I plugin di WordPress in esecuzione su ben 36.000 siti web sono stati sottoposti a backdoor in un attacco alla catena di fornitura con origini sconosciute, hanno detto lunedì i ricercatori di sicurezza.
Secondo i ricercatori della società di sicurezza Wordfence, finora sono cinque i plugin interessati dalla campagna attiva fino a lunedì mattina. segnalato. Nel corso della scorsa settimana, autori di minacce sconosciuti hanno aggiunto funzioni dannose agli aggiornamenti disponibili per i plugin su WordPress.org, il sito ufficiale del software CMS open source WordPress. Una volta installati, gli aggiornamenti creano automaticamente un account amministrativo controllato dagli aggressori che fornisce il pieno controllo sul sito compromesso. Gli aggiornamenti aggiungono anche contenuti progettati per ottenere risultati di ricerca vantaggiosi.
Avvelenare il pozzo
“Il codice dannoso iniettato non è molto sofisticato o fortemente offuscato e contiene commenti che lo rendono facile da seguire”, hanno scritto i ricercatori. “La prima iniezione sembra risalire al 21 giugno 2024 e l'autore della minaccia stava ancora aggiornando attivamente i plugin fino a 5 ore fa.”
I cinque plugin sono:
Negli ultimi dieci anni, gli attacchi alla catena di fornitura si sono evoluti in uno dei vettori più efficaci per l’installazione di malware. Avvelenando il software alla fonte, gli autori delle minacce possono infettare un gran numero di dispositivi quando gli utenti non fanno altro che eseguire un aggiornamento attendibile o un file di installazione. All'inizio di quest'anno, il disastro è stato evitato per un pelo dopo la scoperta di una backdoor inserita nella libreria di codici open source XZ Utils, ampiamente utilizzata da, in gran parte per fortunauna settimana o due prima della pubblicazione generale prevista. Esempi Di altro recente catena di fornituraattacchiabbondare.
I ricercatori stanno indagando ulteriormente sul malware e su come è diventato disponibile per il download nel canale dei plugin di WordPress. I rappresentanti di WordPress, BLAZE e Social Warfare non hanno risposto alle domande inviate via email. Non è stato possibile contattare i rappresentanti degli sviluppatori dei restanti tre plugin perché non hanno fornito informazioni di contatto sui loro siti.
I ricercatori di Wordfence hanno detto che la prima indicazione che hanno trovato dell'attacco risale a sabato questo post da un membro del team di revisione dei plugin di WordPress. I ricercatori hanno analizzato il file dannoso e hanno identificato altri quattro plugin infettati da un codice simile. I ricercatori hanno scritto inoltre:
In questa fase, sappiamo che il malware iniettato tenta di creare un nuovo account utente amministrativo e quindi invia tali dettagli al server controllato dall'aggressore. Inoltre, sembra che l'autore della minaccia abbia anche iniettato JavaScript dannoso nel piè di pagina dei siti Web che sembra aggiungere spam SEO in tutto il sito Web. Il codice dannoso iniettato non è molto sofisticato o fortemente offuscato e contiene commenti che lo rendono facile da seguire. La prima iniezione sembra risalire al 21 giugno 2024 e l'autore della minaccia stava ancora aggiornando attivamente i plugin fino a 5 ore fa. Al momento non sappiamo esattamente come l’autore della minaccia sia riuscito a infettare questi plugin.
Chiunque abbia installato uno di questi plugin dovrebbe disinstallarlo immediatamente e ispezionare attentamente il proprio sito per verificare la presenza di account amministratore creati di recente e contenuti dannosi o non autorizzati. I siti che utilizzano lo scanner delle vulnerabilità di Wordfence riceveranno un avviso se stanno eseguendo uno dei plugin.
Il post di Wordfence consiglia inoltre alle persone di controllare nei propri siti le connessioni dall'indirizzo IP 94.156.79.8 e gli account amministratore con i nomi utente Opzioni o PluginAuth.
Interested in creating a newsletter for your WordPress site but not sure how to get started?
With one of the WordPress newsletter plugins from this list, you can set up a fully functioning newsletter without ever needing to leave the comfy confines of your WP Admin.
You’ll be able to do pretty much everything you need to grow a thriving newsletter, including:
Grow your subscriber list
Design emails using flexible editors
Send those emails to some or all of your subscribers
In this post, you’ll learn the main reasons why your site needs a newsletter, in case you’re still on the fence about creating one.
Then, you’ll discover seven of the best WordPress newsletter plugins, along with how they work and what you should expect to pay for each.
Why Your Site Needs an Email Newsletter
There are a lot of benefits to creating an email newsletter, but the biggest one is that it lets you create a direct relationship with your customers that you’re fully in control of.
Connecting with your audience via social media or search engines like Google is a smart strategy and one that most sites rely on.
But with these channels, you’re essentially at the whims of the platform because you don’t control the relationship with your audience. Google can start ranking your site in a lower position at any time and social media platforms can change their algorithms in ways that decrease traffic to your site.
But when you create a newsletter, you always have a way to reach every person who signed up to your list, regardless of what’s happening with Google, Facebook, Twitter, Pinterest, and so on.
Beyond that, newsletters also give you a chance to build a deeper connection with your audience. If someone has taken the time to sign up to your newsletter, you can be confident that they know at least a little bit about you.
This lets you connect with them in ways that might not be possible in a blog post that receives a lot of traffic from first-time visitors.
You can use this closer connection in a ton of different ways. Here are some examples:
Test new products or courses with your newsletter audience before releasing them publicly.
Instantly drive traffic to new content or blog posts without waiting for traction in search engines.
Ask your subscribers for feedback to help you create the type of content that your audience loves.
By helping you control the platform and build a deeper connection with your audience, launching a newsletter is a win-win.
Best of all, with the right WordPress newsletter plugin on your side, you might be surprised by how quickly you can get up and running with your own newsletter.
Best WordPress Newsletter Plugins
Now that you know the benefits of creating a newsletter for your site, it’s time to dig into the best WordPress newsletter plugins for all types of sites…
MailPoet
MailPoet is an all-in-one WordPress newsletter plugin that gives you everything that you need to start sending newsletters right from your WP Admin.
One of the most unique things about MailPoet is that it includes its own email delivery service. This means that you can be confident that your newsletters will make it to subscribers’ inboxes without any additional technical setup.
In contrast, a lot of other WordPress newsletter plugins require you to connect to a separate email sending service to improve deliverability – more on that later!
MailPoet does a lot more than just email delivery, though.
You can create newsletter opt-in forms using the native WordPress editor, including different tactics such as in-content forms, popups, and more.
Once you have some newsletter subscribers, you can easily manage them in unlimited lists, including segmenting them as needed.
Then, you can send them emails using MailPoet’s built-in visual, drag-and-drop builder.
You can either design your emails from scratch or choose one of MailPoet’s pre-made newsletter templates.
Here’s an example of the builder’s interface:
If you don’t want to write every newsletter from scratch, you can also set up automatic newsletters with MailPoet. For example, you could automatically publish a weekly newsletter that includes your latest blog posts. Using MailPoet’s tools, you can dynamically pull in details about your posts (including an excerpt) to handle everything on autopilot.
Here are some other notable features that you get with MailPoet:
Detailed analytics to see how subscribers engage with your newsletters, including clicks, opens, and unsubscribes.
Option to automatically sync WordPress users to an email list.
Other types of automatic emails such as welcome emails and autoresponder sequences.
While you can use MailPoet for any type of newsletter, it makes an especially great option for WooCommerce email marketing because it includes a number of dedicated integrations for WooCommerce, such as sending post-purchase follow-up newsletters or abandoned cart reminder emails.
Price: MailPoet has a forever-free plan that lets you send up to 5,000 emails per month to up to 1,000 subscribers. After that, the paid plans start at just $10 per month for unlimited emails and up to 500 subscribers. Prices go up based on the number of subscribers that you have.
Newsletter Glue
Newsletter Glue is a premium WordPress newsletter plugin with a fairly unique approach.
Rather than offering a separate email builder like many other tools, Newsletter Glue lets you create your newsletters using the native WordPress editor, which makes it an especially good option for more long-form newsletter content (as many custom email builders are more focused on visual design than text formatting).
It also gives you some special blocks to use in your newsletters, such as embedding blog posts, including author bylines, and more.
There are two primary ways that you can create and publish newsletters with Newsletter Glue:
You can publish blog posts straight to your newsletter right from the blog post editor. This approach can be very convenient if you publish the full text of your content via both the blog and your newsletter. It’s similar to the approach that Substack uses, but you get a lot more flexibility than Substack because you still own your platform.
You can create separate newsletters using a separate interface (still powered by the native editor). This approach is handy when you want to send unique content to just your email subscribers.
