A WordPress plugin that automatically posts content scraped from other websites has been discovered to contain a critical vulnerability that allows anyone to upload malicious files to affected websites. The severity of the vulnerability is rated at 9.8 on a scale of 1-10.
Crawlomatic Multisite Scraper Post Generator Plugin for WordPress
The Crawlomatic WordPress plugin is sold via the Envato CodeCanyon store for $59 per license. It enables users to crawl forums, weather statistics, articles from RSS feeds, and directly scrape the content from other websites and then automatically publish the content on the user’s website.
The plugin’s Envato CodeCanyon web page features a banner that notes that the author of the plugin has been recognized for having met “WordPress quality standards” and displays a badge indicating that it is “Envato WP Requirements Compliant,” an indication that it meets Envato’s “security, quality, performance and coding standards in WordPress plugins and themes.”
The plugin’s directory page explains that it it can crawl and scrape virtually any website, including JavaScript-based sites, promising that it can turn a user’s website into a “money making machine.”
Unauthenticated Arbitrary File Upload
The Crawlomatic WordPress plugin is missing a filetype validation check in all version prior to and including version 2.6.8.1.
According to a warning posted on Wordfence:
“The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the crawlomatic_generate_featured_image() function in all versions up to, and including, 2.6.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.”
Users of the plugin are recommended by Wordfence to update to at least version 2.6.8.2.
Site Kit by Google is a free WordPress plugin that connects your site to important tools like Analytics, Search Console, and Ads. After installing, it’s easy to verify your accounts, after which you see data in your dashboard. That data is nice to have, but it has limits, especially if you need detailed reports.
Table of contents
What is Site Kit by Google and why use it?
Site Kit by Google is a fundamental analytics tool that helps you answer questions like:
How many people are visiting your site?
What page do they land on first?
Which keywords did they search to find you?
Are your ads earning clicks?
With Site Kit, Google puts the data right into WordPress, so you don’t need to go digging around different platforms to seek your data. The tool gets its data straight from each service, and shows the most important data in clear graphs, tables, and a flexible, customizable Key Metrics widget.
Who is it for? (and when it’s not enough)
But Site Kit is not the analytics tool to rule them all in WordPress land. It covers the basics well, but it won’t work for everyone’s goals. What it does do is make it incredibly easy to set up and run various Google Analytics accounts.
Site Kit by Google works well for:
WordPress users who want to track basic performance
People who prefer not to use extra plugins or code
Site owners who manage everything themselves
But it may feel limited if you:
Run ads at scale and need conversion-level insight
Use custom events or eCommerce tracking
Want to control every aspect of your website’s scripts and tags
It covers the basics well, but it’s not built for advanced setups.
What does it look like?
After installing and connecting Site Kit, you’ll find a new menu item in your WordPress dashboard. Clicking this will lead you to the dashboard where most of the statistics and settings live. You’ll also notice a new drop-down menu when you visit posts on your site. Thanks to this drop-down, you can quickly see statistics for this specific article without having to open Analytics.
Overview dashboard
The Dashboard gives you an overview of how your site is performing. Of course, depending on what services you connect your site to, you might see something like this:
Traffic and engagement insights from Google Analytics
Clicks and impressions from search traffic provided by Search Console
An overview of the top-performing pages
Earnings from Ads or AdSense, if you run ads, that is
Site speed performance powered by PageSpeed Insights
An overview of how different groups compare, for instance, new vs. returning visitors
Some sections also show trend indicators like arrows or percentage changes compared to the previous period. This will help you spot trends and act upon them. Click on any source to open a more detailed view in the corresponding Google tool.
Part of the Site Kit dashboard showing various stats and the Key Metrics widget at the top
Key Metrics widget
You can set up the Key Metrics section the way you want. Site Kit will ask you a couple of questions about your site’s goals and what you want to focus on. Then, it will suggest metrics to show at the top of the dashboard. You can choose which blocks you want to see, such as top converting traffic sources, new visitors, recent trending pages, and much more.
Admin bar stats
After Site Kit is active, you’ll also see a small dropdown at the top of your WordPress admin bar when you’re viewing your site. Click it, and you’ll get a mini-report showing page-specific stats, including search impressions, clicks, and traffic over time.
Site Kit will help you quickly find out how your content is doing, straight from the WordPress admin bar
What Google services can you connect?
Once installed, you can connect the following tools. Two of them — Search Console and Google Analytics 4 — are enabled during the initial setup. You can connect:
Google Analytics 4
Search Console
AdSense
Reader Revenue Manager
Google Ads
Tag Manager
Google Analytics 4 (GA4)
Site Kit will add your GA4 tag automatically, after which it shows data such as:
The number of visitors
Sources of sessions (organic search, direct, referral)
Average engagement rate
Session durations
The data shown is summarized, so if you want custom reports or event tracking, you need to open GA4.
Visitor grouping is the newest addition to Site Kit by Google
Google Search Console
After installing and connecting, you’ll get some key data from Search Console right inside your WordPress dashboard:
The queries people searched to find your site
Number of clicks and impressions
Unique visitors from search
Page-level performance in search
This kind of data is very helpful for content optimization purposes and to inform your SEO strategy.
AdSense/Ads (monetization)
If you use Google’s systems to run ads, Site Kit can show data on ad impressions, top-earning pages, and estimated revenue from auto ads, for instance. Simply connect the services to see the data. Remember that it doesn’t replace the AdSense dashboards, but it does give you quick insights.
