How to Install a Plugin

In your WordPress dashboard, click on Plugins>Add New.

Search for the name of your plugin. When you find it, click on the Install Now button. Then once it’s installed click the Activate button. That’s it!

All-In-One

One of the most powerful plugins to install on your blog is Jetpack. It’s great for a new site because it gives you little bit of everything you need to get started. Here are just some of features included in the free version:

• Site statistics
• Contact forms
• Social sharing icons
• Automatic sharing of your posts to twitter and other social networks
• Related posts
• Photo galleries and carousels
• Performance and speed upgrades
• Mobile theme
• Email subscription for your blog posts
• Sitemaps
• Downtime monitoring
• Brute force attack prevention

The best part is all of their features can be turned on and off so you don’t have to use what you don’t need and your site won’t be bogged down by a lot of unnecessary code running in the background.

You will need register for an account at WordPress.com first and then you will be able to connect Jetpack to your account to get access to all of the features.

Security

Keep your blog safe and secure with Wordfence. It’s a very good all-in-one security plugin with file scanning and a firewall. Once you activate you can pretty much leave it alone and it will do its job keeping out hackers and bots. Read my post on fixing a hacked website for instructions to set up Wordfence once you’ve activated it.

Backups

It’s incredibly important to make regular backups of your website. If your site did get hacked or the server your account is hosted on were to fail, you could lose your entire website.

There are several decent backup plugins but I recommend UpdraftPlus. It’s easy to use and you can configure it to automatically backup your site files and database at a set interval (ever day, every week, etc.) and send the backups to any number of storage options like google, dropbox, FTP, etc. You don’t have to pick a remote storage option, but if you aren’t storing your backups offsite, just remember to download a copy of the backups to your computer regularly.

If you post everyday, make sure to backup your database every day. The database is where all posts, pages and comments are stored. If you post once a week or less, choose to backup the database every week or two instead. Your files probably don’t need to be backed up every day unless you upload lots of media. I usually set that to make a backup once a week or even once a month for blog without a lot of images.

Site Optimization

You only have a few seconds to grab someone’s attention when they come to your site, so you want to make sure the site is loading as fast a possible. For beginners I recommend installing WP Super Cache. It works well out of the box without a lot of confusing configuration.

RECOMMENDED READING: Here’s a good guide about configuring your WP Super Cache settings.

Along with Super Cache, install Autoptimize to easily optimize the HTML, CSS and scripts that your theme uses, which helps to make your site load much faster.

You’ll also want to optimize all of the images you upload. There are two plugins that I use for this that are pretty similar: Smush Image Compression and Optimization or ShortPixel Image Optimizer. Unfortunately, the free versions of both of these plugins are a bit limiting as you can only optimize a certain amount of images before needing to upgrade to their pro versions. But as long as you don’t upload more than 100 images a month, the free versions will be fine.

Search Engine Optimization

There’s really only one plugin option in this category. The Yoast SEO plugin is the standard SEO plugin and it’s one that everyone should have installed if they want to make sure their site is optimized for search engines. It requires a little set up but is very user-friendly and easy to use.

RECOMMENDED READING: Yoast’s Beginners Guide is a great tutorial with instructions for setting up Yoast SEO and using its features.

Spam Prevention

WordPress comes with Akismet installed and it’s a very good basic spam prevention plugin to have. To activate it, you first need to register your site and get an API key. The personal plan is free or you can pay a little bit if you’d like to support the developers.

If you don’t feel like going through all of that, I also recommend installing Anti-Spam. It works well and doesn’t require any kind of extra registration or upgrades like some of the other spam plugins available.

On blogs that get a lot of spam, I will actually use both of these plugins at the same time because it tends to be more effective than either by themselves.

