Oct 2015: Top Developer Tips on Good WordPress Code

Fred Meyer from WP Shout joined us via Skype to give his presentation (also seen at WC Denver) on “What I learned about WordPress development by interviewing 15 13 of the best WordPress developers.”

Top Takeaways

Good WordPress code is not distinguished by difficulty, innovation, or cleverness. The key to good code is clarity. Will someone who looks at your code know what you were trying to do and why? Will you know if you come back to it 6 months later? Can your code serve as a good example for people who are learning to code?

Persistence and curiosity are qualities you need in order to become a good developer. The need to understand why and how code works, it will motivate you to learn. You develop skill through continued practice. You don’t have to be a genius to be a WordPress developer. You just have to keep working at becoming better.

Don’t chase the shiny. Once you have found tools that work for you, you don’t need to try every new one that someone mentions. Just because something is new and popular doesn’t necessarily mean it’s better than what you’re already doing. Before you jump in, make sure there’s going to be an advantage over what you’re already doing.

The Codex is your friend–and so is the code. Almost everything you need to know is in the WordPress Codex, but to really understand how WordPress works, look at the core code.

Additional Notes

Fred created his slides using reveal.js. There is a free plugin called Presenter that makes use of this if you’d like to try it.

Fred is a huge fan of the CSS pre-processor SASS. We had a presentation about CSS pre-processors at the meetup a few years ago. SASS makes writing CSS more like writing PHP. There’s a free cross-platform SASS compiler called Koala if you’re not big on the command line.

Jermaine Holmes won the free copy of Up and Running: A Practical Guide to WordPress Development.

WP Shout has produced handy stickers with tips on some of the most common WordPress conditional tags. Trivia for the day: is_dynamic_sidebar does not check to see whether you are in a sidebar file, but whether there are any widgets activated in any sidebars on the site.

WordPress Hosting Resources

Prior to Fred’s presentation, the group had a discussion about site speed, performance, and hosting. The single biggest factor in your site’s performance is your hosting company. The best caching and performance tools (e.g. memcached, OPcache, APC) have to be installed on the server and are not available with most cheap shared hosting accounts.

Fortunately, there are now many hosting companies that specialize in WordPress.

The first was our sponsor (and host of this site) Pagely, which still has options for small businesses even though they have transitioned primarily into enterprise hosting. Pagely uses Amazon’s servers. They have been fantastic in terms of up-time, support, and security.

There are plenty of other options, however, including the Turbo service from our new sponsor A2 Hosting, Flywheel‘s option to stage a site for free before transferring it to a client, and GoDaddy‘s new inexpensive managed WordPress hosting plans. Each of these different providers offers something unique.

To help you decide, here are some recent comparisons of managed WordPress hosting providers:

Kim Doyal: Marketing & Measuring with WordPress.

WP ChickKim Doyal (have you listened to her podcast?) joins us in January to talk about site conversions and marketing with your site, including the use of Google Tag Manager. (More details as we get closer to the date.)


Kim Doyal, “The WordPress Chick,” is a leading expert on using WordPress to market businesses online. She teaches, blogs and creates with WordPress. A published author, movie producer and artist, her motto is “WordPress Happiness Made Easy.” Kim develops custom solutions to meet the needs for a variety of entrepreneurs and business models.

Getting Readers Engaged: WordPress Comments & Commenting Systems

Whether you’re blogging yourself or creating a site for a client, you need to make some decisions about how to handle comments. Blocking comment spam is important, of course, but there are also tools you might want to consider to increase user engagement.

Our sponsor for this meeting, Wheepl, offers a platform for live, social conversation across webpages based on hashtags.


In addition to Wheepl, we’ll take a look at some other popular commenting solutions: Postmatic, Disqus (who sponsored a meetup many years ago), Livefyre, Jetpack Comments, etc. This is not a comprehensive tour of every comment system or plugin–that would take days. But it should give you an idea of the options that are out there for increasing engagement via comments.

In addition to our meeting sponsor, Wheepl, I would like to thank our regular sponsors; Pagely and A2 Hosting, as well as O’Reilly Media. Pagely hosts our EastBayWP.com website; A2 buys us pizza, and O’Reilly offers us hefty discounts.

Making WordPress Easier to Use

This is a variation on my WordCamp Sacramento talk, “Not Everyone Is a WordPress Expert.” 

In September 2014 I wrote an article called Have we been misleading people about WordPress? My main concern was the way that marketers imply, and consumers seem to believe, that Without knowing code is equivalent to Without knowing anything.