Other notable features include the following:
Option to create newsletter templates using block patterns.
Subscriber opt-in forms that you can add anywhere on your site.
Option to publish a newsletter archive on your site.
One important thing to understand with Newsletter Glue is that it does not include its own features for managing subscribers and actually delivering emails to those subscribers.
Instead, it works by connecting to a separate email marketing service. Currently, it supports the following services, though the developers regularly add new integrations:
Mailchimp
MailerLite
Mailjet
Moosend
Sendy
SendGrid
Even though it relies on a third-party email marketing service, you’re still able to create and publish newsletters without needing to leave your WP Admin.
Price: Newsletter Glue only comes in a premium version, which starts at $99. You’ll also need your email marketing service, which might cost some additional money depending on the size of your subscriber list and the number of newsletters that you send each month.
The Newsletter Plugin
As the name suggests, The Newsletter Plugin is a popular plugin that helps you create and manage newsletters without leaving your WP Admin.
You can do everything, from creating newsletter opt-in forms to managing your subscribers and then sending them emails.
To design your newsletter emails, you get a visual, drag-and-drop builder interface. It includes general content elements as well as some special elements to insert GIFs, your latest blog posts, and more.
Other notable features in The Newsletter Plugin include the following:
Automation tools to send automatic roundups of your latest content, as well as autoresponders.
Analytics to track engagement with your newsletters.
Integrations with other form plugins and popup plugins to use them to grow your newsletter list.
Option to geotarget newsletter subscribers based on their physical locations.
One important thing to note is that The Newsletter Plugin does not include its own built-in email sending service.
If you want to be confident that your newsletters will make it to subscribers’ inboxes, you’ll need to connect it to a third-party email sending service. It supports generic SMTP connections and also has API integrations for some sending services, such as SendGrid, Amazon SES, and Mailgun.
Price: The Newsletter Plugin has a free version at WordPress.org with basic features. For more advanced features, the premium version starts at $96. You’ll also typically want a third-party email sending service, which might cost some money depending on the number of emails that you send each month.
SendPress Newsletters
SendPress Newsletters is another WordPress newsletter plugin that lets you manage all of your newsletter efforts without leaving your WP Admin.
You can manage unlimited newsletter subscribers and send them emails using a simple newsletter editor interface.
The interface isn’t quite as flexible as the custom interfaces from MailPoet or The Newsletter Plugin (or the native WordPress editor, as Newsletter Glue handles things), but it should work fine for most newsletters, especially if you’re mainly sending text emails.
Beyond sending emails, SendPress Newsletters can also help you grow your newsletter list with subscription widgets or custom forms.
Here are some other notable features that you get with SendPress Newsletters:
Analytics to track opens, clicks, and unsubscribes.
Option to schedule email sending, including throttling sending numbers to avoid hitting your email sending limits.
Automatic bounce handling for bounced emails.
Like The Newsletter Plugin above, the core SendPress Newsletters does not include its own email sending service. However, the free version does have full compatibility with the Post SMTP plugin so that you can connect to a third-party SMTP email sending service.
With the premium version of the plugin, you also get direct API integrations for email sending with Mandrill, SendGrid, Mailgun, and Elastic Email. If you purchase the higher-tier Pro services, there’s also an option to use the developer’s sending service.
Price: SendPress Newsletters has a free version at WordPress.org with basic features. For more advanced features, the premium version starts at $39 for core Pro features or $99 for the Pro services. You’ll also typically want a third-party email sending service, which might cost some money depending on the number of emails that you send each month.
Newspack Newsletters
Newspack Newsletters is a free WordPress newsletter plugin from Automattic, the same team behind WordPress.com.
It uses a similar approach to the Newsletter Glue plugin above, in which you’re able to create your newsletters using the native WordPress editor and its blocks.
To design your emails, you can use most core editor blocks, including Columns, Group, Button, and more.
The plugin also adds some of its own special Newspack Blocks to help you insert excerpts from live blog posts in your newsletters.
Other notable features include the following:
Ad management and ad insertion in newsletters. You can save ads/sponsors in their own interface to easily reuse them across multiple newsletters.
Send test emails to see a real example of your newsletter before sending it to your audience.
While Newspack Newsletters lets you create and send newsletters directly from your WP Admin, you will need to pair it with a third-party email marketing service for list management and email delivery. Currently, it supports the following services:
ActiveCampaign
Campaign Monitor
Constant Contact
Mailchimp
Price: Newspack Newsletters itself is 100% free. However, remember that you’ll need to pair it with one of the supported email marketing services, which might cost some money depending on the size of your subscriber list and/or the number of emails that you send.
AcyMailing
AcyMailing is another popular option that lets you fully manage your newsletters right from your WP Admin.
It can help you create subscription forms and widgets to help you grow your newsletters and then you can organize unlimited subscribers into one or more lists.
To design your newsletters, AcyMailing comes with its own custom visual, drag-and-drop editor. This editor lets you easily set up simple multi-column layouts and add different templates of content.
You also get tools to dynamically insert your latest blog posts in your newsletter.
You can either manually send out newsletters or set up automatic emails, such as a weekly digest of your latest blog posts.
Other notable features include the following:
A/B testing to find the best email copy.
Analytics to track newsletter engagement, including opens, clicks, and unsubscribes.
WooCommerce integration to include products in your newsletters.
AcyMailing does not offer its own built-in email sending service. However, it does support any generic SMTP sending service, as well as direct API integrations for popular sending services including Amazon SES, SendGrid, Mailgun, and others.
Price: AcyMailing has a limited free version at WordPress.org. For more features, the premium version starts at €29. You’ll also typically want a third-party email sending service, which might cost some money depending on the number of emails that you send each month.
Noptin
Noptin advertises itself as a “simple newsletter plugin”, which is a pretty good explanation of what it offers.
It might not match other WordPress newsletter plugins in terms of the sheer number of features, but it does give you a simple, lightweight way of sending newsletters to your subscribers, especially if you’re mainly focused on text-based newsletters.
To start, Noptin can help you create optin forms to grow your newsletter lists, using different tactics such as popups, in-content forms, and more. You can also add a newsletter opt-in box to existing areas of your site, such as the user registration form, comment form, or WooCommerce checkout form.
Once you have some newsletter subscribers, you can use Noptin’s lightweight text editor to send them emails.
Noptin does not offer a visual, drag-and-drop builder. Instead, you’ll use the TinyMCE text editor, which is the same editor that WordPress used in the past before switching to the new block-based editor.
This editor works great for adding text and images, but it won’t give you as much control over the layout and overall design.
Other notable features in Noptin include the following:
Send automatic new post notifications to subscribers.
Integrations with popular form plugins to use them to grow your lists.
Sync WordPress users as subscribers.
Schedule emails to send at certain times.
Noptin does not include its own built-in sending service or any direct API integrations with sending services. However, it is compatible with any WordPress SMTP plugin. So you can install a separate SMTP plugin like Post SMTP and use that to connect to a third-party email sending service.
Price: The core version of Noptin is available for free at WordPress.org. You can then purchase individual add-on plugins or get a bundle of all add-ons starting at $79. You’ll also typically want a third-party email sending service, which might cost some money depending on the number of emails that you send each month.
Email Subscription Plugins vs Newsletter Plugins
If you want to create a newsletter for your WordPress site, you have two general options.
One is to use one of the newsletter plugins above to manage everything from your WP Admin. From creating opt-in forms to sending emails, pretty much everything happens on your WordPress site.
The other approach is to use a third-party email marketing service such as Mailchimp, Constant Contact, ConvertKit, and so on.
For this second approach, you might want to consider an email subscription plugin instead of a newsletter plugin:
Email subscription plugin – these let you create email opt-in forms that send subscribers’ information to your chosen third-party email marketing service. For example, if you’re using Mailchimp, the plugin might help you create opt-in forms that add people to your Mailchimp list (but you would still need to send emails from Mailchimp’s interface).
Newsletter plugin – these let you send emails and manage other newsletter details right from your WP Admin.
If you’re interested in this email subscription plugin approach, you can typically find dedicated plugins to connect to your chosen third-party service. Here are some examples:
MC4WP (Mailchimp for WordPress)
Contact Contact
ConvertKit
Tips for Getting the Most from Your WordPress Newsletter Plugin
To finish things out, here are two general tips for getting the most from your newsletter, regardless of which newsletter plugin you choose.
Experiment With Different Newsletter Opt-In Forms
Having the ability to send email newsletters is only part of the puzzle – you also need some actual subscribers!
To help you grow your newsletter lists, most of the WordPress newsletter plugins above include features to help you create various types of opt-in forms.
In order to use these features most effectively, you’ll want to consider experimenting with different placements.
