Site Health Status.

The Site Health Status page runs several straightforward security checks and then delivers a report listing what it found, along with information on how to correct them. There are also other bundled tests and website owners and website developers may also design tests on their own in order to check the security on other parts of their WordPress websites.

The other page, Site Health Info, is exactly what it sounds like. It delivers lots of data on the site, along with server setup. It’s used for debugging or if server details must be shared with IT professionals due to required support services.

Information is given on the WordPress installation, as well as the primary server, any plugins or themes, and data on the file storage usage.

Servehappy Project

One of the other new security additions is the Servehappy project. This was supposed to have been added to WordPress 5.1, but got loaded in two parts instead. One was installed in WordPress 5.1 and the other in WordPress 5.2. The part in WordPress 5.1 gave users the ability to show a warning if a server was using PHP versions that were outdated.

WordPress 5.2 added protection for the dreaded ‘White Screen Of Death’ (WSOD), which is also called “Fatal error protection.” This works as a  WordPress website “Safe Mode.”

The new feature can temporarily disable any theme or plugin if a PHP fatal error occurs. This then allows admins to get into their website’s backend so they can fix it.

It too was supposed to have been installed with WordPress 5.1, but got delayed when studies by security experts discovered a few possible scenarios where a hacker could have misused WSOD and actually been able to turn off a WordPress security feature and then attack WordPress websites all over the Internet.

Plans for the Future

These new updates don’t mean work has stopped on figuring out other ways to improve security on WordPress sites. Other plans in the works are things like Project Gossamer, which is planned to be released along with WordPress 5.4.

Project Gossamer is expected to port the exact system of code-signing which is used during main WordPress updates and make it a framework WordPress developers can employ for code-signing WordPress plugin and theme updates.

WordPress Xmlrpc.php Why You Need To Disable It Right Now!

What is the Xmlrpc.php File and What Does it Do?

The xmlrpc.php file was implemented to let let webmasters interact with their sites. For all intense and purposes it acted like an API. A really bad and insecure one. “RPC” stands for Remote Procedure Call, a method that uses XML passed via HTTP as the transport mechanism.  While Xmlrpc.php had many functions, trackbacks and pingbacks are the most widely used and problematic.

Other functions allowed webmasters interact through mobile or even load pre-written articles. This was important when internet connections were slow and made editing online difficult. The internet has moved on and is much faster so this functionality is not as useful as it once was.

XML-RPC Early Days to Now

Pre-2008 XML-RPC could be disabled. This was a handy feature that allowed a webmaster to turn off the unnecessary functionality. In 2008 the WordPress iPhone app was added to the app store and webmasters could no longer easily disable XML-RPC functionality. This left WordPress sites open and vulnerable. Why do we say vulnerable? As we hinted above xmlrpc.php was not created with security in mind.

WordPress has implemented a new REST API and will be phasing out XML-RPC. The solution is still in a transition phase and XML-RPC is still available. So webmasters should still be concerned. Once the API is fully implemented and XML-RPC is removed then webmasters can relax about xmlrpc.php and start worrying about the new issues that the API will have.

Why Webmasters should Disable Xmlrpc.php

Security of a website is possibly the main concern of webmasters after content. XML-RPC greatly hinders a webmasters ability to maintain security.

Why is xmlrpc.php a security risk? There are 2 main methods.

1. XML-RPC allows for brute force attacks on WordPress installations. a hacker will use a bot programme to brute force attack a Website. By attacking xmlrpc.php the hacker can bypass most of the security plugins that WordPress are designed to detect and block brute force attacks. A hacker can test thousands of username and password combinations in seconds.

2.  DDoS attacks are the next big issue with XML-RPC. Hackers can use the pingback feature of WordPress to send thousands of pingback request that can make MySQL or whatever database package is being used to fall over. This will take the WordPress site offline and in severe cases can cause a corruption of the MySQL database.

While strong passwords can help to hold off a hacker using method 1. It will not help a hacker who is attempting method 2.

One thing we do have to mention is that the very popular Jetpack plugin still uses XML-RPC.  If you are considering disabling xmlrpc.php and are using Jetpack then you might need to reconsider what we are proposing.

