Create a Robots.txt File

Posted on by Echo Diaz
Category: Common Fixes | Tags: , , , , ,

A web robot’s primary job is to scan websites and pages for information; they work tirelessly to collect data on behalf of search engines and other applications. For some, there is good reason to keep pages away from search engines.  Whether you want to fine-tune access to your site or want to work on a development site without showing up Google results, once implemented the robots.txt file lets web crawlers know which parts they can collect information.

Create a Robots.txt File

As being one of the first aspects analyzed by crawlers, the robots.txt file can be implemented on a page(s) or an entire site to discourage search engines from showing details about your site. Through this article, we will be providing insight into how to use the robots.txt file as well as syntax needed to keep these bots at bay.

User-agent: *
Disallow: /

 

Let’s break down the code below “user-agent” pertains to the web crawlers and the * sign means all web crawlers. Consequently, the first line grabs attention by saying “Listen up all web crawlers!” We move onto our second line which lets the web crawler know its direction. The forward slash (/) stops the bots from searching all the pages on your site. You can also discourage information collected for one specific page, in this case, it is a map of our building layout. Since the design of our building does not need to searchable, with the command below, I can tell all bots to leave out the index of the buildinglayout.png photo, while keeping it viewable to any guest that want to view.

User-agent: *
Disallow: /buildinglayout.png

 

Contrary, if you would like for all search engines to collect information on all the pages in your site you can leave the Disallow section blank.

User-agent: *
Disallow:

 

There are many types of web crawlers (aka user-agents) that can be specified. Below is a chart of the most popular web crawlers followed by as their associations. Furthermore, you can also instruct these bots to index a certain page by using Allow, as shown in the example below. You can implement these web crawlers within your robots.txt file like so:

User-agent:Googlebot
Allow: /parkinglotmap.png
Disallow: /buildinglayout.png

User-agent and their Association
Mostly, sites don’t automatically come with a robots.txt file (and isn’t required) so you can create one using a text editor and upload the file to your root directory or any other directory.  Luckily, if you use the popular CMS, WordPress and its helpful SEO plugin Yoast, you’ll see a section within the admin window to create a robots.txt file.

Robots.txt File In WordPress

Yoeast SEO Tool Section

 

After logging into your WordPress backend (yourdomain.com/wp-login.php) locate the SEO section and select Tools. After clicking on the file editor link, you see a page that looks similar to the code used in the first of our article.

Wordpress Robots.txt File

 

Our example keeps web bots from WordPress login page, including wp-includes directory while still allowing users and bots to see other pages of our site. Take note of the necessary ending slashes after the directory (but not needed when disallowing pages). After editing select the “save changes to robots.txt” button to activate the robots.txt file.

 

 

The Best Ways to Secure WordPress

Posted on by Jennifer Walsh
Category: Managed WordPress | Tags: , , , , ,

On our Managed WordPress hosting platform, we strive to ensure security with regularly scheduled patches and updates. By utilizing our intrusion prevention software, we mitigate malicious activity and block repeated failed logins for your WordPress admin portal. Furthermore, our web-application firewall, restricts unneeded ports along with custom rules to help protect you on the application level. We take care of the administration work so you can spend more time securing your site. Below our Managed WordPress admins share tested (and trusted) implementations to keep your site locked up tight.

WordPress Security Plugins

iThemes Security

The iThemes Security plugin is a fantastic addition to enhance your security, and it is easy to install.  By adding an extra layer of protection, below is a list of security features that iThemes Security Pro provides.

Click To See iThemes Security Features
    • Banned Users – Allows you to completely ban hosts and user agents from your site
    • Network Brute Force Protection – Banning users who have tried to break into other sites from breaking into yours. The network protection will automatically report the IP addresses of failed login attempts to iThemes
    • SSL – This feature redirects all http traffic to https
    • Strong Password Enforcement – Force users to use strong passwords as rated by the WordPress password meter
    • System Tweaks:
      • Disable Directory Browsing
      • Filter Suspicious Query Strings in the URL
      • Remove File Writing Permissions – Prevents scripts and users from being able to write to the wp-config.php file and .htaccess file
      • Disable PHP in Uploads – Disable PHP execution in the uploads directory. This blocks requests to maliciously uploaded PHP files in the uploads directory.
      • Disable PHP in Plugins – Disable PHP execution in the plugins directory. This blocks requests to PHP files inside plugin directories that can be exploited directly.
    • Change WordPress Salts – Use WordPress Salts to encrypt any passwords saved within WordPress, this adds an extra layer in password protection. Check this box and then save settings to change your WordPress Salts.

