Warning: Illegal string offset 'encoded' in /home/better/public_html/merger/full.php on line 212

Warning: Illegal string offset 'encoded' in /home/better/public_html/merger/full.php on line 212

Warning: Illegal string offset 'encoded' in /home/better/public_html/merger/full.php on line 212

Warning: Illegal string offset 'encoded' in /home/better/public_html/merger/full.php on line 212
Error: Cannot fetch feed url - http://krogsgard.com/feed
Warning: Cannot modify header information - headers already sent by (output started at /home/better/public_html/merger/full.php:212) in /home/better/public_html/merger/feedcreator.class.php on line 645

Warning: Cannot modify header information - headers already sent by (output started at /home/better/public_html/merger/full.php:212) in /home/better/public_html/merger/feedcreator.class.php on line 646
A Better Planet - WordPress News News and updates from the world of WordPress http://abetterplanetwp.com 2016-07-28T10:19:37+01:00 text/html 2016-07-28T23:10:07+01:00 http://abetterplanetwp.com A Better Planet WordPress Product Launch UX Best Practices: Series Introduction http://torquemag.io/2016/07/wordpress-product-launch-ux/ <p>The WordPress community is getting more and more transparent as far as the business aspect is involved. Business folks have started to disclose the financial status of their WordPress businesses. One particular statement that we keep hearing goes something like this: “I created a WordPress product and it generated xx amount during the first month or year of its launch.” We&#8217;ve all heard it before .</p> <p>As entrepreneurs, we are all struggling to come up with a product that not only pays for itself but also gets adopted and admired by the masses.</p> <p>Last year, I developed an add-on plugin for the <a href="https://wordpress.org/plugins/contact-form-7/">Contact Form 7</a> called the <a href="https://wordpress.org/plugins/cf7-customizer/">CF7 Customizer</a>,<a href="https://wordpress.org/plugins/cf7-customizer/"> which helped users</a> customize and style their contact forms intuitively and directly from the WordPress customizer. During its development, I explored a new side of a WordPress products&#8217; user experience. That&#8217;s what I intend to share with you through this series. So, let&#8217;s get started.</p> <h2>How It All Began</h2> <p><em>Note that when I refer to a “WordPress Product” that I am actually referring specifically to a WordPress plugin or theme.</em></p> <p>Like I said, I was toying around with my plugin <a href="https://wordpress.org/plugins/cf7-customizer/">CF7 Customizer.</a> And, since it is an add-on, I knew the user needed guidance with some prerequisite and compulsory steps including:</p> <ul> <li>Install and activate Contact Form 7</li> <li>Create a new contact form and copy the shortcode</li> <li>Add the shortcode inside a new page to create a contact page</li> <li>Access the front end of the contact page and open the WordPress customizer from the admin bar</li> <li>Open CF7 Customizer panel and then make the desired customizations with the help of CF7 Customizer</li> </ul> <p>Without these steps, my plugin would inevitably fail because users typically need direction on how to get a new product up and running.</p> <p>Before I launched my product I beta tested it with a small focus group. I shared CF7 Customizer with 10 of my friends, most of whom came from a moderate development background (which means that I anticipated an easy learning process).</p> <p>It can be extremely unnerving to ask for feedback about your upcoming product because you open yourself to some pretty strong and critical reviews. In such scenarios, I prepare myself for the worst. And, in the case of CF7 Customizer, I was glad to be mentally prepared because 8 out of 10 people didn&#8217;t know what to do after they activated the plugin. Only two people managed to successfully use the plugin after making several attempts.</p> <p>This was truly eye opening for me, which left me wondering if a bunch of experienced developers had difficulty with my plugin what would happen with the common end users?</p> <p>I was working in a vacuum and I need to expand my approach. I realized that my product&#8217;s UX (User Experience) was broken, and it needed to be repaired before I could launch.</p> <h2>Solution to the Problem</h2> <p>People say that failure is the key to success and I agree. I decided that the best way to proceed was to revise the entire process of my product&#8217;s onboarding experience.</p> <p>When I started studying the insights from the beta test, I quickly noticed that I needed to make dramatic improvements to the UX, or what we call a user onboarding experience. I started to explore new ways to improve the existing UX of my product.</p> <p>During this process, I started to realize the significant disconnect in the WordPress industry regarding user onboarding.</p> <h2>My Final Steps!</h2> <p>Adding a welcome page to my product was the best solution to my problem. It is  displayed each time a user activates my plugin, and caters most of the queries and helps remove a lot of confusion.</p> <h2>Final Result</h2> <p>Throughout this series, I am going to share my strategies of how I got 10,000+ downloads, 4,000+ active site installs, 3,800+ Newsletter subscribers, and got featured in the daily top 10 at ProductHunt with roughly 200 up-votes, all that in less than six months.</p> <p>Hold on tight and prepare yourself to be a part of my 100-hour researched workflow.</p> <p>Towards the end of the series, you would have learned about some best practices which must be considered while planning the UX (User Experience) of a WordPress product. I will help you turn a simple product into a complete brand. Isn&#8217;t it amazing?</p> <h2>The Strategy</h2> <p>Before we dive into the details, let me explain what you can expect over the next few weeks.  This six-part series highlights the best UX (User Experience) practices for WordPress products and teaches you how to leverage them in your product launch.</p> <h3>Better UX For WordPress Products</h3> <p>It is really important to have a good user experience in your products — it&#8217;s one of those things that makes you stand out of the crowd and beat your competition. Hence, the series begins with articles related to this topic. First, I&#8217;ll highlight the importance of having a better UX  and will discuss the reasons why the current UX (User Experience) needs a major revision.</p> <p>Then I&#8217;ll jump over to the ways with which you can employ to get a much better UX (User Experience). It includes the concept of adding a Welcome Page and Admin Pointers. Finally, I&#8217;ll explain the entire process of coding a welcome page on your own and we will build a boilerplate that could be used for every new project. So hang on tight.</p> <h2>Conclusion</h2> <p>This was just a brief pre-cap. There is a lot more to come. If you are a WordPress business owner who has ever launched a WordPress product then you should join me in this series. I&#8217;m sure it will help you just as much as it helped me.</p> <p>Finally, you can catch all of my articles on <a href="http://torquemag.io/author/aawais12/">my profile page</a>, and you can follow me <a href="http://ahmadawais.com/">on my blog</a> and/or reach out at Twitter <a href="https://twitter.com/mrahmadawais">@mrahmadawais</a>; where I write about development workflows in the context of WordPress.</p> <p><em>As usual, don&#8217;t hesitate to leave any questions or comments below, and I&#8217;ll aim to respond to each of them.</em></p> <div id="author-bio-box" style="background: #f8f8f8; border-top: 2px solid #cccccc; border-bottom: 2px solid #cccccc; color: #333333"><h3><a style="color: #555555;" href="http://torquemag.io/author/aawais12/" title="All posts by Ahmad Awais" rel="author">Ahmad Awais</a></h3><div class="bio-gravatar"><img alt='' src='http://1.gravatar.com/avatar/7ad68a17dcb10ac8dfabf1b8c1f51b72?s=70&#038;d=mm&#038;r=g' srcset='http://1.gravatar.com/avatar/7ad68a17dcb10ac8dfabf1b8c1f51b72?s=140&amp;d=mm&amp;r=g 2x' class='avatar avatar-70 photo' height='70' width='70' /></div><a target="_blank" href="https://ahmadawais.com/about/" class="bio-icon bio-icon-website"></a><a target="_blank" href="https://twitter.com/mrahmadawais" class="bio-icon bio-icon-twitter"></a><p class="bio-description">Ahmad Awais is a Full Stack WordPress Developer, WP Core Contributor, Front-end Fanatic and a Designer by night. He loves to create optimized but advanced workflows to produce cool pieces of Open Source software. Connect with Ahmad at Twitter and subscribe to his <a href="https://ahmadawais.com/subscribe/">WordPress Newsletter</a>!</p></div> <div class='ctx-subscribe-container ctx-clearfix ctx_default_placement'></div><div class='ctx-social-container ctx-clearfix ctx_default_placement'></div><div class='ctx-module-container ctx-clearfix ctx_default_placement'></div><div id="epoch-width-sniffer"></div><p>The post <a rel="nofollow" href="http://torquemag.io/2016/07/wordpress-product-launch-ux/">WordPress Product Launch UX Best Practices: Series Introduction</a> appeared first on <a rel="nofollow" href="http://torquemag.io">Torque</a>.</p> text/html 2016-07-28T22:40:17+01:00 http://abetterplanetwp.com A Better Planet Week in Core, July 19 – July 26 2016 https://make.wordpress.org/core/2016/07/28/week-in-core-july-19-july-26-2016/ <p>Welcome back the latest issue of Week in Core, covering changes <a href="https://core.trac.wordpress.org/log/?revs=38111-38160">[38111-38160]</a>. Here are the highlights:</p> <ul> <li>49 commits</li> <li>35 contributors</li> <li>73 tickets created</li> <li>4 tickets reopened</li> <li>67 tickets closed</li> </ul> <p>Ticket numbers based on <a href="https://core.trac.wordpress.org/timeline?from=07%2F26%2F16&amp;daysback=7&amp;authors=&amp;ticket=on&amp;sfp_email=&amp;sfph_mail=&amp;update=Update">trac timeline</a> for the period above. The following is a summary of commits, organized by component.</p> <h2>Code Changes</h2> <h3 id="administration"><a class="headeranchor-link" href="#administration" name="user-content-administration"></a>Administration</h3> <ul> <li>System fonts: Adjust the smaller tabs so they appear as tabs. <a href="https://core.trac.wordpress.org/changeset/38153">[38153]</a> <a href="https://core.trac.wordpress.org/ticket/36753">#36753</a></li> <li>System fonts: Don’t quote single-word font names, per our coding standards. <a href="https://core.trac.wordpress.org/changeset/38152">[38152]</a> <a href="https://core.trac.wordpress.org/ticket/36753">#36753</a></li> </ul> <h3 id="buildtest-tools"><a class="headeranchor-link" href="#buildtest-tools" name="user-content-buildtest-tools"></a>Build/Test Tools</h3> <ul> <li>Update <code>grunt-patch-wordpress</code> to 0.4.2. <a href="https://core.trac.wordpress.org/changeset/38111">[38111]</a> <a href="https://core.trac.wordpress.org/ticket/37410">#37410</a></li> </ul> <h3 id="comments"><a class="headeranchor-link" href="#comments" name="user-content-comments"></a>Comments</h3> <ul> <li>Introduce the <code>cache_domain</code> argument for <code>WP_Comment_Query</code> to allow caching to a unique set of cache buckets. <a href="https://core.trac.wordpress.org/changeset/38117">[38117]</a> <a href="https://core.trac.wordpress.org/ticket/37419">#37419</a></li> <li>Tests: Include the <code>check_comment</code> function tests in the comment group. Adds <code><a href='https://profiles.wordpress.org/group' class='mention'>@group</a> comment</code> notation to the <code>Tests_Comment_CheckComment</code> class. Introduced in <a href="https://core.trac.wordpress.org/changeset/32519">[32519]</a>. <a href="https://core.trac.wordpress.org/changeset/38114">[38114]</a> <a href="https://core.trac.wordpress.org/ticket/37356">#37356</a></li> </ul> <h3 id="cron-api"><a class="headeranchor-link" href="#cron-api" name="user-content-cron-api"></a>Cron API</h3> <ul> <li>Docs: In <code>wp_schedule_single_event()</code>, add a note about scheduling an event to occur within 10 minutes of another event with the same action hook. <a href="https://core.trac.wordpress.org/changeset/38148">[38148]</a> <a href="https://core.trac.wordpress.org/ticket/37455">#37455</a></li> </ul> <h3 id="database"><a class="headeranchor-link" href="#database" name="user-content-database"></a>Database</h3> <ul> <li>Replace incorrect use of <code>E_USER_NOTICE</code> in <code>wpdb::_real_escape()</code> with the version number where the message was added. <a href="https://core.trac.wordpress.org/changeset/38133">[38133]</a> <a href="https://core.trac.wordpress.org/ticket/36403">#36403</a></li> </ul> <h3 id="editor"><a class="headeranchor-link" href="#editor" name="user-content-editor"></a>Editor</h3> <ul> <li>Inline link: Remove proxying through WordPress to test if an URL exists. Fix and enhance the regex that tests if the URL is well formed. <a href="https://core.trac.wordpress.org/changeset/38159">[38159]</a> <a href="https://core.trac.wordpress.org/ticket/36638">#36638</a></li> <li>Improve styling of “Add Media” button on mobile and make it more consistent with media buttons added by plugins. <a href="https://core.trac.wordpress.org/changeset/38132">[38132]</a> <a href="https://core.trac.wordpress.org/ticket/36999">#36999</a></li> <li>Link check: Use <code>wp.a11y.speak()</code> to announce bad URLs. Do not add a title to the link toolbar. Better error message. <a href="https://core.trac.wordpress.org/changeset/38126">[38126]</a> <a href="https://core.trac.wordpress.org/ticket/36638">#36638</a></li> </ul> <h3 id="feeds"><a class="headeranchor-link" href="#feeds" name="user-content-feeds"></a>Feeds</h3> <ul> <li>Docs: Add missing class, method, and property DocBlocks for feed classes. <a href="https://core.trac.wordpress.org/changeset/38112">[38112]</a> <a href="https://core.trac.wordpress.org/ticket/36295">#36295</a></li> </ul> <h3 id="filesystem-api"><a class="headeranchor-link" href="#filesystem-api" name="user-content-filesystem-api"></a>Filesystem API</h3> <ul> <li>Filesystem API: Change the default value for the <code>$context</code> parameter of <code>get_filesystem_method()</code> and <code>request_filesystem_credentials()</code> to an empty string. <a href="https://core.trac.wordpress.org/changeset/38138">[38138]</a> <a href="https://core.trac.wordpress.org/ticket/37412">#37412</a></li> </ul> <h3 id="general"><a class="headeranchor-link" href="#general" name="user-content-general"></a>General</h3> <ul> <li>Docs: Fix typo in hook description for <code>customize_save_validation_before</code>. <a href="https://core.trac.wordpress.org/changeset/38140">[38140]</a> <a href="https://core.trac.wordpress.org/ticket/37318">#37318</a></li> <li>Docs: Fix formatting, tense, verb conjugation, and other syntax for wp-includes/* elements introduced or changed in 4.6. <a href="https://core.trac.wordpress.org/changeset/38121">[38121]</a> <a href="https://core.trac.wordpress.org/changeset/38125">[38125]</a> <a href="https://core.trac.wordpress.org/ticket/37318">#37318</a></li> <li>Docs: Add missing inline documentation in <code>WP_HTTP_Requests_Response</code>. <a href="https://core.trac.wordpress.org/changeset/38120">[38120]</a> <a href="https://core.trac.wordpress.org/ticket/37318">#37318</a>, <a href="https://core.trac.wordpress.org/ticket/33055">#33055</a></li> </ul> <h3 id="media"><a class="headeranchor-link" href="#media" name="user-content-media"></a>Media</h3> <ul> <li>I18N: Add a translator comment for two MediaElement.js strings added in <a href="https://core.trac.wordpress.org/changeset/38089">[38089]</a>. <a href="https://core.trac.wordpress.org/changeset/38150">[38150]</a> <a href="https://core.trac.wordpress.org/ticket/37453">#37453</a>, <a href="https://core.trac.wordpress.org/ticket/37394">#37394</a></li> <li>Docs: Fix minor formatting issue for a comment added in <a href="https://core.trac.wordpress.org/changeset/38113">[38113]</a>. <a href="https://core.trac.wordpress.org/changeset/38139">[38139]</a> <a href="https://core.trac.wordpress.org/ticket/32171">#32171</a></li> <li>Ensure empty <code>alt</code> attributes are set to blank strings. <a href="https://core.trac.wordpress.org/changeset/38116">[38116]</a> <a href="https://core.trac.wordpress.org/ticket/36735">#36735</a></li> <li>Remove global import for <code>$content_width</code> in <code>_wp_post_thumbnail_html()</code>. <code>$content_width</code> is unused since <a href="https://core.trac.wordpress.org/changeset/35023">[35023]</a>. <a href="https://core.trac.wordpress.org/changeset/38136">[38136]</a> <a href="https://core.trac.wordpress.org/ticket/28512">#28512</a></li> <li>Clean up prior image edits if <code>IMAGE_EDIT_OVERWRITE</code> is true. <a href="https://core.trac.wordpress.org/changeset/38113">[38113]</a> <a href="https://core.trac.wordpress.org/ticket/32171">#32171</a></li> </ul> <h3 id="menus"><a class="headeranchor-link" href="#menus" name="user-content-menus"></a>Menus</h3> <ul> <li>Docs: Update the description of the <code>$box</code> argument of <code>wp_nav_menu_item_taxonomy_meta_box()</code> for consistency with <a href="https://core.trac.wordpress.org/changeset/38129">[38129]</a>. Missed in <a href="https://core.trac.wordpress.org/changeset/38130">[38130]</a>. <a href="https://core.trac.wordpress.org/changeset/38142">[38142]</a> <a href="https://core.trac.wordpress.org/ticket/37211">#37211</a></li> <li>Docs: In meta box functions, clarify that “Meta box ID” refers to the <code>id</code> attribute of the meta box and not a numeric ID. <a href="https://core.trac.wordpress.org/changeset/38131">[38131]</a> <a href="https://core.trac.wordpress.org/ticket/37211">#37211</a></li> <li>Docs: Correct and expand the docs for the <code>$taxonomy</code> argument of <code>wp_nav_menu_item_taxonomy_meta_box()</code>. <a href="https://core.trac.wordpress.org/changeset/38128">[38128]</a> <a href="https://core.trac.wordpress.org/ticket/37211">#37211</a></li> <li>Docs: Correct and expand the docs for the <code>$post_type</code> argument of <code>wp_nav_menu_item_post_type_meta_box()</code>. <a href="https://core.trac.wordpress.org/changeset/38127">[38127]</a> <a href="https://core.trac.wordpress.org/ticket/37211">#37211</a></li> <li>In <code>wp_nav_menu_item_taxonomy_meta_box()</code>: Rename the <code>$taxonomy</code> parameter to <code>$box</code> for clarity and consistency with other meta box functions. <a href="https://core.trac.wordpress.org/changeset/38130">[38130]</a> <a href="https://core.trac.wordpress.org/ticket/37211">#37211</a></li> <li>In <code>wp_nav_menu_item_post_type_meta_box()</code>: Rename the <code>$post_type</code> parameter to <code>$box</code> for clarity and consistency with other meta box functions. <a href="https://core.trac.wordpress.org/changeset/38129">[38129]</a> <a href="https://core.trac.wordpress.org/ticket/37211">#37211</a></li> </ul> <h3 id="permalinks"><a class="headeranchor-link" href="#permalinks" name="user-content-permalinks"></a>Permalinks</h3> <ul> <li>In <code>get_page_uri()</code>, don’t prepend a parent page slug if it’s empty. <a href="https://core.trac.wordpress.org/changeset/38145">[38145]</a> <a href="https://core.trac.wordpress.org/ticket/36174">#36174</a></li> </ul> <h3 id="plugins"><a class="headeranchor-link" href="#plugins" name="user-content-plugins"></a>Plugins</h3> <ul> <li>Use <code>history.pushState()</code> to customize the URL during searches. <code>history.pushState()</code> requires an event handler for <code>popstate</code> which doesn’t exist (yet). <a href="https://core.trac.wordpress.org/changeset/38154">[38154]</a> <a href="https://core.trac.wordpress.org/ticket/37233">#37233</a></li> <li>Add a missing space between classes on &#8220; element for custom columns of the Plugins list table. <a href="https://core.trac.wordpress.org/changeset/38149">[38149]</a> <a href="https://core.trac.wordpress.org/ticket/37460">#37460</a></li> <li>List Table: Improve <code>WP_Plugins_List_Table::search_box()</code> which was added in <a href="https://core.trac.wordpress.org/changeset/38033">[38033]</a>. <a href="https://core.trac.wordpress.org/changeset/38146">[38146]</a> <a href="https://core.trac.wordpress.org/ticket/37230">#37230</a></li> <li>Improve Ajax search of new plugins. <a href="https://core.trac.wordpress.org/changeset/38119">[38119]</a> <a href="https://core.trac.wordpress.org/ticket/37233">#37233</a></li> <li>Accessibility: Ensure only text is sent to aria-live messages. <a href="https://core.trac.wordpress.org/changeset/38115">[38115]</a> <a href="https://core.trac.wordpress.org/ticket/37382">#37382</a></li> <li>Make search field placeholder translatable. <a href="https://core.trac.wordpress.org/changeset/38141">[38141]</a> <a href="https://core.trac.wordpress.org/ticket/37230">#37230</a></li> </ul> <h3 id="posts-post-types"><a class="headeranchor-link" href="#posts-post-types" name="user-content-posts-post-types"></a>Posts, Post Types</h3> <ul> <li>Remove a redundant <code>function_exists( 'mb_strlen' )</code> check in <code>get_sample_permalink_html()</code>. <code>mb_strlen()</code> is always available since <a href="https://core.trac.wordpress.org/changeset/32114">[32114]</a>. <a href="https://core.trac.wordpress.org/changeset/38147">[38147]</a> <a href="https://core.trac.wordpress.org/ticket/30633">#30633</a></li> <li>Unit Tests: Add a <code><a href='https://profiles.wordpress.org/ticket' class='mention'>@ticket</a></code> reference for <code>test_get_page_uri_without_argument()</code>. <a href="https://core.trac.wordpress.org/changeset/38144">[38144]</a> <a href="https://core.trac.wordpress.org/ticket/26284">#26284</a></li> <li>Unit Tests: Move <code>get_page_uri()</code> tests to <code>post/getPageUri.php</code>, added in <a href="https://core.trac.wordpress.org/changeset/37345">[37345]</a>. <a href="https://core.trac.wordpress.org/changeset/38143">[38143]</a> <a href="https://core.trac.wordpress.org/ticket/26284">#26284</a></li> </ul> <h3 id="post-thumbnails"><a class="headeranchor-link" href="#post-thumbnails" name="user-content-post-thumbnails"></a>Post Thumbnails</h3> <ul> <li>Remove an unused nonce in <code>_wp_post_thumbnail_html()</code>. <a href="https://core.trac.wordpress.org/changeset/38137">[38137]</a> <a href="https://core.trac.wordpress.org/ticket/12922">#12922</a></li> <li>Only update featured images when saving a post. <a href="https://core.trac.wordpress.org/changeset/38118">[38118]</a> <a href="https://core.trac.wordpress.org/ticket/12922">#12922</a></li> </ul> <h3 id="script-loader"><a class="headeranchor-link" href="#script-loader" name="user-content-script-loader"></a>Script Loader</h3> <ul> <li>Use <code>dns-prefetch</code> for the Emoji CDN.<a href="https://core.trac.wordpress.org/changeset/38122">[38122]</a> <a href="https://core.trac.wordpress.org/ticket/37387">#37387</a></li> </ul> <h3 id="themes"><a class="headeranchor-link" href="#themes" name="user-content-themes"></a>Themes</h3> <ul> <li>Docs: Fix typo in <code>wp_title()</code> description. <a href="https://core.trac.wordpress.org/changeset/38135">[38135]</a> <a href="https://core.trac.wordpress.org/ticket/37442">#37442</a></li> <li>Docs: Change type of <code>WP_Upgrader_Skin::$result</code> to <code>string|bool|WP_Error</code>. <a href="https://core.trac.wordpress.org/changeset/38134">[38134]</a> <a href="https://core.trac.wordpress.org/ticket/32246">#32246</a></li> </ul> <h3 id="tinymce"><a class="headeranchor-link" href="#tinymce" name="user-content-tinymce"></a>TinyMCE</h3> <ul> <li>Fix the calculation for the inline toolbar vertical position. <a href="https://core.trac.wordpress.org/changeset/38160">[38160]</a> <a href="https://core.trac.wordpress.org/ticket/37481">#37481</a></li> <li><code>wpView</code>:</li> <li>Add the <code>wpview-wrap</code> class and pass third param to the <code>getNodes()</code> callback for back-compat.</li> <li>Attach the mutation observer that resizes a view iframe inside the iframe to minimize memory use/leaks.</li> <li>Remove the <code>wp-mce-view-unbind</code> event. It has never been particularly reliable and now it doesn’t fire when the user deletes a view by typing or pasting over it.</li> <li>Restore changing of a view iframe body classes when the editor body classes change. <a href="https://core.trac.wordpress.org/changeset/38158">[38158]</a> <a href="https://core.trac.wordpress.org/ticket/36434">#36434</a></li> <li>TinyMCE, wpView: bail early when the iframe node is not attached to the DOM. We can’t load any HTML in it as here is no <code>iframe.contentWindow</code> in these cases. <a href="https://core.trac.wordpress.org/changeset/38157">[38157]</a> <a href="https://core.trac.wordpress.org/ticket/36434">#36434</a></li> <li>Fix selecting an image on touch in iOS Safari for TinyMCE 4.4.1. <a href="https://core.trac.wordpress.org/changeset/38156">[38156]</a> <a href="https://core.trac.wordpress.org/ticket/37427">#37427</a></li> <li>Upgrade to 4.4.1, changelog: <a href="https://www.tinymce.com/docs/changelog/#version441-july262016">https://www.tinymce.com/docs/changelog/#version441-july262016</a>. <a href="https://core.trac.wordpress.org/changeset/38155">[38155]</a> <a href="https://core.trac.wordpress.org/ticket/37427">#37427</a>, <a href="https://core.trac.wordpress.org/ticket/37476">#37476</a></li> </ul> <h3 id="upgradeinstall"><a class="headeranchor-link" href="#upgradeinstall" name="user-content-upgradeinstall"></a>Upgrade/Install</h3> <ul> <li>Prevent an endless self-calling loop in <code>wp_tempnam()</code>. <a href="https://core.trac.wordpress.org/changeset/38151">[38151]</a> <a href="https://core.trac.wordpress.org/ticket/33999">#33999</a></li> </ul> <p>Thanks to <a href='https://profiles.wordpress.org/adamsilverstein' class='mention'>@adamsilverstein</a>, <a href='https://profiles.wordpress.org/afercia' class='mention'>@afercia</a>, <a href='https://profiles.wordpress.org/afineman' class='mention'>@afineman</a>, <a href='https://profiles.wordpress.org/andizer' class='mention'>@andizer</a>, <a href='https://profiles.wordpress.org/azaozz' class='mention'>@azaozz</a>, <a href='https://profiles.wordpress.org/bradt' class='mention'>@bradt</a>, <a href='https://profiles.wordpress.org/Chouby' class='mention'>@Chouby</a>, <a href='https://profiles.wordpress.org/chriscct7' class='mention'>@chriscct7</a>, <a href='https://profiles.wordpress.org/crstauf' class='mention'>@crstauf</a>, <a href='https://profiles.wordpress.org/DrewAPicture' class='mention'>@DrewAPicture</a>, <a href='https://profiles.wordpress.org/flixos90' class='mention'>@flixos90</a>, <a href='https://profiles.wordpress.org/FolioVision' class='mention'>@FolioVision</a>, <a href='https://profiles.wordpress.org/gma992' class='mention'>@gma992</a>, <a href='https://profiles.wordpress.org/helen' class='mention'>@helen</a>, <a href='https://profiles.wordpress.org/ideag' class='mention'>@ideag</a>, <a href='https://profiles.wordpress.org/inderpreet99' class='mention'>@inderpreet99</a>, <a href='https://profiles.wordpress.org/iseulde' class='mention'>@iseulde</a>, <a href='https://profiles.wordpress.org/ixkaito' class='mention'>@ixkaito</a>, <a href='https://profiles.wordpress.org/joemcgill' class='mention'>@joemcgill</a>, <a href='https://profiles.wordpress.org/jorbin' class='mention'>@jorbin</a>, <a href='https://profiles.wordpress.org/medariox' class='mention'>@medariox</a>, <a href='https://profiles.wordpress.org/mehulkaklotar' class='mention'>@mehulkaklotar</a> for initial patch, <a href='https://profiles.wordpress.org/mikeschroder' class='mention'>@mikeschroder</a>, <a href='https://profiles.wordpress.org/netweb' class='mention'>@netweb</a>, <a href='https://profiles.wordpress.org/ocean9' class='mention'>@ocean9</a>, <a href='https://profiles.wordpress.org/ocean90' class='mention'>@ocean90</a>, <a href='https://profiles.wordpress.org/pento' class='mention'>@pento</a>, <a href='https://profiles.wordpress.org/peterwilsoncc' class='mention'>@peterwilsoncc</a>, <a href='https://profiles.wordpress.org/rachelbaker' class='mention'>@rachelbaker</a>, <a href='https://profiles.wordpress.org/rahulsprajapati' class='mention'>@rahulsprajapati</a>, <a href='https://profiles.wordpress.org/rahulsprajapati' class='mention'>@rahulsprajapati</a> for initial patch, <a href='https://profiles.wordpress.org/ramiy' class='mention'>@ramiy</a>, <a href='https://profiles.wordpress.org/SergeyBiryukov' class='mention'>@SergeyBiryukov</a>, <a href='https://profiles.wordpress.org/stevenkword' class='mention'>@stevenkword</a>, and <a href='https://profiles.wordpress.org/swissspidy' class='mention'>@swissspidy</a> for their contributions!</p> text/html 2016-07-28T21:00:33+01:00 http://abetterplanetwp.com A Better Planet Running a Business Amidst Changing Technology https://tommcfarlin.com/running-a-business-changing-technology/ <p>Whenever I have the opportunity to speak at an event, I always try to cover the events, any slides, any footage, and any other material related to the event in my <a href="https://tommcfarlin.com/category/speaking">speaking</a> category.</p> <p>Sometimes, though, I&#8217;ll write an article on another property that spends more time diving into a talk or a presentation that I gave in an attempt to help reach people through a site with a larger audience.</p> <p>And it in a recent post for Envato, <a href="http://code.tutsplus.com/tutorials/running-a-business-while-keeping-up-with-changing-technology--cms-26478">I did exactly that</a>. Specifically, I did a deeper dive into my WordCamp San Diego speech on what it means to focus on running a business while keeping up with changing technology.</p> <p><span id="more-36243"></span></p> <h2>Running a Business (Keeping Up With Technology)</h2> <p>I&#8217;ve covered my time in San Diego in two previous posts. Namely:</p> <ol> <li><a href="https://tommcfarlin.com/wordcamp-san-diego-2016/">Headed To WordCamp San Diego 2016</a></li> <li><a href="https://tommcfarlin.com/attending-a-wordcamp/">Three Reasons For Attending a WordCamp</a></li> </ol> <p>But I&#8217;ve yet to spend a lot of time covering what I talked about during my presentation and why I shared my perspective in the way that I did. Sure, you can <a href="http://wordpress.tv/2016/05/01/tom-mcfarlin-personal-growth-how-do-you-run-a-business-while-keeping-up-with-changing-technology/">watch the video on WordPress.tv</a>, but if you&#8217;re interested to read more about the presentation (and watch it in the middle of the context that I&#8217;ve provided), be sure to <a href="http://code.tutsplus.com/tutorials/running-a-business-while-keeping-up-with-changing-technology--cms-26478">check out the article</a>.</p> <p><img class="aligncenter size-large wp-image-36244" src="https://tommcfarlin.com/wp-content/uploads/2016/07/Screen-Shot-2016-07-22-at-3.44.37-PM-1024x1002.png" alt="Running a Business While Keeping Up With Changing Technology" width="690" height="675" srcset="https://tommcfarlin.com/wp-content/uploads/2016/07/Screen-Shot-2016-07-22-at-3.44.37-PM-1024x1002.png 1024w, https://tommcfarlin.com/wp-content/uploads/2016/07/Screen-Shot-2016-07-22-at-3.44.37-PM-300x293.png 300w, https://tommcfarlin.com/wp-content/uploads/2016/07/Screen-Shot-2016-07-22-at-3.44.37-PM-768x751.png 768w, https://tommcfarlin.com/wp-content/uploads/2016/07/Screen-Shot-2016-07-22-at-3.44.37-PM.png 1096w" sizes="(max-width: 690px) 100vw, 690px" /></p> <p>Some of the things that I discuss include the following:</p> <ol> <li><strong>Principles and Foundations Over Technology</strong>. In this section, I talk specifically about managers, developers, and designers.</li> <li><strong>Go Deep Rather Than Wide</strong>. Here, I share some of my experience in going into self-employment and some of the lessons I learned the hard way (and how you can avoid them should you choose this route).</li> <li><strong>Stay Aware of What&#8217;s Out There</strong>. I&#8217;m a fan of going deep rather than wide when it comes to learning a set of tools, but that doesn&#8217;t mean I think we should keep our heads in the sand. Here, I talk about how to keep up with what&#8217;s out there without wasting our time.</li> <li><strong>Connect With Those Who Know More</strong>. Although this sounds a bit simplistic, it&#8217;s also meant to be practical steps that you can use to improve yourself continually while you&#8217;re away from your computer screen.</li> </ol> <p>Again, I go into all of this and more in the article, and it features the video, as well. So if you&#8217;ve not read it or watched it, and any of the above sounds interesting, feel free to do so.</p> <p>You&#8217;ll even hear a little bit about how I wanted to forgo college to pursue a career as a guitarist. And yes, I tie that all back into working with WordPress.</p> <p>If you have any comments, please leave them on the original article.</p> <p><a rel="nofollow" href="https://tommcfarlin.com/running-a-business-changing-technology/">Running a Business Amidst Changing Technology</a> was written by <a rel="nofollow" href="https://tommcfarlin.com/author/tom/">Tom</a>. For more on WordPress, development, and resources then visit <a rel="nofollow" href="https://tommcfarlin.com">Tom McFarlin</a>'s blog.</p> text/html 2016-07-28T21:00:00+01:00 http://abetterplanetwp.com A Better Planet WordPress Security: The Ultimate 32-Step Checklist https://premium.wpmudev.org/blog/ultimate-wordpress-security-checklist/ <p>Back when I was starting out as a web designer and developer, my biggest problem was getting stuff to work the way I wanted it to.</p> <p>I was concerned more about getting things (mostly) working as I expected them to be. Getting things to look like snazzy was usually one of my primary goals when finishing a website.</p> <p>WordPress security was the least of my concerns. Hacking was something I read about, not something I expected to happen to me. SQL injection, cross-site scripting, elevation of privileges and critical security vulnerabilities were just buzzwords in tech news.</p> <p>But one day, securing my sites suddenly got very important, very quickly when my Facebook feed told me there was a critical vulnerability in WordPress, which was actively being exploited. When I next tried to log in to my site, my credentials were not accepted.</p> <p>Most of my sites had been compromised by the vulnerability.</p> <p>I got lucky, though. I had taken one inadvertent precaution, which saved my sites from being fully exploited – I had renamed my admin username – and despite the fact the vulnerability had been exploited on my site, the hackers could not log in. I was using a complex administrator username rather than the default “admin” username the hackers were expecting.</p> <p>Today I know different.</p> <p>WordPress security is fundamental: Every WordPress website needs to be fully secured and hardened.</p> <p><strong>Scroll down to read the full 32-step checklist for securing your WordPress site, or download the checklist as a PDF. Don&#8217;t forget to bookmark this page and share the checklist!</strong></p> <p><span id="more-157511"></span></p> <a class="general_big_button" href="https://premium.wpmudev.org/blog/wp-content/uploads/2016/07/wpmudev_wordpress_security_checklist.pdf"><span class="text">Secure your website with our ultimate 32-step security checklist for WordPress</span><span class="button-a-b">Download FREE Checklist</span></a> <h3>Why Would a Hacker Be Interested In My Site?</h3> <p>Before actually diving deeply into securing WordPress, it’s crucial to understand the logistics and the reasoning behind a website hack.</p> <p>It’s understandable that you might wonder:</p> <blockquote><p><em>“Why would a hacker be interested in my website? It’s just the website of my local business, seen by a few hundred people at most. What are they going to get out of it?”</em></p></blockquote> <p>There are many reasons why a hacker would be interested in your “small” website.</p> <p>Although some hacking is done for political reasons (defacing of websites to send particular political messages, for example), these types of hacks are typically very localized and not as popular as the mainstream media would make them out to be.</p> <p>Most hacking attacks happen for more devious reasons.</p> <p>These days, hacking is part of a ring of criminality whose ultimate aim is to make money through fraudulent means. Typically, after a website is hacked it becomes a middle-man for the distribution of malicious software. Most times, the website owner is oblivious of all of this.</p> <p>There are frameworks which are bought and sold in the online black market, making it dead-easy to distribute malware through hacked websites.</p> <p>In essence, your website could become an involved party in criminal activity!</p> <p>Besides that, there are other negative implications:</p> <ul> <li>Your site could be used as a spamming proxy</li> <li>A website that is hacked and defaced would most likely result in tarnishing of a brand’s reputation. That’s besides serious embarrassment</li> <li>Hacked sites typically overwhelm their hosting server, resulting in the closure of the site. This will typically result in loss of business</li> <li>The costs of recovering a hacked website can vary from very little (if you have a website backup) to a full redevelopment if your data is deleted/lost with no chance of recovery</li> </ul> <p>Do you think your site is so small nobody will attack it? Think again.