Industry Buzz

5 Ways to Customise Your Business Plan to Reach Consumers Abroad

Pickaweb Blog -

Whether you’re selling office stationery, car accessories, or whatever it might be, it’s a good bet that your primary business concern is attracting customers and selling more goods. The good news is that there is a whole world of potential customers out there – quite literally. You may or may not have thought about going The post 5 Ways to Customise Your Business Plan to Reach Consumers Abroad appeared first on Pickaweb.

People of WordPress: Mary Job

WordPress.org News -

You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories.  How it all began Mary Job at WordCamp Kampala 2020 Mary remembers when cybercafés started trending in Nigeria. She had just finished high school and was awaiting her results for admission to university. She spent all of her time (10 hours a day) and all of her pocket money buying bulk time online at cafes. All the way through university that was true, until in 2008 she graduated with a degree in philosophy and bought her own computer and modem. She started blogging in 2009. Initially, she tried out Blogger, Hubpages, and WordPress—but found WordPress too complicated.  Growing up as a timid but curious cat Mary is one of four kids, and the only girl among her siblings. Throughout her childhood she felt shy, even though others didn’t always see her that way. When she first started her personal blog, it was mostly an opportunity for her to speak her mind where she was comfortable. Blogging gave her a medium to express her thoughts and with every new post she became a better writer. Rediscovering WordPress After completing a postgraduate diploma in mass communication, Mary started a Masters degree in Information Management. This required a three month internship. She decided to volunteer in Ghana in 2015 at the headquarters of the Salesians of Don Bosco in West Africa (SDBAFW) where her uncle was based. While she was there, her uncle asked Mary why she was not blogging on WordPress, which also happened to be the software the organisation used. She explained how difficult and complicated it was so he shared a group of beginner-level tutorial videos with her. After two weeks of watching those videos, she started to realize she could have a full-time career doing this. So she immediately joined a number of online training groups so she could learn everything. I saw a lot of people earning an income from things I knew and did for the fun of it. I found myself asking why I had not turned my passion into a business.Mary Job Not long after that, she was contacted by a website editor who was impressed by her blog. With the information available online for WordPress, she was able to learn everything she needed to improve and redesign a site for what turned into her first client. Mary’s home office in 2016 I visited the WordPress.org showcase and was wowed with all the good things I could do with WordPress.Mary Job In 2016 after a year of deep WordPress learning, she had fallen in love with the CMS and wanted to give back to the WordPress open source project.  She volunteered to help the Community team. And when she moved to Lagos later that year, she discovered there was an active WordPress Meetup community. This started her journey toward becoming a WordPress Meetup Co-organizer and a Global Community Team Deputy. Today the Nigerian WordPress community continues to grow, as has the Lagos WordPress Meetup group. The first Nigerian WordCamp took place in Lagos in 2018 and a 2020 event is being planned. A local WordPress community also developed in Mary’s hometown in Ijebu. I have made great friends and met co-organizers in the community who are dedicated to building and sharing their WordPress knowledge with the community like I am.Mary Job What did Mary gain from using and contributing to WordPress? She overcame her stage fright by getting up in front of an audience at her local Meetup to introduce speakers and to talk about the WordPress community. She attended her first of many African WordCamps in Cape Town, South Africa. Coincidentally this was also her first time outside West Africa. Before that, she had not been in an aircraft for more than one hour.She earned money from WordPress web design projects to sustain her during her learning period. Mary continues to use WordPress in her work and says she is still learning every day!She got to jump off Signal Hill in Cape Town when visiting a WordCamp!  Mary moderating a panel at WordCamp Lagos in 2019 Essentially, the community has taught me to be a better communicator, and a better person. I’ve made friends across the world that have become like a family to me.Mary Job She now runs a village hub in Ijebu,  where she teaches girls digital skills and WordPress as a way of giving back to her town. Since she started on this journey, Mary has gotten a fulltime job supporting a WordPress plugin. She’s also become a Community Team Rep and continues to build and foster communities. Mary’s advice to others Always seek to understand the basics of whatever knowledge you seek. Never jump in too fast, wanting to spiral to the top while ignoring the learning curve. You will likely crash down effortlessly if you do so, and would have learned nothing.Mary Job Contributors Thanks to Alison Rothwell (@wpfiddlybits), Yvette Sonneveld (@yvettesonneveld), Abha Thakor (@webcommsat), Josepha Haden (@chanthaboune), Topher DeRosia (@topher1kenobe). Thank you to Mary Job (@maryojob) for sharing her #ContributorStory. This post is based on an article originally published on HeroPress.com, a community initiative created by Topher DeRosia. HeroPress highlights people in the WordPress community who have overcome barriers and whose stories would otherwise go unheard. Meet more WordPress community members over at HeroPress.com!

