Weekly News for Designers № 625

Envato Elements

75 Web-Based Tools for Web Designers – A huge collection of time-saving apps and tools that will help with many of the web design tasks you will need to perform from time to time.
Web-Based Tools for Web Designerss

The surprising behavior of “important CSS custom properties” Written by Stefan Judis.
The surprising behavior of important CSS custom properties

The CSS :has() selector is way more than a “;Parent Selector” Written by Bramus Van Damme.
CSS :has() selector

How Novice Designers Can Improve Their Client Rosters – advice on what all you young designers out there can do to get in on the more high-paying projects in the design industry.
How Novice Designers Can Improve Their Client Rosters

Consistent, Fluidly Scaling Type and Spacing – Learn how to combine a classic design practice (sizing scale) and a modern CSS feature (clamp()) to make for much simpler CSS.
Consistent, Fluidly Scaling Type and Spacing

Glitch Image Generator – A new, useful tool that allows you to create and save unique glitchy images.
Glitch Image Generator

Alternate Column Scroll Animation – Learn how to create a grid layout with columns that scroll in opposite directions.
Alternate Column Scroll Animation

UI Design Trends for Web & Mobile – Take a look back at what was popular in UI/UX design for websites and mobile applications in 2021.
UI Design Trends for Web & Mobile

Wrapping text inside an SVG using CSS – Written by Jay Freestone.

Web Performance Cheat Sheet – A list of key things to consider when improving your website’s performance.
Wrapping text inside an SVG using CSSWeb Performance Cheat Sheet

Claymorphism in User Interfaces – There is a new design trend emerging and this time it’s also stepping outside of the UI world and into the art space.
Claymorphism in User Interfaces

Grow Your Web Design Business – By following these simple methods you may be able to jumpstart growth and expand your web design business.
Grow Your Web Design Business

The Many Methods for Using SVG Icons – Chen Hui Jing delves into the myriad of options for using SVG icons.
The Many Methods for Using SVG Icons

Box Shadows – A curated collection of beautiful copy & paste box shadows for TailwindCSS.
Box Shadows

metaSEO – A free web-based tool for quickly generating meta tags for your website or content.
metaSEO

Emoji Plate – A Emoji collection that gets you the emojis that you have never seen before.
Emoji Plate

The post Weekly News for Designers № 625 appeared first on Speckyboy Design Magazine.

The 10 Best Free Security Plugins for WordPress

WordPress is now powering over 40% of all websites. That’s a testament to its flexibility, ease-of-use and loads of free plugins and themes that are available. But that also means WordPress has a gigantic target on its back from malicious hackers and bots.

They’re constantly scanning for outdated installations and zero-day vulnerabilities. Brute-force login attacks hit even the most lightly trafficked sites.

It has become absolutely imperative that site owners take extra security measures. Some of that is done at the server level, but you can do plenty within WordPress itself. In fact, there are a plethora of free plugins out there that will harden WordPress and provide you with an extra layer of protection.

Limit Login Attempts Reloaded

Brute-force login attacks are such a nuisance that there is a whole category of plugins dedicated to stopping them. Limit Login Attempts Reloaded can help you take control of the situation. It provides the ability to set login limits and block offending IP addresses for a specified amount of time.

Additionally, you can choose to be notified when an IP is blocked. That may be a bit overwhelming for sites that see a lot of attacks. Thus, it might be more efficient to periodically check the log of blocked attempts.

Limit Login Attempts Reloaded

Sucuri Security

Sucuri Security includes a suite of features aimed at keeping site administrators informed. The plugin will scan your files for suspicious code, known vulnerabilities, and notify you of any issues it finds. In addition, your site will be checked against blocklist engines and will report if it has been flagged.

You’ll also find a helpful log of security-related activities, helping you keep track of changes made to your site. Level up to the premium version to activate a firewall, performance optimization and more.

Sucuri Security

WordFence

With millions of active installs, WordFence is one of the most popular plugins out there. It will routinely scan your install for malicious code and has a real-time firewall that will help secure your site from known (and unknown) threats.

Advanced features like IP blocking and brute-force login protection can give site owners some peace of mind. The premium version includes country blocking, two-factor authentication, and the firewall is updated in real time.

WordFence

JetPack

The WordPress jack-of-all-trades, JetPack has added some great security features in recent years. Brute-force login protection is included (and will proudly display how many malicious login attempts have been thwarted on the WP Dashboard).