Salt Encryption Settings

  • WordPress Tweaks:
    • Comment Spam– Reduce Comment Spam
    • XML– RPC feature allows external services to access and modify content on the site. Common example of services that make use of XML-RPC are the Jetpack plugin, the WordPress mobile app, and pingbacks. If the site does not use a service that requires XML-RPC, select the “Disable XML-RPC” setting as “disabling XML-RPC” which prevents attackers from using the feature to attack the site. Disable Pingbacks – This feature only disables pingbacks. Other XML-RPC features will work as normal. Select this setting if you require features such as Jetpack or the WordPress Mobile app.
    • Block XML– RPC requests that contain multiple login attempts.
    • Restricted Access– Restrict access to most REST API data. This means that most requests will require a logged in user or a user with specific privileges, blocking public requests for potentially private data.
    • Force Unique Nickname– This forces users to choose a unique nickname when updating their profile or creating a new account which prevents bots and attackers from easily harvesting user’s login usernames from the code on author pages. Note this does not automatically update existing users; it will affect author feed urls if used.
    • Protect Against Tabnapping– Alter target=”_blank” links to protect against tabnapping. Enabling this feature helps protect visitors to this site (including logged in users) from phishing attacks launched by a linked site.
    • Login with Email Address or Username– By default, WordPress allows users to log in using either an email address or username. This setting allows you to restrict logins to only accept email addresses or usernames.

To install, login to your WordPress dashboard, click on “Plugins” on the left. Click on “Add New” and use the search box to find “iThemes Security (formerly Better WP Security)”. Click on “Install Now”, and then activate the plugin.  On the left bar, click on “Security” and iThemes will start a security check on your site.  Additionally, you can click on Security > Settings on the left to enable any security features that fit your website.

WordFence

Wordfence Security – Firewall & Malware Scan plugin – Wordfence includes an endpoint firewall and malware scanner.  One of the key features is their threat defense feed arms that are supplied with the newest firewall rules, malware signatures and malicious IP addresses to keep your website safe.  Click on the Wordfence subtitle to jump to installation and setup instructions.

CloudFlare

You can create an account with CloudFlare to help protect your websites from various attacks including DDoS mitigation, customer Cloudflare helps mitigate DDoS attacks, prevent customer data breaches, and block malicious bot abuse. Cloudflare DNS is DDoS protection for domain resolution. It sits behind the same 15 Tbps network that protects over 7 million Internet properties from denial-of-service attacks.  Cloudflare DNS also comes with built-in load-balancing, automatic failover, rate-limiting, and filtering. Cloudflare also offers DNSSEC to add a layer of trust on top of DNS by providing authentication.

Web Application Firewall (WAF)

Web application firewall (WAF) rulesets – Available on all of Cloudflare’s paid plans, the WAF has built-in rulesets, including rules that mitigate WordPress specific threats and vulnerabilities. Additional features: automatic cache purge, and header rewrite to prevent a redirect loop when Cloudflare’s Universal SSL is enabled.  You can change Cloudflare’s settings from within the plugin itself without needing to navigate to the cloudflare.com dashboard. The available settings to change are: cache purge, security level, Always Online, and image optimization.

Sucuri

As an auditing, malware scanner, and security hardening plugin, it’s a security suite that works well with your existing website’s  security. This plugin offers a great set of security features such as Security Activity Auditing, File Integrity Monitoring, Remote Malware Scanning, Blacklist Monitoring, Effective Security Hardening, Post-Hack Security Actions, Security Notifications, and Website Firewall (premium).

General Security Recommendations

We are living in an age where security needs to be updated at all times. Passwords is one of those crucial security mechanisms that needs to be updated at least every 30 to 60 days. The recommendation for each password complexity is to be at least 15 characters containing a combination of uppercase letters, lowercase letters, numbers, and symbols. The passwords should not contain dictionary words, usernames, personal information, or letter sequences. The passwords should not be reused in a given year.