</p> <p>Using the following WordPress security checklist will go a long way towards making your WordPress site hacker-proof.</p> <h3>How Does a Hacker Find My Site?</h3> <p>You might falsely assume that in the millions of websites available online, the likelihood of a hacker finding and targeting your site is extremely remote. After all, your site is only a drop in an ocean of websites, right?</p> <p>You’re horribly wrong.</p> <p>Hackers don’t do this work manually. They employ minions to do their dirty work.</p> <p>Well, not really minions – they’re actually (ro)bots, or programs whose sole purpose is to seek out vulnerable websites.</p> <p>These programs or scripts are typically run on cloud servers, where they can be setup and destroyed at will leaving little to no traces. The scripts employ means to discover hundreds if not thousands of websites per hour.</p> <p>The fact that the scripts are bought very cheaply and run on cheap cloud hosting servers make the “investment” worthwhile. These scripts are commonly bought and sold on dodgy marketing forums.</p> <p>Once a site is found, it is probed for thousands of known vulnerabilities. If your WordPress site has not been fully secured, the likelihood of the site emerging unscathed is absolutely minimal.</p> <p>Vulnerabilities are continuously being discovered in WordPress and its plugins. That’s why securing WordPress is critical to the health of your website.</p> </div><section class="post-quote-section " data-bg-fixed="false" data-bg-img="https://premium.wpmudev.org/blog/wp-content/uploads/2016/07/security_vulnerable_1500.png"><div class="bg-layer"><div class="container"><div class="align"><span class="empty-bg"></span></div></div></div></section><div class="container"> <h3>Securing WordPress: A 32-Step Checklist</h3> <p>With all of the above scary stuff in mind, I want to make sure that you’re armed with all the knowledge you can get to fully secure your WordPress website.</p> <p>Here’s a checklist of ALL the things you should be doing to secure your WordPress sites.</p> <p>This checklist is split into two: The first part includes measures absolutely everybody should be doing – mostly basics stuff, like having strong passwords. The second part goes into advanced measures for WordPress security for those who are really paranoid about security. This is for admins who want to lock the door, put a chain around the door, and put a padlock on it. And then a padlock on the padlock.</p> <h3>Part 1: The Steps Everybody Should Take to Secure Their WordPress Website</h3> <p><a href="#one">#1: ALWAYS Keep Your Version of WordPress Up-To-Date</a><br /> <a href="#two">#2: Don&#8217;t Change WordPress Core</a><br /> <a href="#three">#3: Make Sure All Your Plugins Are Updated</a><br /> <a href="#four">#4: Remove Any Inactive or Unused Plugins</a><br /> <a href="#five">#5: Make Sure All Themes Are Kept Updated</a><br /> <a href="#six">#6: Install Themes, Plugins and Scripts ONLY From Their Official Source</a><br /> <a href="#seven">#7: Choose a Secure WordPress Hosting Service</a><br /> <a href="#eight">#8: Make Sure Your Site is Running the Latest Version of PHP</a><br /> <a href="#nine">#9: Change the Admin Username</a><br /> <a href="#ten">#10: Always Use Strong Passwords</a><br /> <a href="#eleven">#11: Don&#8217;t Reuse Passwords</a><br /> <a href="#twelve">#12: Protect Your Password(s) By Avoiding Plain-Text Password Transmission</a><br /> <a href="#thirteen">#13: Only Update Your Site From Trusted Networks</a><br /> <a href="#fourteen">#14: Use a Local Anti-Virus</a><br /> <a href="#fifteen">#15: Enable Google Search Console</a><br /> <a href="#sixteen">#16: Secure WordPress With a Bulletproof WordPress Security Plugin</a><br /> <a href="#seventeen">#17: If All Else Fails, Restore From Backup</a></p> <h3>Part 2: Securing a WordPress Website for Security Freaks</h3> <p>Well, not really security freaks, per se.</p> <p>Although these are slightly more advanced WordPress security tips, you typically only need to know how to install a plugin, tweak a few files here and there and in general be ready for the possibility to break stuff. Be ready to revert with backups if that happens.</p> <p><a href="#eighteen">#18: Limit Login Attempts</a><br /> <a href="#nineteen">#19: Enable Two-Factor Authentication</a><br /> <a href="#twenty">#20: Ensure File Permissions Are Correct</a><br /> <a href="#twenty-one">#21: Change the Default Table Prefix</a><br /> <a href="#twenty-two">#22: Ensure You’ve Set WordPress Secret Authentication Keys</a><br /> <a href="#twenty-three">#23: Disable PHP Execution</a><br /> <a href="#twenty-four">#24: Segregate Your WordPress Databases</a><br /> <a href="#twenty-five">#25: Restrict Database User Privileges</a><br /> <a href="#twenty-six">#26: Disable File Editing</a><br /> <a href="#twenty-seven">#27: Secure Your wp-config.php File</a><br /> <a href="#twenty-eight">#28: Disable XML-RPC (If You Aren&#8217;t Using It)</a><br /> <a href="#twenty-nine">#29: Disable PHP Error Reporting</a><br /> <a href="#thirty">#30: Install a Firewall</a><br /> <a href="#thirty-one">#31: Use a Content Delivery Network Firewall</a><br /> <a href="#thirty-two">#32: Monitor Your WordPress Security With Security Logging</a></p> <h3>Part 1: The Steps Everybody Should Take to Secure Their WordPress Website</h3> <h3><strong>#1: ALWAYS Keep Your Version of WordPress Up-To-Date</strong></h3> <p><a name="one"></a> </p> <p>Time and again, you hear of people who disable WordPress core updates because “an update might break one of my plugins.”</p> <p>This is seriously flawed reasoning.</p> <p>If you had to choose between a hacked site and a temporarily broken plugin, which would you choose?</p> <p>Plugins that are incompatible with the latest versions of WordPress are only going to stay that way for a very short time. A hacked site, on the other hand, is a far bigger problem.</p> <div class="pic-full "> <figure style="width: 670px" class="wp-caption aligncenter"><img class="attachment-735x735 size-735x735" src="https://premium.wpmudev.org/blog/wp-content/uploads/2016/07/wordpress-updates.png" alt="It's important to always keep your WordPress core software up-to-date." width="670" height="239" /><figcaption class="wp-caption-text">It&#8217;s important to always keep your WordPress core software up-to-date.</figcaption></figure> </div> <p>Each core update fixes any recently discovered security problems. If your WordPress core software is not updated, your website will be vulnerable to these problems.</p> <p>If you want to enable WordPress core updates without a plugin you can do it through your <em>wp.config.php</em> file. Add the following line to the file:</p> <style>.gist table { margin-bottom: 0; }</style> <div class="gist-oembed" data-gist="raewrites/e6414aed587d9d138bdcbfa4ea1617c9.json"></div> <p>The above, however, will also enable core development and nightly updates, which you probably don’t want. Add the following to your <em>functions.php</em> file to only get major and minor releases:</p> <style>.gist table { margin-bottom: 0; }</style> <div class="gist-oembed" data-gist="raewrites/48593149797e756e1eff09e9c17fee9c.json"></div> <p>Note: We don&#8217;t usually recommend directly editing your <em>functions.php</em> file. It&#8217;s always better to <a href="https://premium.wpmudev.org/blog/how-to-create-wordpress-child-theme/">create a child theme</a>.</p> <p>We will discuss later on how to also automatically update WordPress plugins and WordPress themes.</p> <h3><strong>#2: Don&#8217;t Change WordPress Core</strong></h3> <p><a name="two"></a> </p> <p>The moment you or a developer edits WordPress core source files, you can no longer easily and automatically update WordPress to the latest version since you&#8217;ll lose changes you made to your site</p> <p>This leaves your website dead in the water as soon as a security vulnerability is discovered in your version of WordPress. You’ll either have to figure out how to implement the specific fixes yourself, or just leave it unpatched. The former is a lot of hassle and a logistical nightmare; the latter is a serious security risk.</p> <p>What should you do if you need to change WordPress functionality? Write a plugin of course. This gives you the ability to do whatever you need without compromising WordPress core.</p> <p>Of course, the same logic applies to plugins and themes. The moment you perform any core tweaking of plugins and themes you lose the ability to update to the latest version. This leaves your site open to hacking.</p> <p>There are ways and means of getting the desired functionality you need without actually changing the core. If any developer you work with suggests making any such changes, run a mile.</p> <h3><strong>#3: Make Sure All Your Plugins Are Updated</strong></h3> <p><a name="three"></a><br /> As with WordPress core files, vulnerabilities are frequently found in third party WordPress plugins. There have been plenty of high-profile hacking incidents due to popular plugins containing vulnerabilities.</p> <p>We won’t name and shame them here. Most software is prone to these issues at some point in its existence. It’s how the vulnerability is dealt with that shows you what the people running the company are made of.</p> <p>Many times, as soon as a problem is discovered the developers of the plugin will quickly fix it and release an update.</p> <p>At that point, it becomes <strong>your responsibility</strong> to update the plugin to the latest version otherwise you are still prone to a hack attack.</p> </div><div class="pic-full-screen " > <figure style="width: 1364px" class="wp-caption aligncenter"><img class="attachment-1364x1364 size-1364x1364" src="https://premium.wpmudev.org/blog/wp-content/uploads/2016/07/plugin-updates.png" alt="Always keep your plugins up-to-date to ensure you are using the latest version." width="1364" height="358" /><figcaption class="wp-caption-text">Always keep your plugins up-to-date to ensure you are using the latest version.</figcaption></figure> </div><div class="container"> <p>Whether you do it manually, or automatically, always keep your plugins updated.</p> <p>You can enable automatic background updates on WordPress.org plugins using the following change in your <em>functions.php</em> file</p> <style>.gist table { margin-bottom: 0; }</style> <div class="gist-oembed" data-gist="raewrites/f3bc81335177aef8d09cbb02e550b311.json"></div> <p>This only applies to plugins downloaded from WordPress.org. Any commercial plugin updates need to be handled through their own update mechanism.</p> <p>Don’t neglect the updating of plugins. Keep memberships of plugins active so that you can always get the latest updates.</p> <h3>#4: Remove Any Inactive or Unused Plugins</h3> <p><a name="four"></a><br /> As the number of plugins you install increases, so do the risks of a vulnerability being discovered in one of those plugins.</p> <p>Sometimes we install plugins to test their functionality and then forget to remove them from our site. If a vulnerability is discovered in these plugins, your site becomes a sitting duck (especially if you don’t follow the advice above and always update the plugins).</p> <p>Your website is still vulnerable even if that plugin is installed on your website and not being used.</p> <p>The safest way to minimize the risks is to completely uninstall any plugins you are not using. There is a very easy way to know which plugins are not being used. They are marked as <strong>Inactive</strong> in the Plugin section of the WordPress admin.</p> <p>Delete them.</p> <p>Also, remove any plugins that are active but still not actually being used. Better still, when testing plugins, don&#8217;t test them on your live site. Instead, create a test copy of your site (on a local test server or somewhere that is segregated from your live server). Perform any plugin testing on that site instead of your live site.</p> <h3>#5: Make Sure All Themes Are Kept Updated</h3> <p><a name="five"></a><br /> The same logic that applies to WordPress core updates and plugin updates, applies to themes. Securing WordPress means that all themes need to be kept updated to their latest versions. Otherwise, any security holes that have been fixed will remain an issue on your site.</p> <p>Now you may probably be thinking about all of the changes you’ve done to the theme and how these will break if you perform a theme update. In reality, changes to themes should be done via <a href="https://premium.wpmudev.org/blog/how-to-create-wordpress-child-theme/">child themes</a>, rather than directly to the actual theme. This will allow you to get the latest fixes and security updates without breaking your changes.</p> <p>If you want to put your mind completely at rest, it would be best to also remove any unused themes. You can check which themes requiring updates from the <strong>Appearance &gt; Themes</strong> section in the WordPress admin.</p> <p>You can also enable automatic background updates for WordPress.org themes also using the following change in your <em>functions.php</em> file:</p> <style>.gist table { margin-bottom: 0; }</style> <div class="gist-oembed" data-gist="raewrites/c1910badb28a14aadafcd703e602e9de.json"></div> <p>This applies to themes downloaded from WordPress.org.</p> <p>Any commercial theme updates need to be handled through their own update mechanism. Keep your subscriptions active to ensure you get all security updates.</p> <p>Note: If tweaking <em>wp-config.php</em> and <em>functions.php</em> files is not your thing, you may choose to enable all automatic background updates using the WordPress plugin, <a href="https://wordpress.org/plugins/automatic-updater/">Advanced Automatic Updates</a>. You can use Advanced Automatic Updates  to tweak the settings of auto-updates and ENABLE all of the above.</p> <h3>#6: Install Themes, Plugins and Scripts ONLY From Their Official Source</h3> <p><a name="six"></a><br /> Sometimes when times are tough we might get tempted to “bypass” the payment of a good theme or plugin, by getting it from *cough* less than reputable sites.</p> <p>Actually, there’s no harm in naming and shaming here. Pirating, torrenting and other warez sites are something you need to avoid like the plague.</p> <p>What we typically don’t realize, though, is that many of these pirated themes you download for free have been maliciously tweaked. Most times a back door has been installed in the script. This allows the site where the theme or plugin is used to be remotely controlled by hackers for nefarious reasons.</p> <p>Would you trust your money to a known scam artist? I wouldn’t think so. Same thing for your website. Don’t trust “free” WordPress scripts coming from people whose business is stealing other people’s work.</p> <p>So where are the safe sites to go to find quality themes?</p> <p>WordPress.org is the most common place where plugins and themes for WordPress are found. Commercial plugins or themes can be found at many sites starting of course with WPMU DEV and sites like WordPress.com, ThemeForest.net or CodeCanyon.net</p> <p>If WordPress security is important to you, stay away from pirate sites.</p> <h3>#7: Choose a Secure WordPress Hosting Service</h3> <p><a name="seven"></a><br /> A good WordPress hosting service goes a long way towards protecting your site from hacking attacks.</p> <p>Security conscious hosting services will have a dedicated security team who monitor the latest vulnerabilities (even 0-day hacks, i.e. those for which there is no remedy yet) and preemptively apply rules on their firewalls to mitigate any hack attacks on your site.</p> <p>WordPress hosting is a bit of a hot topic, so I won’t be making recommendations here, but the <a href="https://wordpress.org/hosting/">WordPress hosting page</a> does make a few suggestions. These are by no means the only security conscious hosting companies out there. Check out post <a href="https://premium.wpmudev.org/blog/web-hosting-review-so-just-who-is-the-best/">Web Hosting Review: So Just Who is the Best?</a> for a rundown on the web hosts to look out for.</p> <h3>#8: Make Sure Your Site is Running the Latest Version of PHP</h3> <p><a name="eight"></a><br /> The global <a href="https://wordpress.org/about/stats/">WordPress statistics page</a> includes an alarming statistic: Only 1.7% of WordPress installations run on the latest version of PHP (7), whilst about 19.8% run version 5.6, which is still supported.</p> <p>The rest of the WordPress installations (close to 80%) run on versions that are no longer supported!</p> <div class="pic-full "> <figure style="width: 670px" class="wp-caption aligncenter"><img class="attachment-735x735 size-735x735" src="https://premium.wpmudev.org/blog/wp-content/uploads/2016/07/php-versions.png" alt="The latest WordPress version stats show most installations are using PHP version 5.4, which is unsupported." width="670" height="439" /><figcaption class="wp-caption-text">The latest WordPress version stats show most installations are using PHP version 5.4, which is unsupported.</figcaption></figure> </div> <p>Besides the fact your site is not benefiting from performance features released with latest versions, it also means that <strong>security fixes that are discovered will not be fixed</strong>. They will remain in the wild, ready for exploitation.</p> <p>Just like WordPress gets a number of core updates, including security fixes, PHP, the underlying engine of WordPress, also gets it fair share of version updates.</p> <p>Now, updating WordPress core, themes and plugins is a fairly straightforward operation.</p> <div class="pic-full "> <figure style="width: 467px" class="wp-caption aligncenter"><img class="attachment-735x735 size-735x735" src="https://premium.wpmudev.org/blog/wp-content/uploads/2016/07/php-configuration.png" alt="Don't forget to update to the latest version of PHP." width="467" height="519" /><figcaption class="wp-caption-text">Don&#8217;t forget to update to the latest version of PHP.</figcaption></figure> </div> <p>On the other hand, updating your PHP version depends largely on your hosting service. A good hosting service should make the latest PHP versions available for use with your WordPress installation through something called with PHP Version Switcher (which is typically accessed through your cPanel account).