Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
Just as the title states, do non-web based email clients (e.g. Microsoft Outlook) respect CSP HTTP headers?
Specifically, I want to prevent hotlinking of images hosted on my domain within HTML emails with these HTTP headers:
Cross-Origin-Resource-Policy: same-origin
Vary: OriginSometimes, it is just easier to download an article to read later than to print it out or save the post as a bookmark in the browser.
One easy way to do this is using the Save as PDF option, which appears when you try to print something on your computer or phone.
However, many of your users may not be aware of this option or consider it.
Let’s look at how you can add a PDF download option for your posts in WordPress and encourage users to save your articles to read them later.
PDF allows users to share documents among different devices and operating systems.
It ensures that the contents of the document are printed in the same way on different platforms. This makes PDF files ideal for printing documents.
A PDF download option for your posts allows users to save your content on their computers and print it when they want.
The following are some of the types of content that users may want to save and print:
You can also use the PDF download to create content upgrades for your posts to grow your email list. Additionally, you can even hide the option behind a subscription fee to make money from your website.
Having said that, let’s see how you can add a PDF download for WordPress posts.
The first thing you need to do is install and activate the free PDF & Print by BestWebSoft plugin. For more details, see our step-by-step guide on how to install a WordPress plugin.
Upon activation, you need to visit the PDF & Print » Settings page in WordPress admin to configure the plugin settings.
From here, you can choose the post types where you want to show PDF and Print buttons, along with the position of the buttons.
Below that, you can pick the button icon, title, and which user roles can see the button.
Don’t forget to click on the ‘Save Changes’ button to store your settings.
You can now visit a blog post or page on your WordPress website to see the button in action.
Troubleshooting PDF Download Issue
The plugin relies on a code library to generate PDF files. However, older versions of that library are not compatible with newer versions of PHP.
If your site is using a newer version of PHP, then trying to download the PDF may trigger a critical error.
Luckily, the error does not prevent you from using the WordPress admin area.
In your WordPress admin area, go back to the PDF & Print » Settings page and switch to the ‘Misc’ tab.
Here, click on the ‘Upgrade’ button next to the Upgrade the mPDF library option.
The plugin will download and upgrade the mPDF library that it ships with.
Ensure that everything is working by downloading a few PDFs. Here is how a PDF for a blog post looked on our test site.
Bonus Tip 💡: Don’t forget to set up file download tracking in WordPress to see which posts are downloaded more frequently by your users.
Do you want to use PDF downloads to grow your email list? PDF downloads make an excellent content upgrade offer.
When we say content upgrade, this is a marketing term that means the extra content perks you can offer your users in return for their email addresses.
This approach works well because the bonus content adds value to the user experience, and you also get leads in return. Think of it as a content bribe.
Instead of giving PDF downloads right away, you can download and upload PDF files to your website.
Next, you will need OptinMonster. It is the best conversion optimization software that helps you create beautiful marketing campaigns that convert visitors into customers and subscribers.
After signing up with OptinMonster, you will reach your account dashboard.
From here, you need to create a new campaign.
It comes with several campaign types, but for the sake of this tutorial, you need to select an inline campaign.
Choose a template. There are dozens of them. Don’t worry, you can customize them later.
After that, use the campaign builder to design your campaign.
It is an intuitive design tool where you can simply point and click to edit an item or drag and drop blocks from the left column.
You can add a default view, a yes/no view, a signup form or optin view, and a Success view to your campaign using the options at the bottom of the campaign builder.
In the Success view, click on the button within the campaign and then make sure to add the PDF download link in the ‘New Window URL’ field.
Make sure that you have published your campaign.
Next, switch to your WordPress website and install and activate the OptinMonster plugin.
You’ll be asked to connect your WordPress site to OptinMonster.
After that, go to the OptinMonster » Campaigns page and publish the inline campaign you created earlier.
This makes the campaign available on your website.
Next, edit the post or page where you want to add the content upgrade offer.