Along with having secured passwords, your computer should also be protected.  Attackers can exploit computers that have outdated operating systems using worms, malware, Trojans, and viruses. You will need to make sure your computer has the latest security patches and fixes.  All browsers should be the latest versions. Do not install any software or browser plugins from any untrusted parties.  Install reputable anti-virus software and conduct regularly malware scans on your computer.

The most common source for malicious injections are vulnerabilities in CMS software, plugins, themes and other commonly used third party code. We recommend taking measures to update all CMS software, plugins and themes used to the latest versions available from their respective vendors. This would help limit the chance of future infections occurring.

Registering your website with Google Webmaster Tools will tell you the health of your website. Change the Default “admin” username.  Since usernames make up half of login credentials, having the username “admin” made it easier for hackers to do brute-force attacks.

Final Thoughts

Being at the top of your game on security is worthwhile to avoid paying expensive fees to clean up a hacked site, especially since there are many free security options at your disposal. Take a stroll through our Managed WordPress product page and discover how we can take the guesswork out of security. Along with a 24/7 support team at your fingertips, our Managed WordPress platform automatically updates plugins to reduce your site’s vulnerability to malware.

Redirect to Https

Posted on by Jerry Vasquez
Category: Common Fixes | Tags: , , , , , ,

Google just announced that starting July 2018 Chrome, their very popular web browser, will start alerting for all websites which are not using Secure Sockets Layer, or SSL encryption. This is huge. The ramifications of such an alert could be quite impactful to traffic, to websites, and especially for the average user. So, what does that mean for you? More importantly, what can you do about it? No worries! Liquid Web has you covered.

In today’s post, we’ll be detailing some of the finer points of SSL encryption including what it is, what it means, and how to employ it. Let’s get started!

What is Secure Sockets Layer (SSL)?

Secure Sockets Layer, or SSL, is a means to encrypt traffic. That’s it! They’re no mystery, and there’s no reason to feel daunted by the technical term. The best part is that you’ve probably been making use of SSL encrypted traffic forever and haven’t even noticed it. If you’ve ever browsed to a website and noticed the prefix https:// or a little padlock in the browser bar, you’re using Secure Sockets Layer encryption.

Unencrypted: non-SSL

Insecure Site
Encrypted: Secure SSL
Secure Site

At a very high level, it’s referred to as a key-cert pair, and it’s super easy. The key file and certificate files are installed on your web server. Once installed your visitors browse to the https:// prefix and that’s it! Their traffic is encrypted end to end. If you’re unsure whether or not you’re currently using an SSL, there are some handy tools like  Why No Padock that can help identify your usage.

How does SSL work?

The more technical portions revolve around an encryption algorithm and are a little specific for the average user. At its base, an encryption key and certificate are installed on your web server, as we mentioned earlier. This key is comprised of details about the website. Nothing scary, though! It’s just enough to ensure the site is who it claims to be. Details such as the domain name, the company’s name, the company’s business address; that kind of thing. You know, aspects you’d like to know about a legitimate company with whom you’re choosing to do business and, as a business owner, are proud to announce to the public.

Finally, that information is submitted to a known certificate authority who’ll encrypt the data into the key-cert pair we talked about already. You’ll install the key-cert pair on your server. Then, whenever someone tries to access https on your site, their browser will receive that public cert and compare it to public records for your domain. The browser will verify that your business is legitimate, –because it is!– and will use that certificate to encrypt all the data that’s passed between them and your web server.

This means, whenever there is data moving between them and you, if any bad guys try to inspect or steal it, all they’ll get is a bunch of garbled junk. Your data and your clients’ data are both safe and secure!

Liquid Web has a detailed step by step instruction on server setup at our Knowledge BaseOnce you have an SSL installed on your site, your clients still have two means by which to connect to your site. The HTTP method, which is unencrypted, and the HTTPS method, which is encrypted by your new SSL. The choice is usually denoted by how your clients or your referral traffic structures their link.

Redirecting to Https

Note
This process assumes you’ve already installed an SSL on your site.

The process is referred to as “Forcing SSL Redirection.” Ultimately, you’ll use code to make sure, whenever someone goes to HTTP, their traffic is directed over to HTTPS. Click on the tabs below to learn how the different ways to implement SSL onto your site.

cPanelWordpress.htaccessPlesk
If you’re using cPanel, you’ll need to access your cPanel account and navigate to the “Redirects” menu from the “Domains” group.