Social Media Sharing

You definitely want to add sharing buttons on your blog to make it easy for readers to share your posts on twitter, facebook and pinterest. Social Warfare is a good all-in-one plugin to add sharing buttons. It’s the one I’m currently using on this site and it’s a case where I recommend paying the $29 to upgrade to the Pro version because it really is worth it. The Pro version optimizes your posts for Pinterest and Twitter, adds Pinterest hover buttons on your images, lets you edit your buttons to match with your site colors and design and a ton more. You can find individual plugins to do all of these things, but if I can get everything I need in one plugin, all the better.

Another good option is the Ultimate Social Media plugin. It doesn’t do quite as much as Social Warfare, but it gives you a lot of options to customize the look and placement of your sharing buttons.

And if you do need a separate plugin to add a “Pin It” hover button on your images, this jQuery Pin It Button Plugin will do the job.

Comments

If you plan on enabling comments on your blog and interacting with your readers. Install Comment Reply Email Notification so that when you reply to someone’s comment, they will get an email with your reply. This is helpful since most people aren’t going to come back to your post just to check if you replied.

The post The 10 Best Plugins to Install On Your WordPress Blog appeared first on Swank Web Design.

Install A Security Plugin

I mentioned this in my last post but I’m going to say it again because it’s probably the easiest and fastest way to secure your website. Wordfence is the easiest and best option I’ve found but there are plenty of other good ones to choose from. You can read my previous post for instructions to install and configure Wordfence.

Add 2-Factor Authentication

2-Factor Authentication is a great way to make your WordPress site more secure since it makes it much harder for anyone else but you to be able to log into your WordPress dashboard. Instead of just logging in with a single username and password, you’ll have to do that plus provide additional authentication to access your site. Usually something like receiving an text or email with a passcode.

To enable this, go to Plugins>Add New and search for 2-Factor Authentication (or Two-Factor Authentication). There are a ton of options in the plugin database. For plugins I’m unfamiliar with, I usually start with the one that has the best rating and most installs. If you hate it you can always delete that plugin and try another.

Don’t Forget to Update Your Plugins and Themes

Security vulnerabilities can be just as much of an issue with plugins and themes so they need to be kept up to date, too. WordPress makes updating super simple. Go to Dashboard>Updates and you’ll see a list of plugins and themes that need to be updated.

If you have old themes that you aren’t using anymore, delete them. To do this go to Appearance>Themes. Click on the theme. In the bottom right you’ll see a link to delete the old theme.

Backup, Backup…and Backup Again

You are backing up your website regularly…right? If not, you need to be. I’ve seen hacks that completely decimate websites and in those cases, the only way to restore the site was from a previous backup. Your website is very important to you and I’m sure you wouldn’t want to lose it, so backup early and often!

Most web hosts have a backup option in your control panel but there are plenty of options to backup your site right in your WP dashboard. My preferred plugin is Updraft Plus. It’s easy to use and you can configure it to send your backups to any number of storage options like google, dropbox, FTP, etc.

Make sure to always keep a backup of your files and database (especially your database, it stores all of your posts, comments, pages, etc.) on your computer, a separate hard drive, cloud storage, etc. It does you no good to have backups saved on your server if that server becomes inaccessible.

Don’t Use the Default Settings

Most of the time, when you install WordPress it automatically gives you the username ‘admin’. Hackers know this, so it can be unsafe because then all they have to do to get in is guess the password. Go to Users>Add New and add a new username for yourself. For the role, choose Administrator. Once you’ve added your new username, log out and log in as the new user. It’s better to have your nickname (what is displayed publicly on your blog) be different from your username, so you might want to edit your new user profile to change that. Then check the box next to the admin username and delete it. It will ask if you want to attribute all of admin’s posts to someone else, choose your new username. This will transfer all your posts over to the new username.

Don’t Advertise Your WordPress Version

This is very easy to find on any WordPress site and it can be a problem. Let’s say there’s a known vulnerability to a certain version of WP. They’ve released an update but you haven’t gotten a chance to upgrade your blog yet. Hackers can easily seek out blogs using this vulnerable version and exploit them.

Luckily, if you’re using a security plugin like Wordfence you can easily hide your version by going to Wordfence>All Options>General Wordfence Options and check “Hide WordPress Version.” Most other security plugins should have a similar options.

