Just today WordFence notified me that the Feedburner WordPress plugin had been removed from WordPress.org. What does that exactly mean for you?
When a plugin is removed from WordPress.org it means either the plugin has been compromised, it does not work with current WordPress versions, or that it has been abandoned. Plugins cannot work with current versions of WordPress if the plugin author is not doing regular updates.
WordPress.org polices their plugin archive and if a plugin may cause problems with new versions of WordPress they tag it. WordFence, which we use for security management of WordPress applications, scans the WordPress.org archive and advises us if plugins in use in a client WordPress installation are up to date.
There have been several instances lately where plugins dropped from WordPress.org had been used by bad actors on the web to send out malware and to spamvertise a website.
Site reputation – that’s what hackers want to steal from you for their own personal gain. Don’t think that you need to just be using WordPress to become a victim. I’ve seen regular HTML website fall prey to hack attacks too.
It typically all starts with your user name and password being stolen. Hackers create a phishing page that looks legit that they hope you will click and then enter in your user name and password into. The best defense is to never click links in an email and if you do click a link, never share login information no matter how valid a site or form looks.
Instead, go to your login address using your browser and access your account without clicking a link. You will typically find that there is not a problem with your account or access. But the email you had received had some dire notice that you were going to lose access or your account would be closed. Be suspicious of everything.
Troy Hunt has it right in his article on how and why hackers want to get into your site and steal your credentials. His article is worth the read to allow you to make sure to stay safe. You will be amazed at the extent hackers will use, to mask their presence in an effort to steal your credentials and then your website reputation.
Once you use AMP on WordPress, and if you want to use AMP pages on your regular HTML site, you’ll need to do a little research. There are lots of sites and information from Google on how to set up and how to validate your new AMP pages.
This is what I have learned in the process of working on my own website pages.
The original and new AMP page need to be pointed to each other. The AMP page points to the original page using a canonical reference telling Google that the non-AMP page is the original. The non-AMP page then points to the AMP page so that Google can discover it using a special meta tag amp reference.
There are specialized AMP image references and specialized CSS references. Additionally, Google will require that the viewport be set in the page head section to validate the page.
It is not complicated to set up these static AMP pages, but it is complicated to get them to validate. That being said, the future for Google is all about AMP and mobile. With a little effort you can make your blog and website more attractive for Google to index (and cache) in this new “Mobile First” world.
I’ve found that validation of AMP is still quirky and questionable even with these plugins, meaning you will still see errors in the Google Search Console when you implement this, but the technology is getting better over time.
AMP pages will be striped down versions and nearly only text or in some cases, typically when you hard code them, use images that are responsive based on device.
Google is even testing AdWords and AMP as a beta right now and taking names for early implementation.