Reader Revenue Manager
Reader Revenue Manager is a Google tool for adding subscription and contribution options to your website. It’s designed for publishers and content creators who want to monetize their content through reader support, such as recurring memberships or one-time donations.
With Site Kit, you can connect Reader Revenue Manager to your WordPress site in just a few clicks. Once linked, it adds the necessary code to your site automatically, so you don’t need to add tags or install it manually. This feature is optional in Site Kit and is mostly used by publishers offering paywalled or premium content.
PageSpeed Insights
Site Kit runs a PageSpeed test directly inside WordPress. In the PageSpeed Insights section, you’ll see both lab data and field data. Lab data is based on simulated testing in a controlled environment and helps you identify performance issues during development. Field data, on the other hand, reflects how real users experience your site across different devices and network conditions. Together, they provide a balanced view of how your pages perform.
The report shows load performance scores, data on Core Web Vitals (like LCP and CLS). It also gives suggestions for improving speed. But it only tests your homepage and doesn’t include custom settings. For full reports, you can still visit PageSpeed Insights separately.
Tag Manager
You can link a Google Tag Manager container through Site Kit. This lets you manage third-party scripts (like Facebook Pixel or custom tracking tags) from one place. The plugin doesn’t give you a full interface for editing tags — you’ll do that inside the Tag Manager platform.
Managing Analytics in Site Kit by Google
For most site owners or managers, Analytics and Search Console are the most important Google tools. Site Kit makes it easy to set those two services up properly. Of course, you can also use existing accounts.
Enhanced measurement support
GA4 also has Enhanced Measurement, which tracks scrolls, outbound links, file downloads, and other actions automatically. If you activate these in your GA4 property, Site Kit can track them. Unfortunately, it’s not possible to choose which ones to turn on from inside WordPress; you need to go into your GA4 settings for that.
Event tracking and tag insertion
Site Kit doesn’t support event setup or tracking reports inside the WordPress dashboard. If you need full control over events, you have to use GA4 directly or use Tag Manager to set up the custom events.
Limitations of Analytics in Site Kit
You’ll probably understand by now that Site Kit is not a replacement for GA4 — it’s a neat tool that gives quick insights and nothing more. You don’t get access to funnel reports, attribution models, or filters. You can’t edit events or see predictive metrics, and there’s no support for GA4 audiences or Google Analytics 360.
What’s Enhanced Conversion tracking?
With Enhanced Conversions, you can connect Google Ads clicks to leads or form submissions. This improves the reporting of these events when users are on different devices or block cookies. After setting this up, Site Kit will detect form submissions and pass the data to Google Ads.
Site Kit currently supports some of the most popular WordPress contact form plugins, such as Contact Form 7, WPForms, and Ninja Forms. However, if you use an unsupported custom form, Site Kit can’t automatically add enhanced conversions.
Again, Site Kit has many limitations in this area. For instance, it doesn’t support purchase-based eCommerce conversions or offline conversions. It also doesn’t support pixel-level tracking, third-party forms, popups, and embedded forms. So, it’s specifically designed for simple lead form submissions.
Key Metrics widget for quick performance insights
Key Metrics are a very valuable addition as they give quick insights into data of your choosing. They’re quick to understand but not very in-depth. For key strategy decisions, you’re going to need more data.
This widget pulls together important GA4 and Search Console data into a block on your dashboard. You can choose which metrics to show and reorder them. To change your selection, click the Change metrics button in the corner of the Key Metrics section. You can also rerun the question from the Site Kit admin settings.
Each metric includes a figure and a trend comparison from the previous period. For example, you may see engagement is “up 6%” compared to the last 28 days. Click any of them to open the full source report in GA4 or Search Console.
The widget has limitations. It doesn’t show custom events or real-time reporting, campaign attribution breakdowns, or GA4-specific collections like audiences or conversions. The widget and Site Kit, in general, are for broad insights, not advanced analytics.
The Site Kit Key Metrics widget shows various data that you can tailor to your needs and goals
Is Site Kit by Google enough for your goals?
Site Kit is a good starting point for most WordPress users. It brings together valuable Google data without having to do much work. But whether it’s enough depends on whether you need to get from your analytics and tracking tools.
SEO and content insights
Site Kit is not an SEO plugin like Yoast SEO. However, you can get data from Search Console that will help you understand how people find your website in the search results. With this, you’ll form an understanding of which content works well and how your site performs in the search results.
However, as mentioned, it’s not an SEO plugin, so you need to install a tool like Yoast SEO to do much of the heavy lifting. Plugins like these help with most SEO tasks, like fixing technical issues, adding structured data, and improving your content.
Monetization
If you’re running ads, Site Kit shows basic ad metrics like impressions, estimated earnings, and top-earning pages. It helps you monitor your ads without having to log into another app.
It doesn’t support advanced ad setups, and you can’t manually place ads. It’s also not possible to optimize layouts based on behavior or run A/B tests to find the best ad format. If you’re working with multiple ad networks, you’ll need a tool that can do a lot more than Site Kit.
Marketing analytics
For reporting basics, Site Kit will do just fine. You can see trends in users, sessions, referral sources, and engagement time — all brought to you by Google Analytics 4.
