Category Archives: WordPress

WordPress is the #1 tool for building websites. Find out how to get the best from it here.

WooCommerce Vulnerability – Act NOW

This week WooCommerce published a critical update for their WordPress eCommerce plugin with the advice that it is installed immediately.

What is it?

A serious vulnerability had been reported that could allow a ‘bad actor’ to exploit a cross-site scripting bug where a link is manipulated on a page. Anyone clicking on the link (the store / site admin as well as a customer) could be affected. The impact of this could be immense for your store and the wider website. At the time of publishing the update, WooCommerce believe that it had not been exploited (yet), but given the seriousness of the bug they have made this rare emergency announcement.

What to do?

Login to your WordPress Dashboard and got to the Plugins folder. Scroll down to find WooCommerce and check the version number. If you are currently on v8.9.3, then you can relax, you have the critical update installed. If you are NOT at v8.9.3, then you should hit the update link for WooCommerce.

I use an older version of WooCommerce – what should I do?

There are many reasons why a business might have to remain with an older version of WooCommerce. The update has been ‘back-ported’ to include version 8.8.x. If you can, you should update to v8.8.5. If you cannot update to either 8.9.3 or 8.8.5 than you need to manually turn off the Order Attribution option in your WooCommerce settings. If you are using an even older version (8.7.x or earlier) then you should not be impacted. However, why are you persisting with older plugin versions; there are many risks associated with this?

This is all gibberish – I need help!

We fully understand that notices like this can be scary. If you have any concerns over the security of your WooCommerce store or the wider WordPress website, QD Design can perform a security audit and make any changes that are required for you.

Let us take care of your website, so you can concentrate on taking care of your business.

Medal inscribed with 20 years

Happy Birthday WordPress

Happy Birthday to the #1 Content Management System (CMS), WordPress.  On its own, it has far greater coverage than all the other CMS put together.
20 years ago this month, WordPress was born.  A fork from a previous project saw it rapidly take off and become one of the guiding lights of web 2.0.
Starting out as a simple blogging platform, anyone who has had exposure to WordPress since then knows how far it has developed.  Each new version adding more features, additional capability and an improving user interface.
QD Design have followed this development when WordPress became our CMS of choice in 2015. The changes we have seen in 8 years are astonishing; goodness only knows what the future holds for WordPress.
Why should you use WordPress? Good question!  WordPress balances the competing priorities of ease of use with flexibility and capability.  Some CMS tools are easy to use but have limited capability and minimal flexibility in what they can do (yes, Squarespace I do mean you).  WordPress is equally at home powering a personal blog as it is representing a small business or even running a holiday rental platform.
If you are finding your current website platform restricting, talk to us at QD Design about moving to WordPress.
Homepage of Big Role Media

Client Introduction – Big Role Media


Who are they?

Big Role Media are an inclusive media company based in Los Angeles.  Targeted largely at women, Big Role produces multimedia that ‘gives them a nudge to hold their head high, get out there, grab a hold of their dreams, and not let them escape‘. They are multi-talented and write, record and film their own work.

Their requirement

Having had a Squarespace site previously, they wanted to move onto a more capable platform, one that gave them more features, more options, more scope for growth and a greater ability to truly customise the sites to match their ‘brand’.  This was their first experience of WordPress, and like most of us, that first experience was daunting.

WordPress does lots of good things but the “Dashboard” is not one of them. I still remember my first visit shortly after having installed a box-fresh copy of WP, it was overwhelming; I had no idea where to start, what was a Post vs a Page, where images had to go etc. Having spent 16 years successfully crafting sites in html by hand, WordPress’ dashboard seemed like it was more of a hindrance than a help.

Screenshot of the WordPress dashboard
The WordPress dashboard

Big Role Media wanted a ‘magazine’ style site where they could write articles, post video, share audio and generally connect with their audience (and demonstrate their multitude of talents).

What did QD Design do?

We ran an initial WordPress 101 session over Zoom to a) find out what they needed and b) give some pointers on navigating around the Dashboard.

As they began to create content, we suggested and added suitable plugins to offer the functionality they required and began to customise the site appearance by creating a child theme that removed some of the elements that were not needed. We advised them to  streamline the dozens of Categories and hundreds of Tags to a more usable amount and then linked specific Post Categories to certain Pages making it quicker to find the content type or subject matter the visitor was after. We also connected the site to both Google Search Console and Google Analytics so traffic and search health could be monitored.

Lastly, we ran the site through a suite of tests to evaluate site speed, SEO and accessibility (all part of Google’s Core Web Vitals they use to measure user experience of a site).  Where possible, issues that were flagged were addressed through opting in / out of different plugins, resizing media images and deploying a SEO tool. Frustratingly, as a (hosted by WordPress rather than the self hosted type of site), some of the built in and unavoidable tools and plugins were the cause of Core Web Vital problems. C’mon WordPress, why are you building in issues and problems?

The finished article

Whilst no website is ever finished (there is always new content to add, improvements to make and updates to apply), this is how the site looks right now.

