Google has launched a new Search Console performance report for sites that appear in Google News. Publishers can now track clicks, impressions, and CTR for traffic coming from news.google.com and the Google News apps for Android and iOS.
The report helps publishers see how often their articles appear to users in Google News and which ones performed the best. It also includes breakdowns for countries, devices, and dates to give publishers a better overall understanding of how visitors are interacting with their content through Google News. Although the date period defaults to the last three months, the data only goes as far back as December 15, 2020.
In the past, publishers had to submit their sites to be eligible for inclusion in Google News but the policy changed in 2019. Sites are now automatically considered for Top stories or the News tab of Search as long as they “produce high-quality content and comply with Google News content policies.”
This new report does not include stats from the News tab on Google Search. That information was added in July 2020, when Google updated the Performance report section of its Search Console to allow publishers to filter by News. This screen also lets users compare different traffic sources, i.e. Web vs News to see the impact of articles showing up under the News tab.
The new report can be grouped by dimensions to get more specific information with different combinations of date ranges, reader locations, devices, and pages. For example, you can get a detailed look at clicks, impressions, and average CTR on a per country basis. This can also be filtered for one certain article to explore more narrow branches of the content’s reach.
Publishers who are using AMP will want to note that this new report includes data from the canonical URL. If you have multiple versions for different devices, the report contains data for both:
Data will only be shown in the property that contains the canonical URL. Therefore, if you have both AMP and desktop versions of a page, the desktop property (which is usually the canonical property) will contain all the data for both AMP and desktop clicks, impressions, and CTR.
Google has published a help document with more information on configuring the report, data discrepancies, and how to filter and compare data across groups.
Microservices empower developers to rapidly build applications that are easy to deploy, monitor, and configure remotely. Let's look at the best practices for containerizing a microservice (in our model, we use Spring Boot applications) using the Docker image in K8s utilizing Helm charts.
Best Practices in Dockerizing a Microservice
Spring Boot applications with the uber-container approach are independent units of deployments. This model is great for environments like virtual machines or Kubernetes clusters since the application carries all it requires with it. Docker gives us a way to bundle dependencies. It is essential to put the whole Spring Boot JAR into the Docker image.
Artificial intelligence and machine learning are the buzzing technologies of the market. Their significance peaked in 2020, and we are excepting much more of them in the upcoming year. Both have already found their space in everything; from e-commerce to advanced quantum computing systems, to medical diagnostic systems to consumer electronics and especially the popular smart assistants.
The revenue generated with AI is around $156.5 worldwide, according to market researcher IDC, up 12.3 % from the last year 2019.
We can’t stress enough the importance of having robust site security. When you’re rushing to meet a deadline, properly securing your WordPress site might not be your biggest priority, so we’ve put together a checklist to make sure you don’t miss any of the essentials.
In a sea of over 2 billion websites, it’s understandable why many people don’t think their site is at risk of being hacked.
And if you’ve never been the victim of an attack, you might not worry about the possibility as much as you probably should.
However, it’s better to have the right protection and not need it, than go without and regret it.
We’ve put together a checklist of 16 steps you might want to take when securing your site – which will hopefully make organizing your security a breeze.
You can take every other step in this article and go above and beyond to harden your site, however, if you’re using cheap, shared hosting, it’s like having a reinforced, ultra-strong, titanium front door – and leaving a key under the doormat.
Never make it easy for unwanted visitors (sorry, Devman!)
Without even considering security, shared hosting has enough drawbacks to convince most people to steer clear – but that’s a whole topic in itself. Check out our article on choosing the best type of hosting for your needs for an in-depth look at all of the pros and cons of shared hosting.
Possibly the biggest downside is the lack of security. A vulnerability on someone else’s site could result in the server being compromised and your site coming under attack – through no fault of your own.
Although hosting companies do try and take every precaution to stop malicious attacks like this from spreading, it’s not always possible with shared hosting, as the sites are hosted on the same server.
If you don’t want to worry about what’s going on in your site’s server, opt for VPS or dedicated hosting instead.
WPMU DEV’s hosting gives you dedicated memory, CPU, and SSD storage that is independent of any other sites – including others you host with us!
Top tips:
Choose a hosting provider that is renowned for having robust security in place.
Don’t skimp out on the price – spending slightly more on good hosting is better than going cheap and getting hacked.
Rarely is a hacking attempt personal. You might only run a small website for a boating club in your local village, but that doesn’t mean it will be safe from hackers.
Malicious bots sniff around the internet looking for vulnerabilities in websites and don’t discriminate. If they find that there’s a route past your WordPress login page, they’ll be infecting your files before you can say ”malware!”.
There are a few steps you can take to ensure your login page is safe from these kinds of attacks.
Mask Your Login URL
The first is using a plugin such as Defender to hide your login URL.
This makes it substantially harder for bots to carry out brute force attacks – if they can’t find your login page, there’s nowhere for them to try and crack your password.