If you want to make absolutely sure your version isn’t showing, you can put this code in your the functions.php file of your theme:

function wpbeginner_remove_version() {
return '';
}
add_filter('the_generator', 'wpbeginner_remove_version');

Add Secret Keys to your wp-config.php

Open up wp-config.php and find this line:

define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value

Under it add these:

define('AUTH_KEY',         'PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS');
define('SECURE_AUTH_KEY',  'PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS');
define('LOGGED_IN_KEY',    'PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS');
define('NONCE_KEY',        'PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS');
define('AUTH_SALT',        'PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS');
define('SECURE_AUTH_SALT', 'PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS');
define('LOGGED_IN_SALT',   'PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS');
define('NONCE_SALT',       'PuT-in-A-bunCh-of-ranDom-leTTers,NumBers-and-syMbolS');

You need to put a different random string of characters in each line. You will never have to remember these, so make them as long and as random as possible. This handy site will generate a random string for your every time you refresh the page.

Make it Impossible for Search Engines to Index Core WordPress Files

It’s not a good idea to let search engines like google index every single part of your site, specifically your WordPress files. Say that a vulnerability is discovered in one of the files in the wp-admin folder. A hacker could just google that file name and the first site at the top of the list is the one he’s going to hack today. To prevent this simply open up notepad or an HTML/text editor and add this:

Header set X-Robots-Tag "noindex, nofollow"

Name it .htaccess and use an FTP program or the file manager through your web host’s control panel to upload the file to your wp-admin directory. If there’s already a file in there, then download the file and add the above rule to it. Then re-upload.

This not only disallows search engines from indexing private WP files, but also prevents them from indexing redundant files (which search engines can read as trying to spam them).

Thanks for Polemic Digital for this tip, you can read more about why this works over on their site.

Make Sure Your Database Password Is Not the Same As Any Others

Your wp-config.php is a very easy file to find. It has your database password sitting right inside it. You absolutely must make sure that your database password is completely different from your any other password you use. If you are using the same password for all, a hacker can easily find this file and get in everywhere. If it is the same, then it’ll probably be simpler for you to change your other passwords. But changing your database password isn’t too hard through cPanel (click on MySQL and add a new user and password, then assign that user to your WP database, then go and update your wp-config.php file with the new user info).

Alternately, you can make your wp-config.php file inaccessible. Edit the .htaccess file from your main WordPress directory and put this at the top:

<Files wp-config.php>
order allow,deny
deny from all
</Files>

For good measure, add this to protect the .htaccess file itself:

<Files .htaccess>
order allow,deny
deny from all
</Files>

Change the Database Prefix

This is really a recommendation for when you are setting up a new installation of WordPress. It’s not recommended for already installed blogs, especially for beginners as you can severely mess up your blog. But if you are setting up a new WP blog, it’s a simple thing you can do to help increase security. In the wp-config file, just look for the line that says:

// You can have multiple installations in one database if you give each a unique prefix
$table_prefix  = 'wp_';   // Only numbers, letters, and underscores please!

wp_ is the default prefix and hackers know this, so this is just another case of changing the default WP options. Change it to anything you want, though you’ll probably want to keep it short and random like kb_, cc_, ibc_, aba_, etc.

Confused? Get Help!

A lot of this is very basic, logical stuff to make your WordPress site more secure but if you’re new to WordPress some of it may seem overwhelming. If that’s the case for you and you’d like help with your site, we are offering a new service called a Website Audit. For a small fee, we will look over your site and make all the security improvements mentioned above, plus many more. We will also provide help and recommendations to improve your SEO, site speed and design.

Find out More about our Website Audits »

The post How to make your WordPress site more secure appeared first on Swank Web Design.

So to help others, I’m writing a list of the steps I take to fix a hacked website. Some of these steps are a bit advanced. You’ll need to know how to use FTP or the File Manager in your host’s cPanel. If that’s a bit too confusing for you Swank is always available to help!

