Category Archives: Meetup Notes

Dec 2015 Meetup Notes: Page Builders and Pet Peeves

To lay the groundwork for the main presentation about making WordPress easier to use, we asked attendees to share their WordPress pet peeves. Several people mentioned the need to learn JavaScript, while at least one looked forward to being able to work more with JavaScript and less with PHP. Others talked about the constant maintenance and updates and the way things can break after a major update. Those newer to WordPress addressed the massive amount of trial and error involved, even when following detailed tutorials like those produced by Tyler Moore. And several people talked about the way WordPress was sold as an easy solution, even though it’s really not that easy.

Robby McCullough talking to the East Bay WordPress Meetup

Robby McCullough from Beaver Builder joined us on December 20th to give a demo of his product and answer questions from skeptics and enthusiasts alike.

Meetup members wanted to know how Beaver Builder ($99 for personal license) differs from Visual Composer ($34 for single-site license), apart from the fact that you can use Beaver Builder on unlimited sites. Robby said that people who had used both had told him the Beaver Builder interface was nicer and easier to grasp, but that the biggest thing is that if you deactivate or uninstall the plugin, your page is not left full of meaningless shortcodes.

Instead, Beaver Builder converts your content into HTML within the WordPress editor, removing all divs and layout information but retaining heading tags, italics, lists, and media.

There was some discussion about whether it might be possible to export specific layouts for use in building themes, without requiring the plugin. (ACF does something like this.)

As there are several Genesis fans in the group, people wanted to know about using Beaver Builder with Genesis. Lots of people in fact do this, and some also use Beaver Builder with the Dynamik website builder for Genesis. (Beaver builder aims to modify the content within a post or a page, rather than your theme as a whole, which is what Dynamik tweaks.) There is a free plugin called Genesis Dambuster to make integration easier.

You will, however, have to use the Beaver Builder theme in order to take advantage of the pre-made templates.

Sallie found she was able to create a simple landing page for a client based on one of said pre-made templates after the 5-minute tour, though she needed help with turning off the sticky header. Fortunately there’s a helpful Beaver Builder community on Slack to answer questions like that.

Chris Burbridge is actually teaching classes on using Beaver Builder, for anyone interested.

Thanks to A2 Hosting for the pizza, Pagely for the hosting, and O’Reilly for their partner discounts.

Oct 2015: Top Developer Tips on Good WordPress Code

Fred Meyer from WP Shout joined us via Skype to give his presentation (also seen at WC Denver) on “What I learned about WordPress development by interviewing 15 13 of the best WordPress developers.”

Top Takeaways

Good WordPress code is not distinguished by difficulty, innovation, or cleverness. The key to good code is clarity. Will someone who looks at your code know what you were trying to do and why? Will you know if you come back to it 6 months later? Can your code serve as a good example for people who are learning to code?

Persistence and curiosity are qualities you need in order to become a good developer. The need to understand why and how code works, it will motivate you to learn. You develop skill through continued practice. You don’t have to be a genius to be a WordPress developer. You just have to keep working at becoming better.

Don’t chase the shiny. Once you have found tools that work for you, you don’t need to try every new one that someone mentions. Just because something is new and popular doesn’t necessarily mean it’s better than what you’re already doing. Before you jump in, make sure there’s going to be an advantage over what you’re already doing.

The Codex is your friend–and so is the code. Almost everything you need to know is in the WordPress Codex, but to really understand how WordPress works, look at the core code.

Additional Notes

Fred created his slides using reveal.js. There is a free plugin called Presenter that makes use of this if you’d like to try it.

Fred is a huge fan of the CSS pre-processor SASS. We had a presentation about CSS pre-processors at the meetup a few years ago. SASS makes writing CSS more like writing PHP. There’s a free cross-platform SASS compiler called Koala if you’re not big on the command line.

Jermaine Holmes won the free copy of Up and Running: A Practical Guide to WordPress Development.

WP Shout has produced handy stickers with tips on some of the most common WordPress conditional tags. Trivia for the day: is_dynamic_sidebar does not check to see whether you are in a sidebar file, but whether there are any widgets activated in any sidebars on the site.

WordPress Hosting Resources

Prior to Fred’s presentation, the group had a discussion about site speed, performance, and hosting. The single biggest factor in your site’s performance is your hosting company. The best caching and performance tools (e.g. memcached, OPcache, APC) have to be installed on the server and are not available with most cheap shared hosting accounts.

Fortunately, there are now many hosting companies that specialize in WordPress.

The first was our sponsor (and host of this site) Pagely, which still has options for small businesses even though they have transitioned primarily into enterprise hosting. Pagely uses Amazon’s servers. They have been fantastic in terms of up-time, support, and security.