You need to add the OptinMonster block where you want to display the offer and choose your campaign from the dropdown menu.
Finally, you can now visit your post and page to see the campaign in action.
Don’t forget to fill in the email form and test the download link.
OptinMonster works with all popular email marketing services. It also comes with power display rules that allow you to show personalized messages to users.
For more details, you can see our guide on how to show personalized content to different users in WordPress.
There are many ways to monetize PDF content in WordPress. Depending on your business, you can choose one that fits your goals.
1. Create a Subscription Platform
A subscription platform allows you to sell membership plans on your website. Users on a subscription platform can get access to pay-per-view content, bonus downloads, and PDF files.
The easiest way to create a subscription-based community is by using MemberPress. It is the best membership plugin for WordPress that allows you to easily restrict content to paid members.
MemberPress lets you create multiple subscription levels and then restrict access to file downloads and other content based on a user’s subscription plan.
You can accept payments online using Stripe or PayPal. More importantly, you can set up recurring payments to automatically charge users for their subscriptions.
For details, see our guide on how to add content locking in WordPress.
2. Sell PDF Downloads in WordPress
The most direct way to monetize PDF content is by selling it as a digital download.
Easy Digital Downloads is the most straightforward way to sell digital downloads. It is a WordPress eCommerce plugin for selling digital goods like file downloads, eBooks, software, music, and more.
Easy Digital Downloads allows you to add your PDF files as products, which you can then add to your posts or pages.
Plus, each of your digital downloads can have its own product page. Then, users can easily add the downloads to their carts and check out.
Easy Digital Downloads allows you to accept payments using Stripe, PayPal, Authorize.net, and more. For details, see our article on selling digital downloads in WordPress.
We hope this article helped you learn how to add a PDF download for posts in WordPress. You may also want to see our pick of the best PDF plugins for WordPress or learn how to grow your business online without spending a fortune.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
The post How to Add a PDF Download for Posts in WordPress (Easy Method) first appeared on WPBeginner.
UX research without users isn’t research. We can shape design ideas with bias, assumptions, guesstimates, and even synthetic users, but it’s anything but UX research. Yet some of us might find ourselves in situations where we literally don’t have access to users — because of legal constraints, high costs, or perhaps users just don’t exist yet. What do we do then?
Luckily, there are some workarounds that help us better understand pain points and issues that users might have when using our products. This holds true even when stakeholders can’t give us time or resources to run actual research, or strict NDAs or privacy regulations prevent us from speaking to users.
Let’s explore how we can make UX research work when there is no or only limited access to users — and what we can do to make a strong case for UX research.
This article is part of our ongoing series on design patterns. It’s also an upcoming part of the 10h-video library on Smart Interface Design Patterns 🍣 and the upcoming live UX training as well. Use code BIRDIE to save 15% off.
Find Colleagues Who Are The Closest To Your CustomersWhen you don’t have access to users, I always try to establish a connection with colleagues who are the closest to our customers. Connect with people in the organization who speak with customers regularly, especially people in sales, customer success, support, and QA. Ultimately, you could convey your questions indirectly via them.
As Paul Adams noted, there has never been more overlap between designers and salespeople than today. Since many products are subscription-based, sales teams need to maintain relationships with customers over time. This requires a profound understanding of user needs — and meeting these needs well over time to keep retention and increase loyalty.
That’s where research comes in — and that’s exactly where the overlap between UX and sales comes in. In fact, it’s not surprising to find UX researchers sitting within marketing teams under the disguise of Customer Success teams, so whenever you can befriend colleagues from sales and Customer Success teams.
Gaining Insights Without Direct Access To UsersIf you can’t get users to come to you, perhaps you could go where they are. You could ask to silently observe and shadow them at their workplace. You could listen in to customer calls and interview call center staff to uncover pain points that users have when interacting with your product. Analytics, CRM reports, and call center logs are also a great opportunity to gain valuable insights, and Google Trends can help you find product-related search queries.
