Your WordPress plugins might be silently losing business data

If your WordPress site uses third-party plugins, you may be experiencing data loss and other problematic behavior without even knowing it.

Like many of you, I’ve become quite attached to WordPress over the past 15 years. It is by far the most popular content management system, powering 28 percent of the Internet, and still the fastest growing, with over 500 sites created on the platform each day. Considering myself well versed in the software, I was surprised to discover — while working on a digital design project for a client — what could be the Y2K of WordPress. Many WordPress plugins are suffering data loss, and it looks like this problem will soon explode if not properly addressed.

The issue is essentially due to the fact that WordPress discards entire datasets even when only one of the data elements within the set contains too many characters for the insertion field. Because WordPress doesn’t log the data loss or any errors related to it, few developers are aware of the issue. And because of one particular scenario involving storing a visitor’s data when they’re connecting with an IPv6 address, the situation is exponentially worse.

Example: Say a WordPress site owner has a plugin installed that lets users add comments. Plugins like that typically store the user’s IP address along with comments they submit, for analytics purposes. For years, plugin developers have assumed that IP addresses were always in the standard IPv4, 15-character format that looks like this: 216.123.123.123. Thus, plugin developers typically set the maximum allowed characters for the IP address database field their plugin uses to about 15-20 characters. However, IPv6 has a much longer 39-character format that looks like this: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.

Unbeknownst to many users, site owners, and developers alike, these longer IPv6 addresses are becoming increasingly widespread. Those new addresses won’t fit into the database fields developers have been using for years. Furthermore, for security purposes, WordPress specifically validates that each part of a data set about to be stored will fit. In the example above, if the IP address is too long, WordPress discards the entire data set (not just the oversized IP address string). Worse, WordPress doesn’t log an error when this happens. The data is simply lost to the ether, without leaving a trace. This two-year-old WordPress bug thread shows how long the WP core devs have known that the community didn’t like this, but they still haven’t addressed it.

Yes, this currently just affects data coming from IPv6 addresses (currently about 17 percent of users). But while IPv6 use may be in the minority right now, it won’t be for long, and as it becomes the majority, these unexplained issues with data loss will reach pandemic proportions if left untreated.

Just how widespread is this?

1.02 million active WordPress plugin installs are silently discarding real visitor logs, content submissions curated by users, and more, right now, all because IPv6 addresses are present in the data being stored. Here are some other interesting stats:

  • 50,336 plugins are available at wordpress.org today
  • 200 plugins (~1 in 250) create IP address fields that are too short
  • Those 200 plugins have over 1 million active installs — a total of 1,023,280.
  • Here’s a publicly-accessible Google Sheet my team created that lists all known offending plugins. For each plugin, that sheet includes one example where that plugin declares an IP address field that is too short.

The fix is easy peasy: You simply need to change the table schema for the column that stores IP addresses from 15 to 39 (or more).

This problem can affect applications other than WordPress; really, any application that utilizes IP addresses and stores them in MySQL/PostgreSQL tables (especially in STRICT mode, which would prevent row inserts) where the column max is expecting a 15-character IPv4 IP address.

Debuggin’ the plugin

I uncovered this situation while recently working on a site that needed a rating system that allowed authenticated users to vote on specific post types. So naturally, I did a search of existing plugins that could meet the requirements and found one fairly quickly, CBX Rating, and it was a breeze to configure and get working. Then came the intermittent reports of the form submissions not going through.

I spent hours deactivating other plugins, digging through code, and guiding users via screenshare. I was unable to narrow it down or find any smoking gun. No success message, no error message, no errors in the console log, nothing in the server logs. How could form submissions be failing without errors?

I remembered something I had seen in WordPress before: row inserts silently failing if the data strings were longer than the table column maximums. So I shifted my attention to the back end, and that’s where I found the problem and my boss, Erik Neff (the company’s CTO), helped identify exactly why it was happening.

MySQL databases, not in STRICT mode, will truncate values if they’re over the max character count for a particular column and will insert the new record with a warning. When in STRICT mode, MySQL will not accept the record and will return an error. WordPress, on the other hand, won’t execute a query if it determines the length is longer than the max, and will instead return false, with no error or warning.

When using the WordPress $wpdb->insert method, you get back a 1 upon success and a 0 upon failure. But a function is called before any mySQL statements are executed, and that’s where the problem lies. The function is called protected function process_field_lengths, and it checks to see if the data’s length is less than the max allowable length for that table column. If the length is longer than allowed, the entire insert is aborted and false is returned with no error message or explanation. This is a known issue with WordPress core, and makes debugging that much harder.

The CBX Rating plugin we were using didn’t account for this failure point. I checked the plugin’s table schema and started increasing varchar max lengths across the board. Touchdown! Soon after, I got wind from users of all types that all forms were now being submitted successfully.

My mind raced to how this could be an epidemic, so Erik and I set out to determine the scale. The result of a (rather lengthy) check of WordPress plugins yielded a list of every place an IP address field was declared with an incorrect length. You can find those results in the Google sheet that I’ve made public.

Brett Exnowski is senior developer at Primitive Spark and specializes in complex web applications.