However, Site Kit doesn’t give access to campaign statistics, UTM tracking, or event-based funnels. It also doesn’t offer the option to set goals or segment traffic by behavior. For these kinds of insights, you need to dive straight into GA4 or use a more in-depth reporting tool. If you run marketing campaigns, track conversions, or use CRM tools, Site Kit won’t provide enough data.
eCommerce and advanced use cases
For eCommerce, Site Kit won’t cut it. It doesn’t integrate with WooCommerce and doesn’t offer a revenue tracking option. It also doesn’t have access to carts, products, transactions, or customer behavior. There’s no way to measure things like average order value or conversion rates.
For advanced eCommerce tracking, you need to set this up in GA4 directly or use other methods to access this data. Site Kit doesn’t support this at all.
Should you use Site Kit by Google?
Site Kit is a good option if you want a free tool to view traffic, search, and performance statistics without having to set up a bunch of tools. It’s very easy to use and useful enough for small websites.
If you’re running a huge publication or an online store, need to track custom campaigns, or manage a large number of ad accounts, Site Kit won’t cut it. That’s not to say it’s useless for those cases. One of its biggest draws is that it makes setting up GA4, Search Console, Ads, and Tag Manager accounts incredibly easy. It’s a great starting point to build your analytic toolkit upon.
Edwin is an experienced strategic content specialist. Before joining Yoast, he worked for a top-tier web design magazine, where he developed a keen understanding of how to create great content.
10Web has launched an AI Website Builder API that turns text prompts into fully functional WordPress websites hosted on 10Web’s infrastructure, enabling platforms to embed AI website creation into their product workflows. Designed for SaaS tools, resellers, developers, and agencies, the API delivers business-ready sites with ecommerce features, AI-driven customization, and full white-label support to help entrepreneurs launch quickly and at scale.
Developer And Platform Focused API
10Web AI website builder API was designed for developers and platforms who serve entrepreneurs, enabling them to embed website creation into their own tools so that non-technical users (entrepreneurs and small business owners) can launch websites with zero coding or technical knowledge.
10Web describes their product capabilities:
“Text-to-website AI: Generates structure, content, sections, and visuals
Plugin presets: Define default tools per client, project, or vertical
Drag-and-drop editing: Built-in Elementor-based editor for post-generation control
Managed WordPress infrastructure: Hosting, SSL, staging, backups, and DNS
Dashboards & sandbox: Analytics, developer tools, and real-time preview”
A WordPress bug is causing WooCommerce sites to display a fatal error, crashing ecommerce sites. The problem originates from a single line of code. A workaround has been created. The WooCommerce team is aware of the issue and is working on issuing a permanent fix in the form of a patch.
WooCommerce Sites Crashing
Someone posted about the error at the WordPress.org support forums and others with the same problem replied that they were experiencing the same thing. Most of those responding reported that they had not recently done anything to their sites, that they had crashed all of a sudden.
The person who initially reported the bug offered a workaround for getting websites back up and running, an edit of a single line of code in the BlockPatterns.php file, which is a WooCommerce file.
Others reported receiving the same fatal error message:
“Uncaught Error: strpos(): Argument #1 ($haystack) must be of type string, null given in /var/www/site/data/www/site.com.br/wp-content/plugins/woocommerce/src/Blocks/BlockPatterns.php on line 251”
One of the commenters on the discussion posted:
“Same issue here.
It occurred in version 9.8.2, and upgrading to 9.8.3 didn’t resolve it. Downgrading to 9.7.1 didn’t help either.
The problem happened without any interaction with plugins or recent updates. Replacing the code at line 251 worked as a temporary workaround.
We’ll need to find a more stable solution until the WooCommerce team releases an official patch.”
Others reported that they received the error after updating their plugins but that rolling back the update didn’t solve the problem, while others reported that they hadn’t done anything prior to experiencing the crash.
Someone from WooCommerce support responded to say that the WooCommerce team is aware of the problem and are working to address it:
“Thank you for reporting this. It’s a known issue, and a temporary workaround has been shared here: https://github.com/woocommerce/woocommerce/issues/57760#issuecomment-2854510504
You can track progress and updates on the GitHub thread: https://github.com/woocommerce/woocommerce/issues/57760, as the team is aware and actively addressing it.”
Discussion On GitHub
The official WooCommerce GitHub repository has this note:
“Some sites might see a fatal error around class BlockPatterns.php, with the website not loading. This was due a bad response from Woo pattern repository. A fix was deployed to the repository but certain sites might still have a bad cache value.”
They also wrote:
“The issue has been fixed from the cache source side but certain sites were left with a bad cache value, we will be releasing patch updates to fix that.”
Last week, WordPress declared a “jubilee” and is unblocking all community members who were previously blocked. The official WordPress X (formerly Twitter) account posted a reminder that the unblocking is still ongoing.
“We’re clearing out all previous human blocks to create a more open and collaborative environment. While community and directory guidelines remain, consider any old blocks to be bugs that are on their way out.”
A similar post on the official WordPress site echoed the post on X:
“As I said, we’re dropping all the human blocks. Community guidelines, directory guidelines, and such will need to be followed going forward, but whatever blocks were in place before are now cleared. It may take a few days, but any pre-existing blocks are considered bugs to be fixed.”
WordPress appears to be using the word Jubilee in the sense of the Jewish and biblical tradition of a year of forgiveness.
The part about “Dropping all the human blocks” is similar to the Jewish jubilee in terms of forgiveness.
