News Archives - Watchful Watchful, the website manager & agency dashboard Tue, 12 Mar 2024 14:58:00 +0000 en-US hourly 1 https://watchful.net/wp-content/uploads/2020/11/cropped-watchful-icon-2020-blue-bg-32x32.png News Archives - Watchful 32 32 Watchful, the website manager & agency dashboard News Archives - Watchful false News Archives - Watchful Watchful LLC Watchful LLC podcast Watchful, the website manager & agency dashboard News Archives - Watchful https://watchful.net/wp-content/uploads/powerpress/podcast-preview-v1.jpg https://watchful.net/hotair/ TV-G c9c7bad3-4712-514e-9ebd-d1e208fa1b76 How to change the location of the WordPress debug log https://watchful.net/how-to/wordpress-debug-log/ https://watchful.net/how-to/wordpress-debug-log/#respond Wed, 14 Feb 2024 14:07:09 +0000 https://watchful.net/?p=810001 Wordpress Debug Log

When troubleshooting problems on a WordPress website, it is common to enable debugging to help find clues to the problem. Once debugging is enabled, a WordPress debug log file will be created to record anything that might be amiss such as PHP errors and warnings.

Debugging is a great WordPress feature as the debug logs contain very detailed information such as full, explicit file paths on your server. For example:

[14-Feb-2024 13:50:13 UTC] PHP Deprecated: realpath(): Passing null to parameter #1 ($path) of type string is deprecated in /home/bsmith/webapps/gs6q8s/wp-content/plugins/publishpress-pro/vendor/twig/twig/src/Loader/FilesystemLoader.php on line 40

As you can see, this is a simple PHP warning (and not a PHP error). However, the full path to the files on my server is clearly shown: /home/bsmith/webapps/gs6q8s/.

Exposing this type of specific information about the file system on your web server could allow an intruder to design a specific attack and should be avoided.

Why is the WordPress debug log file a security risk?

When you enable debugging, the debug file is created in a very specific location:

wp-content/debug.log.

This file can be viewed by simply entering the domain name and this file path in any browser. Thus, it is very common for hackers to scan the internet looking for this file on every domain it finds.

Once the file is detected, the hacker can examine the contents for clues on how to penetrate your web server.

Reducing the risks associated with WordPress debugging.

There are three easy ways to reduce the risks of exposing sensitive web server information in your WordPress debug log.

1. Disable debugging on your website.

You can disable debugging by adding the following line to your WordPress config file:

define( 'WP_DEBUG', false );

Once that's done, be sure to delete the debug.log file.

2. Avoid enabling debug on your production sites.

Following web site development best practices, ideally you would only enable debugging in a staging environment that is not accessible to the public. This way, you can safely use the debug feature to solve any issues you may be experiencing on your site.

Once the issue is resolved, disable debugging, delete the debug.log file and push the changes to the production server.

3. Change the location of the WordPress debug log file.

Even the most disciplined web developer will sometimes need to enable debugging on a live site.

In this situation, you can still reduce the risks of exposing your server information by changing the location of the debug logs. Simply add a line like this to your WordPress configuration file:

define( 'WP_DEBUG_LOG', 'wp-errors-[random-string].log' );

By including a random string in the file name, you greatly reduce the chance that an attacker will be able to find and view the contents of the log file.

When the debugging is complete, we still recommend that you disable debugging and delete the log file.

You can also change the debug location with a plugin, but we strongly endorse the simple change in the configuration file.

Monitoring the debug log file

Watchful's vulnerability scanner detects the presence of a debug log file, even if you've customized the storage location. If detected, it will suggest that debugging be disabled and the file deleted.

Vulnerabilty Scanner Wordpress Debug Log Warning

Learn more about debugging

We recommend the official WordPress documetation for more information on debugging.

The post How to change the location of the WordPress debug log appeared first on Watchful.

]]>
Wordpress Debug Log

When troubleshooting problems on a WordPress website, it is common to enable debugging to help find clues to the problem. Once debugging is enabled, a WordPress debug log file will be created to record anything that might be amiss such as PHP errors and warnings.

Debugging is a great WordPress feature as the debug logs contain very detailed information such as full, explicit file paths on your server. For example:

[14-Feb-2024 13:50:13 UTC] PHP Deprecated: realpath(): Passing null to parameter #1 ($path) of type string is deprecated in /home/bsmith/webapps/gs6q8s/wp-content/plugins/publishpress-pro/vendor/twig/twig/src/Loader/FilesystemLoader.php on line 40

As you can see, this is a simple PHP warning (and not a PHP error). However, the full path to the files on my server is clearly shown: /home/bsmith/webapps/gs6q8s/.

Exposing this type of specific information about the file system on your web server could allow an intruder to design a specific attack and should be avoided.

Why is the WordPress debug log file a security risk?

When you enable debugging, the debug file is created in a very specific location:

wp-content/debug.log.

This file can be viewed by simply entering the domain name and this file path in any browser. Thus, it is very common for hackers to scan the internet looking for this file on every domain it finds.

Once the file is detected, the hacker can examine the contents for clues on how to penetrate your web server.

Reducing the risks associated with WordPress debugging.

There are three easy ways to reduce the risks of exposing sensitive web server information in your WordPress debug log.

1. Disable debugging on your website.

You can disable debugging by adding the following line to your WordPress config file:

define( 'WP_DEBUG', false );

Once that's done, be sure to delete the debug.log file.

2. Avoid enabling debug on your production sites.

Following web site development best practices, ideally you would only enable debugging in a staging environment that is not accessible to the public. This way, you can safely use the debug feature to solve any issues you may be experiencing on your site.

Once the issue is resolved, disable debugging, delete the debug.log file and push the changes to the production server.

3. Change the location of the WordPress debug log file.

Even the most disciplined web developer will sometimes need to enable debugging on a live site.

In this situation, you can still reduce the risks of exposing your server information by changing the location of the debug logs. Simply add a line like this to your WordPress configuration file:

define( 'WP_DEBUG_LOG', 'wp-errors-[random-string].log' );

By including a random string in the file name, you greatly reduce the chance that an attacker will be able to find and view the contents of the log file.

When the debugging is complete, we still recommend that you disable debugging and delete the log file.

You can also change the debug location with a plugin, but we strongly endorse the simple change in the configuration file.

Monitoring the debug log file

Watchful's vulnerability scanner detects the presence of a debug log file, even if you've customized the storage location. If detected, it will suggest that debugging be disabled and the file deleted.

Vulnerabilty Scanner Wordpress Debug Log Warning

Learn more about debugging

We recommend the official WordPress documetation for more information on debugging.

The post How to change the location of the WordPress debug log appeared first on Watchful.

]]>
https://watchful.net/how-to/wordpress-debug-log/feed/ 0
Update WS Form PRO across all your WordPress sites in 1 minute. https://watchful.net/blog/update-ws-form-pro-across-all-your-wordpress-sites-in-1-minute/ https://watchful.net/blog/update-ws-form-pro-across-all-your-wordpress-sites-in-1-minute/#respond Thu, 08 Jun 2023 21:57:22 +0000 https://watchful.net/?p=809665 Ws Form Pro Preview

WS Form PRO is a powerful forms plugin for WordPress. Through our latest premium plugin integration, users can easily apply these paid updates safely and securely across all their sites at once with Watchful.

Meet WS Form PRO

Launched in 2018, WS Form has skyrocketed in popularity. This popularity is due in part to the availability of a feature-rich free version at wordpress.org.

Additionally, owner and developer Wark Westguard is a prolific sponsor of WordPress events where users can test the software and meet Mark himself.

Some of the more unique features of WS Form include:

  • Deep integration with custom field plugins such as ACF, JetEngine, Meta Box, Pods and Toolset. 
  • Single-click templates that automatically build forms for third-party integrations such as mailing lists from MailChimp.
  • A fully responsive layout editor (not just the form, but the form builder) allowing you to build complex form layouts for different devices using a drag and drop interface. 

In addition to the free version, WS Form PRO is an affordable premium solution packed with features such as:

  • 100+ form templates
  • 70+ integrations with plugins and services
  • 55+ field types
  • Conditional logic
  • Woocommerce product customization
  • Form signatures

Plugin updates help keep your WordPress site safe

Like all WordPress plugins, applying regular updates helps protect your site. Updates also keep your site running smoothly by maintaining compatibility with WordPress core and other plugins.

For a single site, applying plugin updates is a pretty straightforward task in the admin area. Simply enter your PRO license key and you are all set.

If you manage two or more sites, a bulk update and maintenance tool like Watchful will save you loads of time updating your sites.

Configuring Watchful for WS Form PRO updates

The premium version of WS Form is sold as an annual subscription that offers it’s plugins in three different bundles.

Once you've purchased the desired bundle, simply grab your license key for WS Form Pro, and any relevant plugins. These can be found in the license area of the WS Form website.

Ws Form Pro Purchase History
License and purchase history at wsform.com.

Then, you'll visit the license key area in Watchful and enter the WS Form PRO license keys(s) as noted above.

Ws Form Pro License Keys At Watchful
Entering WS From Pro license keys at Watchful.

Once entered into Watchful, this key(s) can be used to update WS Form PRO and it's plugins across all your WordPress sites. Be sure that your premium subscription supports enough updates for all the sites in your Watchful account that use WS Form PRO.

What about add-ons?

As shown in the screenshots above, the license key area at Watchful has room for all of the WS Form PRO add-ons. Simply repeate the above process for each of the add-on license keys and you'll be all set.

How to bulk update

Updating WS Form Pro across many sites at once is a popular way to save time using Watchful. As shown below, the bulk updater can filter for sites that have a pending WS Form Pro update.

All of these updates can be applied by clicking the Update All button. Or for a more cautious approach, use the Update Fresh button to only update sites with a recent backup.

Ws Form Pro Bulk Updates
Watchful's bulk updater showing completed WS Form Pro updates.

