Getting Readers Engaged: WordPress Comments & Commenting Systems

Whether you’re blogging yourself or creating a site for a client, you need to make some decisions about how to handle comments. Blocking comment spam is important, of course, but there are also tools you might want to consider to increase user engagement.

Our sponsor for this meeting, Wheepl, offers a platform for live, social conversation across webpages based on hashtags.

In addition to Wheepl, we’ll take a look at some other popular commenting solutions: Postmatic, Disqus (who sponsored a meetup many years ago), Livefyre, Jetpack Comments, etc. This is not a comprehensive tour of every comment system or plugin–that would take days. But it should give you an idea of the options that are out there for increasing engagement via comments.

In addition to our meeting sponsor, Wheepl, I would like to thank our regular sponsors; Pagely and A2 Hosting, as well as O’Reilly Media. Pagely hosts our website; A2 buys us pizza, and O’Reilly offers us hefty discounts.

Making WordPress Easier to Use

This is a variation on my WordCamp Sacramento talk, “Not Everyone Is a WordPress Expert.” 

In September 2014 I wrote an article called Have we been misleading people about WordPress? My main concern was the way that marketers imply, and consumers seem to believe, that Without knowing code is equivalent to Without knowing anything.

A lot of WordPress themes and plugins actually have a very steep learning curve and are overwhelming for new users. There is no such thing as an intuitive interface, only a familiar interface. We need to be honest about the learning curve, simplify the admin, and provide support and training.

We’ll review the things that clients (and other end-users) find most difficult about WordPress–which would be practically everything–and how we can have happier clients by setting expectations, offering training, and using plugins to help simulate a more familiar editing environment. 

(I’ll be going into more detail on the Editus plugin by Lasso since we have more time than I did at WCSAC.)

The December Meetup is sponsored by Beaver Builder, a tool that makes WordPress sites easier to create. Expect swag and giveaways along with the demo.

And as always, we’d like to thank our regular sponsors: Pagely, host of the website; A2 Hosting, which pays for our pizza; and O’Reilly Media, which offers us discounts on their tech books and videos.

Sept 2015: Installing & Configuring Security Plugins

What’s the Hardest Thing About WordPress?

Prior to the security plugin demos, we had a discussion about what people find difficult about WordPress, based on our own experience and that of our clients. Here’s what people had to say:

  • Ted—People expect WordPress to be like Wix, with great UI elements you can just drop in. He’s taken to using Shortcodes Ultimate to help with this. Pieter Hartsook recommends Visual Composer (or similar) and front-end editing.
  • Karla—Understanding that you need plugins to do anything. She’s a pretty good searcher, so doesn’t think finding and evaluating plugins is all that hard.
  • Sharihar—In Joomla you can put an extension (plugin) on just a particular page, and he hasn’t seen the ability to do that with WP. Also he found theming for Joomla easier—there’s more separation of the PHP and the HTML/CSS. Widgets also puzzled him.
  • Sallie—clients can be puzzled by the widgetized home pages in Genesis—they expect to be able to go to the home page and edit it.
  • Ted—the way your widgets depend on your theme—they will disappear/move around when you change themes
  • Bill—Trying to simplify the admin and client-proof it.
  • Ted—It really helps clients to have a UI set up where they know what type of content to enter where. Red8 does this via ACF, and it’s easier for clients, but harder to use any of that information on another page because it’s all stored as post_meta.
  • Karla—The whole concept of databases and why WordPress—she finally started to understand about retrieving the information and displaying it in multiple places.
  • Pieter—as consultants we need to take a longer view and think about what the client is going to need in 3 months or 6 months. WP’s extensibility is an advantage and you don’t always want the quickest solution.
  • Ted—Media management. Can you just bulk-upload images and display them in multiple places? Pieter suggests storing them on Flickr and pulling them into WP and elsewhere.

iThemes Security

(Demo’ed by Pieter Hartsook.) The first thing to be sure you do is whitelist your own IP address. After that the plugin will give you a list of top-priority actions. Features include malware scanning, 404 protection, block lists, changed file detection, and brute force protection. They also provide a series of instructional videos in addition to this video overview.


Pieter Hartsook showed us the new, attractive interface of Wordfence Security. Wordfence scans for malware and also compares your themes and plugins to the WordPress repository.  Here’s an overview video with a feature tour:

All in One WP Security and Firewall

Ted Curran did a demo of All in One WP Security and Firewall. It has a straightforward dashboard that shows you critical issues and your security points grade. In addition to the usual sorts of security features, AIO WP Security includes comment spam protection and text copy protection.

Security Plugins and Your Database

Security plugins log activity. The logs normally get stored in your database. iThemes Security creates three tables: _itsec_lockouts, _itsec_log, and _itsec_temp. You can tell the plugin how long to store the logs in order to keep them from taking up too much space.

iThemes Security Log Settings

Wordfence, on the other hand, creates 18 tables, which can amount to quite a bit of database clutter.


All in One WP Security and Firewall creates 5 database tables, for events, failed logins, global meta, login activity, and login lockdown.

All in One WP Security and Firewall database tables

All three plugins have free and paid versions. If you don’t have a favorite yet, try them out and pick one. Any of them should give you good protection.


One very important factor in good security–not just with WordPress but anywhere on the Internet–is using strong passwords. Sallie just started using Dashlane, which lets you sync passwords between devices for $40/year. Ted uses LastPass, which has a $12/year premium version to allow use on and syncing across unlimited devices. 1Password offers sync via Dropbox, iCloud, or Wi-Fi, all of which seems a little clumsy, and you have to buy a license for each device. (Plus it’s just kind of annoying.)

In addition to passwords, utilities like these can also store credit card information, personal information, and license keys. Using them makes it possible to use long random passwords (the most secure kind) without having to try to remember them.

What Fred Meyer Learned from Interviewing 15 WP Developers

Fred Meyer of WP Shout interviewed 15 top WordPress developers in the course of writing Up and Running with WordPress. He joins us via Skype video conference for the October meetup to share some of his discoveries.

Fred asked these developers what makes good WordPress code, how to write clear code, and the qualities that make a good developer. Join us learn from some of the best-known individuals in the WordPress community.

Sponsored by

WP Shout will be giving away a copy of Up and Running with WordPress (a $49 value) to one lucky winner, and a coupon for a free year of InMotion hosting to everyone who attends.

And as always, we’d like to thank our regular sponsors: Pagely, host of the website; A2 Hosting, which pays for our pizza; and O’Reilly Media, which offers us discounts on their tech books and videos.

Setting Up Security Plugins / The Hardest Thing About WordPress

Poll results were tied, so I decided to make “How to Set Up Wordfence and iThemes Security” the main topic and put the “What’s the Hardest Thing about WordPress?” discussion into our regular Q&A period. 


Security plugins have lots of options, and if you don’t set them up correctly, you might lock yourself out of your own site–or overlook something important.

Pieter Hartsook shows you how to configure two of the most popular security plugins for WordPress: Wordfence and iThemes Security


It’s my contention that we should stop pretending WordPress is easy. Sure, it’s a lot easier for developers, designers, and end users than some other popular content management systems or creating an old-fashioned HTML site. But WordPress has evolved into a pretty complex system. We’ll share the hardest things for us and our clients, and any insight we have into how to make them easier.