Moving forward, all pre-existing blocks will be considered “bugs” for fixing and everyone who is unblocked and those who were never blocked will still be subject to being banned should they fail to abide by WordPress community guidelines.
The post on X received a handful of responses.
Read the latest post on X:
We’re clearing out all previous human blocks to create a more open and collaborative environment. While community and directory guidelines remain, consider any old blocks to be bugs that are on their way out.
The humble robots.txt file often sits quietly in the background of a WordPress site, but the default is somewhat basic out of the box and, of course, doesn’t contribute towards any customized directives you may want to adopt.
No more intro needed – let’s dive right into what else you can include to improve it.
(A small note to add: This post is only useful for WordPress installations on the root directory of a domain or subdomain only, e.g., domain.com or example.domain.com. )
Where Exactly Is The WordPress Robots.txt File?
By default, WordPress generates a virtual robots.txt file. You can see it by visiting /robots.txt of your install, for example:
https://yoursite.com/robots.txt
This default file exists only in memory and isn’t represented by a file on your server.
If you want to use a custom robots.txt file, all you have to do is upload one to the root folder of the install.
You can do this either by using an FTP application or a plugin, such as Yoast SEO (SEO → Tools → File Editor), that includes a robots.txt editor that you can access within the WordPress admin area.
The Default WordPress Robots.txt (And Why It’s Not Enough)
If you don’t manually create a robots.txt file, WordPress’ default output looks like this:
There are now dated suggestions to disallow some core WordPress directories like /wp-includes/, /wp-content/plugins/, or even /wp-content/uploads/. Don’t!
Here’s why you shouldn’t block them:
Google is smart enough to ignore irrelevant files. Blocking CSS and JavaScript can hurt renderability and cause indexing issues.
You may unintentionally block valuable images/videos/other media, especially those loaded from /wp-content/uploads/, which contains all uploaded media that you definitely want crawled.
Instead, let crawlers fetch the CSS, JavaScript, and images they need for proper rendering.
Managing Staging Sites
It’s advisable to ensure that staging sites are not crawled for both SEO and general security purposes.
You should still use the noindex meta tag, but to ensure another layer is covered, it’s still advisable to do both.
If you navigate to Settings > Reading, you can tick the option “Discourage search engines from indexing this site,” which does the following in the robots.txt file (or you can add this in yourself).
User-agent: *
Disallow: /
Google may still index pages if it discovers links elsewhere (usually caused by calls to staging from production when migration isn’t perfect).
Important: When you move to production, ensure you double-check this setting again to ensure that you revert any disallowing or noindexing.
Clean Up Some Non-Essential Core WordPress Paths
Not everything should be blocked, but many default paths add no SEO value, such as the below:
Sometimes, you’ll want to stop search engines from crawling URLs with known low-value query parameters, like tracking parameters, comment responses, or print versions.
You can use Google Search Console’s URL Parameters tool to monitor parameter-driven indexing patterns and decide if additional disallows are worthy of adding.
Disallowing Low-Value Taxonomies And SERPs
If your WordPress site includes tag archives or internal search results pages that offer no added value, you can block them too:
If you use tag taxonomy pages as part of content you want indexed and crawled, then ignore this, but generally, they don’t add any benefits.
Also, make sure your internal linking structure supports your decision and minimizes any internal linking to areas you have no intention of indexing or crawling.
Monitor On Crawl Stats
Once your robots.txt is in place, monitor crawl stats via Google Search Console:
Look at Crawl Stats under Settings to see if bots are wasting resources.
Use the URL Inspection Tool to confirm whether a blocked URL is indexed or not.
Check Sitemaps and make sure they only reference pages you actually want crawled and indexed.
In addition, some server management tools, such as Plesk, cPanel, and Cloudflare, can provide extremely detailed crawl statistics beyond Google.
Lastly, use Screaming Frog’s configuration override to simulate changes and revisit Yoast SEO’s crawl optimization features, some of which solve the above.
Final Thoughts
While WordPress is a great CMS, it isn’t set up with the most ideal default robots.txt or set up with crawl optimization in mind.
Just a few lines of code and less than 30 minutes of your time can save you thousands of unnecessary crawl requests to your site that aren’t worthy of being identified at all, as well as securing a potential scaling issue in the future.
GoDaddy launched a new partner program called GoDaddy Agency that matches web developers with leads for small to mid-sized businesses (SMBs). It provides digital agencies with tools, services, and support to help them grow what they offer their customers.
The new program is available to U.S. based freelancers and web development agencies. GoDaddy offers the following benefits:
Client leads Partners are paired with SMBs based on expertise and business goals. GoDaddy delivers high-intent business referrals from GoDaddy’s own Web Design Services enquiries.
Commission revenue opportunities Partners can earn up to 20% commission for each new client purchases.
Access to premium WordPress tools
Co-branded marketing Top-performing partners benefit from more exposure from joint marketing campaigns.
Dedicated Support Every agency is assigned an Agency Success Manager who can help them navigate ways to benefit more from the program.
Joseph Palumbo, Go-to-Market and Agency Programs Director at GoDaddy explained:
“The GoDaddy Agency Program is all about helping agencies grow. We give partners the tools, support, and referrals they need to take on more clients and bigger projects—without adding more stress to their day. It’s like having a team behind your team.”