 How a Webmaster can Disable xmlrpc.php

Now that we have established that disabling xmlrpc can be a good thing. How do we do it? There are 3 methods of disabling xmlrpc.php.
Diable xmlrpc

  1. Using a plugin to disable xmlrpc.php. We have tried two and they both work well. Disable XML-RPC and Remove & Disable XML-RPC Pingback. You do this by going to the Plugins area and clicking on Add new , search for xmlrpc, pick one of the plugins and click the install now button.
  2. Deleting the xmlrpc.php file. This sounds drastic but it does not actually affect WordPress at all. The only systems it will affect are trackback on pingback. You may need to get a systems admin to do this for you. The only problem is that when WordPress is upgraded it can put the file back.
  3. A webmaster can block access to xmlrpc.php with web server commands, although once again the services of a system administrator may be required.  Both Apache and NGINX, which are the two main Web Server applications allow for the blocking of access to certain files in a directory.

Conclusion

While xmlrpc.php is not long for this world, it currently is still an issue and must be dealt with. The new API will be taking over all the functionality of xmlrpc.php whilst providing much more security. We highly recommend disabling it especially if you are having issues with hackers.

XML-RPC was a great solution 10+ years ago but is now very long in the tooth. The developers of WordPress have recognized this and are phasing it out. WordPress Webmasters should prepare themselves for the day when xmlrpc.php no longer exists.

 

5 WordPress Mistakes You Need To Avoid

Making WordPress Mistakes

If you have found this site, then you probably already know what WordPress is and what it does. It is easily the most popular CMS on the web and looks like it will be for a long time to come. Its ease of use, simplicity to set up and modify and the plethora of plugins are what combine to make WordPress so popular. While this is true, it is also what makes it easy to make big mistakes on your website.

Avoiding WordPress Mistakes

If you are about to use WordPress it is a given that you will be making mistakes. If you are using WordPress right now, it is a given that you are making mistakes right now. It is just the nature of the beast. WordPress is simple to use but the thousands of themes and just as many if not more plugins mean that there is a lot of code there that can be bugged or conflict. Let us help you with the knowledge we have picked up along the way.

1. How do you pick the right WordPress theme?

Picking the right WordPress ThemeFind a site that you like type it into WP Theme Detector. It will give you a run down on the type of site it is and indicate if it is a WordPress site. The theme will be highlighted and a link will be provided to the theme itself. Follow the link and examine the theme in detail.

Some questions you need to ask yourself when considering a theme is.

Is the theme responsive and look good on a mobile or tablet? As time progresses, people are using mobile devices more to access the web.  Make sure the theme you pick works well with mobile phones and tablets.

Does the theme styling help represent what the topic of my blog will be? Websites and Blogs will have a niche that they cater for. In the same way most theme creators are generally thinking of a particular niche when building the theme. So pick a theme that has the niche in its description or has a child theme or installable demos that represent the niche you are interested in.

Is the theme creator reliable? If you used the theme detector above then the answer to this is generally yes. However look at reviews for the theme and check when the theme was last updated. This can be a good indicator as to whether the theme developer is still actively supporting the theme.

2. Do You Use Optimizaed Images?

Optimizing images for websites is one of the most undervalued strategies for making a site more user friendly. It is especially important for mobile users. Google has recently announced that site loading speed is a ranking factor. There are a few WordPress plugins that will optimize images on the fly.

Make sure that the images you chose are relevant to the niche and that they have some impact. Images that are completely off topic will make users leave the site early and go back to Google. This is known in SEO circles as user bounce and Google frowns upon it. It is a signal that is highlighting the fact that users are not finding what they are looking for on the website.

3. Do Not Forget To Backup Your Website

WordPress Backup PluginsDo you think that WordPress automatically backs up your site data? If that is what you believe then you are sadly mistaken. Out of the box WordPress has no backup mechanism yet backing up a site is one of the most important things you can do as a website owner. It is such an obvious but crucial mistake that first time bloggers make.

There are a plethora of backup. To find them just go to plugins area and search for backup. Most that come up in search are excellent and using anyone of them will keep you from losing sleep at night. Some backup plugins we recommend are as follows:

Anyone of these above plugins will save you much heartache in the future.

4. Installing too many plugins

Plugins are what make WordPress powerful and flexible. Often this is a double edged sword. At last count there were over sixty thousand plugins available for WordPress. Not all of them are compatible with the latest version of the CMS and not all of them are supported by their creators.