There’s also a single sign-on feature that works with your WordPress.com account.  Paid plans add spam blocking, malware scanning, and more.

JetPack

iThemes Security

This security suite (in plugin form) will protect your site with brute-force protection, file change detection, requiring users to implement strong passwords, and even help you run your entire site in SSL. A Pro version enables malware scanning, password expiration, and much more.

iThemes Security

All In One WP Security & Firewall

This plugin will scan your site’s user accounts to ensure that a user’s username and display name aren’t identical – a key method bots use to grab logins. User registration can also be set for admin approval – meaning you’ll have the ability to reject accounts you don’t trust.

You’ll also find brute-force protection, a firewall, malware scanning, and protection for configuration files.

All In One WP Security and Firewall

BulletProof Security

BulletProof Security will provide extra security for your site’s .htaccess file, logins, auth cookie expiration, and allow for database backups. You can also set a time limit on idle WordPress sessions, which will log the user out of the system after a specified period of inactivity.

BulletProof Security

Really Simple SSL

One of the absolute best things you can do for security is to enable SSL on your site. Once you’ve acquired an SSL certificate and installed it on your server, Really Simple SSL will ensure your WordPress install is optimized to run under HTTPS.

Really Simple SSL

Shield WordPress Security

Formerly known as WordPress Simple Firewall, this plugin will automatically block out malicious URLs and requests. It will also protect your blog from spambot comments and adds two-factor authentication.

Shield WordPress Security

Hide My WordPress

One of the telltale signs a site is running WordPress is the use of the default /wp-admin/ and wp-login.php URLs. Hide My WordPress allows you to safely rename these login gateways to help avoid attacks.


Note that you should use caution when enabling more than one security plugin. Some can conflict with each other and lead to either a crashed site or a major performance hit. If you plan to use more than one security plugin, do some research to see how they coexist.


While there is no silver bullet for securing WordPress (or any other CMS), there are steps you can take to thwart malicious attacks. Most bots and hackers are looking for easy targets. Using a security plugin makes things much more difficult to crack.

The post The 10 Best Free Security Plugins for WordPress appeared first on Speckyboy Design Magazine.

WordPress 5.8.3 Security Release

This security release features four security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

WordPress 5.8.3 is a short-cycle security release. The next major release will be version 5.9, which is already in the Release Candidate stage.

You can update to WordPress 5.8.3 by downloading from WordPress.org or visiting your Dashboard → Updates and clicking Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Security Updates

Four security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted otherwise):

  • Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
  • Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
  • Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
  • Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).

Thank you to all of the reporters above for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked. Thank you to the members of the WordPress security team for implementing these fixes in WordPress.

For more information, check out the 5.8.3 HelpHub documentation page.

Thanks and props!

The 5.8.3 release was led by @desrosj and @circlecube.

In addition to the security researchers and release squad members mentioned above, thank you to everyone who helped make WordPress 5.8.3 happen:

Alex Concha, Dion Hulse, Dominik Schilling, ehtis, Evan Mullins, Jake Spurlock, Jb Audras, Jonathan Desrosiers, Ian Dunn, Peter Wilson, Sergey Biryukov, vortfu, and zieladam.

WordPress 5.8.3 Security Release

This security release features four security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

WordPress 5.8.3 is a short-cycle security release. The next major release will be version 5.9, which is already in the Release Candidate stage.

You can update to WordPress 5.8.3 by downloading from WordPress.org or visiting your Dashboard → Updates and clicking Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.

Security Updates

Four security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted otherwise):

  • Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
  • Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
  • Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
  • Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).

Thank you to all of the reporters above for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked. Thank you to the members of the WordPress security team for implementing these fixes in WordPress.

For more information, check out the 5.8.3 HelpHub documentation page.

Thanks and props!

The 5.8.3 release was led by @desrosj and @circlecube.

In addition to the security researchers and release squad members mentioned above, thank you to everyone who helped make WordPress 5.8.3 happen:

Alex Concha, Dion Hulse, Dominik Schilling, ehtis, Evan Mullins, Jake Spurlock, Jb Audras, Jonathan Desrosiers, Ian Dunn, Peter Wilson, Sergey Biryukov, vortfu, and zieladam.

Should You Charge for Website Project Estimates?

Creating project estimates can be difficult. Because no two websites are the same, web designers need to understand a client’s specific needs. That often requires a lot of digging.