Add your favorite premium plugin updates to this list

Watchful currently supports updates for hundreds of premium plugins including:

If you would like to add your plugin to this list, or if you have a request for your favorite plugin, please drop us a note.

The post Update WS Form PRO across all your WordPress sites in 1 minute. appeared first on Watchful.

]]>
Ws Form Pro Preview

WS Form PRO is a powerful forms plugin for WordPress. Through our latest premium plugin integration, users can easily apply these paid updates safely and securely across all their sites at once with Watchful.

Meet WS Form PRO

Launched in 2018, WS Form has skyrocketed in popularity. This popularity is due in part to the availability of a feature-rich free version at wordpress.org.

Additionally, owner and developer Wark Westguard is a prolific sponsor of WordPress events where users can test the software and meet Mark himself.

Some of the more unique features of WS Form include:

  • Deep integration with custom field plugins such as ACF, JetEngine, Meta Box, Pods and Toolset. 
  • Single-click templates that automatically build forms for third-party integrations such as mailing lists from MailChimp.
  • A fully responsive layout editor (not just the form, but the form builder) allowing you to build complex form layouts for different devices using a drag and drop interface. 

In addition to the free version, WS Form PRO is an affordable premium solution packed with features such as:

  • 100+ form templates
  • 70+ integrations with plugins and services
  • 55+ field types
  • Conditional logic
  • Woocommerce product customization
  • Form signatures

Plugin updates help keep your WordPress site safe

Like all WordPress plugins, applying regular updates helps protect your site. Updates also keep your site running smoothly by maintaining compatibility with WordPress core and other plugins.

For a single site, applying plugin updates is a pretty straightforward task in the admin area. Simply enter your PRO license key and you are all set.

If you manage two or more sites, a bulk update and maintenance tool like Watchful will save you loads of time updating your sites.

Configuring Watchful for WS Form PRO updates

The premium version of WS Form is sold as an annual subscription that offers it’s plugins in three different bundles.

Once you've purchased the desired bundle, simply grab your license key for WS Form Pro, and any relevant plugins. These can be found in the license area of the WS Form website.

Ws Form Pro Purchase History
License and purchase history at wsform.com.

Then, you'll visit the license key area in Watchful and enter the WS Form PRO license keys(s) as noted above.

Ws Form Pro License Keys At Watchful
Entering WS From Pro license keys at Watchful.

Once entered into Watchful, this key(s) can be used to update WS Form PRO and it's plugins across all your WordPress sites. Be sure that your premium subscription supports enough updates for all the sites in your Watchful account that use WS Form PRO.

What about add-ons?

As shown in the screenshots above, the license key area at Watchful has room for all of the WS Form PRO add-ons. Simply repeate the above process for each of the add-on license keys and you'll be all set.

How to bulk update

Updating WS Form Pro across many sites at once is a popular way to save time using Watchful. As shown below, the bulk updater can filter for sites that have a pending WS Form Pro update.

All of these updates can be applied by clicking the Update All button. Or for a more cautious approach, use the Update Fresh button to only update sites with a recent backup.

Ws Form Pro Bulk Updates
Watchful's bulk updater showing completed WS Form Pro updates.

Add your favorite premium plugin updates to this list

Watchful currently supports updates for hundreds of premium plugins including:

If you would like to add your plugin to this list, or if you have a request for your favorite plugin, please drop us a note.

The post Update WS Form PRO across all your WordPress sites in 1 minute. appeared first on Watchful.

]]>
https://watchful.net/blog/update-ws-form-pro-across-all-your-wordpress-sites-in-1-minute/feed/ 0
Update SEOPress Pro across all your sites while protecting your license key https://watchful.net/news/update-seopress-pro/ https://watchful.net/news/update-seopress-pro/#respond Wed, 08 Feb 2023 22:40:45 +0000 https://watchful.net/?p=809463 Seo Press

SEOPress is a popular marketing tool for WordPress with the free version installed on over 250,000 sites around the world. SEOPress Pro is the premium version. Watchful can now be used to remotely update all SEOPress versions, both free and paid.

What is SEOPress Pro?

The free version of SEOPress includes many of the standard SEO features needed for most web sites such as XML sitemaps and social media optimization by keyword. Importantly, its metadata editor is compatible with the Gutenberg editor and many page builders such as Elementor, Divi, and Beaver Builder.

SEOPress Pro is the premium version of SEOPress. In addition to the features in the free version, the paid version facilitates the use of advanced marketing techniques such as:

  • Using Open AI to generate SEO meta data
  • Inspecting your content with Google Search Console
  • Testing your site performance with Google Page Speed
  • Using Google News and Video sitemaps
  • Improving your business's presence in local search results
  • Improving ecommerce SEO

In addition to these great features, SEOPress Pro is an incredibly affordable marketing tool for both WordPress agencies and individual sites.

We highly recommend it!

SEOPress Pro updates that support your preferred language

As noted above, Watchful now supports updates for SEOPress Pro. Here you can see Watchful's single-site updater applying updates for both SEOPress and SEOPress Pro.

Seo Press Site Updater
1-click updates for SEOPress Pro in Watchful's site updater.

SEOPress Pro is sold from three separate stores depending on your preferred language. It is available in English, French and Spanish, and each language has their own separate licensing.

This is somewhat unique in the premium plugin space. And it provided an opportunity for us to improve the premium plugin updater to support license keys generated by multiple licensing servers.

As you can see below, Watch is perfectly compatible with licenses generated from the non-English SEOPress Pro sites such as Spanish and French.

Seo Press Pro Domains And Licensing
Automatic licensing updates for SEOPress Pro.

A bulk plugin update tool like no other

Like many WordPress management suites, Watchful greatly reduces site maintenance times for WordPress agencies. Many of these tools feature a remote updater that makes plugin updates a breeze.

The Watchful updater takes this to the next level by applying the same updates across many sites at once. Here is the bulk updater in action with SEOPress Pro.

Seopress Pro Bulk Updater
SEOPress Pro updates applied to many sites at once.

No need to authorize your domain

Like all of our premium plugin integrations, Watchful takes the pain out of software licensing by automatically adding your relevant domain(s) to the vendor website.

In this case, you don't need to visit the SEOPress Pro website to enter the domain manually and authorize updates: Watchful does this automagically.

Powerful features to match any update workflow

The Watchful updater has a host of other unique features that give you the power and flexibility to apply plugin updates the way that best suits you and your agency.

  • Watchful can update both free and premium WordPress plugins (see list below).
  • License keys for premium plugins only need to be entered once in our centralized license manager.
  • License keys are not entered on client sites, so there is no chance of license abuse/theft.
  • Automatic plugin updates can be scheduled for specific dates/times to ensure nothing unexpected happens at inconvenient times.
  • Updates can be skipped if the site does not have a recent backup.

As SEOPress Pro is now officially supported, all of these unique features can be used for its premium updates.

Add your favorite premium plugin updates to this list

Watchful currently supports updates for hundreds of premium plugins including:

If you would like to add your plugin to this list, or if you have a request for your favorite plugin, please drop us a note.

The post Update SEOPress Pro across all your sites while protecting your license key appeared first on Watchful.

]]>
Seo Press

SEOPress is a popular marketing tool for WordPress with the free version installed on over 250,000 sites around the world. SEOPress Pro is the premium version. Watchful can now be used to remotely update all SEOPress versions, both free and paid.

What is SEOPress Pro?

The free version of SEOPress includes many of the standard SEO features needed for most web sites such as XML sitemaps and social media optimization by keyword. Importantly, its metadata editor is compatible with the Gutenberg editor and many page builders such as Elementor, Divi, and Beaver Builder.

SEOPress Pro is the premium version of SEOPress. In addition to the features in the free version, the paid version facilitates the use of advanced marketing techniques such as:

  • Using Open AI to generate SEO meta data
  • Inspecting your content with Google Search Console
  • Testing your site performance with Google Page Speed
  • Using Google News and Video sitemaps
  • Improving your business's presence in local search results
  • Improving ecommerce SEO

In addition to these great features, SEOPress Pro is an incredibly affordable marketing tool for both WordPress agencies and individual sites.

We highly recommend it!

SEOPress Pro updates that support your preferred language

As noted above, Watchful now supports updates for SEOPress Pro. Here you can see Watchful's single-site updater applying updates for both SEOPress and SEOPress Pro.

Seo Press Site Updater
1-click updates for SEOPress Pro in Watchful's site updater.

SEOPress Pro is sold from three separate stores depending on your preferred language. It is available in English, French and Spanish, and each language has their own separate licensing.

This is somewhat unique in the premium plugin space. And it provided an opportunity for us to improve the premium plugin updater to support license keys generated by multiple licensing servers.

As you can see below, Watch is perfectly compatible with licenses generated from the non-English SEOPress Pro sites such as Spanish and French.

Seo Press Pro Domains And Licensing
Automatic licensing updates for SEOPress Pro.

A bulk plugin update tool like no other

Like many WordPress management suites, Watchful greatly reduces site maintenance times for WordPress agencies. Many of these tools feature a remote updater that makes plugin updates a breeze.

The Watchful updater takes this to the next level by applying the same updates across many sites at once. Here is the bulk updater in action with SEOPress Pro.

Seopress Pro Bulk Updater
SEOPress Pro updates applied to many sites at once.

No need to authorize your domain

Like all of our premium plugin integrations, Watchful takes the pain out of software licensing by automatically adding your relevant domain(s) to the vendor website.

In this case, you don't need to visit the SEOPress Pro website to enter the domain manually and authorize updates: Watchful does this automagically.

Powerful features to match any update workflow

The Watchful updater has a host of other unique features that give you the power and flexibility to apply plugin updates the way that best suits you and your agency.

  • Watchful can update both free and premium WordPress plugins (see list below).
  • License keys for premium plugins only need to be entered once in our centralized license manager.
  • License keys are not entered on client sites, so there is no chance of license abuse/theft.
  • Automatic plugin updates can be scheduled for specific dates/times to ensure nothing unexpected happens at inconvenient times.
  • Updates can be skipped if the site does not have a recent backup.

