Damn Good Content To Grow Your Business In The Digital World
Insights, Ideas and Innovations from the brains of the Saucal NERDS.
Why Your Lame Passwords Will Be the Death of You
15 Aug

Cybersecurity is a big deal, and if you’re not paying attention, it can come back to haunt you.

You may be thinking, “Who, me?” Yes, you.

While there probably isn’t a crew of expert hackers trying to steal your data or net millions of dollars in credit card information (you’re not Target, after all) the vast majority of hackers do want to use your server to send spam emails, which is the number one reason for hacking smaller sites.

That’s why it’s super important to make sure your WooCommerce site is fully secure. But before you shrug your shoulders believing that WordPress has you covered already, think again…

Don’t miss: Has My Website Been Hacked? Your WP Security Checklist

Why It’s Easy to Overlook Security


Don’t get us wrong, WordPress is a killer platform, and we wouldn’t be in business if we didn’t see its inherent value. While its biggest draw is that it handles a lot of the work for you, it’s also easy to assume that WordPress is handling all of your security concerns.

Sure, you might install Akismet to protect against those pesky spammers, but when is the last time you really looked at how easy your site is to hack? We’re not putting words in your mouth here, but probably never, right?

What WordPress/WooCommerce Does Protect Against

Well the good news is that you’re not totally screwed, because like we said, WordPress does protect you against some things. For example:

  • WooThemes for WooCommerce frequently works with WordPress security professionals who audit their work, frequently checking for vulnerabilities
  • WordPress can use SSL certification (through your hosting service) to create safer shopping experiences
  • There are various plugins that will help protect your site further
  • Latest version releases come with built-in security features against most major threats

What It Doesn’t Protect Against

Here’s the bad news. Less than three years ago, 73% of the popular sites using WordPress were considered “vulnerable” to cyber attacks. In fact, of the 10 most vulnerable plugins, five were commercial plugins available for purchase, and one of them was an honest to goodness security plugin.

Which is why you need to be extra vigilant. Here’s what WordPress or even our beloved WooCommerce might not protect against:

  • You forgetting to keep your theme, plugins, and version of WordPress up-to-date
  • You downloading plugins from an unreputable or untested source
  • You using “admin” as a username
  • You not changing your passwords often or using weak passwords
  • You configuring your file directories the wrong way
  • You forgetting to backup your site on a regular basis

Actually, come to think of it, human error seems to be a common theme here. But if we’re honest, forgetting to update to the latest version of WordPress the second it comes out isn’t going to topple your e-commerce empire. Rather, the biggest thing that you’re not safeguarded against on that list is weak passwords. Here’s why…

Why Passwords Are Your Biggest Risk

Have you ever watched a hacker movie or literally any episode of a detective show ever made? There’s always that one character that is (thankfully) working for the good guys who can guess the password on a suspect’s computer simply by knowing what the person’s dog’s name is or their birthday.

We may giggle at it in retrospect, but people are notoriously bad at picking passwords. In fact, 21% of people use passwords over 10 years old, 47% of people use passwords at least five years old, and 73% of all online accounts are guarded by duplicate passwords.

While it may seem like no big deal to you, we should remind you that you’re running an e-commerce business built on thousands of user generated passwords, and if a hacker gets access to one, he gets access to them all.

Your mission, therefore, if you choose to accept it, is to not only create secure passwords for yourself and your team, but also do everything in your power to encourage your customers to do the same.

What Secure Passwords Look Like

We’re not trying to scare you, but the fact is that hackers are getting smarter, and hacking technology has significantly improved in the last few years. You’ll have to go above and beyond to create a truly secure password. Here’s what a secure password includes:

  • Avoiding “dictionary words” (common words), anniversaries, and birthdays
  • Including a mix of capitals, lowercase, numbers, and symbols
  • Prioritizing length – long passwords are less likely to be hacked
  • Generating random passwords whenever possible
  • Creating unique passwords for each account and site

We know that the last one is a tough one, because remembering random strings of letters and numbers over multiple accounts and profiles is genuinely hard, but the more random the password can be, the safer it is from hackers. The best approach is to use a dicelist to generate a completely random password (here’s a good one, and this one too) that’s less likely to be hacked.

