Daily ArchivesSeptember 8, 2021

Allowing multiple vendors to be able to sell products from their own stores using WooCommerce can be a complex feature to add. There are a number of plugins for allowing a vendor marketplace and one of the best is Dokan. 

Dokan includes a huge number of features there are built in the pro version of the plugin.

After you have installed both versions of the Dokan which would be the lite version and the pro version.

Dokan like WooCommerce includes a very easy to use setup wizard. The setup wizard includes a number of steps that will help you get Dokan setup sooner by using it. 

Remember to set up to go through the basic config for Dokan and to make sure that the permalinks for Dokan have been set up correctly. Dokan will integrate with WooCommerce which means it will work with all WooCommerce core functions such as payment, shipping, and taxes.

Dokan includes a massive range of modules which includes a number of features and a number of module integrations like Elementor. Enable any of the modules which you will need for your site.

The dashboard in Dokan is similar to the home screen in WooCommerce and will give you a good overview of sales and commissions earned over the course of the month.

Dokan will by default install a number of pages when the plugin has been activated and enabled. If the pages did not install correctly you can always go to;

Dokan > Tools

Then click on the install Dokan pages button.

Dokan includes a number of built-in integrations such as Yoast SEO and WooCommerce PDF Invoices & Packaging Slips plugins.

The Dokan plugin works well with a number of themes such as Astra, Storefront, or the Dokan theme.

One of the best payment gateways to use with Dokan is Stripe Connect. You can enable the Stripe Connect module from;

Dokan > Modules

Using the Stripe Connect payment gateway can be configured from;

WooCommerce > Settings > Payments

In the setting within WooCommerce, you will need to add your credentials from Stripe and then make sure that the settings are correct. You can follow this help document for how to correctly set up the Stripe Connect payment in Dokan.

Dokan Pro is one of the most complete and feature ready plugins for allowing your WooCommerce store to turn it into a multi-vendor marketplace.

If your Magento 1 business handles credit card information, you may already be aware of the 300+ security requirements in PCI DSS. If you’re not familiar, this article will cover some of the basics and offer resources for certifying compliance. 

Founded in 2006 by American Express, Discover, JCB International, Mastercard, and Visa, the Payment Card Industry Data Security Standards (PCI DSS) sets the minimum standard for data security around processing credit card transactions. It helps reduce fraud and data breaches across the payment ecosystem and applies to any organization that accepts or processes payments via credit cards.

PCI DSS Compliance

PCI DSS compliance involves three main rules:

1. Sensitive credit card data from consumers should be collected and transmitted securely
2. That data must be stored securely by utilizing encryption, ongoing monitoring, and security testing of access to card data
3. On an annual basis, validating that the required security controls are in place

Sensitive data from consumers

Companies that handle card data may be required to meet each of the 300+ security controls in PCI DSS. Even if card data only travels a business’s infrastructure for a moment, the company would need to purchase, implement, and maintain security software and hardware.

If a company does not need to handle sensitive credit card data, it shouldn’t. Third-party solutions (like Stripe) securely accept and store credit card data, removing considerable complexity, cost, and risk. If card data never touches your business’s servers, you would only need to confirm 22 relatively straightforward security controls, like using strong passwords.

Store data securely

If an organization handles or stores credit card data, it needs to define the scope of its cardholder data environment (CDE). PCI DSS defines CDE as the people, processes, and technologies that store, process, or transmit credit card data—or any system connected to it.

Since all 300+ security requirements in PCI DSS apply to CDE, it’s important to properly segment the payment environment from the rest of the business so as to limit the scope of PCI validation. If an organization is unable to contain the CDE scope, the PCI security controls would then apply to every system, laptop, and device on its corporate network. Nobody has time for that.

An annual review of required security controls

Regardless of how card data is accepted, organizations that handle credit card payments are required to complete a PCI validation form annually to maintain compliance.

12 Main Requirements for PCI DSS

The most recent security standards, PCI DSS version 3.2.1, includes 12 main requirements with over 300 sub-requirements that mirror security best practices. 