CHANGE YOUR PASSWORDS

First things first, change your passwords FOR EVERYTHING. You’ll absolutely want to change your blog password and your FTP/control panel passwords (if they aren’t the same). But if you use the same or similar password for your email or anywhere else, you are going to want to change them as well. Even if you’ve never been hacked, it’s good practice to change your passwords regularly, at the very least yearly.

In my client’s case, the hacker was able to guess her password, which was a very simple name. DON’T DO THIS! Make your passwords as secure as possible and try not to use the same password for everything:

• Use a combination of letters and numbers as well as lowercase and uppercase and possibly even some symbols
• Try not to use recognizable names or dates/numbers
• 8-10 characters is a good length (though the longer the better)

Here’s a password trick I learned a while back that has been invaluable to me. It’s a way to make every password for every site you visit different, but also something that you can remember. First think of a good base using the rules I mentioned above, like: Xd5ye8*K

It may be hard to remember at first, but you are going to be typing it over and over so you should have no problem memorizing it eventually. Next, you’re going to add an identifier of the site your password is for, so you need to come up with a system. Examples of this could be the first four letters of the site name or the first two and last two. It doesn’t really matter how you want to do it, just come up with a rule that can be applied to all sites. Once you’ve done that add the letters to front or back of the base password you already came up with.

So for twitter, you password would be: twitXd5ye8*K. For gmail it would be gmaiXd5ye8*K. For facebook, faceXd5ye8*K, and so on.

DELETE/CHANGE YOUR USERS’ PASSWORDS

The hacker could have registered themselves as a user on you blog so that they could get in again. Or they could have changed the password for one of your users so they could log in under that username. Click on Users in your WP admin and look over the list of registered users. If you have too many users and don’t want to have to change them all, you might consider deleting them all (except for yourself, of course). People can always re-register.

Look for users with suspicious or spammy looking emails and delete them. Many of my blogs have been getting a lot of registration spam lately. Delete these users immediately, specifically if any of the users have an email address like xzy@mail.ru or anything else that looks random or generic.

If you don’t have a lot of users, then if may just be better in the long run to turn that option off altogether. Go to Settings and under Membership, un-check the box next to “Anyone can register”.

INSTALL A SECURITY PLUGIN

The one I use myself and install on my client’s sites is Wordfence Security. It’s the most popular security plugin because it’s a very good all-in-one security plugin with file scanning and a firewall.

To install, go to Plugins>Add New and search for Wordfence. Click the Install button and then click Activate.

Once installed, go to Wordfence>Dashboard. You will probably get a pop-up asking you to fill in your email address. You will want to do this so you get notified of any issues. At the top of the page you’ll see a notice like this: “To make your site as secure as possible, take a moment to optimize the Wordfence Web Application Firewall.” Click to start the configuration. It will ask you download a backup of your .htaccess, then click on Continue to finish up.

Next, you’ll want to go to Wordfence>All Options. Click on General Wordfence Options and make sure the Auto-update feature is checked. Also check “Hide WordPress Version.”

Next click on Email Alert Preferences. The only ones I generally keep checked are “Alert me with scan results for issues of this severity level: Critical” and “Alert me when there’s a large increase in attacks detected on my site.” The rest I find are unnecessary since Wordfence will be doing its job and you don’t need to be notified of every little thing.

Don’t forget to click the Save Changes button at the top of save your settings.

SEARCH YOUR THEME FILES

Next you’ll need to find whatever the hacker added and take it out. The first place to look, especially if you are a WordPress user, is your template. In your WP admin, click on Appearance and then Editor. A list of all your theme files will be down the right side.  The main ones you want to check are header.php, sidebar.php, footer.php and index.php, but you will want to check every single file listed for anything suspicious.

If you don’t want to look through every file yourself, you can also use the file scanner in the above mentioned Wordfence plugin to scan your site and find anything suspicious.