</p> <h3>#9: Change the Admin Username</h3> <p><a name="nine"></a><br /> Up until WordPress 3.0, the default user name of the administrator login was &#8220;admin.&#8221; This created a bit of a bonanza for hackers as there was no need for them to guess the administrator username. This is something still valid today. Many people still choose to use &#8220;admin&#8221; as the default administrator user name.</p> <p>One of the quickest ways to secure your WordPress admin login against brute force attacks is to change the default “admin” username to something more difficult to guess. (This is what saved my own site from getting hacked).</p> <p>You can – and should – do this during the actual installation of WordPress.</p> <p>If your username is currently admin, you should create a new administrator user with a username that is less obvious to guess and delete the old admin user.</p> <p>You can also rename the user using phpMyAdmin, or choose to run a SQL script on your database to rename the admin user:</p> <style>.gist table { margin-bottom: 0; }</style> <div class="gist-oembed" data-gist="raewrites/ab92d3559f7d72dcce5d91f73badd848.json"></div> <p>This quick and easy WordPress security trick can thwart many simple hacking attempts.</p> </div><!-- end container --><div class="full-blogad full-blogad-security" id="full-blogad-156651"><div class="full-blogad-container"><div class="row"><div class="col-sm-24 col-md-11 col-md-offset-1"> <h3>SECURITY</h3> <h4>Ultimate WordPress security with WP Defender</h4> <p>Defender protects you against evil bots and hackers with automated security scans, vulnerability reports, safety recommendations, blacklist monitoring and customized hardening in just a few clicks. </p> <a href="https://premium.wpmudev.org/project/wp-defender/" class="ghost-button-arrow i-wpmudev-tail-arrow open-trial">FIND OUT MORE</a> </div> <div class="col-sm-24 col-md-10 col-md-offset-2"> <img src="https://premium.wpmudev.org/wp-content/themes/wpmudev-2015-1/assets/img/trial/security.svg"> </div></div><!-- end row --></div><!-- end full-blogad-container --></div><!-- end full-blogad --><div class="container"> <h3>#10: Always Use Strong Passwords</h3> <p><a name="ten"></a><br /> When watching a client enter their administrator password, I like to give them their privacy and look away from the keyboard.</p> <p>But a few years back, I accidentally didn&#8217;t look away fast enough whilst they were typing the password. To my dismay, I saw them type the following:</p> <blockquote><p>1 2 3 4 5 6</p></blockquote> <p>To say I was horrified would be an understatement.</p> <p>Another login and password combination I come across very often, which (nearly) brings tears to my eyes, is this username and password combination:</p> <blockquote><p>admin/admin</p></blockquote> <p>Besides the fact that anybody looking over your shoulder (like myself) would immediately pick up that password, there is a much more serious reason why you must create strong passwords: hackers know that human beings tend to forget their passwords and are prone to using simple, easy to guess passwords.</p> <p>They use this to their advantage by having a list of most commonly used passwords, which they try over and over again. This is called brute-forcing a password. Since some people WILL use these passwords, it’s essentially a numbers game – and the odds are usually stacked against you.</p> <p>So always use a strong password.</p> <p>Here&#8217;s an example of a strong password: ThizzI5alongstr*ngbuzzw00rd$</p> <p>Should all your passwords be as complex as this one? Probably.</p> <h3>#11: Don&#8217;t Reuse Passwords</h3> <p><a name="eleven"></a><br /> You should NEVER reuse passwords.</p> <p>I hear you, it’s convenient to have one (hopefully strong) password across the board. You won’t have to remember so many passwords but this is very wrong on many levels.</p> <p>Once again, hackers know this is a bit of a human weakness. It means that when one of your accounts is compromised they have probable access to ALL of the rest of your accounts.</p> <p>There are plenty of password managers out there that will allow you to create different passwords and store them securely. These are highly recommended.</p> <p>This is not just WordPress security – this is just common sense.</p> <h3>#12: Protect Your Password(s) By Avoiding Plain-Text Password Transmission</h3> <p><a name="twelve"></a><br /> It’s a known fact (and a sad reality) that there is all kinds of snooping on internet traffic. Sensitive data such as credit cards and passwords should never be sent in unencrypted form.</p> <p>There will be plenty of eyes (and analyzers) on your data. Do make sure you protect your passwords by employing the following preventive techniques</p> <ol> <li>Don&#8217;t send passwords over email, chat, social networks or other unencrypted forms of transmission</li> <li>Implement HTTPS on your WordPress site, particularly on your backend, to avoid passwords being sent in plain-text. You can learn all about implementing HTTPS in our article <a href="https://premium.wpmudev.org/blog/ssl-https-wordpress/">How to Use SSL and HTTPS with WordPress</a>.</li> <li>Avoid using plain FTP when accessing your site. Use SSH or FTPS. The FTP protocol was written in the internet dark ages, and it’s not safe to use. Passwords and files are transmitted in plain text and not encrypted at all. FTPS or (Secure FTP), on the other hand, actually encrypts data transmission over FTP. You’ll need to setup an FTPS account on your hosting server before being able to do this.</li> <li>Of course, passwords should not be shared between users or stored in plain-text anywhere no matter how convenient this may be. The practice of sharing logins and passwords flies in the face of security and accountability.</li> </ol> <h3>#13: Only Update Your Site From Trusted Networks</h3> <p><a name="thirteen"></a><br /> Sometimes we tend to take the convenience of finding free Internet Wifi as a godsend.</p> <p>But paranoid security freaks (like me) tend to shudder at the thought of updating a website from an untrusted network such as the free Wifi connection at your local cafe.</p> <p>An open Wifi connection is extremely easy to snoop on. You may be getting much more than the “freebie” you thought you were getting if you access your WordPress administration site from a network that is untrusted.</p> <p>Only update your site from trusted networks, such as those at your home and at your office.</p> <h3>#14: Use a Local Anti-Virus</h3> <p><a name="fourteen"></a><br /> Imagine you are a computer virus sitting on a desktop workstation. Bear with me for a moment.</p> <p>Remember that a virus’ primary aim is to spread itself as far and wide as possible. What better way for that virus to propagate than replicating itself onto your website. That’s pretty nifty, huh?</p> <p>This is a tactic widely used by viruses. There are many infected workstations out there at any point in time. And of those workstations, there are many who are being used by WordPress administrators.</p> <p>That’s a bit of a worst case combination. A virus on your desktop can quickly spread itself and lead to infection of your site too. It can also snoop on your passwords and, heck, even your credit card and other personal details.</p> <p>Make sure your local workstation is running a good and updated antivirus to prevent it from getting infected and spreading to your website.</p> <h3>#15: Enable Google Search Console</h3> <p><a name="fifteen"></a><br /> Whilst this is not a strict WordPress security recommendation, it’s something that can supplement the steps you’ve already taken to bolster your WordPress security.</p> <p>Google and other search engines have an interest in making sure your website is kept clean of malware. For this reason, the Google Search console will advise you if your website starts to host any malicious files.</p> <p>Although this is a non-ideal situation where your site would have been hacked already, rather than acting to prevent your WordPress site from being hacked, it’s still good to know that malware has been detected on your site so that you can rectify the problem as soon as possible.</p> <div class="pic-full "> <figure style="width: 670px" class="wp-caption aligncenter"><img class="attachment-735x735 size-735x735" src="https://premium.wpmudev.org/blog/wp-content/uploads/2016/07/wordpress-search-console.png" alt="Google Search Console is a free service offered by Google that helps you monitor and maintain your site's presence." width="670" height="543" /><figcaption class="wp-caption-text">Google Search Console is a free service offered by Google that helps you monitor and maintain your site&#8217;s presence.</figcaption></figure> </div> <h3>#16: Secure WordPress With a Bulletproof WordPress Security Plugin</h3> <p><a name="sixteen"></a><br /> Many of the steps in this checklist are not trivial. They also might require a bit of technical tinkering with your WordPress website, and rather than securing WordPress, you may blow it up.</p> <p>We’ve got you covered, though. <a href="https://premium.wpmudev.org/project/wp-defender/">Defender</a> is an easy but sure way of securing WordPress with little to no effort from your side. Our security plugin can identify any WordPress security issues currently affecting your websites and provide guidance on how to fix them.</p> <div class="pic-full "> <figure style="width: 735px" class="wp-caption aligncenter"><img class="attachment-735x735 size-735x735" src="https://premium.wpmudev.org/blog/wp-content/uploads/2016/05/defender-progress-scan.png" alt="A scan in progress with a loading bar at 53.77% complete." width="735" height="480" /><figcaption class="wp-caption-text">Defender scans your site for vulnerabilities in one click.</figcaption></figure> </div> <p>Once you’ve fixed any issues, you can also run a scan to ensure that none of your themes or plugins contain any known vulnerabilities. If they do, you’ll be able to take action to fix these issues before they become major problems for your site.</p> <p>Besides the first time you install it, Defender allows you to schedule regular scans of your websites. If you’re like me, you’re bound to be very enthusiastic about WordPress security one day, but as things get busy security goes on to the backburner. Automatic scans will ensure you don’t go lax with your WordPress security.</p> <p>There are plenty of other excellent features in WordPress Defender, including blacklist monitoring and alerts, vulnerability reports and customized hardening.</p> <h3>#17: If All Else Fails, Restore From Backup</h3> <p><a name="seventeen"></a><br /> I’ve listed quite the checklist of things you should do to secure WordPress and I do understand that it may be somewhat tasking to implement all of these. I also know that in practice, you might lapse and miss a few of them.</p> <p>But there’s one task you really should not skip!</p> <p>If your timing is unfortunate and your lapse happens at the same time as a hack attack, it&#8217;s important o have a fall-back plan.</p> <p>The one thing you should never, ever miss or forget to do is have a WordPress backup plan. Not only in the case of hack attacks, but even in the case of accidents, technical faults and other mishaps. Having a backup ensures you can get your site back up and running again quickly.</p> <p><a href="https://premium.wpmudev.org/project/snapshot/">Snapshot Pro</a> is like a time machine for your website, enabling you to backup and restore your entire site and even schedule regular automated backups.</p> <p>Once you’ve setup a backup plan, you know that if your site is hacked you just need to discover the source of the hack, revert from backup, fix the “hole” that allowed your site to get hacked and you’re good to go.</p> <p>Important note: You should TEST your WordPress backup every so often by restoring it to a temporary location and making sure everything is in working order. The last thing you need is a backup that you <em>think</em> works, but in fact <em>doesn’t</em>.</p> </div><div class="pic-full-screen " > <img class="attachment-1364x1364 size-1364x1364" src="https://premium.wpmudev.org/blog/wp-content/uploads/2016/07/security_patches_810.png" alt="security_patches_810" width="1364" height="682" /> </div><div class="container"> <h3>Part 2: WordPress Security For Security Freaks</h3> <h3>#18: Limit Login Attempts</h3> <p><a name="eighteen"></a><br /> We’ve already discussed brute-forcing of passwords and the fact that using bots is cheap and a good investment for hackers. For this reason, you should put in place mechanisms to block any attempts at brute-forcing your password.</p> <p>The <a href="https://wordpress.org/plugins/wp-limit-login-attempts/">Limit Login WordPress</a> plugin does exactly this. If it detects a number of incorrect login attempts it denies that user the possibility of trying again for some time. This, of course, makes the brute-forcing attempts much more difficult to succeed and significantly improves your WordPress security.</p> <h3>#19: Enable Two-Factor Authentication</h3> <p><a name="nineteen"></a><br /> One way of quickly and very easily securing your WordPress logins is by enabling Two Factor Authentication, also known as 2FA.</p> <p>2FA creates a mechanism whereby to log in to your WordPress backend, besides your regular password, you will also need a time-based security token that is unique to each user. This token also expires after a period of time usually 60 seconds.</p> <p>The security token is typically generated by an app such as the <a href="https://wordpress.org/plugins/google-authenticator/">Google Authenticator</a>.</p> <p>Because there is a security token unique to each single user that expires, even if somebody knows your login credentials, they will still not be able to log in. This is because they will not have the current security token. This drastically increases the strength of your login and also helps mitigate brute force attacks on your login details.</p> <p>There are a number of plugins that can help you setup <a href="https://codex.wordpress.org/Two_Step_Authentication">WordPress Two Factor Authentication</a>. Check out <a href="https://premium.wpmudev.org/blog/6-best-wordpress-security-authentication-plugins/">6 Best WordPress Security Authentication Plugins</a> for some of our favorites.</p> <h3>#20: Ensure File Permissions Are Correct</h3> <p><a name="twenty"></a><br /> This is a bit of technical thing.</p> <p>PHP and WordPress in general use a set of permissions associated with files and folders. Without going into too much detail, there are different types of permissions</p> <ul> <li>Publicly writable files and directories</li> <li>Files writable by the web server only</li> <li>Read-only files</li> </ul> <p>In general, your web server typically needs to be able to write files for WordPress to work correctly, whilst the public internet NEVER needs to have write access to your files.</p> <p>Some newbie or lazy developers, might suggest that you change permissions to be more lax. For example, they might suggest making certain files or folders publicly writeable (777). This will create a serious security threat because it means that anyone can write anything to that folder. You can rest assured that you’ll find plenty of nasties in your WordPress site if you do that. They will also probably find ways and means of jumping out of the folder to wreak havoc on the rest of your site.</p> <p>As a general rule of thumb, files should have a 644 permission and folders should have 755 permissions. The <em>wp-config.php</em> file should have 400 or 440 permission.</p> <p>If anybody tells you otherwise, be very wary. My suggestion is stop dealing with anybody who suggests otherwise.</p> <p>How can you check for the correct file permissions? Defender, mentioned above, is a WordPress security plugin that will check and fix file permissions for you as necessary.</p> <h3>#21: Change the Default Table Prefix</h3> <p><a name="twenty-one"></a><br /> This is another remnant of old versions of WordPress. Previously, the name of WordPress tables in the database used to start with the prefix wp_</p> <p>Although this is no longer default behavior, some people still tend to revert to this (unsafe) practice, whilst older versions of course still have to live with this.</p> <p>Although this is, strictly speaking, WordPress security through obscurity, renaming the tables from wp_ to a different prefix may still block some attempted SQL injection attacks.</p> <p>The procedure to rename existing wp_ tables should be done only by your trusted WordPress developer.</p> <h3>#22: Ensure You’ve Set WordPress Secret Authentication Keys</h3> <p><a name="twenty-two"></a><br /> You might have come across these eight WordPress security and authentication keys in your <em>wp-config.php</em> file and wondered what they are. You may also have never seen or heard about them.</p> <p>They look something like this:</p> <div class="pic-full "> <figure style="width: 670px" class="wp-caption aligncenter"><img class="attachment-735x735 size-735x735" src="https://premium.wpmudev.org/blog/wp-content/uploads/2016/07/secret-keys.png" alt="secret-keys" width="670" height="258" /><figcaption class="wp-caption-text">Auto-generated WordPress security keys.</figcaption></figure> </div> <p>Essentially, these are random variables that are used to make it harder to guess or crack your WordPress passwords. This is because it adds an element of randomness to the way that passwords are stored in your database which makes them much harder to crack by brute force.</p> <p>Although most self-hosted sites do not have these in place, you should actually implement them.</p> <p>This is a relatively easy procedure:</p> <p>1. Generate a set of keys using the <a href="https://api.wordpress.org/secret-key/1.1/salt">WordPress random generator</a><br /> 2. Edit your wp.config file and in the Authentication Unique keys section you should find a place where to add the unique keys generated in step 1</p> <p>Do not share or make these keys publicly available. It defeats their purpose.</p> <h3>#23: Disable PHP Execution</h3> <p><a name="twenty-three"></a><br /> One of the first things a hacker would do if they got some kind of access to your site would be to execute PHP from within a directory. But if you were to disable this, even if a vulnerability existed on your WordPress website, this protection would seriously cripple the rest of a hacker’s attempts to takeover your site.