Category Archives: Meetup Notes

1/15/17: Is Your (Client’s) Website Ready for 2017?

Google is laying down the law again. Are you (and your clients) ready for 2017’s requirements regarding SSL (HTTPS), popups, and Google AMP? It’s really all about mobile-friendliness. This is a search ranking trend that’s been going on even since before “Mobile-geddon” in 2015.

Pizza Sponsor: Lisa LaMagna

Thanks to Lisa LaMagna for providing the pizza!

Site Demo: MK Design

Merel Kennedy demonstrated the use of the WP Image Zoooom PRO plugin on her MK Design portfolio site.

Site Demo: Private Lender Link

Rocky Butani demonstrated the FacetWP advanced filtering plugin on his Private Lender Link website.

Main Presentation: Is Your (Client’s) Website Ready for 2017?

This presentation covers three things you and your clients need to think about in 2017, in order of universality and importance.

HTTPS

Google is pushing us all toward the use of HTTPS (the secure version of HTTP) by shaming sites that are not secure. But Google isn’t the only one. You need HTTPS in order to use the new, faster, HTTP/2 protocol. WordPress will start making some features available only to sites that use HTTPS, and will only include hosting companies that offer free SSL certificates among their recommended hosts. PayPal now requires HTTPS for anyone using its IPN.

The three types of SSL certificates are DV (Domain Verification), OV (Organization Verification) and EV (Extended Verification). Most people only need DV certificates. (The free certificates offered by Cloudflare and Let’s Encrypt are DV certificates.) If you need to demonstrate that you are a legitimate business, you might need an OV certificate. If yours is a site that might be spoofed for a phishing attack (such as a financial institution or auction site), you’ll need to pay the extra money for the EV certificate.

The good news is that many hosts already make it easy to get a free SSL certificate, and even if yours doesn’t, you can get free HTTPS through Cloudflare. The presentation walks through setting up HTTPS on SiteGround, WP Engine, Pressable, and BlueHost, followed by the basics of setting up SSL with a free Cloudflare account.

After you set up HTTPS, remember to update your Google Analytics and Google Search Console. Otherwise you’ll be wondering what happened to all your traffic.

References

Mobile Search Penalty for “Intrusive Interstitials”

This only applies to mobile: we’re going to keep seeing obnoxious intersitials on our desktops/laptops.

Your email signup form and other offers for your own products are included.

The “interstitial” doesn’t have to be an actual popup: anything that covers the first screen visitors land on from a mobile search link counts.

Legally required popups (such as for age-restricted sites or the European Cookie Law) will not be penalized. Small ads, inline ads, and exit-intent popups are acceptable.

To avoid penalties, make sure that:

  1. Popups are desktop only by Default
  2. You Use Device Specific Display Rules
  3. Floating Bars are Mobile Optimized
  4. You Use Smart Display Rule Triggers

References

Google AMP and Mobile Performance

There seem to be as many drawbacks as advantages to Google AMP (Accelerated Mobile Pages). If you are a news organization syndicating articles, it might be a good idea. But it’s not the only way to ensure a good mobile user experience, and AMP pages don’t include your branding or calls to action.

References

May 2016 Q & A: Content Audits, 301 Redirects, and Dev Tools

Here are some of the things that came up during our general discussion at the May 2016 Meetup.

What Is a Content Audit?

Sallie mentioned being in the middle of a content audit for a very long site, and someone asked what that was. A content audit is when you review every single piece of content in a site and rate it based on such criteria as

  • Is it current?
  • Is it relevant?
  • Is it on-message?
  • Are there any broken links?
  • What type of content is it? (For example, should this be a press release instead of a blog post?)
  • Does it have a featured image?
  • Does it have an SEO-friendly title?
  • Does it have an SEO-friendly meta description?

On a small site, this can be done in a few hours. You want to do a content audit before building a new site, in order to know what to keep, what to get rid of, how many custom post types you need to create, and what new assets the client needs to provide. You’ll also need that list of URLs so you can set up the redirects.

301 Redirects

When you build a new website for a client–especially one that already has a lot of inbound links and a good Google ranking–you need to set up 301 (moved permanently) redirects from the old URLs to the new URLs. You can also use redirects to make sure that everyone uses www.domain.com instead of domain.com (or the other way around), or https:// instead of http://

Redirects are normally set up in your .htaccess file, but there are also WordPress plugins like Redirection and Quick Page/Post Redirect.

If the old site has structured its content logically with pages and sub-pages, you can use regular expressions (regex) to map groups of URLS, e.g, everything with the structure www.domain.com/company/ should go under www.domain.com/about/.

In some cases that won’t be possible (because not everything that’s under /blog/ on the old site belongs under /blog/ on the new site, for instance), so you end up with a very long list of old and new URLs in that content audit spreadsheet.

In that case, you’re faced with translating your spreadsheet into the proper format to put in your .htaccess file, which could get ugly.

Fortunately, there’s a Batch Rewrite Rule Generator provided by Donat Studios. Paste your spreadsheet columns into the box and get 301s or Rewrite Rules.