[“Source-venturebeat”]

Google rolls out new protections against phishing plugins

Google is making it even harder to accidentally install a malicious plugin. Today, the company announced new changes to the way Google services handle plugins, adding new warnings for users and a more involved verification system for apps. The result is more scrutiny on apps plugging into Google services, and more active involvement from Google when an app seems suspicious.

The changes come after a sophisticated phishing worm hit Google Drive users in May, masquerading as an invitation to collaborate on a document. The malicious plugin was not controlled by Google, but because it was named “Google Docs,” the app was able to fool many users into granting access. Once granted access, it sent a new request to everyone in the target’s contact list, allowing the app to spread virally. Ultimately, the app was blacklisted by Google, but not before it reached tens of thousands of users.

Today, such an attack would be much harder to perform. Shortly after the worm, Google strengthened its developer registration systems, making it harder for anonymous actors to plug unknown apps into Google accounts. The announcement today takes that system even farther, warning users whenever an unverified app requests access to user data.

Malicious or compromised plugins remain a significant security risk for Google and other platforms, as a string of recent incidents have demonstrated. The security group OurMine has specialized in those attacks, posting false messages from accounts controlled by Sundar Pichai, Jack Dorsey, and Sony Music, which tweeted a false report of Britney Spears’ death.

In each case, OurMine gained access by compromising a third-party application which was authorized to post to the targeted account. An active social media user might have hundreds of plugins authorized to access their Twitter or Facebook account, giving hackers hundreds of potential ways in. Users can protect against these attacks by monitoring authorized applications, and revoking access for any apps they no longer use.

[Source:-theverge]

Most important and highly used WordPress SEO tools and plugins for everyone

Image result for Most important and highly used WordPress SEO tools and plugins for everyonePowerful SEO tools and plugins that not only improve the speed of your WordPress website but also making the rank of the website better. Below I have shared some of the best and most used SEO tools and plugins suggested by lots of SEO companies that can take your business to the next higher level.

WordPress SEO by Yoast:

Yoast is one of the perfect SEO solutions and caters various benefits to its users. It’s free and can be installed easily on any self-hosted WordPress website. For additional functionality, you can also purchase premium Yoast SEO.
With the use or help of Yoast we can:-

• Create and submit sitemap of our websites in XML format that also supports images.
• Add SEO title, Meta description, and Meta keywords to each post and page of your site
• Add custom title for your main site, archives, and category and tag pages
• Add Open Graph Metadata that shows you the correct title, description, and image for Facebook, Twitter Cards, Sitemaps and ping search engines at the time of site updating.
• Add custom RSS footer for our WordPress posts

SEMRush

It’s a most important and most accurate SEO tool used in long term keyword researching. Various SEO strategies you can deploy with the help of SEMRush. Nothing and no other SEO tool can beat SEMRush to do competitor analysis. Backlink analysis, the discovery of top keywords, estimate the passage of any site etc. can be accomplished via this perfect competitor research tool.
A SEMRush dashboard offers an open platform to check our website’s health or how a site is performing or to fix any SEO issue if it has. In addition to it, SEMRush also provides Organic keywords, traffic, Ads, position tracking visibility, SEO ideas etc. SEMRush is a paid invaluable see go-to tool that tops the charts to increase search engine traffic and always rank better. SEMRush is one of the favorite tools used by most of Website Development Company who also caters WordPress development services.

Google Keyword Planner

Keyword planner allows the user to identify, analyze and select the most popular and relevant keywords with high search volume to their niche, products or services. Investing a significant amount of time and money in keyword research will repay your every little SEO efforts and assure the success and high revenue of your business.
With the help of best free keyword research, you can

• Search out and swipe your competitor’s keywords
• Find out long tail local keywords in much faster way and easily outrank all other sites
• Search out for niche markets and other topics to blog about
• Create ad words campaigns easily

Google XML Sitemaps

Sitemap accomplishes fundamental requirement of search engines that the new or modified content is crawled and indexed. You can submit the sitemap by free sitemap creator or by paid sitemaps. Google XML Sitemaps is free, most reliable and easiest way to submit a website to search engines. After creating and submitting a sitemap in XML language, the content of sites such as category, tags, and media will update automatically. Best thing is that Google offers free service to submit your sitemap to Google, no charges. Other finest benefits of XML sitemaps are that your site or content can be efficiently and effectively crawled.

W3 Total Cache

Best WordPress plugin offered by the Google loading the websites much faster for users. High page speed via W3 Total Cache plugin can also increase page hits. With the help of W3 Total Cache plugin you can:-

• Cache pages and use browser caching
• Page compression for static pages
• Content Delivery Network (CDN)

Google Analyticator

You can connect your website with Google Analytics via Google Analyticator plugins. Most used this SEO plugin offers unique and ultimate features to their users and some of them are mentioned below:-

• Filter log of logged-in users
• Website loading speed and inbound linking can be tracked easily
• Adsense Ads can also be tracked.

LinkPatrol

This premium plugin helps you to control all the web links on your website. You can clean up all your anchor text, spammy links, and link juice problems as well as can monitor all the outgoing links on your site.

Open Site Explorer

With the help of this free tool, you can get significant information for any domain name such as what anchor texts and links a particular domain is using, top pages, linking domains etc.