To learn more about potential issues and user frustrations, also turn to search logs, Jira backlogs, and support tickets. Study reviews, discussions, and comments for your or your competitor’s product, and take a look at TrustPilot and app stores to map key themes and user sentiment. Or get active yourself and recruit users via tools like UserTesting, Maze, or UserInterviews.
These techniques won’t always work, but they can help you get off the ground. Beware of drawing big conclusions from very little research, though. You need multiple sources to reduce the impact of assumptions and biases — at a very minimum, you need five users to discover patterns.
Ironically, as H Locke noted, the stakeholders who can’t give you time or resources to talk to users often are the first to demand evidence to support your design work. Tap into it and explain what you need. Research doesn’t have to be time-consuming or expensive; ask for a small but steady commitment to gather evidence. Explain that you don’t need much to get started: 5 users × 30 minutes once a month might already be enough to make a positive change.
Sometimes, the reason why companies are reluctant to grant access to users is simply the lack of trust. They don’t want to disturb relationships with big clients, which are carefully maintained by the customer success team. They might feel that research is merely a technical detail that clients shouldn’t be bothered with.
Typically, if you work in B2B or enterprise, you won’t have direct access to users. This might be due to strict NDAs or privacy regulations, or perhaps the user group is very difficult to recruit (e.g., lawyers or doctors).
Show that you care about that relationship. Show the value that your work brings. Explain that design without research is merely guesswork and that designing without enough research is inherently flawed.
Once your impact becomes visible, it will be so much easier to gain access to users that seemed almost impossible initially.
Key TakeawaysIf you are interested in similar insights around UX, take a look at Smart Interface Design Patterns, our 10h-video course with 100s of practical examples from real-life projects — with a live UX training later this year. Everything from mega-dropdowns to complex enterprise tables — with 5 new segments added every year. Jump to a free preview.
Meet Smart Interface Design Patterns, our video course on interface design & UX.
100 design patterns & real-life
examples.
10h-video course + live UX training. Free preview.
Do you want to prevent WordPress SQL injection attacks?
SQL injection is a security vulnerability that hackers can use to attack your website database. Once they do that, an attacker can read your sensitive data, modify it, and take control of your entire database.
In this article, we will share some actionable tips to prevent SQL injection attacks in WordPress, step by step.
SQL stands for Structured Query Language, which is a programming language that communicates with your WordPress site’s database. Without this feature, your site cannot generate any dynamic content.
However, unauthorized user input, outdated software, or revealing sensitive information can cause security vulnerability and make it easy for hackers to perform SQL injection attacks.
This attack targets your database server and adds malicious code or statements to your SQL. Upon doing that, hackers can use sensitive information stored in your database like user data for identity theft, account takeover, financial fraud, and more.
They can also change database entries or account permission and perform DDOS attacks, making it difficult for actual users to visit your website.
This can damage customer trust, impact user experience negatively, and decrease your website traffic which will be bad for your small business growth.
Having said that, let’s take a look at some actionable tips that can prevent SQL injection attacks in WordPress.
Note: Before you make any changes to your database for preventive measures, we recommend creating a backup for it. This way, if anything goes wrong, you can use the backup to fix it. For details, see our tutorial on how to make a WordPress database backup manually.
An effective way to prevent SQL injection attacks is to regularly update your WordPress site to the latest version. These updates often patch up security vulnerabilities, including database software issues, making it difficult for hackers to attack your site.
If you are using an outdated version of WordPress, then we recommend enabling automatic updates for the latest version by visiting the Dashboard » Updates page.
Here, simply click the ‘Enable automatic updates for all new versions of WordPress’ link. Now all the major updates will be installed on your site upon release.
For more information, you may like to see our beginner’s guide on how to safely update WordPress.
Once you have done that, you can also add a firewall for additional security. This feature acts as a shield between your site and incoming traffic and blocks common security threats, including SQL attacks, before they reach your website.