How to Design a Logo for Your Website

HostGator Blog -

The post How to Design a Logo for Your Website appeared first on HostGator Blog. No website is complete without a logo. Your logo is the main identifying emblem of your brand. It’s the symbol website visitors see first when they search for your company online. Your logo is what reminds people of what your brand represents.  Here’s an example of how powerful a logo can be in terms of brand awareness and recall. If I mention McDonald’s, Nike, or Starbucks, you immediately conjure up an image of a yellow “M”, the Nike Swoosh, and a green siren. I don’t need to include a picture for your reference. You know what these logos look like. Similarly, you can recognize these companies just by viewing the logo, and no descriptive words are necessary. For example, if you’re visiting Russia, you might not know how to read about a Starbucks on a local map, but you’ll immediately know you’re near a Starbucks when you spot the familiar green siren. A logo is a necessary tool to help you solidify your brand and set yourself apart from your competitors. But, how do you go about designing the right logo for your website?This article will cover everything you need to design the perfect logo for your new website. How to Brainstorm Your Website Brand Logo Whether you design your website logo yourself or hire a graphic designer, you’ll need to dream up some ideas to act as a polestar. Here are some top tips to help you start off on the right foot. 1. Solidify your brand story There are a million different directions you could go when it comes to creating a logo. Not every idea will be equally as effective. The best way to ensure you’re on the right track is to solidify your brand story before you start designing. First, consider what your company’s mission is by asking yourself the following questions: What are my goals?What values do I want to portray?What do I care about in relation to my brand?Who is my audience?What tone do I want to convey? To answer these questions, make a list of words that describe your brand and how you want others to perceive your brand (e.g. trustworthy, fun, reliable, party town, professional, cheeky, etc.). Also, make a list of how you want people to feel when they see your logo. Do you want them to feel peaceful, happy, excited, motivated, comforted, passionate, etc? These lists will help you determine your mission and narrow down your ideas. 2. Brainstorm your logo ideas Brainstorming comes next. Write down every potential color, symbol, shape, word, and adjective that fits in well with your website’s mission statement.  Try your best to get every idea out on paper, even if it sounds like a bad idea. Writing down everything that comes to mind will help spark more creativity and lead you down paths that will speak to you. With brainstorming, two heads are better than one, and three are better than two. Ask other members of your company, or trusted loved ones, to help you with the brainstorming process. Let your ideas simmer for a day or two, come back to the table, and select the idea that resonates best. 3. Create a design board that shows off your main idea A good way to get started with the logo design process is to make an inspiration board. Create a board that includes images, color palettes, visual metaphors, words, pieces of art, textures, patterns, shapes, and letters that match with the main idea you selected after brainstorming.  As with brainstorming, there are no bad ideas. If you’re feeling it, put it on your design inspiration board. Use this design board to guide you through the creative process. It will help you settle on the perfect type of website logo, shape, style, color, typography, patterns, and more. How to Design Your Website Logo: 3 Tools and Resources to Use Once you have a clear brand story, the main idea, and a design inspiration board, you’re ready to start designing your website logo yourself, or to present your ideas to a professional graphic designer. Here are some top options for designing a website logo. 1. Hire a professional graphic designer It’s true. Hiring a professional graphic designer is among the most expensive options for logo design. To get a good designer, it’ll cost you a pretty penny. However, even if you’re on a budget, marketing your brand is not the place where you want to skimp. An unprofessional logo can set you back faster than almost anything else. Again, your logo is the face of your company, the first interaction customers have with your brand, and one way customers will compare you to your competitors. Hiring a professional ensures quality. A professional graphic designer will be able to take your ideas and come up with concepts that will blow you out of the water. They will also pay attention to the small details that make a difference in a good logo and a bad logo. You can find a professional graphic designer by word of mouth, through a freelance content mill (Upwork or Freelancer), or by checking out individual freelancer’s websites. 2. Outsource to a graphic design platform If you don’t have the budget to hire a freelance graphic designer, you still have plenty of excellent options. There are many graphic design hubs where you can crowdsource your design project. 99designs 99designs is a cool platform with a robust pool of creative designers. When you sign up with 99designs, you follow a simple process. First, you pick a package that best describes the services you want. 99designs offers everything from simple logo design to logo design and a full brand identity pack. Once you’ve selected your package, 99designs will prompt you to fill out a series of helpful questions. They will ask you to pick a series of logos that you like, provide information on your brand’s style, explore colors that best suit your needs, select a design package, and start a contest. You will also be prompted to fill out a creative brief with the following information: Email addressLanguageWhat name you want in your logoThe slogan you want in your logoA description of your organization or product does and its target audienceYour industry After you’ve filled out all the necessary information, you can start a contest. When you start a contest, several designers will send multiple ideas for your business logo, and you get to choose your favorite. If you love your logo, 99designs will charge your credit card for the price of the package you selected. If you don’t love any of the designs, no sweat off your back. 99designs provides a 100% money-back guarantee. Pricing for logo design ranges from $299 to $1299. If crowdsourcing isn’t your jam, you also have the option of selecting one 99designs professional to work on your project. While 99designs is one of the most popular crowdsourcing hubs, there are other graphic design resources. You can also check out CrowdSPRING, DesignCrowd, or Logo Arena. 3. Design your logo yourself If you have design skills, then you might want to opt to design your logo yourself. This will save you money and provide you with complete creative control. If you already know how to use top logo design tools like Adobe InDesign, great. If not, keep in mind there is a staunch learning curve with Adobe design products, and you may want to seek out a free logo design option. Arguably the best free graphic design platform on the internet is Canva. Canva is an online tool that makes it easy to design anything, including logos. The platform is intuitive and provides a user-friendly drag and drop tool along with thousands of customizable templates. In fact, Canva currently has over 400 million designs, and that number is always growing. Signing up for Canva is free. You can connect with an email address and a password or via your Facebook account.  Many of the templates are free to use, and you can customize them to your liking. There are also some designs that you can pay for, but the prices are extremely low (usually 0.99 cents for a design, image, or icon). Not only can you design logos on Canva, but you can also design social media covers, presentations, posters, t-shirts, flyers, infographics—anything really. You don’t even need to know the dimensions. All you have to do is type in the type of design you want (e.g. “Facebook cover”) and Canva will flesh out the right dimensions and provide you with a list of customizable templates. Canva is so easy to use, you likely won’t need any additional training like you would with other design programs. Time to Design Your Website Logo Designing a solid logo for your website is an absolute must. It will help you build brand awareness and create an unmatched element of professionalism your website deserves. While your logo design is something to outsource to a professional graphic designer, it’s important to remember you can do all your website design yourself with HostGator. With HostGator’s Website Builder, you can choose from over 200 pre-designed, proven, and customizable templates. You don’t have to know how to code. All you have to do to get your website up and running is pick the template that works best, upload your logo, and use the easy drag and drop website builder.  For more information about how to get your website up and running, visit HostGator today. Find the post on the HostGator Blog