Print Friendly

Recent Editor’s Picks:

  • Machines Won’t Take Over CX…But A Few AI Titans Might
  • Employee Engagement: A Confluence of Passion and Purpose
  • Critical Focus Areas for Customer Experience Improvement
  • 10 Characteristics of The “Perfect” Customer Need Statement
  • Customer Experience Motives Drive Organic Growth

[“Source-customerthink.”]

CEMU PLUGIN LOADER MAKES IT EASY TO LOAD IN DLL PLUGINS

Cemu Wind Waker

(Last Updated On: July 13, 2017)

The Cemu emulator updates may have slowed down due to the fact that the Cemu Team has made the Wii U emulator about as good as most people could have hoped for, and with only some optimization and compatibility feats left, the community is focusing more on third-party support such as plugin loaders.

Over on the Cemu sub-Reddit, user Growlith1221 designed a new DLL plugin loader for the Cemu emulator. This allows users to load in custom third-party plugins and hook them into the Cemu easily without a lot of huffing, puffing or configuring going on.

Growlith1221 explains that the Cemu Plugin Loader doesn’t do anything special outside of loading in additional DLL files to make it easy to load up add-on packs, fixes, or other community-made updates. He does mention that eventually a GUI will be made available, writing…

“[…] right now, it’s working as a simple plugin loader, in the future(possibly in a few days actually), a gui will be available for various other things like choosing which dll(s) you want to load and whatnot”

You can download the Cemu Plugin Loader right now from the Dropbox download page.

It’s suggested that you don’t use the Cemuhook in conjunction with the Cemu Plugin Loader, so it’s something you definitely need to keep in mind.

Updates for the main emulator have slowed down quite a bit after the latest main release. For the most part, the big surge happened when the Cemu was just starting to emulate The Legend of Zelda: Breath of the Wild, but now that the game is mostly playable, it’s no longer a top priority for the community to express vested interests the way they did when the game first came out.

Nevertheless, Cemu is still a free Wii U emulator for PC, so you can download the latest version of from over on the official Cemu website.

Plugins and social media links leave websites more open to compromise

hacker laptop

Adding extra features like plugins and social media links makes websites more likely to be compromised according to a new report.

The study by website security company SiteLock finds that sites with between one and five plugins have 1.5 times more chance of being compromised than the average site.

More plugins leads to more risk, with 10 to 20 plugins increasing the chance of compromise to 2.5 times and 20 plus plugins leads to three times the risk. Linking to social media adds to the danger of being hacked too. Sites that link to Facebook and Twitter accounts have 1.5 times the risk of compromise of the average site. Linking to a LinkedIn account produces two times the risk. Linking to accounts on all three networks produces 2.5 more risk of compromise.

The more Twitter followers you have the greater the peril too. Between 500 and 10,000 followers produces two times the risk of compromise and more than 10,000 three times the risk.

Interestingly the site platform used makes a difference too. Sites based on Drupal or WordPress have 1.5 times the risk of compromise of an average site, while Joomla sites are 3.5 times more likely to be compromised.

Looking at sites that have been hacked, the study finds that 73 percent are infected with generic backdoors. 39 percent are infected with shell programs to give the hacker control of the website’s files and the ability to administer the site, while 53 percent are infected with malware designed to target the site’s visitors. Hacking simply to do damage is relatively rare, only seven percent of hacked sites are defaced.

You can see more about the findings in the infographic below.

Image credit: vectorfusionart / depositphotos.com

SiteLock Popularity Infographic 2017

[“Source-betanews”]

Moto Mods concepts have legs and heads and plugins …

Image result for Moto Mods concepts have legs and heads and plugins …

Moto’s Z series including its new Z2 should be renamed Transformers – with a commitment by Motorola to release at least 12 new mods a year these phones can be anything.

Six never-seen-concepts were announced by King’ori Gitahi, technical product manager of Motorola, West, East and Central Africa, at an event in Ghana. The 17-minute video at the end shows most of the products.

Mods are magnetic snap-ons to the Moto Z series and extend the functionality way beyond a traditional smartphone.

These working concepts include

  • Moto 360 camera – a 360° cylinder that protruded from the top of the phone and can stream live 360°, 4K video.
  • ROKR Mod – looks like a Marshall speaker amplifier with line in/out and a stereo speaker.
  • Studio Mod – an HD voice microphone to turn the Z into a proper media/journalist recorder.
  • Direct TV Mod – allows DirectTV USB dongle to plug into the Z series and stream live digital TV (DirectTV is US-based).
  • DSLR Mod – a mirrorless DSLR body that takes standard DSLR lenses (brand/mount undisclosed).
  • Action Mod – a kind of Go-Pro 4K camera mod.
  • Frequent leaker Evan Blass has confirmed these are not fakes – they are working conceptsThese are in addition to the launch of the new Z2 Play (the base model Z2) and the Turbocharge battery pack, JBL SoundBoost 2, GamePad, Wireless Charging back, the Vehicle Dock, and the promise that all Mods will support at least two generations of Z phones to protect any investment.

    Android Police have more here.