If you manage multiple WordPress/WooCommerce sites or you have a larger team that all need access to your site, consider using a service like ManageWP. It’s also extremely important to have a good host for your WordPress site, as we’ve mentioned before.

How to Incorporate Secure Passwords Into WooCommerce

Okay, now for the good news. Since the release of WooCommerce version 2.5, secure password strength indicators are built in to the system. Whenever a new account is being created, a popup will appear and hassle the user (not really) until the password meets certain standards.

But the creation of the password is still up to you and your customers. That’s why it’s a good idea to remind them using text and microcopy around your forms and landing pages about the importance of creating secure passwords.

You can also do a few other things to make sure your site is safe from even the laziest of passwords:

1. Enable two-factor authentication (2FA) on every account. Just because your admin account has an amazing hacker-proof password doesn’t mean all of your accounts do. 2FA relies on a second step, like sending a text to a smartphone, to authenticate a password, which makes it helpful against potential threats.

2. Limit brute force login attempts with Jetpack Protect. One thing can be said about hackers is that they never really give up if they want something. Thankfully, Jetpack’s security features – Jetpack Protect, for instance – allows you to limit the number of times that someone can unsuccessfully login to your site. And if you’re worried about forgetful customers getting locked out, you can also whitelist IP addresses.


3. Use (trusted) security plugins to scan your site. As long as the plugin is from a trusted source (look for good reviews from users and that it’s verified with your version of WordPress – and frequently updated), you shouldn’t have to worry too much, just make sure to keep it updated and implement the other security measures. Don’t just rely on a plugin.

Final Thoughts

We’re not saying that your passwords need to be a version of the chess game from War Games in order to be successful, but they do need a level of complexity more than adding your birth year to your favorite child’s initials.

Make sure your admin accounts (which shouldn’t be called “admin” as a username) and each individual account associated with your site have complex and lengthy passwords. Encourage your users in as many ways as possible to beef up their passwords, too.

Finally, it’s okay to trust WordPress to do their job, but you can’t forget to stay vigilant on your end. Not to say that hackers are lurking behind every bush, but hey, if Hollywood is anything to go by, crazier things have happened.

OH NO! Has your site been hacked? Check out our security checklist just to be safe.
written by
6 WordPress Image Hacks You Need to Know ASAP
01 Aug

We know what you’re thinking: “If they so much as mention image compression in this post I’m clicking away.” Don’t worry, we hear you.

For the WordPress uninitiated, there are plenty of image hacks out there to optimize your site (image compression being a big one, and FYI, we recommend this plugin). In fact, the folks over at WPExplorer have a whole guide dedicated to optimizing images for easy reference. But whether you’re a WP native or just a newbie, there are a few things about image optimization you might not know about yet, but you definitely should if you’re looking for results.

After all, images are far better at generating revenue than text alone, and that’s especially true for e-commerce sites. Most people remember up to 80 percent of what they see but only 20 percent of what they read, meaning that in terms of branding and sales, images are significantly bigger movers and shakers than bulk copy. And if that fancy fact doesn’t impress you, try these on for size:

  • Articles with images get 94% more total views
  • In an e-commerce site, 67% of consumers say the quality of a product image is “very important” in selecting and purchasing a product
  • In an online store, customers think that the quality of a product’s image is more important than product-specific information (63%), a long description (54%) and ratings and reviews (53%)

That’s why you should be putting a heavy emphasis on your images, if you’re not already, and that’s also why we’ve compiled a list of 6 hacks that will help you maximize the impact of those images.

Don’t miss: 5 More Time-Saving WP Image Plugins

#1. Sharpen Resized JPEGs

You may already know that you should be resizing your images before you upload them, but here’s one tip they may not tell you in WordPress 101: You can actually sharpen your resized JPEG images while they’re uploading. Why is that helpful? Well, if you recall, “The quality of a product image is very important in selecting and purchasing a product.”