International Women’s Day 2020: Building a Modern Security Team

CloudFlare Blog -

When we started at Cloudflare in the summer of 2018, we joined a small security team intent on helping it grow quickly. Cloudflare was already a successful “unicorn” startup and its profile was changing fast, providing cyber security protection for millions of Internet-facing properties and moving towards becoming a public company. We were excited to help build the team that would ensure the security of Cloudflare’s systems and the sensitive customer data that flows through them.Competing for security talent in the tech industry - where every company is investing heavily on security - isn't easy. But, in 18 months, we have grown our team 400% from under 10 people to almost 50 (and still hiring). We are proud that 40% of our team are women and 25% are from an under-represented minority. We believe from experience, and the research shows, that more diverse teams drive better business results and can be a better place to work. In honor of International Women’s Day this Sunday, we wanted to share some of our lessons learned on how to build a diverse team and inclusive culture on a modern security team.Lessons Learned Building a Diverse TeamOur effort to build a diverse team starts from the moment we draft a job posting. We try to choose language that will resonate with a broad set of candidates, and question proposed “prerequisites” for a role such as college degrees or a minimum or maximum set of experience. For example, we choose language that invites people looking to grow, and avoid militaristic terms often seen in security job descriptions.We are open to considering multiple locations where a role can be based. Cloudflare has 13 offices around the world. We have been flexible in which office our team members can join.We don’t rely on one hiring source. We strive for multiple hiring sources. We appreciate employee referrals and do company-wide presentations frequently to keep our team’s open positions top of mind across our 1200-person company. We love candidates who apply through Cloudflare's online careers site because they read a Cloudflare blog post and find it interesting, or are a happy Cloudflare customer in some way. We help fuel this source of candidates by writing blog posts on a wide range of topics like here and here. We also believe in proactively reaching out to potential candidates (see more in the next point). Having three strong channels in which we are meeting candidates makes hiring a bit easier.Proactively reaching out to passive candidates can be hard for some hiring managers. We work hard to make everyone on our team better at this. We partnered with our recruiting team to train our security team on how to use LinkedIn and Eightfold to find potential people to reach out to, and we encourage our leaders to go to meetups and the networking components of conferences and to ask respected industry peers for referrals. Our hiring managers then reach out directly with a personalized message. Our response rate is over 10% when we take the time to personalize the messaging to fit the particular possible candidate.We think long-term about team-building and know that it might take six months to a year to close promising passive candidates. We build a relationship by sharing updates on the company as well as new problems we are trying to solve, and over time we have seen these candidates come to appreciate the company and work and then join our team.We do proactive engagement at a number of conferences and events such as the Grace Hopper conference, AfroTech, and the International Association of Minority Cybersecurity Professionals events. We also look to build relationships and hire through organizations dedicated to placing minority candidates such as Path Forward.We leverage our internship program to broaden our candidate pool and change perception about viable backgrounds for roles. It is easier to convince people to consider candidates from less “pedigreed” schools or with skills developed outside traditional educational paths through direct exposure to those who’ve taken different routes but share the same passion for security. We’ve found some amazing interns who’ve proven themselves on short intern stints with us, and already progressed into full-time roles.We make sure we put together the right interview panel for the candidate: that means not only evaluating the candidate thoroughly but also giving the candidate the opportunity to look across the table at someone they feel comfortable asking “can someone like us succeed here?” You are not just using the interview process to evaluate the candidate, you are showing the candidate who you are as a team.We hold ourselves accountable by reviewing metrics on hiring and retention. Our company leadership team gathers once a week to review data on how the entire company is doing, including looking at how we are doing at building a diverse workforce and what we can do to improve. And we don’t just look at diversity in general, we look at diversity across management, and for those in management, we also consider things like span of control.We also get great support from our co-founders and other executives directly in our hiring process. They are always willing to spend extra time introducing people to the company, our mission, and our values. One of them will always be the last person to meet the candidate on their final interview. You can’t beat a welcoming message from the top.Lessons Learned Creating an Inclusive CultureThe work doesn’t stop with getting a great set of people with complementary skills to come work at Cloudflare. To us, diversity is a means to the end of developing a highly productive team, not an end in itself. And, it turns out that hiring a diverse team is not a moment to celebrate success, it is a moment where leadership responsibility increases. A diverse team - made up of people from various backgrounds who don’t automatically feel at ease with one another - is not a guarantee of success. To cultivate a truly productive team requires a culture of openness to differences