It includes asking a lot of probing questions about what the client is hoping to accomplish. From there, it’s time to research competitors and the technologies that will power the website.

And time is the keyword, as the estimation process will take up a lot of it. That may not be a huge deal if you end up booking the project. But if not, it can feel like a massive waste.

That’s why some web designers have transitioned to charging potential clients for project estimates. In some ways, it goes against the grain of the industry norm. But it may also make a lot of sense in certain situations.

Should you start charging for estimates? Here’s a look at the pros and cons of doing so.

Websites Are Increasingly Complex; So Are Estimates

Building a modern website requires a lot of moving parts. And we’re not talking about animation (although that’s a nice touch). No, we’re talking about the various pieces that comprise a website.

Consider content management systems (CMS), static site generators, themes, and plugins. And that’s only scratching the surface. A website may also need to interface with various third-party APIs and cloud services.

Figuring out the logistics of how this all fits together is a challenge. That’s particularly difficult if you haven’t worked with a specific technology before.

Once that’s all squared away, you’ll have to think about the actual design and content portions. Taken together, these are no small tasks.

Harder still is determining an accurate price for these various components. There’s nothing simple about this process.

A spider web.

How Charging for Project Estimates Gives Designers More Freedom

The more project estimates you create over time, the more likely it is that you’ll sour on the practice. You can put in a lot of work, only to have a prospective client say “Thanks, but no thanks.” The feeling of giving away your precious time can be demoralizing.

Charging a fee for this work accomplishes a few things:

1. More Enthusiasm, Less Guilt

Part of the challenge in writing proposals is that they are time-consuming. Thus, you may start to feel a sense of guilt when it takes you away from your paid work. There’s a certain pressure to get back to the other projects on your plate.

Being paid a fee eliminates (or greatly reduces) this pressure. You can now give the task proper attention without worrying so much about the other things you need to get done.

This also affords you the freedom to dig deeper into the project requirements than you otherwise might. Theoretically, you’ll be less likely to miss those little details that can impact the overall cost. That’s better for both you and your client.

2. It Filters Out Less-Desirable Clients

Have you ever felt compelled to provide an estimate for a project you aren’t interested in? That may be the biggest of all time-wasters.

The mere fact that you’re charging for your time will act as a repellant to some clients (more on this in a moment). Particularly those with very low budgets and those who don’t value your expertise.

Meanwhile, clients who don’t mind paying for top-notch service likely won’t blink an eye at your fee.

A smiling woman.

Determining a Fair Price for Estimates

It’s important to find a balance between being fairly compensated and helping potential clients see the value. Price your project estimates too high and the value proposition is a hard sell.

There are many ways to calculate a price. For example, you could go with a standard hourly rate and charge based on the actual time spent researching, meeting, and discussing the project. But the drawback there is uncertainty.

A flat fee might be more desirable, as all parties will be on the same page from the start. The challenge is in determining a price that will cover you in most scenarios.

Here’s a potential solution: Take a look back at some recent proposals and think about the time you put into them. Try to find the median time spent and charge based on that.

Let’s say you charge $50 per hour, and it generally takes you around two hours to create a project estimate. Using this formula, the flat fee would be $100.

If that’s not the best fit for your business, then don’t be afraid to get creative in how you structure things. Just remember that simple is often better.

An antique cash register.

Potential Pitfalls

Depending on your situation, there can be some downsides to charging for website estimates. The biggest might be that you risk missing out on projects.

Some clients will undoubtedly be turned off by paying for an estimate. As we mentioned, this can help you weed out the undesirables. But there could be times when a legitimately interesting project slips through your fingers.

Much also depends on your typical clientele. If you focus on smaller projects, then a significant portion of a client’s budget could be spent on an estimate. While you could apply some or all of your fees towards the actual project, it’s still a risk.

In addition, this practice may not be well-suited for those who are just starting out in web design. When your business is at its most vulnerable, limiting your possibilities too much isn’t advisable. In general, waiting until you have an established presence in the market is a better bet. That’s when you can afford to be a bit choosier.

So, while this may seem like a no-brainer, there are some important considerations. Implementing a policy like this can have unintended consequences.

A "Wrong Way" traffic sign.

Regardless of the Task, Your Time Is Valuable

The promise of “free estimates” is common throughout a lot of industries. And while that can certainly draw in potential clients, it can also be abused. A long, arduous process means time taken away from other important tasks.

