Burlington Bytes Builds Blockade

Blog Design Tips WordPress

What has our Burlington Bytes development team been up to these days? They’ve recently released a visual page builder that assists with your WordPress formatting needs. We’re proud to introduce you to Blockade, a plugin that let’s you take control of your WordPress content.

Blockade doesn’t replace the current WordPress visual editor TinyMCE. Instead it integrates with it, giving you the ability to apply more advanced formatting and design to the pages of your WordPress site to make it look more professional without breaking the plugins you know and love in the process. It enhances your existing workflow instead of replacing it entirely.

Screen Shot 2017-03-30 at 2.45.06 PM

Let’s break down the key functions that can improve your WordPress experience:

  • Add single use HTML to a page
  • Align images, video and text
  • Create columns and add buttons
  • Insert short codes and widgets with an intuitive live preview
  • Manage backgrounds and callouts
  • Develop pages that are responsive, clean and modern

How did Blockade originate? This plugin has been in development since 2015 and was originally used in-house for clients who wanted a visual page builder that was lightweight and easy to use and customize. It’s in open BETA and currently being tested by active users. There have been over 850 downloads to date and counting!

Why should you give it a try?

Greg Schoppe, the lead developer of Blockade explains, “Blockade is meant to help WordPress users get the power that a modern CMS needs out of a page builder, without sacrificing the features that make WordPress great. I like to think of it as the difference between Wordpad and Microsoft Word. You get the same tools in the same familiar interface, but with much more power under the hood.”

Screen Shot 2017-03-31 at 10.21.02 AM

Blockade is free to use and open source. You can download it here: https://www.wpblockade.com/. Try it out to bring your WordPress website to the next level, and let us know what you think!

5 Ways to Protect Your WordPress Site From Hackers

5 Ways to Protect Your WordPress Site From Hackers


WordPress Lock Icon (GPLv2 license)WordPress sites get hacked for lots of reasons. Thankfully, most of these are entirely preventable with a few simple habits.


Way #1: Keep all your software up to date.

The majority of attacks are based on vulnerabilities that have already been discovered, published, and patches released. You need to make sure you’re applying updates to WordPress core, your plugins, your themes, and the server you’re running WordPress on. If you’re already on Burlington Bytes’ WordPress Hosting, rest easy – your updates are being applied and tested for you. If you’re self-hosting, it’s important to remember to check for updates often. Better yet, you can use a plugin like WordFence to email you when there are new versions to install. It’s possible to set up your site to update automatically, but we discourage this if you are running a business site. Updates applied automatically can break functionality on your site, and you might not discover it until a customer tells you. We stress applying updates in a separate environment, checking to make sure everything looks and functions properly, before applying them on your live site.  If you don’t install these patches, you’re a sitting duck – the exact details of the vulnerability are quite public by the time patches are available. One of the most widespread WordPress exploits was from a small script back in the day called TimThumb. This script permitted you to dynamically resize images before sending them to the visitor’s browser. Now, this functionality has been in WordPress core for quite a few years by now, but that wasn’t always the case. TimThumb was a great solution to a common problem until 2011 when someone discovered a way to abuse the script to download a backdoor onto the site. There are still sites that run TimThumb. A large number are patched, but a surprising number still contain this incredibly powerful exploit that’s been public for 5 years.

Way #2: Use Strong Authentication

Another incredibly common way sites are compromised is due to weak passwords. It doesn’t matter how good the rest of your security is if your password is “123456”, “password”, or “letmein”. If I just said your password, please – change it now. Those are literally the first three passwords many attackers will try – they’re some of the most common. A strong password consists of a mixture of lowercase and uppercase letters, numbers, and special characters. All users on the Burlington Bytes’ hosting platform are already required to have strong passwords. You should always avoid using your username, the site name, or any publicly available information about you or your company in your username. For extra security, you can use a plugin like Duo or WordFence Premium to enable multifactor authentication. MFA, or 2FA for short, requires you to enter a code from another device when logging in. This dramatically increases security in conjunction with strong passwords, because an attacker would need both your password and some way to generate your multifactor code, which requires a secret key stored on your device.