and a willingness for people to share their unique perspectives with people who are different. We obsess over making sure all these great people who decided to join will also decide to stay for the long-term. We identified a number of ways we could build a community that welcomes people from different backgrounds and celebrates open debate. We’ve moved on from the media-favored image of security professionals as “hackers” and instead focus on innovation and empathy as our core values. We believe our role is more akin to a scientist designing a cure for a disease, a teacher helping a student solve a hard problem, or a nurse responding to a person in need of treatment. While we still need the skill to be able to break things and consider the attacker mindset we are responsible for combating, we will not succeed if we cannot stand in the shoes of our customers and empathize with their plight when we roll out painful security requirements.We talk regularly about how team members must have a stronger than usual commitment to developing the “psychological safety” necessary for everyone to believe their opinions are welcome and valued and will contribute to the greater good.We counter the risk that security work can become very reactive by promoting a spirit of innovation. That has led to us already open sourcing multiple solutions, contributing to development of Cloudflare products, and presenting at security conferences. We are strategic about what solutions we should build ourselves and what we should buy from other vendors, always staying current on what’s new.Our team decided to pick a logo, and we ended up choosing an orange-to-pink hued phoenix because they represent resilience and optimism: A phoenix never dies; instead, she always rises from the ashes and becomes more majestic each time around. This embodies the security mindset -- we help Cloudflare bounce back from attacks and security incidents, reemerging stronger and more secure than ever. It's easy to feel like you never "win" against constantly evolving adversaries. Knowing that we are the phoenix, destined to bounce back from whatever setbacks we face, helps us stay optimistic no matter what we face. And of course, the image of a phoenix also fits well with the core Cloudflare name and brand. Not your typical security imagery, but something that we are proud to wear on our t-shirts because it represents our team. We encourage every member of our organization to work on something that is outside their sub-team’s subject area so they interact with the broader team and also have a sense of personal career development.We take our work very seriously and know when to say “Let’s get down to business” like Mulan in the Disney movie (which we’ve heard team members sing), but don’t take ourselves too seriously. We keep it light around the office.We change our seating arrangements regularly to encourage expanding relationship circles.We ask team members across the organization to lead meetings and give presentations to the whole group.We promote from within. Five team members have been promoted into first-time manager roles.We have open-ended manager round-tables to discuss vulnerable topics relating to growing a diverse team.We support our team members playing active roles in company Employee Resource Groups such as here and speaking up on topics outside our core areas of expertise.We take time for team-building activities. Some of our best practices are to keep the events during business hours and limit those that include alcohol.We celebrate success. In the security world, external recognition is more often given for failure than success. Most companies don’t celebrate the prevention of harm, they celebrate new products and new business. If you are not careful, a security team can feel isolated from the rest of the company because its work is not directly tied to generating revenue and even worse can be perceived as blocking progress.One of our favorite meetings was an informal risk review session we had with our engineers during which we white-boarded what we all thought were our biggest risk areas. It was great in the moment because it was such a collaborative session where everyone felt comfortable speaking up about their fears. No two people saw things the same way, but all were open to hearing other perspectives and many of us in the moment changed how we thought about priorities. And what made it an all-time experience was how even though we may have left the meeting a bit discouraged about all we needed to do, within a week every team member had stepped forward and volunteered to work on one of the hardest challenges. Looking back a bit over a year later, we have made strong progress in reducing all the risks identified in that meeting, and we did it together as a team.Security is hard work, and the work is never done. But bringing together a diverse team with a positive culture has helped our team get a lot of hard and stressful work done well. There is a lot more we can do to keep things moving in the right direction for our team members and company and we welcome additional suggestions for improvements in our approaches.

Everything You Need to Know About Website Localization

Pickaweb Blog -

Expanding your business to reach out to customers who speak another language is an exciting prospect. Whether you’re planning to trade across national borders or simply want to engage new domestic audiences, translating your website is an excellent way to do so. However, website translation is about far more than merely converting one language to The post Everything You Need to Know About Website Localization appeared first on Pickaweb.

How to Create a Landing Page that Converts

Pickaweb Blog -

If you want to generate leads and sales from all the traffic you are driving to your website, you need to create a landing page. On average websites convert around 2%, but not landing pages. The average landing page converts at 4.02%. That’s 2 times better than a regular page. And then there are webinar The post How to Create a Landing Page that Converts appeared first on Pickaweb.