As SEOPress Pro is now officially supported, all of these unique features can be used for its premium updates.

Add your favorite premium plugin updates to this list

Watchful currently supports updates for hundreds of premium plugins including:

If you would like to add your plugin to this list, or if you have a request for your favorite plugin, please drop us a note.

The post Update SEOPress Pro across all your sites while protecting your license key appeared first on Watchful.

]]>
https://watchful.net/news/update-seopress-pro/feed/ 0
This free Cloudflare hack protects against WordPress brute force attacks https://watchful.net/blog/wordpress-brute-force-attack/ https://watchful.net/blog/wordpress-brute-force-attack/#respond Fri, 06 Jan 2023 19:44:37 +0000 https://watchful.net/?p=759786 Wordpress Login Brute Force Attack

If you read this blog, you'll know that we take website security very seriously. And we always recommend using the Cloudflare service as one of the tools in your security toolbox. In this post we will share a simple Cloudflare hack that blocks many of the WordPress brute-force attacks your site experiences every day.

Why is WordPress security important?

Insecure web sites are a major problem on the internet. For site owners, defacement or loss of functionality can cause serious harm to their reputation as a trusted online resource. Lost revenue can also be a big problem.

And if an intruder gains access to the site backend, the database, and/or the hosting account, the risks may escalate. Customer/member data is at risk of unauthorized exposure. And the server may be added to a bot network and used in illegal activity online.

With so much at stake, security is one of the main responsibilities for anyone maintaining a WordPress web site.

WordPress brute force attacks are common

Like all web sites, automated attacks are very common. Large networks of computers run scripts that scan the internet looking for common vulnerabilities.

For WordPress, one of the most common vulnerabilities that these scripts try to exploit are weak user passwords. To do this, the attacking script finds a domain and tests if the site has an accessible WordPress login form at one of these two well-known URLs:

  • /wp-admin
  • /wp-login.php

When a WordPress login form is found, the script will then try to log in with a series of common username and password combinations. Because these automated attacks only work when a large number of usernames/passwords are tested, they are known as "brute-force" attacks.

Luckily, you can use the free WordPress security hack (below) with the Cloudflare service to stop these attacks cold.

What is Cloudflare?

Technically, Cloudflare is a "domain name server proxy". That's a fancy way of saying that it acts like a traffic cop for your website. If your site is using Cloudflare, then each visitor or malicious script gets scrutinized when it tries to access your website. Cloudflare examines the URL or "request" and tries to determine if there is anything suspicious.

For example, long URLs with complicated parameters can sometimes be used to exploit a vulnerability in a plugin or theme. Cloudflare has a large database of these patterns. If it detects one of these patterns in a request, it can block the user or script, or present it with a challenge to make sure it is a human.

Once a challenge is completed successfully, or when requests look legitimate, Cloudflare then directs the request to your webserver where the appropriate content is displayed.

Importantly, this process happens before any traffic hits your actual web server. Unlike a security plugin installed in your WordPress backend, Cloudflare takes the load for every request sent to your domain.

Cloudflare has many types of tricks for keeping your site secure, including for sites using the free plan. This is why we recommend it for all WordPress sites.

Easily block WordPress brute force attacks with Cloudflare

Using strong username and password combinations is the most important way to prevent a brute force attack from allowing unauthorized access to your website.

However, prolonged brute force attempts can negatively impact the performance of your server causing long page load times. In extreme cases, it can cause your site and server to go offline.

If you review the official brute force guidance from WordPress, you'll see that preventing scripts from attempting a WordPress brute force attack is not trivial. It requires good knowledge of servers and server configurations.

Thankfully, you can configure the Cloudflare web application firewall or "WAF" to effectively block many brute force attacks. For example, on a low-traffic brochure site the Cloudflare WAF blocked over 500 suspicious requests in just a few hours.

Blocked Wordpress Brute Force Attacks
Brute force attempts blocked by the Cloudflare WAF.

Adding the WordPress security hack to Cloudflare in 60 seconds

Configuring Cloudflare to block most brute force attacks on your admin area can be completed in a few clicks, and works on the free version of Cloudflare.

  1. Log into your Cloudflare account.
  2. Select your site from the dashboard.
  3. In the menu at the left, select Security > WAF.
  4. Click the Create firewall rule button.
  5. In the rule editor:

    1. Enter a Rule name.
    2. Click the Edit expression link and paste the following:

      (http.request.uri contains "/wp-login.php") or (http.request.uri contains "/wp-config.php") or (http.request.uri contains "/xmlrpc.php")

    3. On the Choose an action dropdown, select Managed Challenge.
    4. Click the Deploy button.

Wordpress Brute Force Attack Cloudflare
Creating a WAF rule in Cloudflare to block brute-force attacks.

The post This free Cloudflare hack protects against WordPress brute force attacks appeared first on Watchful.

]]>
Wordpress Login Brute Force Attack

If you read this blog, you'll know that we take website security very seriously. And we always recommend using the Cloudflare service as one of the tools in your security toolbox. In this post we will share a simple Cloudflare hack that blocks many of the WordPress brute-force attacks your site experiences every day.

Why is WordPress security important?

Insecure web sites are a major problem on the internet. For site owners, defacement or loss of functionality can cause serious harm to their reputation as a trusted online resource. Lost revenue can also be a big problem.

And if an intruder gains access to the site backend, the database, and/or the hosting account, the risks may escalate. Customer/member data is at risk of unauthorized exposure. And the server may be added to a bot network and used in illegal activity online.

With so much at stake, security is one of the main responsibilities for anyone maintaining a WordPress web site.

WordPress brute force attacks are common

Like all web sites, automated attacks are very common. Large networks of computers run scripts that scan the internet looking for common vulnerabilities.

For WordPress, one of the most common vulnerabilities that these scripts try to exploit are weak user passwords. To do this, the attacking script finds a domain and tests if the site has an accessible WordPress login form at one of these two well-known URLs:

  • /wp-admin
  • /wp-login.php

When a WordPress login form is found, the script will then try to log in with a series of common username and password combinations. Because these automated attacks only work when a large number of usernames/passwords are tested, they are known as "brute-force" attacks.

Luckily, you can use the free WordPress security hack (below) with the Cloudflare service to stop these attacks cold.

What is Cloudflare?

Technically, Cloudflare is a "domain name server proxy". That's a fancy way of saying that it acts like a traffic cop for your website. If your site is using Cloudflare, then each visitor or malicious script gets scrutinized when it tries to access your website. Cloudflare examines the URL or "request" and tries to determine if there is anything suspicious.

For example, long URLs with complicated parameters can sometimes be used to exploit a vulnerability in a plugin or theme. Cloudflare has a large database of these patterns. If it detects one of these patterns in a request, it can block the user or script, or present it with a challenge to make sure it is a human.

Once a challenge is completed successfully, or when requests look legitimate, Cloudflare then directs the request to your webserver where the appropriate content is displayed.

Importantly, this process happens before any traffic hits your actual web server. Unlike a security plugin installed in your WordPress backend, Cloudflare takes the load for every request sent to your domain.

Cloudflare has many types of tricks for keeping your site secure, including for sites using the free plan. This is why we recommend it for all WordPress sites.

Easily block WordPress brute force attacks with Cloudflare

Using strong username and password combinations is the most important way to prevent a brute force attack from allowing unauthorized access to your website.

However, prolonged brute force attempts can negatively impact the performance of your server causing long page load times. In extreme cases, it can cause your site and server to go offline.

If you review the official brute force guidance from WordPress, you'll see that preventing scripts from attempting a WordPress brute force attack is not trivial. It requires good knowledge of servers and server configurations.

Thankfully, you can configure the Cloudflare web application firewall or "WAF" to effectively block many brute force attacks. For example, on a low-traffic brochure site the Cloudflare WAF blocked over 500 suspicious requests in just a few hours.

Blocked Wordpress Brute Force Attacks
Brute force attempts blocked by the Cloudflare WAF.

Adding the WordPress security hack to Cloudflare in 60 seconds

Configuring Cloudflare to block most brute force attacks on your admin area can be completed in a few clicks, and works on the free version of Cloudflare.

  1. Log into your Cloudflare account.
  2. Select your site from the dashboard.
  3. In the menu at the left, select Security > WAF.
  4. Click the Create firewall rule button.
  5. In the rule editor:
    1. Enter a Rule name.
    2. Click the Edit expression link and paste the following:

      (http.request.uri contains "/wp-login.php") or (http.request.uri contains "/wp-config.php") or (http.request.uri contains "/xmlrpc.php")

    3. On the Choose an action dropdown, select Managed Challenge.
    4. Click the Deploy button.
Wordpress Brute Force Attack Cloudflare
Creating a WAF rule in Cloudflare to block brute-force attacks.

The post This free Cloudflare hack protects against WordPress brute force attacks appeared first on Watchful.

]]>
https://watchful.net/blog/wordpress-brute-force-attack/feed/ 0
Uptime monitoring moves in-house with improved privacy and useful features https://watchful.net/news/uptime-monitoring-moves-in-house/ https://watchful.net/news/uptime-monitoring-moves-in-house/#respond Thu, 27 Oct 2022 18:34:23 +0000 https://watchful.net/?p=758861 Uptime Monitoring Network

Uptime monitoring is an important consideration for anyone in charge of maintaining websites. At Watchful, we've completed the launch of our own uptime monitoring tool and added some useful changes.

What is uptime monitoring?

Uptime monitoring is a technique used to check if websites are online. Checks are performed on a regular, timed basis and notifications are sent when an outage is detected.

Uptime monitoring has been a staple feature at Watchful since 2014 when we integrated a third-party service called Uptime Robot.

Through this integration, Watchful could provide uptime and downtime notices to users. This creates an opportunity to fix downtime issues quickly.