</p> <p>This is quite a strong WordPress security step and may break some themes and plugins that might require it, but you should implement this at least in the most vulnerable directories <strong>wp-includes</strong> and <strong>uploads</strong>.</p> <p>This protection needs to be implemented via your <em>.htaccess</em> files. Add the below code to the <em>.htaccess</em> file in the root directory of your WordPress installation:</p> <style>.gist table { margin-bottom: 0; }</style> <div class="gist-oembed" data-gist="raewrites/31943dcd7da5c4663994ed199467bd6c.json"></div> <h3>#24: Segregate Your WordPress Databases</h3> <p><a name="twenty-four"></a><a name="twenty-four"></a><br /> If you run multiple websites on the same hosting server account, you might be tempted to create all of the sites in the same database.</p> <p>This creates a WordPress security risk. If one website gets compromised, all the other WordPress sites hosted on the same database are also at severe risk of hacking.</p> <p>When setting up your WordPress installation, the first thing you should do is create a new database. Give it a separate database name, database user name and password, which is different from any other sites or logins you have.</p> <p>This way, if one of your sites gets hacked the infection won&#8217;t spread to your other sites on the same shared hosting account.</p> <h3>#25: Restrict Database User Privileges</h3> <p><a name="twenty-five"></a><br /> When setting up a WordPress site for the first time, you may, through lack of information, create a security issue via the database user privileges.</p> <p>In general, the database user only needs the following privileges: For most WordPress day-to-day operations, the database user only needs data read and data write privileges to the database: SELECT, INSERT, UPDATE and DELETE.</p> <p>You can thus remove additional privileges, such as DROP, ALTER and GRANT.</p> <p>NB: Some major WordPress version upgrades might actually need these privileges, however in most cases the general running of WordPress doesn&#8217;t need these privileges.</p> <p>It is advisable that before doing any WordPress updates, or installation or updates of WordPress plugins, you have a <a href="https://premium.wpmudev.org/blog/backup-with-snapshot/">fully working backup</a>.</p> <h3>#26: Disable File Editing</h3> <p><a name="twenty-six"></a><br /> When you are in the initial phases of creating a website, you’ll probably need to tinker around with themes and plugin files. By default, WordPress administrators have the rights to edit PHP files.</p> <p>Once your website has been developed and is live, you’ll have much less need to edit these files.</p> <p>However, allowing administrators to edit files is a security issue. This is because if a hacker manages to login to your site, they’ll immediately have edit privileges and they’ll be able to change files to suit their malicious needs.</p> <p>You can (and should) disable file editing for WordPress administrators after your website goes live through the following command in the <em>wp-config.php</em> file:</p> <style>.gist table { margin-bottom: 0; }</style> <div class="gist-oembed" data-gist="raewrites/ea5715f5c66184b0088c6b1a7d42af7d.json"></div> <h3>#27: Secure Your <em>wp-config.php</em> File</h3> <p><a name="twenty-seven"></a><br /> If your WordPress files were to be analogous to the human body, the <em>wp-config.php</em> file would be the heart.</p> <p>I won’t go into too much detail about <em>wp-config.php</em> here – we’ve already covered it quite extensively in <a href="https://premium.wpmudev.org/blog/wordpress-wp-config-file-guide/">The WordPress wp-config File: A Comprehensive Guide</a>.</p> <p>But the fact that it stores such important stuff such as the login details for the database used with your WordPress installation, hashing password salts and other important configuration settings, suffice to say this file is <em>very</em> important. Clearly, you don’t want anybody poking around this file.</p> <p>I strongly recommend implementing specific security measures to safeguard this critical WordPress configuration file. There are disagreements about whether this file should be moved away from its root location, however, most agree this file must be secured.</p> <p>If you haven&#8217;t already implemented step #23 above (Disable PHP Execution), then you can add the following to your .htaccess files:</p> <style>.gist table { margin-bottom: 0; }</style> <div class="gist-oembed" data-gist="raewrites/c7246edad57d441356b8914b5c366db9.json"></div> <h3>#28: Disable XML-RPC (If You Aren&#8217;t Using It)</h3> <p><a name="twenty-eight"></a><br /> WordPress provides the ability for an application to access it remotely via what is known as an Application Programming Interface (or API). This means that applications can access your site (for benign reasons). A typical example of usage of the XML-RPC is if you are using a mobile application to update your site.</p> <p>There are also some plugins, which use XML-RPC. For example, Jetpack uses XML-RPC functionality.</p> <p>However, the XML-RPC can also be used to perform hack attacks on your website.</p> <p>Many users today believe that XML-RPC is as secure as the rest of the WordPress core, but you can rest assured that <a href="https://premium.wpmudev.org/blog/xml-rpc-wordpress/">XML-RPC is something that hacking scripts are going to be probing</a>. You’ll probably find plenty of hits to XML-RPC if you have enabled logging on your site.</p> <p>If you are sure that you don’t have any third party applications or no WordPress plugins are using your WordPress website via XML-RPC, you can choose to <a href="https://wordpress.org/plugins/search.php?q=disable+xml-rpc">disable it using a WordPress plugin</a>.</p> <h3>#29: Disable PHP Error Reporting</h3> <p><a name="twenty-nine"></a><br /> When you are developing a website, error reporting is a life-saver. It shows you exactly where an error is coming from so you can quickly fix it.</p> <p>But, on a live site, error reporting gives crucial clues to hacker to make their life much easier than it has to be.</p> <p>For example, check out the below error report:</p> <div class="pic-full "> <figure style="width: 587px" class="wp-caption aligncenter"><img class="attachment-735x735 size-735x735" src="https://premium.wpmudev.org/blog/wp-content/uploads/2016/07/php-error-reporting.png" alt="PHP error reporting can give away important information about your WordPress installation." width="587" height="185" /><figcaption class="wp-caption-text">PHP error reporting can give away important information about your WordPress installation.</figcaption></figure> </div> <p>The error above is giving away the username of the account. That’s a crucial piece of information for somebody who is looking to attack your hosting account.</p> <p>This is only one piece of information – error reporting can typically give really good clues if you know what weaknesses you are looking for.</p> <p>You can disable PHP error reporting using the following change in your <em>php.ini</em> file:</p> <style>.gist table { margin-bottom: 0; }</style> <div class="gist-oembed" data-gist="raewrites/f9f1005cf15af0c1282c4281c271ca2a.json"></div> <p>This ensures that any WordPress security risks created through exposure of sensitive information about your site are mitigated.</p> <h3>#30: Install a Firewall</h3> <p><a name="thirty"></a><br /> There are two main types of firewalls, or uses for firewalls. In network security, firewalls are used to segregate different types of networks. Either keeping things from getting in, or things from getting out.</p> <p>Again, if we use an analogy, a firewall can be described as a bouncer – you’re only allowed into a VIP party if you are on the guest list. Just like the bouncer at a party who typically stops people from getting in, software firewalls can be used to keep hackers from getting near your website(&#8216;s party).</p> <p>In the case of securing WordPress, we’re going to use a Web Application Firewall (WAF) to keep hackers from sticking their dirty little hands (or bots) into places where they don&#8217;t belong.</p> <p>There are a number of WAF firewalls but one of the most reliable, free and open-source firewalls usually available with WordPress hosting services is the ModSecurity firewall.</p> <p>You may want to ask your hosting service to see whether this is available on your hosting service, and enable it if it is. Once it is enabled, your hosting provider or your trusted WordPress developer can typically suggest or implement rules around ModSecurity.</p> <h3>#31: Use a Content Delivery Network Firewall</h3> <p><a name="thirty-one"></a><br /> A Content Delivery Network’s primary use is typically to optimize the performance of your site by serving heavy resources fast. You can learn more CDNS in our article <a href="https://premium.wpmudev.org/blog/top-cdns/">9 Top CDN Services for a Super Fast WordPress Site</a>.</p> <p>CDNs, however, provide another secondary feature: most CDNs are able to protect against a number of WordPress security issues.</p> <p>If you are using a CDN (and you should), make sure you are also enabling the security rules provided to improve the protection of your WordPress website.</p> <h3>#32: Monitor Your WordPress Security With Security Logging</h3> <p><a name="thirty-two"></a><br /> If you don’t know what attacks are happening on your site, you’re hardly likely to be able to stop them, right?</p> <p>You can improve your WordPress security through monitoring your logs. For example, if you find that most hacking attempts are coming from a specific country, perhaps one that your website doesn&#8217;t cater for, you could choose to use your firewall to block that country.</p> <p>This is, of course, a very simple example of what monitoring can uncover.</p> <p>You can choose to use <a href="http://ossec.github.io/">OSSEC</a> if you have direct access to your hosting server. You can also choose to use a security auditing plugin to keep regular audit logs.</p> <h3>Keeping WordPress Secure</h3> <p>This ultimate WordPress security checklist might give you a bunch of work if you haven’t much thought to securing your WordPress website before. The good thing is that these steps don&#8217;t require a lot of effort to become part of the process of creating a website.</p> <p>WordPress security is something to be taken seriously. Hack attacks have become the norm. Your website is probably under attack right now.</p> <p>OK, so you might not put all of the above in place, but the more of these WordPress security measures you put in place the better. Because wouldn’t you rather be safe than sorry?</p> <div class='yarpp-related-rss'> <p>Related posts:</p><ol> <li><a href="https://premium.wpmudev.org/blog/keeping-wordpress-secure-the-ultimate-guide/" rel="bookmark" title="WordPress Security: The Ultimate Guide">WordPress Security: The Ultimate Guide </a> <small>Like most website owners, security was never top of my...</small></li> <li><a href="https://premium.wpmudev.org/blog/ssl-domain-mapping/" rel="bookmark" title="How to Use One SSL Certificate for Your Entire Multisite Network">How to Use One SSL Certificate for Your Entire Multisite Network </a> <small>Securing your site with an SSL certificate should be an...</small></li> <li><a href="https://premium.wpmudev.org/blog/htaccess/" rel="bookmark" title="A Comprehensive Guide to Editing .htaccess for WordPress Security">A Comprehensive Guide to Editing .htaccess for WordPress Security </a> <small>The .htaccess file in your WordPress install is a powerful...</small></li> <li><a href="https://premium.wpmudev.org/blog/security-scanning/" rel="bookmark" title="How to Scan Your WordPress Site and Patch Security Vulnerabilities">How to Scan Your WordPress Site and Patch Security Vulnerabilities </a> <small>There are well over 7.5 million attacks on WordPress sites...</small></li> </ol> </div> text/html 2016-07-28T19:38:28+01:00 http://abetterplanetwp.com A Better Planet The WPLift Roundup of the Best Free WordPress Themes July 2016 http://feedproxy.google.com/~r/Wplift/~3/Drd14_5aPjE/best-free-wordpress-themes-july-2016 text/html 2016-07-28T19:19:27+01:00 http://abetterplanetwp.com A Better Planet How to Create a Custom Facebook Feed in WordPress http://www.wpbeginner.com/wp-tutorials/how-to-create-a-custom-facebook-feed-in-wordpress/ <p>Recently, one of our users asked if we could cover how to create a custom Facebook feed in WordPress? You can display Facebook posts from your page or group on your WordPress site to improve engagement. In this article, we will show you how to create a custom Facebook feed in WordPress. </p> <p><img title="Adding a Facebook feed in WordPress" src="http://cdn2.wpbeginner.com/wp-content/uploads/2016/07/fbfeedinwp.jpg" alt="Adding a Facebook feed in WordPress" width="520" height="340" class="alignnone size-full wp-image-36002" srcset="http://cdn2.wpbeginner.com/wp-content/uploads/2016/07/fbfeedinwp.jpg 520w, http://www.wpbeginner.com/wp-content/uploads/2016/07/fbfeedinwp-300x196.jpg 300w" sizes="(max-width: 520px) 100vw, 520px" /></p> <h4>When and Why You Should Create a Custom Facebook Feed in WordPress</h4> <p>Facebook is the largest social media platform in the world. As a website owner, you may already be engaging with your audiences on Facebook through your <a href="http://www.wpbeginner.com/wp-tutorials/how-to-add-facebook-page-plugin-in-wordpress/" title="How to Add the New Facebook Page Plugin in WordPress">Facebook page</a> or by creating a Facebook group. </p> <p>However, all the posts you make on Facebook are not visible to the people visiting your website. By adding a custom Facebook feed you can show what&#8217;s happening on your Facebook page or group to your site visitors. </p> <p>This will allow more of your users to see your posts and will help you <a href="http://www.wpbeginner.com/beginners-guide/5-quick-ways-to-get-more-facebook-likes-using-wordpress/" title="5 Quick Ways to Get More Facebook Likes Using WordPress">get more Facebook likes</a>. If you are using <a href="http://www.wpbeginner.com/wp-tutorials/how-to-install-facebook-remarketingretargeting-pixel-in-wordpress/" title="How to Install Facebook Remarketing/Retargeting Pixel in WordPress">Facebook remarketing/retargeting pixel</a> on your website, then you can show your ads to those users on Facebook as well. </p> <p>Having said that, let&#8217;s see how to add a custom Facebook feed to your WordPress site. </p> <h4>Adding a Custom Facebook Feed in WordPress</h4> <p>First thing you need to do is install and acivate the <a href="https://wordpress.org/plugins/custom-facebook-feed/" target="_blank" title="Custom Facebook Feed" rel="nofollow">Custom Facebook Feed</a> plugin. For more details, see our step by step guide on <a href="http://www.wpbeginner.com/beginners-guide/step-by-step-guide-to-install-a-wordpress-plugin-for-beginners/" title="Step by Step Guide to Install a WordPress Plugin for Beginners">how to install a WordPress plugin</a>.</p> <p><strong>Note:</strong> This free version of the plugin does not display images in shared links or status updates. For that you will need plugin&#8217;s <a href="http://www.wpbeginner.com/refer/custom-facebook-feed/" target="_blank" title="Custom Facebook Feed (PRO)" rel="nofollow">PRO version</a>. </p> <p>Upon activation, you need to visit <strong>Facebook Feed &raquo; Settings</strong> page to configure the plugin settings. </p> <p><img title="Custom Facebook feed settings" src="http://cdn2.wpbeginner.com/wp-content/uploads/2016/07/customfbfeedsettings.png" alt="Custom Facebook feed settings" width="520" height="398" class="alignnone size-full wp-image-35989" srcset="http://cdn.wpbeginner.com/wp-content/uploads/2016/07/customfbfeedsettings.png 520w, http://www.wpbeginner.com/wp-content/uploads/2016/07/customfbfeedsettings-300x230.png 300w" sizes="(max-width: 520px) 100vw, 520px" /></p> <p>First you need to provide your Facebook page or group ID. If your Facebook page URL is like this: </p> <p><code>https://www.facebook.com/your_page_name</code></p> <p>Then you can use <code>your_page_name</code> as your Facebook page ID. On the other hand, if you have a Facebook page URL that looks like this: </p> <p><code>https://www.facebook.com/pages/your_page_name/123654123654123</code></p> <p>Then you need to use <code>123654123654123</code> as your page ID. </p> <p>If you want to add a group, then you will need to enter your group ID. Simply visit <a href="http://findmyfbid.com/" target="_blank" title="Find My Facebook ID" rel="nofollow">Find My Facebook ID</a> website, and enter the URL of your group in the search box. The website will reveal your Facebook group&#8217;s numeric ID. </p> <p>The next thing you need to enter is an access token. The plugin will work even if you don&#8217;t add your own access token, however it is recommended to generate it and add it here. </p> <p>Simply visit <a href="https://developers.facebook.com/apps/" target="_blank" title="Facebook Developers" rel="nofollow">Facebook developers</a> website and click on the create new app button. </p> <p><img title="New Facebook app" src="http://cdn4.wpbeginner.com/wp-content/uploads/2016/07/newfbapp.png" alt="New Facebook app" width="520" height="290" class="alignnone size-full wp-image-35991" srcset="http://cdn3.wpbeginner.com/wp-content/uploads/2016/07/newfbapp.png 520w, http://www.wpbeginner.com/wp-content/uploads/2016/07/newfbapp-300x167.png 300w" sizes="(max-width: 520px) 100vw, 520px" /></p> <p>This will bring up a popup where you need to enter a name for your app. Provide an email address and then select a category for your app. Click on the &#8216;Create App ID&#8217; button to continue. </p> <p><img title="Creating a new Facebook app ID" src="http://cdn3.wpbeginner.com/wp-content/uploads/2016/07/appidform.png" alt="Creating a new Facebook app ID" width="520" height="257" class="alignnone size-full wp-image-35992" srcset="http://cdn4.wpbeginner.com/wp-content/uploads/2016/07/appidform.png 520w, http://www.wpbeginner.com/wp-content/uploads/2016/07/appidform-300x148.png 300w" sizes="(max-width: 520px) 100vw, 520px" /></p> <p>Facebook will create an app for you and will redirect you to the app&#8217;s dashboard. You need to click on <em>Tools &amp; Support</em> link at the top. </p> <p><img title="Click on tools and support link at the top of your app&#039;s dashboard page" src="http://cdn3.wpbeginner.com/wp-content/uploads/2016/07/toolssupport.png" alt="Click on tools and support link at the top