How to Persuade: The Science Marketers Need to Know

Social Media Examiner -

Do you want to persuade more people to take action? Wondering how the latest behavioral science can help your marketing? To explore how to be more persuasive in your marketing, I interview Jonah Berger on the Social Media Marketing Podcast. Jonah is a marketing professor at the University of Pennsylvania’s Wharton School and author of […] The post How to Persuade: The Science Marketers Need to Know appeared first on Social Media Marketing | Social Media Examiner.

Genesis for Small Businesses: A Case Study

WP Engine -

Rebecca Gill is a well-known leader in the WordPress community, and she’s been building websites and offering SEO expertise for more than 15 years. While numerous tech trends have come and gone over that period, The Genesis Framework has remained a constant for her since her agency’s launch in 2009.  For those new to the… The post Genesis for Small Businesses: A Case Study appeared first on WP Engine.

Announcing mobile first indexing for the whole web

Google Webmaster Central Blog -

It's been a few years now that Google started working on mobile-first indexing - Google's crawling of the web using a smartphone Googlebot. From our analysis, most sites shown in search results are good to go for mobile-first indexing, and 70% of those shown in our search results have already shifted over. To simplify, we'll be switching to mobile-first indexing for all websites starting September 2020. In the meantime, we'll continue moving sites to mobile-first indexing when our systems recognize that they're ready. When we switch a domain to mobile-first indexing, it will see an increase in Googlebot's crawling, while we update our index to your site's mobile version. Depending on the domain, this change can take some time. Afterwards, we'll still occasionally crawl with the traditional desktop Googlebot, but most crawling for Search will be done with our mobile smartphone user-agent. The exact user-agent name used will match the Chromium version used for rendering.   In Search Console, there are multiple ways to check for mobile-first indexing. The status is shown on the settings page, as well as in the URL Inspection Tool, when checking a specific URL with regards to its most recent crawling. Our guidance on making all websites work well for mobile-first indexing continues to be relevant, for new and existing sites. In particular, we recommend making sure that the content shown is the same (including text, images, videos, links), and that meta data (titles and descriptions, robots meta tags) and all structured data is the same. It's good to double-check these when a website is launched or significantly redesigned. In the URL Testing Tools you can easily check both desktop and mobile versions directly. If you use other tools to analyze your website, such as crawlers or monitoring tools, use a mobile user-agent if you want to match what Google Search sees.  While we continue to support various ways of making mobile websites, we recommend responsive web design for new websites. We suggest not using separate mobile URLs (often called "m-dot") because of issues and confusion we've seen over the years, both from search engines and users.  Mobile-first indexing has come a long way. It's great to see how the web has evolved from desktop to mobile, and how webmasters have helped to allow crawling & indexing to match how users interact with the web! We appreciate all your work over the years, which has helped to make this transition fairly smooth. We’ll continue to monitor and evaluate these changes carefully. If you have any questions, please drop by our Webmaster forums or our public events.Posted by John Mueller, Developer Advocate, Google Zurich

National Grammar Day — How Not To Use a Thesaurus

InMotion Hosting Blog -

Your thesaurus can be your best friend, or at least a great writing tool. (Is the plural form of thesaurus “thesauruses” or “thesauri”? Both acceptable.) We all know the feeling. In the heat of composition, you reach for a word that seems to keep slipping through your fingers like a wet noodle. The amazing thesaurus can save you. However, most writing professors and opinionated types will tell you to chuck the thesaurus or, worse, burn it. Continue reading National Grammar Day — How Not To Use a Thesaurus at InMotion Hosting Blog.