For WordPress Developers And More
I asked GoDaddy if this program exclusively for WordPress developers. They answered:
“GoDaddy has a wide variety of products to help make any business successful. So, this isn’t just about WordPress. We have plenty of website solutions, like Managed WordPress, Websites + Marketing or VPS for application development. Additionally, we have other services like email through Office 365, SSL certificates and more.”
Advantage Of Migrating Customers To GoDaddy
I asked GoDaddy what advantages can a developer at another host receive by bringing all of their clients over to GoDaddy?
They answered:
“First, our extensive product portfolio and diverse hosting selection allows agencies to house all and any projects at GoDaddy, allowing them to simplify their operations and giving them the opportunity to manage their business from a single dashboard and leverage a deep connection with a digital partner that understands their challenges and opportunities.
On top of that, there’s the growth potential. Every day, we get calls from customers who want websites that are too complex for us to design and build. So, we have created a system that instead of directing those customers elsewhere, we can connect with Web agencies that are better suited to handle their requests.
If a digital agency becomes a serious partner and the work they do meets our standards, and they have great customer service , etc. we can help make connections that are mutually beneficial to our customers and our partners.”
Regarding my question about WordPress tools offered to agency partners, a spokesperson answered:
“We have a wide variety of AI tools to help them get their jobs done faster. From website design via AI to product descriptions and social posts. Beyond our AI tools, agency partners that use WordPress can work directly with our WordPress Premium Support team. This is a team of WordPress experts and developers who can assist with anything WordPress-related whether hosted at GoDaddy or somewhere else.”
Takeaways
When was the last time your hosting provider gave you a business lead? The Agency partner program is an innovative ecosystem that supports agencies and freelancers who partner with GoDaddy, a win-win for everyone involved.
It makes sense for a web host to share business leads from customers who are actively in the market for web development work with partner agencies and freelancers who could use those leads. It’s a win-win for the web host and the agency partners, an opportunity that’s worth looking into.
GoDaddy’s new Agency Program connects U.S.-based web developers, freelancers and agencies with high-intent leads from small-to-mid-sized businesses while offering commissions, tools, and support to help agencies grow their client base and streamline operations. The program is a unique ecosystem that enables developers to consolidate hosting, leverage WordPress and AI tools, and benefit from co-marketing and personalized support.
Client Acquisition via Referrals: GoDaddy matches agency partners with high-intent SMB leads generated from its own service inquiries.
Revenue Opportunities: Agencies can earn up to 20% commission on client purchases made through the program.
Consolidated Hosting and Tools: Agencies can manage multiple client types using GoDaddy’s product ecosystem, including WordPress, VPS, and Websites + Marketing.
Premium WordPress and AI Support: Partners gain access to a dedicated WordPress Premium Support team and AI-powered productivity tools (e.g., design, content generation).
Co-Branded Marketing Exposure: High-performing partners receive increased visibility through joint campaigns with GoDaddy.
Dedicated Success Management: Each partner is assigned an Agency Success Manager for personalized guidance and program optimization.
Incentive for Migration from Other Hosts: GoDaddy offers a centralized platform offering simplicity, scale, and client acquisition opportunities for agencies switching from other providers.
WordPress is a popular choice when it comes to building ecommerce websites. Currently, over 4 million live stores are powered by WooCommerce, which runs on the WordPress platform.
The platform offers countless benefits for online sellers. So, it’s easy to see why so many ecommerce merchants choose WordPress for their business.
But, is it really the best choice for your business?
Let’s review some of WordPress’s pros and cons before making that decision.
WordPress For Ecommerce
Many big brand, successful ecommerce websites run on WordPress. But, should you trust WordPress’s capabilities to run an online store?
WordPress has some very obvious benefits for ecommerce sellers, but that’s not to say there are no downsides. You have to keep both the benefits and the downsides in mind before deciding whether or not you want to move forward with WordPress.
The Benefits
WordPress has a tight-knit, supportive community and lots of help available for whoever needs it.
The platform also empowers its users with powerful performance-tracking insights and optimization opportunities, which are not the only benefits of using WordPress for ecommerce.
There are more:
No Transaction Costs
If you are building an ecommerce store, you will be making some transactions on the website.
Some website builders and ecommerce platforms keep a percentage of every transaction that happens on the website as a fee. WordPress does not do that.
When using WordPress, you only have to pay the payment processing fee to your payment gateway provider. The website builder won’t charge anything.
This may make selling online using WordPress more cost-effective, especially for smaller businesses.
Besides that, WordPress also integrates seamlessly with numerous payment gateways apart from the most popular ones. You can use PayPal and Stripe, but WordPress also supports other, less popular, regional payment gateways.
WordPress Is Free
There’s no monthly subscription involved when it comes to WordPress.
You have to pay for the hosting, domain, and added functionality, but getting started is free.
This is unlike other platforms, which have a flat fee that you have to pay upfront before you can even get a feel for the platform.
Enhanced Customization
Your website needs to be visually appealing and stand out from the crowd. This will help you reinforce your unique brand identity and deliver a more memorable experience.
Unfortunately, many ecommerce platforms offer cookie-cutter websites that have the same layout and visual look and feel. This can make it harder for your brand to stand out and be unique.
WordPress, however, has thousands of themes that allow you to customize your site according to your business’s unique personality.
When you build a WordPress website, you also get access to the source code. This enables you to take your customization beyond simply adjusting the theme and transform every aspect of the website. The only requirement: development expertise.
WordPress also has thousands and thousands of plugins. These plugins can help you not just customize your website however you want, but also offer functionality that boosts the experience your business delivers online.
