Making WordPress Easier to Use

This is a variation on my WordCamp Sacramento talk, “Not Everyone Is a WordPress Expert.” 

In September 2014 I wrote an article called Have we been misleading people about WordPress? My main concern was the way that marketers imply, and consumers seem to believe, that Without knowing code is equivalent to Without knowing anything.

A lot of WordPress themes and plugins actually have a very steep learning curve and are overwhelming for new users. There is no such thing as an intuitive interface, only a familiar interface. We need to be honest about the learning curve, simplify the admin, and provide support and training.

We’ll review the things that clients (and other end-users) find most difficult about WordPress–which would be practically everything–and how we can have happier clients by setting expectations, offering training, and using plugins to help simulate a more familiar editing environment. 

(I’ll be going into more detail on the Editus plugin by Lasso since we have more time than I did at WCSAC.)

The December Meetup is sponsored by Beaver Builder, a tool that makes WordPress sites easier to create. Expect swag and giveaways along with the demo.

https://vimeo.com/122546221

And as always, we’d like to thank our regular sponsors: Pagely, host of the EastBayWP.com website; A2 Hosting, which pays for our pizza; and O’Reilly Media, which offers us discounts on their tech books and videos.

Sept 2015: Installing & Configuring Security Plugins

What’s the Hardest Thing About WordPress?

Prior to the security plugin demos, we had a discussion about what people find difficult about WordPress, based on our own experience and that of our clients. Here’s what people had to say:

  • Ted—People expect WordPress to be like Wix, with great UI elements you can just drop in. He’s taken to using Shortcodes Ultimate to help with this. Pieter Hartsook recommends Visual Composer (or similar) and front-end editing.
  • Karla—Understanding that you need plugins to do anything. She’s a pretty good searcher, so doesn’t think finding and evaluating plugins is all that hard.
  • Sharihar—In Joomla you can put an extension (plugin) on just a particular page, and he hasn’t seen the ability to do that with WP. Also he found theming for Joomla easier—there’s more separation of the PHP and the HTML/CSS. Widgets also puzzled him.
  • Sallie—clients can be puzzled by the widgetized home pages in Genesis—they expect to be able to go to the home page and edit it.
  • Ted—the way your widgets depend on your theme—they will disappear/move around when you change themes
  • Bill—Trying to simplify the admin and client-proof it.
  • Ted—It really helps clients to have a UI set up where they know what type of content to enter where. Red8 does this via ACF, and it’s easier for clients, but harder to use any of that information on another page because it’s all stored as post_meta.
  • Karla—The whole concept of databases and why WordPress—she finally started to understand about retrieving the information and displaying it in multiple places.
  • Pieter—as consultants we need to take a longer view and think about what the client is going to need in 3 months or 6 months. WP’s extensibility is an advantage and you don’t always want the quickest solution.
  • Ted—Media management. Can you just bulk-upload images and display them in multiple places? Pieter suggests storing them on Flickr and pulling them into WP and elsewhere.

iThemes Security

(Demo’ed by Pieter Hartsook.) The first thing to be sure you do is whitelist your own IP address. After that the plugin will give you a list of top-priority actions. Features include malware scanning, 404 protection, block lists, changed file detection, and brute force protection. They also provide a series of instructional videos in addition to this video overview.

Wordfence

Pieter Hartsook showed us the new, attractive interface of Wordfence Security. Wordfence scans for malware and also compares your themes and plugins to the WordPress repository.  Here’s an overview video with a feature tour:

All in One WP Security and Firewall

Ted Curran did a demo of All in One WP Security and Firewall. It has a straightforward dashboard that shows you critical issues and your security points grade. In addition to the usual sorts of security features, AIO WP Security includes comment spam protection and text copy protection.