How to Customize a WordPress Theme for Your Brand

HostGator Blog -

The post How to Customize a WordPress Theme for Your Brand appeared first on HostGator Blog. WordPress is an incredibly popular CMS. It’s so popular that a third of the internet runs on WordPress. One big reason is due to its flexibility. The easy-to-customize CMS can be used to build virtually any kind of website, from large-scale news websites to simple one-person blogs. All you have to do is find a theme that speaks to you and aligns with your brand, then get busy customizing to create your unique website. Below you’ll learn the ins and outs customizing your WordPress theme to align perfectly with your brand. WordPress Themes: The Basics Before we get into customizing your WordPress theme we’ll dive deep into the WordPress basics, and how customizations are handled within the platform. With WordPress, you won’t be customizing the WordPress core. Instead, you’ll be making edits to what’s known as a WordPress theme. A theme is a collection of templates and CSS stylesheets which will create a unique design. Sometimes WordPress themes also have collections of templates. These are pre-built versions of the theme that already have certain customizations, theme settings, and changes in place. It all depends on the theme you’re using. For example, the theme GeneratePress has dozens of different templates you can install, which are configurations of the stock GeneratePress theme. Generally, the terms WordPress theme and WordPress template are used interchangeably. Choosing the Right WordPress Theme for You Even though this post is going to show you how to customize your WordPress theme, it’s important that you start with a WordPress theme that has a final design you enjoy. That way you won’t have to make any large scale structural changes, but instead style-based changes to bring your brand to life. With that being said, keep the following in mind when you select a WordPress theme: 1. Choose a Quality WordPress Theme A poorly coded theme can have a detrimental effect on your website’s performance, appearance, and even leave it vulnerable to hackers. Even if you love the design of the theme, it won’t matter if it never loads. Instead of looking through the codebase yourself–what would you even look for? Consider taking the following approach. First, look for theme providers that have been on the market for years. Low-quality themes tend to fade out of the marketplace. Second, spend some time reading through the reviews. If there’s a ton of positive reviews about the quality of the theme, you can generally assume that it’s high-quality. 2. Understand Your Needs The best theme for someone else might not be the best theme for you. Before you start browsing for the perfect theme take stock of your own needs and the type of features you’re looking for. A theme that’s built for an eCommerce store will have very different features than a theme that’s built to showcase a photography portfolio. With WordPress, you’ll be able to find themes built for specific niches like lawyers, accountants, boutique shops and more. On the other hand, you have all-in-one themes that can be customized to suit virtually any niche. 3. Look for Quality Support If you’re purchasing a premium theme, then there should always be a dedicated and responsive support team that comes with. If possible, make sure they offer a method of support that suits your needs best. The most common forms of support include phone, email, and live chat. If you’re going with a free theme, then you probably won’t receive the same level of support. But, you should still look through the WordPress.org support forums to see how frequently they respond to user requests. Beyond support, you’ll want to ensure the theme is updated on a consistent basis. WordPress is continually evolving and the theme will need to be updated, patched, and have bugs fixed to remain functional. Now that you have a foundational understanding of how customizations are made in WordPress and you have a solid theme, it’s time to start customizing. What You Need Before You Start Customizing Your WordPress Theme Before you start editing your WordPress theme you’ll want to have certain brand assets. With a solid website style guide in place, you’ll be able to design your site much faster and avoid things like mismatched colors. Here’s a handful of different design elements you’ll want to have in place: A finished logo. It can be helpful to have multiple versions and sizes, depending on what your theme requires.The list of colors you want to use across your site, including the HEX code, this will look something like #16336d.Any images and graphics you’re going to use across your site Finally, you’ll want to have a general idea of how you want your site to look. For example, do you want to have a full-page slider underneath your logo? Do you want the header to be left-aligned with a menu to the right? Do you want a parallax-style scrolling homepage? Spend some time looking at other competitor sites in your niche and pull out design trends and elements you like. This will help you choose a theme that’s in alignment with your design goals from the start, so you won’t have to make any huge changes to the layout of your theme. How to Customize a WordPress Template There are a multitude of different ways you can customize your WordPress site. Below we cover the most common approaches to editing your WordPress site. Every method we highlight below is 100% beginner-friendly, no design or coding skills required. 1. Use the WordPress Customizer WordPress has a built-in tool called Customizer, which lets you customize your site without having to make any changes to your site’s code. It’s not the most in-depth customization tool in the world, but it will help you make simple customizations, like changing your logo, layout, color scheme, and more.  You can access the tool by navigating to Appearance>Customize from within your WordPress dashboard.  Once you open up the Customizer you’ll have a menu on the left-hand side, which will show you what elements of your site you can edit.  