It’s super easy to activate within Defender. Just choose a new slug for your login URL.
Make sure you keep a secure note of your new URL!
You can also redirect people who try to access your old wp-admin link to a page of your choice.
Not today, bots!
Use a Password Manager
There are two main rules when it comes to passwords:
Make sure your passwords are a good length and contain a variety of different characters.
Don’t use the same password for more than one account.
Adhering to both of these rules can make it almost impossible to remember all of your passwords, which is why you might benefit from a password manager.
LastPass and 1Password are two of the best password managers on the market and will help you create and store complex passwords for all of your accounts.
All you will need to remember is a strong and secure master password – the rest will be taken care of for you.
Enable Two-Factor Authentication
Your password might seem long and complex, however, if a string of 15 characters is all that stands between your data and a cunning hacker, unfortunately, it won’t always be enough.
Two-factor authentication involves linking your phone or another device to your WordPress admin so that it isn’t possible to login without inputting a unique code.
Defender uses Google Authenticator, Microsoft Authenticator, and Authy to do this.
Simply set it for each of your user accounts and each time anyone makes it past the username and password screen, they will be asked to open your authenticator and input the code.
No passcode, no entry!
This makes it almost impossible for hackers to get into your site without having access to your username, password AND your mobile device.
To put it into perspective, a site I use purely for testing plugins and themes gets on average 40 login attempts a day by bots. These are bots whose sole job is to try random password combinations with the hope of getting into your site.
All it takes is one of these attempts to be successful and you could lose access to your site completely.
I can see these attempts within Defender’s audit logs.
More failed attempts, but bots never give up!
Even though my site is very obscure and isn’t intended to be public-facing, it’s still on the radar of malicious bots.
And even though my password is secure, I would be a lot more worried if I didn’t have two-factor authentication enabled.
Top tips:
Using unique passwords for each account can also help you identify the source of an attack if your password is ever compromised.
Set up a backup email address in case you lose your mobile device and are unable to access your site.
If you forget your masked login URL, you can retrieve it from your database.
For extra security, you can remove the password reset link from your login page with a plugin such as Branda.
Login Protection
Defender has some extra tools on his belt when it comes to locking intruders out of your site.
You can set up login protection to ensure that hackers can’t brute force their way into your account by spamming password combinations.
Choose the maximum number of login attempts you want to allow within a certain time frame and display a custom message to anyone outside of the limit.
You can also choose whether to set a temporary lockout – or ban them forever!
IP addresses can be banned straight from Defender’s logs. If you see the same IP repeatedly trying to access your site, simply click ‘BAN IP’.
You can also ban IP addresses in bulk.
Just make sure (and our Support Team will thank me for saying this) that it isn’t your own IP you are banning, as you will completely lock yourself out of your website!
Defender also offers a few extra ways of managing suspicious IP addresses, which we cover more in this article.
Top tips:
Add your own IP to the allowlist so you don’t accidentally get hit with a lockout.
If you are noticing a high number of login attempts from a specific country, you can ban IP addresses from this country altogether using Defender.
Don’t give your users common names such as Admin or Administrator. Bots will often use these when trying to crack your login details, so if you use a common account name, they’re already halfway there!
Set Up a WAF
A Web Application Firewall (WAF) is a special type of firewall, which sets defined rules in order to help protect a web application from attacks.
All incoming requests and the responses of the web server are examined by a WAF. It monitors, filters, and blocks out unwanted traffic, protecting your site from hackers and other bad traffic.
WAF is simply an intermediary between the web application and the client.
Commonly, a WAF is used against attacks for which traditional solutions do not give protection, such as cross-site scripting and SQL injection, however, it can also be used to protect against illegal resource access – session hijacking for example.
Sound good?
Check out our full rundown of how a WAF works, as well as learn how to take advantage of our awesome WAF (which is included in all of our hosting plans at no additional cost).
Harden Your Site Security With a Plugin
If you want a real chance of preventing any form of attack against your site from being successful, your best bet is with a good all-round security plugin.
Defender has a ton of features that work together to make your site a tough nut to crack.
I could write a full article about all the ways in which Defender can help you secure your site, however – we’ve already done that.
Just to give you a taste, some of its features include:
Two-factor authentication
Login masking
Login lockout
404 Detection
WordPress Security Firewall
Ability to disable trackbacks and pingbacks
Core and server update recommendations
Option to disable file editor
Ability to hide error reporting
Update security keys
Prevent information disclosure
Prevent PHP execution
Most of Defender’s features are actually free, so head to WordPress.org, hit download, and start deterring those attacks.
Use Plugins to Carry out Tasks Automatically
Fact: computers don’t forget things.
Whether it’s backing up your site or updating your plugins, nothing is as reliable as an automated process.
This is why you should leave these tasks to the experts – a couple of awesome WordPress plugins!
Updating with Automate
Hackers love finding vulnerabilities in plugins and themes and using those as a way to infiltrate your site.
When a developer is made aware of a potential exploit in their product, they will create a patch that will fix the vulnerability.