Here’s an example of the difference between sharpened and unsharpened images in WP:


Stackexchange has a guide (and code) you can use to sharpen your images, which can be found here.

#2: Link Images to Categories

Navigation is an important part of a site, and that goes double for e-commerce. If you want to improve your site’s searchability, consider leveraging your category page in place of a traditional drop-down menu. This case study from Body Ecology showed a 56% increase in revenue by doing just that.

If you, too, want to use a dedicated category page, consider giving each category its own image to help boost its effectiveness. A plugin like Taxonomy Images should do the job nicely.


And no extra coding is involved, so you’ll save plenty of time building out your category pages. WPBeginner has a guide for using the plugin, which can be found here.

#3. Create Dynamic Images

Sometimes you might want to get a little jazzy with your images, and a good way to do that is by including hovers or rollovers. A lot of designers or developers code dynamic images into the site by hand, but if you have WP you might consider using a plugin like WP Visual Slide Box Builder (or WooCommerce Image Hover for your product images), which allows you to quickly and easily create rollover images to impress your users.

When it comes to images, the details matter, too. If you want a way to include dynamic images while also adding an extremely helpful feature to your product pages, WooCommerce also has an Image Zoom plugin so that people can see your products more clearly when they click on it.


#4. Add OG Protocol for Social Media Images

If your site sells some cool stuff, chances are that users will be sharing your rad products on social media. That’s great news for you, but only if what they’re sharing looks as professional as your site. You don’t want your product images being blurry or squished when they appear in people’s Facebook news feed. That’s where Open Graph (OG) Protocol comes into play.

Social networks like Facebook, LinkedIn, Twitter, and Pinterest automatically pull information from your site when someone shares your product page (or homepage). That info – which includes your page’s title, the URL, your description, and most importantly, your images – is snagged using OG Protocol, and you want to make sure that it’s grabbing the right info and images.

One way you can do that is by using a plugin like WooCommerce SEO. Torque Mag has a pretty simple walkthrough of the process that you can find here. You can also manually add OG Protocol to your headers (walkthrough found here).

#5. Overcome Image Blocking with Alt Text

Another thing you may not know about is image blocking, which is a setting in most email clients that allows users to block certain images in their email messages. Even if you don’t send your emails directly through your WP site, you can still hack your images to prevent image blocking from happening to your users.



You’ll want to make sure that all of your images include alt text (not to be confused with your image title) and that it’s styled properly to ensure that all of your images are email-friendly.
Litmus has a guide to adding the right alt text as well as other tips and tricks for avoiding image blocking, which you can find here.

#6. Give Your Images All the Feels

Okay, okay. This isn’t necessarily WP specific, so maybe consider it a “bonus” hack and try not to get too mad about it.

Optimizing your images isn’t just about making mediocre pictures look their best. It’s also about choosing good images from the start so your “optimization” time is minimal. So what makes a “good” image, exactly? Well, images that create an emotional connection are a great place to start.

Speaking about a site in general, you’ll want images that are clean, well-framed, and well-lit (more on that here). More specifically for e-commerce sites, it means not only using still life photos of your products, but also incorporating action shots of the product being used in everyday life. Timbuk2, for example, shows their bags alone but also being carried by a real live human being.

You can also encourage people to upload content of their own to create a sense of belonging. Amazon, for example, allows users to upload their own product photos in the review sections of each product page (WooDiscuz plugin does the same thing).

Basically, the more emotive and interactive you can make your images to start with, the more “optimized” they will be in the long run, whether you follow any of the other hacks on this list or not (but we hope you do).

Here are 5 other time saving WP image plugins you should check out.
written by
Why I Stopped Managing My Own WordPress Server
21 Jan

picture of baby and meme about bad hosting

Managing my own server used to keep me up at night. I was constantly worried; about the software, whether all of my tools were up-to-date; what to do if something went awry (which happens with technology, because, well, it’s technology).

At the time, I was building Saucal, yet there I was managing a WordPress server, fighting fires, and wasting valuable time on tasks other than designing killer sites for you. It was a headache, and made it challenging to focus on building and running a business and serving you, our customers.