Fixing Mixed Content

Once you’ve set up your Let’s Encrypt certificate, you’ll want to install the Really Simple SSL plugin to fixed mixed content issues. (Basically it puts a few lines in your wp-config.php file, which you can do yourself if you prefer.)

Browse with HTTPS

Install the HTTPS Everywhere browser extension from the Electronic Frontier Fonudation to ensure that you get the HTTPS version of every website you visit (if one is available). Works on Chrome, Firefox, and Opera.

Local Dev Environment: AMPPS

Ted was having problems with MAMP, so he switched to using AMPPS. It’s like MAMP with Python and Softaculous included. All those Softaculous apps seem like a lot to include in a package you’re only using for WordPress development, but if you work on multiple platforms, it could be happy.

Local Dev Environment: Vagrant

Daniel was also having trouble with MAMP, so he switched to using Vagrant, a tool for deploying local dev environments. Requires some use of the command line.

Workflow Tool: Yeoman

If you’re already a happy user of the command line, you can save yourself time with Yeoman, though you will have to take some time to use it. If you aren’t working with the command line, figuring this out will probably take you longer than doing things the way you normally do.

Database: MariaDB

Daniel has started using MariaDB combined with PHP 7 for faster, better-performing sites. MariaDB works fine with WordPress without a lot of tinkering. Of course, it’s easier to set up in a local environment or on a dedicated server. If you’re on shared hosting and your host doesn’t provide it, you’re out of luck.

So What’s Wrong with GoDaddy’s Managed WordPress Hosting?

On the plus side, GoDaddy’s Managed WordPress Hosting is a lot better for WordPress than their shared hosting, and it’s competitively priced.

On the minus side, it uses an old version of PHP and there’s no way to upgrade it. There have been issues with staging -> production migration. Some of us find that the WordPress admin is amazingly slow and generally under-resourced: simple things like plugin upgrades can time out, never mind BackupBuddy backups.

The few dollars you save versus SiteGround or A2 are probably not worth it. If you need inexpensive WP hosting you can try Tap, which is $5/month for the pro plan.

May 2016: Let’s Encrypt and WordPress Hosting

Update October 2016

Since the time of the meetup, Flywheel has started offering free Simple SSL certificates and WPEngine has added support for Let’s Encrypt.


Let’s Encrypt provides free SSL certificates. This is a fantastic service, especially since Google has used https as a ranking factor since 2014.

Unfortunately, in most cases you have to install the certificates using the command line, and you can only do that if you have root access to your server, which many hosting companies don’t provide.

There’s a list of web hosting providers that support Let’s Encrypt on GitHub, but they define “support” pretty broadly.

Let’s Encrypt for cPanel

If your hosting company uses cPanel, or you use it yourself on a dedicated server, there’s a plugin to automate Let’s Encrypt installation. It costs $30 for a single server and $150 for a hosting company, and from their docs it looks to be what SiteGround is using. Ask your hosting company to install it if they haven’t already.

Let’s Encrypt for Plesk

If, on the other hand, your hosting company (or your dedicated server) uses Plesk, there is a Let’s Encrypt plugin for Plesk on GitHub to create an auto-install/auto-renew tool similar to the one for cPanel. (Thanks Eric for this link.)

WordPress.com

WordPress.com now provides Let’s Encrypt certificates for all its customers. That’s great for anyone who has a WordPress.com site, but not likely to make much difference for most of the members of this Meetup or their clients.

SiteGround

SiteGround provides easy installation and automatic renewal of Let’s Encrypt, and it’s very easy to use. It’s not, however, compatible with SiteGround’s version of CloudFlare, so you have to deactivate SiteGround’s CloudFlare and go to Cloudflare directly.

Install Let's Encrypt from the Security section of SiteGround's cPanel

Pressjitsu

Pressjitsu started offering automated Let’s Encrypt certificates in December 2015. Just fill out the request form.

Pressjitsu Let's Encrypt request form

Cloudways

Although you have to manage your own server with Cloudways, they do provide automated Let’s Encrypt installs (see tutorial).

Installing Let's Encrypt at Cloudways

DreamHost

DreamHost has its issues, but they jumped on the Let’s Encrypt bandwagon early. They use their own customized platform rather than cPanel, so they had to develop their own tool, but they went ahead and did it.

Add SSL through DreamHost control panel

Pressable

It’s not that surprising that Pressable would be planning Let’s Encrypt integration, since Automattic is a sponsor of Let’s Encrypt and a majority stakeholder in Pressable.

Pagely

I’m happy to report that Let’s Encrypt integration is the pipeline for Pagely, the company hosting this very website, though I don’t know the timeline. They, too, have a custom site management platform rather than using cPanel.

WP Engine

WP Engine is one of the best-loved WordPress hosts, and for a good reason. I dropped in and asked their support staff about plans to incorporate Let’s Encrypt.