If you neglect to update your plugins and themes when new patches are released, you could be leaving the holes open for hackers to walk in through.
This is why it is important to make sure updates are applied as soon as they are released, and is where Automate comes in.
When you run a number of WordPress sites, it can be time-consuming to update all of the plugins and themes manually, meaning sometimes this task can be put on the backburner.
Automate automatically detects when your website is running out-of-date plugins, themes, or an outdated version of WordPress, and automatically updates your website to run the latest versions.
Better yet, it can even take a backup of your site before it installs the updates, just in case there is a compatibility issue that causes problems.
However, if the worst does happen, having a backup of your site can save the day.
There is no better way to do this (in my humble opinion!) than with a reliable backup plugin like Snapshot.
Simply choose how often and at what time you want your backups to take place, and you’re all set.
Never worry about missing a backup again!
This article will give you a full rundown on how to set up and manage your backups with Snapshot.
Top tips:
As well as updating your plugins and themes regularly, make sure you keep an eye out for new versions of PHP and SQL which should also be updated as soon as possible after release.
It’s always good to take period manual backups and save them locally too – you can never be too safe when it comes to site security!
Protecting Against DDoS Attacks
A Distributed Denial of Service (DDoS) attack is when a website is flooded with traffic in order to cause disruption to its service.
It is carried out by a network of computers (sometimes computers of oblivious members of the public who have been infected with malware). The attacker uses these devices to form a ‘botnet’, which they can instruct to attack a particular target.
The purpose of these attacks is often to hold the site owners to ransom, and there have been some high-publicity cases of DDoS attacks in the past. Some are carried out simply for fun and to cause chaos, but whatever the reason behind the attack, being a victim of one is never ideal.
Luckily, there are some steps you can take to prevent it from happening to your site.
If someone is hotlinking your pictures, they are using the link to your original image on your site, which means that their visitors are getting the benefit of the image, but your server is picking up the tab.
Not only is it considered unethical, but this can put a lot of strain on your server, causing issues for your site, and could also result in extra costs.
There are a number of ways to secure your images, one of the easiest being to add a code snippet to your .htaccess file.
This code will ensure that only certain websites are allowed to display your images. You can specify the individual sites.
Use this code if your site is running on an NGINX server.
Top Tips:
You can also protect your images using a plugin or a CDN with hotlink protection.
Add a copyright notice to your theme’s footer to discourage people from even trying to steal your images.
Stop the Spam
Spam comments on your blog are not just frustrating – they can pose a security risk, too.
Many spam comments contain malicious links in the hope of tricking your visitors into submitting their personal information.
So, although you might not be the intended target of these kinds of attacks, you have a duty to the visitors of your site to keep them safe.
If you’re getting hit with a tonne of spam, you have two options: turn off your comments altogether, or install an anti-spam plugin.
If you choose the latter option, Akismet may be just what you need.
Each comment left on your site, PLUS your form submissions are all run through their global database of spam to prevent malicious content from making its way onto your site.
It’s free – and it works!
Visit Your Site Regularly
Sometimes the simplest solution can work wonders.
If your site has been hacked and your content has been meddled with, a quick glance at your site should tell you that in seconds.
Visiting your site and seeing it from a customer’s point of view is good not just from a security perspective, but from accessibility and aesthetic angles too.
So get yourself a coffee, take a seat, and browse your site as though you’re a regular visitor.
Top Tips:
Don’t forget to view your site whilst logged in, logged out, and in incognito, too!
Consider a Static Site
If you run a site that requires little user input, i.e. is mostly for sharing information, rather than an eCommerce store or a busy blog, converting to a static site might be beneficial.
To do this, you need to create copies of your files and bundle them into a neat .ZIP which can be stored on your server.
This means that your actual WordPress installation can be safely hidden away and out of reach to bots and hackers.
It’s not the right route for a lot of sites, but feel free to check out services such as Strattic or Simply Static if you want to research it further.
Better Safe Than Sorry
We know that implementing so many different steps can seem like a tedious job, but luckily, once you’ve ticked most of these off your list, they will look after themselves.
Plugins run quietly in the background and do the hard work for you, so once you’ve set up all your security for your new site, it shouldn’t require much ongoing manual input.
When you have other aspects of the site to worry about, security might get pushed to the backburner, however…hindsight is a wonderful thing.
Make the time now to implement the right security procedures for your site and hopefully you’ll never have to deal with the frustration of your site being hacked and wishing you’d taken precautions sooner.
As a computer science student, I know how important it is to understand tree traversal algorithms. I suggest every beginner should clarify the basic differences between these two algorithms.
Breadth-first search (BFS) and depth-first search (DFS) are the most popular tree traversal algorithms. Both techniques include visiting all the edges and vertices of a graph but the most important difference between them is that they perform different data structures. BFS applies queue data structure and DFS applies the stack data structure. Depending on this difference, we can determine between the two methods which one is appropriate for a particular purpose.
