Let it Snow WordPress Plugins

I’ve updated this post in honor of Winter Storm Jonas who will be visiting me in just 12 short hours. Stay safe East Coast!

“Oh the weather outside is frightful” and it will be on your website too, with these Snow WordPress Plugins.

Sometimes you just gotta give in to the good cheer and festiveness of the holiday season. And snow falling is a big part of that imagery. Take it from someone who grew up within the bounds of the Lake Erie snow effect zone: falling snow on your website is waaaaay cooler than falling snow in the roads, in your boots, and especially when it melts during the day and freezes your car door shut at night (can you say keychain lockmelt?)

Now that I live in the warmth of North Carolina winters, I see falling snow in a much kinder light. So I’m happy to recommend the following Snow WordPress plugins that will turn your website into a winter wonderland.

WP Super Snow

Customizable snowflakes! Sweet! You can use the virtual snow blower to change the size and speed of these flakes. And you can even change the flakes to a graphic of your own choosing.

WP Super Snow WordPress Snow Plugin

Tribulant Snow Storm

You’ll be triumphant, tintinnabulous and several other T words with this super easy to use snow storm. There are some options for color, stick and melt. My fave option is that the wind will follow the direction of the cursor and blow the snow around.

Tribulant Snow Storm WordPress Snow Plugin

Snow Flurry

You can pretend to be Elsa by setting the flake size, speed, color, and timing of this snow flurry. And best of all, you can set a timer so it doesn’t become overly annoying to your visitors.

Snow Flurry WordPress Snow Plugin

WP Snow Effect

This plugin has a free option with a ton of settings including type of snowflake, size, fall rate, and color. The snow drifts down in a light shifting wind. This is my new fave of all the snow plugins!


Enjoy the snow and have a wonderful holiday season my friends!

WordPress Security Plugins to Keep Your Site Safe

If your website is on WordPress, you’re on the best CMS website platform out there. Its popularity is growing like crazy and as of 2015 over 25% of the world’s most popular website are on the platform. But that popularity also attracts the bad guys. WordPress developers are constantly hopping to keep in front of the hackers. If you want to keep your website off of the hacker’s hit list, here are three types of WordPress security plugins that you need to have installed in your site.

Security Plugins

I’ve always thought that if the hackers of the world would put their minds to doing good, this world would be a much better place. There are absolute geniuses spending their days trying to break into your website so they can subvert it for their own purposes. While the designers of WordPress do the best to make the platform sound and free from security holes, having an extra layer of security is absolutely essential if you want to keep your site safe. The scary thing is that your site can be hacked and you can’t tell.

I was once hired to redesign a WordPress site that looked completely secure at first look. Once I done into the back end of the site, I noticed some oddly named files in their WordPress directory. They had been hacked months earlier and didn’t have a clue. Had Google picked up on the issue, their site would have been removed form search results, killing their site visitor traffic. That’s not so easy to recover from. Try one of these security plugins to keep your site safer:

*iThemes Security ($)

If you use Jetpack, the multi-faceted WordPress plugin from Automattic, Digital Strategist and Technology Coach Lisa Berger of LisaBerger.com recommends using the Protect module (formally BruteProtect). “It uses data from thousands of WordPress sites to identify the “bots” that are malicious.” Lisa told us. “If it notices a computer trying to guess passwords at multiple sites, it blocks them from guessing on any WordPress site with Protect installed. It’s free, it’s updating in real time, and on many of the sites I manage, it blocks thousands of malicious attempts every single week.”

Comment Spam Plugins

Comment spam is the bane of any website owner’s existence. Where exactly does all of that spam come from? Some come from actual humans who are paid to sit at their computers and submit spam comments all day. And then there are little bot programs running around the web submitting comment after comment to any website they can find. When one attacks your site, you know it to the tune of hundreds of spam comments. Who wants to wake through all of those? And what if a REAL comment gets buried in the mix?

“When we first started our Mom-Owned business directory, the spam was unbelievable.” said Cary Heise of Vend Raleigh. ”The spammers were submitting hundreds of things a day. It took up so much of my time and it was very frustrating.” Cary changed the way submissions were done on her site and used a comment spam plugin to help cut down of the spam.

In WordPress under Settings>Discussion make sure you’ve set your comments to moderation. Then, make sure you have one of these plugins to help weed out the spam.

