All posts by Sallie Goetsch

Oct 2015: Top Developer Tips on Good WordPress Code

Fred Meyer from WP Shout joined us via Skype to give his presentation (also seen at WC Denver) on “What I learned about WordPress development by interviewing 15 13 of the best WordPress developers.”

Top Takeaways

Good WordPress code is not distinguished by difficulty, innovation, or cleverness. The key to good code is clarity. Will someone who looks at your code know what you were trying to do and why? Will you know if you come back to it 6 months later? Can your code serve as a good example for people who are learning to code?

Persistence and curiosity are qualities you need in order to become a good developer. The need to understand why and how code works, it will motivate you to learn. You develop skill through continued practice. You don’t have to be a genius to be a WordPress developer. You just have to keep working at becoming better.

Don’t chase the shiny. Once you have found tools that work for you, you don’t need to try every new one that someone mentions. Just because something is new and popular doesn’t necessarily mean it’s better than what you’re already doing. Before you jump in, make sure there’s going to be an advantage over what you’re already doing.

The Codex is your friend–and so is the code. Almost everything you need to know is in the WordPress Codex, but to really understand how WordPress works, look at the core code.

Additional Notes

Fred created his slides using reveal.js. There is a free plugin called Presenter that makes use of this if you’d like to try it.

Fred is a huge fan of the CSS pre-processor SASS. We had a presentation about CSS pre-processors at the meetup a few years ago. SASS makes writing CSS more like writing PHP. There’s a free cross-platform SASS compiler called Koala if you’re not big on the command line.

Jermaine Holmes won the free copy of Up and Running: A Practical Guide to WordPress Development.

WP Shout has produced handy stickers with tips on some of the most common WordPress conditional tags. Trivia for the day: is_dynamic_sidebar does not check to see whether you are in a sidebar file, but whether there are any widgets activated in any sidebars on the site.

WordPress Hosting Resources

Prior to Fred’s presentation, the group had a discussion about site speed, performance, and hosting. The single biggest factor in your site’s performance is your hosting company. The best caching and performance tools (e.g. memcached, OPcache, APC) have to be installed on the server and are not available with most cheap shared hosting accounts.

Fortunately, there are now many hosting companies that specialize in WordPress.

The first was our sponsor (and host of this site) Pagely, which still has options for small businesses even though they have transitioned primarily into enterprise hosting. Pagely uses Amazon’s servers. They have been fantastic in terms of up-time, support, and security.

There are plenty of other options, however, including the Turbo service from our new sponsor A2 Hosting, Flywheel‘s option to stage a site for free before transferring it to a client, and GoDaddy‘s new inexpensive managed WordPress hosting plans. Each of these different providers offers something unique.

To help you decide, here are some recent comparisons of managed WordPress hosting providers:

Sept 2015: Installing & Configuring Security Plugins

What’s the Hardest Thing About WordPress?

Prior to the security plugin demos, we had a discussion about what people find difficult about WordPress, based on our own experience and that of our clients. Here’s what people had to say:

  • Ted—People expect WordPress to be like Wix, with great UI elements you can just drop in. He’s taken to using Shortcodes Ultimate to help with this. Pieter Hartsook recommends Visual Composer (or similar) and front-end editing.
  • Karla—Understanding that you need plugins to do anything. She’s a pretty good searcher, so doesn’t think finding and evaluating plugins is all that hard.
  • Sharihar—In Joomla you can put an extension (plugin) on just a particular page, and he hasn’t seen the ability to do that with WP. Also he found theming for Joomla easier—there’s more separation of the PHP and the HTML/CSS. Widgets also puzzled him.
  • Sallie—clients can be puzzled by the widgetized home pages in Genesis—they expect to be able to go to the home page and edit it.
  • Ted—the way your widgets depend on your theme—they will disappear/move around when you change themes
  • Bill—Trying to simplify the admin and client-proof it.
  • Ted—It really helps clients to have a UI set up where they know what type of content to enter where. Red8 does this via ACF, and it’s easier for clients, but harder to use any of that information on another page because it’s all stored as post_meta.
  • Karla—The whole concept of databases and why WordPress—she finally started to understand about retrieving the information and displaying it in multiple places.
  • Pieter—as consultants we need to take a longer view and think about what the client is going to need in 3 months or 6 months. WP’s extensibility is an advantage and you don’t always want the quickest solution.
  • Ted—Media management. Can you just bulk-upload images and display them in multiple places? Pieter suggests storing them on Flickr and pulling them into WP and elsewhere.

iThemes Security

(Demo’ed by Pieter Hartsook.) The first thing to be sure you do is whitelist your own IP address. After that the plugin will give you a list of top-priority actions. Features include malware scanning, 404 protection, block lists, changed file detection, and brute force protection. They also provide a series of instructional videos in addition to this video overview.