A hybrid approach to cloud incorporates the benefits of public cloud services, enterprise-controlled private clouds, and the once-dominant dedicated hosting services. Hybrid approaches have been all the rage in the last couple of years as enterprises can avail the advantages of each service while minimizing risk levels. With a hybrid cloud, an enterprise’s data and resources are split between the three forms of storage.
Concern over security has been one of the biggest concerns for businesses that are contemplating a switch to hybrid cloud. After all, the path to public cloud computing can be quite scary for enterprises that are worried about potential threats in a public network spilling over to their network. Concerns over the security of public clouds have led to the rise in popularity of hybrid cloud models.
A DDoS attack on your WordPress site can grind it to a halt and, over time, make it inaccessible to your users. They’re a common attack that wreaks havoc on vulnerable WordPress sites.
The good news? DDoS attacks can be prevented if you know how to stop them. As you’ll see, it’s not that difficult, especially with the help of a CDN, our security plugin, Defender, and a dash of good hosting. Plus, you may have a lot of precautions in place already.
These types of attacks are growing. Cisco predicts DDoS attacks will double from what we saw in 2018 of 7.9 million attacks to over 15 million by 2023. So, it’s worth taking precautions now and doing what you can to prevent them.
This article is a tiered security approach of a system that will help prevent DDoS attacks on your WordPress site. We’ll be going over:
By the time you’re done reading this, you’ll be able to put the smackdown on any DDoS attacks, and they’ll be DOA once they try to get to your WordPress site.
What a DDoS Attack Is and Why They Happen
A DDoS attack (Distributed Denial of Service attack) is a cyber-attack that attempts to disrupt the normal traffic of a specific server, service, or network.
It does this by overwhelming the target or its close infrastructure with a flood of traffic. The ultimate goal of the attacks is to slow down and eventually crash the targeted server.
There’s a limit to every server, and your WordPress site can only handle so many simultaneous visits before it begins to crumble under pressure.
A look at what a DDoS attack is.
DDoS attacks evolved from DoS (Denial of Service) attacks. The difference is DDoS takes advantage of multiple machines or servers that are compromised across different regions.
The compromised machines form a network, often referred to as a botnet. Then, each machine that’s affected acts as a bot and attacks the targeted server or system.
This allows them to go unnoticed for some time and cause as much damage as possible before they’re blocked.
So Why Do They Happen?
Good question. There’s a variety of reasons…
One cause of them is for the sheer fun of it. A technically savvy person may just be having fun disrupting your site.
Or, it could even be to blackmail someone for ransom money, for political reasons, or to harm a competitor. It might even be for revenge.
An attack can occur for almost any reason, whether for fun, money, or something else. It boils down to the motivation of the attacker.
They can happen to individuals or major companies. There have also been some pretty famous DDoS attacks. Recently, Google was attacked in 2017, and AWS had a DDoS attack in February of 2020.
So, big or small, attacks happen. They’re on the rise, and it’s vital to protect your WordPress site as much as possible.
Damage that DDos Attacks Can Do
DDoS attacks aren’t pretty, and they can leave some devastation. The main thing they can do is make a WordPress site inaccessible or reduce the site’s performance. A DDoS attack can create a loss of business and a poor user experience.
Plus, it can cost a lot of money to mitigate the attack by hiring support or security service.
The Difference Between a Brute Force Attack vs. DDoS Attack
I’m sure you’ve heard of a brute-force attack. Like DDoS, it’s another form of an ambush on your website. However, they’re both different.
A brute-force attack is a trial and error method where hackers try to guess credentials or encrypted data (e.g. passwords) through a pretty extensive effort to guess correctly. It’s considered one of the most popular attacks out there for hacking a WordPress site.
The key difference between DDoS and a brute-force attack is the goal.
DDoS attacks overwhelm a website intending to devastate it, where a brute-force attack wants to obtain admin access. When accessed, a hacker will often try to steal personal data, redirect legitimate users to fake websites to steal their personal information, or install malicious software to infect customers and administrators’ computers.
WordPress allows unlimited login attempts by default, so it’s crucial to prevent brute-force attacks by limiting the number of attempts a user gets.
And as you’ll see, a lot can be done against DDoS and brute-force attacks with the help of a plugin, like Defender.
How to Help Protect Your Site Against DDoS Attacks with Defender
Our answer to security, Defender, can help handle DDoS attacks with just a few security modifications that can be done in a few clicks.
You can boost up security in just a few clicks with Defender.
Keep in mind that Defender can’t completely stop a sustained or significant DDoS attack. In fact, no plugin can. It’s more suitable for protection against DoS attacks (a much smaller form of attack).
Attack prevention has to happen at the server level. Simply blocking the IP will not prevent the connection to the server. Even with the response of a 403, there was a connection still made to the server and site.
DDoS prevention is sufficient if the server completely ignores the connection request and appears invisible to the machine sending the request.