For example, you could see if using a popup gets you more signups than using an in-content form. Or, you could experiment between using an opt-in form in your sidebar and one at the end of a blog post.
If you feel limited by the built-in opt-in features in your chosen newsletter plugin, many of the plugins above also integrate with third-party tools.
For example, many of the popular email opt-in plugins offer dedicated integrations for the MailPoet plugin above. You could use these plugins to collect subscribers and automatically add them straight to your MailPoet lists.
Make Sure You Optimize for Email Deliverability
When you click “publish” on a newsletter, the goal is that that newsletter shows up in each subscriber’s inbox so that they can engage with your content.
Unfortunately, email deliverability can be a tricky subject, so that might not always be the case. Emails might end up in spam, not send correctly, or have some other reason for not landing in a subscriber’s inbox.
If you want to feel confident that every newsletter you send makes it to every subscriber’s inbox, you’ll need to make sure that your chosen newsletter plugin is properly configured to maximize email deliverability.
How you do this will depend on the specific plugin that you’ve chosen.
For example, MailPoet includes its own built-in email sending service, which is one of its most notable benefits. If you use MailPoet for your newsletters, you won’t need to mess around with deliverability settings yourself – it “just works”.
Some other plugins rely on integrating with a dedicated email marketing service such as Mailchimp. Examples here are Newsletter Glue and Newspack Newsletters.
As long as you’ve properly set up the integration (which is required for the plugin to function), you can also feel confident that your newsletters will make it to your subscribers. This is because those email marketing services are already optimized for deliverability.
However, the final group of newsletter plugins don’t include their own built-in sending services or rely on email marketing services. Examples here are The Newsletter Plugin, SendPress Newsletters, AcyMailing, and Noptin.
By default, this last group of plugins will send emails using your WordPress site’s server, which can often lead to your emails getting flagged as spam (or not even sending in the first place).
To fix this, you’ll typically need to manually set up an integration with a dedicated email sending service. You can do this using an SMTP plugin or built-in features in your chosen plugin.
Create Your Newsletter Today
Creating your own newsletter is a great way to build a close relationship with your audience and create an evergreen resource that isn’t affected by the whims of Google or social media algorithms.
Once you’ve convinced someone to join your newsletter, you’ll always be able to connect with them in their inbox.
For the easiest way to create and manage your own newsletter, you can use one of the best WordPress newsletter plugins from the list above.
You’ll be able to access all of the important functionality that you need without leaving your WP Admin and you’ll be in full control of your email marketing efforts.
I ricercatori hanno scoperto una nuova ondata di attacchi malware contro i siti Web WordPress, sfruttando le vulnerabilità XSS note in diversi plug-in WordPress per distribuire malware. Gli utenti devono assicurarsi di aggiornare i propri siti con le ultime versioni dei plug-in per evitare la minaccia.
Nuove campagne malware sfruttano XSS in diversi plugin WordPress
Secondo quanto riferito, gli autori delle minacce hanno ideato una nuova campagna malware sfruttando la pratica generale degli amministratori dei siti, lasciando i loro siti in esecuzione con versioni di plug-in vulnerabili. Nella recente campagna, gli aggressori hanno sfruttato diverse vulnerabilità di cross-site scripting (XSS) in tre diversi plugin di WordPress per distribuire malware.
Come spiegato nel loro inviareI ricercatori del team di sicurezza hanno osservato rapidamente lo sfruttamento attivo delle seguenti tre vulnerabilità XSS.
CVE-2023-6961 (CVSS 7.2): Un XSS di elevata gravità che interessa il plugin WP Meta SEO. L'XSS memorizzato ha avuto un impatto sull'intestazione “Referer”, consentendo a un avversario non autenticato di iniettare script arbitrari su pagine Web che verrebbero eseguiti in seguito alle visite delle pagine degli utenti. Gli sviluppatori del plugin hanno corretto questa vulnerabilità con la versione v.4.5.13.
CVE-2023-40000 (CVSS 8.3): Un'altra vulnerabilità di elevata gravità che colpisce il plug-in LiteSpeed Cache. Gli sviluppatori hanno risolto questo difetto con la versione del plugin 5.7.0.1, rilasciata nell'ottobre 2023.
CVE-2024-2194 (CVSS 7.2): Questo difetto XSS memorizzato di elevata gravità ha influito sul parametro di ricerca URL nel plug-in WP Statistics. Ha influenzato le versioni del plugin 14.5 e precedenti, ricevendo infine una patch con la versione 14.5.1
I ricercatori hanno rapidamente osservato un nuovo malware JavaScript che sfruttava questi difetti. Come dichiarato,
I payload di attacco che stiamo osservando mirando a queste vulnerabilità inseriscono un tag script che punta a un file JavaScript offuscato ospitato su un dominio esterno.
Nello specifico, questo malware svolge tre funzioni principali: installazione di backdoor PHP, creazione di account amministratore non autorizzati e impostazione di script di monitoraggio per monitorare i siti presi di mira.
Sebbene gli sviluppatori abbiano adeguatamente correttore tutte e tre le vulnerabilità, lo sfruttamento attivo delle falle in natura suggerisce chiaramente l'ignoranza degli utenti nel garantire tempestivi aggiornamenti del sito. Ora che la minaccia è già diffusa, gli amministratori di WordPress devono garantire che questi Plugin WP (e tutti gli altri in esecuzione sui loro siti) vengono aggiornati con le ultime versioni per ricevere tutte le correzioni di sicurezza.
Gli hacker stanno sfruttando una vulnerabilità nel plugin Dessky Snippets per WordPress per rubare i dati della carta di credito dai negozi online durante il pagamento.
I proprietari di siti web di e-commerce dovrebbero dare priorità agli aggiornamenti, utilizzare password complesse e condurre controlli di sicurezza regolari per proteggersi da tali attacchi.
I negozi online realizzati con WordPress sono sotto attacco. Gli hacker stanno sfruttando una vulnerabilità in un plugin apparentemente innocuo chiamato Dessky Snippets, prendendo di mira le informazioni della carta di credito durante il pagamento. Questo plugin, utilizzato da oltre 200 siti web, consente agli utenti di aggiungere codice personalizzato ai propri siti WordPress.
I ricercatori di sicurezza di Sucuri hanno scoperto che gli aggressori stanno iniettando codice PHP dannoso in siti Web compromessi tramite Dessky Snippets. Questo codice altera il processo di pagamento di WooCommerce manipolando il modulo di fatturazione e aggiungendo nuovi campi. Questi campi acquisiscono dettagli sensibili come nomi dei clienti, indirizzi, numeri di carte di credito, date di scadenza e persino i codici CVV (Card Verification Value) cruciali.
Una tattica particolarmente preoccupante prevede la disabilitazione della funzione di completamento automatico sul modulo di fatturazione. Ciò impedisce ai browser Web di suggerire informazioni inserite in precedenza come nomi o indirizzi, facendo apparire il modulo falso più legittimo agli utenti ignari. Una volta che i clienti ignari inseriscono i dettagli della propria carta di credito, i dati rubati vengono esfiltrati in un URL dannoso controllato dagli aggressori.
Questa campagna sottolinea la necessità fondamentale di una solida sicurezza dei siti Web, in particolare per le attività di e-commerce. Ecco alcuni suggerimenti chiave per gli utenti di WordPress:
Dai priorità agli aggiornamenti: assicurati che il software principale di WordPress, i plug-in (inclusi Dessky Snippets, se applicabile) e i temi siano aggiornati con le ultime patch di sicurezza. Gli aggiornamenti spesso risolvono le vulnerabilità sfruttate dagli hacker.
Password complesse: utilizza password complesse e univoche per tutti gli account WordPress per impedire tentativi di accesso non autorizzati.
Controlli di sicurezza regolari: pianifica scansioni regolari del sito Web per rilevare malware o modifiche non autorizzate. I plugin di sicurezza e i servizi di sicurezza dei siti web possono essere strumenti preziosi a questo scopo.
Implementando queste misure di sicurezza, gli utenti di WordPress, in particolare quelli dell'e-commerce, possono ridurre significativamente il rischio di cadere vittime di questi attacchi di skimming delle carte di credito. Ricorda, la vigilanza è fondamentale per proteggere il tuo sito web e le informazioni finanziarie dei clienti.
Searching for the best WordPress review plugins to start working with reviews on your site?
When it comes to review plugins, there are different approaches you might want to take.
If you’re creating a website for your local business, you might want a way to embed real reviews from sites such as Google, Yelp, or TripAdvisor to create a more authentic, trust-boosting experience for visitors.
On the other hand, if you’re writing product reviews to earn an affiliate commission, you might want a plugin to help you create review summary boxes, complete with the structured data needed to get those eye-catching Rich Results in Google.
