Category Archives: JavaScript

Person following a path that says Internet

WordPress Frequently Asked Questions and Answers

How Do I Set a Static Page as My Site’s Homepage?

The default WordPress settings display a feed of your most recent posts on the homepage, which is preferred by most bloggers. But if you are trying to build a non-blog website, a static page would probably work best. You can assign a static page to your site’s homepage by logging into your dashboard and clicking Settings > Reading > and clicking the “Static page” button next to the option titled “Front page displays.”

Is WordPress Secure?

WordPress gets a bad rap regarding security, with many webmasters viewing it as a target for hackers. The truth, however, is that most attacks on WordPress websites are the result of outdated software, poor username/password combinations, or the use of dubious third-party plugins or other software. Developers have made great strides to create a secure environment for WordPress, and as long as you take basic preventive measures to protect your site, it shouldn’t become a victim of hackers.

If you are worried your site will become the target of hackers, check out our previous blog post here for more tips on how to secure a WordPress website.

How to I Find The Page ID?

Unless you have your site set up to use the page ID in URLs, you may have trouble locating this information. However, certain plugins require users to input page IDs. You can find the page ID by clicking the Posts or Pages button and hovering over the post/page from which you would like to obtain the ID. In the status bar you will see something along the lines of “post=123,” with the number being the page ID.

Should I Use Hosted or Self-Hosted WordPress?

There’s really no easy answer to this question, as both hosted and self-hosted versions of WordPress have their own strengths and weaknesses. Hosted is great if you’re looking for a fast and easy way to get started. With that said, self-hosted offers far more features and customization options than its counterpart. For these reasons, we recommend using self-hosted WordPress if you are serious about creating a successful blog or website.

How Do I Use a Plugin?

One of that many reasons why WordPress is the leading content management system (CMS) is because it supports the use of plugins. But how exactly do you use a plugin? There are a couple of ways to accomplish this, one of which is by using the platform’s built-in plugin search tool. From within the WordPress dashboard, access Plugins > Add New > and search for the plugin that you wish to use. Next, click “Install Now,” at which point the plugin will download to your site’s plugin directory. Last but not least, go to your plugins and click the “Activate button,” at which point it should be ready to go!

Have any other questions about WordPress that we didn’t answer? Let us know in the comments section below!

Image attribution:

Zero Day Vulnerability Discovered In WordPress

OLYMPUS DIGITAL CAMERAMost WordPress vulnerabilities are minor, involving the use of outdated themes, plugins or other third-party software. However, a team of Finnish researchers has recently discovered a new zero-day vulnerability that allows hackers to execute code remotely on WordPress servers.

Juoko Pynnonen first reported the bug on Klikki Oy, describing it as a javascript injection vulnerability. According to Pynnonen’s report, hackers can use this vulnerability in websites running WordPress 4.2 or earlier to inject malicious JavaScript code into the site’s comment field. Assuming the comment is a minimum of 66,000 characters long, the JavaScript will be executed when someone views the comment.

An unauthenticated attacker can store JavaScript on WordPress pages and blog posts. If triggered by an administrator, this leads to server-side code execution under default settings,” said Pynnonen. “A usable comment form is required. It looks like the script is not executed in the admin Dashboard, but only when viewing the post/page where the comment was entered. If comment moderation is enabled (the default setting) then the comment won’t appear on the page until it has been approved by an admin/moderator. Under default settings, after one ‘harmless’ comment is approved, the attacker is free from subsequent moderation and can inject the exploit to several pages and blog posts.”

Surprisingly, this isn’t the first cross-site scripting vulnerability identified in WordPress. Earlier this month, WP developers released a new update to patch a similar vulnerability. While each of these vulnerabilities are unique, they both rely on code injects to harm websites.

Video: WordPress 4.2 stored XSS

You can click on the play button above to see a demonstration of how the most recent zero-day WordPress vulnerability works. It’s a rather simple bug that wreaks havoc on websites running the WordPress content management system (CMS).

So, how can you protect your website against this vulnerability? The only viable solution as of now is to disable commenting. This can be done by logging into your site’s dashboard and choosing Settings > Discussion > and unticking the box that allows visitor commenting. Of course, WordPress developers should be patching this vulnerability in the upcoming days, so make sure your site is running the latest version.

Is Your Blog Ready For The Mobile Revolution?


There’s a growing trend towards the use of smartphones, tablets, electronic wearables, and other mobile devices to access the Internet. In fact, a comScore report found mobile U.S. Internet traffic surpassed desktop traffic for the first time ever earlier this year, and experts predict this trend will continue in the years to come (source). Bloggers who fail to acknowledge the ever-growing demographic of mobile Internet users will get left in the dust by their competitors. So, how do you ensure your blog is ready for the mobile revolution?

Don’t assume that your blog will function as intended on mobile devices just because it does so on desktops. Smartphones and tablet computers have different screen sizes, display ratios, and they often lack plugins/extensions commonly found on desktop browsers. So even if your blog functions properly for desktop users, mobile visitors may experience broken elements, display errors, and other problems.

How To Create a Smartphone-Optimized Blog

Google supports three different configurations for creating smartphone-optimized websites:

  1. Separate mobile domain. This involves creating a dedicated website specifically for the mobile version of your blog.
  2. Dynamically serve different HTML based on user agent. The second configuration consists of serving different HTML to users based on their respective user agent. In other words, your blog will check the user’s browser to determine whether he or she is on a desktop or mobile device. If the latter, your blog will serve mobile-friendly HTML to the user.
  3. Responsive Web Design. The third configuration is known as a Responsive Web Design (RWD). This is the preferred choice by both Google and Bing, so it’s recommended that you use it when creating a smartphone-optimized blog or website. RWD involves the use of proportion-based grids combined with CSS3 media queries to create a universal layout that functions the same across all devices. Whether a visitor is accessing your blog on a desktop, laptop, smartphone, tablet, etc., you can rest assured knowing he or she will have 100% funnctionality.

Mobile Test

Even if you believe your blog is optimized appropriately for mobile traffic, it’s recommended that you test it to ensure it functions as intended. Granted, you can do this by viewing your website on different devices, but this is a tedious, time-consuming process that really doesn’t make much sense. A smarter testing solution is to use the free online tool located at Simply click on the device you wish to use, input your blog URL, and it will show how your website looks on the respective device.