Website Ownership
Lots of hard work and resources have gone into launching your ecommerce store. You want to keep it under your ownership and wish to reserve the right to move it whenever you want to.
With WordPress, this is possible.
You have complete ownership of the website you build using WordPress. This includes the website content, as well as all its data and files, and you can use them as you please.
Flexibility In Hosting Options
Many popular ecommerce platforms provide managed hosting, which is great, but it can get problematic when your business grows or your priorities and goals evolve.
WordPress offers hosting as well, but it also allows you to buy hosting from third-party providers, so you can host your website wherever you want.
This flexibility in hosting options allows you to switch hosting providers as your business grows.
Not being tied to one hosting provider also allows you to take your website elsewhere if performance drops because of server issues on the host’s side.
Scalability
Your ecommerce business will eventually grow. It will attract more traffic and you’ll make more sales, so you need a website that can grow with you and support your plans.
With numerous plugins and hosting flexibility, WordPress offers the scalability you need when running a fast-growing business.
SEO-Friendly
About 33% of all traffic to ecommerce websites comes from organic searches. You know what this means: You cannot skip SEO when optimizing your website.
As amazing as your SEO strategy may be, it needs your ecommerce platforms support it.
The good thing about WordPress is that it has features and plugins to support your SEO efforts and boost its outcomes.
Marketing Integrations
SEO is just one part of your marketing strategy. There are other tactics you need to implement to maintain your growth trajectory.
WordPress supports numerous marketing integrations to help your email and social media marketing efforts.
It also has plugins for customer engagement and social proof to make sure your ecommerce store has everything it needs to generate value.
The Downsides
As amazing as WordPress may be for ecommerce, it has some downsides that you need to know before deciding whether you want to use it for your ecommerce store.
WordPress Is Not Very User-Friendly
Getting started on WordPress is free. It may be simple, too. However, running a successful ecommerce store on WordPress requires technical expertise.
There’s a learning curve involved in doing anything more than logging into WordPress to get started.
Support is available, and you can easily access hundreds of tutorials and help blogs, but learning to build a WordPress website from scratch with online tutorials requires time and effort.
Needs Regular Updates
WordPress’s core software, as well as the plugins, all get frequent updates. In most cases, you have to install these updates manually to make sure your website is up-to-date.
Failing to follow these updates can make your website more vulnerable to threats and increase the risk of it getting hacked or ransomed.
If you own or manage a WordPress website, you will have to spend time tracking all these updates and installing them promptly to avoid the risk of exploitation.
Securing The Website Is Your Responsibility
WordPress’s popularity and the large number of themes and plugins an average website uses make WordPress websites more vulnerable to security breaches.
While WordPress has a security team that constantly checks for security vulnerabilities in the core software and releases patches and updates, you have to install these updates on time to secure your website and avoid the risk of hacking.
Nearly 70% of WordPress websites run the latest version of the software, so 30% are at risk of vulnerabilities.
Manually tracking updates all the time and installing them is labor-intensive. That is why many business owners fall short and end up running a website that is more at risk of an attack.
Plugins Can Create Problems
WordPress plugins help you customize your website and offer enhanced functionalities, but they also have their own set of problems.
For one, installing too many plugins can bloat the code of your website and slow it down. In the ecommerce world, every second that your website fails to load properly means missed business.
Second, just like the core software, plugins also get security patches and updates that need to be installed.
Falling short on this end can lead to plugins introducing backdoor pathways into your website that malicious actors can exploit.
Even if you are all caught up on the updates, the plugins, unless thoroughly vetted before download, can be sketchy and make your website more vulnerable to attacks.
Plugins were responsible for 97% of all new security vulnerabilities in WordPress websites.
WordPress Is Not An Ecommerce Platform
WordPress is a content management system. It can support ecommerce websites, but it is not built to do that.
Other ecommerce platforms like Shopify and BigCommerce are built to help you sell online.
This is why WordPress may have some limitations when it comes to ecommerce, especially if compared with other big ecommerce players.
That’s not to say WordPress can’t do ecommerce. It can. You’ll just have to research and add a variety of plugins and manage the website well to maximize your chances of success.
WordPress Vs. Shopify And BigCommerce
Shopify and BigCommerce are also popular choices for building ecommerce websites.
How does WordPress fare against them? Is it better? Is it worse?
The truth is Shopify and BigCommerce are both managed platforms. They are designed to help people with no coding knowledge build and launch their ecommerce websites easily.
This is why, while WordPress may have a learning curve, Shopify and BigCommerce are both more user-friendly and easier to use.
However, WordPress still leads in customization and flexibility. Shopify and BigCommerce both have themes and apps with upgraded functionality and visual appeal, but they are limited compared to WordPress.
Final Word
WordPress has all that you need to build an ecommerce store. It supports payment gateways, has no transaction fee, and offers many plugins, but all of these benefits come with some downsides.
Managing a WordPress website can be time-consuming. There may be a learning curve involved, and if you slack on updates, your website may develop security vulnerabilities.
So, the choice between WordPress and some other managed ecommerce platform comes down to your business, goals, and priorities.
If you have the technical expertise and resources to dedicate to managing, maintaining, and updating a WordPress site, it may be a good option for you.
If you want a platform that makes building and running an ecommerce platform a breeze, you may want to look into other options.