In this post, you’ll find the best WordPress review plugins for those use cases and more, neatly divided into categories to help you find the perfect plugin for your specific situation.
Different Types of WordPress Review Plugins
When it comes to WordPress review plugins, there are four broad categories of functionality:
Embed external reviews – you can find plugins to help you embed reviews from external platforms such as Google, Yelp, TripAdvisor, Facebook, and so on. These are helpful if you have a business and you want to embed authentic reviews to build trust with your visitors.
Collect user reviews – you can find plugins to help you collect reviews from your customers on your own site. These can be especially helpful for WooCommerce stores looking to attract more product reviews, but they can also be great for service providers and local businesses.
Write affiliate reviews (review summary boxes) – you can find plugins to help you create review summary boxes for product reviews that you write (e.g. for affiliate marketing). These can help you increase the conversion rate of your product reviews and also add structured data/schema markup to your reviews.
Encourage external reviews – you can find plugins to help you encourage your visitors to leave reviews on external platforms such as Yelp, Trustpilot, and others. This can help you increase your business’s visibility on those platforms and reach more customers beyond your own website.
To help you get more value from this post, the review plugins are divided into those four categories. You can click the links above to jump straight to the relevant plugins or keep reading the complete post to see all of your options.
Plugins to Embed External Reviews (Google, Yelp, Facebook, etc.)
In this first category of WordPress review plugins, you’ll find plugins that help you embed reviews from third-party platforms such as Google, Yelp, Facebook, and so on.
Embedding these reviews directly from the third-party platform adds authenticity and trustworthiness because your visitors can see that they’re legitimate reviews.
As the name suggests, Widgets for Google Reviews is specifically focused on helping you embed Google Reviews in your site.
However, the same developer also offers plugins for most other platforms including Facebook, TripAdvisor, Yelp, Airbnb, and many others. Here are some of the most popular options (but this is not the complete list):
The plugin offers one of the simplest setup processes because it relies on using the freemium TrustIndex service to fetch your reviews instead of forcing you to set up your own connections. However, this means that your reviews will load from the TrustIndex server rather than your WordPress site’s server.
That’s not necessarily a bad thing – it’s just a notable difference between this plugin and other WordPress review plugins.
Beyond its simple setup process, the plugin also gives you lots of options for controlling the style and content of your embedded reviews.
Plugin for Google Reviews is another popular option that helps you embed real Google reviews on your site.
Unlike the previous plugin, it keeps everything on your server. But the “downside” of that approach is that you’ll need to create your own Google Places API key to use it. It’s not that complicated, but it does involve clicking a lot of buttons.
Once you create your API key, you can import reviews for any Google listing, along with controlling the styling and adding filters (e.g. only importing reviews of a certain rating).
While this specific plugin is focused on Google Reviews, the same developer also offers similar plugins to embed Facebook and Yelp reviews.
There are basic free versions for all the review platforms and then you can also purchase a bundle to unlock the premium features for all review platforms.
Social Reviews & Recommendations is a free WordPress review plugin that helps you embed real Facebook reviews and ratings on your site.
You can choose from different layouts such as multi-column grids or sliders. You can also cache the reviews locally to improve performance and eliminate the need to query Facebook’s servers on every page load.
If you want more features, there’s a premium version that adds more display themes, structured data/schema markup for Google rich snippets, and more.
The premium version also lets you embed reviews from other platforms (e.g. Google or Yelp) in the same widget. For example, you could mix and match reviews from both Facebook and Google.
WP Business Reviews is a premium WordPress review plugin that helps you embed real reviews from multiple popular platforms including Google, Yelp, Facebook, and Zomato.
You can embed reviews from different sources separately or mix and match multiple platforms inside the same review display widget. In the screenshot above, you can see reviews from Facebook, Google, Yelp, and Zomato, all mixed into the same widget.
You can fully customize the style and layout of your review widget using a visual interface. You can also manage your reviews from a dedicated dashboard and tag and filter them as needed.
Unlike the previous plugins, there’s no free version of WP Business Reviews. The paid plans start at $49.50 for use on a single site and access to all features.
Plugins to Collect User Reviews On Your Website
While embedding reviews from external platforms can be useful, you also might have situations where you want to collect and display reviews directly on your WordPress site.
This use case is especially common for WooCommerce stores, but you can also use it if you’re selling products or services via other methods.
All of the plugins in this section help you collect on-site reviews from your site’s visitors. Some of them are specifically built for WooCommerce, while others are standalone tools.
As the name suggests, Customer Reviews for WooCommerce is specifically focused on helping you collect more and better reviews for your WooCommerce store.
You can roughly divide its features into two categories:
Review collection – features to help you collect more reviews.
Review enhancements – features to help make your reviews more useful to other readers.
To help you collect more reviews from your customers, the plugin offers the following features:
Send manual or automated review reminder emails.
Offer coupons/discounts in exchange for leaving a review.
Aggregated review forms make it easy for shoppers to review multiple products from one interface (instead of needing to use a separate form for each product).
To help you make your store’s reviews more useful to other shoppers, you get the following features:
Attach images to reviews.
Filter reviews by rating.
Vote on reviews’ helpfulness (and filter by it).
Add a Q&A section where people can ask and answer questions about the product (like Amazon).
All of the reviews that it helps you collect include structured data to help your products get rich snippets in Google’s results
The plugin has a free version that should work for most stores. If you want more features and premium support, you can purchase the Pro version for $49.99 per year.
Unlike the previous plugin, Site Reviews is a standalone review collection tool that you can use to collect and display reviews for any type of content on your site.
This could be reviews of products you sell, services you offer, users on your site (useful for service provider directories), or even just content that you publish. There’s also a free extension that specifically integrates the plugin with WooCommerce, so you can use it for eCommerce reviews, too.
To make this happen, you can assign reviews to various types of content on your site:
Posts, pages, or any custom post type (products, events, recipes, etc.).
Categories or tags.
WordPress users.
You can collect reviews using frontend forms and then display those reviews using blocks or shortcodes. You can also manage reviews from their own dedicated area in your WP Admin.
To help you get rich snippets in Google, the plugin adds proper JSON-LD schema markup to all the reviews that you collect.
The core Site Reviews plugin is free, as is the WooCommerce integration extension. If you want more features, there are a number of premium add-ons that you can purchase individually or as a bundle for €89.
WP Customer Reviews lets you set up a dedicated page on your site to collect reviews from your customers.
Visitors can leave reviews using a simple form, including a title, paragraph text, and star rating. You can also add your own custom fields if you want to collect additional information as part of the review.
You can then display those reviews on your site using shortcodes. In addition to displaying the ratings and reviews, the plugin also adds the proper schema markup so that you can get rich snippets in Google.
In terms of schema markup, it supports both the Business and Product review types, which means you can display reviews for your business as a whole or for individual products/services that you sell.
You also have the option to respond to reviews, including adding those responses to the frontend review display.
Photo Reviews for WooCommerce is another WordPress review plugin that specifically focuses on helping WooCommerce stores collect more and better product reviews.
As the name suggests, one of the key features is that it lets customers attach their own product pictures to the reviews. You can either give them the option to attach pictures or require them to attach pictures – it’s up to you.
However, it also goes a lot further than that and includes other features to help you improve your WooCommerce review system:
Send reminder emails to customers asking them to review their purchased products.
Add frontend review filters such as only showing reviews with pictures, only showing verified purchase reviews, and more.
Send customers a thank you coupon code via email after they leave a review.
There’s a free version that should work for a lot of stores. If you want more features, you can also upgrade to the premium version for $32, which includes lifetime updates.
Plugins to Post Your Own Product Reviews for Affiliate Marketing
These plugins typically help you add review summary boxes, along with structured data/schema markup to help your reviews get those eye-catching rich snippets in Google.
Taqyeem is a premium, but affordable, WordPress review plugin that helps you create stylish review boxes for your product reviews.
Inside the review box, you can share review ratings for various criteria as well as an overall review rating for the product. These review criteria are completely customizable, so you can easily adapt them to any type of product.
You can also fully customize the style of the review box, including the colors and using different review styles (e.g. star ratings vs points).
Beyond that, you also have the option to allow your visitors to share their own comments and ratings. So you could display your own rating alongside user ratings, which can be very persuasive for readers.
Finally, Taqyeem adds the proper schema markup so that you can get the review rich snippets in Google.
Taqyeem costs $29, which includes lifetime updates for a single site.
Ultimate Blocks is a collection of 20+ editor blocks that you can use in the WordPress editor, including a dedicated Review block.
With the Review block, you can create a customizable review summary box right from the editor. You can rate the product based on different criteria and also share an overall rating and summary, along with a call to action to buy the product.
You can also customize the box with different rating styles (e.g. stars or points) and colors.