Way #3: Regularly Audit Who Has Access

Many data breaches today occurred through the credentials of someone who already had access. Sometimes the bearer of those credentials is complicit, but often their credentials have been stolen by someone else. This complicates investigating a hack because it may appear a trusted employee authenticated to your site and did damage when they may have had no knowledge of this attack at all. To protect against this, only grant site access to people you know and trust, and give users the least privileges needed. For example, if you’d like to have your entire company create content for your website, and that’s all they should be doing, there’s no reason to create them Administrator accounts. WordPress comes with a variety of default user roles – for example, the Editor role would be a much better fit for such a situation. By enforcing a policy of “least privilege,” the potential for damage from rogue users and stolen credentials can be minimized.

Way #4: Check Your Automated Backups

Okay, you got me – this isn’t actually a way to prevent an attack, but a way to save yourself if you are hacked. If you don’t currently have automated backups on your site, you’re at risk of losing days, weeks, months, or all of the time and money you’ve put into it. Manual backups are not enough – it’s too easy to forget to run a site backup on time, every time. We recommend daily, automated backups during your lowest daily traffic period – typically from the hours of 2am-4am. This works well for most people. However, if you do a lot of content editing or depend on your site’s eCommerce, you may need more frequent backups. If you need to restore from a daily backup, you may lose up to a day’s work, but on average less than that. All customers signed up for Burlington Bytes hosting have automated, daily backups included in their subscription. It’s also important you periodically test your backups to make sure they are functioning properly.

Way #5: Never Install “Nulled” Plugins or Themes

A “nulled” plugin has been “cracked” – pirated, with the code modified to disable license checks. Although some “nulled” plugins may appear to function just like the paid version of the plugin, many of them have backdoors installed. When it comes to your business site – it just doesn’t pay to take the chance. Legally purchased plugins or themes provide assurance you are installing genuine software. In addition, you are supporting the developers, and that helps to bring you newer, improved versions. Software piracy is a serious matter, and you can be held criminally responsible for copyright infringement

Stay safe and happy blogging!


This post’s image is a derivative work by Burlington Bytes of the WordPress Dashicons, and as such is licensed as GPLv2.

Join The Burlington WordPress Meetup: Wednesday, February 17th!

Join The Burlington WordPress Meetup: Wednesday, February 17th!


Are you are a Burlington WordPresser looking to learn more about WordPress development tools? Are you interested in meeting local WordPress developers, designers, and publishers to share knowledge and experience together? If you answered yes, clear your calendar for next Wednesday night, February 17th at 7:30pm for the Burlington WordPress Meetup – Hands-on: WordPress Ways & Workflows / Q&A at the Main Street Landing Performing Arts Center.

The meetup team asks that you bring your laptops, questions and projects to discuss as a group. They also suggest having a mac or linux laptop that has VirtualBox and Vagrant installed.

If you can’t make it to this meetup, don’t fret! These meetups typically take place once a month, often on the second Wednesday of the month, with dates subject to change at times. Some of the formats that are showcased include: round table discussions, happy hours, and code collaboration nights.

Interested in being a speaker at a Burlington WordPress meetup? They are currently looking for speakers to fill the 2016 calendar. If you would like to submit a topic, please take the time to fill out this Burlington WordPress Speaker Application.  The presentation format dedicates half of the time to your presentation, and the other half devoted to a Q&A session. Lastly, these meetups are open to the public and all skill levels are welcome.

A few members from our team will be in attendance this Wednesday and we’re looking forward to connecting with like-minded WordPressers to learn, engage and collaborate with. You may even see one of us participating as a featured speaker, so stay tuned!

For more information on these monthly meetings, please visit the meetup website. We hope to see you next week!