This is why additional services are required for complete DDoS protection, like a CDN (which we’ll discuss later).
That being said, we’ll be going through several ways Defender can help with the collaboration of other preventative measures, and you’ll see how you can start protecting your WordPress site against DDoS attacks today.
Disabling XML-RPC
XML-RPC is a system that lets you post on your WordPress blog using favored weblog clients, for example, Windows Live Writer. It’s a remote procedure call that uses XML to encode its calls and HTTP as a transport apparatus.
If you’re using a WordPress mobile app and you want to connect to services, such as IFTTT, or if you want to access and publish your blog remotely, then you’ll need XML-RPC enabled. If not, it’s just another way for hackers to target and exploit your site with a DDoS attack by getting access via XML-RPC.
That being said, if you don’t need it active, it’s worth disabling it.
Defender can disable this in one-click. You’ll see whether it’s enabled or not in Security Recommendations. From there, you can view your issues and see if disabling XML RPC is one of them.
You can see that disabling the XML RPC is an improvement that can be made.
Clicking on the dropdown gives you the option to disable XML RPC with a tap of a button.
Disable XML-RPC will handle the issue in a click.
Once you click on Disable XML-RPC, you’ll see that it’s in the Resolved area.
As you can see, it’s now resolved.
And just like that, you’ve upped the protection on your site against hackers trying to access your site by way of XML-RPC.
Enable Defender’s Firewall
Defender’s powerful Firewall protects against brute force and DDoS attacks as well. It’s all set up and ready to go right out of the box.
We’ll cover several things that Defender’s firewall can do to ensure your site stays protected.
IP Banning
With Defender, you can permanently ban persistent users trying to cause a DDoS attack by blocking their IP addresses. Once doing so, the IP address will stay banned until you manually decide to remove them from the banned list.
From the Firewall area in Defender’s dashboard, you’ll open up IP Banning. Here, you can enter any suspicious IPs that you want to block in the Blocklist. Likewise, any IPs you wish to be exempted from all ban rules can be added to the Allowlist.
Add as many IP addresses as you want to both the Block and Allow lists.
You’re able to view active lockouts, customize the message for the user that gets locked out, import & export blocklists, and ban countries trying to cause a DDoS attack on your site.
404 Detection
Activate 404 Detection in the firewall so that IP addresses that repeatedly request pages on your website that doesn’t exist will get blocked.
With it, you can specify how many 404 errors within a specific period will trigger a lockout, how long you’d like to ban the locked out user for, and customize the message for the locked-out user.
Customize the 404 lockouts to your specifications.
You can also add Files & Folders to ban users and bots from accessing or allowing access automatically. Simply add them to the blocklist. Also, you can add them to an allowlist.
Likewise, you can choose what File types & Extensions you want to auto-ban or allow with a blocklist and allowlist.
There’s more to Defender’s firewall, such as customized email notifications about lockouts, storage settings, IP lockout logs, and more. Be sure to check out all about firewall protection in this article.
Disabling Trackbacks and Pingbacks
Pingbacks notify a site when it’s been mentioned by another website. That being said, these notifications can be delivered to any site willing to receive them, which opens you up to DDoS attacks.
That can take your WordPress site down, and you can end up with a massive amount of spam comments.
Taking care of this is simple. Just like disabling XML-RPC, this is a Security Tweak you can make in Defender in one-click by clicking Disable Pingbacks.
As you can see, it takes no time at all to disable.
Disabling the trackbacks and pingbacks is a great preventative measure against minor DDoS attacks and a simple fix.
Disabling Rest API with a Plugin
Disabling REST API can help with Application Layer DDoS attacks. Application layer attacks are a type of malicious behavior designed to target the “top” layer in the OSI model. It’s where common internet requests (e.g. HTTP GET) occurs.
REST is an acronym for Representational State Transfer. It uses HTTP requests to access and use data. That data can get used to GET, PUT, DELETE, AND POST data types, which refers to the updating, reading, creating, and deleting of operations concerning resources.
API, in regards to a website, is code that allows two software programs to communicate with each other. The API lays out the correct way for a developer to write a program requesting services from an application or operating system.
So, REST tech is generally preferred over similar technologies. This is due to REST using less bandwidth, which in return makes it more suitable for efficient internet usage.
By disabling REST API temporarily until the DDoS attack ends, it can help stop it.
REST API can be used by some active plugins. Even if there are no plugins, it can be disabled completely, or temporarily.
It will disable the use of the REST API on your WordPress site to unauthenticated users. Once you activate it, REST API will be inaccessible to your site visitors.
Like with the suggested precautions without Defender plugin, keep in mind that disabling REST API provides only limited protection against DDoS attacks. Your WordPress site is still open to regular HTTP requests.
Also, disabling REST API (and XML-RPC) helps prevent an incoming DDoS attack and helps prevent your site from being compromised and used as a botnet itself to instigate a DDoS attack against other servers.
Just be aware that there can be some risks when it comes to disabling REST API, such as disturbing API services.