This where the problem lies. Plugins are what make WordPress but they are also its biggest vulnerability. When using plugins follow these simple rules.

  • Only use plugins that you absolutely need. Superfluous plugins should be deleted.
  • Only install supported, compatible plugins that have lots of recent good reviews.
  • Check that the plugin does not slow your site down.
  • Make sure that the plugin does not clash with the theme you have chosen.
  • Plugins can clash with each other, not just with themes. So installing too many plugins can cause unwanted errors on  a WordPress site.

5. Not Taking WordPress Security Into Account

WordPress security selectionWordPress security is becoming more important as the years go by.  As one of the most popular Website platforms, WordPress will garner its fair share of hackers. If a hacker is going to look for a vulnerability why not look for it in a CMS that has so many installations. A hacker will benefit much more by finding a way into a WordPress site. What can you do to make your WordPress site more secure?

  1. Install a security plugin.
  2. Make sure all passwords are extremely strong.
  3. Set an unusual name for the Admin account. (Do not call it “admin”)
  4. Avoid nulled or cracked premium themes.
  5. Disable file editing
  6. Use a SSl certificate if you can.
  7. Change your WP-LOGIN url. Most hackers use bots that attack certain files. Wp-login does quite a few database look ups and a dedicated hacker can use a bot to make the database fall over and gain command line access.
  8. Delete xmlrpc.php. This file is not really needed and a hacker can use a bot as above to gain command line access.
  9. install a limit login attempts plugin.
  10. Hide wp-config.php and .htaccess files

Conclusion

If you are reading this then this is your first foray into blogging or at least are relatively new to WordPress. Don’t let what we have said above dishearten you. WordPress for all its foibles is an excellent website/blogging platform. Moving forward, whatever mistakes you make, learn from them. Most online entrepreneur will fail a few times before they hit onto the one idea or site that lets them work from and live the lifestyle they desire.

 

 

How to Choose a WordPress Theme?

How to Choose a WordPress Theme

How do I choose a WordPress theme? Is possibly the most question I am most asked as a WordPress developer. While the answer is not all that technical, what it highlights is that there is a lot of choice and therefore complexity, which leads to confusion.

I will be breaking the answer down into 10 simple points to consider when looking for a WordPress theme.

1. Simplicity

Keep the WordPress theme simpleWe have all seen WordPress sites that have flashy images, banners and sliders. Some look great and some look a little bit overdone. One thing they all have is complexity. While not always, often this kind of complexity will mean an extension of the sites load time. Load time is increasingly becoming a more important in Google’s ranking factors. A slow loading site, especially the mobile portion will be penalized for having a slow loading time. Consider Google’s AMP as a partial fix for those who want a fast loading site for mobile but a flashier site for those using PC’s and laptops. More on AMP here !

Sometimes themes have unnecessary bloat in them. So even if the theme you end up choosing is not flashy it still can have a lot of plugins, css and images to load. Many plugins that are  shipped with themes are not needed so you may want to deactivate or even delete them. The KISS principle can apply in many parts of life but it is particularly pertinent in website design.

2. Look At As Many Themes As Time Will Allow

Search for a themeOften a client will come to me after seeing one particular site and want me to replicate it. We have all been there. Seen a site that we have been smitten by and want an almost exact copy of it. There are usually a few problems with this. The site might not be a WordPress site and the theme might be a privately bought theme.  If this is the case you may require the  services of a web developer and depending on your budget this may get more expensive than you want.

If it is a WordPress site then either go to WordPress.org which has many free great but usually simpler themes. Look through the examples. I usually tell them to browse through at least five pages. Then I will point them at Themeforest.net and tell them to look through at least 5 pages again or enter some search terms and see what pops up. These themes cheap but are not free. They are however usually much nicer looking, optimized, well supported by the author and will not break your bank balance.

You will probably see a theme that similar to the one you had in mind or you might see one that is even better. If you have seen a site that you like test it with WordPress Theme Detector as it might have a theme you can get.

3. Choose A Responsive Theme

Responsive WordPress ThemeNot long ago responsive theme choice was exactly that just a choice. Those days are now gone. responsive themes are now mandatory. Mobile traffic has surpassed pc traffic on the web years ago, so theme choice and theme design should think mobile first. Not only are responsive much more comfortable for mobile users, they also have the benefit of helping with SEO. Google has long held the view that ease of use should help SEO. Responsive themes make mobile navigation easier and Google has made it clear that responsive design along with AMP is what it considers best practice.