Screenshot of the home page of Big Role Media website -

A huge thank you to Bella at Big Role Media for asking QD Design to help with their site. We now have / have had customers in the Middle East, Australasia and now the USA.  Where next?

WordPress Maintenance and Support

WordPress Maintenance and Support

WordPress 5.9 has (eventually) been released. If you are a Gutenberg Block user there are some significant changes and improvements for you here.

If you manage your own site, now is the time to make a full back up of the site and database before updating the Theme(s), Plugins and WordPress itself.

If QD Design looks after and maintains your site, we will be doing this for you over the course of today.

We give you peace of mind that your site is maintained, monitored, secured and backed up 24/7. Want QD Design to manage your site? Give us a call today.

Running your business is a full time job, we get that. Having to look after a website once you’ve got the day job done, can be one task too many for a lot of small business owners. That’s why we offer our WordPress Maintenance and Support packages. We can take care of all of the maintenance tasks, backing up the site, taking care of plugin conflicts – all of the things that you know need to be done but never have enough time in the day to get around to.

Starting from just £15 a month, let us handle your WordPress website so you can get on with what you do best; serving your customers and users. We offer 4 different levels each tailored to your needs.

Give us a call today to find out what we can do for you and your website.

RIP Caldera Forms

So long, it has been good knowing you.

Yesterday (24th March 2021) came the announcement I feared was coming.  My favoured form builder for WordPress and one I’ve used across umpteen sites for all sorts of forms, is being ‘retired’ at the end of the year.

After being purchased by rival form plugin Ninja Forms – who stated at the time that they had every intention of maintaining Caldera Forms as a fully supported plugin – it now transpires that that wasn’t true.  Caldera Forms wasn’t what they expected it to be (or at least the customers and their usage were not) and so they are retiring it at the end of 2021.

If you cannot win customers, buy them.

This story is replicated throughout the history of business and commerce; if you cannot entice your competitors customers to move to you, then simply buy out the competitor and the customer base comes to you.  Once they are ‘your’ customers you are free to do to them whatever you like.  I’ve experienced this with hosting companies, ISPs, software developers to name just a few examples.  In every situation the purchaser says they wanted to buy the business because of the great product or service they provided.  Then, almost without fail, they run down the product, water down the service or reduce the support offered hoping that inertia will keep the customer with them.

I recall many years ago, when starting out as a WordPress user, being disappointed with many of the Form plugins.  Some were (and still are – yes Contact Form 7, I’m talking about you) unbelievably crude and / or limited in what they could do.  It took a while to find Caldera Forms but I was delighted to discover that not only was it endlessly customisable, had every field type you might ever want to use, it also had excellent conditional fields where the choice made in one area would dictate what was show in another.  It was also fully responsive and out of the box could deploy multi-column forms on large screens that shrank down to a single column on a phone-sized screen.  Best of all, this functionality was all available in their free to use product.

What’s the Alternative?

Sadly the search for an alternative has shown that not much has changed with the form plugins that are available.  There is always something missing or only available in the premium product.  One (very well known) plugin had great form field features except for a CAPTCHA field which was only available if you coughed up for the paid version.  So, in essence what the developer is saying is you can use this plugin so long as you don’t mind the deluge of dodgy deals that appear in your inbox.  Another plugin allowed most form field types with the exception of a dedicated Phone field (this being reserved for the premium product).  Few Contact Forms can go without a field to capture the enquirers phone number. Having to pay for such a basic feature is like being asked to pay for doors on your car.

It is said that “change is always difficult”.  In this case it is especially difficult when you are having to move from a tool that met your needs perfectly to a less capable alternative.

I know I’m not alone, Caldera Forms had a wide and loyal following amongst developers and designers who appreciated the flexibility it provided.  Hundreds of thousands of developers who have used it on countless websites are searching for the “holy grail” of form plugins.

So, fellows developers and designers, what are you going to be using instead of Caldera? Leave your suggestions in the comments below.

WordPress under attack (again)!

WordFence – creators of one of the most widely used WordPress security plugins have reported a dramatic spike in attacks on WordPress based websites. This reflects our own findings here at QD Design based on data gathered from the access logs of the various sites we manage on behalf of customers.

WordFence believe the increase is around 30 times the usual volume of website attacks.

Website attacks are, sadly, nothing new. From the earliest days of plain html sites uploaded via creaky File Transfer Programs, ‘bad actors’ have tried to break into other peoples websites.

The popularity of WordPress as a development platform for websites means that it attracts more than its fair share of attacks. Automattic (the people behind WordPress), reckon it is used on around 30% of all websites globally. With that level of usage, it is no wonder that cyber criminals focus upon it (and in particular any known weaknesses within the WordPress environment).

The current threat aims to exploit these vulnerabilities to inject a block of code into a site with the ultimate aim of giving the cyber criminal access and control of the site. With access they could remove your content, replace it with their own or gather data on your membership (should your site have such a feature).

The weaknesses they are trying to exploit are, in the main, well known and in many cases had patches published some time ago.

What to do?