[“Source-itwire”]

Kodi Couldn’t Care Less if Your Illegal Plugins Don’t Work

Image result for Kodi Couldn't Care Less if Your Illegal Plugins Don't WorkNews just in, Kodi doesn’t care if your illegal plugins aren’t working, and you certainly shouldn’t tweet them asking for tech support if you’ve been streaming Sky Sports and now can’t. The terse responses on Twitter are somewhat telling that the people behind the media centre apps have had it.

In one response it politely explains that it’s not connected to the recent failure of TVAddons.

ian @TheSalang

Hey @KodiTV what’s the update on the exodus add-on? I recall a tweet about it losing a number of providers temporarily.

 Follow

Kodi

@KodiTV

@TheSalang We have nothing to do with piracy add-ons nor do we provide support for them. http://kodi.wiki/view/Free_content 

  • 11 Retweet

  • 1111 likes

Twitter Ads info and privacy

There’s another polite reply here, even the face of a rude user trying to get help with “their specific problem”.

body { display: inline-block; width: 613px; height: 110px;} (adsbygoogle = window.adsbygoogle || []).push({});”);document.close();})();” style=”margin: 0px; padding: 0px; border: 0px; font-style: inherit; font-variant: inherit; font-weight: inherit; font-stretch: inherit; line-height: inherit; font-family: inherit; font-size: 16px; vertical-align: baseline; max-width: 100%; display: inline-block; width: 613px !important; height: 110px !important;”>

Mclemore💸 @AaronMclemore18

@KodiTV That’s not helping me how to necessarily fix mine though

 Follow

Kodi

@KodiTV

@AaronMclemore18 That’s the point. You need to enquire elsewhere regarding your piracy add-ons. We don’t provide support for them.

  • 11 Retweet

  • 1313 likes

Twitter Ads info and privacy

And then there’s this truth bomb, deleivered to yet another person that doesn’t seem to understand what Kodi is, and how it’s a non-profit that has, essentially been running since 2002.

 Follow

Kodi

@KodiTV

You obviously have no clue what Kodi actually is. We make a media player. There’s no “operations”. We don’t provide content. C U in 10yrs https://twitter.com/danguirguis/status/878280248910991361 

  • 5555 Retweets

  • 467467 likes

Twitter Ads info and privacy

You can sort of see their point. Kodi is very popular with two groups of people, enthusiast home entertainment users who have their own TV content and who want to stream from the many legal outlets like YouTube on their TV. Kodi is a great aggregator of content, and its own plugin channel is all legal stuff.

Then there are the people who buy Kodi Fully Loaded boxes on eBay and think that it’s some sort single company providing all these services. Either they’re ignorant to the illegality of these boxes, or they know and chose to ignore that. But enough of them are confused about Kodi’s role in the whole thing.

However you look at it, unofficial plugins aren’t the Kodi team’s problem and you’d be advised not to ask them about your copyright infringing woes. It is, of course, a reality that some people will want to use Plex, Kodi and any other system for breaking copyright rules, but those people need to just keep it to themselves. The same way one avoids snorting coke directly in front of a policeman.

[“Source-gizmodo”]

9 Best WordPress Security Plugins to Secure Your Website

Wordpress security

WordPress is an open-source platform and it also is the most popular content management platform there is today. But the problem is it offers basic security that is not equipped for dealing with DDoS and brute force attack as well as spamming.

The worst part is that hackers get crafty each time WordPress beefs up security and many users are vulnerable to hacking and intrusive strikes. Protecting your WordPress website doesn’t only mean installing plugins. You have to make sure that you have done your homework by taking all the necessary measures to secure your website. Installing a security plugin means going the extra mile in order to protect your website from malware and other attacks.

Therefore, it falls on us to guide such impulsive users on how they should harden the security of their WordPress site by using the following plugins:

1. Sucuri Security

Sucuri happens to be one of the most recognized names when it comes to online security in general. It offers a mass of amazing features such as:

Security Activity Audit Logging: This feature is used to monitor all security-related events that regards your WordPress site. For this thing, any changes that occur with the application is taken as a security event.

File Integrity Monitoring: This feature compares a known good with the current state. If the current state is different from the known good, then you have a problem. When the plugin is installed, it will create a known good that is all of the directories of the root of the install.

Remote Malware Scanning: This is powered by the free security scanner – SiteCheck, which basically scans your site remotely for any malware.

Blacklist Monitoring: Another great feature of the Security Malware Scanner is that it makes use of various blacklist engines such as Sucuri Labs, Google Safe Browsing, Norton and AVG among so many others.

Effective Security Hardening: Sucuri is tasked with cleaning over 100 websites a day and that too with security hardening configurations.

Post-Hack Security Actions: No matter how solid you think your security is, it is inevitable that you will get hacked. That’s why security offers Post-Hack Security Actions that enable you to get around the problem.

Security Notifications: It’s useless having all those security features unless you are alerted of the issues and that is where security notifications come into play.

2. iThemes Security

iThemes Security is by far the best WordPress security plugin that you will ever find. It has over 30+ ways of protecting and securing your WordPress website. It also blocks suspicious users and prevents brute force attacks.

Seeing as how WordPress is a common target for hackers due to weak passwords, plugin vulnerabilities and obsolete software, iThemes Security aims to lock down WordPress, repair common holes, prevent automated attacks and enhance user credentials.

