Backroom blogging is where all the administration of your website goes on. If you decided to get rid of your free WordPress site, you may have gone for the self-hosted version, WordPress.org. Thousands of people do. (Hundreds of)Thousands more commercial sites, and government sites, and who knows who else, now use WordPress as the basis for their websites too.
We’re in good company. Most of those other people know what they’re talking about. I hang onto their coat-tails.
But if you don’t use the hosted version of WordPress, this will be of no interest to ou. Thanks for visiting.
If you’re thinking about using it, do not let this scare you off. By the time you’ve decided to go for it, the changes I’m talking about will be old hat. You’ll never notice them, because they will be smoothing your way from the start.
WordPress.org 5.5 is upon us!
If you still use the old editor, rather than the Block Editor, the changes for layout etc won’t affect you. But… from what I’ve seen it’ll make the Block Editor so much better, I might even switch to using it on here.
The other major change, and it’s the big one for self-hosted sites: the introduction of AUTOMATIC UPDATING.
I read the useful information that Wordfence, a security plug-in and all-round good guys, sent me, and went to one of their Tuesday work-streams (on YouTube!). This is what I learnt.
If I can find screen shots of the new system I’ll add them.
Block Editor changes
The most obvious, and important change for me, is simply that they’ve made the labels and handles on the blocks easier to use, and more functional. It looks like you can do most of what you used to do from the old editor menu bar from the top of the Block. As you know, I’m having a bit of eyesight trouble, and anything that improves visibility is good!
The way you can move blocks, and edit and move images is also becoming more intuitive, and you won’t always have to look at the part at the side which only contains half the instructions you need. I have trouble with laoding photos from my iPad which they say I’ve taken upside down. I’m a left-handed iPad user, hence I use it the opposite way up from a right hander… most of the time it doesnt matter, but photos often load to WordPress upside down. It should be easier to fix this in future.
You can also get all the different types of blocks to display at the left side of the screen. I bet there are far more than I ever realised, and some of them will be exactly what I’m looking for: to put book cover plus buying links, for example. I created one of these as a special block, but it doesn’t reproduce well.
In all of the following, for ‘hacker’, read hacker, virus, bitcoin sneaker, camel, trojan, data thief, and any other parasite of websites.
This is the most important change in terms of the security of our own system. Keeping the hackers out should be something we all pay heed to. I use Wordfence (free) to scan my files, keep hackers out at the firewall, and prevent them getting near me in the first place if they are known threats. They also update against viruses regularly (instantly if I had the paid version), and send me somewhat interesting emails about the things that go on in hacker-world. Much of this I can skip.
Most sites that have problems do so because they are using old code – themes and plugins that haven’t been updated. Hackers get in through known vulnerabilities, and most old systems are prone to being unwittingly vulnerable, because they haven’t moved their coding on with the rest of WordPress.
First off: WordPress itself. When you log in, you can either update it when alerts you to an upgrade, or you can ask it to apply updates automatically.
Or, you might use something on your host’s system to manage software like WordPress – Softaculous is one. My Softaculous emails me that new updates to WordPress are needed. When I check, it discovers they’ve been automatically updated. But it’s a good check!
If you aren’t running the latest version of WordPress, there will be holes that a hacker can get through.
Automatic updating for plug-ins (and themes)
As well as WordPress itself, you probably have a Theme, and some plug-ins, such Akismet, Jetpack, WordFence, Yoast/SEO, social button bars mailing lists, visitor counters, writing progress bars, Goodreads books read….
Each of these plug-ins should be updated by the author to make sure it is compatible with the latest version of WordPress. Most hackers come in through the open door provided by poorly coded and old plug-ins.
So as your own website administrator, you are probably used to being told to update your plug-ins. How often do you do this?
For this website, Jemima Pett, I use it regularly, and probably log in for administration once a week. There’s usually one or two updates waiting. For my other books, Princelings gets logged in and updated maybe monthly unless there’s something I know is urgent from this site. Viridian System at present, only if there’s something from this side I know will be urgent. White Water Landings… sometimes doesn’t get updated even then. I went in for the first time in six months the other day. Interesting that it’s the only one I’ve had the front page stolen…
This is a normal pattern for small businesses and hobbyists with no commercial activity on their sites. Although we are marketing our books, we aren’t actually making transactions, taking orders and fulfilling them.
So for us, what Wordfence suggest is that we take advantage of WordPress’s new option.
On the Plug-ins menu, set each plug-in to auto-updating. WordPress will check as regularly as it needs to, given the traffic on your site, and update any of your plugins once updates are released. You only need to do this once. You can undo it, too.
Why is this good?
It means we keep our sites up to date, and free of holes, with little or no extra work. All the time.
If you have a plug-in you have problems with when updating, you may want to hold back on that and do it manually next time you go in. Why? Because if it doesnt work and your site goes down, that will be when you discover it.
Personanlly I’m holding back on Jetpack, because that’s been a problem for many years, but not recently. If it keeps behaving itself, I’ll put that on automatic too. And I might put it on automatic at the book sites because they don’t have as many plug-ins for it to get upset about.
This is a much longer post than I expected, and it’s probably heavy going.
- Upgrade to WordPress v5.5.
- Apply auto-updates to all the plug-ins you wish to let WordPress update for you.
Hope this helps.
Extra Security Tip
One extra bit of information I picked up: you can limit log-ins to your site to just the countries where your users live. Blocks a lot of attempted log-ins from strange places. You may need to run Wordfence for this. I’ll check.
PS Some options will be later arriving if you’re on Safari, like me. Sigh.