of your app&#039;s dashboard page" width="520" height="299" class="alignnone size-full wp-image-35993" srcset="http://cdn2.wpbeginner.com/wp-content/uploads/2016/07/toolssupport.png 520w, http://www.wpbeginner.com/wp-content/uploads/2016/07/toolssupport-300x173.png 300w" sizes="(max-width: 520px) 100vw, 520px" /></p> <p>This will bring you to a page with lots of resources on how to use Facebook apps. You just need to click on <em>&#8216;Access token tool&#8217;</em>. </p> <p><img title="Access token tool" src="http://cdn4.wpbeginner.com/wp-content/uploads/2016/07/accesstokentool.png" alt="Access token tool " width="520" height="355" class="alignnone size-full wp-image-35994" srcset="http://cdn2.wpbeginner.com/wp-content/uploads/2016/07/accesstokentool.png 520w, http://www.wpbeginner.com/wp-content/uploads/2016/07/accesstokentool-300x205.png 300w" sizes="(max-width: 520px) 100vw, 520px" /></p> <p>Clicking on the link will take you to a page where you will be able to see your app&#8217;s access token or app token. </p> <p><img title="Access token for your app" src="http://cdn2.wpbeginner.com/wp-content/uploads/2016/07/apptoken.png" alt="Access token for your app" width="520" height="275" class="alignnone size-full wp-image-35995" srcset="http://cdn.wpbeginner.com/wp-content/uploads/2016/07/apptoken.png 520w, http://www.wpbeginner.com/wp-content/uploads/2016/07/apptoken-300x159.png 300w" sizes="(max-width: 520px) 100vw, 520px" /></p> <p>You can now copy and paste this access token to the custom Facebook feed plugin&#8217;s settings page. </p> <p>Under the settings section on the page, you need to select whether you are showing a group or a page. You can also choose the number of posts to display, timezone, and language settings. </p> <p>Don&#8217;t forget to click on the save changes button to store your plugin settings. </p> <p>You can now create a new post or page or edit an existing one where you want to display your Facebook feed. In the post editor, you need to add this <a href="http://www.wpbeginner.com/glossary/shortcodes/" title="What is Shortcode in WordPress?">shortcode</a>: </p> <p><code>[custom-facebook-feed]</code></p> <p>You can now save your page or post and preview it. It will fetch and display latest posts from your Facebook page or group in your WordPress page. </p> <p><img title="Preview of a custom Facebook feed in WordPress" src="http://cdn2.wpbeginner.com/wp-content/uploads/2016/07/facebookfeedpreview.png" alt="Preview of a custom Facebook feed in WordPress" width="520" height="426" class="alignnone size-full wp-image-35998" srcset="http://cdn4.wpbeginner.com/wp-content/uploads/2016/07/facebookfeedpreview.png 520w, http://www.wpbeginner.com/wp-content/uploads/2016/07/facebookfeedpreview-300x246.png 300w" sizes="(max-width: 520px) 100vw, 520px" /></p> <h4>Showing Multiple Facebook Feeds in WordPress</h4> <p>Let&#8217;s suppose you want to display more than one custom Facebook feed on your WordPress site. The plugin&#8217;s settings only allow you to add one page or group ID. </p> <p>However, you can easily use the shortcode to display any other custom Facebook feed you want. </p> <p>Simply add the shortcode like this: </p> <p><code>[custom-facebook-feed id=wpbeginner]</code></p> <p>The plugin&#8217;s shortcode comes with a whole range of parameters. You can visit the plugin&#8217;s website to see the <a href="https://smashballoon.com/custom-facebook-feed/docs/shortcodes/" target="_blank" title="Custom Facebook Feed Shortcode Parameters" rel="nofollow">complete list of parameters</a> that you can use.</p> <h4>How to Customize The Appearance of Custom Facebook Feed</h4> <p>The plugin allows you customize the appearance of the custom Facebook feed on your website. Visit <strong>Facebook Feed &raquo; Customize</strong> page to edit the customization settings. </p> <p><img title="Customize appearance of Facebook feed" src="http://cdn4.wpbeginner.com/wp-content/uploads/2016/07/customizefeed.png" alt="Customize appearance of Facebook feed" width="520" height="339" class="alignnone size-full wp-image-35996" srcset="http://cdn4.wpbeginner.com/wp-content/uploads/2016/07/customizefeed.png 520w, http://www.wpbeginner.com/wp-content/uploads/2016/07/customizefeed-300x196.png 300w" sizes="(max-width: 520px) 100vw, 520px" /></p> <p>The customize section is divided into different tabs. Each tab has its own options, you may want to review them to customize the appearance of your custom Facebook feed. </p> <p>We hope this article helped you add custom Facebook feed in WordPress. You may also want to see our list of <a href="http://www.wpbeginner.com/showcase/21-best-social-media-monitoring-tools-for-wordpress-users/" title="21 Best Social Media Monitoring Tools For WordPress Users">21 best social media monitoring tools for WordPress users</a>.</p> <p>If you liked this article, then please subscribe to our <a href="http://youtube.com/wpbeginner?sub_confirmation=1" title="WPBeginner on YouTube" target="_blank" rel="nofollow">YouTube Channel</a> for WordPress video tutorials. You can also find us on <a href="http://twitter.com/wpbeginner" title="WPBeginner on Twitter" target="_blank" rel="nofollow">Twitter</a> and <a href="https://www.facebook.com/wpbeginner" title="WPBeginner on Facebook" target="_blank" rel="nofollow">Facebook</a>.</p> <p>The post <a rel="nofollow" href="http://www.wpbeginner.com/wp-tutorials/how-to-create-a-custom-facebook-feed-in-wordpress/">How to Create a Custom Facebook Feed in WordPress</a> appeared first on <a rel="nofollow" href="http://www.wpbeginner.com">WPBeginner</a>.</p> text/html 2016-07-28T19:00:43+01:00 http://abetterplanetwp.com A Better Planet How To Set Up Amazon CloudFront With W3 Total Cache/WP Super Cache https://www.wpkube.com/set-amazon-cloudfront-w3-total-cachewp-super-cache/ text/html 2016-07-28T19:00:15+01:00 http://abetterplanetwp.com A Better Planet Boost Your WooCommerce SEO Big Time with Ease via Yoast SEO - BobWP – Your Trusted WordPress Source http://feeds.feedblitz.com/~/170204758/0/bobwp-wordpress~Boost-Your-WooCommerce-SEO-Big-Time-with-Ease-via-Yoast-SEO-BobWP-Your-Trusted-WordPress-Source/ <p>If you have a WooCommerce online store, get better search engine optimization the easy way. </p> <p>The post <a rel="nofollow" href="http://feeds.feedblitz.com/~/t/0/0/bobwp-wordpress/~https://bobwp.com/boost-woocommerce-seo-big-time-ease-via-yoast-seo/">Boost Your WooCommerce SEO Big Time with Ease via Yoast SEO</a> appeared first on <a rel="nofollow" href="http://feeds.feedblitz.com/~/t/0/0/bobwp-wordpress/~https://bobwp.com">BobWP - Your Trusted WordPress Source</a>. WordPress All The Time!<Img align="left" border="0" height="1" width="1" alt="" style="border:0;float:left;margin:0;padding:0" hspace="0" src="http://feeds.feedblitz.com/~/i/170204758/0/bobwp-wordpress"> </p><div style="clear:both;padding-top:0.2em;"><a title="Add to FaceBook" href="http://feeds.feedblitz.com/_/2/170204758/BobWP-WordPress"><img height="20" src="http://assets.feedblitz.com/i/fbshare20.png" style="border:0;margin:0;padding:0;"></a>&#160;<a title="Like on Facebook" href="http://feeds.feedblitz.com/_/28/170204758/BobWP-WordPress"><img height="20" src="http://assets.feedblitz.com/i/fblike20.png" style="border:0;margin:0;padding:0;"></a>&#160;<a title="Add to Google Bookmarks" href="http://feeds.feedblitz.com/_/13/170204758/BobWP-WordPress"><img height="20" src="http://assets.feedblitz.com/i/googlebookmark20.png" style="border:0;margin:0;padding:0;"></a>&#160;<a title="Share on Google+" href="http://feeds.feedblitz.com/_/30/170204758/BobWP-WordPress"><img height="20" src="http://assets.feedblitz.com/i/googleplus20.png" style="border:0;margin:0;padding:0;"></a>&#160;<a title="Add to LinkedIn" href="http://feeds.feedblitz.com/_/16/170204758/BobWP-WordPress"><img height="20" src="http://assets.feedblitz.com/i/linkedin20.png" style="border:0;margin:0;padding:0;"></a>&#160;<a title="Pin it!" href="http://feeds.feedblitz.com/_/29/170204758/BobWP-WordPress,"><img height="20" src="http://assets.feedblitz.com/i/pinterest20.png" style="border:0;margin:0;padding:0;"></a>&#160;<a title="Tweet This" href="http://feeds.feedblitz.com/_/24/170204758/BobWP-WordPress"><img height="20" src="http://assets.feedblitz.com/i/twitter20.png" style="border:0;margin:0;padding:0;"></a>&#160;<a title="Subscribe by email" href="http://feeds.feedblitz.com/_/19/170204758/BobWP-WordPress"><img height="20" src="http://assets.feedblitz.com/i/email20.png" style="border:0;margin:0;padding:0;"></a>&#160;<a title="Subscribe by RSS" href="http://feeds.feedblitz.com/_/20/170204758/BobWP-WordPress"><img height="20" src="http://assets.feedblitz.com/i/rss20.png" style="border:0;margin:0;padding:0;"></a>&#160;<a rel="NOFOLLOW" title="View Comments" href="https://bobwp.com/boost-woocommerce-seo-big-time-ease-via-yoast-seo/#respond"><img height="20" style="border:0;margin:0;padding:0;" src="http://assets.feedblitz.com/i/comments20.png"></a>&#160;<a title="Follow Comments via RSS" href="https://bobwp.com/boost-woocommerce-seo-big-time-ease-via-yoast-seo/feed/"><img height="20" style="border:0;margin:0;padding:0;" src="http://assets.feedblitz.com/i/commentsrss20.png"></a>&#160;</div> text/html 2016-07-28T18:00:51+01:00 http://abetterplanetwp.com A Better Planet wpMail.me issue#265 http://wpmail.me/newsletter/wpmail-me-issue265/ text/html 2016-07-28T18:00:15+01:00 http://abetterplanetwp.com A Better Planet 10 Best Landing Page WordPress Themes http://feedproxy.google.com/~r/WPMayor/~3/DEuGRPuaJq0/ text/html 2016-07-28T05:19:49+01:00 http://abetterplanetwp.com A Better Planet Cory Miller and Matt Danner Launch New Business Podcast https://wptavern.com/cory-miller-and-matt-danner-launch-new-business-podcast <figure id="attachment_52297" style="width: 960px" class="wp-caption aligncenter"><a href="https://i1.wp.com/wptavern.com/wp-content/uploads/2016/03/podcast.jpg?ssl=1"><img src="https://i1.wp.com/wptavern.com/wp-content/uploads/2016/03/podcast.jpg?resize=960%2C472&#038;ssl=1" alt="photo credit: Maciej Korsan" class="size-full wp-image-52297" srcset="https://i1.wp.com/wptavern.com/wp-content/uploads/2016/03/podcast.jpg?w=960&amp;ssl=1 960w, https://i1.wp.com/wptavern.com/wp-content/uploads/2016/03/podcast.jpg?resize=300%2C148&amp;ssl=1 300w, https://i1.wp.com/wptavern.com/wp-content/uploads/2016/03/podcast.jpg?resize=768%2C378&amp;ssl=1 768w, https://i1.wp.com/wptavern.com/wp-content/uploads/2016/03/podcast.jpg?resize=500%2C246&amp;ssl=1 500w" sizes="(max-width: 960px) 100vw, 960px" data-recalc-dims="1" /></a><figcaption class="wp-caption-text">photo credit: <a href="https://stocksnap.io/photo/IQVHQYS3GL">Maciej Korsan</a></figcaption></figure> <p>WordPress professionals have demonstrated a decent appetite when it comes to listening to and supporting podcasts on <a href="http://iamdavidgray.com/best-wordpress-podcasts/" target="_blank">a wide variety of topics</a>, including industry news, development, e-commerce, marketing, and startups. Cory Miller, founder of <a href="https://ithemes.com/" target="_blank">iThemes</a>, and Matt Danner, the company&#8217;s COO, are adding a new business podcast to the mix with the launch of <a href="http://leader.team/" target="_blank">Leader.team</a>.</p> <p>The <a href="http://leader.team/episode-1-introductions-background-backstory/" target="_blank">first episode</a> introduces the hosts and the goals of the show and is now available on iTunes. Miller and Danner, who often have casual chats about business strategy, decided to start recording their conversations to share with others who might benefit from their mistakes and successes in entrepreneurship.</p> <p>&#8220;We&#8217;re going to talk about values, beliefs, philosophies, tools, all kinds of things that we have learned over the years, either accidentally or on purpose, about how to lead and manage teams and grow a business,&#8221; Miller said in the opening episode.</p> <p>Leader.team will feature a short (15-25 minute) episode twice a month on Thursdays with practical advice for leaders and managers. The second episode will be available tomorrow, and Miller and Danner have already outlined the topics for the next four episodes with questions that will guide the discussion on the show:</p> <ul> <li>The Beliefs, Values, Philosophies We Hold Dear</li> <li>The Culture We Cherish And Protect</li> <li>Finding, Recruiting and Hiring the Best People</li> <li>Leading a Hybrid Team of In-Office and Remote Team Members</li> </ul> <p>While Miller and Danner are not necessarily marketing the show as a WordPress-focused podcast, many of their shared experiences have come from growing one of the longest-running, successful product companies in the WordPress ecosystem. Upcoming episodes will feature big picture business topics that can be applied to many different types of industries. Leader.team episodes have been submitted to both iTunes and Google Play and will also be available on the show&#8217;s <a href="http://leader.team/" target="_blank">website</a>.</p> <div id="epoch-width-sniffer"></div> text/html 2016-07-28T02:37:07+01:00 http://abetterplanetwp.com A Better Planet WordPress 4.6 Field Guide http://feedproxy.google.com/~r/Nometech/~3/aGsqqj7QnoE/ <a href="https://make.wordpress.org/core/2016/07/26/wordpress-4-6-field-guide/"><h2>WordPress 4.6 Field Guide&nbsp;&rarr;</h2></a><p>The WordPress core team recently released a field guide detailing all the changes we can expect to see with the release of version 4.6. In addition to your standard bug fixes and external library updates, 4.6 will include enhanced meta registration, persistent comment cache, and an update to the font stack. <a href="https://make.wordpress.org/core/2016/07/26/wordpress-4-6-field-guide/">These anticipated changes</a> are definitely geared towards developers, so if you have a plugin, theme, or site you really care about checking out the field guide is a great way to get ahead of the game and prevent yourself some anguish after the release.</p> <div class="feedflare"> <a href="http://feeds.feedburner.com/~ff/Nometech?a=aGsqqj7QnoE:210zTCOWg9U:yIl2AUoC8zA"><img src="http://feeds.feedburner.com/~ff/Nometech?d=yIl2AUoC8zA" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Nometech?a=aGsqqj7QnoE:210zTCOWg9U:F7zBnMyn0Lo"><img src="http://feeds.feedburner.com/~ff/Nometech?i=aGsqqj7QnoE:210zTCOWg9U:F7zBnMyn0Lo" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Nometech?a=aGsqqj7QnoE:210zTCOWg9U:D7DqB2pKExk"><img src="http://feeds.feedburner.com/~ff/Nometech?i=aGsqqj7QnoE:210zTCOWg9U:D7DqB2pKExk" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Nometech?a=aGsqqj7QnoE:210zTCOWg9U:V_sGLiPBpWU"><img src="http://feeds.feedburner.com/~ff/Nometech?i=aGsqqj7QnoE:210zTCOWg9U:V_sGLiPBpWU" border="0"></img></a> <a href="http://feeds.feedburner.com/~ff/Nometech?a=aGsqqj7QnoE:210zTCOWg9U:I9og5sOYxJI"><img src="http://feeds.feedburner.com/~ff/Nometech?d=I9og5sOYxJI" border="0"></img></a> </div><img src="http://feeds.feedburner.com/~r/Nometech/~4/aGsqqj7QnoE" height="1" width="1" alt=""/> text/html 2016-07-28T02:14:32+01:00 http://abetterplanetwp.com A Better Planet WordPress 4.6 Release Candidate https://wordpress.org/news/2016/07/wordpress-4-6-release-candidate/ <p>The release candidate for WordPress 4.6 is now available.</p> <p>We’ve made <a href="https://core.trac.wordpress.org/log/trunk/src?action=stop_on_copy&amp;mode=stop_on_copy&amp;rev=38169&amp;stop_rev=38124&amp;limit=200&amp;verbose=on">a few refinements</a> since releasing Beta 4 a week ago. RC means we think we’re done, but with millions of users and thousands of plugins and themes, it’s possible we’ve missed something. We hope to ship WordPress 4.6 on <strong>Tuesday, August 16</strong>, but we need <em>your</em> help to get there.</p> <p>If you haven’t tested 4.6 yet, now is the time!</p> <p><strong>Think you&#8217;ve found a bug?</strong> Please post to the <a href="https://wordpress.org/support/forum/alphabeta/">Alpha/Beta support forum</a>. If any known issues come up, you&#8217;ll be able to <a href="https://core.trac.wordpress.org/report/5">find them here</a>.</p> <p>To test WordPress 4.6, you can use the <a href="https://wordpress.org/plugins/wordpress-beta-tester/">WordPress Beta Tester</a> plugin or you can <a href="https://wordpress.org/wordpress-4.6-RC1.zip">download the release candidate here</a> (zip).</p> <p>For more information about what’s new in version 4.6, check out the <a href="https://wordpress.org/news/2016/06/wordpress-4-6-beta-1/">Beta 1</a>, <a href="https://wordpress.org/news/2016/07/wordpress-4-6-beta-2/">Beta 2</a>, <a href="https://wordpress.org/news/2016/07/wordpress-4-6-beta-3/">Beta 3</a>, and <a href="https://wordpress.org/news/2016/07/wordpress-4-6-beta-4/">Beta 4</a> blog posts.</p> <p><strong>Developers</strong>, please test your plugins and themes against WordPress 4.6 and update your plugin&#8217;s <em>Tested up to</em> version in the readme to 4.6. If you find compatibility problems please be sure to post to the support forums so we can figure those out before the final release – we never want to break things.</p> <p>Be sure to read the <a href="https://make.wordpress.org/core/2016/07/26/wordpress-4-6-field-guide/">in-depth field guide</a>, a post with all the developer-focused changes that take place under the hood.</p> <p>Do you speak a language other than English? <a href="https://translate.wordpress.org/projects/wp/dev">Help us translate WordPress into more than 100 languages!</a></p> <p>Happy testing!</p> <p><em>Der Sommer ist da,</em><br /> <em>Zeit für ein neues Release.</em><br /> <em>Bald ist es soweit.</em></p> text/html 2016-07-28T01:28:11+01:00 http://abetterplanetwp.com A Better Planet How to Start a Amazing Beauty Blog With WordPress http://www.wpexplorer.com/beauty-blog-wordpress/ text/html 2016-07-27T08:02:19+01:00 http://abetterplanetwp.com A Better Planet Why it makes sense to hire small agencies http://chrislema.com/hire-small-agencies/ <h2>A word about Big Companies</h2> <p>I can still remember one of the first times I sold enterprise software to an enterprise client. They were a very large and well-known financial organization and I was sitting in a meeting with their senior technical staff. I was young and nervous at the meeting until I asked a question and heard the answer.</p> <p>&#8220;What&#8217;s the process, and how long does it take, to go from an initial concept to a launched product?&#8221;</p> <p>I expected the answer to be impressive. I expected the answer to be illuminating. I expected the answer to be interesting.</p> <p>What I hadn&#8217;t expected was an explicit answer. 