There are plenty of other options, however, including the Turbo service from our new sponsor A2 Hosting, Flywheel‘s option to stage a site for free before transferring it to a client, and GoDaddy‘s new inexpensive managed WordPress hosting plans. Each of these different providers offers something unique.

To help you decide, here are some recent comparisons of managed WordPress hosting providers:

Sept 2015: Installing & Configuring Security Plugins

What’s the Hardest Thing About WordPress?

Prior to the security plugin demos, we had a discussion about what people find difficult about WordPress, based on our own experience and that of our clients. Here’s what people had to say:

  • Ted—People expect WordPress to be like Wix, with great UI elements you can just drop in. He’s taken to using Shortcodes Ultimate to help with this. Pieter Hartsook recommends Visual Composer (or similar) and front-end editing.
  • Karla—Understanding that you need plugins to do anything. She’s a pretty good searcher, so doesn’t think finding and evaluating plugins is all that hard.
  • Sharihar—In Joomla you can put an extension (plugin) on just a particular page, and he hasn’t seen the ability to do that with WP. Also he found theming for Joomla easier—there’s more separation of the PHP and the HTML/CSS. Widgets also puzzled him.
  • Sallie—clients can be puzzled by the widgetized home pages in Genesis—they expect to be able to go to the home page and edit it.
  • Ted—the way your widgets depend on your theme—they will disappear/move around when you change themes
  • Bill—Trying to simplify the admin and client-proof it.
  • Ted—It really helps clients to have a UI set up where they know what type of content to enter where. Red8 does this via ACF, and it’s easier for clients, but harder to use any of that information on another page because it’s all stored as post_meta.
  • Karla—The whole concept of databases and why WordPress—she finally started to understand about retrieving the information and displaying it in multiple places.
  • Pieter—as consultants we need to take a longer view and think about what the client is going to need in 3 months or 6 months. WP’s extensibility is an advantage and you don’t always want the quickest solution.
  • Ted—Media management. Can you just bulk-upload images and display them in multiple places? Pieter suggests storing them on Flickr and pulling them into WP and elsewhere.

iThemes Security

(Demo’ed by Pieter Hartsook.) The first thing to be sure you do is whitelist your own IP address. After that the plugin will give you a list of top-priority actions. Features include malware scanning, 404 protection, block lists, changed file detection, and brute force protection. They also provide a series of instructional videos in addition to this video overview.


Pieter Hartsook showed us the new, attractive interface of Wordfence Security. Wordfence scans for malware and also compares your themes and plugins to the WordPress repository.  Here’s an overview video with a feature tour:

All in One WP Security and Firewall

Ted Curran did a demo of All in One WP Security and Firewall. It has a straightforward dashboard that shows you critical issues and your security points grade. In addition to the usual sorts of security features, AIO WP Security includes comment spam protection and text copy protection.

Security Plugins and Your Database

Security plugins log activity. The logs normally get stored in your database. iThemes Security creates three tables: _itsec_lockouts, _itsec_log, and _itsec_temp. You can tell the plugin how long to store the logs in order to keep them from taking up too much space.

iThemes Security Log Settings

Wordfence, on the other hand, creates 18 tables, which can amount to quite a bit of database clutter.


All in One WP Security and Firewall creates 5 database tables, for events, failed logins, global meta, login activity, and login lockdown.

All in One WP Security and Firewall database tables

All three plugins have free and paid versions. If you don’t have a favorite yet, try them out and pick one. Any of them should give you good protection.


One very important factor in good security–not just with WordPress but anywhere on the Internet–is using strong passwords. Sallie just started using Dashlane, which lets you sync passwords between devices for $40/year. Ted uses LastPass, which has a $12/year premium version to allow use on and syncing across unlimited devices. 1Password offers sync via Dropbox, iCloud, or Wi-Fi, all of which seems a little clumsy, and you have to buy a license for each device. (Plus it’s just kind of annoying.)

In addition to passwords, utilities like these can also store credit card information, personal information, and license keys. Using them makes it possible to use long random passwords (the most secure kind) without having to try to remember them.

August 2015: Contributor Day

We had our first WordPress Contributor Day on August 23, 2015, with pizza and soft drinks provided by Pagely.


You don’t have to be on the core team to contribute to WordPress.There are all kinds of ways to help out: answering questions in the support forum, writing and editing documentation, making translations, helping with accessibility, and more.

Join us for a special extended session and give back to the WordPress community. We’ll show you how to do it and then get down to work. All you need is a (not .com) login and a laptop.

Links to Contributor Guides

What We Did

First, everyone set up their logins and then got themselves on the Slack channel. (You need your login to get invited.) The Slack channel is integrated with Trac, so you can keep up to date on the status of different Trac tickets for WordPress core.

