It’s a new year, and time for some resolutions. If you’re struggling with what changes to make, I think this is a good time to suggest using a strong passwords and a password manager. I blog about this every newyear, and people continue to use weak and just plain bad passwords. With more and more news reports about hacks, bad security and new breaches every day, you need to protect yourself.
Every year, SplashData puts out a list of the top 100 worst passwords. Let’s have a quick look at the top 10 worst passwords used last year:
Those are really bad. According to SplashData, the over five million leaked passwords evaluated for the 2018 list were mostly held by users in North America and Western Europe. Passwords leaked from hacks of adult websites were not included in this report.
So what can you do?
Use Stronger Passwords
The best passwords use a combination of letters (both cases), numbers and special characters. I’d recommend using a tool to generate strong passwords. I use RandomKeyGen.com to generate passwords for sites as I use and as well as when I create user accounts. That site will generate all sorts of passwords and keys for you, ranging from shorter passwords that are strong and memorable all the way to crazy “fort knox” passwords, like this:
That is a nice, strong password. Yes, it’s long, and hard to remember, but do you want an easy password that’s trivial for some bot network to crack? No, didn’t think so. Wolfram Alpha says that if you had a computer making 100,000 guesses a second, it would guess your password in 1.178×10^19 years. That’s a long time. Like age of the universe long.
Use a Password Manager
Screenshot of 1Password
I find the challenge is remembering long, complicated passwords. I can barely remember what I had for breakfast. To make life easier, I use an app, 1Password, that syncs my passwords across multiple machines and my phone.
If you asked me for my banking or Facebook password, I couldn’t tell you what it is. They’re both 30 character strings of numbers, upper and lower case letters, and special characters. 1Password will also generate passwords if you need. LastPass and KeePass are also apps in this space.
Some of these tools are free or very inexpensive. I think it’s worth it to keep your info just a little more secure than using a password like 123456.
I’ve been following all the drama surrounding the release of WordPress 5.0, and the arrival of its new editing experience, Gutenberg.
I’m going to be completely honest. Until last night, I had never used Gutenberg. It’s true.
I’ve used page builders before, and have used the “classic” editor for nearly 10 years without major issue. Thanks to custom meta fields, I’ve always been able to gather, format, categorize and work with content of many different kinds without major issue. I didn’t really need a new editor, to be honest and I feel most pagebuilders make pages a mess of shortcodes and other cruft.
But after many months in development, WordPress 5 has been set free into the world, and more importantly, it’s new Gutenberg editor, whether we wanted it or not.
WordPress 5 is here.
Why is this being released now?
Why was this release targeted and pushed out in the 4th quarter of year, without major accessibility testing, and on the day before the WordCamp US conference? These are not small questions.
For example, releasing WordPress 5.0 right before the big WordCamp US conference starting tomorrow was absolutely silly. The release day was a travel day for most of the top people in the WordPress community. Releasing WordPress 5.0 a day before WordCamp US was simply rude to the WordPress community.
So is releasing a major version of software that powers 32%+ of the Internet in the month of December during the holidays when many people are trying to focus on family. This update is going to break millions of websites, and force millions of developers to upgrade millions of websites. The number of human working hours that are going to go into supporting this update can’t even be quantified.
Somewhere in the rumors, complaints and conspiracies is the truth as to why this all being pushed out now. We may never get the full truth or reasoning, which is frustrating.
WordPress is not a small open source project. It’s massive, and with that size you’re going to have to have to wrangle many different voices. There are users, the teams who actually write the code, plugin and theme developers, and so on. There are investors in Automattic (who have put in over $300 million into the company.) Lots of people have staked their entire careers and livelihoods on this software. That’s a lot of pushing and pulling, but that’s happens when your software is everywhere.
In the end, WordPress grand poobah Matt Mullenweg has won and released WordPress 5, whether we were all ready or not. I fear he’s burnt a ton of political capital in getting it out. He dabbed on his haters, but at what cost?
If you don’t want to use Gutenberg, or don’t understand Gutenberg, install the “classic editor” and update your site to version 5.
The “classic editor” is now a plugin and is the same editor as we’ve always had in WordPress. If you do that, you can continue on using WordPress as you always have and you’re good to go.
Feeling frisky on a Google Hangout last night, I updated my site live with some friends watching and giving some advice.
