Before we dive into another stunning issue of this newsletter (yeah, I said it )…
This week, I’m traveling to Arizona to attend a WordPress conference called PressConf. Should be interesting.
This is actually going to be my first conference specifically for WordPress professionals. In the past, I did a lot of online marketing conferences. I also did new media stuff and even ran the monetization track for New Media Expo back when that was a thing. But, in all this time, never done a WordPress event.
Will be cool to meet in person with some of the movers in the WordPress space, including many of the founders of the plugins I use day to day.
Anyway, will have laptop in tow. Clients… just be aware that I’m traveling beginning Wednesday and won’t be as “johnny on the spot” on messages, in all likelihood. But, I’ll definitely be monitoring things and replying to messages.
OK, let’s get started here. Let’s first talk about how to fight spambots on your opt-in forms. Then, let’s talk about those PITA plugins.
How To Fight Spambots Subscribing To Your Email List
Bots and spammers are just a fact of life we have to deal with. And when you have opt-in forms on your site for people to subscribe to your list, you WILL have bots that end up adding bogus email addresses to your list.
Sometimes, the fake email addresses are obvious. Other times they are not. They look like legit addresses, but you see a pattern on the names where it makes it fairly obvious that the person isn’t real. And it can be an annoying issue.
This last week, one of my Concierge clients had this issue. In her case, we had her opt-in forms running through Fluent Forms and the leads are being sent into MailerLite. But, she was getting a bunch of Gmail accounts added to her list using fake names.
In her case, here’s what I did…
- First, by using a forms plugin like Fluent Forms for opt-ins, you have more control. And one of them is that we can log the entries. This allowed me to see the submissions and, in this case, I found they were all coming from the same IP address.
- So, I blocked the IP address from her site. This is done via an entry in the site’s .htaccess file.
- I also ensured I had WP Armour installed (I already did). And I refreshed the honeypot field name. Sometimes, if a bot learns the honeypot field name, it can make form submissions anyway. Periodically refreshing that honeypot field name can throw them off.
In this case, the IP address showing up on the submissions traced back to a VPS server in Europe with a company called Contabo. Let’s just say, this company doesn’t have the best reputation. And, since it was coming from a VPS, chances are this spammer was running some script from his server that was out there pounding on site forms. This is the kind of idiocy you see all the time in this game.
Anyway, the first level of protection against spambots is at the form level. By running opt-ins through a forms plugin versus using embedded forms from your email list provider, you have more control over things. And I like to sometimes log the opt-ins just so I can spot patterns if needed. I usually adjust the purge settings to auto-delete entries after, say, 14 days. No need to keep the form entries long term since you’re already putting them on your email list anyway.
The second level of protection is to, of course, practice good email list hygiene. Things like:
- Using double confirmation on your incoming subscriptions
- Ensuring bounced emails are automatically flagged and purged from your list.
- Regular scanning your email list for records that look fake and deleting them. I like to do this maybe once a week and I do it manually for the incoming subs from the last week.
There’s not much you can do to accomplish 100% perfection against spambots. They’re like weeds in your yard. You can do certain things to fight the weeds and pull weeds when they pop up, but you’re always going to have some. What you just do is have the right systems in place to do your best to minimize the issue.
In almost all cases, these are not people actually targeting your website. Your site is just a number to them. They play a numbers game and they just spray the internet with bots to see what they can find that works. No idea what they stand to benefit by getting bogus subscribers onto your list, but…. it is what it is. ♂️
This Week In Concierge
Last week was the release of WordPress 6.8. And because of that, a week where I ended up doing an extra round of updates across all client sites.
The actual upgrade to 6.8 was pretty painless, but this version did include some changes to the editor. And that ended up causing some conflicts with other plugins. Quite a few of them, in fact.
Now, this goes to why it is worth it usually to pay for premium plugins. The development teams behind those plugins keep up with every change to WordPress and they are prompt to release fixes when needed.
There were quite a few plugin updates last week to fix little issues with the editor. So, Friday I went in and did fresh updates just to ensure all of my Concierge clients had sites that were running smoothly. If I had to guess, most clients didn’t even notice anything happened. Which is sort of my goal, actually.
One other quick item of business…
I have a lot of clients running WooCommerce and integrating with Stripe. And the Stripe plugin has been nagging about converting to a new payment form setup and support for the “legacy” setup going away.
It is quick and painless to make that migration. You can read more about it here. This next week, I’ll be going though client sites that are showing that nag notice on the plugins screen and transitioning you to the new checkout experience.
It slightly changes the look of your credit card forms, but still looks good. It supports some additional payment methods, including Link By Stripe. All those things can be disabled, too (and I often do).
For clients, if you’d like to make the change yourself, go ahead. Nothing will break. But, if you’d prefer me to do it, no problemo.
WordPress Quick Bits
WordPress.com Launched New AI Builder. Because, of course they did. You can now “build” a WordPress website by just prompting AI and it will do it for you. Of course, don’t expect miracles. Matt said on X that this AI builder will eventually work on all WordPress sites (I’m assuming including self-hosted ones).
SureTriggers Had A Security Hole. SureTriggers (now called Ottokit) had a pretty big security hole which would allow attackers to create admin users when the plugin wasn’t configured with the API key. It was fixed quite promptly.
Google Files Patent For History-Based Search. Google has filed a patent for a way to provide search results based on a user’s browsing and email history. When you read up on it, it certainly sounds like it could be convenient. But, it is also a good time to re-state that… they are searching your browsing and email history. If you are an avid Google user, Gmail user, or Chrome user… everything you do is already being tracked like there’s no tomorrow. That stuff is “free” because they’re data mining the ever loving snot out of you.