So what is suspicious code? Look for anything that looks like a bunch of garbled text/code, or maybe a bunch of links to spammy-looking sites. Specifically look for anything that uses the eval() command, base64_decode(), k1b0rg or keymachine.de and delete these lines of code. (It’s a good idea to back up your theme files before doing this in case you accidentally remove something important.)

UPGRADE/REPLACE YOUR WORDPRESS FILES

If you don’t have the most recent version of WordPress, upgrade immediately. Even if you are current, you should replace all your files with a fresh install in case the hacker modified any of the files or added any new files to your WP folders. This means completely removing your wp-admin and wp-includes folders and all of the wp-something.php files that are in the main WP directory. DO NOT remove wp-config.php or the wp-content folder. Everything else is replaceable, though.

CHECK FOR SUSPICIOUS FILES IN (AND AROUND) YOUR WORDPRESS DIRECTORY

You can access this via FTP or through your control panel file manager. Since you didn’t delete your wp-content folder, you will need to check this for suspicious files as well. The main place to look will be your uploads folder, where the pictures you upload to your blog are stored. For most WP blogs this is in wp-content>uploads. Look through all the files and make sure they are the right file extensions. Picture file extensions are .jpg, .gif, .png and bmp. Delete anything that isn’t one of these extensions unless you uploaded it yourself. Nothing with a .php file extension should be in your uploads folder. Those kinds of files are most certainly bad. Besides looking for weird file extensions, look for files that have strange/random names that you know you did not upload.

After checking your uploads folder go through and also check your plugins and themes folders for the same kind of files. Make sure to check the images folder in your themes. You may want to reinstall all your plugins as well to make sure none of them had been modified either.

Checking all these things may sound tedious, but if you know the exact day the hack happened, you can look for things that were added/modified on that day.

If this all sounds like Chinese to you (What’s a FTP?) I recommend contacting your web host. They should be able to scan your site and get rid of the infected files for you.

NOTIFY GOOGLE THAT YOUR SITE IS SAFE

Now that you’ve gotten everything removed and your site is safe again, how do you get google to remove that warning? When I visited my client’s hacked site in Firefox, it wouldn’t let me view it. It gave me a big red screen saying the site was dangerous. Unfortunately, this doesn’t automatically go away once you remove the malicious files. You need to notify google to re-scan your site and verify that it is safe again. You can do this by putting in your URL here: https://safebrowsing.google.com/safebrowsing/report_error/?hl=en

You can also request a review using Google Search Console (previously called Google Webmaster Tools). You have to register and verify your site first, so it’s a little more involved, but I you’ll get faster results if you go through the effort. Here’s some more info about that straight from Google.

In my next post I will talk about some of the things you can do to keep your site secure and prevent it from being hacked.

Go to Part 2 »

The post Fix a hacked website and prevent it from happening again appeared first on Swank Web Design.

There are several plugins that can add this feature for you, but the more plugins you have installed the slower your blog will be. So I always try to avoid unnecessary plugins if I can. Also, many of the plugin options are very basic and give you very little control over things like styling or where the list appears in your theme or even how they even figured out what was “related”.

Below I will show you how to add related posts by category, tag, or any other custom taxonomy. I’ll preface this by saying you should probably have some very basic knowledge about how to edit a theme in WordPress, but for the most part, you can copy the code directly and paste it into your templates. That’s it. For people that want to go further I’ll point out things that you can customize to your liking.

Before you Start:

If you are using a theme that you bought or downloaded for free, you should always create a child theme first so that you can upgrade your theme later without losing these customization.

The thumbnails are pulled from the featured image for each of your posts, so you may need to go back and set a featured image on your posts if you haven’t already. But don’t worry, if you don’t have any featured images set, this will still work, it just shows a text link instead of an image.