For this function, we recommend Sucuri, which is the best WordPress firewall software on the market. It offers an application level firewall, brute force prevention, as well as malware and blacklist removal services, making it a great choice.
Plus, the tool helped us block about 450,000 WordPress attacks on our website in the past.
For more details, see our complete WordPress security guide.
By default, WordPress displays the current version number of the software you use on your website. For instance, if you are using WordPress 6.4, then this version will be displayed on your site for tracking.
However, the public visibility of your version number can cause security threats and make it easier for hackers to perform WordPress SQL injection attacks.
This is because each version of WordPress has its own unique vulnerabilities that attackers can exploit after discovering your version. This will allow them to add malicious code snippets to your site through vulnerable input fields.
You can easily remove the version number from your site by adding the following code snippet to your functions.php file.
add_filter('the_generator', '__return_empty_string');
Once you do that, hackers won’t be able to find your WordPress version number through automatic scanners or any other way.
Note: Keep in mind that a minor error while adding code can make your website inaccessible. That is why we recommend WPCode. It is the best code snippets plugin that makes adding custom code to your site super safe and easy.
For more details, see our tutorial on the right way to remove the WordPress version number.
By default, WordPress adds the prefix wp_ to all your database files which makes it easy for hackers to plan an attack by targeting the prefix.
The easiest way to prevent SQL injection attacks is to change the default database prefix with something unique that hackers won’t be able to guess.
You can easily do this by connecting your website using FTP. After that, open the wp-config.php file and find the change the $table_prefix line. Then, you can change it from simply the default wp_ to something else like this: wp_a123456_.
$table_prefix = 'wp_a123456_';
Next, you must visit the cPanel of your web hosting account. For this tutorial, we will be using Bluehost, however, your cPanel may look a bit different depending on your web hosting company.
Here, switch to the ‘Advanced’ tab and click the ‘Manage’ button next to the ‘PHPMyAdmin’ section.
This will open a new page where you must select your database name from the left column and switch to the ‘SQL’ tab from the top.
After that, you can add the following SQL query into the text box.
Just keep in mind to change the database prefix to the one that you picked when editing the wp-config.php file.
RENAME table `wp_comments` TO `wp_a123456_comments`;
RENAME table `wp_links` TO `wp_a123456_links`;
RENAME table `wp_options` TO `wp_a123456_options`;
RENAME table `wp_postmeta` TO `wp_a123456_postmeta`;
RENAME table `wp_RENAME table `wp_commentmeta` TO `wp_a123456_commentmeta`;
posts` TO `wp_a123456_posts`;
RENAME table `wp_terms` TO `wp_a123456_terms`;
RENAME table `wp_termmeta` TO `wp_a123456_termmeta`;
RENAME table `wp_term_relationships` TO `wp_a123456_term_relationships`;
RENAME table `wp_term_taxonomy` TO `wp_a123456_term_taxonomy`;
RENAME table `wp_usermeta` TO `wp_a123456_usermeta`;
RENAME table `wp_users` TO `wp_a123456_users`;
For more instructions, you can see our tutorial on how to change the WordPress database prefix to improve security.
Hackers usually inject SQL attacks on your website using fields that are used for entering user data like comment sections or form fields in contact forms.
That is why it is important to validate all the data that is being submitted on your WordPress blog. This means that user data won’t be submitted on your site if it does not follow a specific format.
For instance, a user won’t be able to submit their form if the email address field does not have the ‘@’ symbol. By adding this validation to most of your form fields, you can prevent SQL injection attacks.
To do this, you will need Formidable Forms, which is an advanced form builder plugin. It comes with an ‘Input Mask Format’ option where you can add the format that users must follow to submit the form field data.
You can add a specific format for phone numbers or single text fields.
If you do not want to validate your form fields, then we recommend WPForms because it is the best contact form plugin that comes with complete spam protection and Google reCAPTCHA support.
You can also add dropdown menus and checkboxes in your forms with it. This will make it difficult for hackers to add malicious data.
For more details, see our tutorial on how to create a secure contact form in WordPress.