For freelancers, this can be draining – both financially and mentally. You might be thrilled that people are interested in hiring you. On the other hand, you’re sacrificing time for paying customers to serve those who haven’t paid you a thing.

Charging a fee for project estimates is one way to recoup some of the value you bring to the table. It means not being bothered by cheapskates or those who aren’t serious about their project. And it compensates you for the time you’ve put in.

Only you can determine whether or not it’s the right fit for your business. But it’s worth consideration.

The post Should You Charge for Website Project Estimates? appeared first on Speckyboy Design Magazine.

Hello 2022!

Yesterday I received an email from a reader asking ‘Are you ok?’.

It’s been nearly 8 months since the last time I wrote here. In that last post I celebrated blogging on this website for 15 years with some consistency, so perhaps it’s a bit ironic for that to be immediately followed by complete silence.

The last big gap in blogging for me was in 2017, the year I joined Yelp. This experience was so depressing, every day I was done work I had no creative energy left for anything else.

2021 was a bit different though. 2 years back I started a software development agency, which grew from 2 to 5 people in the last year. The stakes have increased quite a bit, and it’s taken up a lot of my emotional reserves.

I’ve also made the mistake of not taking any vacation all year. There was just not much gas left in the tank. This is so stupid. Less time off doesn’t result in more productivity. I know this, but the last 2 years there’s been little travel or activities due to lockdowns and restrictions. Every day looks the same and it kind of just flew by.

Over the last holidays I’ve taken an actual break though, and have since started several new projects and buzzing with new ideas. I’m still motivated to work on Curveball and Ketting (we use it every day for almost every customer!), and I’ve also started a series of live streams in which I build a Time Tracking application with Hypermedia on twitch.tv/evrt3.

If this sounds interesting, the first few episodes are up on my youtube channel, but I’ll share more on this blog later.

I’m also preparing for a tech talk on January 19th for Toronto JS. It’s online and free!

So am I ok? I think I am? This year is off to a good start. I just have to make sure I don’t forget to take it easy.

Happy stupid new year! I hope it sucks less!

PHP Editable Text Field

Package:
Summary:
Create page fields with values that users can edit
Groups:
Author:
Description:
This package can create page fields with values that users can edit...

Read more at https://www.phpclasses.org/package/12346-PHP-Create-page-fields-with-values-that-users-can-edit.html#2022-01-05-17:25:59

The Month in WordPress – December 2021

December was a busy month for the WordPress community. In the latest episode of the WP Briefing podcast, WordPress Executive Director Josepha Haden Chomphosy shares a carol of thanks and shows her gratitude to all the people who make the WordPress project a success.

(…) I know that we have gotten so much done together in the last few years. And I am equally sure that we’re going to get so much done in the years to come. And so thank you all so much for your continued work with WordPress and the way that you just bring your best at all times.

Josepha Haden, Executive Director of the WordPress project

We said goodbye to 2021 with the annual State of the Word, along with the release of WordPress 5.9 Beta 4, among many other exciting updates. Read on to learn more about the latest community achievements.


WordPress 5.9: The first release candidate just landed

Are you interested in contributing to WordPress core? Join the #core channel, follow the Core Team blog, and check out the team handbook. Also, don’t miss the Core Team’s weekly developer chat on Wednesdays at 8 PM UTC.

Gutenberg releases: Versions 12.1 and 12.2 are here

The Core Team launched two new versions of Gutenberg last month. Both come with new features, code quality improvements, and bug fixes.

  • Gutenberg 12.1 marks the return of the template List View and includes several Navigation block enhancements, new global styles features, an improved developer experience for block themes, and more.
  • The Gutenberg 12.2 release focuses on user experience improvements and brings the block styles preview to the Widgets Editor, among other new features.

Want to get involved in developing Gutenberg? Follow the Core Team blog, contribute to Gutenberg on GitHub, and join the #core-editor channel in the Make WordPress Slack. Follow the #gutenberg-new tag for details on the latest updates.

Highlights from State of the Word 2021

  • State of the Word 2021, the annual keynote address delivered by WordPress co-founder Matt Mullenweg, was livestreamed from New York City on December 14, 2021. The event gathered WordPress enthusiasts at 29 watch parties around the world.
  • Matt shared his thoughts on the progress of the WordPress project and made announcements regarding its future in 2022. The presentation was followed by a Question and Answer session.