18-24 months. That&#8217;s what it would take for a feature (not a new product or application) to go from concept to deployment.</p> <p>We&#8217;re not talking about a massive amount of code. Instead, I&#8217;m simply talking about a feature that might take 2 weeks to code. But it could take 40 times that to see the light of day.</p> <p>Because of who this company was, the focus was more on protection and prevention (of negative consequences) than on production.</p> <p>Big companies are like that. They move carefully. They move slowly. And as a result, they don&#8217;t necessarily innovate a lot.</p> <h2>Three reasons why you should hire small agencies</h2> <p>Those large companies, however, still need to hire agencies. You, too, will be faced with making a similar decision. But your decision criteria may be different.</p> <p>When large companies make their decisions on hiring an agency, some do it like they manage the rest of their days &#8211; so they hire to mitigate risk. They look for companies with large enough staff teams and tons of systems and processes to protect their interests.</p> <p>Others however make decisions differently. And they make them like you might make yours.</p> <p>They&#8217;re looking for a company who can innovate, who can do something new, different and something that may challenge the status quo.</p> <p>This is what I recommend for you as well.</p> <p>Small agencies offer three things that you may not find when you&#8217;re talking with a company that has more than 20-30 staff.</p> <ol> <li><strong>There are less miscommunication misunderstandings.</strong><br /> In companies where there are more than 30 people, you&#8217;ll likely talk with a person who will then talk with someone else about your project. You remember the telephone game. It can sometimes be like that. With a small agency, the key folks are often present at your meetings and will hear from you directly.</li> <li><strong>Less overhead means less cookie-cutter work.</strong><br /> The nature of a larger agency (think 100-200 people) is that you need more staff to manage everything &#8211; from production staff, to finances, to project management, to sales and marketing. The result of non-billable staff is that everyone else has to be highly productive. This drive for efficiencies can lead to agencies picking up more and more work that looks like their recent projects. And while that&#8217;s great for their productivity, it may not be the innovation you&#8217;re looking for.</li> <li><strong>Small agencies try harder.</strong><br /> You remember <a href="http://www.slate.com/articles/business/rivalries/2013/08/hertz_vs_avis_advertising_wars_how_an_ad_firm_made_a_virtue_out_of_second.html">the old Avis campaign</a>, right? Maybe the best ad campaign ever, &#8220;We try harder.&#8221; Small agencies rely on word of mouth and repeat business like everyone else, and to that end, work very hard to delight their clients. With less staff, however, they can&#8217;t afford to have to re-do work. As a result, you may find they&#8217;re working harder to earn your dollar.</li> </ol> <h2>Five small agencies to consider</h2> <p>The reality is that there are a ton of agencies out there that could help you. But because people are consistently asking me for recommendations, I thought I would give you five (in alphabetical order):</p> <ol> <li><a href="http://www.bourncreative.com/">Bourn </a><a href="http://www.bourncreative.com/" target="_blank">Creative</a> &#8211; This team knows how to combine branding, design and development to create brilliant WordPress websites for you.</li> <li><a href="http://ran.ge/" target="_blank">Range</a> &#8211; This team has worked on a number of high-profile publishing projects and understands editing workflows well!</li> <li><a href="http://reaktivstudios.com/" target="_blank">Reaktiv</a> &#8211; This team can help you build (on WordPress) what you thought was previously impossible.</li> <li><a href="https://zao.is/" target="_blank">Zao</a> &#8211; This team knows eCommerce incredibly well and can help your site&#8217;s performance.</li> <li><a href="http://zeek.com/" target="_blank">Zeek</a> &#8211; This team can do incredible work with WordPress, its API, and mobile applications.</li> </ol> <p>Are there others? Sure. And there are other agencies who are neither small (&lt;10) nor large (50+). And they&#8217;re great too.</p> <p>But I think you may find, like many large brands have, that when you hire small agencies you get a lot of bang for your buck.</p> <p>The post <a rel="nofollow" href="http://chrislema.com/hire-small-agencies/">Why it makes sense to hire small agencies</a> appeared first on <a rel="nofollow" href="http://chrislema.com">ChrisLema.com</a>.</p> text/html 2016-07-25T16:38:06+01:00 http://abetterplanetwp.com A Better Planet A Quick Guide To Internal Links For SEO http://winningwp.com/internal-links-for-seo/ text/html 2016-07-25T00:49:58+01:00 http://abetterplanetwp.com A Better Planet Wharf to Wharf Race Time-lapse Video https://ma.tt/2016/07/wharf-to-wharf-race-time-lapse-video/ <p><iframe class='youtube-player' type='text/html' width='604' height='370' src='https://www.youtube.com/embed/3YvF1a-0QP8?version=3&#038;rel=1&#038;fs=1&#038;autohide=2&#038;showsearch=0&#038;showinfo=1&#038;iv_load_policy=1&#038;wmode=transparent' allowfullscreen='true' style='border:0;'></iframe></p> <p>Caught a time-lapse from the first runners to some of the last walkers, and a cool band &#8220;The Noisy Neighbors&#8221; playing for this year&#8217;s Wharf to Wharf race in Santa Cruz. Video is about 23 seconds, if you look closely you can see the front-runners at the very beginning.</p> text/html 2016-07-22T15:05:53+01:00 http://abetterplanetwp.com A Better Planet The Aesthetic Of Non-Opinionated Content Management: A Beginner’s Guide To ProcessWire https://www.smashingmagazine.com/2016/07/the-aesthetic-of-non-opinionated-content-management-a-beginners-guide-to-processwire/ text/html 2016-07-13T23:06:51+01:00 http://abetterplanetwp.com A Better Planet bbPress 2.5.10 – Security Release https://bbpress.org/blog/2016/07/bbpress-2-5-10-security-release/ <p>bbPress 2.5.10 is out, and is a security release for all previous 2.x versions. 2.5.10 includes additional escaping on user display names in places where names &amp; avatars are commonly displayed together.</p> <p><em>These changes are internal to bbPress and do not affect any third-party themes or modifications to bbPress template parts. If you are using a third-party theme or template parts, you will inherit these fixes automatically.</em></p> <p>If you&#8217;re using any version of bbPress 2.x and have not yet updated, please take a moment to update your bbPress installations to 2.5.10. If you&#8217;re using WordPress&#8217;s built-in updater, it should only take a click or two. If you need help, please reach out in our <a href="https://bbpress.org/forums/">support forums</a> and someone will be happy to assist you.</p> <p>These fixes have also been ported over to 2.6, which we continue to run here at bbPress.org and BuddyPress.org.</p> <p>Thank you to HackerOne user psych0tr1a for identifying (and <a href="https://make.wordpress.org/core/handbook/testing/reporting-security-vulnerabilities/">responsibly disclosing</a>) these findings to the WordPress security team, who worked to get 2.5.10 out within a few hours from when the original report came in.</p> <hr /> <p>Speaking of bbPress 2.6, we&#8217;re working on refactoring per-forum moderators now, and we&#8217;ll have a beta ready for everyone to try shortly!</p> text/html 2016-07-13T03:37:53+01:00 http://abetterplanetwp.com A Better Planet Marketing yourself as a WordPress developer with Tonya Mork https://mattreport.com/marketing-wordpress-developer-tonya-mork/ <p>Marketing sucks for (most) WordPress developers.</p> <p>Two major issues being there&#8217;s not enough time to do it, and there&#8217;s a certain stigma that it becomes to <em>sales-y.  </em>Throughout my travels, I&#8217;ve noticed a lot developers that have successful products &#8212; still &#8212; are afraid to really build up the marketing arm of their business. Even when they <em>know</em> they need to do it, they become paralyzed to take action.</p> <p>Today I&#8217;m stoked to interview Tonya Mork, electrical engineer &amp; software engineer since the mid-80&#8217;s, experienced with managing multi-million dollar robotic projects, and now recently launching Know the Code membership site on today&#8217;s show.</p> <p>Hands down, this is one of my top shows of 2016. Tonya brings a wealth of knowledge and actionable advice that will inspire you to get out there and conquer your business &#8212; or at the very least &#8212; today&#8217;s to-do list.</p> <p><span id="more-6973"></span></p> <h3>Take action in your business with Tonya Mork</h3> <iframe width="100%" height="166" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A%2F%2Fapi.soundcloud.com%2Ftracks%2F273372955&visual=true&color=0066cc&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false"></iframe> <p>We wear many different hats as freelancers &amp; boutique agency owners.</p> <p>You might be developing and designing a website, but you also need to market yourself as the <strong>complete</strong> solution to continually attract customers. That is to say, you have no choice but to dive into <em>some</em> facet of marketing and promoting yourself, if you want to build a sustainable business.</p> <p>What&#8217;s the best way to do that?</p> <p><strong>Tell your story. Be different.</strong></p> <hr /> <p><em>It&#8217;s not about your framework or what your dev environment looks like, it&#8217;s what makes you &#8212; you.</em><br /><a href='https://twitter.com/share?text=It%27s+not+about+your+framework+or%C2%A0what+your+dev+environment+looks+like%2C+it%27s+what+makes+you+--+you.&#038;url=https://mattreport.com/marketing-wordpress-developer-tonya-mork/' target='_blank'>Click To Tweet</a></p> <hr /> <p>And guess what, it&#8217;s not which framework you use or what your dev environment looks like, it&#8217;s what makes you &#8212; you.</p> <p><em>Here&#8217;s an example:</em> At my <a href="http://slocumstudio.com">studio</a>, we&#8217;re just as capable as the next agency, but I don&#8217;t focus on that. I focus on the fact that we&#8217;re a family owned business with a small team, working out of the same office. That customer service comes before our development prowess, and that building a trusting long-term relationship is paramount to success.</p> <p>Oh, and we also get the job done.</p> <p>Sure, we sprinkle in our technical know-how and send over referrals, but I want customers to understand who we are and how we operate first and foremost as what sets us apart.</p> <p><strong>What makes you different?</strong></p> <p>Some might look at what I just mentioned as a weakness &#8212; and they very well could be to a variety of potential clients &#8212; but it works for us. It defines us and defines the vertical of clients we like to serve.</p> <p>So what about you? What chapter in your journey can you polish off and display to your would-be customers? Dig deep and find the uniqueness in you and your organization.</p> <p><strong>Get the eyeballs on your (membership) website that you deserve</strong></p> <p>All of this boils down to trust.</p> <p>As Tonya puts it in this interview, building trust is the first step to driving traffic. The more you can do for <em>other</em> people and serving them, the better you do at gaining that trust. Tell your story and take action &#8212; no one else is going to do it for you.</p> <p>It&#8217;s also just as important to focus on your customer&#8217;s story as well. Listen to their needs and be open to working with them at a new capacity. I know that systemizing and productizing are all the rage right now, but sadly, we can&#8217;t fit every project into the same template.</p> <p><b>The links</b></p> <ul> <li><a href="https://twitter.com/hellofromtonya">Tonya on Twitter</a></li> <li><a href="https://knowthecode.io/">Know the Code</a></li> <li><a href="https://wpdevelopersclub.com/">WP Developers Club</a></li> <li><a href="http://heropress.com/essays/finding-your-purpose-in-life/">Finding your purpose in life</a></li> <li><a href="https://mattreport.com/go/itunes">Like the show? Please rate us!</a></li> </ul> <p>&nbsp;</p> text/html 2016-07-09T06:28:43+01:00 http://abetterplanetwp.com A Better Planet Medium and WordPress — Draft Podcast https://poststatus.com/medium-wordpress-draft-podcast/ <p>Welcome to the Post Status <a href="https://poststatus.com/category/draft">Draft podcast</a>, which you can find <a href="https://itunes.apple.com/us/podcast/post-status-draft-wordpress/id976403008">on iTunes</a>, <a href="https://play.google.com/music/m/Ih5egfxskgcec4qadr3f4zfpzzm?t=Post_Status__Draft_WordPress_Podcast">Google Play</a>, <a href="http://www.stitcher.com/podcast/krogsgard/post-status-draft-wordpress-podcast">Stitcher</a>, and <a href="http://simplecast.fm/podcasts/1061/rss">via RSS</a> for your favorite podcatcher. Post Status Draft is hosted by Joe Hoyle &#8212; the CTO of Human Made &#8212; and Brian Krogsgard.</p> <p>In this episode, Joe and Brian talk about Medium &amp; WordPress and whether Medium and similar platforms are a significant threat to WordPress. They also discuss the benefits and challenges of open source platforms versus proprietary ones, and WordPress’s potential as a lower level item in the site stack.</p> <p><!--[if lt IE 9]><script>document.createElement('audio');</script><![endif]--> <audio class="wp-audio-shortcode" id="audio-25489-1" preload="none" style="width: 100%; visibility: hidden;" controls="controls"><source type="audio/mpeg" src="https://audio.simplecast.com/41890.mp3?_=1" /><a href="https://audio.simplecast.com/41890.mp3">https://audio.simplecast.com/41890.mp3</a></audio><br /> <a href="http://audio.simplecast.com/41890.mp3">Direct Download</a></p> <h3>Links</h3> <ul> <li><a href="https://wordpress.tv/2016/06/25/matt-mullenweg-interview-and-qa/">Interview with Matt</a></li> <li><a href="http://wordpress.tv/2016/06/30/joe-hoyle-the-ultimate-rest-api-talk-part-1/">Joe&#8217;s REST API talk</a></li> <li><a href="https://github.com/joehoyle/vienna">Vienna WordPress app concept</a></li> <li><a href="https://ma.tt/2015/03/typewriter/">Billionaire&#8217;s Typewriter</a></li> <li><a href="https://markarms.com/2016/06/23/what-to-consider-when-the-platforms-show-up-with-money/">What to Consider When the Platforms Show up With Money</a></li> <li><a href="https://medium.com/">Medium.com</a></li> <li><a href="https://developer.wordpress.com/calypso/">WordPress.com Calypso</a></li> <li><a href="https://www.alleyinteractive.com/blog/how-medium-became-livejournal-for-publishers/">Medium compared to LiveJournal</a></li> </ul> <h3>Sponsor</h3> <p>This episode is sponsored by <a href="https://pippinsplugins.com/">Pippin&#8217;s Plugins.</a> If you want to sell downloads, setup content restriction, or start an affiliate program, Pippin’s Plugins have you covered. If you need all three, even better. Pippin’s Plugins is well known for making some of the best coded and most reliable plugins in the market. Check out <a href="https://pippinsplugins.com/">PippinsPlugins.com </a>for more information.</p> text/html 2016-07-07T22:53:13+01:00 http://abetterplanetwp.com A Better Planet Meet Orvis https://themeshaper.com/2016/07/07/meet-orvis/ A text/html 2016-06-30T23:01:26+01:00 http://abetterplanetwp.com A Better Planet BuddyPress 2.6.1.1 https://buddypress.org/2016/06/buddypress-2-6-1-1/ <p>BuddyPress 2.6.1.1 is now available. This is a maintenance release that fixes a bug introduced in 2.6.1. For more information, see <a href="https://buddypress.trac.wordpress.org/query?group=status&amp;milestone=2.6.1">the 2.6.1 milestone</a> on <a href="https://buddypress.trac.wordpress.org/">BuddyPress Trac</a>.</p> <p>Update to BuddyPress 2.6.1.1 today in your WordPress Dashboard, or by <a href="https://wordpress.org/plugins/buddypress/">downloading from the wordpress.org plugin repository</a>.</p> <p>Questions or comments? Check out <a href="https://codex.buddypress.org/releases/version-2-6-1-1/">2.6.1.1 changelog</a>, or stop by <a href="https://buddypress.org/support/">our support forums</a> or <a href="https://buddypress.trac.wordpress.org/">Trac</a>.</p> text/html 2016-06-14T18:48:34+01:00 http://abetterplanetwp.com A Better Planet Understanding the Motivators, Tactics and Impacts of Hackers http://wphunt.co/out?url=https%3A%2F%2Fwww.wpshrug.com%2Fblog%2Funderstanding-motivators-tactics-impacts-hackers%2F text/html 2016-06-14T09:48:49+01:00 http://abetterplanetwp.com A Better Planet Content scraper plugins, contract and copyright http://wpandlegalstuff.com/content-scraper-plugins-contract-and-copyright/ text/html 2016-06-05T07:19:14+01:00 http://abetterplanetwp.com A Better Planet Blogging Tools: DownThemAll Browser Add-on https://lorelle.wordpress.com/2016/06/04/blogging-tools-downthemall-browser-add-on/ text/html 2016-05-17T07:38:52+01:00 http://abetterplanetwp.com A Better Planet The monster that is a poor database schema https://pippinsplugins.com/resolving-poor-data-schema-designs/ <p>Step back in time two, three, four, or even 10 years and take a look at the development decisions you made then. What do you notice about them? Unless you are a one-in-a-million statistic, you probably look at those past decisions and say to yourself <em>what was I thinking?! Why did I do it that way?!</em> Welcome to the real world of actual development.</p> <p>As developers, we grow and learn over time; we get better at making design pattern decisions; we get better at writing performant code; we get better at <em>all</em> aspects of development.</p> <p>Take a look at any project that has been around for a number of years and you will find gremlins hiding in its shadows and crevices. There will be internal APIs that are convoluted; there will be data structures that make zero logical sense; there will be function names that seem asinine; there will be <em>blatant problems</em> and it will appear that these are the results of poorly made development decisions. While this is sometimes true, it is far more likely that these gremlins are actually the result of inexperience that leads to a lack of foresight and understanding of the future consequences of non-well-thought-out designs.