WordPress 4.7.2 Security Update


We have an update from the WordPress team and WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. It’s great to see another update addressing some fairly serious security issues. This is a good sign of well-maintained software. Kudos to the team over at WordPress.

WordPress versions 4.7.1 and earlier are affected by three security issues:

  1. The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive.
  2. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo).
  3. A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team.

Download WordPress 4.7.2 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4 look at more info.7.2.

UpdraftPlus PHP Fatal error: Can’t use function return value in write context


If you’re reading this, you probably have a dead site and you’re seeing the following error in your logs:

Fatal error: Can’t use function return value in write context in /home/u356894638/public_html/wp-content/plugins/updraftplus/admin.php on line 3855

This is luckily a known issue and something that can be fixed. Unfortunately, the options to fix this are manual and may require more technical understanding than some people have. You can read through the thread on the WordPress Support Forum or just take a look at your options below:

1) Download this file and save on your computer: https://plugins.svn.wordpress.org/updraftplus/tags/1.12.32/admin try this site.php. Then, using a FTP or the file manager in your web hosting control panel, replace the file wp-content/plugins/updraftplus/admin.php with this file:


2) Using FTP or the file manager in your web hosting control panel, remove the directory wp-content/plugins/updraftplus. You will then be able to log into your admin area. Your front-end site will be down until you do so.


3) Use any remote-control panel product that you have connected your site to (e.g. UpdraftCentral, JetPack Manage, ManageWP, etc.) to update UpdraftPlus.


4) Edit the file wp-content/plugins/updraftplus/admin.php in any tool of your choice, and remove lines 3855-3857, which are:

if (isset($settings['updraft_include_more_path']) || UpdraftPlus_Options::get_updraft_option('updraft_include_more_path')) {
$more_files_path_updated = true;


5) Using your web hosting control panel, update your site to use PHP 5.5 or later.

I hope this helps someone – I would highly recommend option #4 if you’re comfortable editing files on your server. Then you’ll be able to update the plugin from within the admin console which will be least risky way to upgrade a plugin.


PHP Fatal error: Cannot redeclare get_avatar_url()


So my last post explaining how to resolve a WordPress issue got some really positive feedback and clicks, so I figured I would share my latest WordPress issue:

PHP Fatal error: Cannot redeclare get_avatar_url() (previously declared in /home/u356894638/public_html/wp-includes/link-template.php:3798) in /home/u356894638/public_html/wp-content/themes/custom_theme/functions.php on line 1: /home/u356894638/public_html/index.php

And in case you’re wondering if you’re experiencing the same problem I did, I should add that this caused my entire site to go down and be blank. I had to look in my Apache logs to find the error being thrown by WordPress. So now that we have the error and the symptoms of the problem, let’s move on to the answer…

As always, I like to says YMMV (your miles may vary), but I was able to resolve the issue by updating my theme (which I built). I had implemented a custom version of the function get_avatar_url which conflicted with the version built into WordPress core. I simply renamed the function and updated the files that used the function and the error went away.

I hope this helps someone. If you’re still having problems or need help, leave a comment and I’ll try to help. But I also recommend checking on the WordPress Support Forum – lots of super helpful and smart people. And if you already host your own WordPress instance or want to start, check out my list of Best WordPress Hosts.

WordPress 4.7.1 Security and Maintenance Update

WordPress 4.7.1

The WordPress team released a new version of WordPress to address security and maintenance issues. WordPress 4.7.1 addresses 62 bugs and 8 security issues. Because of the security fixes, it’s recommended that you update immediately to avoid someone exploiting the vulnerabilities. WordPress 4.7 was released back in December, so it’s nice to see an update within a month that addresses both security issues and bugs. In case you still need a reason to update your installation, here are the security issues fixed with this release:

  1. Remote code execution (RCE) in PHPMailer – No specific issue appears to affect WordPress or any of the major plugins we investigated but, out of an abundance of caution, we updated PHPMailer in this release. This issue was reported to PHPMailer by Dawid Golunski and Paul Buonopane.
  2. The REST API exposed user data for all users who had authored a post of a public post type. WordPress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API. Reported by Krogsgard and Chris Jean.
  3. Cross-site scripting (XSS) via the plugin name or version header on update-core.php. Reported by Dominik Schilling of the WordPress Security Team.
  4. Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported by Abdullah Hussam.
  5. Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
  6. Post via email checks mail.example.com if default settings aren’t changed. Reported by John Blackbourn of the WordPress Security Team.
  7. A cross-site request forgery (CSRF) was discovered in the accessibility mode of widget editing. Reported by Ronnie Skansing.
  8. Weak cryptographic security for multisite activation key. Reported by Jack.