Most importantly, the Review block includes proper schema markup to help you get the review rich snippets in Google.
If you don’t want to use the other editor blocks in Ultimate Blocks, you can disable them so that only the Review block appears in the editor.
Ultimate Blocks is totally free.
Plugins to Encourage Visitors to Leave Reviews on External Platforms
Finally, this last section showcases plugins that help you encourage your website’s visitors to leave reviews on external platforms (rather than your own website).
This can be helpful for boosting your visibility on those platforms, which is important because a lot of visitors in the “research phase” will go straight to third-party platforms instead of your own website.
Typically, you’ll want to nudge people to leave a review when you’re confident that they’ve had enough time to engage with your product/service and have a good experience.
Starfish Reviews is a freemium plugin that’s specifically built to help you run review generation campaigns and funnels.
The basic idea is that you can ask users how they feel about your product/service on your own site:
If the user responds positively, you can show a prompt asking them to leave a review on your preferred platform (e.g. Google My Business, Facebook, Yelp, etc.).
If the user responds negatively, you can ask them to provide feedback on how you could improve. This can give them a chance to vent to you without leaving a negative public review. It also provides you with valuable feedback that you can use to address those problems and improve your offering.
The free version of the plugin already lets you run basic review generation campaigns.
If you want more functionality, you can upgrade to the premium version to access additional features including the following:
Show multiple review destinations and let users choose their preferred platforms.
Create multiple review generation funnels for different campaigns/locations.
Customize the content of all the text prompts.
View analytics to see overall ratings and review destinations.
If you want the premium features, paid plans start at $47 per month, so it’s more expensive than your average WordPress plugin. Still, the free version should work fine for most businesses.
However, unlike the Customer Reviews for WooCommerce plugin in the previous section, the key differentiator with this plugin is that it helps you collect reviews on external platforms rather than on your WooCommerce store itself.
You can send the review requests via email and invite them to review on 100+ different platforms, including all the big names such as Google, Facebook, Yelp, Trustpilot, and so on.
If you’re worried about collecting negative reviews, the plugin also offers an “intelligent invitation system” in the premium version.
Before directing them to the external system, the plugin will ask for a review. If a customer rates 1-3 stars, it will direct them to your customer support to resolve the problem. But if a customer rates 4-5 stars, it will send them to the third-party platform to share their happy thoughts with the world.
The core plugin is free. However, if you want the “intelligent invitation system”, you’ll need to upgrade to the $9.99 per month plan.
With the various review plugins in this post, you can work with reviews in a ton of different ways.
You might just use a single plugin for your use case. Or, you might combine multiple plugins, such as using a plugin to encourage reviews on third-party platforms and then embedding those third-party reviews on your site to boost authenticity.
If you’ve built your site with WordPress.com and you’re already using a plugin-enabled plan, you can install any of these plugins right now to get started.
Fornire un ambiente sicuro, ad alte prestazioni con estrema affidabilità è essenziale per tutti i nostri clienti di RebelMouse. Utilizziamo solo approcci affidabili e leader del settore per ospitare la nostra infrastruttura. Ciò garantisce la massima stabilità e sicurezza per tutti i dati dei nostri clienti. Ecco solo alcuni dei motivi per cui siamo in grado di mantenere un prodotto robusto che sia anche flessibile.
All'interno del CMS più sicuro del 2024
Perché RebelMouse è più sicuro di WordPress
Abbiamo impiegato anni a costruire il CMS più sicuro del 2024. Piattaforme CMS open source come WordPress e Drupal significano che tutti hanno accesso al tuo codice e ciò significa che il tuo sito web è completamente vulnerabile.
Pensaci: ci sono milioni di istanze di WordPress nel mondo e ogni aggiornamento di sicurezza e aggiornamento delle funzionalità, non importa quanto grande o piccolo, deve essere eseguito manualmente per ogni singolo sito per evitare di violare completamente il codice personalizzato, i plug-in e altro ancora. . Su WordPress, hai bisogno di un plugin per gestire cose semplici, ma quelle attività apparentemente sicure possono mettere a rischio l’intero sito. Ad esempio, a plugin per gestire i link di affiliazione ha dato agli hacker una facile apertura per aggiungere invece i propri collegamenti.
Esempi come questi lasciano le opzioni CMS open source come WordPress costantemente vulnerabili a minacce alla sicurezza. Se gestisci un vero business online, funzionalità facilmente esposte come i plugin sono una funzionalità dell’era del 2005 che ora rappresenta uno dei principali punti deboli del tuo sito. Le minacce alla sicurezza create da plugin obsoleti possono mettere a rischio centinaia di migliaia di siti questa violazione nel 2022 che ha minacciato la sicurezza di 600.000 siti.
Più recentemente, sono stati aggiornati circa cinque milioni di siti WordPress risolvere una vulnerabilità significativa introdotto nel 2012. Jetpack, un plugin WordPress sviluppato e gestito da Automattic, offre una gamma di misure di sicurezza ed è tra i plugin più utilizzati per il sistema di gestione dei contenuti WordPress.
Nel maggio 2023, Automattic ha fatto un annuncio ufficiale relativo al lancio di un aggiornamento critico per la sicurezza. Questo aggiornamento risolve una vulnerabilità che colpisce tutte le versioni del plug-in Jetpack dal rilascio della versione 2.0. Questi picchi costanti e improvvisi negli attacchi non hanno fine, ed ecco perché.
Non preoccuparti mai più della stabilità. Sblocca la pubblicazione a prova di hacker.
WordPress è stato creato per un blogger in pigiama. RebelMouse è progettato per siti Web di alto valore stabili.
Ogni volta che viene annunciata una violazione della sicurezza di WordPress, è necessario apportare gli aggiornamenti corretti uno per uno. Questo perché l’unico modo in cui gli sviluppatori core di WordPress possono correggere difetti significativi all’interno del loro software è distribuire le correzioni agli utenti sotto forma di aggiornamenti del prodotto installati dall’utente.
Infatti, Annunciato WordPress che le versioni dalla 3.7 alla 4.0 non riceveranno più aggiornamenti di sicurezza a partire dal 1° dicembre 2022. Questo perché il compito di mantenere ogni versione aggiornata è troppo gravoso.
Questo non è un problema su RebelMouse. Tutti i nostri aggiornamenti vengono distribuiti rapidamente e contemporaneamente in ogni sito che utilizziamo. Spesso distribuiamo più aggiornamenti su base giornaliera. Mentre molti utenti di WordPress si affidano a società di hosting di terze parti o sviluppatori interni per rimanere aggiornati sugli aggiornamenti della piattaforma, gli utenti di RebelMouse possono stare tranquilli sapendo che gli aggiornamenti importanti vengono gestiti immediatamente.
RebelMouse non è una soluzione per siti Web economici. Siamo una soluzione per siti Web di alto valore che sono altamente performanti e altamente sicuri. È anche il motivo per cui siamo in grado di potenziare alcuni dei siti più veloci del Web con punteggi superiori su Google Segnali Web fondamentali. clicca qui per saperne di più.
La trasparenza è una priorità. I siti della nostra rete si abbonano a a portale di stato che fornisce dettagli aggiornati sulle prestazioni della piattaforma con aggiornamenti in tempo reale.
Stabilità e supporto 24 ore su 24
Utilizziamo solo approcci moderni e affidabili per ospitare la nostra infrastruttura per la massima stabilità. Ospitiamo la nostra infrastruttura in Servizi Web di Amazon (AWS) cloud perché AWS è l'infrastruttura più affidabile, sicura e affidabile al mondo. Abbiamo ottimi rapporti con il personale di AWS e utilizziamo il meglio dei loro servizi.
Tutti i nostri servizi di produzione sono coperti da AWS Ridimensionamento automatico gruppi, il che significa che possiamo dormire la notte senza preoccuparci che qualcosa possa andare storto. Anche i nostri servizi si autoriparano 24 ore su 24, 7 giorni su 7. E anche i nostri servizi stateful, come i database, sono coperti da affidabili soluzioni di backup e failover automatico.
Poiché il team di RebelMouse è presente in decine di paesi, offriamo supporto live 24 ore su 24, 7 giorni su 7. Ciò significa che eventuali vulnerabilità che compaiono non verranno mai lasciate incustodite. Infatti, molti aggiornamenti e patch vengono distribuiti sulla nostra piattaforma in pochi secondi senza alcuna interruzione della rete del nostro sito.
clicca qui per saperne di più sull'infrastruttura di RebelMouse.
RebelMouse offre un tempo di attività del 99,99% con massime prestazioni, stabilità e sicurezza.