You’ll notice the Wild Card Redirect check box. This is a unique function that forces all links to HTTPS, not just the primary domain. I’m very much a fan of this option as it ensures all links will be directed to the SSL secured version which has you covered if someone links to a specific page of your site and not the home page.

Click “ADD” and you’re done!

No need to use cPanel, Plesk or the command line with the very popular Content Management Software, WordPress! Editing can be done straight from the WordPress Admin interface. Log into your WordPress Admin interface navigate to the Settings menu. From there you can simply set your WordPress and Site Address to use the https:// prefix, like so:

Wordpress Admin Section in Settings

Easy Peasy! One last test to make sure you’re using your SSL will show that you are! You could use an SSL checker like SSLShopper, or clear your cache on your browser and reload! See our article on how to clear your browser cache if you are having trouble.

You should be able to see the little green padlock in the browser bar that gives your clients that warm, fuzzy feeling. Even better, the upcoming alert from Google Chrome about unencrypted traffic is no longer a worry.

More advanced users who aren’t using a control panel can use some simple rules in their .htaccess file.

From the command line, navigate to the document root of your domain and use your favorite editor to open or create your .htaccess file. Then add the following lines:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%(REQUEST_URI) [L,R=301]

Here’s an output of mine:

Example of Redirection Code

The method is very similar for Plesk: Log into your Plesk interface and navigate to the “Hosting Settings” for your domain:

Locating Hosting Settings in Plesk

From the Security subheading of the Hosting Settings, check the SSL/TLS support and Permanent 301 redirect checkboxes. Also, make sure you select the correct certificate. Lastly, click the “Apply” button and you’re done!

Redirection Settings Within Plesk

Mixed Content (Insecure Content)

There is one last part. SSLs are installed on your server. So they can only encrypt and protect objects that are on your server. This means, if you happen to be linking to off-server content, like Facebook posts, YouTube links, or images or other content from some else’s sites, you have to make sure they’re using an SSL too. If they’re not, you’re technically hosting insecure content on that page and Chrome will alert your clients as such (characterized by having https but not the green lock). If you’re unsure about the content on your site, you can use a site like Why No Padlock to check. It’ll give you a nice readout and will list any issues with unencrypted content under the “Mixed Content” heading in the report.

Luckily, big names like YouTube and Facebook are already on board and use SSLs. But there are still a lot of sites on the internet who do not. It’s up to you to help the internet’s security and be diligent in our pursuit to be good net-citizens together.

You’re now familiar with SSLs, Forced SSL Redirection and the upcoming Google Chrome alert. As always, if ever you need help or have issues, our Knowledge Base is here for you to peruse and our Helpful Support Humans are happy to help.

 

Configuring NGINX for Managed WordPress

Posted on by Libby White | Updated:
Category: Featured Articles, Managed WordPress | Tags: ,

Running a WordPress site can be incredibly simple and used right out of the box, but you may need to customize or add specific files in order to get the most out of your site. Our Managed WordPress customers can include custom NGINX configurations for individual sites, because we know that adding simple redirects or adjusting browser cache settings are actions that many of our Managed WordPress users do on a regular basis. Read on to learn how you can use this functionality for your own site.

On the Managed WordPress platform, custom configuration files are read from the NGINX folder within the site’s home directory. Any file ending with .conf will be read into NGINX on reload or restart, so a file called ~/nginx/user.conf.sample is provided as a placeholder.

While you can create and edit these files, it is necessary that you reach out to our Managed WordPress Support team to reload the NGINX configuration. This will allow us to test the file configuration and confirm that there are no errors or warnings. Because your site performance and uptime is important, the Managed WordPress support team will manually review files to check for potentially irregular and harmful configurations.

Although the primary use of this feature is for configuring redirects at the NGINX level. you may also set custom browser cache expiration times for static files. Any configurations beyond those described below are considered best effort for support.