If you missed the event’s livestream, you could watch the State of the Word recording and the Q&A session on WordPress.tv.

Team updates: 2022 major release timings, new team rep announcements, and more

Are you looking for some 5.9 resources to share with your local community? Check out the WordPress 5.9 Talking Points for Meetup Organizers post.

Feedback/Testing requests: Contribute by testing or translating WordPress 5.9

  • Your feedback on WordPress 5.9 release candidates is still needed and appreciated! If you haven’t tried this version yet, you can find instructions on testing 5.9 features in this post.
  • Do you speak a language other than English? The Polyglots Team announced that WordPress 5.9 is also ready to be translated.
  • Version 18.9 of WordPress for Android is available for testing.

Share your feedback on WordPress 5.9.

Apply to speak or host a workshop at WordCamp Europe 2022

  • WordCamp US 2022 is currently looking for organizers.
  • The WordPress community celebrated its first in-person WordCamp after 21 months in Sevilla (Spain) on December 11-12, 2021. WordCamp Taiwan was held online the same weekend.
  • The Test Team organized the Hallway Hangout titled Let’s talk about WordPress 6.0 on December 21, 2021. The team also shared a wrap-up of the Site Editing Safari as part of the FSE Outreach Program.
  • The Training Team hosted several WordPress Social Learning Meetups last month, and there will be many more in January 2022.
  • Last year the WordPress Foundation made significant progress in its mission to educate the public about open source software. Learn more about it in this 2021 recap.

Don’t miss the following upcoming WordCamps: WordCamp Birmingham, Alabama 2022, WordCamp Genève 2022, WordCamp Vienna 2022, and WordCamp Europe 2022.

The Call For Sponsors and Call For Speakers for WordCamp Europe 2022 are open! Read this post to learn more about the Organizing Team’s plans for the first in-person WordCamp Europe in three years.


Have a story that we could include in the next ‘Month in WordPress’ post? Let us know by filling out this form.

The following folks contributed to December 2021’s Month in WordPress: @anjanavasan, @harishanker @lmurillom @meher @nalininonstopnewsuk @webcommsat

Class Action Lawsuit: Google is Paying Apple to Stay Out of Search Business

Google and Apple California Crane School, Inc. filed a class action antitrust case [3:21-cv-10001, C.C.S.I. v Google LLC] on 12/27/21 against Google and Apple and the Chief Executive Officers of both companies alleging violations of the Antitrust Laws of the United States.

The complaint charges that Google and Apple agreed that Apple would not compete in the internet search business against Google. The complaint claims that the means used to effectuate the non-compete agreement included:

  1. Google would share it’s search profits with Apple
  2. Apple would give preferential treatment to Google for all Apple devices
  3. Regular secret meetings between the executives of both companies
  4. Annual multi-billion-dollar payments by Google to Apple not to compete in the search business
  5. Suppression of the competition of smaller competitors and foreclosing competitors from the search market
  6. Acquiring actual and potential competitors.

The complaint alleges that advertising rates are higher than rates would be in a competitive system. The complaint seeks the disgorgement of the billion-dollar payments by Google to Apple. The complaint asks for an injunction prohibiting the non-compete agreement between Google and Apple; the profit-sharing agreement; the preferential treatment for Google on Apple devices; and the payment of billions of dollars by Google to Apple.

The complaint also calls for the breakup of Google into separate and independent companies and the breakup of Apple into separate and independent companies.

Attorneys representing the plaintiffs are Joseph M. Alioto and Tatiana V. Wallace of Alioto Law Firm, Lawrence G. Papale of Law Offices of Lawrence G. Papale, Robert J. Bonsignore of Bonsignore Trial Lawyers PLLC, Christopher A. Nedeau of Nedeau Law PC, Josephine Alioto of The Veen Firm, Jeffery K. Perkins of Law Office of Jeffery K. Perkins, Theresa Moore of Law Offices of Theresa D. Moore, Lingel H. Winters of Law Offices of Lingel H. Winters.

One of the issues that I see here is that because of this agreement between Google and Apple, smaller search engines, who are actually competitors of Google, cannot get a chance to be embedded into Apple’s products. If you’re a smaller search engine trying to get more market share, then getting your search engine into Apple’s products would help. But you’re unable to do that because of this agreement between Google and Apple.

Powered by Gewgley