3. Jetpack

In spite of it not being a security plugin so to speak, Jetpack includes an array of modules that strengthens your site. You no longer have to worry about downtime, data loss or hacking anymore.

Jetpack intelligently monitors your site, guards it against brute force attacks, scans for malicious codes, secures your logins, and backs up all of your data. It also includes a 2-factor authentication module via WordPress.com. The premium plans let you use malware scanning and automatic site backups.

4. All In One WP Security & Firewall

Here is another commendable WordPress security plugin that is robust, stable, well-supported and easy to use. It even goes the extra mile by adding further security and firewall using a security plugin that enforces plenty of good security practices.

It lessens the risk of security by looking for vulnerabilities and by implementing the latest WordPress security practices and techniques. It uses a phenomenal security points grading system just so it measures how you have protected your based on the security features that you have used.

The security firewall rules are categorized into “basic”, “intermediate” and “advanced”. This way, you can apply the firewall rules without having to break your site’s functionality. Add that to the fact that All In One WordPress Security does not slow your site down and is 100 percent free.

5. Wordfence

Wordfence is a powerhouse of a security plugin is just what your WordPress site is looking for. Its web application firewall prevents your site from getting hacked as it is powered by Threat Defense Feed. It takes advantage of the proprietary feed, which alerts you immediately whenever your site gets hacked.

It includes a Live Traffic view that gives you a real-time hawk’s eye view of your online traffic as well as any hacking attempts that are made. It has over 22 million downloads and is 100 percent open-source as well as free. As long as you download from the WordPress directory, you should be fine.

It also features a Premium API key that grants you premium support, scheduled scans, country blocking, password auditing, real-time updates to the Threat Defense Feed, a two-factor authentication and also checks your IP address if it is being used to spam-vertised.

6. WPS Hide Login

WPS Hide Login is a simple plugin that comfortably lets you change the URL of the login form page to anything that you desire. However, it does not rename or change files in core, and neither does it add rewrite rules.

What it does it intercept page requests and it works on any WordPress site. As a result, users cannot access the wp-admin directory and wp-login.php page. So, you should be able to bookmark or remember the URL.

7. BulletProof Security

BulletProof Security is indeed a force to be reckoned with. It guards your site against SQL injections as well as other exploits. The plugin consists of a firewall that stops malicious script from executing before it goes for your WordPress core files. Its key features include: real-time file monitor auto-restore intrusion detection & prevention system, quarantine intrusion detection & prevention system, DB monitor intrusion detection system, JTC anti-spam | anti-hacker, uploads folder anti-exploit guard, security logging, HTTP error logging, PHP error logging.

8. Security Ninja

Security Ninja gives you the ability to go into hiding whenever bots, hackers or spammers come knocking at your door. It grants you virtually full control over what security features you would implement on your site. Its biggest trait is conducting over 50 security tests with a single click.

It is sad though that the free version does not include a malware scanner. But that can be rectified by purchasing the premium version of this plugin. When that’s done, you will also get a WordPress core file scanner and an event logger, as well as gain the ability to schedule your scans.

9. WP Hide & Security Enhancer

WP Hide & Security Enhancer is the easiest way for you to hide your WordPress core files, theme and plugin paths from being visible on the front end of your site. This vastly improves upon Site Security and no one will ever realize that you’re running a WordPress.

It provides a great way to clean up HTML by removing all of your WordPress fingerprints. You can change the default WordPress login URLs from wp-admin and wp-login.php to something completely random.

To Conclude

That about wraps up all of the best WordPress security plugins that are a shoo-in to give you a peaceful online experience and absolute privacy. If you feel the need to mention more for this list, don’t hesitate to let me know in the comments below.

[“Source-techspective”]

How to Use Reverb Plugins on Your Vocal Tracks

Image result for How to Use Reverb Plugins on Your Vocal TracksWe’ve all been there. Your band is tracking some cool new song you just wrote, and it’s coming together great: perfect groove, killer tones, clever ear–candy. Then you add those vocals tracks.

Suddenly, all you notice is that the voice sounds dull, lifeless, and strangely disconnected from the rest of the music. It’s not that the lyrics aren’t working or that your intonation is off. It’s just that, for some reason, those vocals don’t sound well–placed in the mix.

That’s usually right around the time your bandmate or co–producer turns to you and says something like, “It’s all good! Just needs a bunch of reverb!” That’s, well, half–right.

When deployed deftly, good old reverb is the perfect tool for gluing harmonies together or putting the vocal track in a simulated acoustic context.

But, there are very few times when you’ll want to soak your vocal tracks with the effect. Discretion is the name of the game with reverb. Your production will really benefit from understanding a few things about one of the oldest studio effects and how it remains so useful in today’s DAW–dominated world.

The Basics: What Reverb Does and Doesn’t Do

A lot of people will tell you that reverb makes vocals sound bigger, but that’s not really the case. Like natural reverb in a cave or warehouse, a reverb plugin makes a vocal sound like it’s in a space. The reason why reverb is so great on a sterile, dry voice recording is because it helps that vocal track sound like it wasn’t recorded in an isolation booth.

If anything, heavy reverb doesn’t make a vocal sound bigger, but farther away. After all, you’d hear more reverberation from someone farther down in a cave than someone standing right next to you.