Step 1

First, you need to edit your functions.php file and add this code:

/**
 * Related posts
 * 
 * @global object $post
 * @param array $args
 * @return
 */
function swanky_related_posts($args = array()) {
    global $post;
 
    // default args
    $args = wp_parse_args($args, array(
        'post_id' => !empty($post) ? $post->ID : '',
        'taxonomy' => 'category',
        'limit' => 4,
        'post_type' => !empty($post) ? $post->post_type : 'post',
        'orderby' => 'date',
        'order' => 'DESC'
    ));
 
    // check taxonomy
    if (!taxonomy_exists($args['taxonomy'])) {
        return;
    }
 
    // post taxonomies
    $taxonomies = wp_get_post_terms($args['post_id'], $args['taxonomy'], array('fields' => 'ids'));
 
    if (empty($taxonomies)) {
        return;
    }
 
    // query
    $related_posts = get_posts(array(
        'post__not_in' => (array) $args['post_id'],
        'post_type' => $args['post_type'],
        'tax_query' => array(
            array(
                'taxonomy' => $args['taxonomy'],
                'field' => 'term_id',
                'terms' => $taxonomies
            ),
        ),
        'posts_per_page' => $args['limit'],
        'orderby' => $args['orderby'],
        'order' => $args['order']
    ));
 
    include( locate_template('related-posts-template.php', false, false) );
 
    wp_reset_postdata();
}

Step 2

Next, create a new file called related-posts-template.php and copy this into it:

<?php if (!empty($related_posts)) { ?>
    <div class="related-posts">
        <h3><?php _e('Related Posts', 'swanky'); ?></h3>
 
        <ul class="related-posts-list">
            <?php
            foreach ($related_posts as $post) {
                setup_postdata($post);
            ?>
            <li>
                <?php if (has_post_thumbnail()) { ?>
                    <div class="thumb">
                        <a href="<?php the_permalink(); ?>" title="<?php the_title_attribute(); ?>"><?php echo get_the_post_thumbnail(null, 'thumbnail', array('alt' => the_title_attribute(array('echo' => false)))); ?></a>
                    </div>
                <?php } ?>
                <h4><a href="<?php the_permalink(); ?>" title="<?php the_title_attribute(); ?>"><?php the_title(); ?></a></h4>
            </li>
            <?php } ?>
        </ul>
        <div class="clearfix"></div>
    </div>
<?php
}

Upload your updated related-posts-template.php file to your child theme folder.

Step 3

Now you need to decide where you’d like to add your related posts. You are always going to want to add it to your single post template, which is the page that has the full post including comments. But you may also want it to show up on your main page (index.php) and your archives (archive.php). If you do want this to show up on all three templates, generally you can just copy and paste the same code in the same spot on all of them, but some themes may have the archives or index page formatted differently. When in doubt just put it on the single post template and that’s probably enough.

You’ll probably want to insert your related posts at the end of post, before the comments start so look for this template tag:

<?php the_content(); ?>

Insert this directly under it:

<?php swanky_related_posts(); ?>

Customizing the Look

You may also want to style your thumbnails (add a border, spacing between them, etc.). Add this to your stylesheet (style.css) to get started:

ul.related-posts-list { 
	list-style-type: none; 
	text-align: center; 
	margin: 0 auto; 
	padding: 0; }
 
ul.related-posts-list li { 
	list-style-type: none; 
	display: inline-block; 
	margin: 0; 
	padding: 10px; 
	vertical-align: top; }
 
ul.related-posts-list li img.size-thumbnail { border: 1px solid #666; }
 
.clearfix { clear: both; }

Further Customizations

Show related posts using tags instead of categories:

<?php swanky_related_posts(array( 'taxonomy' => 'post_tag' ));?>

Change how many posts show up:

The default is set to show 4 posts, but you can show as many as you want.

<?php swanky_related_posts(array( 'limit' => 6 ));?>

Change the order of the posts:

By default, the related posts will show up in descending order (newer posts first), by date but there are many parameters to choose from.

Random order, older posts first:

<?php swanky_related_posts(array( 'orderby' => 'rand', 'order' => 'ASC' ));?>

Show posts with the most comments first:

<?php swanky_related_posts(array( 'orderby' => 'comment_count' ));?>

This post was originally written in 2009 but has been completely updated in 2019 to work with the newest version of PHP.