Firewall per applicazioni Web
Web Application Firewall (WAF) di AWS è un firewall che aiuta a proteggere le tue applicazioni Web (o API) da exploit Web comuni che potrebbero influire sulla disponibilità, compromettere la sicurezza o consumare risorse eccessive. AWS WAF offre agli sviluppatori RebelMouse il controllo sul modo in cui il traffico raggiunge le nostre applicazioni consentendoci di creare regole di sicurezza che bloccano modelli di attacco comuni, come iniezioni SQL o cross-site scripting (XSS), e regole che filtrano modelli di traffico specifici da noi definiti. Queste regole vengono aggiornate regolarmente anche quando emergono nuovi problemi.
Con AWS WAF, ci assicuriamo che tutti i nostri siti siano protetti contro alcuni degli attacchi più comuni, come definito da Il progetto Open Web Application Security (OWASP). Il progetto è una comunità online che crea articoli, metodologie, documentazione, strumenti e tecnologie disponibili gratuitamente nel campo della sicurezza delle applicazioni web.
Per rafforzare il nostro impegno nei confronti della sicurezza, RebelMouse offre un programma bug bounty. Se ritieni di aver riscontrato un problema di sicurezza sul nostro sito o su uno qualsiasi dei siti da noi gestiti, potremmo ricompensarti per la tua scoperta. Esaminiamo tutti i rapporti inviati e, se concordiamo che si tratta di un risultato valido, pagheremo $ 250 per ciascuno di essi.
clicca qui per ulteriori informazioni su cosa si qualifica come vulnerabilità della sicurezza e su come segnalare un bug.
Un elenco completo di ciò che rende RebelMouse il CMS più sicuro
Servizi Web di Amazon (AWS)
RebelMouse utilizza i seguenti servizi che sono conforme al SOC 1, 2 e 3:
Il CDN di Fastly è certificato ai sensi del Quadro svizzero-americano. Utilizziamo i seguenti servizi Fastly:
clicca qui per saperne di più sul nostro piano di ripristino rapido.
Gestione delle password
Noi usiamo 1Password per gestire tutti gli accessi all'interno dell'azienda.
Autenticazione a due fattori tramite le principali applicazioni di terze parti, incluso Google.
Certificazione SOC2
La certificazione SOC 2 è fondamentale per creare fiducia con i clienti. Non è solo un timbro di approvazione. È un segnale potente che RebelMouse prende sul serio la sicurezza dei dati; stiamo soddisfacendo i requisiti di conformità e ottenendo un vantaggio competitivo dimostrando impegno nei confronti della privacy dei clienti, di una solida gestione del rischio e di un miglioramento continuo. SOC 2 è un gateway per costruire relazioni solide e durature con i clienti che richiedono la protezione dei dati. RebelMouse è orgoglioso di essere conforme a SOC 2 e di offrire ai nostri clienti il massimo livello di sicurezza sul Web.
Pubblica sul CMS più sicuro del Web
Molti editori potrebbero pensare che l'incertezza nello spazio digitale significhi che è ora di raddoppiare il coinvolgimento degli sviluppatori interni per creare un'esperienza del sito che si distingua dal rumore. Ma in realtà è il contrario: è tempo di investire in un team esterno che crei e gestisca la tecnologia per te, così puoi invece concentrarti sulla creazione di contenuti che risuonino con il pubblico nuovo ed esistente.
Il nostro riepilogo dell'infrastruttura potrebbe sembrarti greco, ma va bene. Creiamo insieme qualcosa che non sia solo alimentato da strategie di livello successivo, ma anche da una tecnologia innovativa e stabile. I tuoi contenuti saranno protetti e ottimizzati per una crescita a lungo termine.
Aumenta il livello del tuo gioco WooCommerce con plugin che migliorano le prestazioni.
Gestire un negozio WooCommerce di successo implica molto più che offrire semplicemente ottimi prodotti e un sito Web visivamente accattivante. Come sanno gli imprenditori esperti di e-commerce, la vera sfida sta nel superare gli ostacoli operativi quotidiani, come casse lente, gestione scomoda dell'inventario e coinvolgimento dei clienti poco brillante, che possono soffocare la crescita del tuo negozio e ridurre i profitti. Per prosperare davvero, devi semplificare le tue operazioni e migliorare le esperienze degli utenti.
In questo post, esploreremo cinque plugin WooCommerce essenziali che possono risolvere questi punti critici ed elevare le vendite del tuo negozio WooCommerce a nuovi livelli.
Cos'è WooCommerce?
WooCommerce è un popolare plugin WordPress open source che trasforma il tuo sito web in un negozio online completamente funzionale. Questo plug-in versatile ti consente di vendere prodotti sia fisici che digitali, gestire il tuo inventario con facilità, elaborare pagamenti in modo sicuro e personalizzare il tuo negozio per rispecchiare l'identità unica del tuo marchio. La sua interfaccia intuitiva, combinata con una suite completa di funzionalità e la flessibilità per integrare varie estensioni, rende WooCommerce la scelta ideale per le aziende che desiderano far crescere la propria presenza online.
Se vuoi ottenere un notevole successo con il tuo negozio WooCommerce, ecco cinque plugin indispensabili che ti aiuteranno a costruire il negozio di e-commerce dei tuoi sogni:
1. Pagamento in una sola pagina WooCommerce
Il tasso di abbandono del carrello è stato in costante aumento dal 2014 a livello globale. Negli Stati Uniti, 22% dei consumatori ha ammesso di aver abbandonato il carrello perché la procedura di pagamento era troppo lunga o complicata.
Il plugin WooCommerce One Page Checkout risolve questo problema direttamente. Semplifica il processo di acquisto unendo la selezione dei prodotti e i moduli di pagamento in un'unica pagina intuitiva. Questa estensione può trasformare qualsiasi pagina web in un hub di pagamento.
Caratteristiche principali di WooCommerce One Page Checkout:
Consolida i prodotti selezionati e i moduli di pagamento in un'unica pagina.
Include modelli integrati per elenchi di prodotti, tabelle dei prezzi, ecc.
Offre supporto clienti dedicato per impostazioni, configurazioni e utilizzo.
Installazioni attive: Sopra10.000
Prezzo: US$ 6,59/mese, fatturati annualmente a US$ 79,00
2. Abbonamenti WooCommerce
Woo Subscriptions è un'estensione premium di WooCommerce che ti consente di vendere prodotti e servizi con pagamenti ricorrenti. Che si tratti di club di prodotti mensili, piani di servizio settimanali o pacchetti software annuali, questo plugin supporta una varietà di opzioni di abbonamento. Puoi personalizzare le tariffe di iscrizione, attirare i clienti con prove gratuite e impostare periodi di scadenza regolabili per allineare le tue esigenze aziendali.
Caratteristiche principali degli abbonamenti Woo:
Invia notifiche ed e-mail di rinnovo automatico.
Si integra con oltre 25 gateway di pagamento per pagamenti ricorrenti automatici.
Consente agli abbonati di gestire i propri account, inclusi aggiornamenti o downgrade, in modo autonomo.
Installazioni attive: Sopra90.000
Prezzo: US$ 23,25/mese, fatturati annualmente a US$ 279,00
Il plugin WooCommerce Product Add-Ons ti consente di aggiungere facilmente campi personalizzati alle pagine dei tuoi prodotti per le opzioni di personalizzazione. Supporta tipi di campi come pulsanti di opzione, campi a discesa, input di testo personalizzati e altro ancora. Con questo plugin i tuoi clienti potranno personalizzare i loro acquisti aggiungendo confezioni regalo, loghi personalizzati o messaggi speciali. Inoltre, tutti questi dettagli di personalizzazione vengono visualizzati nella dashboard di backend per l'analisi.
Caratteristiche principali dei componenti aggiuntivi del prodotto WooCommerce:
Consente ai clienti di caricare le proprie immagini, loghi e disegni per personalizzare un prodotto.
Fornisce opzioni per addebitare ai clienti tariffe forfettarie o percentuali per i componenti aggiuntivi.
Offre la possibilità di creare componenti aggiuntivi per più prodotti o singoli prodotti.
Installazioni attive: Sopra90.000
Prezzo: US$ 6,59/mese, fatturati annualmente a US$ 79,00
4.Spedizione WooCommerce
L'estensione WooCommerce Shipping semplifica il processo di spedizione del tuo negozio. Fornisce calcoli delle tariffe di spedizione in tempo reale, genera etichette di spedizione e tiene traccia degli ordini, rendendo il processo di spedizione più fluido ed efficiente.
Caratteristiche principali di WooCommerce Shipping:
Offre tariffe di spedizione dinamiche da corrieri come USPS e DHL.
Ti consente di stampare etichette USPS e DHL direttamente dalla dashboard di WooCommerce.
Include una modalità di debug per una facile risoluzione dei problemi.