An example of simple redirects:

# Simple redirect to an individual page
location /example-redirect-123 {
add_header X-Redirect-By "Yoast SEO Premium";
return 301 /example-redirect;
}

# Rewrite all urls under an old path to a new path
location /category/old-category {
rewrite ^/category/old-category/(.*)$ /category/new-category/$1 permanent;
}

An example of adjust browser cache settings:

# Reduces js and css cache times to a single day instead of the MWP default of 1 year.
location ~* \.(?:css|js)$ {
expires 24h;
access_log off;
add_header Cache-Control "public";
}

If you are looking to block access to a specific directory, you can complete this request by using the following command:

rewrite ^/wp-content/private_directory/(.*) /last;

Where “private_directory” is the directory you wish to block access to.

Configuring NGINX

  1. Log into the site via SSH.:ssh/sftp credential section in Managed WordPress portal highlighted
  2. Navigate to the NGINX directory located in the home directory.
    s150@default:~$ pwd
    /home/s150
    s150@default:~$ cd nginx
    s150@default:~ngingx$ ls
    user.conf.sample
    s150@default:~/nginx$
  3. Next, create a file ending in .conf:
    s150@default:~/nginx$ touch redirects.conf
    s150@default:~ngingx$ ls
    redirects.conf user.conf.sample
    s150@default:~/nginx$

    In this example, we are using redirects.conf, but you can name it anything you’d like, just make sure you remember the file name.
  4. Then modify the file with the configuration changes:
    s150@default:~/nginx$ vi redirects.conf
    s150@default:~ngingx$ cat redirects.conf
    # Limited to directives valid in the server block context
    # All files ending in '.conf' in this directory will be loaded
    # Please contact support to have them reload the nginx config files
    # for changes to go into effect.# Configure redirects
    #
    loacation /example-redirect-123 {
    add_header X-Redirect-By "Yoast SEO Premium";
    return 301 /example-redirect;
    }
    s150@default:~/nginx$
  5. Lastly, contact support to request review and reload of the config. You can easily reach our Managed WordPress support team by opening a chat or ticket through your Managed WordPress portal, or by calling our team at 1(833)845-4527 or 1(517)322-0434.

Addressing WordPress 4.9.4 Update and Vulnerabilities

Posted on by Libby White | Updated:
Category: Common Fixes, Featured Articles | Tags: ,

If you run WordPress sites you likely know it is critical to make sure that your software is up to date. In fact, you may have automatic updates enabled, so your site updates as soon as WordPress updates are available.  If you are running WordPress sites on a Liquid Web product such as our Storm VPS or Dedicated servers, please read on. This article contains critical information for you regarding WordPress 4.9.4 updates and action is required.

Note:

For customers on our Managed WordPress or Managed WooCommerce Hosting platforms, we’ll make sure your WordPress install is automatically updated; you do not need to take any action.

WordPress 4.9.4 is now available and addresses a bug in 4.9.3, which will cause automatic updates from WordPress 4.9.3 to fail. This means your site needs to be manually updated to 4.9.4.

Fortunately, updating your WordPress install is pretty simple (We do suggest that you take a site backup before updating, as with any software update.)

  1. Log into your WordPress admin page (www.yourdomain.com/wp-admin). Once logged in you should see a prompt in the WordPress dashboard, as shown below:wordpress admin dashboard update section
  2. Click on the Please update now text, which will take you to the WordPress Updates page. You can also click on DashboardUpdates, where you will be taken to the same WordPress Updates Page.wordpress update home page, click update now
  3. Click the Update Now button. The WordPress update will run, and after it completes, you’ll see the page below:wordpress 4.9.4 updated successfully

As always, our Helpful Human Support team is standing by to assist you with any questions or concerns, just open a chat, ticket, or call us and we’ll be ready. You can also find more information about this maintenance release on the WordPress.org site.

What is the Liquid Web iThemes Bundle

Posted on by Dan Pock | Updated:
Category: Featured Articles, Other, Products | Tags: ,

In a recent press release from our Blog we announced that Liquid Web has acquired iThemes – a leader in WordPress plugin development. Needless to say, this is an exiting time. Another important step in our commitment to make WordPress hosting easier than ever.

Since 2016 we’ve actually had a partnership with iThemes to bundle Sync Pro into our WordPress platform. Moving forward we will expand this integration by adding BackupBuddy and iThemes Security. With this this awesome news we also have an awesome deal for our non-platform WordPress users.

The Liquid Web iThemes bundle

For our WordPress customers hosting on a traditional solutions we now offer an exclusive Liquid Web iThemes bundle. Through this bundle, for the first time ever, you can purchase the core iThemes plugins in a single package. With this offer you have access to iThemes Sync Pro, BackupBuddy and Security Pro for one low price. Check out our bundle product page to learn more about the exclusive offer.