4. Page Builders

Does the theme support or include page builders? Page builders are not mandatory if all you are doing is creating a blog. Page builders make it easier to create landing pages and to make sites look more professional. A couple of negatives are that they do add a layer of complexity and require a more knowledge about page layout. If the page builder plugin gets deactivated then the page builder extensions will revert to ASCII code and could be lost.

5. SEO Optimized

There are some good plugins for WordPress that can Optimize the onsite SEO of your site, we recommend Yoast SEO, All in one SEO used to be the best SEO plugin but is starting to show its age, The SEO Framework. A theme needs to work well with these plugins but should inherently have some onsite SEO modifications.

6. Reviews and Ratings

If you have narrowed down the field to about 5 possible themes but can’t decide which one, the reviews and ratings can be a great guide.

Free Themes on WordPress.org will have the review and ratings just below the download button. At themeforest.net the reviews are under the theme thumbnail in the WordPress sub directory.

7. Ongoing Support

As the core of WordPress CMS changes from update to update, themes will often need to modify to work with the new code. This can pose some problems especially for relatively old or unpopular themes.

While many themes at WordPress.org are well supported, especially the popular ones. There are many old and little used themes that have not kept up to date with core functionality of WordPress.

Themeforest.net theme developers tend to keep their themes up to date as they have a monetary incentive to do so. This is not a hard and fast rule and that is why we recommend popular themes. If a theme developer is making a good living from their theme then it is in their best interests to keep it modern and working.

8. Think About Color and Font

Color is important. Marketing is all about visual appearance. Matching the logo should not be the only consideration. The colors of the website should enhance the logo or as web developers like to say “make it pop”. Unless you are in a creative field dark colors should be avoided and neutral colors with a hint of color should be employed.

9. Consider a Premium Theme

Premium WordPress themes have come a long way. Most have the best page builders and sliders built into them. What we like most about them is that they are well supported. As we have said before when a theme is monetized well, that is the best incentive for a theme developer to update and support the theme. Some themes like Avada have had over a half a million sales at Themeforest.net. Other popular themes are BeTheme, The7 and Newspaper. These themes have many pre-made web designs that you just need to load.

10. Is it Fit For Purpose?

How to select a WordPress themeA website has a purpose. That purpose could be a blog, news site, enterprise, marketing, e-Commerce, Informational, Photography and many more. The theme should match the purpose of the website. Most premium themes have many different designs that can be applied to almost any niche. Free WordPress.org themes also have these designs but usually not to the same extent. Choose a theme that either is built around the niche you are interested in or has a built in design available that fits the niche you are interested in.

Google’s AMP Plugin For WordPress Now Supports AMP Stories

AMP Stories plugin

What is AMP?

We won’t go to deeply into what AMP is here but as a brief guide it is a Google hosted subset of html that speeds up the user mobile experience on your website.

Is it good? Yes it is but it has its drawbacks. It definitely makes the mobile experience much faster in most circumstances. The problem arises with the fact that google tends to host this and as such is in control of your content. The AMP page will most likely not look anything like the original page on your website and there are many html/java elements that are not supported. For a much broader explanation of AMP go here

As you would expect WordPress users would love to take advantage of AMP by Google. So in very quick succession a plugin to enable AMP on WordPress sites was developed.

What is AMP Stories?

Instagram StoriesAMP stories is another innovation by Google to compete in the “stories space”. We are all pretty used to Instagram, Facebook and Snapchat stories by now. Those funny little icons at the top of the page with more images and text or mini videos that help you outline what you done during your day. Basically a new visual storytelling format. People have expanded these into micro-vlogging and I know many people who no longer look at the standard Instagram feed but only look at the stories.

Google has implemented a version of these stories for AMP. Why should we care? With WordPress rolling out the block based Gutenberg editor it has become much easier to add visuals to posts. Stories technically didn’t need Gutenberg to do stories through the AMP plugin but the new editor does definitely allow for a simpler stories creation. The AMP plugin will now take those stories and add them to the AMP stack and format them in a nice way for users to access it with their phones.