On April 15th, 2025, WordPress 6.8 was released. This release, named Cecil, is aimed at bringing more control when it comes to the design of your website. It also comes with features that improve performance and enhance security for users and developers. Let’s dive into a few of the highlights in this latest release.
The Style Book for Classic themes
The Style Book, previously exclusive to block-based themes, is now accessible for Classic themes that have editor-styles or a theme.json file. It also comes with a new look and a few new settings to play around with. You can find this feature, or see if you have access to this feature, by going to Appearance > Design > Styles in your vertical navigation bar on the left side.
The Style Book shows the design elements of your site.
This tool gives you an overview of your site’s design elements, including colors, typography, and block styles. Just scroll down to have a look at all the design elements and whether you’re happy with everything design-wise.
Increasing performance with speculative loading
WordPress 6.8 introduces speculative loading, a feature that leverages the Speculation Rules API to prefetch or prerender pages based on user interactions. When someone clicks on a link, this page can now be preloaded. This anticipatory loading results in faster page transitions and a smoother browsing experience.
Of course, WordPress will not load everything as this would compromise performance if it becomes too much. This feature aims to keep a balance between speed and efficiency in choosing which pages to load. Developers can customize this behavior by using a plugin or writing code if they want it to act differently. It’s also good to know that this feature only works in newer browsers.
This feature is part of a longer list of enhancements focused on performance and speed, for both editing and browsing. Without going into too much detail, this update comes with improvements to the block editor, query caching and shorter interactions thanks to the Interactivity API.
WordPress 6.8 brings a few new enhancements to the design and editing experience. We’ll go into a few of them, such as the improved global styles panel, the option to turn image blocks into featured images and new density settings in table layouts.
Global styles panel
The Global Styles Panel in the full site editor has had an update, making it easier than ever to give your website a cohesive and polished look. Now, users can tweak typography, colors, and layout settings for their entire site — all from one convenient place. Whether you’re adjusting heading sizes, setting your brand colors, or fine-tuning spacing, this central hub helps you manage your site’s design without having to dive into custom CSS or theme files.
Set image blocks as featured images
One of the most welcome little updates in WordPress 6.8 is the ability to turn any image block directly into a featured image with a single click. No more uploading the same image twice — once in the content and once for the featured image. If you’ve already added a perfect image to your post, you can now designate it as the featured image straight from the block editor, which simplifies your workflow and saves time.
Simply select any image in your post and click ‘Set as featured image’
Density options for your tables
WordPress 6.8 introduces new density settings for table-based layouts, particularly useful when you’re managing data-heavy content like tables in the admin or Data Views. With these new controls, you can choose how compact or spacious you want your table rows and cells to appear, depending on your personal preference or the type of content you’re handling. Whether you prefer a minimal, airy look or a dense, info-packed table, WordPress now gives you the flexibility to adjust it to suit your needs.
Under-the-hood improvements
Beyond the user-facing features, WordPress 6.8 includes a lot of enhancements under the hood. Let’s check out a few highlights.
Higher security with bcrypt
Although less visible, this feature is one to get excited about as well. As it brings a significant boost to security. The system is moving away from the MD5-based system for password hashing and transitioning to bcrypt. This change improves overall password security and requires no action from you or your users. It’s automatically implemented and will make it a lot harder to crack passwords.
Efficient block type registration
The new release introduces a new function that makes registering multiple block types much easier for developers. Instead of writing separate code for each block, plugin and theme creators can now register a whole collection of blocks in one go. This not only reduces repetitive code but also helps keep projects organized and easier to maintain, making life simpler for developers and creating fewer opportunities for bugs.
Internationalization improvements
With WordPress powering sites across the globe, internationalization is always a priority. This release ensures that error messages generated by PHPMailer (WordPress’s email handling system) are properly localized, so users see helpful and understandable messages in their language. Additionally, any plugin update notifications sent via email will now respect the site administrator’s selected language, making routine updates more user-friendly for non-English speakers.
Accessibility enhancements
WordPress 6.8 continues the platform’s commitment to making websites more inclusive by improving accessibility across the board. One of the key changes in this release is the removal of redundant title attributes, which were often unnecessary and could cause confusion for users relying on screen readers.
This small but meaningful update helps streamline the browsing experience for people using assistive technology, ensuring that WordPress websites are more welcoming and accessible to all visitors. Other than that, there are over 100+ accessibility fixes and enhancements in this release.
Update your site to WordPress 6.8
Those are a few of the features that you’ll find in this latest release. There’s a lot of focus on enhancing the overall user experience and refining existing functionalities. Whether you’re a developer or website manager, this update is meant to make your life a bit easier and your website more secure and performant. Read the official WordPress release post for more information on this newest version of WordPress. Or, if you’re curious to see these features in action, update to the newest version and try them out yourself!
One of the scariest things that can occur with a WordPress user is that you install a plugin, and upon activation, you get a white screen of death.
This screen, where your beautifully crafted website once lived, is now plain white or produces a line or two of unformatted text.
A plugin conflict is when you have two plugins installed, and while they both work fine, running them together breaks the site.
It usually happens when plugins run in tandem, and they both come packaged with the same or similar library functions. There’s a naming conflict, and PHP produces an error.
This article will discuss how to fix them.
Plugin Conflicts Are Becoming More Rare
First of all, plugin conflict: where somebody installs a plugin that conflicts with another plugin, is becoming more rare.