It also allowed us to track uptime statistics, warn about expiring SSL certificates, and include uptime statistics in client reports.

Why did you build your own monitoring system?

The simple answer is that building your own tools gives you the most control over both the features available and the privacy of our users' data.

Feature-wise, we are now in firm control of what we can offer and the changes we can make. We're also in control of the IP addresses we use, the user agent we use to identify ourself when we ping websites, and the data we store to calculate uptime statistics.

As a privacy-first site maintenance tool, we can now ensure that the data we store complies with the EU General Data Protection Regulation (GDPR).

Has anything changed?

Most Watchful users will not notice any change in their day-to-day use of our uptime tool, nor changes in uptime/downtime notifications and uptime statistics.

However, there are two changes we want to make users aware of:

  1. New IP Addresses: We have added new IP addresses to our platform to accommodate the servers we use to check for uptime. These servers are located around the world and should be whitelisted in your web application firewall, security plugin, and any DNS proxies such as Cloudflare. Full details on whitelisting IP addresses can be found in our knowledge base.
  2. 5-minute Check Interval: Our default monitoring time has changed from one uptime check per minute to one uptime check every five minutes. We made this change as an overwhelming preference for a longer check interval when we surveyed Watchful users as shown below.

Ideal Interval Uptime Monitoring
Desired uptime interval based on survey of Watchful users.

Are there any features added or removed?

We built our uptime monitoring tool to be a drop-in replacement for the existing system. As such, all the existing features have been retained, including SSL monitoring and the ability to bulk create/delete monitors.

Additionally, users can now pause uptime monitoring as needed. This is particularly useful when performing heavy site maintenance. A paused monitor will not check your site for it's uptime status, preventing a barrage of downtime emails.

And unlike deleting a monitor during maintenance, pausing a monitor retains the uptime history which is useful for client reporting.

Uptime Monitoring
The uptime modal now features a pause button at the top-left.

Resuming uptime monitoring is just as easy, as you can see below.

Resume Uptime Monitoring
A paused monitor can be easily restarted using the resume monitor button.

Support for uptime monitoring

If you are having issues with uptime monitoring, we recommend starting with our documentation as well as our troubleshooting guide.

Feel welcome to open a support ticket for additional support.

The post Uptime monitoring moves in-house with improved privacy and useful features appeared first on Watchful.

]]>
Uptime Monitoring Network

Uptime monitoring is an important consideration for anyone in charge of maintaining websites. At Watchful, we've completed the launch of our own uptime monitoring tool and added some useful changes.

What is uptime monitoring?

Uptime monitoring is a technique used to check if websites are online. Checks are performed on a regular, timed basis and notifications are sent when an outage is detected.

Uptime monitoring has been a staple feature at Watchful since 2014 when we integrated a third-party service called Uptime Robot.

Through this integration, Watchful could provide uptime and downtime notices to users. This creates an opportunity to fix downtime issues quickly.

It also allowed us to track uptime statistics, warn about expiring SSL certificates, and include uptime statistics in client reports.

Why did you build your own monitoring system?

The simple answer is that building your own tools gives you the most control over both the features available and the privacy of our users' data.

Feature-wise, we are now in firm control of what we can offer and the changes we can make. We're also in control of the IP addresses we use, the user agent we use to identify ourself when we ping websites, and the data we store to calculate uptime statistics.

As a privacy-first site maintenance tool, we can now ensure that the data we store complies with the EU General Data Protection Regulation (GDPR).

Has anything changed?

Most Watchful users will not notice any change in their day-to-day use of our uptime tool, nor changes in uptime/downtime notifications and uptime statistics.

However, there are two changes we want to make users aware of:

  1. New IP Addresses: We have added new IP addresses to our platform to accommodate the servers we use to check for uptime. These servers are located around the world and should be whitelisted in your web application firewall, security plugin, and any DNS proxies such as Cloudflare. Full details on whitelisting IP addresses can be found in our knowledge base.
  2. 5-minute Check Interval: Our default monitoring time has changed from one uptime check per minute to one uptime check every five minutes. We made this change as an overwhelming preference for a longer check interval when we surveyed Watchful users as shown below.
Ideal Interval Uptime Monitoring
Desired uptime interval based on survey of Watchful users.

Are there any features added or removed?

We built our uptime monitoring tool to be a drop-in replacement for the existing system. As such, all the existing features have been retained, including SSL monitoring and the ability to bulk create/delete monitors.

Additionally, users can now pause uptime monitoring as needed. This is particularly useful when performing heavy site maintenance. A paused monitor will not check your site for it's uptime status, preventing a barrage of downtime emails.

And unlike deleting a monitor during maintenance, pausing a monitor retains the uptime history which is useful for client reporting.

Uptime Monitoring
The uptime modal now features a pause button at the top-left.

Resuming uptime monitoring is just as easy, as you can see below.

Resume Uptime Monitoring
A paused monitor can be easily restarted using the resume monitor button.

Support for uptime monitoring

If you are having issues with uptime monitoring, we recommend starting with our documentation as well as our troubleshooting guide.

Feel welcome to open a support ticket for additional support.

The post Uptime monitoring moves in-house with improved privacy and useful features appeared first on Watchful.

]]>
https://watchful.net/news/uptime-monitoring-moves-in-house/feed/ 0
How to complete the Watchful data processing agreement for GDPR compliance https://watchful.net/how-to/data-processing-agreement/ https://watchful.net/how-to/data-processing-agreement/#respond Sat, 24 Sep 2022 12:37:37 +0000 https://watchful.net/?p=757566 Data Processing Agreement

In 2018, Watchful made a commitment to supporting privacy and the General Data Protection Regulation in the EU. As part of this commitment, Watchful account holders can complete a data processing agreement with us with ease.

Here's how.

What is the GDPR?

In 2018, the EU adopted a legal framework to regulate the use of personally identifiable information online. This law is the General Data Protection Regulation or GDPR.

The GDPR takes a comprehensive approach to adding both consent workflows and transparency to data collection policies online. It also describes the requirements for collecting and processing data, and gives people the so-called "right to be forgotten".

What is a data processing agreement?

One of the tenets of the GDPR is that a written agreement must exist between the body that collects and stores personal information (i.e. Watchful) and the owner of the personal data (i.e. a Watchful account holder).

This data processing agreement (DPA) describes the storage, protection, sharing, and usage of all personal information collected, including by third-party service providers.

For example, at Watchful we use Mailchimp as our email service provider. Our data processing agreement details how Mailchimp can use any personal information we provide to them such as an account holder's name and email address.

How to complete Watchful's DPA

Follow these steps to complete the Watchful DPA:

  1. Sign into your Watchful account.
  2. Visit the GDPR tab of the account & subscription area.
  3. Click the Download DPA template button to download our DPA. This template already contains the Watchful signature.
  4. Cosign the document using a PDF editor.
  5. Attached the cosigned PDF to an email and send it to the following address: gdpr@watchful.net. Watchful archives the DPA, completing the process.

Data Processing Agreement Template Download
Downloading the Watchful DPA template.

The post How to complete the Watchful data processing agreement for GDPR compliance appeared first on Watchful.

]]>
Data Processing Agreement

In 2018, Watchful made a commitment to supporting privacy and the General Data Protection Regulation in the EU. As part of this commitment, Watchful account holders can complete a data processing agreement with us with ease.

Here's how.

What is the GDPR?

In 2018, the EU adopted a legal framework to regulate the use of personally identifiable information online. This law is the General Data Protection Regulation or GDPR.

The GDPR takes a comprehensive approach to adding both consent workflows and transparency to data collection policies online. It also describes the requirements for collecting and processing data, and gives people the so-called "right to be forgotten".

What is a data processing agreement?

One of the tenets of the GDPR is that a written agreement must exist between the body that collects and stores personal information (i.e. Watchful) and the owner of the personal data (i.e. a Watchful account holder).

This data processing agreement (DPA) describes the storage, protection, sharing, and usage of all personal information collected, including by third-party service providers.

For example, at Watchful we use Mailchimp as our email service provider. Our data processing agreement details how Mailchimp can use any personal information we provide to them such as an account holder's name and email address.

How to complete Watchful's DPA

Follow these steps to complete the Watchful DPA:

  1. Sign into your Watchful account.
  2. Visit the GDPR tab of the account & subscription area.
  3. Click the Download DPA template button to download our DPA. This template already contains the Watchful signature.
  4. Cosign the document using a PDF editor.
  5. Attached the cosigned PDF to an email and send it to the following address: gdpr@watchful.net. Watchful archives the DPA, completing the process.
Data Processing Agreement Template Download
Downloading the Watchful DPA template.

The post How to complete the Watchful data processing agreement for GDPR compliance appeared first on Watchful.

]]>
https://watchful.net/how-to/data-processing-agreement/feed/ 0
Celebrating Watchful’s 10th anniversary 🎈🎈🎉🎈🎈 https://watchful.net/blog/watchfuls-10th-anniversary/ https://watchful.net/blog/watchfuls-10th-anniversary/#respond Fri, 16 Sep 2022 15:24:00 +0000 https://watchful.net/?p=810026 Watchfuls 10th Anniversary

It is hard to believe that September 2022 marks Watchful's 10th anniversary.

Not many businesses make it to 10 years. So I'm both proud and humbled to continue providing useful services to web developers, site maintainers and digital agencies.

How it started & how it's going

15 years ago I was a professor at a medical school studying how the body absorbs and uses dietary fats. Back then, I would have called you mad for suggesting I leave my career in academic research and build a website services business.

But here we are on an incredible journey in open source CMS software. It began 20 years ago when I was still a student looking for an affordable way to build a website for my local rugby team.

From those humble beginnings I've had multiple widget shops, digital agencies, and even a custom sports apparel business. And now I'm celebrating 10 years at Watchful.

Life has a funny way of surprising you.

So many great people

Of course, successful businesses require collaborative teams and partnerships. I am happy to say that I've had the great fortune to work with a lot of amazing people over the years.

