Gutenberg: The Good, The Bad, and… The Ugly?

Blog WordPress

Spring is (finally) starting to make it’s way to Vermont, and the whole Burlington Bytes crew is getting ready for warmer weather. But Spring isn’t only bringing us showers, flowers, and– let’s be honest– mud. April is turning out to be a big month in the world of development. In the next few weeks, the newest WordPress will be released, and with it will come a new plugin that could have quite an impact on how developers and “regular people” alike use WordPress. The big news has to do with a new plugin called Gutenberg, and it could change the way that we build pages in WordPress.

So what does it do?
The goal for Gutenberg is to “make adding rich content to WordPress simple and enjoyable.” It’s mostly geared towards beginners, so they can feel more empowered to create functional and visually pleasing websites. They’ll do that by breaking your content into “little blocks”, that can be easily controlled and styled individually in the new Editor. If you’ve ever written a post in Medium, you’ve already used blocks, and you may not have even noticed it.

The Good
Many feel that the Gutenberg plugin is the breath of fresh air that WordPress needs. The visual editor aspect of WordPress hasn’t seen an update in over a decade, and some say it’s about time for something new. Another positive aspect of Gutenberg is that if you enable it, decide you don’t like it and disable it, it won’t break your site. You can also reactivate it without losing previous blocks. Lastly, developers will be able to create their own blocks to use for customized content. All of this is great, but not everyone is so excited for this update…

The Not-So-Good
Everything isn’t sunshine and rainbows – some critics say that Gutenberg is good for content, but lacks in the style department. Things like background colors will be available, but the level of control that developers are used to in regard to design may not be up to par. The same could be said for the fine-tuning of spacing, columns, rows etc. Gutenberg relies on themes for many of these aspects, and some say that since new WordPress users don’t have a thorough understanding of themes, gearing Gutenberg towards beginners doesn’t make a lot of sense.

The… Ugly?
Now that you have a better idea of the pros and cons of Gutenberg, why not give it a try and decide for yourself? Frontenberg is essentially a pared-down version of Gutenberg where you can try things out and get a feel for the program. Hopefully, your tests turn out beautiful, but if they don’t, feel free to hand things over to our stellar development team. We can make a functional and gorgeous website for your business – unless ugly is what you’re going for!

Burlington Bytes Builds Blockade

Blog Design Tips WordPress

What has our Burlington Bytes development team been up to these days? They’ve recently released a visual page builder that assists with your WordPress formatting needs. We’re proud to introduce you to Blockade, a plugin that let’s you take control of your WordPress content.

Blockade doesn’t replace the current WordPress visual editor TinyMCE. Instead it integrates with it, giving you the ability to apply more advanced formatting and design to the pages of your WordPress site to make it look more professional without breaking the plugins you know and love in the process. It enhances your existing workflow instead of replacing it entirely.

Screen Shot 2017-03-30 at 2.45.06 PM

Let’s break down the key functions that can improve your WordPress experience:

  • Add single use HTML to a page
  • Align images, video and text
  • Create columns and add buttons
  • Insert short codes and widgets with an intuitive live preview
  • Manage backgrounds and callouts
  • Develop pages that are responsive, clean and modern

How did Blockade originate? This plugin has been in development since 2015 and was originally used in-house for clients who wanted a visual page builder that was lightweight and easy to use and customize. It’s in open BETA and currently being tested by active users. There have been over 850 downloads to date and counting!

Why should you give it a try?

Greg Schoppe, the lead developer of Blockade explains, “Blockade is meant to help WordPress users get the power that a modern CMS needs out of a page builder, without sacrificing the features that make WordPress great. I like to think of it as the difference between Wordpad and Microsoft Word. You get the same tools in the same familiar interface, but with much more power under the hood.”

Screen Shot 2017-03-31 at 10.21.02 AM

Blockade is free to use and open source. You can download it here: Try it out to bring your WordPress website to the next level, and let us know what you think!

5 Ways to Protect Your WordPress Site From Hackers

5 Ways to Protect Your WordPress Site From Hackers


WordPress Lock Icon (GPLv2 license)WordPress sites get hacked for lots of reasons. Thankfully, most of these are entirely preventable with a few simple habits.


Way #1: Keep all your software up to date.

The majority of attacks are based on vulnerabilities that have already been discovered, published, and patches released. You need to make sure you’re applying updates to WordPress core, your plugins, your themes, and the server you’re running WordPress on. If you’re already on Burlington Bytes’ WordPress Hosting, rest easy – your updates are being applied and tested for you. If you’re self-hosting, it’s important to remember to check for updates often. Better yet, you can use a plugin like WordFence to email you when there are new versions to install. It’s possible to set up your site to update automatically, but we discourage this if you are running a business site. Updates applied automatically can break functionality on your site, and you might not discover it until a customer tells you. We stress applying updates in a separate environment, checking to make sure everything looks and functions properly, before applying them on your live site.  If you don’t install these patches, you’re a sitting duck – the exact details of the vulnerability are quite public by the time patches are available. One of the most widespread WordPress exploits was from a small script back in the day called TimThumb. This script permitted you to dynamically resize images before sending them to the visitor’s browser. Now, this functionality has been in WordPress core for quite a few years by now, but that wasn’t always the case. TimThumb was a great solution to a common problem until 2011 when someone discovered a way to abuse the script to download a backdoor onto the site. There are still sites that run TimThumb. A large number are patched, but a surprising number still contain this incredibly powerful exploit that’s been public for 5 years.