Getting Support for iThemes Products

iThemes will remain an independent business unit of the Liquid Web family. This means that going forward we will continue providing support for these products under the iThemes brand. If you are seeking support for an iThemes plugin you can find documentation in their Help Center. And you can contact the iThemes Support team after logging into their Member Access Panel.

Official Plugin Documentation:

Importing your web store into WooCommerce

Posted on by Dan Pock
Category: Common Fixes, Other | Tags: , ,

Do you run a web store on Shopify (or BigCommerce) and wish you had more control over things? Maybe you wish you had more Payment options on your shop, more Staff accounts, or a more straight forward shop building experience. No matter what the cause, moving to a WooCommerce based shop can give you more control and flexibility over your store. Migrating your store can be a huge headache though, so how do you get that job done?

How can I migrate an existing e-commerce store from Shopify or BigCommerce over to WooCommerce?

Moving platforms can be a frustrating and scary experience. After all, if your web store is down you’re probably not making any money. So getting it done right the first time is just a little important. Thankfully if you are moving from Shopify or BigCommerce that process can be simple.

Both Shopify and BigCommerce have export options that allow you to export products, orders, and customers to CSV files. You can then use these CSV files to rebuild your store in WooCommerce. Export files from Shopify, or BigCommerce, can be imported into your WooCommerce store using the WP All Import plugin.

How To Install WordPress, Drupal, and Joomla On Cloud Sites with One-Click

Posted on by Helpful Humans of Liquid Web | Updated:
Category: Cloud Sites, Featured Articles, Products | Tags: , , , ,

Our Cloud Sites platform is a cut above the rest with its One-Click Installer we take the pain out of creating websites allowing you to focus on building out your website. Whether your CMS of choice is WordPress, Drupal, or Joomla – our Cloud Sites platform has streamlined the process of spinning up a new site. Setting up a new site is complicated – from adding administrators, uploading files and databases. We simplify all that complexity with our smooth-running installer. Our One-Click Installer quickly uploads & configures core files, getting your site up with speed and ease has never been easier.

Installing WordPress, Drupal or Joomla on Cloud Sites using our One-Click Installer

To begin the process you will need to be logged into your Cloud Sites control panel. Once you’ve logged in you will be able to begin the process. If you do not have a Cloud Sites account you can order one from our Cloud Sites product page.

  1. Create a Website: From your Cloud Sites Control Panel find and click the “Create Website” button.
  2. Choose Your CMS: Select the drop box next to application to install the latest version of your chosen CMS.
  3. Configurations: Fill in details of the site and click “Create New Application”. Three simple steps later, you have yourself a new site with time to spare.

And it’s just that simple – setting up a new website and CMS has never been so easy. No more having to build server infrastructure and no more installing the CMS software by hand. Our Cloud Sites platform will manage all of that for you, all you have to do is fill in a few blanks and hit “Create New Application” and you’ll be on your way. If you’re a current Cloud Sites customer give our rebuilt one-click CMS installer a try.

If you’re not a Cloud Sites customer yet, then never managing servers again is just $150/mo away. Our One-Click Installer is one of the many features offered within the Cloud Sites platform. Check out other ways to simplify your web hosting needs at our Cloud Sites product page. Once you sign up you’ll be ready to start immediately and getting your new site setup is just a few clicks away!

Customize the WooCommerce Thank You page

Posted on by Dan Pock
Category: Featured Articles, Getting Started | Tags: ,

Have you ever wanted to provide product specific information right after a customer checks out? Or, what about customizing the title of the thank you page? Well we’ve thought about that too. So we built a plugin that allows you to set a global and product specific thank you pages. Continue reading “Customize the WooCommerce Thank You page”

Show Featured Products for Empty Search Results in WooCommerce

Posted on by Dan Pock
Category: Featured Articles, Other | Tags: ,

It can happen. And it’s embarrassing. A visitor searches your site for a product and whatever their search terms are, no products are found. Instead of a missed opportunity to convert that visitor into a paying customer, consider showing them some products that might be of interest to them. Continue reading “Show Featured Products for Empty Search Results in WooCommerce”