The site elements you can change will depend upon the theme you’re using. However, you’ll typically be able to change the following things: Logo and title. Here you’ll be able to upload a logo and change the size, change your site’s tagline, and more. General layout. Here you can make adjustments to your navigation menus, sidebars, headers and more. You can change the size and appearance of these layout elements. Color scheme. Here you can adjust the color scheme across your entire website, you can change body text color, header colors, link colors, background, and much more. Typography. In this section, you can change the typography across your site. Be careful not to get to font crazy and stick to two fonts across most of your site. Menus. Here you can add new menus to your site, choose where you want them to display, and even create new menus. Widgetized sections. The widget sections you’ll be able to customize will depend upon your theme. Here you can add new items to widgetized sections and customize these areas however you desire.  As you can see, the WordPress Customizer is pretty powerful and allows you to make a ton of changes to your site. Plus, the changes will appear in real-time, so you can see if you like the changes before you publish them live.  2. Use the Built-in WordPress Theme Customization Options This customization option will differ depending on what theme you have installed. Some themes will have built-in options that will let you customize virtually every aspect of your theme, while others will be bare bones. You’ll access these theme options from within your WordPress dashboard. You should have a section on the left-hand side that’s the same name as the theme you have installed. Click this and you’ll be able to see which customization options your theme has available. For example, here’s what the theme options panel looks like on the GeneratePress WordPress theme: As you can see, there aren’t a lot of modifications you can make within the theme settings panel. Most of the site changes you’ll make with this theme will use the WordPress Customizer or the Elementor plugin (we highlight this below). 3. Make Changes via CSS CSS is what controls the appearance of your site. Think of things like site colors, spacing, typography, and more. Your site’s CSS code controls more of the appearance of the site than your theme’s core files do. Before you move forward, make sure that you’re not changing the core CSS file. It’s easy to make mistakes and compromise the design of your site.  Instead, use the WordPress Customizer if you want to make changes to your site. You can access the Customizer by following the steps in the first section, then select ‘Additional CSS’ from the bottom. Here you can enter your CSS code to make changes to your site. These changes should show up automatically in your editor.  If you don’t want to use the Customizer, then you can make CSS changes to your site with a plugin like SiteOrigin CSS. This plugin has some super useful features that make it much easier to edit your CSS, even if you’re a total beginner. For example, it has a built-in inspector tool. This allows you to highlight certain portions of your site and see the exact CSS code you’ll need to make changes to. There’s also a visual editor too. So, you can make CSS changes and see how they reflect in real-time. The editor also has advanced features that’ll help you write clean code that doesn’t have any errors. Just install the plugin, and you’ll be able to start editing your CSS quickly and easily. 4. Use a WordPress Page Builder Plugin WordPress page builder plugins add drag-and-drop functionality to WordPress. This is a common feature on a lot of other website builders on the market today (including the Gator Website Builder). This makes it so beginners have complete control over the design of their site, without having to touch any code. As you add and rearrange certain website elements, the plugin will automatically create the underlying code.  WordPress has a ton of different page builder plugins you can use to add this functionality to your website.  Here are some of the most common: Elementor Page Builder Elementor is a drag and drop page builder that’s equipped with a live preview feature. It’s equipped with all kinds of features, from simple text widgets all the way up to unique sliders, testimonial sections, and more.  There are also pre-built templates you can add directly to your site and pages. Using these pre-built sections lets you customize your site in record time.  Beaver Builder Beaver Builder is a very fast and easy to use drag and drop page builder. Just drag different site elements to the editor, and change any element via the built-in options panel. It’s equipped with a ton of different site elements like content blocks, buttons, sliders, background options and more. It also has over 30 different templates that you can use to create website layouts super quickly. Divi Builder Divi is both a theme and a WordPress page builder. The page builder plugin used to only be available for use with the Divi theme, but today it exists as a standalone product. You can use the plugin with third-party themes, as well as any theme in the Elegant Themes collection. Once you install this plugin you’ll get access to the super-powerful editor. The Divi Builder plugin gives you a powerful drag-and-drop editor, real-time editing, and built-in responsive design. It’s also equipped with tons of different pre-built modules, and even entire websites you can quickly customize.  Once you install one of these plugins you’ll be able to edit your site’s pages and layout via a drag and drop builder. However, these plugins aren’t compatible with every theme out there. So, if you’re having issues using the plugin it might be a problem with your theme’s compatibility.  Here’s a quick look at how you can edit your theme using Elementor. The left-hand menu is full of different elements you can add to your site. Just click on an element and add it to a section. Or, you can drag and drop any element of your site. The changes will reflect in real-time and once you’re satisfied, just save the changes. Virtually every page builder plugin you use will have similar functionality. What’s the Best Approach for Customizing Your WordPress Theme Design? By now you should have a better understanding of how you can edit your WordPress theme to match your brand. As you can see there are a lot of different approaches you can take to make changes to your WordPress theme. The approach you take will differ depending on your existing skills and what you feel comfortable with. Some website owners will be fine just making a few changes via the Customizer and their sites will be complete! While others might prefer making a ton of changes via a WordPress page builder plugin. Feel free to try multiple approaches until you find one that works best for you. Remember, if you don’t want the world to see your website as you’re busy building it, then you can install a WordPress coming soon or maintenance mode plugin. Find the post on the HostGator Blog