Participants had a wide range of skill levels and several choices of ways to contribute. Two people chose to work on captioning videos and discovered that it’s a little more complicated than it sounds. Sallie answered 16 questions in the support forum. Karla worked on submitting a patch. People also reviewed training lesson plans.

Responses from participants were really positive, as you can see from the comments on the event page. We’re definitely planning to make Contributor Day an annual event.

Anca managed to take a great panoramic photo showing us all at work:

East Bay WP Meetup Contributor Day 2015

June 2015: Never-Never Land: The WordPress Database

Database expert Sonja London presented on the WordPress Database in June 2015. She summarized her talk as follows:

For many, the WP database is thing that gets created when we set up WP and then forgotten until it fails.  This program will try to empower you to leverage the database to create and maintain a more powerful, efficient WP site.  

We will briefly cover a few things you should be doing to keep it working properly – backup, import, export, cleanup and optimization.  We will take a quick look at its structure.  

Then we will look at some ideas for enhancements and show a few demos, including one with 50k users and another that draws pretty pictures directly from the database.  Finally, we will look at a few tools to help you connect with the data.

Sallie’s Notes

Back up your database–to multiple locations. There are lots of plugins that will do this for you automatically.

Maintain your database: clean out the overhead. Revisions pile up. Also note that revisions don’t save post meta, only post content.

Side note: you can have your staging and production in the same database, with different prefixes.

MySQL Storage Engines

There are more of these than you probably imagined. WordPress now defaults to InnoDB but your host may override this. WordPress used to use MyISAM, which works fine if you are just reading and writing to the database. It’s not so good for things like financial transactions, however.

Don’t know which engine you’re using? Type ‘SHOW ENGINES;‘ into your SQL command field. That shows you the engines available to you, and tells you which one is the default. There’s an engine called Memory which is fast as hell but not reliable. Good for temporary caching.

InnoDB is the engine you need if you are doing transactions: it won’t go into the database until all parts of it succeed.

InnoDB puts a heavier load on the machine. But it also does row-level locking rather than table-level locking. Doesn’t rely on operating system to store files.

Stick to lowercase for your table names; mixed case can result in duplicate tables if you move from Windows to Linux.

Writing Code for the Database

WordPress provides an abstraction layer via wp_query and wp_user_query. When you run a query, it brings everything into memory, so consider only querying a portion of the DB at a time.

Sanitize your input! Make sure to esc_sql($sql).

Sonja explains how SQL injections work and why you should remove the user ID 1.

Most of WP’s higher-level functions are already sanitized, BUT if you query the database directly, you need to do the sanitizing. Pass your statement through PREPARE.

The most important relationship in the database: posts to post_meta, users to user_meta

Avoid problems with prefixes by using $wpdb->tablename in your MySQL queries

Use the WP query functions IF YOU CAN…but there are some times when they don’t do what you need.

Sonja demonstrates some custom tables for propane pricing and how she uses the Google Visualizer to create a graph.

EXPLAIN statement provides information about how MySQL executes statements.

People think correlated subqueries will be slow, but in fact the optimizer deals with it.

Take time to test. Create test data and test users.

Plugins for the WP Database

DB-Table-Editor, which is definitely a plugin for developers. You will have to write code. But you can add and modify rows. (You have to create the tables in phpMyAdmin.)

WordPress Visualizer, which uses the Google Visualization API to graph data from your DB. You need to create a PHP array in the correct format. Sonja says that the work she did for the SPUG site took abut 300 lines of code, including creating the shortcodes.

Contact Form DB allows form plugins to store submissions in the WP database. (Gravity Forms does this already, but Contact Form 7 and many others do not.)

Query Monitor shows you all the database queries performed on the current page.

Creating indexes in MySQL

Sonja likes MySQL Workbench. Anca runs Sequel Pro on her computer to play with queries.

Anca asks about optimizing via changing indexes–Sonja mentions creating a new index for user_meta values in order to verify membership by something other than username. Queries were seriously slow (10 minutes!), so Sonja created a new index to speed it up.

Serialized data–it’s a pain, but we have to deal with it. Searching that is…more than a little difficult. Sonja hasn’t found a really good solution.

Adam asks about creating a new table (not one of the standard 11 that WP uses). He’d like to create new tables rather than using post_meta. CREATE TABLE, give it an ID, auto increment.

The Codex is your friend.

Anca has used a plugin called Stream, which used to be great and is not as nice since they’ve tried to move it to SaaS. Note that the cloud storage isn’t PCI or HIPAA compliant. Be very careful about storing data.

Hushmail: HIPAA compliant email.