Akismet ($)
Antispam Bee

Backup Plugins

You’d think that adding some kind of backup utility would be the first thing a web designer does for their clients. And for a web designer who is at the top of their game is it. But if you took advantage of cheap pricing or an inexperienced designer to save a few bucks, you might get left in the lurch when your site goes down.

Your hosting company does take a backup of your site, but it’s not enough. Unless you’ve upgraded your plan or you are on an expensive full-service host like WP Engine, that backup is saved over every time a new backup is taken. That means if you don’t realize your site is hacked within 24 hours, your backup is hacked as well.

Do you really need a backup? Having a good, clean backup can be the difference between having your site restored in 5 minutes and having to pay hundreds or thousands and wait weeks to have your site rebuilt. Just ask Catherine Pooler of Catherinepooler.com. Her site went down in the middle of a huge product launch. “The hosting company said no dice, the website is GONE!” Catherine told me. “But my web designer was on it and restored my site from the backup. We were taking orders again within 15 minutes. Having that backup saved my launch!”

Here are some of the backup plugins we use and recommend:
*Backup Buddy ($)
VaultPress ($)
Updraft Plus

If you haven’t taken any steps to secure your WordPress site, don’t hesitate. These plugins are very easy to install and set up. There is no good reason to put it off.

*An asterisk next to a link denotes a plugin that I endorse as an affiliate. I may receive compensation if you make a purchase after clicking on a link. I review and recommend hundreds of plugins but I only become an affiliate for the ones that I use and depend on for my own sites and client sites. If you see the asterisk, you can take it as my ultimate vote of confidence.

Where did the Yoast Meta Description Field Go?

The Yoast SEO plugin had a major update in November. A lot of things changed and I’m getting tons of emails with the same question, “Where the #$@&%*! did my Yoast Meta Description field go?” I made this short video to give you the answer.




Duplicate Post WordPress Plugin Review

For awhile now I’ve been kind of annoyed that WordPress core doesn’t allow you to duplicate pages. I work so hard to put together attractive, well-converting, solidly designed pages and it makes sense that I’d like to reuse them with different content. Sales pages, webinar pages, special features – all great reasons to reuse a page format.

I’m planning a webinar series for 2016 and to make the process of setting up each webinar a bit easier, I finally took the time to find  a duplicate post WordPress plugin that will solve this problem for me. (Proof that we’ll only act when we’re in enough pain, right?)

Duplicate Posts is a light plugin that does exactly that – allows you to duplicate existing pages and posts. It ads a Clone option in the  Page/Posts list view.


Duplicate Post WordPress Plugin


It also ads the Clone option on the edit page and in the admin bar. As long as you’re logged in, you can even clone the page from the front-end of the site.

One of our astute commenters, Nikki F loves the plugin too, although she did fine one limitation. When cloning events with the All-In-One Calendar plugin, it leaves off some important information like event times and venue. You’ll have to check those details when you clone.

Which leads to my only caution when using this plugin — make sure you go through the new page and change everything. That means your featured image, categories SEO settings etc.

This is a short review because this plugin only does one thing. It just does it really, really well.

How to Check Your PayPal IPN in WordPress

If you use PayPal to process payments with WordPress, you’ve probably received a cryptic and somewhat alarming email about updating your IPN settings. The subject line screams: IMMEDIATE ATTENTION REQUIRED: PayPal service upgrades. While the email does a great job of scaring the crap out of you and making you think your website is going to come crashing down around your ears, it doesn’t do such a great job of telling you exactly how to prevent that from happening.

Luckily, Mike Jolley (lead developer on the famous Woo Commerce plugin) has made this incredibly easy for us. He’s developed a plugin that will tell you if your IPN is going to work when PayPal makes the switch to SHA-156. In case that last sentence sounded like a foreign language, I’ll explain.

Instant Payment Notification (IPN) is a message service that automatically notifies merchants of events related to PayPal transactions. For example, you’re using WooCommerce and a customer is taken to the PayPal website to pay for your product. When the payment is complete, PayPal sends a notification to your website telling WooCommerce to mark the order as paid. This isn’t just a WooCommerce thing, many plugins that integrate with PayPal use IPN.

To check your WordPress website for compatibility with the new IPN, you can upload Mike’s plugin.