</p> <h3>Smooth resolutions of bad design patterns</h3> <p>Imagine a project that begins as a small, internal system for doing <em>one</em> thing and only one thing, and imagine it as a project you build specifically for yourself. Due to the nature of it being a small, personal project, it is likely that you will take short cuts; it is likely you will make some decisions simply because Y provided a quicker solution than X; it is likely that you will name variables or API methods poorly; and it is guaranteed that you will make some decisions that have a severely negative impact on your small, personal project four years later when that project has grown far beyond a simple, personal project.</p> <p>This is the reality of the real development world and the truth for all projects that grow over time. Poor data schemas and difficult APIs are the skeletons in our closets, the spider webs behind our furniture, and the ghosts in our machines. They exist in every project and are a natural product of development growth.</p> <p>The real achievement is not in building a project with zero gremlins, it is learning how to get past those weaknesses and poor decisions in a smooth way that has little to no negative impact on the users of the project.</p> <p>Let&#8217;s go back to the imaginary project above for a moment. Assume that when first building that project you made the decision to store large amounts of data in a poorly designed database schema, or perhaps even a database with <em>zero</em> design schema that applies to your project. At the time this database schema worked fine because <em>it was easy</em> and, after all, it was only <em>you</em> using the project, so who really cares? Now fast-forward four years and imagine that your project is now used by over 50,000 websites and tens of thousands of users and hundreds or even thousands of developers. Each of these users makes use of the project in a slightly different way and each of the developers builds new tools on top of the project. At this point those poor design decisions (or perhaps even the complete lack of a &#8220;design&#8221; decision) begin to have negative effects on the project by reeling their ugly heads and presenting your users with severe limitations and scaling issues.</p> <p>Bad data schema designs can result in severe performance issues. Poor API design can make it difficult for other developers to use or extend the project. Poorly thought out relationships within your code and your database can become the elephant in the room that no one wants to talk about but are abundantly clear and really start to get in the way.</p> <p>The question that all developers need to ask at some point is this: <strong><em>how do we get past the design decisions of the past so we can continue to grow and excel in the future?</em></strong></p> <p>This is precisely what my team and I are working on for <a href="https://easydigitaldownloads.com" target="_blank">Easy Digital Downloads</a> now.</p> <h3>Quick and easy in the beginning</h3> <p>Four years ago, when Easy Digital Downloads was brand new, I made some poor design decisions related to the database structure used in the plugin. Relationships between various pieces of information stored by the plugin were created haphazardly and we chose to rely on the data structures provided by WordPress core. This means that all of our eCommerce data (payment records, order items, order meta data, customers, etc) were stored in the wp_posts and wp_postmeta table. At the time this worked fine. It was easy, quick, and more than flexible enough for what we needed. What I failed to see, however, was just how cumbersome storing eCommerce data in the core posts table was going to be once the plugin scaled up to a lot of users and large websites processing significant sales volumes.</p> <p>The decision to use wp_posts and wp_postmeta for our eCommerce data is a decision I regret and one that has created significant challenges for us, but none of the challenges are so significant that we cannot get past them.</p> <p>When faced with the reality of bad data schemas, there are really two ways to address the problem:</p> <ol> <li>Simply live it with and do what you can to mitigate the problems</li> <li>Work out a plan for resolving the problem completely by re-building the data schema from the ground up</li> </ol> <p>The first option is the easier of the two for many reasons. First, it requires the least amount of change. Second, it avoids the significant risk of severely breaking backwards compatibility. Third, it does not require any cooperation with third party developers that have built on top of your bad data schema.</p> <p>Option two, however, can be much better for the health of the project in the long run. It does, however, present a serious risk to the project&#8217;s health and continued adoption by users and developers. When making significant changes, backwards compatibility <em>must</em> be kept an absolute priority. If backwards compatibility is ignored or implemented poorly, it&#8217;s very possible that the migration process to the new and improved schema will go poorly, resulting in developers and users abandoning future reliance on the project. It can also cause a support nightmare if hundreds or thousands of websites are suddenly breaking due to the changes implemented.</p> <p>Building a backwards compatibility layer can be challenging, but it is a challenge that will be worth it in the end. Frankly, I would go as far as to say you should not even consider resolving a bad database schema if you do not plan to also introduce and maintain a complete backwards compatibility layer. Choosing to ignore backwards compatibility in a scenario like this is negligent and harmful to your users. With that in mind, how does one go about building a backwards compatibility layer? There are really a few parts of it.</p> <h3>Abstraction layers for backwards compatibility</h3> <p>The very first step in providing backwards compatibility is to ensure there is an <a href="https://en.wikipedia.org/wiki/Database_abstraction_layer" target="_blank">abstraction layer</a> for your database. An abstraction layer is simply an API for interacting with the database. It provides developers standardized methods for reading and writing to the database without writing actual queries. For example, <a href="https://codex.wordpress.org/Class_Reference/WP_Query" target="_blank">WP_Query</a> is an abstraction layer for the wp_posts table that provides methods for querying data from the posts database without writing any actual SQL. Why is this valuable? There are numerous reasons but for this particular discussion, it provides project maintainers the ability to change the database schema without disrupting external projects that utilize the data.</p> <p>In Easy Digital Downloads, we have built abstraction layers for <a href="https://github.com/easydigitaldownloads/easy-digital-downloads/blob/master/includes/payments/class-edd-payment.php" target="_blank">payments</a>, <a href="https://github.com/easydigitaldownloads/easy-digital-downloads/blob/master/includes/class-edd-customer.php" target="_blank">customers</a>, and <a href="https://github.com/easydigitaldownloads/easy-digital-downloads/blob/master/includes/class-edd-download.php" target="_blank">products</a>. These abstraction layers are fundamentally important when it comes time to change the underlying database structure.</p> <p>Let&#8217;s look at a quick example.</p> <p>Assume we wish to retrieve the first and last name of a customer record. In the current version of Easy Digital Downloads, both the first and last name are stored in a single column in the database, but perhaps in a future version we decide to separate them into two columns. Through the <a href="https://github.com/easydigitaldownloads/easy-digital-downloads/blob/master/includes/class-edd-customer.php" target="_blank">EDD_Customer</a> object, getting the name of the customer is simple:</p> <div class="wp_syntax"><table><tr><td class="code"><pre class="php" style="font-family:monospace;"><span style="color: #000088;">$customer</span> <span style="color: #339933;">=</span> <span style="color: #000000; font-weight: bold;">new</span> EDD_Customer<span style="color: #009900;">&#40;</span> <span style="color: #cc66cc;">47</span> <span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span> <span style="color: #b1b100;">echo</span> <span style="color: #000088;">$customer</span><span style="color: #339933;">-&gt;</span><span style="color: #004000;">name</span><span style="color: #339933;">;</span></pre></td></tr></table></div> <p>That will output the customer&#8217;s full name, such as <code>Elizabeth Johnston</code>.</p> <p>Where&#8217;s the value in this abstraction layer? well, it becomes very apparent (at a simple level) when we consider the following possibility.</p> <p>Assume now that the <em>EDD_Customer</em> object was not originally available so a third party developer decides to directly query the database for the customer&#8217;s name:</p> <div class="wp_syntax"><table><tr><td class="code"><pre class="php" style="font-family:monospace;"><span style="color: #b1b100;">echo</span> <span style="color: #000088;">$wpdb</span><span style="color: #339933;">-&gt;</span><span style="color: #004000;">get_var</span><span style="color: #009900;">&#40;</span> <span style="color: #0000ff;">&quot;SELECT name FROM edd_customers where id = 47 LIMIT 1;&quot;</span> <span style="color: #009900;">&#41;</span><span style="color: #339933;">;</span></pre></td></tr></table></div> <p>Since storing both the first and last name in a single column was probably a poor decision, we later on decide to separate the names into two columns, <em>first_name</em> and <em>last_name</em>. In this scenario, the first example, which relies on the abstraction layer of <em>EDD_Customer</em>, will continue to function exactly as is. The second example, however, will suddenly fail because the <em>name</em> column no longer exists.</p> <p>This is a simple example but it does accurately illustrate the importance of having abstraction layers. Consider now how important it will be when you&#8217;re preparing to change not only a single column in the database but the <em>entire</em> database. Every single column. Without a proper abstraction layer, making that transition will be nearly impossible.</p> <p>If an abstraction layer isn&#8217;t already present, <strong>build one immediately</strong>. That&#8217;s the very first step anytime a database schema needs to be changed.</p> <p>After you have an abstraction layer in place, you need to work hard to ensure that everyone uses it. If a platform has been around for a while, it will be necessary to <del>push and shove</del> work hard to encourage developers to update their code to use the abstraction layer. This is something we&#8217;ve begun to do for the recent <a href="https://easydigitaldownloads.com/development/2016/05/14/please-use-edd_payment/" target="_blank">introduction of EDD_Payment</a>.</p> <p>With the creation and adoption of a good abstraction layer, the process of migrating to a good database schema becomes a lot simpler, though it is still a very, very significant task that has a lot of challenges. For example: how does a project maintainer account for all of those developers that ignored or simply didn&#8217;t see the news about the abstraction layer? Or how about all of the project&#8217;s users that did not update to the latest versions? For those, the best one can do is provide as much backwards compatibility as possible.</p> <p>For Easy Digital Downloads, building a backwards compatibility layer will involve a number of factors. First, we will have to intercept and re-route every single call to <em><a href="https://developer.wordpress.org/reference/functions/get_post_meta/" target="_blank">get_post_meta()</a></em> that is made against all EDD payment metadata. Thankfully, the WordPress metadata API includes number filters and action hooks that make this possible. Second, we will have to intercept and re-route every query to the <em>wp_posts</em> table that contains the <a href="https://codex.wordpress.org/Post_Types" target="_blank"><em>edd_payment</em> post type.</a> Again, the prevalence of filters in the WordPress core codebase will provide ample ways for us to do this. Third, we will also have to intercept and re-route every write and deletion to the <em>wp_posts</em> and <em>wp_postmeta</em> tables for all EDD-related queries.</p> <h3>Slow and careful</h3> <p>This kind of migration process takes a long time and needs to be executed with extreme care. We will likely spend 6-12 months building this backwards compatibility layer. The most significant challenge for it will not be writing or handling the re-routing of queries; the real challenge will be finding and knowing all of the data points that we need to include. For example, we know very well what all of the meta_key values are that we use in Easy Digital Downloads and all of the officially maintained extensions. What we don&#8217;t know, however, is the meta_keys that third party developers have used in their own extension. There are some assumptions we can make, such as assuming that any meta_key containing &#8220;edd_&#8221; belongs an EDD plugin, but we&#8217;ll never be able to cover 100% of the data out there.</p> <p>In the end, there should be several goals in defeating the monster that is a bad database schema:</p> <ol> <li>Introduce a new and well thought-out schema that resolves all problems the original schema created</li> <li>Introduce and maintain complete abstraction layers for the database schemas so that future changes are less difficult</li> <li>Make the transition from old to new schemas as smooth and invisible as possible</li> <li>Protect the user base that does not have the luxury of updating or is simply unaware of updates by providing complete backwards compatibility</li> </ol> <p>There is no reason poor database schemas cannot be improved, they just have to be done so slowly and with great care.</p> <p><em>Note: would you like to learn how to build a database abstraction layer or read more about the reasons for why you should use custom tables in WordPress? I have a <a href="https://pippinsplugins.com/series/building-a-database-abstraction-layer/" target="_blank">complete tutorial series</a> on the subject.</em></p> text/html 2016-04-29T06:40:29+01:00 http://abetterplanetwp.com A Better Planet What the Queries https://kovshenin.com/2016/what-the-queries/ <p>I&#8217;ve never been a fan of IDEs, complex debugging tools with breakpoints, variable watch lists and all that fancy stuff. <code>var_dump()</code> and <code>print_r()</code> have always been my best friends.</p> <p>Recently I was playing around with the caching arguments in <code>WP_Query</code>, trying to combine that with <code>update_meta_cache()</code> while sticking <code>wp_suspend_cache_addition()</code> somewhere there in the middle, and it quickly became a mess, so I wanted to know what queries am I actually running under the hood.</p> <p>I came up with this little piece, which I think I&#8217;ll use more often from now on:</p> <pre>// Assuming SAVEQUERIES in set to true. $GLOBALS['wpdb']->queries = array(); // All the magic goes here var_dump( $GLOBALS['wpdb']->queries ); </pre> <p>This gives you a nice list of SQL queries that were triggered <strong>only</strong> by that magic code in between. Works great when you need a quick sanity check on all those caching arguments, priming meta or term caches, splitting queries and whatnot.</p> <p>Obviously it empties the initial set of queries, so anything in Debug Bar, Query Monitor, etc. will no longer be accurate.</p> <p>What&#8217;s your favorite way to keep track of queries?</p> <p><a href="https://kovshenin.com/2016/what-the-queries/?utm_source=feed&#038;utm_medium=click_here_to_comment&#038;utm_campaign=feed#comments">Click here to comment</a></p> <h3>More from Konstantin Kovshenin</h3> <ul> <li><a href="https://kovshenin.com/2015/wordcamp-russia-2015-recap/?utm_source=feed&#038;utm_medium=latest_posts&#038;utm_campaign=feed">WordCamp Russia 2015 Recap</a></a></li> <li><a href="https://kovshenin.com/2015/ctf-ota-2015/?utm_source=feed&#038;utm_medium=latest_posts&#038;utm_campaign=feed">Capture the Flag / OTA 2015</a></a></li> <li><a href="https://kovshenin.com/2014/color-options-vs-decisions/?utm_source=feed&#038;utm_medium=latest_posts&#038;utm_campaign=feed">Color Options vs. Decisions in WordPress Themes</a></a></li> <li><a href="https://kovshenin.com/2014/child-themes-import/?utm_source=feed&#038;utm_medium=latest_posts&#038;utm_campaign=feed">An Alternative to @import in WordPress Child Themes</a></a></li> <li><a href="https://kovshenin.com/2014/megafon-moscow-privacy-advertising/?utm_source=feed&#038;utm_medium=latest_posts&#038;utm_campaign=feed">MegaFon Moscow: Privacy &#038; Advertising</a></a></li> </ul> text/html 2015-12-30T03:16:41+01:00 http://abetterplanetwp.com A Better Planet Downsize your WordPress database by removing transients http://feedproxy.google.com/~r/Wprecipes/~3/sYtvpIfp_pw/downsize-your-database-by-removing-transients <p>First of it all, login to your phpmyadmin and choose your WordPress database. Once done, click on the sql button to open the sql command window.<br /> Then, simply paste the following sql command and execute it.</p> <pre> DELETE FROM `wp_options` WHERE `option_name` LIKE ('%\_transient\_%'); </pre> <p>Credit: <a href="http://stackoverflow.com/questions/10422574/can-i-remove-transients-in-the-wp-options-table-of-my-wordpress-install/11995022#11995022" target="blank">Stack Overflow</a></p> <p>Want more super useful SQL queries? <a href="http://www.catswhocode.com/blog/using-sql-to-manage-wordpress-the-definitive-guide" target="blank">Check out this article on Cats Who Code</a>.</p> <img src="http://feeds.feedburner.com/~r/Wprecipes/~4/sYtvpIfp_pw" height="1" width="1" alt=""/> text/html 2015-04-14T09:08:24+01:00 http://abetterplanetwp.com A Better Planet Tips for Hosting WordPress on Pantheon https://markjaquith.wordpress.com/2015/04/13/wordpress-on-pantheon/ A text/html 2015-01-07T22:23:01+01:00 http://abetterplanetwp.com A Better Planet Universal Typography with Tim Brown http://build.codepoet.com/2015/01/07/universal-typography-tim-brown/ A text/html http://abetterplanetwp.com A Better Planet What Are WordPress Plugins? http://code.tutsplus.com/tutorials/what-are-wordpress-plugins--cms-26270 text/html http://abetterplanetwp.com A Better Planet WordPress Frameworks Get A New Cozy Home - IncludeWP https://managewp.org/articles/12968/wordpress-frameworks-get-a-new-cozy-home-includewp