In September 2014 I wrote an article called Have we been misleading people about WordPress? My main concern was the way that marketers imply, and consumers seem to believe, that Without knowing code is equivalent to Without knowing anything.
We’ll review the things that clients (and other end-users) find most difficult about WordPress–which would be practically everything–and how we can have happier clients by setting expectations, offering training, and using plugins to help simulate a more familiar editing environment.
(I’ll be going into more detail on the Editus plugin by Lasso since we have more time than I did at WCSAC.)
The December Meetup is sponsored by Beaver Builder, a tool that makes WordPress sites easier to create. Expect swag and giveaways along with the demo.
Prior to the security plugin demos, we had a discussion about what people find difficult about WordPress, based on our own experience and that of our clients. Here’s what people had to say:
Ted—People expect WordPress to be like Wix, with great UI elements you can just drop in. He’s taken to using Shortcodes Ultimate to help with this. Pieter Hartsook recommends Visual Composer (or similar) and front-end editing.
Karla—Understanding that you need plugins to do anything. She’s a pretty good searcher, so doesn’t think finding and evaluating plugins is all that hard.
Sharihar—In Joomla you can put an extension (plugin) on just a particular page, and he hasn’t seen the ability to do that with WP. Also he found theming for Joomla easier—there’s more separation of the PHP and the HTML/CSS. Widgets also puzzled him.
Sallie—clients can be puzzled by the widgetized home pages in Genesis—they expect to be able to go to the home page and edit it.
Ted—the way your widgets depend on your theme—they will disappear/move around when you change themes
Bill—Trying to simplify the admin and client-proof it.
Ted—It really helps clients to have a UI set up where they know what type of content to enter where. Red8 does this via ACF, and it’s easier for clients, but harder to use any of that information on another page because it’s all stored as post_meta.
Karla—The whole concept of databases and why WordPress—she finally started to understand about retrieving the information and displaying it in multiple places.
Pieter—as consultants we need to take a longer view and think about what the client is going to need in 3 months or 6 months. WP’s extensibility is an advantage and you don’t always want the quickest solution.
Ted—Media management. Can you just bulk-upload images and display them in multiple places? Pieter suggests storing them on Flickr and pulling them into WP and elsewhere.
(Demo’ed by Pieter Hartsook.) The first thing to be sure you do is whitelist your own IP address. After that the plugin will give you a list of top-priority actions. Features include malware scanning, 404 protection, block lists, changed file detection, and brute force protection. They also provide a series of instructional videos in addition to this video overview.
Pieter Hartsook showed us the new, attractive interface of Wordfence Security. Wordfence scans for malware and also compares your themes and plugins to the WordPress repository. Here’s an overview video with a feature tour:
Ted Curran did a demo of All in One WP Security and Firewall. It has a straightforward dashboard that shows you critical issues and your security points grade. In addition to the usual sorts of security features, AIO WP Security includes comment spam protection and text copy protection.
Security Plugins and Your Database
Security plugins log activity. The logs normally get stored in your database. iThemes Security creates three tables: _itsec_lockouts, _itsec_log, and _itsec_temp. You can tell the plugin how long to store the logs in order to keep them from taking up too much space.
Wordfence, on the other hand, creates 18 tables, which can amount to quite a bit of database clutter.
All in One WP Security and Firewall creates 5 database tables, for events, failed logins, global meta, login activity, and login lockdown.
All three plugins have free and paid versions. If you don’t have a favorite yet, try them out and pick one. Any of them should give you good protection.
One very important factor in good security–not just with WordPress but anywhere on the Internet–is using strong passwords. Sallie just started using Dashlane, which lets you sync passwords between devices for $40/year. Ted uses LastPass, which has a $12/year premium version to allow use on and syncing across unlimited devices. 1Password offers sync via Dropbox, iCloud, or Wi-Fi, all of which seems a little clumsy, and you have to buy a license for each device. (Plus it’s just kind of annoying.)
In addition to passwords, utilities like these can also store credit card information, personal information, and license keys. Using them makes it possible to use long random passwords (the most secure kind) without having to try to remember them.
Fred Meyer of WP Shout interviewed 15 top WordPress developers in the course of writing Up and Running with WordPress. He joins us via Skype video conference for the October meetup to share some of his discoveries.
Fred asked these developers what makes good WordPress code, how to write clear code, and the qualities that make a good developer. Join us learn from some of the best-known individuals in the WordPress community.
Poll results were tied, so I decided to make “How to Set Up Wordfence and iThemes Security” the main topic and put the “What’s the Hardest Thing about WordPress?” discussion into our regular Q&A period.
Security plugins have lots of options, and if you don’t set them up correctly, you might lock yourself out of your own site–or overlook something important.
Pieter Hartsook shows you how to configure two of the most popular security plugins for WordPress: Wordfence and iThemes Security.
THE HARDEST THING ABOUT WORDPRESS
It’s my contention that we should stop pretending WordPress is easy. Sure, it’s a lot easier for developers, designers, and end users than some other popular content management systems or creating an old-fashioned HTML site. But WordPress has evolved into a pretty complex system. We’ll share the hardest things for us and our clients, and any insight we have into how to make them easier.
We had our first WordPress Contributor Day on August 23, 2015, with pizza and soft drinks provided by Pagely.
You don’t have to be on the core team to contribute to WordPress.There are all kinds of ways to help out: answering questions in the support forum, writing and editing documentation, making translations, helping with accessibility, and more.
Join us for a special extended session and give back to the WordPress community. We’ll show you how to do it and then get down to work. All you need is a WordPress.org (not .com) login and a laptop.
First, everyone set up their WordPress.org logins and then got themselves on the WordPress.org Slack channel. (You need your WordPress.org login to get invited.) The Slack channel is integrated with Trac, so you can keep up to date on the status of different Trac tickets for WordPress core.
Participants had a wide range of skill levels and several choices of ways to contribute. Two people chose to work on captioning WordPress.tv videos and discovered that it’s a little more complicated than it sounds. Sallie answered 16 questions in the support forum. Karla worked on submitting a patch. People also reviewed training lesson plans.
Responses from participants were really positive, as you can see from the comments on the Meetup.com event page. We’re definitely planning to make Contributor Day an annual event.
Anca managed to take a great panoramic photo showing us all at work:
Sandbox for WordPress Junkies in the East San Francisco Bay