Release notes can be found here. And for instructions on how to upgrade to WordPress 4.7.1, see Updating WordPress.

And lastly, if your site is powered by WordPress, I highly recommend taking a look at our best WordPress hosting providers to see how your hosting provider stacks up. And if you’re looking for hosting, take a look at the list to find the right host for you.

Fatal error: Class ‘WP_Taxonomy’ not found


One of the great things about WordPress is that it gets updated frequently and unfortunately, one of the dangerous things about WordPress is that it gets updated frequently and can break things. I recently updated to WordPress 4.7 and got the following error in my Apache logs:

Fatal error: Class ‘WP_Taxonomy’ not found in /home/u356894638/public_html/wp-includes/taxonomy.php on line 384

Actually, I should first mention that my site went down and I got a blank screen, so then I went to investigate my logs. After some searching and stumbling across this support thread on the WordPress support forum, the reason for the error seems to stem from not updating my wp-settings.php file. I manually update WordPress and update only the necessary files to make it easier to roll back if there is a problem but I completely missed updating wp-settings.php. Once I updated the file and restarted my server, everything was back to normal. A fairly simple and painless fix but still something that caused me a bit of grief. I hope this post helps someone having the same problem.

And lastly, if your site is powered by WordPress, I highly recommend taking a look at our best WordPress hosting providers.

Happy New Year

It’s a brand new year, so I want to wish everyone a prosperous 2017. At BuildHack, we want to help small businesses, hobbyists and even startups get online and build their digital presence. It’s not easy to start something new, so we want to be there to help make it as easy as possible. If there’s anything we can do to help, please reach out to us on Twitter. Here’s to an amazing year.

How To Check If Your Site Is Mobile Responsive

Am I Responsive

As you should already know, making your site mobile responsive is critical for your users and for your SEO rankings. If your users can’t view your site on their tablets and phones, you’re losing potential users/customers. And if your site isn’t mobile responsive, Google will ding your site which will affect your rankings and prevent you from showing up in SERP results. At a bare minimum, you should make sure you have the following on your site:

<meta name="viewport" content="width=device-width, initial-scale=1">

This means that the browser will try to render the width of the page at the width of its own screen. This prevents the browser on your phone from rendering a zoomed out page that’s barely legible. But, of course, this alone doesn’t make your website mobile responsive. You’ll need to make sure your content is formatted for tablets and mobile devices. If you’re not sure how to do this, it’s typically done through CSS media queries like this one for tablets:

@media only screen and (min-device-width : 768px) {
/* Styles */

If you’re not a CSS guru, this may look like a foreign language so go ahead and ignore it. Hopefully, you’re using a theme which has already taken care of making your site mobile responsive. The next step is to then check to see what your site looks like on different devices. Go to Am I Responsive and enter the URL to your site. You’ll see how your site looks on mobile, tablet and desktop browsers. This doesn’t quite test different browsers like Internet Explorer, Chrome, Firefox, Safari, etc. but it does show what your site looks like at different sizes. If you want check your site on specific operating system and browser combinations, go to BrowserStack to check out your site. There are ways to automate checking or you can just manually check your site. This really depends on how often you’re changing your site and what kind of users are visiting your site (type meaning what devices are they using).

And lastly, but possibly most importantly, you’ll want to make sure Google sees your site as mobile responsive. To do this, go to Google Search Console and use the “Fetch as Google” feature to check your site by fetching and rendering your site on a mobile smartphone. This will show you and let you know if Google thinks your site is mobile responsive.

And now that your site is mobile responsive, go build amazing content and find new users/customers.

Launchaco – Build a Free Responsive Website


Launchaco is a pretty amazing free tool to build a responsive website for your product, startup or business that I found over on Hacker News. It walks you through 4 steps that lets you customize your website and then provides you the HTML and CSS for your website. With the files, you can then upload them to your hosting provider and voila, you have a website. All it takes is walking through 4 steps:

Step 1: Select Hero Template

You have 6 different hero templates to pick from and for each one, you can customize things like the page title, hero text and sub-text, hero image, and call to action (button, email sign-up, Google Play link, App Store link).