Will this revolutionise how mobile users interact with your site? In the short term the answer is no. Don’t let that put you off though. Stories are gaining in popularity in all the social media apps that have implemented them and as mobile users become more aware and stories savvy, they may come to expect all parts of the mobile universe to have a some form of stories capacity. Watch this space!

Gutenberg Editor vs Classic Editor

Gutenberg editor vs Classic Editor

Love it or Hate it Gutenberg is here

The new Gutenberg editor has divided the WordPress community like no other change in the history of WordPress. Some people love it but many and I would say most people are not loving it. This is partly due to the innate human resistance to change but also because quite frankly this first iteration of Gutenberg is not that great. I am sorry to you Gutenberg fans, it just isn’t. It has some great features and there will be people who are new to WordPress who will know nothing other than Gutenberg. They will probably love it and never bother with “Classic Editor”

What is Gutenberg Editor?

Gutenberg EditorGutenberg is a modern and sleek block-based editor that borrows some of the best features from page-builder plugins like Visual Composer. Here is the thing we love “Visual Composer” but Gutenberg just doesn’t match the feature rich environment that is Visual Composer. To us it is almost like the developers of Gutenberg were to scared to go all in and that is their biggest mistake. What it does well is allow people with almost zero knowledge of HTML, to layout a website.  What it does badly is let these same users to layout terrible websites. They look bad, they feel bad and they just are bad. As mentioned above everything is laid out in blocks and depending on how they are laid out controls how good or bad a site can be.

Some useful blocks are:

  • Paragraph
  • Image
  • Heading
  • Gallery
  • Quote
  • List
  • Video
  • Audio
  • Cover image
  • Table
  • Button
  • Separator
  • Pull quote
  • Preformatted

Classic Editor

Classic editor WordPressLet’s start with what is bad about classic editor. The layout of the visual elements is not instinctive. There is a haphazard feel to what elements are included in the visual tab as opposed to the text tab. If the developers at WordPress.org wanted to change the way we edit, they should have started with baby steps and just made this fundamental change to the editor.

However, what is good about classic editor is that it allows you to get straight into writing the article with out having to think about how the page will look visually. Do new users even care how an article or page is laid out? No, they generally want the layout to conform to the theme styling. Themes are so good these days at laying out posts and pages that most users of WordPress don’t even want the distraction of post layout.

Final Thoughts on Gutenberg

It has it’s place but vast majority of WordPress users it is just a distraction and gets in the way of making content. For those who want to go back to classic editor, you are in luck. There is a plugin that will take you back to pre-Gutenberg editor called Classic Editor, install it and forget that Gutenberg ever happened.

WordPress Theme Detection

WordPress Theme Detection

What are the difficulties in detecting a WordPress theme?

Having used and played with WordPress for about 10 years one of the most common questions I get asked is. How do I find out what theme a particular WordPress site is using?

This sounds like it should be something a person who has been using WordPress for a long time should find easy to accomplish. I can tell you now it is not.

There are literally 100’s of thousands of themes and and that is not including the modified variants of themes and child themes. WordPress is by far the most commonly used CMS on the web and its popularity does not look like it will be slowing down anytime soon.  WordPress owns about 33% of the total website market and considering there are about 180 million websites on the internet, WordPress CMS makes up about 59 million of those sites.

So yes while you would think I would be able to easily view the source of a site and find what theme a site is using, the reality is not that simple. Generally when viewing the source of a WordPress Site, you only need to look for the string wp-content/themes/ and the next bit of text (the directory name) that falls between the next “/” is the theme. Sometimes these directory name are very descriptive and reasonably unique and you can search google for this and will find the Theme name. A good example of this is the site shove.com.au, viewing the source we find that after the directory structure wp-content/themes/ we find the directory “the-fox”. A quick search of google finds the theme is listed at themeforest.net and it is called TheFox | Responsive Multi-Purpose WordPress Theme.

However that is just one example and we are lucky that in this case the theme has a relatively unique name. This is not always the case. A good example is the word “Responsive” while lots of themes are responsive in nature, many theme makers have named their themes responsive. A google search of this name will give you many results and usually not the result you are looking for. So to find a unique theme name we have to dig deeper into the source code of the theme. This is an article for a later date.

For now a good way to find what theme is being used by the website you are interested in is to plug the url into http://wpthemedetector.org/