Pieter Hartsook showed us the new, attractive interface of Wordfence Security. Wordfence scans for malware and also compares your themes and plugins to the WordPress repository.  Here’s an overview video with a feature tour:

All in One WP Security and Firewall

Ted Curran did a demo of All in One WP Security and Firewall. It has a straightforward dashboard that shows you critical issues and your security points grade. In addition to the usual sorts of security features, AIO WP Security includes comment spam protection and text copy protection.

Security Plugins and Your Database

Security plugins log activity. The logs normally get stored in your database. iThemes Security creates three tables: _itsec_lockouts, _itsec_log, and _itsec_temp. You can tell the plugin how long to store the logs in order to keep them from taking up too much space.

iThemes Security Log Settings

Wordfence, on the other hand, creates 18 tables, which can amount to quite a bit of database clutter.


All in One WP Security and Firewall creates 5 database tables, for events, failed logins, global meta, login activity, and login lockdown.

All in One WP Security and Firewall database tables

All three plugins have free and paid versions. If you don’t have a favorite yet, try them out and pick one. Any of them should give you good protection.


One very important factor in good security–not just with WordPress but anywhere on the Internet–is using strong passwords. Sallie just started using Dashlane, which lets you sync passwords between devices for $40/year. Ted uses LastPass, which has a $12/year premium version to allow use on and syncing across unlimited devices. 1Password offers sync via Dropbox, iCloud, or Wi-Fi, all of which seems a little clumsy, and you have to buy a license for each device. (Plus it’s just kind of annoying.)

In addition to passwords, utilities like these can also store credit card information, personal information, and license keys. Using them makes it possible to use long random passwords (the most secure kind) without having to try to remember them.

August 2015: Contributor Day

We had our first WordPress Contributor Day on August 23, 2015, with pizza and soft drinks provided by Pagely.


You don’t have to be on the core team to contribute to WordPress.There are all kinds of ways to help out: answering questions in the support forum, writing and editing documentation, making translations, helping with accessibility, and more.

Join us for a special extended session and give back to the WordPress community. We’ll show you how to do it and then get down to work. All you need is a (not .com) login and a laptop.

Links to Contributor Guides

What We Did

First, everyone set up their logins and then got themselves on the Slack channel. (You need your login to get invited.) The Slack channel is integrated with Trac, so you can keep up to date on the status of different Trac tickets for WordPress core.

Participants had a wide range of skill levels and several choices of ways to contribute. Two people chose to work on captioning videos and discovered that it’s a little more complicated than it sounds. Sallie answered 16 questions in the support forum. Karla worked on submitting a patch. People also reviewed training lesson plans.

Responses from participants were really positive, as you can see from the comments on the event page. We’re definitely planning to make Contributor Day an annual event.

Anca managed to take a great panoramic photo showing us all at work:

East Bay WP Meetup Contributor Day 2015

July 2015 Slides and Notes: Making the Events Calendar Sit Up and Beg

The focus of the July 2015 meetup was Modern Tribe’s plugin The Events Calendar and its companions, Events Calendar Pro, Community Events,  Facebook Events, and Tickets/Eventbrite Tickets. Rob La Gatta from Modern Tribe spoke first, providing an overview of the plugins and answering questions about the projected roadmap.

After that, Sallie Goetsch provided some examples of different ways she has customized The Events Calendar and Events Calendar Pro on client sites, including importing events from another plugin, setting up an event slider with Meta Slider Pro, integrating The Events Calendar into a Genesis child theme, using shortcodes from Event Rocket, creating a horizontal list widget with photos, and modifying the Photo view to show an equal-heights grid instead of a masonry grid.

Notes from Rob La Gatta’s Presentation on The Events Calendar

What is The Events Calendar? A free plugin on, one of the most popular plugins there (not just among event plugins). Since 2010 when the plugin was launched, there have been more than 2 million downloads.

Premium Add-ons for The Events Calendar

  • Events Calendar Pro (new views, recurring event)
  • Filter Bar (front-end)
  • Community Events (submissions from users)
  • Facebook Events (imports FB events)
  • Eventbrite Tickets (integrates Eventbrite ticketing)
  • The Events Calendar Tickets (WooCommerce, EDD, Shopp, WP e-Commerce)

The Events Calendar in Use

TEC (not pro) customized, using the basic calendar month view, event descriptions with videos, custom ticket solution with TicketFly

TEC Pro, Filter Bar, WooCommerce. Filter bar is in the sidebar doing a Facet-Type narrowing of results. List view on events page.

TEC, Pro, Community. Fairly standard implementation of the calendar itself. They’ve customized the form with a nice photo background. Yes, you DO get to moderate the submitted events. The next step with the Community plugin is to monetize: allow people to submit tickets AND charge for listings. You can allow the community members to edit their events later.

TEC Pro plus Category Colors (free plugin available from the repo).

They’re even using the experimental Agenda View add-on from GitHub. (But it appears to be broken!)

Feature Requests and Roadmap for The Events Calendar

The new version of Events Calendar Pro supports multiple organizers for the same events.

Feature request: multiple costs per event, and ability to show different prices to members and non-members.

Eve Lurie asks about multi-day events that don’t happen at the same time every day. (Another feature request?)

