How to Add Google Analytics to WordPress — 2023 Setup Guide

Using Google Analytics with WordPress provides some incredible insights. You can learn how people engage with your website, where traffic comes from, how visitors interact with content, and what elements and pages are popular with your audience. You can then use this to improve your site design, determine what types of content or products to create, and better target your advertising.  

The good news is that the information Google Analytics provides about your WordPress website is free. But adding it to WordPress can require some time and patience. 

As you’ll learn throughout this guide, manually adding Google Analytics to WordPress is certainly possible, but is often complicated for beginners. It also provides complex analytics and stats that might be way more than you need, especially if you own a small website and just want to discover more information about visitors and traffic sources. 

The focus of this guide is on how to add Google Analytics to WordPress, but we’ll also tell you a bit more about a tool called Jetpack Stats. This alternative generates simple data, charts, and graphs, can be easier to install, and also integrates with Google Analytics if you need. Automattic, the company behind WordPress.com, is responsible for Jetpack Stats, so it’s a great choice for many WordPress site owners.   

Continue reading → How to Add Google Analytics to WordPress — 2023 Setup Guide

Posted in Analytics, Grow | Comments Off on How to Add Google Analytics to WordPress — 2023 Setup Guide

Fake plugin wave affecting WordPress sites

Recently our colleague Joshua Goode escalated to the Security Research team an investigation he was performing on several websites that presented the same indicators of compromise. There were small variations in what the final payload was, but the attack timeline was always the same.

Attack timeline

As Joshua initially pointed out and subsequently confirmed by me, the chain starts with the installation of the core-stab plugin, followed by other additional items. The following timeline depicts one of the many compromised sites we reviewed:

  •  Jan 10, 2023 @ 17:29:49.587 UTC – Core stab plugin upload – /wp-admin/update.php?action=upload-plugin
  • Jan 10, 2023 @ 17:29:52.270 – /wp-content/plugins/core-stab/index.php
  • Jan 11, 2023 @ 02:12:50.773 – /wp-admin/theme-install.php?tab=upload
  • Jan 11, 2023 @ 02:12:57.862 – Classic theme upload –  /wp-content/themes/classic/inc/index.php
  • Jan 11, 2023 @ 03:37:58.870 – Another core-stab install
  • Jan 11, 2023 @ 04:15:06.014 – Installation of a new plugin, task-controller, /wp-content/plugins/task-controller/index.php
  • Jan 11, 2023 @ 08:23:26.519 – Installation of WP File Manager (Unsure if by attacker but this plugin is typical with a lot of malware)

The most common “coincidence” is that all users involved in this attack had their emails listed on at least one public password leak since 2019, which only corroborates the overall findings: the attacker(s) used compromised or leaked accounts to install the malware.

You can find more details on how the core-stab malware works, as well as detailed detection and blocking information for WP security experts, via WPScan.

Testing and validating our Proof-of-Concept for the malicious code.

What to do if my site was infected?

If you find the core-stab plugin installed on your site, the first thing you should do is remove it and then follow these next steps:

  • Change all admin user’s passwords and make sure you’re using multi-factor authentication.
  • Review all WordPress users and remove the ones you don’t recognize (especially the admin ones).
  • Review for unused or unknown themes and plugins and remove anything unnecessary or unknown.
  • Reinstall all your plugins since they may have been compromised.
  • Review your theme for added or changed files that weren’t added or changed with your consent.
  • Reinstall WordPress core files.

Finally, at Jetpack, we work hard to make sure your websites are protected from these types of vulnerabilities. We recommend that you have a security plan for your site that includes malicious file scanning and backups. The Jetpack Security bundle is one great WordPress security option to ensure your site and visitors are safe. This product includes real-time malware scanning, site backups, comment and form spam protection from Akismet, brute force attack protection, and more.

Posted in scan, Security, Vulnerabilities | Tagged | Comments Off on Fake plugin wave affecting WordPress sites

How to Access and Edit the Default WordPress .htaccess File

Every WordPress installation has a selection of “core” files. These are the files behind critical functionality, and one of them is .htaccess. It includes configuration options for your web server. In other words, it’s extremely important.

If you know how to find and edit .htaccess, you can change your site’s permalink structure, set up redirects, increase security for the dashboard, and make many more tweaks. You don’t even need to know how to code if you follow instructions carefully.

In this article, we’ll talk about the .htaccess file and how it works. We’ll show you how to locate, access, and edit the file. Finally, we’ll wrap up with some frequently asked questions.