Step 2: Select Feature Template

You can have multiple feature sections to showcase different things like products, services or anything else you want your visitors to read. Again, you have 6 differente templates to pick from and you can customize the text and pick from different images to use.

Step 3: Select Social Template

Next you have 6 different social templates where you can provide social proof of who uses your services, your top customers or customer testimonials.

Step 4: Select Footer Template

And lastly, you have your footer template and you have 6 different options to pick from. They range from super minimal (just a couple links and copyright text) to the full kitchen sink with a closing quote, sign-up/email links and social media links.

And once you’ve gone through all 4 steps, you’re done and you have a website that’s ready to launch. And you can skip any of the sections as well, so if you don’t have anything to feature (yet) you can just skip and move on project management tracking software. This isn’t the most feature-rich site but it’s a good starting point. And the best part is that you get a responsive site (great for mobile visitors) and you can organize your content and get Google to start indexing your site.

Social Media for Small Businesses


In addition to creating a website for your business, you should make sure to setup the appropriate social media accounts for your business to attract visitors and hopefully customers. Promoting your business on the right social networks can help attract visitors to your website/business as well as attract followers who can share/promote your business. And it’s important to pick the right social networks for your business. Depending on the type of business, certain social networks are going to be a better match for the type of content you should share and have more potential customers.


Facebook has become the defacto social network for all major demographics. In general, you should have a presence on Facebook. It’s simple to create a Facebook page for your business. The basics of the page should include: location, contact info, company logo, product images. Once you have the basics setup, invite all your friends and family and ask them to share with their friends/family. This will get your page bootstrapped and hopefully will pick up some new fans. Once you have a base, then start posting regularly (but don’t be spammy). You’ll know you’re doing it right if your friend/family start liking and leaving comments on your posts. This means that Facebook is surfacing your content on their feeds and they’re feeling compelled to respond. And once you get posting down, then I suggest you start researching and looking into Facebook ads. Paying for fans, likes and more exposure is tricky and can either be a great channel or a drain on your marketing budget.


Twitter is a great channel if you have a bunch of die-hard fans already and you want to keep in touch and push updates/promos. Setting up a Twitter account is simple and then you can put your Twitter handle in things like email newsletters, signage around your business and even on your website. However, if you’re a new business or have more of a casual fan base, skip Twitter for now. The reason is that Twitter has a lot of noise, bots and spam. From a ROI perspective, you’ll end up spending a lot of effort to get followers (who might not be real) so it would be better to leverage other social networks.


Instagram is a must-have if you’re a business that has a physical and visual product to sell – for example, if you are a restaurant, bakery, clothing designer, jewelry maker or artist, Instagram is an excellent channel to use. And two very easy tactics to jump-start your fanbase are to follow well-known celebrities and like/comment on their posts and when posting your own content, research what hashtags are popular and make sure to use them. And like I mentioned earlier, beg your friends and family to follow your account and to like your posts.


LinkedIn is basically a great network to leverage if you have a business that focuses on selling to businesses or professionals. For example, if you provide consulting services, or sell a product to businesses or you have a product/service that you sell to consumers but think businesses could be a new channel. Unlike other social networks, you shouldn’t spend too much time trying to attract followers on LinkedIn. Your objective should be to setup a presence on the network and get customers to leave positive reviews. These will become great SEO content that Google will index and send new potential customers to your LinkedIn profile.


Tumblr is a great micro-blogging platform that is a great starting point if you don’t have a blog already. Since Tumblr is meant to be short micro posts, this isn’t the platform for a long editorial or guide. However, if you’re a business with visual products, this would be a great platform to post pictures of your products. A great example would be if you’re a restaurant or bakery – everyone loves to see what is being made. It is also great to see pictures of happy customers. Not only will your customers feel connected, but they can also become your advocates and attract more customers. TLDR – if you don’t have a blog already, have things like pithy quotes, product pictures, customer pictures, sign up for Tumblr.