At Saucal our goal is to design stunning websites, that help you build your business and attract new customers. Playing firefighter with server management made that promise hard to deliver on.

Then one of our clients was hacked and I stayed up all night fixing it. That was the the last straw. I vowed not to self-manage my server again, and I immediate sought a better way.

We found WP Engine after some shopping around, and WP Engine’s managed WordPress hosting platform was a perfect fit.

And since we moved to WP Engine, we’ve noticed a huge difference, not only in the time saved by no longer grappling with service management, but in the performance of our customers’ sites.

WP Engine is a WordPress expert. You won’t find that anywhere else. Other platform providers simply say they know WordPress, where WP Engine knows it inside and out. WP Engine is a WordPress specialist, not a hosting generalist. That shows in the amazing support we’ve received from WP Engine over the more than two years we’ve hosted our site and several customer sites on the platform.

Along with incredible support, the user experience is top-notch. We use staging to design sites before pushing them live, so we can test them and ensure they’re perfect before deploying. And we get peace of mind from automated and on-demand backups, which enable us to restore our work to any point we choose. All that and a simple and intuitive UI, makes adding customers and additional staff to access the a WordPress install a breeze.

If you’re anything like me, you saw site migrations as a necessary evil. You hated them, but they needed to be done, despite the time, complexity, cost, and overall hassle. They took hours. WP Engine put an end to that, however, with the Automated Migration plugin, which in just a few clicks automatically migrates a WordPress site to WP Engine’s platform. We’ve gotten migration times to between five and 10 minutes—really just the setup time–which allows us to onboard more customers faster, and focus on what we do best: building beautiful sites.

And unlimited transferable developer installs eliminate additional host costs so we can work on any number of client sites we want. This saves us a bundle, lets us scale, and gives us the freedom to experiment.

WP Engine saves us time and money, and boosts our dev team’s morale. The platform works out of the box without any of the headaches.

I am now free to focus on building Saucal’s business and serving you, our customers, without having to worry about hosting. We can do what we do best: building and creating amazing, revenue-driving sites for you. We can focus on you and your success.

And on top of all that, we haven’t had any more hacked sites. We are confident that our sites and your sites are safe.

Emergency! A plugin is breaking my site!
21 Aug

As WordPress developers, we’re not strangers to plugins issues, and we’ve encountered several situations where a site went down completely because of them, or at least WP-Admin did.

How can you disable a plugin if you don’t have access to WP-Admin? Easy! Just go in through FTP and rename the folder/file of the plugin. Enter WP-Admin (you’ll be able to do so now) and go to the plugins page, where you’ll see a message saying that ‘Plugin X’ has been disabled because the file does not exist. After this, you can rename the plugin folder/file to its original name.

Of course, before doing this, you need to identify the source of the issue via error logs or some other means!

This can be done easily using WP-specialized hosts like WP Engine, which we recommend wholeheartedly because they fix most of the issues presented in this awesome post by Mitchell Callahan.

Cheap Hosting is a Bad Idea
11 Mar

Cheap Hosting Did This To Me

More often than not, I’ll get a client who thinks $35-$200 a month for hosting is too much. Instead, he or she opts for the “insert major hosting company here” special of the day for $2.95 a month. They walk away thinking they got the deal of the century and they’re the next Zuckerburg with their brand new, shiny website.


1. They realize that WordPress doesn’t update itself.
All open-source content management systems (CMS) require updates. This is because security flaws are patched, and new features are released. Not doing these updates can leave you prone to hackers.

2. What do you mean my website got hacked?
Yes, this happens. Actually, it happens a lot. I’ve had several of my websites get hacked. As a result, we keep several mirrors on our server. We also back up our sites to a secondary server, just in case.

Here’s an exercise for you:
a. Do not update WordPress for several months and let it get hacked.
b. Call your cheap hosting company and ask them how to fix it.
c. Realize there is nothing left for you to do but rebuild your site from scratch.