Security Plugins and Your Database

Security plugins log activity. The logs normally get stored in your database. iThemes Security creates three tables: _itsec_lockouts, _itsec_log, and _itsec_temp. You can tell the plugin how long to store the logs in order to keep them from taking up too much space.

iThemes Security Log Settings

Wordfence, on the other hand, creates 18 tables, which can amount to quite a bit of database clutter.

wp_wfBadLeechers
wp_wfBlocks
wp_wfConfig
wp_wfCrawlers
wp_wfFileMods
wp_wfHits
wp_wfHoover
wp_wfIssues
wp_wfLeechers
wp_wfLockedOut
wp_wfLocs
wp_wfLogins
wp_wfNet404s
wp_wfReverseCache
wp_wfScanners
wp_wfStatus
wp_wfThrottleLog
wp_wfVulnScanners

All in One WP Security and Firewall creates 5 database tables, for events, failed logins, global meta, login activity, and login lockdown.

All in One WP Security and Firewall database tables

All three plugins have free and paid versions. If you don’t have a favorite yet, try them out and pick one. Any of them should give you good protection.

Passwords

One very important factor in good security–not just with WordPress but anywhere on the Internet–is using strong passwords. Sallie just started using Dashlane, which lets you sync passwords between devices for $40/year. Ted uses LastPass, which has a $12/year premium version to allow use on and syncing across unlimited devices. 1Password offers sync via Dropbox, iCloud, or Wi-Fi, all of which seems a little clumsy, and you have to buy a license for each device. (Plus it’s just kind of annoying.)

In addition to passwords, utilities like these can also store credit card information, personal information, and license keys. Using them makes it possible to use long random passwords (the most secure kind) without having to try to remember them.

What Fred Meyer Learned from Interviewing 15 WP Developers

Fred Meyer of WP Shout interviewed 15 top WordPress developers in the course of writing Up and Running with WordPress. He joins us via Skype video conference for the October meetup to share some of his discoveries.

Fred asked these developers what makes good WordPress code, how to write clear code, and the qualities that make a good developer. Join us learn from some of the best-known individuals in the WordPress community.

Sponsored by

WP Shout will be giving away a copy of Up and Running with WordPress (a $49 value) to one lucky winner, and a coupon for a free year of InMotion hosting to everyone who attends.

And as always, we’d like to thank our regular sponsors: Pagely, host of the EastBayWP.com website; A2 Hosting, which pays for our pizza; and O’Reilly Media, which offers us discounts on their tech books and videos.

Setting Up Security Plugins / The Hardest Thing About WordPress

Poll results were tied, so I decided to make “How to Set Up Wordfence and iThemes Security” the main topic and put the “What’s the Hardest Thing about WordPress?” discussion into our regular Q&A period. 

SECURITY PLUGINS

Security plugins have lots of options, and if you don’t set them up correctly, you might lock yourself out of your own site–or overlook something important.

Pieter Hartsook shows you how to configure two of the most popular security plugins for WordPress: Wordfence and iThemes Security

THE HARDEST THING ABOUT WORDPRESS

It’s my contention that we should stop pretending WordPress is easy. Sure, it’s a lot easier for developers, designers, and end users than some other popular content management systems or creating an old-fashioned HTML site. But WordPress has evolved into a pretty complex system. We’ll share the hardest things for us and our clients, and any insight we have into how to make them easier.

August 2015: Contributor Day

We had our first WordPress Contributor Day on August 23, 2015, with pizza and soft drinks provided by Pagely.

Overview

You don’t have to be on the core team to contribute to WordPress.There are all kinds of ways to help out: answering questions in the support forum, writing and editing documentation, making translations, helping with accessibility, and more.

Join us for a special extended session and give back to the WordPress community. We’ll show you how to do it and then get down to work. All you need is a WordPress.org (not .com) login and a laptop.

Links to Contributor Guides

What We Did

First, everyone set up their WordPress.org logins and then got themselves on the WordPress.org Slack channel. (You need your WordPress.org login to get invited.) The Slack channel is integrated with Trac, so you can keep up to date on the status of different Trac tickets for WordPress core.

Participants had a wide range of skill levels and several choices of ways to contribute. Two people chose to work on captioning WordPress.tv videos and discovered that it’s a little more complicated than it sounds. Sallie answered 16 questions in the support forum. Karla worked on submitting a patch. People also reviewed training lesson plans.

Responses from participants were really positive, as you can see from the comments on the Meetup.com event page. We’re definitely planning to make Contributor Day an annual event.

Anca managed to take a great panoramic photo showing us all at work:

East Bay WP Meetup Contributor Day 2015