Metric Halo’s HaloVerb Digital Reverb

So, if your issue is that the vocals you recorded sound oddly out in front of the band — a very common problem when the vocal is tracked in a different space, on a different day — then break out some basic reverb.

For that kind of issue, a simple plugin like Waves’ Renaissance Reverb or Metric Halo’s HaloVerb will do the job. Choose a size for the room you want to emulate, set a decay time that matches the sound of the other instruments in the mix, and slowly dial a wetter and wetter signal until the voice seems to meet the rest of the band in that imagined space.

If you’re looking to add more presence and power to a vocal performance however, go the opposite route and dial back the reverb.

Reverb has a law of diminishing returns. A little bit is usually called for, but adding more and more will eventually just cause your voice to sound overly glassy, getting swallowed up by the rest of the mix. Ergo, if your reverberated vocal part is sounding weak or unintelligible, dial back your room size, decay, and dry/wet settings to taste.

RELATED ARTICLE



Types of Reverb

While the guiding conceptual principles I outlined apply to any type of reverb you choose to use, different types do have different characteristics. You’ll see these types of reverbs all over the plugin–verse, and knowing what to use and when to use it will lead to the best production decisions.

Plate Reverb

Plate reverb emulates one of the earliest techniques used to get the effect: shooting a recorded signal into an actual steel plate via a transducer and then re–recording the resulting metallic vibrations with a contact microphone. This generates a pleasantly dark, dense, and diffused timbre. The intensity and decay of the reverb directly relate to the size of the plate.

This makes them an excellent choice if you’re going for a thick, vintage tone with your vocals, or if you’re looking for that warmth–and–glue factor but aren’t particularly concerned about adding brightness. You want to be careful with plate reverbs since they add low–end frequencies and can muddy up your mix.

Spring Reverb

Spring reverb — based on a similarly old–school electro–mechanical technology — offers a much brighter and snappier tone. Like plate reverb emulating reverberation on a metal plate, spring reverb emulates reverberation across metal springs.

On most plugins, you can typically adjust the “tension” and “number” of springs being emulated, with very loose springs offering a messier sound and sloppier decay, and tighter springs offering that classic, higher–pitched “splash.”

Because they sound somewhat smaller than their plate cousins, spring reverbs are awesome for scenarios where you don’t want much pre–delay.

Spring reverbs play really well with delay effects. For the best of both worlds, try sending your lead vocal through a tight spring reverb and then into a longer delay. But, once again, be careful. That spring sound is very noticeable, and it can easily distract from the original dry signal if not implemented cautiously.

Room Simulation

Room reverbs, as you likely guessed, simulate rooms. Digital room reverbs will give you control over various room sizes and building materials, ranging from a symphony house to a narrow hall.

Eventide Reverb

Plugins such as the Eventide Reverb typically have settings for various tiled rooms, concrete halls, wooden gymnasiums, and so on. Each preset will make pre–delay time, amount of diffusion, and early reflections present in your reverb signal, and every other setting conform to the spatial and acoustic logic of the room selected.

These verbs will usually impart a more modern sound to your vocal than springs or plates, and they offer far and away the most control over every little parameter you might care to mess with.

Say your band tracked basics to your song in a wooden room that was roughly 20 by 25 feet area with a 12–foot ceiling that you don’t have access to anymore. Using your room simulator, you can basically “dial in” a simulation of that space for your vocal track, creating reflections that will match those produced by the band, thus unifying the performances.

You can also go the opposite route and take your vocal track in some surreal directions by tweaking the parameters to create tiny rooms with inordinately huge decay times. Experiment! That’s the beauty of the digital reverb in the DAW era: you can always play around and re–adjust those knobs again later.

Vox Verb in Practice

Once you play around with reverb enough, you’ll start to get a sense of how to use it functionally. A big part of the joy of reverb, at least once you understand how to use your favorite plugins, is using it creatively.

Try sending all of your vocal harmonies to a track with reverb wetness turned up high while putting a short, crisp reverb on the lead. This will help the harmonies blend and the main vocal pop.

Or maybe use almost no reverb at all during sparse, intimate verses of your song to get a more confessional tone, and then crank it up for a particularly psychedelic bridge or chorus. Suddenly, you’re making real choices about where the singer exists in relation to a song and its listener.

Appendix: A Few General Reverb Functions Explained

  • Wet/Dry or Reverb Level: Controls the ratio of original signal to processed signal.

  • Pre–delay: Controls the total elapsed time between the sounding of the dry and wet signals.

  • Decay Time: Controls the total time until that last reverb tail dies away.

  • Early Reflections: Controls the amount of discrete echoes present in your wet signal.

  • Diffusion: Pushes those discrete echoes closer together (smearing them) or farther apart (separating them).

  • Room Size: Controls the dimensions of a the room being simulated, which automatically adjusts the boominess and decay of your reverb sound on a more global level.

  • Modulation Depth: Varies the pitch of reverberated signal relative to the dry signal.

  • Modulation Rate: Varies how quickly those pitches oscillate in time.

[“Source-ndtv”]

8 of the Best Plugins for Securing Your WordPress Site

This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.

How do you avoid getting hacked? Our last article detailed forty techniques for securing your WordPress site. This follow-up post is a quick reference of the best plugins that look after your security needs.