The post How to add Related Posts to your WordPress blog appeared first on Swank Web Design.

What I find funny is his rationalizing of why it’s okay for some blogs (*ahem* the one he’s writing on) to use partial feeds. The only instance in which I think it’s okay to offer a partial feed is if you offer a full feed as well. I have seen several blogs that offered a full feed with ads and a partial feed without ads. I have no problem with that, it even kind of makes sense. Although, I can’t imagine there are an overwhelming number of people that hate ads so much they would put up with the frustration of a partial feed. But different strokes, right?

You should respect your readers enough to let them choose how they want to view your site. Offering just a partial feed takes that choice away and more often than not, they won’t bother reading at all.

The post Full vs Partial Feeds appeared first on Swank Web Design.

The whole point of putting an external link on your site is to guide your audience to someone else’s site. It’s usually an act of kindness, not only toward the person you are linking to, but to the people reading your site, who you are sharing this link with. So isn’t it pretty hypocritical to make your links open in a new window? You’re saying “Here, go to this site, it’s awesome, but you’re not allowed to leave my site, because I’m more awesome.” If you don’t want people to leave your site, then you shouldn’t have external links at all. And if people want to stay on your site, then they will, they’re not going to stay just because you force them to leave the window open.

Not only that, but there are major usability issues with having your links open in new windows. I think a lot of people assume that everyone is on the same technological level as they are or maybe that most people know more than they do. “If I know how to do this, then everyone else does, too.” But that’s just not true. I’ve met people who think Internet Explorer is the internet (and it runs on a series of tubes…). No matter how simple a concept you think it is, there’s always someone that just can’t wrap their mind around it.

There are some things that most people understand, though. They understand what a link is and how it should work. When they click on a link they are expecting it to go to the new site. This is what they want to do, so by making the link open in a new window, you are actively ignoring their needs. People understand how the back button works, too. The back button is fundamental in any browser and most people use it liberally. What happens when you open a link in a new browser? Well, it resets the back button. You can’t go back. When someone clicks on a link they are expecting it to go to the new page and if they want to come back to your page they will just click the back button. This is how the internet is supposed to work. Instead a new window is going to pop up (which they are not expecting) and they are probably going to close the original window because who wants the clutter of having so many windows open? Then they’ll try to go back and realize they can’t because the back button doesn’t work anymore. So not only have you confused and frustrated someone, you’ve just lost a reader.

But, you say, “What about all the people who are technologically savy? They won’t be confused.” No, they won’t but I can bet that a lot will still be frustrated. If you are technologically savy then you already know how to make a link open up in a window, it’s very easy. So if people want to do that, then they will, they don’t need you to do it for them.

If you absolutely must have something open in a new window (there are a few instances where it may be necessary), then warn your readers about it so they’ll know what to expect. Make sure “opens in new window” is included in the actual link text (this is better for accessibility and usability). Add a little icon by the link to show that it will open in a new window. Give people a choice about it. Maybe the link works like normal, but the little icon opens in a new window. There are a lot of different options, just make sure your readers know what’s what.

In the end it’s always a bad idea to try to control how your readers view your site. People expect browsers to work a certain way and you shouldn’t try to change that. People will come back to your site if they want to, don’t make things more complicated for them.

The post Why links shouldn’t be opened in new windows appeared first on Swank Web Design.

I cannot hire you. I cannot pay you.

What I can do is encourage you. Your designs are absolutely charming! They are well thought out, clear, easy to read, and perfectly balanced. I used to do DTP work before I became my mother’s sole caretaker, so I do have a bit of experience from which to draw.

I hope you continue with your work. Your style, the way you present the content … just everything about the samples says READ ME! I’m sure thousands will.

Please accept my compliments, even though I don’t have a project for you. I think your designs are absolutely amazing! Thank you for creating them.

– Linda Penner

The post From the Mailbox appeared first on Swank Web Design.