WPEngine has no immediate plans to support Let's Encrypt

Because WP Engine uses its own client dashboard platform, rather than cPanel, they would have to write their own software to automate installation of Let’s Encrypt certificates. That’s not to say it couldn’t be done or that they won’t do it, but they’d have to dedicate time to build the tool and it’s not in the immediate pipeline.

A2 Hosting

Since A2 hosting is a sponsor of this meetup, it seemed like a good idea to include them here. They have a tutorial for installing Let’s Encrypt on their semi-managed servers, but what about their shared hosting? (The Turbo option is optimized for WP at a competitive price.) It appears they use cPanel so ought to be able to include the cPanel plugin above. As of February they were “working on it”:

An email this morning from A2’s director of business development confirms that it’s almost ready:

We are in fact in the final staging of testing the cPanel plugin for Let’s Encrypt. We should have it available to our customers within a couple weeks.

Thanks!

Andy Melichar
Director of Business Development

GoDaddy

GoDaddy provides tutorials for setting up Let’s Encrypt certificates for their cloud servers and VPS and dedicated servers, but what about their WordPress managed hosting and their shared hosting?

Flywheel

Flywheel has become very popular with WordPress developers, but what about their Let’s Encrypt support? I’m waiting for an answer…

HostGator

HostGator uses cPanel, so could theoretically install the Let’s Encrypt for cPanel plugin, but so far they haven’t and the support staff doesn’t seem to know much about it.

InMotion

Despite numerous requests from their customers and the fact that they use cPanel, InMotion had no plans to automate Let’s Encrypt certificates as of May 4th. I recommended the cPanel plugin to them on Twitter and got this response:

Generate a Certificate

If your hosting company lets you enter certificate information for SSL (or will do it for you) you can use the Get HTTPS for Free generator, but it requires some command line work, and you have to renew the certificate yourself. This has been done successfully on Bluehost.

Tutorials

April 2016 Meetup Notes

Here are some links and notes from the open Q & A part of the April 2016 East Bay WordPress Meetup.

Analytics for Landing Pages

SumoMe provides an awesome suite of analytics tools. There are WordPress plugins, but you can use SumoMe on any website. There’s a free version, a $40/month version, and a $100/month version.

For A/B testing, try Unbounce, which lets you build landing pages as well as testing them. Plans start at $49/month. 30-day free trial.

Opinions on Visual Composer

Page building tools like Visual Composer can add a lot of overhead to your site and decrease performance. They’re also not wonderful for SEO. If you deactivate Visual Composer, all that’s left of your content for those pages will be a collection of shortcodes. And there may be times when it’s actually a lot faster to write code than to build something with Visual Composer.

That said, Visual Composer is very popular and it can help non-coders to create different page layouts quickly. If you are going to use it, make sure you install it as a separate plugin rather than having it bundled into a theme. Plugins that have been bundled into themes can’t be updated separately and pose a security risk.

Creating your own SEO-friendly HTML output

If something like Visual Composer is giving you trouble with managing your on-page SEO, have a look at Rendera from Heroku.
Type in your HTML code and see it rendered in realtime. Then style it with CSS. You can use any of the HTML5 or CSS3 tags your browser supports.

How to tell bots to go crawl themselves

(A nice trick courtesy of SiteGround support, explained in more detail on the WP Fangirl blog.)

# BEGIN Tell bots to go crawl themselves
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{HTTP_USER_AGENT} (bot|crawl|robot)
RewriteCond %{HTTP_USER_AGENT} !(bing|Google|msn|MSR|Twitter) [NC]
RewriteRule ^/?.*$ "http\:\/\/127\.0\.0\.1" [R,L]
</IfModule>
# END Tell bots to go crawl themselves

Mac tool for creating diagrams

Omnigraffle is for creating precise, beautiful graphics. Like website wireframes, an electrical system design, a family tree, or mapping out software classes. For artists, designers, casual data-mappers, and everyone in-between.

Mac desktop: $99
iOS: $49

The East Bay WordPress Meetup has a new location

Tech Liminal has been the venue for the East Bay WordPress Meetup since late 2009. In 2012, Tech Liminal moved from 14th Street to the Ask.com building at 11th and Clay. Now Tech Liminal has moved again, to The Port Workspaces in the Kaiser Mall at 344 Thomas L. Berkley Way (a.k.a. 20th St).

What you need to know about the new location

Access to the building is by key card only. There will be someone at the 20th Street entrance (the one under the big “344”, next to CVS) to let you in. If you’re late and no one is at the door, contact Anca or Cindy.

floor plan for Port Workspaces

The parking garage is closed on Sundays, but it’s not too difficult to find street parking. (You probably didn’t want to pay for the garage anyway.)

The escalator doesn’t run on weekends, so you need to take the lift elevator to the third floor. Walk straight through the lobby and you’ll find the elevator on your right just before the escalator appears on the left.

The roof garden is also closed weekends, but there’s an outdoor patio next to the space we’ve been using to meet.

Our exact meeting location may change depending on the number of RSVPs. Right now we’re on the third floor, past the bar, next to the outdoor patio.

We’re still getting pizza thanks to A2 hosting.