Ryan from Widget Factory and Yannick at Weeblr were the first to take the plunge with me. All three of us made major career changes at about the same time and I greatly appreciate the courage I drew from their friendship and support.

Steve Burge from Ramble Ventures is another close friend and colleague. We've worked together for many years and I was thrilled when he invested in Watchful in 2019.

Hats off also to my Watchful co-founders from inetis, Pierre-André and David. We built Watchful from nothing and set the business on a firm-footing that has continued since they moved on in 2018. PA also introduced me to Francesco Abeni who returned to Watchful in 2018 after a hiatus.

I'm most grateful to our amazing team (past and present) at Watchful. When I became the sole owner of Watchful we had to rebuild. I was lucky enough to find a dedicated and compassionate team to continue the journey with me including Francesco (above) and my friend Cory Webb.

The current Watchful team were last together in-person in 2020 right before the COVID-19 lock downs began. I'm happy to say we're still going strong!

Although the rigors of running a business can strain relationships at times, I'm glad to have made some lasting friendships along the way.

Family support

Changing careers is never easy, but having the support of your family is key. My wife Daisy, as well as my parents, have always shown the greatest of confidence in my many adventures. This includes starting Watchful in 2012 and purchasing full ownership from my co-founders in 2018.

The change from an academic career to one in web services allowed me to work from home. Because of this, our children didn't need after school care and I could spend a lot more time with them.

Working from home also gave me the flexibility to attend lots of school events and kids activities. Now that my children are (or are nearly) adults, I look back with a great fondness at the time I could spend with them because of my career at Watchful.

The very best customers

While many folks helped me along the way, Watchful would not have lasted long without the trust and loyalty of our users. Many who joined us back in 2012 are still paying customers today!

I can't say "thank-you" enough to the folks (that's you!) who make it possible to earn a living, and support my family and staff.

Slowing down after Watchful's 10th anniversary?

If you follow our blog, you'll see that we remain very active in improving Watchful. As you'll see below, our 10th year was no different.

We have lots of plans for 2023 and beyond, and we can't wait to show you what's coming up! Slowing down is not one of those things! 😀

Year 10 summary

We've been pretty busy in the last year. Perhaps the two largest projects are rolling out support for Google Analytics 4, and building an uptime monitoring tool from the ground up.

But we've done lots of other things as well. Here's a closer look.

Analytics, reports & monitoring

Analytics and monitoring were a big focus in 2022.

Google Analytics 4

For example, Google Analytics 4 has been on our radar since it was first released in 2020. While we first urged caution in making the transition, GA4 migration should now be on everyone's to-do list as Universal Analytics will sunset next year.

As such, Google Analytics 4 is fully supported for all Watchful Premium users.

Enable Google Analytics 4
Switching to Google Analytics 4 in Watchful.

Uptime monitoring

We've also been building our own uptime monitoring tool to have better control over notifications, more accurate uptime detection, and better access to site uptime data. To support this tool, we've added new IP addresses to Watchful that you will want to add to your firewall(s) white list.

Reports

Reports also got some attention. Building on our custom SMTP tool for sending client reports, this year we added a notification and log entry when scheduled reports fail to send. Although this check was added because of a rare bug we discovered, it turned into a useful tool to monitor the proper functioning of custom email servers.

Failed Scheduled Report Notification
Enabling email notifications when reports fail to send.

Website Backups

We also spent some time in 2022 improving our backups. Most notably, Watchful users can now schedule up to three backups per site. This feature is great for using different schedules for a database backup versus a full-site backup for example.

We've also done quite a bit of work on the XCloner backup plugin in recent months. Security of the plugin is greatly improved and we are working hard to modernize the code base and build more deep integrations with Watchful.

Multiple Backup Profiles
Multiple backup profiles in Watchful.

Plugin and theme updates

Updates received lots of attention in 2022.

Theme updates

First and foremost, we introduced full support for theme updates, something Watchful has long had on its to-do list.

Themes can now be updated alongside plugins in the seamless way you would expect from website maintenance service.

Update fresh

Having a recent or "fresh" backup helps prevent data loss if a theme or plugin update breaks your site. So we added a new monitoring tool in the bulk updater that reminds you which updates are pending for sites with fresh backups.

This new update fresh tool thus lets you stay productive and quickly update sites in bulk if they already have a recent backup. Sites with stale backups will not have bulk updates applied when using this feature.

Fresh Updates Pending
The update fresh tool indicates which updates will be applied to sites with recent backups.

Premium update support

In addition to updating free plugins, Watchful also supports updating paid plugins from the developers of Easy Digital Downloads, WP Fusion, Publish Press and Elegant Marketplace, to name a few. I'm happy to report that we've expanded this list with the addition of GiveWP add-ons, Formidable Forms, WP Staging PRO, and Advanced Ads Pro.

We also added all seven pro plugins from Meow Apps including Perfect Images Pro and Media Cleaner Pro.

Other features and tweaks

A few items we developed this year are not as easily categorized, but are really interesting and important.

Watchful apps

For example, we relaunched the apps program this year as a way for WordPress users to extend Watchful in creative ways. For example, we published a proof-of-concept Changed Files plugin on the WordPress repo that lets you monitor specific files on your site for changes.

Single sign-on

We also relaunched single sign-on to make it easy to log into all of the sites in your account.

Single sign-on fully supports user roles so you can give limited access to sites as needed.

Security

We also made a small but important security tweak related to a site's secret key to help keep your sites safe. The secret key is used to authorize communications between Watchful and your website.

Knowing the secret key could allow unauthorized access to your site

The secret is now password-protected. So even when logged into Watchful, you'll need your account password to view the secret key.

Blog posts and how-to articles during Watchful's 10th anniversary year

We also published a number of blog posts and how-to article during Watchful's 10th anniversary year.

The most popular of these was entitled 68 free tools for web designers and developers. We've continued to update this post throughout the year and we're happy to take suggestions on other tools and services you use.

We also had a few posts inspired by interviews with some friends and colleagues such as Do I need a Sitemap and How to switch to freelance web development full-time.

Here is a full list:

Join us in celebrating Watchful's 10th anniversary

We'd love to hear your feedback on our first 10 years, as well as where you'd like to see Watchful go in the next 10 years. Feel free to post your thoughts in the comments below.

Watchful 10 Years
Special shout-out to my friend Joe Campbell for this awesome graphic.

The post Celebrating Watchful’s 10th anniversary 🎈🎈🎉🎈🎈 appeared first on Watchful.

]]>
Watchfuls 10th Anniversary

It is hard to believe that September 2022 marks Watchful's 10th anniversary.

Not many businesses make it to 10 years. So I'm both proud and humbled to continue providing useful services to web developers, site maintainers and digital agencies.

How it started & how it's going

15 years ago I was a professor at a medical school studying how the body absorbs and uses dietary fats. Back then, I would have called you mad for suggesting I leave my career in academic research and build a website services business.

But here we are on an incredible journey in open source CMS software. It began 20 years ago when I was still a student looking for an affordable way to build a website for my local rugby team.

From those humble beginnings I've had multiple widget shops, digital agencies, and even a custom sports apparel business. And now I'm celebrating 10 years at Watchful.

Life has a funny way of surprising you.

So many great people

Of course, successful businesses require collaborative teams and partnerships. I am happy to say that I've had the great fortune to work with a lot of amazing people over the years.

Ryan from Widget Factory and Yannick at Weeblr were the first to take the plunge with me. All three of us made major career changes at about the same time and I greatly appreciate the courage I drew from their friendship and support.

Steve Burge from Ramble Ventures is another close friend and colleague. We've worked together for many years and I was thrilled when he invested in Watchful in 2019.

Hats off also to my Watchful co-founders from inetis, Pierre-André and David. We built Watchful from nothing and set the business on a firm-footing that has continued since they moved on in 2018. PA also introduced me to Francesco Abeni who returned to Watchful in 2018 after a hiatus.

I'm most grateful to our amazing team (past and present) at Watchful. When I became the sole owner of Watchful we had to rebuild. I was lucky enough to find a dedicated and compassionate team to continue the journey with me including Francesco (above) and my friend Cory Webb.

The current Watchful team were last together in-person in 2020 right before the COVID-19 lock downs began. I'm happy to say we're still going strong!

Although the rigors of running a business can strain relationships at times, I'm glad to have made some lasting friendships along the way.

Family support

Changing careers is never easy, but having the support of your family is key. My wife Daisy, as well as my parents, have always shown the greatest of confidence in my many adventures. This includes starting Watchful in 2012 and purchasing full ownership from my co-founders in 2018.

The change from an academic career to one in web services allowed me to work from home. Because of this, our children didn't need after school care and I could spend a lot more time with them.

Working from home also gave me the flexibility to attend lots of school events and kids activities. Now that my children are (or are nearly) adults, I look back with a great fondness at the time I could spend with them because of my career at Watchful.

The very best customers

While many folks helped me along the way, Watchful would not have lasted long without the trust and loyalty of our users. Many who joined us back in 2012 are still paying customers today!

I can't say "thank-you" enough to the folks (that's you!) who make it possible to earn a living, and support my family and staff.

Slowing down after Watchful's 10th anniversary?

If you follow our blog, you'll see that we remain very active in improving Watchful. As you'll see below, our 10th year was no different.

We have lots of plans for 2023 and beyond, and we can't wait to show you what's coming up! Slowing down is not one of those things! 😀

Year 10 summary

We've been pretty busy in the last year. Perhaps the two largest projects are rolling out support for Google Analytics 4, and building an uptime monitoring tool from the ground up.

But we've done lots of other things as well. Here's a closer look.

Analytics, reports & monitoring

Analytics and monitoring were a big focus in 2022.

Google Analytics 4

For example, Google Analytics 4 has been on our radar since it was first released in 2020. While we first urged caution in making the transition, GA4 migration should now be on everyone's to-do list as Universal Analytics will sunset next year.

As such, Google Analytics 4 is fully supported for all Watchful Premium users.