We’ve focused on highly-rated plugins that cover a range of security features, rather than one-trick-wonders. If your hosting provider doesn’t already have a comprehensive security solution, installing one of these would be a great first step in your security strategy.

Have we missed your favorite security plugin? Let us know in the comments.

1. WordFence

  • Cost: Free, Premium from $99/year
  • Active installs: 2+ million
  • Rating: 4.8 out of 5 stars (3,048 reviews)

Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and we even check if your website IP address is being used to Spamvertize.

WordFence includes these security features:

  • Firewall. WAF with automatically updated firewall rules that block common WordPress security threats.
  • Blocking features. Real-time blocking of known attackers and malicious networks and other security threats.
  • Login security. Two-factor authentication, enforced strong passwords, security to lock out brute force attacks.
  • Security scanning. Scans core files, themes and plugins for malware and backdoors, and checks for files that have been changed.
  • Monitoring. Monitors traffic in real time including bots and reverse DNS, monitors for DNS changes and disk space.

 

2. All In One WP Security & Firewall

  • Cost: Free
  • Active installs: 500,000+
  • Rating: 4.8 out of 5 stars (669 reviews)

A comprehensive, easy to use, stable and well supported security plugin… It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.

All In One WP Security & Firewall includes these security features:

  • User accounts security. Change the default admin username, check for user display names that are the same as usernames, password strength tool, stop user enumeration.
  • User login security. Login lockdown (brute force protection), log out inctive users, view failed login attempts, whitelist IP addresses, see who’s logged in, CAPTCHA.
  • User registration security. Enable manual approval, CAPTCHA, Honeypot.
  • Database security. Set the default WP prefix, schedule automatic backups.
  • File system security. Identify and fix insecure permissions, disable file editing from WP admin, monitor system logs.
  • htaccess and wp-config.php file backup and restore. Easily backup, restore and modify these important files.
  • Blacklist functionality. Ban users based on IP address or range, or by specifying user agents.
  • Firewall. Add firewall protection via htaccess, firewall rules that stop malicious scripts.
  • Brute force login and attack prevention. Cookie-based login prevention, CAPTCHA on login form, rename login form URL, Honeypot.
  • Whois lookup. Get full details of a suspicous host.
  • Security scanner. File change alerts, scan database tables for suspicious strings.
  • Comment spam security. Block IP addresses of spammers, add CAPTCHA to comment form.
  • Front-end text copy protection. Disables right click, text selection and the copy option.

 

3. iThemes Security

  • Cost: Free, Pro: 2 sites $80/year, 10 sites $100/year, unlimited sites $150/year, Gold $297 lifetime.
  • Previously called Better WP Security
  • Active installs: 800,000+
  • Rating: 4.7 out of 5 stars (3,812 reviews)

iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.

The free version gives you some protection, but the Pro version includes these security features:

  • Two-Factor Authentication. “Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you.”
  • WordPress Salts & Security Keys. “The iThemes Security plugin makes updating your WordPress keys and salts easy.”
  • Malware Scan Scheduling. “Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details.”
  • Password Security. “Generate strong passwords right from your profile screen.”
  • Password Expiration. “Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed).”
  • Google reCAPTCHA. “Protect your site against spammers.”
  • User Action Logging. “Track when users edit content, login or logout.”
  • Import/Export Settings. “Saves time setting up multiple WordPress sites.”
  • Dashboard Widget. “Manage important tasks such as user banning and system scans right from the WordPress dashboard.”
  • Online File Comparison. “When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.”
  • Temporary Privilege Escalation. “Give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.”
  • wp-cli Integration. “Manage your site’s security from the command line.”

 

4. Sucuri Security

  • Cost: Free, Basic $199/year, Pro $299/year, Business $499/year
  • Active installs: 300,000+
  • Rating: 4.6 out of 5 stars (260 reviews)

We keep your website safe and hack-free! The Sucuri Platform is a suite of tools designed for complete website security. With no additional cost or hidden fees, the Sucuri Platform is affordable, easy to deploy, and supported by a team of professionals at your disposal.

Sucuri forms part of the security solution of many quality hosting providers, including SiteGround. It’s a valuable tool for SiteGround to protect its clients’ sites from malware, because it scans every link that is accessible from the website homepage on a daily basis. It includes these security features:

  • Clean and repair hacked websites. “Professional security incident response team available 24/7/365.”
  • Attack and hack prevention. “A cloud-based WAF/IPS solution designed to stop hacks and attacks.”
  • Continuous monitoring. “Continuous monitoring and alerting of any security-related issues.”

The free WordPress security plugin includes these features:

  • Security Activity Audit Logging
  • File Integrity Monitoring
  • Remote Malware Scanning
  • Blacklist Monitoring
  • Effective Security Hardening
  • Post-Hack Security Actions
  • Security Notifications

 

5. Jetpack, which now includes VaultPress

  • Cost: Free, Personal ($39/year), Premium ($99/year), Professional ($299/year)
  • Active installs: 3+ million
  • Rating: 4.1 out of 5 stars (1,330 reviews)

Jetpack (by Automattic, who bring you WordPress) does more than just security. It basically brings the features of WordPress.com to the rest of us, which is appealing. For security and backup the paid plans includes VaultPress.