How to Activate WAF in The Hub
The Web Application Firewall (WAF) is the first layer of protection to stop hacker and bot DDoS attacks before they get to your WordPress site.
It works by filtering requests against an optimized managed rulest covering common attacks and performs virtual patching of WordPress core, plugin, and theme vulnerabilities.
WAF is a feature that is entirely free for WPMU DEV members who host their sites with us. If you don’t host with us, WAF should be featured in your current hosting provider.
With that being said, I’ll show you where to access our WAF.
All the WAF features are managed in The Hub. The Hub is where you can manage all of your site’s security and easily access Defender’s dashboard.
In the Security dashboard, you can see what type of WAF you currently have.
In this example, it’s Hosted WAF.
We automatically have our WAF enabled. However, if you need to activate it, it can be done in one-click.
One-click is all it takes.
Once activated, you have the options of:
Entering IPs in the Allowlist and Blocklist
Enter User Agent in an Allowlist and Blocklist
Adding URLs to an Allowlist
Disabling Rule IDs
Here, you have more options you can customize.
WAF is like your own personal security guard for your WordPress site. It can help protect and mitigate you from DDoS attacks — and much more.
For detailed information about WAF, check out our article on what WAF is. Also, get a detailed look at what’s included in our WAF that comes with WPMU DEV hosting.
DoS vs DDoS
It’s important to mention DoS attacks because DDoS attacks evolved from them.
A DoS attack is a type of cyber attack where a hacker will try to render a computer or other device unavailable to its users by disrupting the device’s normal functioning. Its purpose is to let the attacked host and server to deny normal user access and interfere with the normal operation of the system.
Unlike DDoS that uses multiple machines, these attacks are between a single machine and a single machine.
Plugins like Defender can help prevent DoS attacks completely, and, as I talked about, help with DDoS attacks.
That being said, for relatively larger sites, such as anything commercial, search engines, or government agencies, it’s recommended to use a good CDN to help prevent DDoS attacks.
Why You Should Use a Good CDN
A CDN (Content Delivery Network) is a network of servers distributed around the world. The servers store cached copies of your images and other files, which shortens the distance your content has to travel to your visitors.
If your WordPress site gets targeted for a DDoS attack, a CDN can help ensure it doesn’t get to the origin server and make your site unavailable. It does this by sending traffic to other servers if one server is hit with more traffic than it can contend with.
Because of this, your traffic and you won’t notice a thing.
A CDN helps ensure your WordPress site is up-and-running and prevents any downtime — which can negatively affect your site. It also not only boosts page speed but improves security against threats like DDoS attacks.
We have our own CDN here for WPMU DEV members via Smush for images and Hummingbird for theme resources. It leverages the StackPath network complete with 65Tbps total capacity, which is 50x bigger than the largest DDoS attack publicly reported to date. Enabling our CDN provides built-in, always-on Layer 3-4 protection on files the CDN serves, in every edge location.
With the 10s of thousands of websites we host, larger DDoS attacks that would require a CDN or Proxy service is rare. But when it happens, to mitigate in the middle of an attack is significantly harder than being fully prepared.
For this reason, high traffic and eCommerce sites will need increased levels of protection than small business sites or blogs.
Like anything, you have to judge the actual risk with the costs.
So, for medium to high DDoS prevention, a paid service like Cloudflare can work by acting as a proxy.
Cloudflare can be the right solution for a CDN.
When it identifies a DDoS attack, it reroutes the normal traffic to your server and prevents the DDoS connections from ever reaching it. They have an unmetered 51 Tbps capacity to overwhelm from a DDoS attack.
Cloudflare has the most number of ‘High’ ratings compared to the other six DDoS vendors across 23 assessment criteria in the 2020 Gartner’s ‘Solution Comparison for DDoS Cloud Scrubbing Centers’ report, so it’s rated up there in our book as a good solution.
Don’t Lack Protecting Your WordPress Site From a DDoS Attack
As you can see, DDoS attacks can be less of a threat with the right precautions in place. Simple measures can help prevent them, such as a security plugin like Defender, hosting, and a CDN like Cloudflare.
With all of these tools, you won’t lack protection from any DDoS attack that a hacker tries to attempt on your WordPress site.
And with this being #SecurityMonth you can currently get 35% off your first year of our Security & Backups Pack featuring Defender Pro, Snapshot Pro, Shipper Pro, and Automate. Click on the coupon below to unlock the exclusive deal.
The pressure has never been greater on developers: to move from legacy to modern infrastructure, to reduce inefficiencies, and create products that build customer satisfaction and increase revenue. Many enterprises are moving forward with a DevOps mindset, but in all their progress forward, they may be forgetting one thing, technical debt. Indeed, devs may be moving fast and breaking things, but never actually fixing them. In response, technical debt builds up, resulting in a downturn in engineering productivity and significant costs to an organization.