3. Cheap hosting is like sharing your internet connection with an entire city.
If you’ve ever used a website that required a database (WordPress) on a shared hosting environment, you know what I mean. There is no limit to how many sites can be hosted on one server. So, what happens is sometimes your site just.. never loads, it times out. Watch your SEO score go down the drain and have all potential customers bounce. Not fly.

Let’s talk Hosting:

There are 3 types of hosting. Let me bring back the “sharing internet” metaphor.

1. Shared (cheap) Hosting – this is like sharing your internet connection with an entire city. There are no restrictions on how many websites can be hosted on one server. They often get overloaded.
2. Virtual Dedicated – this is sharing your internet connection with an apartment building. You get a certain amount of disc space allocated to you. You share the RAM and CPU with other users.
3. Dedicated – this is like having your own internet connection. This is your own computer, to use all to yourself.

What You Need to Know

Managed vs. Unmanaged – when your server is unmanaged, you worry about patches and updates. With a managed server, the updates are all done for you.

WP Updates – WordPress needs to be updated. Sometimes a WP update can leave your website malfunctioning. When you have a good host, they will test and correct these issues for you. Often, your higher costs associated with good hosting will be made up in savings as you will not have to pay your web developer when your site goes awry.

Speed – You will lose a visitors attention if your site takes too long to load. Furthermore, slow load times hurts your SEO score. Don’t risk it.

Malware scanning – this is basically an antivirus software on your server.

What Your Host Needs to Know

There are other things you should know about your servers, such as:

Cage – is your server housed inside of a cage?

Power source – is there a backup power source?

Metered – are there restrictions on data transfer?

Connection Speed – 100 Mbit, 1000 Mbit, etc. This will determine the speeds of data transfer.

CDN – A CDN is putting a mirror, or cache of your server on other servers around the world. This decreases your load time. For example, if I host Saucal.com in Canada, but we get a whole bunch of fans in Japan – the website will load slower due to latency. As a result, we copy our server content to a computer in Japan. This means our fans in Japan get ultra quick load times and we’re all happy.

Firewall – there are software and hardware versions. You should have both.

Would you like to learn more about hosting? Contact us.

6 Must Have Plugins When Starting A WordPress Blog
07 Mar

WordPress Plugins

1. Search Engine Optimization

The default settings in WordPress are great for SEO, however to knock it out the park, you need to modify your title tags, page descriptions and more. The two best plugins I’ve used are:

SEO Ultimate
WordPress SEO by Yoast

2. XML Sitemap Submissions

This is included with WordPress SEO by Yoast. If you’re not using that plugin, I recommend:

Google XML Sitemaps

Google XML Sitemaps has recently been disallowed by WP Engine, so they recommend Better Google XML Sitemaps instead.

3. Cloud Backup

Saving a copy of your website outside of your primary server is essential. Quick restores are helpful, too.

WordPress Backup to Dropbox is free and it works well, however there is no quick restore option.

A paid option is BackupBuddy. BackupBuddy is as seamless as WPB2DB and it also includes and great tool for restoring your site, or moving it to a new server.

My only problem with BackupBuddy is that if you backup to Dropbox, it requests permission to your entire Dropbox folder. As I am unwilling to share that much data with a 3rd party, it’s a turn off for me. WPB2DB, on the other hand, only requires access to a sub-folder that it creates to store your backup.

4. Social Sharing

As sharing on social media is integral to your SEO score, you need to have the option to share your posts easily available. I recommend using:

ShareThis or,
Jetpack by WordPress.com

ShareThis is a great tool and it’s easy to get started. You will have to sign up for an account with them.

JetPack is built by the WP team, so it’s also a seamless integration. This will require an account with WordPress.

5. Commenting

The native comment system in WordPress is prone to spam (as any WP user will know).  Avoid buying spam plugins by requiring people to comment via Social Media.  This allows people to follow their comments and they don’t need to sign up for a WP account.  The best right now are:

Jetpack by WordPress.com

6. Analytics

You need to know how many people are visiting, what they like to look at and where they exit your site.

Google Analytics for WordPress

Google Analytics is free (awesome). HubSpot is for more advanced users and goes far beyond basic analytics and is for marketing professionals.