  1. Don’t get too alarmed; website attacks occur all the time (though this current level is considerably higher than normal).
  2. Most importantly – keep your site up to date. The core WordPress file system, the Themes, and any Plugins all need keeping up to date. Updates are pushed out when vulnerabilities are discovered and leaving key components of your website unpatched is opening your site to increased risk of being compromised.
  3. Remove any unused Themes or Plugins. Keeping a stack of old, unused (and probably unpatched) files adds to the clutter in your admin panel. Amongst those deactivated plugins could be one that has been deleted from the WordPress repository because it is a severe security risk. This may be providing an easy ‘back door’ to your site, without you even realising it.
  4. If you don’t use a WordPress security plugin and firewall, it might be time to actively consider it. WordFence (and no I make nothing out of recommending them) make a truly effective plugin that is easy to set up and use.
  5. Consider whether restricting the access to your site by geo-location might give you an enhanced level of protection. The IP addresses of the attacks we have been following can in many cases be traced back to countries well outwith Europe. To be frank, they are exactly the sort of countries you would expect a cyber attack to originate from. If your site provides information and services to an exclusively UK audience, blocking visitors from some of the less desirable locations would prevent them from even accessing the site to try and attack it.


If you have concerns over your WordPress site, have noted activity you are unsure of or need to strengthen your sites security, QD Design can help. Call us on 07718 589338 to discuss any issues you are having or improvements you would like to make.

Stay up to date and stay safe!

WordPress – How to Change the Number of Dashboard Columns

This has been bugging me for weeks.

I tend to use a single decent sized monitor for most of my web design work.  On it, every WordPress install gives me two columns of very large dashboard blocks that makes appallingly poor use of the available space.  So much so that with a number blocks expanded to their full size, much of the information is off the bottom of the screen meaning I have to scroll down for it.  Sort of negates the idea of a ‘dashboard’ if you have to go looking for the info.

I do have one site that for some reason has three columns and it made much better use of the available space.  I wanted to recreate this on my other installs but couldn’t find out how.  I searched every control in the menu structure, looked at the code that drove the dashboard but nothing came up.  How on earth did this one site have three columns and not two?

Prior to WordPress 3.8 there was an option to choose the number of columns present in the dashboard but 3.8 saw this disappear.  Admittedly, there are plug ins that allow you to take control over the dashboard but I’ve discovered something easier, simpler and so obvious I’ve been kicking myself since I found it.

Most browsers allow you to zoom in / out.  On my personal favourite browser – Chrome (and I’m pretty sure it is the same in others too), it is CTRL + / CTRL –
Well, if you zoom out to 90%, such a small change in font size you will barely notice it, it gives just enough room to fit three columns across the dashboard. Voila, everything in view, all at the same time and no need to scroll.

Give it a try. If you have a reasonable amount of space on screen when working on a WordPress site, why not make the best use of it.

How long to set up a shop and sell online?

How long does it take to set up a shop and sell online?

I’ve been asked this question several times in the last week.  When you turn it around and ask the questioner how long they reckon it will take, the answer is usually several hours, if not days.

What if it took less than 30 minutes to set up your own shop and begin selling on line, wouldn’t you do it?  Of course you would!

You design handmade jewelry, knit incredible garments, print custom T shirts or make amazing items of artwork and sell them to friends / family and through local independent shops.

No doubt your customers are delighted with your products and tell all their friends about you. But you are still only tapping into the tiniest proportion of your available market. Unless someone happens to know you / one of your friends or be in that independent shop, they have no chance of knowing about your product and thus making a purchase.

The answer (of course), is to sell online.  However, several conversations in just the last week show that for many people the idea of setting up their own shop is a daunting one, and one they expect to be complex and problematical.

Let me let you into a secret. It isn’t! You could easily have a shop of your own up and running in around 30 minutes.    Here’s how.

1. Assuming you have a website running WordPress, install the WooCommerce plug in. WooCommerce is part of the organisation that builds WordPress itself and it is the biggest (by a long way) e-commerce platform on WordPress.   Not got a WordPress website – no problem. Just about every server can handle WordPress*, it is easy to set up a simple WordPress site, styled to look like your current website and put links to it from the relevant places in your main site.

2. Configure WooCommerce – set up your location, currency, whether it is a physical or downloadable product (e.g. an e book), customise any email confirmations you want the system to send.

3. Download the Payment Gateway plug in of your choice (PayPal, Stripe, Amazon Pay, WorldPay etc) and configure your account.

4. Connect WooCommerce to your chosen payment gateway and link using the provided API key.

5. Create a product to sell in WooCommerce. Ideally with a product description, images, size / colour options etc.

6. Begin selling!

It is as simple as that.  In 30 minutes or so, your reach will have gone from local to potentially global.  What’s stopping you?   You have a great product, why not sell it as widely as possible!

At QD Design we can assist you through the process. From simple advice and guidance, to setting up the WooCommerce platform and Payment Gateway or even building the complete WordPress site to contain it all.

We eat, sleep and breath the web and want to help businesses make the most out of it. Call us for a chat or drop us an email and we will get back to you.

*If your server really can’t support WordPress, we need to talk, urgently!  You are being hosted on a device that may well be compromising your websites speed and thus your position in Google search results (Google hates slow sites and penalises them over faster ones).