Earlier this year, Umser Mansoor did a small survey of developers for Codeahoy on technical debt. Out of 91 respondents, it found that 68% of developers said they work on products with high or very high amounts of tech debt. Technical debt costs companies $85bn annually, but it also has devastating impacts on engineering teams.
Delivering great software and sustainable systems is a team sport. Without the support of all stakeholders, adoption initiatives often fail. In successful initiatives, SREs are responsible for bringing together all resources and team members to help resolve reliability-related issues.
But getting together these resources takes much more effort than people think. SREs engage in lots of glue work to ensure these collaborative efforts happen. Glue work refers to tasks that are essential to a project’s success, even if they don't contribute to the codebase.
With the mad rush for digital transformation and the need to keep customers content with very easy to use, responsive, and effective applications, it should come as no surprise that the world we live in has made us all dependent on the applications we use to conduct our daily lives, from banking to grocery shopping to how we keep in contact with our loved ones. However, this need for applications and digital services to continually keep pace with evolving user demands is coupled with the challenge of mitigating an unprecedented rise in malicious security threats.
The risk of security threats and cyber incidents are on the rise, with the 2020 State of SecOps and Automation Report finding that the majority of organizations report that increasing alert volumes are creating problems for IT security teams, and 93 percent are unable to address all alerts the same day.
Everyone seems to be strapped for time these days and desperate to get more done in less time. I'm in the same boat.
Enter "life hacks": simple tricks to make your life easier. Or, questionable bits of productivity advice from strangers on the internet with hit-or-miss results.
Every day, the ProgrammableWeb team is busy, updating its three primary directories for APIs, clients (language-specific libraries or SDKs for consuming or providing APIs), and source code samples.
Back when we released the v17 design (we’re on v18 now) of this site. I added html { scroll-behavior: smooth; } to the CSS. Right away, I got comments like this (just one example):
… when you control+f or command+f and search on CSS-Tricks, it’ll scroll very slowly instead of snapping to the result, which makes finding information and keywords on CSS-Tricks much slower. As someone who uses this shortcut frequently, this is a usability issue for me.
Not terribly long after, I just removed it. I didn’t feel that strongly about it, and the fact that you have almost zero control over it, made me just can the idea.
I see it come up as a “CSS tip” a lot, so I chimed in with my experience:
Anecdotal thing: when I had this on @CSS, I had SO MANY reports of people annoyed that when they did "find on page" and ⬆️⬇️ through the results, the smooth scrolling was slow and annoying. Unfortunately, you can't control the speed or when it happens. https://t.co/HAio46bYQt
Smooth scrolling is consequently applied to everything. Always. Even when cycling through the browser’s page search results. At least that’s the case for Chromium. So for the page search it would be desirable for the browser to make an exception to that rule and to deactivate smooth scrolling. Until the Chromium team fixes it, here is a trick how to solve the problem on your own with a little bit of extra CSS and HTML.
I’m not sure if Chrome (or any other browser) would consider that a bug or not. I doubt it’s specced since find-on-page isn’t really a web technology feature. But anyway, I much prefer find-on-page without it.
html:focus-within {
scroll-behavior: smooth;
}
It mostly works. The bummer part about it is situations like this…
That will jump the page down. With scroll-behavior: smooth; in place, that’s kinda nice. But <h2> is typically not a “focusable” element. So, with the trick above, there is now no focus within <html> anymore, and the smooth scrolling is lost. If you want to preserve that, you’d have to do:
There are different options to terminate a process in Unix/Linux flavor of operating systems. This article intends to list and provide examples of each option.
kill
You can use the kill command to terminate a process by passing the process id. PID is the process ID of the process that you want to terminate.
Back in February, when we could all gather safely still, Grakn Cosmos, Grakn Labs' first global user conference, hit London; and Paul Agapow, Health Informatics Director at AstraZeneca, spoke about his team's work in building a social graph to reduce time and financial resources when recruiting for clinical trials.
…this is a first step in it, for us to develop expertise to explore, to see where we can go - we are people with problems to solve.
In the past few years, developers have used RESTful web services over HTTP(s) to expose business functions using an API. The REST API uses server-driven fixed data responses, which means a developer (client) can't determine the result of the response. Instead, the server sends all the data back to the client, which is called over-fetching. The developer (client) needs to invoke multiple REST APIs after the first call until the client gets the required data, which results in under-fetching.
To create new microservices, developers using these REST APIs have been looking for ways to minimize over-fetching and under-fetching when retrieving data along with business logic.
I would like to ask, what is the best way to learn to create WordPress themes from scratch? I would like to learn, but there seems to be no comprehensive resource for this.
Thanks for any help.
Mark
I have been around the WordPress community long enough to remember the days when there were sparse resources available. Those who were just starting out with theme development 15 or more years ago usually resorted to hacking away at an existing WordPress theme. Budding theme authors were building upon the shoulders of those few giants who had already taken the first steps. It was the magic of open-source at work — development learned through the act of forking.