Way #2: Use Strong Authentication

Another incredibly common way sites are compromised is due to weak passwords. It doesn’t matter how good the rest of your security is if your password is “123456”, “password”, or “letmein”. If I just said your password, please – change it now. Those are literally the first three passwords many attackers will try – they’re some of the most common. A strong password consists of a mixture of lowercase and uppercase letters, numbers, and special characters. All users on the Burlington Bytes’ hosting platform are already required to have strong passwords. You should always avoid using your username, the site name, or any publicly available information about you or your company in your username. For extra security, you can use a plugin like Duo or WordFence Premium to enable multifactor authentication. MFA, or 2FA for short, requires you to enter a code from another device when logging in. This dramatically increases security in conjunction with strong passwords, because an attacker would need both your password and some way to generate your multifactor code, which requires a secret key stored on your device.

Way #3: Regularly Audit Who Has Access

Many data breaches today occurred through the credentials of someone who already had access. Sometimes the bearer of those credentials is complicit, but often their credentials have been stolen by someone else. This complicates investigating a hack because it may appear a trusted employee authenticated to your site and did damage when they may have had no knowledge of this attack at all. To protect against this, only grant site access to people you know and trust, and give users the least privileges needed. For example, if you’d like to have your entire company create content for your website, and that’s all they should be doing, there’s no reason to create them Administrator accounts. WordPress comes with a variety of default user roles – for example, the Editor role would be a much better fit for such a situation. By enforcing a policy of “least privilege,” the potential for damage from rogue users and stolen credentials can be minimized.

Way #4: Check Your Automated Backups

Okay, you got me – this isn’t actually a way to prevent an attack, but a way to save yourself if you are hacked. If you don’t currently have automated backups on your site, you’re at risk of losing days, weeks, months, or all of the time and money you’ve put into it. Manual backups are not enough – it’s too easy to forget to run a site backup on time, every time. We recommend daily, automated backups during your lowest daily traffic period – typically from the hours of 2am-4am. This works well for most people. However, if you do a lot of content editing or depend on your site’s eCommerce, you may need more frequent backups. If you need to restore from a daily backup, you may lose up to a day’s work, but on average less than that. All customers signed up for Burlington Bytes hosting have automated, daily backups included in their subscription. It’s also important you periodically test your backups to make sure they are functioning properly.

Way #5: Never Install “Nulled” Plugins or Themes

A “nulled” plugin has been “cracked” – pirated, with the code modified to disable license checks. Although some “nulled” plugins may appear to function just like the paid version of the plugin, many of them have backdoors installed. When it comes to your business site – it just doesn’t pay to take the chance. Legally purchased plugins or themes provide assurance you are installing genuine software. In addition, you are supporting the developers, and that helps to bring you newer, improved versions. Software piracy is a serious matter, and you can be held criminally responsible for copyright infringement

Stay safe and happy blogging!


This post’s image is a derivative work by Burlington Bytes of the WordPress Dashicons, and as such is licensed as GPLv2.

Another year, another WordPress default theme.

Another year, another WordPress default theme.


At Burlington Bytes, we’re primarily a WordPress shop.  We do everything from building websites, to hosting and supporting websites, to building custom WordPress themes and plugins.  We love WordPress because its simple enough for a layperson to build a website, but extensible enough for our designers and developers to build almost anything we can imagine.

When you first download and install WordPress on your server, the first big question is “What do I want this site to look like?”  WordPress uses a theming system to handle the visual appearance of a site. Right out of the box WordPress will ship with a few different default themes from previous years, named after their respective year.  If you’re not struck by any of the default themes, you can find free WordPress themes in the WordPress Theme Directory, or purchase “Premium” themes on a marketplace like Themeforest.  At Burlington Bytes, we’ll sometimes start with a free or purchased theme and customize it for our client using a Child Theme.  More and more, we’ve been designing and developing totally custom themes using our own Bootstrap starter theme which lets us build responsive websites very efficiently.

Themes are built following a very specific format, using a combination of PHP, HTML, CSS, and JS.  The best way to learn how to build and modify themes is to set up a WordPress and dig in.   If you’re on a live site, you should make a “development” copy of your site to avoid knocking the site offline if you make an error.  You’re going to want to use a FTP program such as Filezilla, we don’t recommend ever using the built-in file editor.  Take frequent backups so you can restore, or better yet, use git or another form of version control.

Twenty Sixteen is this year’s default theme and is currently running on 600,000 active websites.  If you know what to look for, you’re going to see this theme all over the web for the next couple years.

Twenty Sixteen is responsive, with a mobile-first design.  Instead of being built for laptops/desktops with functionality to scale it down, this theme is built with mobile devices as the primary intended audience, and will scale up for laptops/desktops.  This is becoming a popular method of development as mobile usage continues to grow rapidly.

Twenty Sixteen is built for all audiences.  The theme has been deemed “Accessibility ready”, meaning its built to be accessible to audiences that may have disabilities.  According to the W3C’s Web Accessibility Initiative, there’s a lot that needs to be considered, from how the site zooms, how well it can be parsed by a screen-reading program, and a host of other auditory, cognitive, neurological  and physical considerations.   Twenty Sixteen is also RTL translation-ready, meaning it can be easily translated into a variety of languages for global audiences.

Finally, Twenty Sixteen is just another step in the WordPress community’s continual work towards being a platform that is approachable for all audiences.  It has a variety of color schemes built in, and is incredibly to use for anyone to get a website up and running with a minimal knowledge of code.  We’d encourage you to jump in head-first and start building.  If you break something, or want to take your website to the next-level, don’t hesitate to get in touch with our team of WordPress experts at Burlington Bytes.