After installing the classic plugin, I upgraded to version 5.
And nothing felt different.
I activated the classic plugin.
I edited a post. If you have the plugin activated, you’ll see a choice now to edit that particular post in the “block editor”.
Quick aside: when working in the admin area, you’ll see something called “block editor.” That’s what Gutenberg is called inside WordPress. This is something that will lead to even more confusion as people who aren’t super in the weeds like many of us will be looking for something called Gutenberg in their editor. When they don’t see it, they will get upset.
Here’s what the posts screen looks like for a particular post:
You can switch between them, but please be aware you’re going to get errors. How do I know? I got a ton of them.
Compared to most WordPress installations, I don’t have a million plugins running. This is a blog. I’ve got Yoast SEO, caching, sitemaps, WP-Optimize, and a plugin that backs up the site every night to Amazon S3. I’m not exactly pushing the technology to the limit here.
What I do have here is a large archive of posts stretching back to 2008. Ten years of posts created in WordPress from version 2.5 or something. I’m sure my database is full of out of date stuff in it. Since I updated last night, I’ve been getting a very large amount of errors.
I edited a post as a test and switched from the “classic” editor to the “block” editor. Error.
I edited a post using the “block” editor. I added in a few content blocks and saved a draft. Error message on the screen.
I made more changes, and previewed my post. No changes were shown. Error.
I published the changes to my post as a fun “test in production” test, and received error messages on the screen that the post did not save. I tried saving, error. Again. Error again. Viewing the post showed the changes were live.
After starting this post with the classic editor, I thought I’d switch to the block editor. I had to reload several times to get the block editor. To be honest, as I write this, I’m nervous that it’s going to lose this entire post. It’d serve me right.
When the editor did finally switch, I got this error. This is a PHP error, not a Gutenberg error. I’m guessing a plugin conflict somewhere.
It’s been a real struggle to get basic functionality to work, and I’m lucky I’m not using plugins like ACF to further complicate the situation.
To be honest, the whole situation has bummed me out. If you are starting a new site from scratch, maybe Gutenberg will be awesome for you. If you have hundreds (like this site) or thousands of posts and pages in your site, this is going to be a major issue, I fear.
I’m going to put this in bold text:
If you manage a WordPress site in any capacity, I would strongly recommend you do not update to WordPress 5.
If you manage a website using WordPress, sit tight wait for the next update, which should be coming in a few weeks. Hopefully by then, we’ll see bug fixes and performance improvements with Gutenberg. This block editor is like typing in molasses. It’s slow and gross.
Giving it some time will also allow the amazing folks at WPCampus to complete their accessibility audit of Gutenberg. I know many of you work in higher education and nonprofits, and this is critical information for you to know before you roll this out to your campuses. The good news is that their fundraising appeal has been met. Disclosure: I was a donor to this campaign and I’ve spoken at the WPCampus conference (which was awesome.)
Waiting out this initial push will also give you time to ensure plugin and theme developers have enough time to get their code working with the changes in version 5 and Gutenberg.
I like the idea of the page editor, and there’s some parts of the new block editor that are really well done. There’s a ton of potential, but it’s not here yet. Not all the say.
While I see a lot of people claiming this is the future of WordPress, my perspective is it is actually just WordPress’s somewhat boring present. I haven’t seen anything innovative in WordPress 5.0 that I haven’t seen in other page builders, themes, or plugins. WordPress 5.0 and Gutenberg is kind of boring in its simplicity.
There are also hundreds of reference and developer pages that haven’t been updated yet to reflect what’s new in 5.0. This will cause more delays as developers try to figure out the documentation.
I’ve come to the end of the post now. I’m nervous for it to publish. If you’re reading this in your email, RSS reader, or via social media, it actually worked and this post published. Good luck, everyone.
Post-publishing update: I can’t find a few key areas in the block editor. I can’t find category selection, excerpt, and my tags weren’t saved. Update 2: I found them, they’re in document settings for some reason. And they aren’t saving, they error out every time. Amazing.
Oh yeah, I also got another error. It looks like this:
I love to optimize my sites as much as I can, and I use tools like GTMetrix to test them to see where I can eek out more performance. Google launched a new site this week, Web.dev, but it looks at more than just performance.