VaultPress is a real-time backup and security scanning service designed and built by Automattic, the same company that operates (and backs up!) millions of sites on WordPress.com.

VaultPress is now powered by Jetpack and effortlessly backs up every post, comment, media file, revision, and dashboard setting on your site to our servers. With VaultPress you’re protected against hackers, malware, accidental damage, and host outages.

VaultPress includes these security features:

  • Backups. “Comprehensive daily or real-time automated backups stored in our offsite digital vault, optimized for WordPress and better than your host.”
  • Restores. “Even during the most stressful moments we have your back. Restore your entire online presence quickly and easily without needing your host.”
  • File scanning. “Automatically detect and eliminate viruses, malware, and other exploitable security problems that may be hiding in your website.”
  • Automated file repair. “Fix detected viruses, malware, and other dangerous threats with a single click.”
  • Spam defense. “Protect your SEO, readers, and brand reputation by automatically blocking all spammers.”

 

6. BulletProof Security

  • Cost: Free, Pro $59.95 (one time purchase)
  • Active installs: 100,000+
  • Rating: 4.7 out of 5 stars (302 reviews)

BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 5+ years and is installed on over 30,000 websites worldwide. Not a single one of those 30,000+ websites in 5+ years have been hacked.

100% hack free website guarantee. If your website is hacked after installing BPS Pro, we will clean up your hacked website for free. We can easily offer that awesome deal because your website will never be hacked if you have BPS Pro installed.

The free version includes these security features:

  • One-Click setup wizard
  • .htaccess website security protection (firewalls)
  • Hidden plugin folders / files cron (HPF)
  • Login security & monitoring
  • Idle session logout (ISL)
  • Auth cookie expiration (ACE)
  • DB backup: full/Partial, manual/scheduled, email/zip, cron delete old backups, logging
  • DB table prefix changer
  • Security logging
  • HTTP error logging

The Pro version adds these features:

  • AutoRestore Intrusion Detection & Prevention System (ARQ IDPS)
  • Quarantine Intrusion Detection & Prevention System (ARQ IDPS)
  • Real-time file monitor (IDPS)
  • DB Monitor Intrusion Detection System (IDS)
  • DB diff tool: data comparison tool
  • DB status & info
  • Plugin firewall (IP Firewall): automated whitelisting & IP address updating in real time
  • JTC anti-spam/anti-hacker
  • Uploads folder anti-exploit guard (UAEG)
  • Custom php.ini website security
  • F-Lock: read only file locking
  • Additional logging options
  • S-Monitor: monitoring & alerting core
  • Pro Tools: 16 mini-plugins

 

7. SecuPress

  • Cost: Free, 1 site $57.60/year, 3 sites $144/year, 10 sites $288/year, unlimited sites $479/year
  • Active installs: 5,000+
  • Rating: 4.8 out of 5 stars (19 reviews)

Protect your WordPress with malware scans, block bots & suspicious IPs. Get a complete WordPress security toolkit for free or as a pro plugin.

If you are proactive, our free WordPress security plugin is a great choice! No time to activate weekly scans? Then SecuPress pro is the way to go. Our plugin takes care of everything with automated tasks.

SecuPress includes these features:

  • Anti brute force login
  • Blocked IPs
  • Firewall
  • Security alerts
  • Malware scan (Pro)
  • Block country by geolocation
  • Protection of security keys
  • Block visits from bad bots
  • Vulnerable plugins & themes detection (Pro)
  • Security reports in PDF format (Pro)

 

8. Security Ninja

  • Cost: Single site $29 (1 year updates/support), multi site $79 (1 year updates/support), forever unlimited $199
  • Active installs: 6,000+
  • Rating: 5 out of 5 stars (6 reviews)

Security Ninja helps thousands to stay safe and prevent downtime due to security issues. 50+ tests will provide a comprehensive overview of your site’s security.

The free version lets you achieve the following:

  • Perform 50+ security tests including brute-force attacks.
  • Check your site for security vulnerabilities and holes.
  • Take preventive measures against attacks.
  • Prevent 0-day exploit attacks.
  • Use included code snippets for quick fixes.
  • Brute-force attack on user accounts to test password strength.
  • Numerous installation parameters tests.
  • File permissions.
  • Version hiding.
  • 0-day exploits tests.
  • Debug and auto-update modes tests.
  • Database configuration tests.
  • Apache and PHP related tests
  • WP options tests.

You can even more protection using these Pro modules:

  • Core scanner. “Easily monitor the state of your WP core files. Have a clear view of files that are modified but shouldn’t be and restore them with a single click.”
  • Malware scanner. “Powerful heuristic malware scanning algorithm will check all your themes, plugins, uploaded files and options table for suspicious content.”
  • Auto fixer. “If you don’t like creating backups, editing files, messing with code and getting your hands dirty – Security Ninja PRO will do everything for you. Fix security issues with one click.”
  • Events logger. “Monitor, track and log more than 50 events on the site in great detail. From user actions, to post edits and widget changes – Events Logger sees everything.”
  • Scheduled scanner. “Have Security Ninja do automatic, periodic scans of your sites, including scans of core files. If there are any changes you’ll be notified via email.”

[“Source-ndtv”]