Installazioni attive: Sopra800.000
Prezzo: Gratuito
5.Raccomandazioni sul prodotto
Product Recommendations è un plug-in promozionale WooCommerce che migliora le strategie di marketing del tuo negozio. Questo strumento ti aiuta a creare strategie efficaci per upsell, prodotti più apprezzati, nuovi arrivi e altri consigli personalizzati posizionando i prodotti consigliati in posizioni strategiche nel tuo sito. Fornisce inoltre strumenti di analisi approfonditi per aiutarti a valutare l'impatto di questi consigli sul coinvolgimento dei clienti.
Caratteristiche principali dei suggerimenti sui prodotti:
Offre la flessibilità di consigliare prodotti ovunque sul tuo sito.
Viene fornito con modelli pronti all'uso per vari stili di consigli.
Installazioni attive: oltre 20.000
Prezzo: US$ 8,25/mese, fatturati annualmente a US$ 99,00
Massimizza il potenziale del tuo negozio con i plugin WooCommerce essenziali
Gestire un negozio WooCommerce non significa solo mostrare prodotti e attendere le vendite. Si tratta di utilizzare gli strumenti giusti per aumentare l'efficienza e prosperare nel competitivo mondo dell'e-commerce. Dalla semplificazione dei processi di pagamento alla gestione degli abbonamenti e delle spedizioni in modo più efficiente, i plugin WooCommerce che abbiamo esplorato aiutano ad automatizzare le attività essenziali e a liberarti del tempo da dedicare alla crescita. Integrando questi potenti plugin, puoi aspettarti non solo di vedere un miglioramento nelle tue operazioni quotidiane, ma anche di garantire un successo a lungo termine per il tuo negozio WooCommerce. Provali e guarda la tua attività prosperare.
Gli e-store WooCommerce sono stati compromessi da e-skimmer destinati a esfiltrare i dettagli delle carte di credito attraverso una campagna di attacco che sfrutta Dessky Snippets, un oscuro Plug-in WordPress abilitando inserimenti personalizzati di codice PHP che da allora ha accumulato più di 200 installazioni, riferisce Affari di sicurezza.
Nel malware erano incluse una funzione fraudolenta che stabilisce una connessione con il modulo di fatturazione di WooCommerce, che viene poi modificato per includere più campi per consentire richieste anticipate di informazioni sulla carta di credito, e uno skimmer nascosto per carte di credito con funzionalità di tracciamento dei dati POST che attiverebbe la fatturazione. e l'esfiltrazione dei dati delle carte di credito al rilevamento di determinati parametri, secondo un rapporto Sucuri.
Ulteriori analisi hanno anche rivelato la disattivazione della compilazione automatica nel modulo di pagamento falso nel tentativo di eludere meglio il rilevamento, hanno affermato i ricercatori. Le organizzazioni sono state esortate a mitigare le minacce dei siti di e-commerce garantendo patch software aggiornate, monitorando le minacce, integrando solo script affidabili e implementando password robuste, firewall e una politica di sicurezza dei contenuti.
On the hunt for quality WordPress analytics plugins?
If you want to understand how your site is performing, you need data. And to collect that data, you’ll usually want the help of a WordPress analytics plugin.
With WordPress analytics plugins, you can track your website’s performance in detail and more deeply understand user behavior on your site.
Once you have this data, you can use it to…
Optimize the design of your website.
Improve your website marketing strategies.
Create a better user experience.
More closely track return on investment (ROI) for any paid promotion campaigns that you’re running.
Etc.
To help you collect the right data for your WordPress website in the most straightforward way possible, you can use one or more of the plugins in this post – let’s dig in!
18 WordPress Analytics Plugins to Collect Helpful Data
Below, you’ll find 18 different WordPress analytics plugins. Depending on your needs, you might want just one of these plugins. Or, you might want to install multiple plugins to collect different types of data – it’s totally up to you!
1. Jetpack
Jetpack is a feature-rich plugin from the same team behind WordPress.com that can help you set up analytics on your site, in addition to offering a number of other features.
Jetpack can help with WordPress analytics in two ways:
You can access the free WordPress.com Site Stats (even if you’re self-hosting your WordPress site), which gives you access to all the key metrics on your site. The example screenshot above comes from Jetpack Stats.
Jetpack can help you set up Google Analytics tracking for even more in-depth analytics, including eCommerce tracking support. The Google Analytics feature requires the Jetpack Professional plan to use.
As a WordPress.com user, you’re already benefiting from all of the features in Jetpack, including Jetpack Stats and Insights. We’ll talk about this in more depth later on. Or, you can head to the Stats tab in your WP Admin to start viewing analytics data right now.
2. Google Site Kit
Google Site Kit is an official plugin from the Google team that helps you integrate Google tools into your WordPress site, including Google Analytics.
Without leaving WP Admin, you’ll be able to see data including (but not limited to) the following:
Total traffic to your site
Top-performing pages
Bounce rate
Session duration
Acquisition channels (e.g. search vs social media)
User locations
User devices
Overall, if you want to use Google Analytics but you prefer the convenience of being able to see fundamental data without leaving your WP Admin, this is a good one to consider.
Site Kit can also help you view Google Search Console data in your WP Admin, which offers helpful Google search analytics in addition to web analytics. For example, you can see which queries users searched for to find your site.
The Google Site Kit plugin is 100% free and comes directly from the Google team.
3. GA Google Analytics
GA Google Analytics is a straightforward plugin that helps you add the Google Analytics tracking script to your WordPress site and control its behavior.
Unlike Google Site Kit and some of the other WordPress analytics plugins on this list, GA Google Analytics does not let you view data from your WP Admin. Instead, you’ll need to browse your site’s data on the Google Analytics website.
However, GA Google Analytics does give you some useful features for controlling how Google Analytics functions on your site.
For example, you can exclude your admin account (and other admin users) from being tracked so that you don’t pollute your analytics data while you’re working on your site. You can also exclude other types of users if needed, such as excluding authors.
GA Google Analytics has a free version that should work fine for most sites. If you want some more advanced features, there’s a premium version that starts at just $15.
4. MonsterInsights
Like Google Site Kit, MonsterInsights is a WordPress analytics plugin that helps you both add the Google Analytics tracking script to your site and view data without leaving your WP Admin.
When you set up the Google Analytics tracking script, you have the option to enable more advanced types of tracking, such as tracking button clicks or custom dimensions.
You’ll also be able to view lots of different reports right from your WP Admin, including overall traffic, top-performing pages, analytics for individual pages, and more.
If you have a WooCommerce store, MonsterInsights also has a dedicated WooCommerce integration to help you enable Enhanced Ecommerce Tracking in Google Analytics. This lets you see conversion rates, revenue, and more.
MonsterInsights has a basic free version that works fine for general web analytics. If you want more advanced analytics and configuration options, there’s a premium version that starts at $199.
Note – most of the advanced tracking configurations require the premium version.
5. PixelYourSite
PixelYourSite is a WordPress analytics plugin that helps you set up analytics tracking pixels for websites such as Facebook, Pinterest, and more.
If you rely on these social media sites for traffic (or if you’re running advertisements on them), adding these tracking pixels will help you better understand how that social media traffic behaves and converts on your site.
If you’ve created an eCommerce store with WooCommerce, PixelYourSite also offers a dedicated WooCommerce integration so that you can track eCommerce-related events and value.
For example, you could see what percentage of visitors from a certain Facebook ad purchased products, along with the value of those products. That way, you can calculate the return on investment (ROI) from your Facebook ad spend.
You can also set up your own custom tracking events if needed – this applies to all sites, not just WooCommerce stores.
PixelYourSite has a free version that works for basic use cases. If you want more functionality, the premium version starts at $160.
6. Burst Statistics
Burst Statistics is a privacy-friendly WordPress analytics plugin that keeps all of your analytics data on your WordPress site’s server.
The plugin uses a cookieless tracking approach, which means that all of the user analytics data is anonymized.
You can still see important metrics such as overall site stats, page-level stats, user devices, and referrers. But you’re also able to preserve your visitors’ privacy (and avoid the need for a cookie consent banner because Burst Statistics doesn’t use cookies).
If you value this self-hosted, privacy-focused analytics approach, Burst Analytics could be a good option for your site. However, one of the downsides of this cookie-less approach is that you can’t differentiate between new versus returning visitors or analyze visitors’ paths across your site.
Currently, Burst Statistics is 100% free, though the developer might launch a premium version in the future.
7. Download Monitor (File Download Analytics)
Download Monitor is a little different from the other plugins on this list in that it’s not a tool for general web analytics.
For example, maybe you have a recipe blog and you offer downloadable PDF versions of your recipes in addition to the web-based recipes.
With Download Monitor, you could track how many people are downloading each PDF, which would help you understand whether or not your users are actually taking advantage of this feature.