Pwned Passwords Padding (ft. Lava Lamps and Workers)

CloudFlare Blog -

The Pwned Passwords API (part of Troy Hunt’s Have I Been Pwned service) is used tens of millions of times each day, to alert users if their credentials are breached in a variety of online services, browser extensions and applications. Using Cloudflare, the API cached around 99% of requests, making it very efficient to run.From today, we are offering a new security advancement in the Pwned Passwords API - API clients can receive responses padded with random data. This exists to effectively protect from any potential attack vectors which seek to use passive analysis of the size of API responses to identify which anonymised bucket a user is querying. I am hugely grateful to security researcher Matt Weir who I met at PasswordsCon in Stockholm and has explored proof-of-concept analysis of unpadded API responses in Pwned Passwords and has driven some of the work to consider the addition of padded responses.Now, by passing a header of “Add-Padding” with a value of “true”, Pwned Passwords API users are able to request padded API responses (to a minimum of 800 entries with additional padding of a further 0-200 entries). The padding consists of randomly generated hash suffixes with the usage count field set to “0”.Clients using this approach should seek to exclude 0-usage hash suffixes from breach validation. Given most implementations of PwnedPasswords simply do string matching on the suffix of a hash, there is no real performance implication of searching through the padding data. The false positive risk if a hash suffix matches a randomly generated response is very low, 619/(235*4) ≈ 4.44 x 10-40. This means you’d need to do about 1040 queries (roughly a query for every two atoms in the universe) to have a 44.4% probability of a collision.In the future, non-padded responses will be deprecated outright (and all responses will be padded) once clients have had a chance to update.You can see an example padded request by running the following curl request:curl -H Add-Padding:true https://api.pwnedpasswords.com/range/FFFFF API StructureThe high level structure of the Pwned Passwords API is discussed in my original blog post “Validating Leaked Passwords with k-Anonymity”. In essence, a client queries the API for the first 5 hexadecimal characters of a SHA-1 hashed password (amounting to 20 bits), a list of responses is returned with the remaining 35 hexadecimal characters of the hash (140 bits) of every breached password in the dataset. Each hash suffix is appended with a colon (“:”) and the number of times that given hash is found in the breached data.An example query for FFFFF can be seen below, with the structure represented:Without padding, the message length varies given the amount of hash suffixes in the bucket that is queried. It is known that it is possible to fingerprint TLS traffic based on the encrypted message length - fortunately this padding can be inserted in the API responses themselves (in the HTTP content). We can see the difference in download size between two unpadded buckets by running:$ curl -so /dev/null https://api.pwnedpasswords.com/range/E0812 -w '%{size_download} bytes\n' 17022 bytes $ curl -so /dev/null https://api.pwnedpasswords.com/range/834EF -w '%{size_download} bytes\n' 25118 bytes The randomised padded entries can be found with with the “:0” suffix (indicating usage count); for example, below the top three entries are real entries whilst the last 3 represent padding data:FF1A63ACC70BEA924C5DBABEE4B9B18C82D:10 FF8A0382AA9C8D9536EFBA77F261815334D:12 FFEE791CBAC0F6305CAF0CEE06BBE131160:2 2F811DCB8FF6098B838DDED4D478B0E4032:0 A1BABA501C55ACB6BDDC6D150CF585F20BE:0 9F31397459FF46B347A376F58506E420A58:0 Compression and RandomisationCloudflare supports both GZip and Brotli for compression. Compression benefits the PwnedPasswords API as responses are hexadecimal represented in ASCII. That said, compression is somewhat limited given the Avalanche Effect in hashing algorithms (that a small change in an input results in a completely different hash output) - each range searched has dramatically different input passwords and the remaining 35 characters of the SHA-1 hash are similarly different and have no expected similarity between them.Accordingly, if one were to simply pad messages with null messages (say “000...”), the compression could mean that values padded to the same could be differentiated after compression. Similarly, even without compression, padding messages with the same data could still yield credible attacks.Accordingly, padding is instead generated with randomly generated entries. In order to not break clients, such padding is generated to effectively look like legitimate hash suffixes. It is possible, however, to identify such messages as randomised padding. As the PwnedPasswords API contains a count field (distinguished by a colon after the remainder of the hex followed by a numerical count), randomised entries can be distinguished with a 0 usage.Lava Lamps and WorkersI’ve written before about how cache optimisation of Pwned Passwords (including using Cloudflare Workers). Cloudflare Workers has an additional benefit that Workers run before elements are pulled from cache.This allows for randomised entries to be generated dynamically on a request-to-request basis instead of being cached. This means the resulting randomised padding can differ from request-to-request (thus the amount of entries in a given response and the size of the response).Cloudflare Workers supports the Web Crypto API, providing for exposure of a cryptographically sound random number generator. This random number generator is used to decide the variable amount of padding added to each response. Whilst a cryptographically secure random number generator is used for determining the amount of padding, as the random hexadecimal padding does not need to be indistinguishable from the real hashes, for computational performance we use the non-cryptographically secure Math.random() to generate the actual content of the padding.Famously, one of the sources of entropy used in Cloudflare servers is sourced from Lava Lamps. By filming a wall of lava lamps in our San Francisco office (with individual photoreceptors picking up on random noise beyond the movement of the lava), we are able to generate random seed data used in servers (complimented by other sources of entropy along the way). This lava lamp entropy is used alongside the randomness sources on individual servers. This entropy is used to seed cryptographically secure pseudorandom number generators (CSPRNG) algorithms when generating random numbers. Cloudflare Workers runtime uses the v8 engine for JavaScript, with randomness sourced from /dev/urandom on the server itself.Each response is padded to a minimum of 800 hash suffixes and a randomly generated amount of additional padding (from 200 entries).This can be seen in two ways, firstly we can see that repeating the same responses to the same endpoint (with the underlying response being cached), yields a randomised amount of lines between 800 and 1000:$ for run in {1..10}; do curl -s -H Add-Padding:true https://api.pwnedpasswords.com/range/FFFFF | wc -l; done 831 956 870 980 932 868 856 961 912 827 Secondly, we can see a randomised download size in each response:$ for run in {1..10}; do curl -so /dev/null -H Add-Padding:true https://api.pwnedpasswords.com/range/FFFFF -w '%{size_download} bytes\n'; done 35572 bytes 37358 bytes 38194 bytes 33596 bytes 32304 bytes 37168 bytes 32532 bytes 37928 bytes 35154 bytes 33178 bytes Future Work and ConclusionThere has been a considerable amount of research that has complemented the anonymity approach in Pwned Passwords. For example; Google and Stanford have written a paper about their approach implemented in Google Password Checkup, “Protecting accounts from credential stuffing with password breach alerting” [Usenix].We have done a significant amount of work exploring more advanced protocols for Pwned Passwords, some of this work can be found in a paper we worked on with academics at Cornell University, “Protocols for Checking Compromised Credentials” [ACM or arXiv preprint]. This research offers two new protocols (FSB, frequency smoothing bucketization, and IDB, identifier-based bucketization) to further reduce information leakage in the APIs.Further work is needed before these protocols gain the production worthiness that we’d like before they are shipped - but, as always, we’ll keep you updated here on our blog.

Pages

Recommended Content

Subscribe to Complete Hosting Guide aggregator