Enable Google Analytics 4
Switching to Google Analytics 4 in Watchful.

Uptime monitoring

We've also been building our own uptime monitoring tool to have better control over notifications, more accurate uptime detection, and better access to site uptime data. To support this tool, we've added new IP addresses to Watchful that you will want to add to your firewall(s) white list.

Reports

Reports also got some attention. Building on our custom SMTP tool for sending client reports, this year we added a notification and log entry when scheduled reports fail to send. Although this check was added because of a rare bug we discovered, it turned into a useful tool to monitor the proper functioning of custom email servers.

Failed Scheduled Report Notification
Enabling email notifications when reports fail to send.

Website Backups

We also spent some time in 2022 improving our backups. Most notably, Watchful users can now schedule up to three backups per site. This feature is great for using different schedules for a database backup versus a full-site backup for example.

We've also done quite a bit of work on the XCloner backup plugin in recent months. Security of the plugin is greatly improved and we are working hard to modernize the code base and build more deep integrations with Watchful.

Multiple Backup Profiles
Multiple backup profiles in Watchful.

Plugin and theme updates

Updates received lots of attention in 2022.

Theme updates

First and foremost, we introduced full support for theme updates, something Watchful has long had on its to-do list.

Themes can now be updated alongside plugins in the seamless way you would expect from website maintenance service.

Update fresh

Having a recent or "fresh" backup helps prevent data loss if a theme or plugin update breaks your site. So we added a new monitoring tool in the bulk updater that reminds you which updates are pending for sites with fresh backups.

This new update fresh tool thus lets you stay productive and quickly update sites in bulk if they already have a recent backup. Sites with stale backups will not have bulk updates applied when using this feature.

Fresh Updates Pending
The update fresh tool indicates which updates will be applied to sites with recent backups.

Premium update support

In addition to updating free plugins, Watchful also supports updating paid plugins from the developers of Easy Digital Downloads, WP Fusion, Publish Press and Elegant Marketplace, to name a few. I'm happy to report that we've expanded this list with the addition of GiveWP add-ons, Formidable Forms, WP Staging PRO, and Advanced Ads Pro.

We also added all seven pro plugins from Meow Apps including Perfect Images Pro and Media Cleaner Pro.

Other features and tweaks

A few items we developed this year are not as easily categorized, but are really interesting and important.

Watchful apps

For example, we relaunched the apps program this year as a way for WordPress users to extend Watchful in creative ways. For example, we published a proof-of-concept Changed Files plugin on the WordPress repo that lets you monitor specific files on your site for changes.

Single sign-on

We also relaunched single sign-on to make it easy to log into all of the sites in your account.

Single sign-on fully supports user roles so you can give limited access to sites as needed.

Security

We also made a small but important security tweak related to a site's secret key to help keep your sites safe. The secret key is used to authorize communications between Watchful and your website.

Knowing the secret key could allow unauthorized access to your site

The secret is now password-protected. So even when logged into Watchful, you'll need your account password to view the secret key.

Blog posts and how-to articles during Watchful's 10th anniversary year

We also published a number of blog posts and how-to article during Watchful's 10th anniversary year.

The most popular of these was entitled 68 free tools for web designers and developers. We've continued to update this post throughout the year and we're happy to take suggestions on other tools and services you use.

We also had a few posts inspired by interviews with some friends and colleagues such as Do I need a Sitemap and How to switch to freelance web development full-time.

Here is a full list:

Join us in celebrating Watchful's 10th anniversary

We'd love to hear your feedback on our first 10 years, as well as where you'd like to see Watchful go in the next 10 years. Feel free to post your thoughts in the comments below.

Watchful 10 Years
Special shout-out to my friend Joe Campbell for this awesome graphic.

The post Celebrating Watchful’s 10th anniversary 🎈🎈🎉🎈🎈 appeared first on Watchful.

]]>
https://watchful.net/blog/watchfuls-10th-anniversary/feed/ 0
Watchful now supports Google Analytics 4 https://watchful.net/news/google-analytics-4-support/ https://watchful.net/news/google-analytics-4-support/#comments Thu, 08 Sep 2022 11:09:42 +0000 https://watchful.net/?p=756601 Watchful Google Analytics 4

Since 2014, reports generated by Watchful have been able to include traffic and other visitor data from Google's Universal Analytics (UA). Today we are happy to announce that Google Analytics 4 (GA4) is now fully supported as well.

Why support Google Analytics 4?

Despite privacy concerns and new legislation, Google Analytics — including Google Tag Manager — remains the most common tracking script used on the web.

The third version of Google Analytics is called Universal Analytics (UA) and was released in 2005. UA will be replaced by GA4 which was released in 2020.

Initially, we urged caution when migrating to GA4. However, Google announced the "sunsetting" of UA in August of 2023.

With less than one year of UA support remaining, we knew it was time to get moving on GA4. GA4 is the clear future for Google's website tracking technology, so naturally we have been preparing for it for some time.

What have you done so far?

As part of the preparations for supporting Google Analytics 4, we recently outlined the necessary changes to client reports that include traffic data.

In the background, we have of course been working with the GA4 API to create a drop-in replacement for the UA data we currently use in reports. This work has been ongoing since late Spring and was mostly completed at the end of July.

A few weeks ago we also published a tutorial to help users start their migration to GA4.

How do I use Google Analytics 4 at Watchful?

Google Analytics 4 is Watchful Premium feature. Here are the steps to start using GA4 with Watchful:

  1. Log into your Watchful account.
  2. Ensure you have added the appropriate Google Analytics account to Watchful. Full details are available in our knowledge base, including adding multiple analytics accounts.
  3. Follow our step-by-step guide to creating a GA4 property to use alongside your existing UA property.

    Note: Be sure to collect at least 30 days of data in GA4 before proceeding to the next step.

  4. From Watchful's sites dashboard, click a site name to open the sites drawer.
  5. Click the Google Analytics link in the drawer.
  6. In the Google Analytics modal, click the Use GA property button as indicated below.
  7. Repeat this process for each of your sites.

Enable Google Analytics 4
Enabling Google Analytics 4 in Watchful.

Can I switch back to UA?

Update 2023-12-13: It is no longer possible to revert to Universal Analytics.

Yes! Feel free to test GA4 with your sites and switch back to UA as needed. The process is similar to that descried above for switching to GA4.

What about reports?

If you are using Google Analytics in your client reports, they will continue to work as they have done in the past. This includes scheduled reports that are sent to clients.

Importantly, reports will respect the version of Google Analytics selected for each of your sites (GA4 or UA). Thus no changes are needed for any saved reports.

However, we encourage you to examine the saved reports for any sites using GA4 to make sure it looks as expected.

Can I keep using Universal Analytics?

Update 2023-12-13: We are currently removing Universal Analytics from Watchful.

Watchful will support Universal Analytics as long as it is supported by Google.

Our current expectation is that Universal Analytics continue to serve data from its API through February 2024. However, we will monitor the UA API and adjust our support window as appropriate.

The post Watchful now supports Google Analytics 4 appeared first on Watchful.

]]>
Watchful Google Analytics 4

Since 2014, reports generated by Watchful have been able to include traffic and other visitor data from Google's Universal Analytics (UA). Today we are happy to announce that Google Analytics 4 (GA4) is now fully supported as well.

Why support Google Analytics 4?

Despite privacy concerns and new legislation, Google Analytics — including Google Tag Manager — remains the most common tracking script used on the web.

The third version of Google Analytics is called Universal Analytics (UA) and was released in 2005. UA will be replaced by GA4 which was released in 2020.

Initially, we urged caution when migrating to GA4. However, Google announced the "sunsetting" of UA in August of 2023.

With less than one year of UA support remaining, we knew it was time to get moving on GA4. GA4 is the clear future for Google's website tracking technology, so naturally we have been preparing for it for some time.

What have you done so far?

As part of the preparations for supporting Google Analytics 4, we recently outlined the necessary changes to client reports that include traffic data.

In the background, we have of course been working with the GA4 API to create a drop-in replacement for the UA data we currently use in reports. This work has been ongoing since late Spring and was mostly completed at the end of July.

A few weeks ago we also published a tutorial to help users start their migration to GA4.

How do I use Google Analytics 4 at Watchful?

Google Analytics 4 is Watchful Premium feature. Here are the steps to start using GA4 with Watchful:

  1. Log into your Watchful account.
  2. Ensure you have added the appropriate Google Analytics account to Watchful. Full details are available in our knowledge base, including adding multiple analytics accounts.
  3. Follow our step-by-step guide to creating a GA4 property to use alongside your existing UA property.

    Note: Be sure to collect at least 30 days of data in GA4 before proceeding to the next step.
  4. From Watchful's sites dashboard, click a site name to open the sites drawer.
  5. Click the Google Analytics link in the drawer.
  6. In the Google Analytics modal, click the Use GA property button as indicated below.
  7. Repeat this process for each of your sites.
Enable Google Analytics 4
Enabling Google Analytics 4 in Watchful.

Can I switch back to UA?

Update 2023-12-13: It is no longer possible to revert to Universal Analytics.

Yes! Feel free to test GA4 with your sites and switch back to UA as needed. The process is similar to that descried above for switching to GA4.

What about reports?

If you are using Google Analytics in your client reports, they will continue to work as they have done in the past. This includes scheduled reports that are sent to clients.

Importantly, reports will respect the version of Google Analytics selected for each of your sites (GA4 or UA). Thus no changes are needed for any saved reports.

However, we encourage you to examine the saved reports for any sites using GA4 to make sure it looks as expected.

Can I keep using Universal Analytics?

Update 2023-12-13: We are currently removing Universal Analytics from Watchful.

Watchful will support Universal Analytics as long as it is supported by Google.

Our current expectation is that Universal Analytics continue to serve data from its API through February 2024. However, we will monitor the UA API and adjust our support window as appropriate.

The post Watchful now supports Google Analytics 4 appeared first on Watchful.