To start, you can track overall downloads. If you allow user registration on your site, you can also get more granular analytics such as the number of download attempts for each user.
Beyond its download analytics features, Download Monitor just generally offers lots of tools to help you manage downloadable files, including the ability to restrict access to downloads and/or charge for access.
8. HubSpot
HubSpot is not just a WordPress analytics plugin – it’s a full-service customer relationship manager (CRM).
If you’re not familiar with what a CRM is, the basic idea is that it lets you store detailed user profiles and information about individual users. You can then use these profiles to improve your sales and marketing efforts.
As part of those user profiles, HubSpot includes detailed web tracking to help you see which pages a person views, which forms they fill out, and so on.
You can then use this analytics data in conjunction with other HubSpot features. For example, you could automatically send a user an email if they visit a certain page on your site.
Overall, HubSpot can be a good option if you want a complete marketing suite that includes web analytics. However, if you just want a standalone analytics tool, that’s not what HubSpot is best for.
The core HubSpot WordPress plugin, CRM, and analytics features are free. If you want more advanced marketing or sales features, you might want to upgrade to a paid plan.
9. Matomo Analytics
Matomo Analytics is a free WordPress analytics plugin that helps you use the open-source Matomo Analytics suite (formerly known as Piwik).
Matomo is an open-source alternative to Google Analytics and one of the most popular Google Analytics alternatives in general.
There are two ways that you can use Matomo Analytics:
You can self-host the software on your own site/server, which keeps all of your data entirely on your own server.
You can pay Matomo to host the software for you.
The free Matomo Analytics plugin offers the easiest way to get started with the self-hosted approach. There’s no need to deal with any configuration – you just install the plugin and you’re ready to start collecting analytics data.
In terms of the depth of analytics, it lets you go as deep as you want, with real-time reports, segmentation, geolocation reports, and lots more.
Overall, if you want an open-source Google Analytics alternative, this is an excellent option for WordPress users.
If you’d rather have Matomo host the software for you, you can integrate it with your site using the separate WP-Matomo Integration plugin.
Header Footer Code Manager is not a standalone analytics plugin, per se. Instead, it’s a useful tool that helps you add analytics tracking scripts from other services to your WordPress site.
You can use it for services such as Google Analytics, Clicky, Matomo, Facebook Pixel, Google Tag Manager, and so on.
Once you have the tracking script from your preferred analytics service, you can add it to Header Footer Code Manager to include the snippet sitewide or only on certain types of content.
Header Footer Code Manager has a free version that should be fine for most sites. If you want more advanced conditional targeting rules to control when/where to add tracking scripts, there’s a premium version starting at $35.
11. Analytify
Analytify is another WordPress analytics plugin that helps you integrate Google Analytics into your site and view the analytics data from your WP Admin.
To start, it can help you add the Google Analytics tracking script to your site. Beyond that, it also includes lots of options to set up more advanced types of tracking including the following:
In addition to setting up those more advanced types of tracking, Analytify also lets you view data and reports from your WP Admin. These reports include sitewide data as well as page-level analytics for every piece of content on your site.
Analytify has a free version that should work fine for many sites. For more features, the pro version starts at $99.
Google Tag Manager itself is a Google service that you can use to implement Google Analytics or other analytics tools on your site.
One advantage of using Google Tag Manager is that you can also pass custom information to your “dataLayer” to collect more detailed analytics.
To help you do this, the GTM4WP plugin includes a bunch of presets to track details such as post/page information, user logged-in status, user role, WordPress site search, and more.
However, using GTM4WP is a more advanced tactic than most other analytics solutions on this list. As such, it might not be the best option for you if you’d prefer a non-technical approach to WordPress analytics.
13. Clicky by Yoast
Clicky is a standalone web analytics service similar to Google Analytics.
With the free Clicky by Yoast WordPress plugin, you can easily integrate Clicky into your site, including setting up a few configuration choices such as excluding WordPress admin users from being tracked.
In general, a lot of users like Clicky because it offers a simpler way to view the core metrics that most WordPress webmasters care about.
So if you feel overwhelmed by the complexity of Google Analytics and just want a simple way to view fundamental data for your site, Clicky could be a good option.
The Clicky by Yoast plugin is 100% free. However, you’ll also need the Clicky service to use it.
Clicky has a free plan that supports up to 3,000 daily pageviews. After that, paid plans start at $10 per month.
14. Fathom
Fathom is a SaaS (software as a service) Google Analytics alternative that emphasizes user privacy.
If you feel a bit put off by the idea of handing your users’ data over to Google Analytics, Fathom could be a good alternative for you.
It still lets you see important data about your site while fully anonymizing all user data. Fathom also doesn’t rely on cookies like most other services, which means you don’t need a cookie consent banner to use it.
While the plugin itself is free, you will need a paid subscription to Fathom Analytics to use it. Plans start at $14 per month for up to 100,000 monthly page views.
15. Beehive Analytics
Beehive Analytics is another Google Analytics dashboard for WordPress that helps you set up the Google Analytics tracking script and view reports from inside your WP Admin.
It doesn’t offer quite as many tracking script customization options as plugins like Analytify and MonsterInsights, but it does offer beautiful reports and charts.
You can see all of the most important information including sitewide stats, page-level analytics, top referrers, top countries, and more.
If you mainly want a way to bring regular Google Analytics data into your WP Admin, that could make Beehive Analytics a good option.
Beehive Analytics has a free plan that should work for most sites. You can also access the premium version via the paid WPMU DEV membership.
16. Statify
Statify is another self-hosted, privacy-focused WordPress analytics plugin that uses a cookieless tracking approach, similar to the Burst Analytics plugin above.
Because it doesn’t use cookies, it keeps your visitors’ data anonymous and also doesn’t require you to add a cookie consent banner.
At the same time, you can still view core data about your site inside your WP Admin, including overall visits, top pages, top referrers, and more.
The plugin specifies that it tracks “page views” and not “visitors”, which is important to understand. You can see which pages on your site have been viewed, but you wouldn’t be able to track visitor-specific information such as the path that a visitor followed across multiple pages on your site.
Statify is 100% free.
17. Koko Analytics
Koko Analytics is also a self-hosted WordPress analytics plugin. However, unlike Burst Analytics and Statify, Koko Analytics gives you the option to choose whether or not to use cookies.
If you leave cookies enabled, you’ll be able to detect full visit paths, along with new versus returning visitors. On the other hand, if you disable cookies, the plugin will only track pageviews, much like those other self-hosted analytics plugins.
Either way, Koko Analytics does not log any personal information about visits, which helps preserve your visitors’ privacy.
Koko Analytics is 100% free.
18. WP Search Analytics
Like Download Monitor, WP Search Analytics is a bit of a departure in that it’s not focused on general web analytics like these other WordPress analytics plugins.
Instead, the plugin focuses on helping you track which terms your site’s visitors search for on your site.
It integrates with the native WordPress search function and stores all of the data on your own server.
While you can also track site searches using Google Analytics, WP Search Analytics has one distinct advantage in that it can also track the number of search results for each term.
Having both pieces of information can provide some very useful insights. For example, you might see that a particular search term is popular but you don’t have any content (or products) covering that term.
Now that you know your visitors are interested in that term, you could create new content to meet their needs.
WP Search Analytics is 100% free.
Other Options to Consider for WordPress Web Analytics
In addition to the WordPress analytics plugins above, here are a few other options to consider when it comes to setting up analytics on your site.
Use the Jetpack Stats and Insights Built Into WordPress.com
Jetpack Stats and Insights can help you view lots of helpful statistics about your site including the following:
Overall views and views for individual pages
Visitors, including views per visitor
Referrers (the page/source where your visitors came from)
Countries where your visitors come from
External link clicks
Downloads
Traffic by author on your site
Video views
You also get a number of helpful insights that can help you dig deeper into your site’s analytics.
For example, you can see your site’s most popular day and hour, how your most recent posts are performing, and more.
Best of all – you don’t need to do anything extra to set up Jetpack Stats and Insights – it automatically starts working as soon as you create your site with WordPress.com.
To access all of this information, you can go to the Stats page in your WP Admin.
Explore Other WordPress Analytics Plugins
While we highlighted 18 useful WordPress analytics plugins above, these are far from the only options that are available.
WordPress analytics plugins help you understand what’s happening on your site so that you can track performance, understand user behavior, and use data to create a better web experience.
If you made your website with WordPress.com, you can already start exploring Jetpack Stats and Insights to learn more about your site without needing to install a separate analytics plugin.
If you’re using the WordPress.com Business plan or eCommerce plan, you can also install one or more of the WordPress analytics plugins above to expand on the built-in analytics capabilities in WordPress.com.