Maybe it is the way I learned. Perhaps it is part nostalgia for those early days of going down an unknown path and arriving at the other side with a creation of all my own. But, I still believe the best way to learn any type of development cannot be found in documentation or books (says the co-author of a development book).
It is learned through trial and error.
It is learned through hours of mangling a project and not stopping until you fix it.
It is learned through sheer force of will, fueled by some innate passion within you that wants to see a project through. It is frustrating, but you keep going because you are having fun.
The best developers I have had the privilege to work with were not always the most knowledgeable. They were seemingly natural problem solvers. However, they did not awake one day with this ability. They earned it through years of tackling real problems.
First and foremost, the best resource for learning to build themes is an existing WordPress theme. Any of the default Twenty* themes are great starting points. Choose one, start making changes via your code editor, refresh your browser, and see what happens. Read the code. Look for patterns across various files.
You will not learn theme development overnight. It will probably take a few months before you are building basic themes from scratch. It will probably be a year before you are actually good at it. However, everyone is different. The amount of time you put into it is a factor. Your preexisting development knowledge and skills can change that. Sometimes, your innate gifts and ability to learn play into it. But, you will get there with a bit of effort.
I will be honest. The old-timers here in the community, those of us who started out early in WordPress’s history, had some help. Tung Do, known as Small Potato at the time, wrote one of the most comprehensive tutorial series on theme development the community has ever had on his now-defunct web design blog. It was an invaluable resource for several years. It was the answer to the missing documentation that everyone was asking for.
Theme development was also far simpler during that time. With a handful of files and templates, you could build something special.
Today, the landscape is much different. If you want to be competitive as a theme shop owner or build custom solutions for clients, you need a broader skillset. Even as a hobbyist, you need to pick up a few more things than you would have a decade and a half ago.
There is good news: the community is teeming with useful resources.
Traditional vs. Block-Based Themes
The theme development market is nearing an inflection point. WordPress will be introducing more and more tools for Full Site Editing in 2021, and this trend will continue in the years beyond. Traditional theme development will be around for a while — likely a few more years. However, block-based themes are the long-term bet. While there is some crossover between the two, they are entirely different systems.
Realistically, you will need to learn both methods, especially if you have financial motives for going down this journey.
However, you should learn traditional theme development first. This will make it easier to transition down the road. There are far more resources available too.
Another issue with learning block-based theme development as a starting point is that you may not know whether you are at fault if something is broken. The features that make up Full Site Editing are in a rough beta stage. The experience is still a partially broken one. Beginner theme authors should not pile onto what can sometimes be a frustrating experience.
It is time to start reading about Full Site Editing and testing block-based themes like Q and Block-Based Bosco. Then, wait for others as they become available in the theme directory.
Resources to Begin Theme Development
Many people will point you to starter themes, command-line scripts, and other automated tools for kick-starting your theme development journey. However, there is no substitute for building a solid foundation.
I will assume you have some basic or intermediate HTML and CSS knowledge under your belt. If not, you should learn to build simple web pages first. Again, there is no substitute for building that foundation. It will carry you through as you get into more advanced topics. Knowing some basic PHP helps too. However, you can hack your way through your first WordPress theme with just WordPress “template tags,” which are technically PHP functions that sound less scary.
The breadth of knowledge available there was unavailable for those starting in the early days. You can build a WordPress theme from scratch by simply following along each page in the handbook.
While it was written in 2012, ThemeShaper has a 17-part tutorial series on developing themes from start to finish. With a few exceptions, most of the information in the tutorials is accurate. The underpinning of traditional theme development has not changed much over the years. This includes basic concepts like templates, The Loop, and similar elements.
ThemeShaper’s Theme Development category is a resource any theme author should be subscribed to. The team continues to post up-to-date tutorials on building themes. Recently, they have focused on block-based theme development. I am sure more tutorials are forthcoming as new features related to Full Site Editing unfold.
Of course, search engines are your friends. Run into a problem? I guarantee you are not the first with that specific problem. The solution is documented somewhere across the web.
If you want to begin block-based theme development, you will need to install the Gutenberg plugin for testing. Your resources will be limited. You will need to be a pioneer, mowing a path for others to follow. It will be a rough trek, but it also offers adventures that others have not taken.
WordPress’s block editor handbook has a guide on creating block-based themes. It makes some assumptions about your knowledge level in terms of theme development. Carolina Nymark, one of the Themes Team representatives, has a site called Full Site Editing. It includes an extensive course that is worth taking. There is also the Theme Experiments repository for testing what some people are currently building.
My strongest recommendation is to learn through trial and error while using documentation as a backup when you get stuck. Start playing around with Twenty Twenty or Twenty Twenty-One, the two most recent default WordPress themes. Make changes. Get yourself in trouble and break things. Learn by getting yourself out of whatever hole you have dug. Every failure is part of your path toward success. Most of all, enjoy it.
Now, I will throw this question out to our readers, many of whom are theme authors themselves. Will you share you tips, tricks, and resources for someone who is just starting to build themes?