Another tip to prevent WordPress SQL injection attacks is to limit user access to your website.
For instance, if you have a multi-author blog, then you will have various authors along with subscribers and administrators. In that case, you can improve site security by limiting the full admin access to the administrator only.
You can restrict all the other user roles to specific functions that they will require to perform their job. This will reduce user access to your database and prevent SQL injection attacks.
You can do this with the free Remove Dashboard Access plugin. Upon activation, simply visit the Settings » Dashboard Access page where you can decide which user roles get access to the dashboard.
If you want to limit users depending on their capability, then you can see our tutorial on how to add or remove capabilities from user roles in WordPress.
Similarly, you can also limit the authors to their own posts in your admin area for more security.
Sometimes your users may come across a database error on your website, which can display important information about your database, making it vulnerable to SQL injection attacks.
In that case, we recommend creating a custom database error message that will be displayed to users when they come across this common error. To do this, you will need to copy and paste the following content into a notepad app and save the file as ‘db-error.php’.
<?php // custom WordPress database error page
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
header('Retry-After: 600'); // 1 hour = 3600 seconds
// If you wish to email yourself upon an error
// mail("your@email.com", "Database Error", "There is a problem with the database!", "From: Db Error Watching");
?>
<!DOCTYPE HTML>
<html>
<head>
<title>Database Error</title>
<style>
body { padding: 20px; background: red; color: white; font-size: 60px; }
</style>
</head>
<body>
You got problems.
</body>
After that, connect your site to an FTP program and upload the file you just created to your site’s /wp-content/ directory.
Now when users come across a database error on your website, they will just see an error message informing them about the issue without revealing any sensitive information.
Plus, the “Database Error” title will be displayed in the tab of the web browser.
For more details, see our tutorial on how to add a custom database error page in WordPress.
To prevent SQL injection attacks, you should also try to remove all the database functionality and files that you do not need on your website.
For instance, you can delete unnecessary tables, trash, or unapproved comments that can make your database susceptible to hackers.
To remove unnecessary database functionality, we recommend WP-Optimize. It is an amazing plugin that removes unnecessary tables, post revisions, drafts, trashed comments, deleted posts, pingbacks, post metadata, and so much more.
It removes all the files that you do not need and optimizes your database to become more secure and faster. For details, see our beginner’s guide on how to optimize your WordPress database.
Once you have taken all the preventive measures against SQL injection attacks, you can also opt for WPBeginner Pro Services.
We can help you identify and fix any other security vulnerabilities that you do not know about. Plus, if you have already faced an SQL injection attack, then our experts can help you contain the damage and recover your systems.
You can also hire us to improve your site’s speed optimization, design, SEO, or even completely rebuild your existing WordPress site, whether it’s been hacked or not.
For more information, check out all of our WPBeginner Professional Services.
We hope this article helped you learn how to prevent WordPress SQL injection attacks. You may also like to see our beginners’ guide on WordPress database management and our top picks for the best WordPress database plugins.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
The post How to Prevent WordPress SQL Injection Attacks (7 Tips) first appeared on WPBeginner.
Varnish Cache is a powerful tool used by websites to accelerate content delivery by caching HTTP responses. However, like any software, it’s not immune to errors. One such error that Varnish administrators may encounter is...
The post Troubleshooting Error 54113 on Your Varnish Cache Server: A Quick Fix Guide appeared first on 85ideas.com.
I'm currently working on enhancing the user experience for the <snipped> app, and I've run into a bit of a roadblock. I'm trying to optimize the game lobby to ensure smooth navigation and quick loading times, especially as our user base continues to grow. However, I'm finding that even with various optimizations in place, there's still a noticeable delay when fetching and displaying the available game rooms, particularly during peak usage hours. I've tried implementing caching strategies and minimizing network requests, but the issue persists. Does anyone have suggestions or best practices for optimizing the lobby functionality in real-time multiplayer games like ours, particularly in terms of reducing latency and improving overall performance?