A lot of WordPress themes and plugins actually have a very steep learning curve and are overwhelming for new users. There is no such thing as an intuitive interface, only a familiar interface. We need to be honest about the learning curve, simplify the admin, and provide support and training.

We’ll review the things that clients (and other end-users) find most difficult about WordPress–which would be practically everything–and how we can have happier clients by setting expectations, offering training, and using plugins to help simulate a more familiar editing environment. 

(I’ll be going into more detail on the Editus plugin by Lasso since we have more time than I did at WCSAC.)

The December Meetup is sponsored by Beaver Builder, a tool that makes WordPress sites easier to create. Expect swag and giveaways along with the demo.


And as always, we’d like to thank our regular sponsors: Pagely, host of the EastBayWP.com website; A2 Hosting, which pays for our pizza; and O’Reilly Media, which offers us discounts on their tech books and videos.

Sept 2015: Installing & Configuring Security Plugins

What’s the Hardest Thing About WordPress?

Prior to the security plugin demos, we had a discussion about what people find difficult about WordPress, based on our own experience and that of our clients. Here’s what people had to say:

  • Ted—People expect WordPress to be like Wix, with great UI elements you can just drop in. He’s taken to using Shortcodes Ultimate to help with this. Pieter Hartsook recommends Visual Composer (or similar) and front-end editing.
  • Karla—Understanding that you need plugins to do anything. She’s a pretty good searcher, so doesn’t think finding and evaluating plugins is all that hard.
  • Sharihar—In Joomla you can put an extension (plugin) on just a particular page, and he hasn’t seen the ability to do that with WP. Also he found theming for Joomla easier—there’s more separation of the PHP and the HTML/CSS. Widgets also puzzled him.
  • Sallie—clients can be puzzled by the widgetized home pages in Genesis—they expect to be able to go to the home page and edit it.
  • Ted—the way your widgets depend on your theme—they will disappear/move around when you change themes
  • Bill—Trying to simplify the admin and client-proof it.
  • Ted—It really helps clients to have a UI set up where they know what type of content to enter where. Red8 does this via ACF, and it’s easier for clients, but harder to use any of that information on another page because it’s all stored as post_meta.
  • Karla—The whole concept of databases and why WordPress—she finally started to understand about retrieving the information and displaying it in multiple places.
  • Pieter—as consultants we need to take a longer view and think about what the client is going to need in 3 months or 6 months. WP’s extensibility is an advantage and you don’t always want the quickest solution.
  • Ted—Media management. Can you just bulk-upload images and display them in multiple places? Pieter suggests storing them on Flickr and pulling them into WP and elsewhere.

iThemes Security

(Demo’ed by Pieter Hartsook.) The first thing to be sure you do is whitelist your own IP address. After that the plugin will give you a list of top-priority actions. Features include malware scanning, 404 protection, block lists, changed file detection, and brute force protection. They also provide a series of instructional videos in addition to this video overview.


Pieter Hartsook showed us the new, attractive interface of Wordfence Security. Wordfence scans for malware and also compares your themes and plugins to the WordPress repository.  Here’s an overview video with a feature tour:

All in One WP Security and Firewall

Ted Curran did a demo of All in One WP Security and Firewall. It has a straightforward dashboard that shows you critical issues and your security points grade. In addition to the usual sorts of security features, AIO WP Security includes comment spam protection and text copy protection.

Security Plugins and Your Database

Security plugins log activity. The logs normally get stored in your database. iThemes Security creates three tables: _itsec_lockouts, _itsec_log, and _itsec_temp. You can tell the plugin how long to store the logs in order to keep them from taking up too much space.

iThemes Security Log Settings

Wordfence, on the other hand, creates 18 tables, which can amount to quite a bit of database clutter.


All in One WP Security and Firewall creates 5 database tables, for events, failed logins, global meta, login activity, and login lockdown.

All in One WP Security and Firewall database tables

All three plugins have free and paid versions. If you don’t have a favorite yet, try them out and pick one. Any of them should give you good protection.


One very important factor in good security–not just with WordPress but anywhere on the Internet–is using strong passwords. Sallie just started using Dashlane, which lets you sync passwords between devices for $40/year. Ted uses LastPass, which has a $12/year premium version to allow use on and syncing across unlimited devices. 1Password offers sync via Dropbox, iCloud, or Wi-Fi, all of which seems a little clumsy, and you have to buy a license for each device. (Plus it’s just kind of annoying.)

In addition to passwords, utilities like these can also store credit card information, personal information, and license keys. Using them makes it possible to use long random passwords (the most secure kind) without having to try to remember them.