YouTube is pretty well-known at this point and obviously is focused on posting videos. Successful videos that will help attract customers and build your brand include:

  1. Video review of new products/offerings
  2. Video tutorials on how to maximize use of products
  3. Customer testimonials
  4. Video tours of your shop
  5. Video podcast discussing interesting topics


Pinterest is a photo-heavy platform and is meant for businesses that have a lot of photo-worthy content. In addition, because most users leverage “boards” – it’s important to think about themes that users are organizing around. Think of a board that your typical user would have and how would your products/services look in that board. If you’re a clothing and jewelry maker, post pictures that attract these users to pin it to their board.

Google Plus+

Google Plus+ is an interesting platform because in some ways, it’s akin to Facebook but unfortunately doesn’t have the audience that Facebook does. So should you spend a lot of time on Google Plus+? The answer for most businesses is no. However, if you are looking to get more SEO traffic, it has been shown that posting high quality content on Google Plus+ can drive more traffic and help your ranking in Google SERP. So it’s probably worth a weekend of getting a Google Plus+ profile setup. But I wouldn’t advise spending time daily or even weekly on Google Plus+ unless you’re seeing a lot of engagement with your page and content.


WordPress vs Joomla vs Drupal


If you’re starting a website for your business, a personal hobby, your social organization or a portfolio, a content management system (CMS) is a great way to get started. The most popular CMS systems are WordPress, Joomla! and Drupal. Each CMS is used by extremely popular websites such as Forbes, CNN, Sony, Harvard and even the White House. So if each CMS can handle sites like the ones mentioned, what makes one better than another and how do you pick the right one for your needs. The biggest distinction between the different systems are how much do you want to customize and how willing are you to invest into learning and/or paying to have those customizations done. Here’s a quick breakdown of the different systems and how they compare to one another:

Released 2003Released 2005Released 2001
Global Usage
140 Million Downloads63 Million Downloads15 Million Downloads
Install Time
5 Minutes10 Minutes10 Minutes
Best For
Corporate Websites
Small-Medium Sized Websites
Social Networking Sites


WordPress is the most popular and well-known CMS platform that lets you create a website, blog or app. In most cases, WordPress is going to be the best choice. Like the others, it’s battle-tested and can scale to handle large traffic spikes. In addition, it has a wealth of support and experts ready to help (for a price). And if you don’t have deep pockets to pay consultants, there are thousands of free themes and plugins that can get you off the ground quickly. There will be some trial and error with figuring out which theme and plugins are right for you but WordPress makes it easy to enable and test quickly. And speaking of easy, most of WordPress is configuration and WYSIWYG driven so you don’t need to be a technical expert to make changes. It’s more like building your perfect burrito at Chipotle, pick from a menu and over time decide if you prefer the black beans over pinto beans and if the guacamole is worth the extra charge (always a yes for me). So, in summary:

Install difficulty: low

Configuration difficulty: low

Online support/guides: high


Joomla! is another popular CMS platform that lets you create a custom website for things like a company website, e-commerce, community portal or personal website. While WordPress is typically used as a blogging platform, Joomla! is typically used to create more custom website applications. And similar to other platforms, there are themes and plugins available to customize your site. Joomla! is typically thought of as more extensible than other CMS platforms. If you’re a developer or interested in learning how to customize Joomla beyond the typical configuration and WYSIWG editors, you can build on top of the Joomla! Framework functionality such as inventory control systems, data reporting tools, application bridges, custom product catalogs, integrated e-commerce systems, complex business directories, reservation systems and communication tools. Joomla! is a good choice if you have complex needs and have tried WordPress and found it too limiting. Online documentation and support is available but not as abundant when compared to WordPress. And in terms of hiring help, there are going to be far fewer resources familiar and specialize in Joomla!. This is worth keeping in mind if you need help scaling your website in the future.

Install difficulty: low

Configuration difficulty: medium

Online support/guides: medium


And our third CMS is Drupal which provides robust features for building websites with complex security/permissions for large organizations. Like the other CMS systems, there are options for themes and plugins. Developers can customize and build add-ons/plugins but Drupal does have a fair amount of functionality available through configuration. One area that Drupal really shines is the built-in concept of user groups and permissions. This allows you to put people into different groups and give them specific access to different things like what they can modify and what content they can create/update. However, with all the extra functionality the admin interface is more complex and not as intuitive. And compared to WordPress, there are far fewer online guides and tutorials to help you customize your instance.

Install difficulty: low

Configuration difficulty: medium

Online support/guides: low