Continue reading → How to Access and Edit the Default WordPress .htaccess File

Posted in Security | Comments Off on How to Access and Edit the Default WordPress .htaccess File

How to Recover and Restore Your WordPress Site after a Crash

WordPress is an excellent platform for your website. But that doesn’t mean that it’s invincible. If you’re working on your site and encounter a sudden glitch, freeze, or crash, it’s easy to enter panic mode.

Fortunately, there are ways to recover and restore your WordPress site after a crash. Whether you installed a poorly-coded plugin or accidentally deleted a file, you can get your site up and running again by following the right steps.

In this post, we’ll take a closer look at WordPress website crashes and some common causes. Then, we’ll guide you through five steps to recover and restore your site after a crash. Let’s get started!

Continue reading → How to Recover and Restore Your WordPress Site after a Crash

Posted in Security | Comments Off on How to Recover and Restore Your WordPress Site after a Crash

How to Generate Critical CSS in WordPress (2 Methods)

People who visit your website don’t want to wait a long time to see your content. If you don’t optimize your code, render-blocking resources like CSS can contribute to visitors’ perception of slower load times.

Fortunately, you can easily generate critical CSS for your website. By installing a plugin like Jetpack Boost, you’ll be able to extract all the necessary CSS for displaying above-the-fold content. This can be key to making your website appear faster and more user-friendly. 

In this post, we’ll explain critical CSS and why you should consider generating it for your website. Then, we’ll show you two different ways to do this in WordPress. 

Continue reading → How to Generate Critical CSS in WordPress (2 Methods)

Posted in Performance | Comments Off on How to Generate Critical CSS in WordPress (2 Methods)

Restore your site from anywhere with the Jetpack mobile app

Did you know that you can view and restore your site from anywhere with the Jetpack mobile app

The app is the perfect companion to Jetpack Security. With it, you can be reassured that your site is humming along nicely, even while you’re far away from your laptop. Real-time security alerts will empower you to restore your site right from the palm of your hand if ever needed.

Continue reading → Restore your site from anywhere with the Jetpack mobile app

Posted in Jetpack News | Comments Off on Restore your site from anywhere with the Jetpack mobile app

6 Best WordPress Malware Removal Plugins (Paid & Free)

Your WordPress website is the product of countless hours of hard work, so it’s important to keep it secure. One essential part of your security setup should be a robust and reliable malware scanner. An effective WordPress malware plugin will help you quickly identify any malicious software that makes its way onto your WordPress website, and provide guidance on removing it. 

But, with lots of different WordPress malware scanner plugins available, it may be a challenge to determine which one is right for you. To help, we’ve reviewed six of the most popular options and set out some key things to consider when deciding on the best WordPress malware scanner for your website. 

Continue reading → 6 Best WordPress Malware Removal Plugins (Paid & Free)

Posted in Security | Comments Off on 6 Best WordPress Malware Removal Plugins (Paid & Free)

Introducing Blaze — Find new customers by promoting your best content

Building a strong following of readers and customers is hard work. And getting eyes on your content can feel like rubbing two sticks together. 

You know there are people out there who are interested in what you’re building — but how to find them? That’s why we’ve created Blaze. Advertise your posts and pages across millions of sites in the WordPress.com and Tumblr ad network. All it takes is a few clicks, starting from $5 per day.

Blaze has incredible reach: more than 13.5 billion impressions per month from millions of active daily visitors is the spark you need to get noticed. It’s like lighter fluid for your best content.

Continue reading → Introducing Blaze — Find new customers by promoting your best content

Posted in Ads, Features, Jetpack News | Comments Off on Introducing Blaze — Find new customers by promoting your best content
Jetpack 11.7

Jetpack 11.7: Additional Form block enhancements and more

With Jetpack 11.7, we’ve made further enhancements to the Form block, along with several other improvements and bug fixes for a better Jetpack experience.

Continue reading → Jetpack 11.7: Additional Form block enhancements and more

Posted in Releases | Tagged , | Leave a comment

How to View Site Analytics & Stats in Your WordPress Dashboard

If you want to grow your site or business, the ability to review analytics and stats is pretty important. With the right tools, you can learn how many people visit your site, what pages are most popular, where traffic comes from, and other metrics that can help you optimize site performance and create more targeted content for your audience.

WordPress connects with multiple plugins and tools that generate statistics about your website. However, services like Google Analytics are complicated and provide extra data that you don’t always need. 

Jetpack Stats, on the other hand, generates simple data, graphs, and charts about visitors and traffic, making it the go-to plugin to help you understand the basics. 

Continue reading → How to View Site Analytics & Stats in Your WordPress Dashboard

Posted in Learn | Comments Off on How to View Site Analytics & Stats in Your WordPress Dashboard
  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 111,407 other subscribers
  • Browse by Topic