WordPress, in the last few years, has introduced protections in place that means if an error does occur, rather than activate the plugin fully, it’ll backtrack automatically, provide an error, and leave the plugin deactivated.
For the majority of users, this is what they see.
The plugin “Broken Plugin” is unable to be activated within WordPress as it generates a fatal error. (Image from author, March 2025)
At this point, an investigation should be done in a staging environment with this plugin, but unless it’s a unique plugin, an alternative may need to be found that doesn’t conflict with your setup.
Plugin conflicts tend to occur when you install a Must Use (MU) plugin via a service like FTP, an update to one or more plugins takes place, or you have a custom plugin activated and changes are pushed to the server.
I’ll walk you through my process of resolving plugin conflicts.
Do You Have Access To WordPress?
To begin, the first question you should ask is if you have access to WordPress.
If you do, conventional wisdom dictates that the course of action to take is to deactivate all plugins and switch to a default theme, to try and troubleshoot where the problem occurs.
If you are doing this on a live site, this isn’t ideal, as the site may still have a lot of functionality.
A different approach is to install the Health Check and Troubleshooting plugin. Installing this plugin would allow you to run a version of the site with a default theme, and no plugins installed.
Simply activate each plugin in turn until you identify the one that is causing the issue and then leave that one deactivated.
Make sure the theme is the last thing activated, as custom themes could use functionality in plugins that could bring down the site.
If You Don’t Have Access To WordPress
If you don’t have access to WordPress, then there could be a bit of a process in order to diagnose and fix the problem.
This approach is what I take as best as I can when diagnosing plugin conflicts. It can be done in any order, depending on your knowledge and what you have access to.
Have Access To The Administrative Email? You May Get An Email
If you have access to the administrator email with WordPress (set in Settings > General), you may receive an email.
This will allow you to put the site into Recovery Mode. From there, you can log in, and it will identify the plugin that has the issue, and you can deactivate it.
WordPress recovery mode with the plugin conflict highlighting Hello Dolly, as where the conflict lies. (Image from author, March 2025)
Check The Hosts’ Log File
The first step would be to check the host’s log file.
Depending on the host, it may be easily visible in your host’s dashboard or from within cPanel, but if you only have a file browser, they tend to be put outside of the /public_html/ or /www/ (which are publicly available). Usually, one level up in a file called /logs/ tends to be where it’s located.
Should you find the file (it should have a name like error_log), download it and search for any Fatal Error within the document, maybe towards the bottom.
Within the error message, you should have a couple of file locations that will dictate where the file issues occur.
No Logs? You May Need To Activate Them
If you have FTP/SFTP access to the site but no logs, you may need to activate them.
Within the root directory of WordPress, add the following lines to the wp-config.php file.
This will create a file debug.log within the wp-content/ folder. From there, you can see the errors in this file.
Security Tip: The debug.log will be publicly visible, so once you’ve fixed the issue, remove these lines from wp-config.php and delete the debug.log file.
Resolving These Plugin Conflicts
Whichever method you use, your logs should produce lines like this below:-
Fatal error: Cannot redeclare hello_dolly_get_lyric() (previously declared in/wp-content/plugins/broken-plugin/index.php:17) in /wp-content/plugins/hello-dolly/hello.php on line 46
Each element means:
“Fatal Error” determines the error. A fatal error in PHP means that the site immediately stops working. You can get other errors or warnings.
“Cannot redeclare hello_dolly_get_lyric()” is the fatal error. In this case, there are two PHP functions with the same name (hello_dolly_get_lyric()). This is the basis of the plugin conflict.
“/wp-content/plugins/hello-dolly/hello.php on line 46” tells you where this error occurs. While the line number isn’t important (unless you’re coding yourself), it does tell you the plugin where the plugin error occurs – in this case, “hello-dolly”.
The next step is to manually change the plugin.
In your chosen FTP programme or file manager, go to the plugin folder within WordPress – /wp-content/plugins/ in this case – and rename the plugin folder (in this case, change “hello-dolly” to “broken-hello-dolly”). This will deactivate the plugin when you next log into WordPress.
The plugin “Hello Dolly” has been deactivated due to it not existing. In reality, it’s been renamed so WordPress can’t find it. (Image from author, March 2025)
It’s a good idea not to delete the WordPress plugin if you can prevent it. This will force the deactivation of the plugin in question.
From there, you can investigate the two plugins and identify why the two functions are called twice.
For Developers: Good Practice Can Prevent Plugin Conflicts
If you are a developer building WordPress sites, following good practice can prevent plugin conflicts.
Here are some tips for preventing your plugin or WordPress sites from having plugin conflicts with other plugins out there:
If you are not using PHP Namespaces, then I’d recommend naming your classes or functions with a prefix. Something like plugin_name_function_name can prevent similar functionality from having the same function name. Try to make them unique (so don’t use wp_ as a prefix).
Using function_exists around your functions to prevent your functions from loading if they already exist.
If you are importing functionality, using class_exists can check to see if the class has already been loaded.
Loading your functionality late, so naming your plugin folder with a late alphabet letter is useful. Not every developer follows the same approach as you!
If you are building on one site, make sure your server setup is the same (or as close to being the same) as the live environment.
You’re never going to completely guarantee your plugin or theme doesn’t conflict with the millions of plugins that exist in the WordPress space.
However, by following the above steps, you can minimize conflict as much as possible, and simple changes to your code writing can prevent a world of debugging hell later.