Note that you can add the top-level events page from the Menu UI.

Feature request: booking add-on. Rob says it’s been requested a lot.

Next release, due this week: iCal importer, new coding standards, performance enhancements. On the roadmap we have custom recurrents, WPML integration, time zone support, iThemes tickets, attendee info, Community Tickets, QR codes.

Custom reporting/bulk registration request: suppose your admin is registering for multiple tickets and the attendees are different people: they are the ones who should be getting the confirmations and other info. Carleigh wants to be able to report on people as a group and also to save attendee profiles and registration history. Rob says Modern Tribe IS working on bulk registration features, but it’s not done yet. It will be built into the WooCommerce add-on (called something like Attendee Meta).

Feature request: live/continuous import of Google Calendar events. They have it in The Events Manager.

Feature request: create an event with the date To Be Determined. You just can’t do that right now. You have to have a date in order to create an event.

June 2015: Never-Never Land: The WordPress Database

Database expert Sonja London presented on the WordPress Database in June 2015. She summarized her talk as follows:

For many, the WP database is thing that gets created when we set up WP and then forgotten until it fails.  This program will try to empower you to leverage the database to create and maintain a more powerful, efficient WP site.  

We will briefly cover a few things you should be doing to keep it working properly – backup, import, export, cleanup and optimization.  We will take a quick look at its structure.  

Then we will look at some ideas for enhancements and show a few demos, including one with 50k users and another that draws pretty pictures directly from the database.  Finally, we will look at a few tools to help you connect with the data.

Sallie’s Notes

Back up your database–to multiple locations. There are lots of plugins that will do this for you automatically.

Maintain your database: clean out the overhead. Revisions pile up. Also note that revisions don’t save post meta, only post content.

Side note: you can have your staging and production in the same database, with different prefixes.

MySQL Storage Engines

There are more of these than you probably imagined. WordPress now defaults to InnoDB but your host may override this. WordPress used to use MyISAM, which works fine if you are just reading and writing to the database. It’s not so good for things like financial transactions, however.

Don’t know which engine you’re using? Type ‘SHOW ENGINES;‘ into your SQL command field. That shows you the engines available to you, and tells you which one is the default. There’s an engine called Memory which is fast as hell but not reliable. Good for temporary caching.

InnoDB is the engine you need if you are doing transactions: it won’t go into the database until all parts of it succeed.

InnoDB puts a heavier load on the machine. But it also does row-level locking rather than table-level locking. Doesn’t rely on operating system to store files.

Stick to lowercase for your table names; mixed case can result in duplicate tables if you move from Windows to Linux.

Writing Code for the Database

WordPress provides an abstraction layer via wp_query and wp_user_query. When you run a query, it brings everything into memory, so consider only querying a portion of the DB at a time.

Sanitize your input! Make sure to esc_sql($sql).

Sonja explains how SQL injections work and why you should remove the user ID 1.

Most of WP’s higher-level functions are already sanitized, BUT if you query the database directly, you need to do the sanitizing. Pass your statement through PREPARE.

The most important relationship in the database: posts to post_meta, users to user_meta

Avoid problems with prefixes by using $wpdb->tablename in your MySQL queries

Use the WP query functions IF YOU CAN…but there are some times when they don’t do what you need.

Sonja demonstrates some custom tables for propane pricing and how she uses the Google Visualizer to create a graph.

EXPLAIN statement provides information about how MySQL executes statements.

People think correlated subqueries will be slow, but in fact the optimizer deals with it.

Take time to test. Create test data and test users.

Plugins for the WP Database

DB-Table-Editor, which is definitely a plugin for developers. You will have to write code. But you can add and modify rows. (You have to create the tables in phpMyAdmin.)

WordPress Visualizer, which uses the Google Visualization API to graph data from your DB. You need to create a PHP array in the correct format. Sonja says that the work she did for the SPUG site took abut 300 lines of code, including creating the shortcodes.

Contact Form DB allows form plugins to store submissions in the WP database. (Gravity Forms does this already, but Contact Form 7 and many others do not.)

Query Monitor shows you all the database queries performed on the current page.

Creating indexes in MySQL

Sonja likes MySQL Workbench. Anca runs Sequel Pro on her computer to play with queries.

Anca asks about optimizing via changing indexes–Sonja mentions creating a new index for user_meta values in order to verify membership by something other than username. Queries were seriously slow (10 minutes!), so Sonja created a new index to speed it up.

Serialized data–it’s a pain, but we have to deal with it. Searching that is…more than a little difficult. Sonja hasn’t found a really good solution.

Adam asks about creating a new table (not one of the standard 11 that WP uses). He’d like to create new tables rather than using post_meta. CREATE TABLE, give it an ID, auto increment.

The Codex is your friend.

Anca has used a plugin called Stream, which used to be great and is not as nice since they’ve tried to move it to SaaS. Note that the cloud storage isn’t PCI or HIPAA compliant. Be very careful about storing data.

Hushmail: HIPAA compliant email.