CommandUI Updates. CommandUI is a utility plugin in the Concierge Toolkit that allows you to quickly jump around WordPress using just keyboard shortcuts. He’s been on a roll with updates lately, with integrations with WS Form, wpDataTables… as well as a host of new conveniences. Check out the full changelog.
Kadence Updates. This last week saw updates to Kadence Blocks as well as the theme. One cool update of Kadence Blocks Pro is to order an Advanced Query by a custom field value. Wow, that was nerdier sounding after I wrote it. Anyway, here’s the changelog.
FluentCRM Update. FluentCRM was updated to 2.9.50. This version gives multiple campaign shortcodes for showing campaigns on the front-end. Actually, the shortcode is much more capable now. There’s also quite a few interface enhancements, search functionality in new places, and they fixed a compatibility issue with WordPress 6.8. Check out the full release.
2025 The “Year Of The Page Builder”. David McCan did an interesting writeup about the page builder environment for WordPress. He points out that the native block builder (aka Gutenberg) had originally brought on ideas that “page builders were dead”…. but it is clearly not working out that way. He points out the myriad of updates in the world of page builders while Gutenberg has been stalling out due to the actions of Matt Mullenweg and his stupid lawsuit against WP Engine.
RewardsWP “Refer A Friend” Plugin. The people at AffiliateWP have launched a “refer a friend” plugin called RewardsWP. You can read the full announcement here. Right now, looks like it works alongside WooCommerce and Easy Digital Downloads.
Awesome Motive Buys aThemes. Syed has announced that his company has acquired aThemes. He says the goal with the acquisition was to add some free themes to the suite of product offerings. Okie dokie.
SureCart Gets A Content Designer. SureCart 3.7 has introduced a new content designer that allows you to visually edit product pages and add all kinds of useful components to those pages. Check it out.
WordPress Market Share. In a new writeup on WordPress.com, they say WordPress is powering 43% of the internet. No other CMS comes anywhere close. A bunch of other interesting stats there, too, if you wanna nerd out.
PerfMatters Update. PerfMatters has come up with a new version that makes changes specific to WordPress 6.8. The new WordPress has something called “speculative loading”. You can read more about how that works here. PerfMatters now has built-in support for managing this new feature. It is also deprecating the “Instant Page” function for all sites running 6.8. Not only is that now redundant, but speculative loading is much more efficient. Full changelog here.
5 Plugins That I Find To Be… Troublesome
Everybody has opinions. I sure as hell do. But, I would say that when it comes to WordPress, my opinions come from a lot of experience. As you might imagine, I’ve had my hands on a helluva lot of WordPress sites by this point.
So, I thought I would point out a few plugins that I work with a lot but yet… I find them to be troublesome.
These plugins are good at what they do, but… I also find myself having to deal with problems more often, too. They are…
BuddyBoss
BuddyBoss is incredibly popular when it comes to community-driven membership sites. And to be clear, it is good at what it does. The most powerful WordPress community platform right now. But…
It is troublesome. The platform is bloated and it leads to performance issues. If you end up using the theme, it all but forces you to use Elementor to modify anything…. which itself brings on yet more bloat.
Of all the sites I manage for clients, it is the ones running BuddyBoss/Elementor that require me to jump in and fix something the most often.
Elementor
Elementor is a great page builder, but… it has been around a long time and has bloated up like it was built by the government or something.
And yes, it can be troublesome. Elementor is one of the biggest sources of plugin conflicts out there. They come out with updates pretty often, and the frequency of conflicts between it and other plugins is pretty high. Heck, they even have a downgrade option built right into the platform. They do that for a reason.
The Events Calendar
The Events Calendar, too, has been almost a standard bearer when it comes to event calendars on WordPress. But, over the years, it has blimped up into a beast. It is over-built, bloated, error-prone and yes…. troublesome.
Learndash
OK, this one might be a bit of a suprise to some. And to be clear, I respect Learndash. I have several of my clients using it on my recommendation and I don’t shy away from it. Sometimes, it is your best option. But…
It can also be troublesome. For one, I do think Learndash is bloated. I wish they would make it more modular so we could turn off the stuff we don’t need. I’ve also found random plugin conflicts with it, things that make the course builder go fubar, or just nagging things. Again, because it is bloated.
Sometimes, Learndash is your best bet. But, if there’s a simpler way to get what you need… or you can simplify your requirements on your courses to a point where you don’t need Learndash anymore, I’d recommend that option instead.
CartFlows
This one I almost hate to put on this list. I respect CartFlows. I use it myself. Many of my clients do, too. But, it is becoming more troublesome as time moves on.
The interface is clunky and it takes a lot of clicks to get to things. Sometimes, the clunky nature of the interface leads to changes not being saved properly and I have to do things over and over again. I’ve also seen plugin conflicts arise many times with CartFlows. To it’s credit, however, it is working with a constantly changing scene of WooCommerce, so occasional conflicts go with the territory.
It also bugs me that they’re using CartFlows to promote Spectra. Same company, but it is giving me Awesome Motive vibes to see that big yellow nag notice about installing Spectra. I don’t want to use Spectra, and it is not required whatsoever.
I do wish CartFlows would make it’s interface more usable. They’ve styled it up to look nice, but it is clunky to use in actual practice.
I do plan to review some of the CartFlows competitors out there to see what the options are.
Here’s how I help people every day…
Make everything about managing your site simpler… by having me on your team to help make sure everything goes smoothly. By providing the very best tools, the best hosting and maintaining everything for you… I’ll take care of the mechanics so you can just focus on growth.
Did you like this issue? Consider sharing the opt-in page on social media to help it grow.
And feel free to forward it on to somebody you think will benefit from it.
The WP Edge is the official weekly newsletter of the Blog Marketing Academy.