]]>
https://watchful.net/news/google-analytics-4-support/feed/ 2
It’s time to start migrating to Google Analytics 4 – even if you’re not ready! https://watchful.net/how-to/migrating-to-google-analytics-4/ https://watchful.net/how-to/migrating-to-google-analytics-4/#respond Wed, 24 Aug 2022 18:56:59 +0000 https://watchful.net/?p=756262 Start The Migration To Google Analytics 4

If you use Google's Universal Analytics (UA) to monitor traffic on your website, you are probably aware that it will sunset and stop collecting data on July 1, 2023. You may also know that UA is being replaced by Google Analytics 4 (GA4). But did you know that the traffic data currently in UA will not be migrated to GA4? You need to start migrating to Google Analytics 4 today to build the necessary historical data before UA sunsets.

What's happening to UA?

UA is the most common web analytics platform used by web developers and agencies. It allows you to track visits to your site, audience demographics, conversions, and much more.

One July 1, 2023, UA will stop processing the data it receives from your websites. For example, if you're used to seeing how many visitors come to your site each month, this data will not be visible after the sunset date.

What is replacing UA?

GA4 was released in October 2020 and will eventually replace UA entirely. GA4 focuses on user activity across multiple platforms and the data it collects and reports differs significantly from UA (which is primarily device-based).

For example, "page views" do not exist in GA4 while this is a primary metric in UA.

Since the data collected by GA4 is quite different (here's a good summary), Google has decided to not port any data forward. That means any new GA4 "property" (to use Google's terms) is starting with zero data of any kind.

In other words, migrating to GA4 is like starting with Google Analytics/UA for the very first time for all of your websites.

Why you should start migrating to Google Analytics 4 now?

If you regularly send UA reports to clients, you will be familiar with the traffic and user data included in the default report.

Since new GA4 properties are starting with no data, it is critical that you start migrating to GA4. This will give time to collect enough historical data so you can send meaningful reports to your clients.

Additionally, we have been working on GA4 support at Watchful and it will be released soon. By starting the GA4 migration, you will be ready to switch Watchful reports to GA4 as soon as you prefer.

How do I start the migration?

Complete migration

For context, here is the workflow for a complete migration to GA4:

  1. Create a GA4 property for each of your existing UA properties.
  2. Install the GA4 tracking code on your site while retaining the UA tracking code. In other words, use both GA4 and UA at the same time.
  3. Continue using UA for reports and other analytics-based activities for 6 months or more.
  4. After 6 months of running both UA and GA4, switch your reporting and other analytics-based activities to use GA4.
  5. Remove the UA tracking code from your websites.

Starting the migration

As noted above, we recommend collecting at least 6 months of website data using GA4 before disabling UA. This is a broad estimate, and the exact time will depend on how you use analytics. For most sites, 1 month of data is probably the minimum to collect before disabling UA.

With this in mind, you can get started on your migration today by completing Steps 1 and 2 above for each of your sites.

What about new sites?

If you are launching a new site, it's probably best to simply use GA4.

Step-by-step guide to start migrating to Google Analytics 4

Here's a walk-through of the steps required to create a GA4 property and start collecting data. GA4 can feel foreign at first, so I've included lots of screenshots to guide you.

A — Log into Google Analytics.

Log into your Google Analytics account and select one of your existing UA properties.

B — Open the GA4 Setup Assistant.

At the top of the page, you should see the following warning:

Universal Analytics will no longer process new data in standard properties beginning July 1, 2023. Prepare now by setting up and switching over to a Google Analytics 4 property.

At the top-right, click the Let's go button.

If you don't see the warning/button as shown below, click the Admin button at the bottom-left. Then in the Property column select GA4 Setup Assistant.

Ua Ga4 Lets Go Prompt
Launching the GA4 Setup Assistant from Universal Analytics.

C — Create the GA4 property.

In the GA4 Setup Assistant, click Create Property. Once created, click Go to your GA4 property.

Ga4 Create New Property
Creating a new GA4 property.

D — Obtain the GA4 measurement ID and tracking script.

After completing step C, you should be redirected to the Setup Assistant for the new GA4 property. On the left in the Property column select Data Streams. As shown below, you should see a No data received... warning. This is expected for a new GA4 property/data stream.

Ga4 Data Streams
Data streams in GA4.

Click the arrow at the right of the stream name (or anywhere on this row) to reveal the stream details. Note the MEASUREMENT ID, then click the View tag instructions button.

Ga4 Stream Details
Web stream details in GA4.

Finally, select the Install manually tab to reveal a code snippet like the one shown below.

Ga4 Install Tag Manually
An example Google tag snippet for a GA4 data stream.

E — Installing the measurement ID or tracking script.

Things can get a little complicated at this step as connecting your site to GA4 differs depending on how UA is currently configured. We'll cover the 3 most common situations below.

Installing the GA4 tag on a new site.

In this case, simply insert the entire tracking script in the head of your website. For example, in WordPress, you can insert the code in the /wp-content/themes/[theme_name]/header.php file.

Installing the GA4 tag on a site where UA is installed with analytics.js.

This situation is identical to installing GA4 on a new site as described above. The only thing to note when adding the tracking script is to leave the existing analytics.js script in place. It will remain until you have collected the needed amount of historical data in GA4.

Installing the GA4 tag on a site where UA is installed with gtag.js.

This situation is a little trickier as you will already have a gtag.js in the header of your site linked to your UA property. For example, you may see a line like this (note the UA prefix):

gtag('config', 'UA-958885734-2');

This line must remain to keep your existing UA data collection. Modify the existing gtag script to include the measurement ID you noted in the previous step (note the G prefix). For example:

gtag('config', 'UA-958885734-2');
gtag('config', 'G-C75SG5402VW');

F — Confirm that GA4 is collecting data.

Once you've installed the tracking script or added the GA4 tag, it's time to make sure it's working as expected. The GA4 interface can be a little slow to indicate that the installation was successful.

I prefer to visit the frontend of the website in a private/incognito browser window and then review the real-time report IN GA4 to make sure at least one user is visiting the site.

And if all has gone as expected, the GA4 property should eventually indicate that data collection is active.

Ga4 Website Data Collection Active
This notification indicates that migrating to GA4 has begun.

When can I use GA4 in Watchful reports?

As of September 8, 2022, Watchful supports Google Analytics 4.

When will you start migrating to Google Analytics 4?

Let us know in the comments below if you've already started migrating your sites to GA4 or when you plan to begin. And how much historical data will you collect before removing UA?

The post It’s time to start migrating to Google Analytics 4 – even if you’re not ready! appeared first on Watchful.

]]>
Start The Migration To Google Analytics 4

If you use Google's Universal Analytics (UA) to monitor traffic on your website, you are probably aware that it will sunset and stop collecting data on July 1, 2023. You may also know that UA is being replaced by Google Analytics 4 (GA4). But did you know that the traffic data currently in UA will not be migrated to GA4? You need to start migrating to Google Analytics 4 today to build the necessary historical data before UA sunsets.

What's happening to UA?

UA is the most common web analytics platform used by web developers and agencies. It allows you to track visits to your site, audience demographics, conversions, and much more.

One July 1, 2023, UA will stop processing the data it receives from your websites. For example, if you're used to seeing how many visitors come to your site each month, this data will not be visible after the sunset date.

What is replacing UA?

GA4 was released in October 2020 and will eventually replace UA entirely. GA4 focuses on user activity across multiple platforms and the data it collects and reports differs significantly from UA (which is primarily device-based).

For example, "page views" do not exist in GA4 while this is a primary metric in UA.

Since the data collected by GA4 is quite different (here's a good summary), Google has decided to not port any data forward. That means any new GA4 "property" (to use Google's terms) is starting with zero data of any kind.

In other words, migrating to GA4 is like starting with Google Analytics/UA for the very first time for all of your websites.

Why you should start migrating to Google Analytics 4 now?

If you regularly send UA reports to clients, you will be familiar with the traffic and user data included in the default report.

Since new GA4 properties are starting with no data, it is critical that you start migrating to GA4. This will give time to collect enough historical data so you can send meaningful reports to your clients.

Additionally, we have been working on GA4 support at Watchful and it will be released soon. By starting the GA4 migration, you will be ready to switch Watchful reports to GA4 as soon as you prefer.

How do I start the migration?

Complete migration

For context, here is the workflow for a complete migration to GA4:

  1. Create a GA4 property for each of your existing UA properties.
  2. Install the GA4 tracking code on your site while retaining the UA tracking code. In other words, use both GA4 and UA at the same time.
  3. Continue using UA for reports and other analytics-based activities for 6 months or more.
  4. After 6 months of running both UA and GA4, switch your reporting and other analytics-based activities to use GA4.
  5. Remove the UA tracking code from your websites.

Starting the migration

As noted above, we recommend collecting at least 6 months of website data using GA4 before disabling UA. This is a broad estimate, and the exact time will depend on how you use analytics. For most sites, 1 month of data is probably the minimum to collect before disabling UA.

With this in mind, you can get started on your migration today by completing Steps 1 and 2 above for each of your sites.

What about new sites?

If you are launching a new site, it's probably best to simply use GA4.

Step-by-step guide to start migrating to Google Analytics 4

Here's a walk-through of the steps required to create a GA4 property and start collecting data. GA4 can feel foreign at first, so I've included lots of screenshots to guide you.

A — Log into Google Analytics.

Log into your Google Analytics account and select one of your existing UA properties.

B — Open the GA4 Setup Assistant.

At the top of the page, you should see the following warning:

Universal Analytics will no longer process new data in standard properties beginning July 1, 2023. Prepare now by setting up and switching over to a Google Analytics 4 property.

At the top-right, click the Let's go button.

If you don't see the warning/button as shown below, click the Admin button at the bottom-left. Then in the Property column select GA4 Setup Assistant.

Ua Ga4 Lets Go Prompt
Launching the GA4 Setup Assistant from Universal Analytics.