  1. Go to https://gist.github.com/mikejolley/0941e0882efcad64ea40 and click Download Zip on the right.
  2. Log into your WordPress website, click Plugins>Add New>Upload Plugin and upload the zip file.
  3. Click the Activate Plugin link.
  4. You should be on the Plugins Page. Find the PayPal Sandbox IPN Tester plugin and click on the link highlighted in yellow below.
    Paypal IPN Tester
  5. If the message you get says Success, you’re good to go. If it doesn’t contact your hosting company to make sure they are on the job and updating your servers soon.
  6. Delete the plugin. You don’t need it anymore and it’s never good to leave unused plugins in your site.

A big thanks to Mike Jolley for developing this plugin and for making sure I had my details correct.


Don’t Update Your WordPress Website

“Don’t update your WordPress site
or all of your customizations will be lost.”

If you ever hear these words from the person who designed your WordPress website, alarms should go off in your head. And I mean big, ”evacuate the area because disaster is coming” alarms.

In the past few weeks, two new clients have come to me because the person who developed their site told the not to apply any updates or their site would be ruined. Both sites were originally built in 2013. Less than two years later, one was broken due to a plugin conflict with WordPress, and the other had been hacked.


What’s the big deal about updating WordPress?

Updates happen for a variety of reasons. Sometimes you get better functionality. Sometimes it’s a bug fix. But more often than not, some hacker found a way to break in to your site and the update is a security release that plugs the hole.

Do you really want to leave your site open to attack? I didn’t think so.

That’s why you need to apply updates.

Because while WordPress does push out and apply mandatory security updates to the core WordPress files, that doesn’t happen for themes or plugins. So you have two risks – unsecured themes and plugins, and themes and plugins that might break when the WordPress core mandatory security update is applied.


Why would a designer build a site that can’t be updated?

That’s a great question! If a designer builds your site without having to make modifications to the theme code, then updating should be no problem. The problem happens when your theme code or CSS gets customized. The theme files get replaced with a new version during an updates. And those customizations get wiped out.

There is a solution. WordPress offers an easy way to protect site customizations from being lost when updates happen. It’s called a Child Theme. The developer makes a copy of any files they modify and puts them in a special folder. That’s pretty much it.

I can only guess at why someone who is taking your money to build you a customized website wouldn’t make a child theme to ensure that your site is as protected as it can be. Maybe they’re not very skilled at WordPress and don’t know how to make a child theme (it’s super easy). Maybe they’re lazy and don’t want to take the time. Or maybe they just don’t care about what happens to your site once they’re done with it. There really is no “good” reason. Just bad excuses.


When don’t you need a child theme?

If you’ve looked at Appearance>Themes and you don’t see a child theme there, you don’t necessarily need to panic. If your theme doesn’t have code customizations, you don’t need a child theme. If your theme includes a special area for CSS code, then you don’t need a child theme. And, many developers don’t actually label their child themes with the word “child”. So you might have one and not even know it. If you’ve updated your website in the past without any issues then you are probably fine.


What to do if you’ve been told not to update.

You’ve been told not to update your site. What do you do now? If you have a good relationship with the person who built your website, talk to them. Ask them if it’s possible to build a child theme to protect the customizations. If they don’t know what you’re talking about or are unwilling to do it, then it’s time to find a new website designer who can add a child theme for you. If you wait until your site breaks to address this issue, you’ll be scrambling to find someone who can fix it. Start now and take the time to interview web designers. Choose someone who has your best interests at heart and is a good fit for the way you like to do business.

One last thing, and I don’t mean to get preachy… no, that’s a lie. I do mean to get preachy.

There are a lot of crappy, unethical web designers out there. I like to think that most of them don’t purposefully build poorly constructed websites or run off with people’s money.

I think a lot of people build a site or two and then decide to call themselves a web designer. They quickly get in over their head and instead of admitting the issue and refunding the money, they walk away and hide.

Designing beautiful, secure and lasting sites with WordPress takes a LOT of knowledge and a lot of willingness to troubleshoot and problem solve. Do your research before hiring any web designer. Talk to former clients, look through their portfolio and make sure that most of the sites are still standing. Get a contract and read it carefully before signing it. Do your homework and protect you’re the very important business asset that is your website.

1 2 3 4 5 8