C — Create the GA4 property.

In the GA4 Setup Assistant, click Create Property. Once created, click Go to your GA4 property.

Ga4 Create New Property
Creating a new GA4 property.

D — Obtain the GA4 measurement ID and tracking script.

After completing step C, you should be redirected to the Setup Assistant for the new GA4 property. On the left in the Property column select Data Streams. As shown below, you should see a No data received... warning. This is expected for a new GA4 property/data stream.

Ga4 Data Streams
Data streams in GA4.

Click the arrow at the right of the stream name (or anywhere on this row) to reveal the stream details. Note the MEASUREMENT ID, then click the View tag instructions button.

Ga4 Stream Details
Web stream details in GA4.

Finally, select the Install manually tab to reveal a code snippet like the one shown below.

Ga4 Install Tag Manually
An example Google tag snippet for a GA4 data stream.

E — Installing the measurement ID or tracking script.

Things can get a little complicated at this step as connecting your site to GA4 differs depending on how UA is currently configured. We'll cover the 3 most common situations below.

Installing the GA4 tag on a new site.

In this case, simply insert the entire tracking script in the head of your website. For example, in WordPress, you can insert the code in the /wp-content/themes/[theme_name]/header.php file.

Installing the GA4 tag on a site where UA is installed with analytics.js.

This situation is identical to installing GA4 on a new site as described above. The only thing to note when adding the tracking script is to leave the existing analytics.js script in place. It will remain until you have collected the needed amount of historical data in GA4.

Installing the GA4 tag on a site where UA is installed with gtag.js.

This situation is a little trickier as you will already have a gtag.js in the header of your site linked to your UA property. For example, you may see a line like this (note the UA prefix):

gtag('config', 'UA-958885734-2');

This line must remain to keep your existing UA data collection. Modify the existing gtag script to include the measurement ID you noted in the previous step (note the G prefix). For example:

gtag('config', 'UA-958885734-2');
gtag('config', 'G-C75SG5402VW');

F — Confirm that GA4 is collecting data.

Once you've installed the tracking script or added the GA4 tag, it's time to make sure it's working as expected. The GA4 interface can be a little slow to indicate that the installation was successful.

I prefer to visit the frontend of the website in a private/incognito browser window and then review the real-time report IN GA4 to make sure at least one user is visiting the site.

And if all has gone as expected, the GA4 property should eventually indicate that data collection is active.

Ga4 Website Data Collection Active
This notification indicates that migrating to GA4 has begun.

When can I use GA4 in Watchful reports?

As of September 8, 2022, Watchful supports Google Analytics 4.

When will you start migrating to Google Analytics 4?

Let us know in the comments below if you've already started migrating your sites to GA4 or when you plan to begin. And how much historical data will you collect before removing UA?

The post It’s time to start migrating to Google Analytics 4 – even if you’re not ready! appeared first on Watchful.

]]>
https://watchful.net/how-to/migrating-to-google-analytics-4/feed/ 0
Watchful platform updates for Summer 2022 https://watchful.net/news/platform-updates-for-summer-2022/ https://watchful.net/news/platform-updates-for-summer-2022/#respond Tue, 23 Aug 2022 09:43:00 +0000 https://watchful.net/?p=754986 Platform Updates For Summer 2022

Summertime is typically a bit of a slower period here at Watchful. So our engineers get a chance to chip away at some of the less-urgent tasks on our roadmap. While many of these don't warrant their own blog post, I thought it might be useful to compile our platform updates for Summer 2022 so they don't go overlooked.

User interface changes

A number of the changes we'll highlight in this post are related to the user interface or UI of Watchful. We're always looking for ways to improve the user experience, and many of these begin as feature requests by Watchful account holders.

Improved log filters

A small but very useful change to the log search and filter tool. As most of you know, the Watchful logs are extensive and can be overwhelming when you add more than a few sites.

Many users will filter the logs either by site or by log type. In the latter case, perhaps you want to view the recently completed backups. You can now select this easily in the log type dropdown grouped with the other backups related log types.

The change here is that the log types are now grouped in the same way as the log types are grouped in the notifications area (core updates, backups, file changes, etc...).

Log Filtering Changes 2022
Log type filters (left) are now grouped the same way as the notification selectors (right).

Password protected secret key

When you add a site to Watchful, we use a secret key to encrypt communications between the platform and your website.

Previously, anyone logged into your Watchful account could view the key. This could be a security risk if your PC was left unattended while logged into Watchful (for example).

The secret key can be viewed when editing the site details. As you can see below, the key is now password protected. You will need to click the eye icon and reenter the account password to reveal the secret key.

Passeword Protected Secret Key
The secret key is now password protected by default.

Opt-in to test new features

The final last UI change we made that I want to highlight is the ability to opt-in to our early access program. This can be found on the profile tab of the account area in Watchful.

The early access program is included with Watchful Premium and lets users test new features in late-stage development.

Join Early Access Program
Opt-in to the early access program in the profile area at Watchful.

New features

The platform updates for Summer 2022 also include a few new features.

New uptime monitoring tool

First on our list is a new uptime monitoring tool. We've been quietly developing it for some time and started slowly and carefully rolling it out over the summer months.

As we've expanded its use, we've fixed bugs and improved reliability along the way.

False downtime alerts are one of the areas we hoped to improve when building our own uptime monitoring system. False positives often occur when the server performing the uptime check is physically located far away from the server hosting the website in question.

One of the most recent changes we made to address this problem is the addition of multiple servers around the world to help check and verify that sites are actually up or down. Our array of servers can now perform uptime checks from Australia, Brazil, Canada, France, Germany, Ireland, Sweden, and the United States.

As a result, a number of new IP addresses have been added to our white listing documentation.

Update, 2022-10-27: The new uptime monitoring tool has been fully launched. See the announcement on our blog for full details.

Theme updates enabled

And finally, WordPress now supports updates for your WordPress themes alongside plugins and core updates.

This was a very common feature request and we are thrilled to have full support for all types of WordPress updates.

This Fall we will also add theme updates to our Automatic Update Scheduler.

Wordpress Theme Updates
WordPress themes in the Watchful Updater.

Work-life balance is important

Summertime can be hectic for anyone in the web design business. For me personally, it's always a struggle to find the right balance between productivity at work, spending time outside to enjoy the warmer weather, sharing a vacation with family and helping my children get ready for the upcoming school year.

Despite this, I'm proud of what we accomplished this summer and I'm excited to celebrate our 10th birthday next month!

The post Watchful platform updates for Summer 2022 appeared first on Watchful.

]]>
Platform Updates For Summer 2022

Summertime is typically a bit of a slower period here at Watchful. So our engineers get a chance to chip away at some of the less-urgent tasks on our roadmap. While many of these don't warrant their own blog post, I thought it might be useful to compile our platform updates for Summer 2022 so they don't go overlooked.

User interface changes

A number of the changes we'll highlight in this post are related to the user interface or UI of Watchful. We're always looking for ways to improve the user experience, and many of these begin as feature requests by Watchful account holders.

Improved log filters

A small but very useful change to the log search and filter tool. As most of you know, the Watchful logs are extensive and can be overwhelming when you add more than a few sites.

Many users will filter the logs either by site or by log type. In the latter case, perhaps you want to view the recently completed backups. You can now select this easily in the log type dropdown grouped with the other backups related log types.

The change here is that the log types are now grouped in the same way as the log types are grouped in the notifications area (core updates, backups, file changes, etc...).

Log Filtering Changes 2022
Log type filters (left) are now grouped the same way as the notification selectors (right).

Password protected secret key

When you add a site to Watchful, we use a secret key to encrypt communications between the platform and your website.

Previously, anyone logged into your Watchful account could view the key. This could be a security risk if your PC was left unattended while logged into Watchful (for example).

The secret key can be viewed when editing the site details. As you can see below, the key is now password protected. You will need to click the eye icon and reenter the account password to reveal the secret key.

Passeword Protected Secret Key
The secret key is now password protected by default.

Opt-in to test new features

The final last UI change we made that I want to highlight is the ability to opt-in to our early access program. This can be found on the profile tab of the account area in Watchful.

The early access program is included with Watchful Premium and lets users test new features in late-stage development.

Join Early Access Program
Opt-in to the early access program in the profile area at Watchful.

New features

The platform updates for Summer 2022 also include a few new features.

New uptime monitoring tool

First on our list is a new uptime monitoring tool. We've been quietly developing it for some time and started slowly and carefully rolling it out over the summer months.

As we've expanded its use, we've fixed bugs and improved reliability along the way.

False downtime alerts are one of the areas we hoped to improve when building our own uptime monitoring system. False positives often occur when the server performing the uptime check is physically located far away from the server hosting the website in question.

One of the most recent changes we made to address this problem is the addition of multiple servers around the world to help check and verify that sites are actually up or down. Our array of servers can now perform uptime checks from Australia, Brazil, Canada, France, Germany, Ireland, Sweden, and the United States.

As a result, a number of new IP addresses have been added to our white listing documentation.

Update, 2022-10-27: The new uptime monitoring tool has been fully launched. See the announcement on our blog for full details.

Theme updates enabled

And finally, WordPress now supports updates for your WordPress themes alongside plugins and core updates.

This was a very common feature request and we are thrilled to have full support for all types of WordPress updates.

This Fall we will also add theme updates to our Automatic Update Scheduler.

Wordpress Theme Updates
WordPress themes in the Watchful Updater.

Work-life balance is important

Summertime can be hectic for anyone in the web design business. For me personally, it's always a struggle to find the right balance between productivity at work, spending time outside to enjoy the warmer weather, sharing a vacation with family and helping my children get ready for the upcoming school year.

Despite this, I'm proud of what we accomplished this summer and I'm excited to celebrate our 10th birthday next month!

The post Watchful platform updates for Summer 2022 appeared first on Watchful.

]]>
https://watchful.net/news/platform-updates-for-summer-2022/feed/ 0