Those 12 main requirements are:

1. Install and maintain a firewall configuration to protect cardholder information
2. Never use vendor-supplied defaults for system passwords and other security parameters
3. Protect stored cardholder data
4. Encrypt transmission of cardholder data across open or public networks
5. Protect all systems against malware and regularly update anti-virus software
6. Develop and maintain secure systems and applications
7. Restrict access to cardholder data
8. Identify and authenticate access to system components
9. Restrict physical access to cardholder data
10. Track and monitor all access to network resources and cardholder data
11. Regularly test security systems and processes
12. Maintain a policy that addresses information security for all employees

New businesses can validate PCI compliance via nine self assessment questionnaires that are each a subset of the entire PCI DSS requirement. The difficulty comes from trying to figure out which requirements are necessary for your business. Some businesses will hire a PCI Council-approved auditor to ensure that each PCI DSS requirement has been met. And as if that isn’t complicated enough – the PCI Council revises the rules every three years and releases updates throughout each year. How can businesses secure their credit card data and maintain PCI compliance considering these factors?

Ways to Secure

There are a number of accepted ways to secure your website with the PCI DSS requirements, from hiring a qualified security assessor (QSA) company, to utilizing the PCI 3-Step Process, and via Hostdedi Safe Harbor in partnership with Stripe. 

1. A Qualified Security Assessor

A Qualified Security Assessor is a data security firm that is qualified by the PCI Council to perform on-site PCI Data Security Standard assessments. An assessor will verify all technical information given by the merchant or service provider and use independent judgment to confirm the standard has been met. A list of Qualified Security Assessor (QSA) companies can be found here.

2. The PCI 3-Step Process

1. Asses Identifying cardholder data, taking an inventory of IT assets and business processes for payment card processing, and analyzing them for vulnerabilities.
2. Remediate Fixing vulnerabilities and eliminating the storage of cardholder data unless absolutely necessary.
3. Report Compiling and submitting required reports to the appropriate acquiring bank and card brands.

3. Safe Harbor

Magento 1 reached end-of-life in June 2020, putting thousands of ecommerce sites into a compliance grey area when Adobe stopped issuing official security updates.

While the ecommerce application itself represents only a small part of what PCI compliance truly entails, for merchants still running their ecommerce sites on Magento 1, the important thing to note is there will no longer be security patches and updates issued for the platform. They’re on their own unless they’ve invested in a solution like Hostdedi Safe Harbor. We strongly suggest you check out Stripe, who has a commitment to keeping their Magento 1 module going for their customers.

Stripe

Stripe remains committed to enabling users to securely use Stripe’s products within Magento 1. To that end, Hostdedi encourages you to install Stripe’s official Magento 1 module, which uses Stripe.js and Elements to simplify your site’s PCI compliance. Stripe will continue to release bug fixes and security updates for the Stripe Magento 1 module to ensure this solution follows Payment Card Industry Data Security Standards (PCI DSS).

Conclusion

As you can see, achieving and maintaining PCI compliance is no small feat. But with the right information, assistance from a compliance professional, and Hostdedi Safe Harbor, businesses still operating on Magento 1 can keep their customer’s credit card data safe and secure.

Social selling is a smart choice for an ecommerce webshop. But maintaining inventory levels when you’re selling on multiple platforms can be challenging without the right tools. Enter: Social extensions for your WooCommerce Store. 

Social Extensions for WooCommerce

Facebook for WooCommerce

Facebook for WooCommerce allows you to sync WooCommerce products to a Facebook store, buy Facebook and Instagram ads directly on WooCommerce, and engage customers via Facebook Messenger.

Connect your entire catalog to Facebook with a single click and add it to your Facebook Business Page shop by following these steps:

1. Download the extension from the Facebook for WooCommerce product page.
2. Go to Plugins > Add New > Upload Plugin and select the ZIP file you just downloaded.
3. Click Install Now and then Activate.
4. Click Configure and read the next section to learn how to set up the plugin.

Pinterest for WooCommerce

Use the Pinterest for WooCommerce extension to connect your store to Pinterest’s 250 million monthly active users. Here are just a few of the many cool features offered by this extension:

• List your entire WooCommerce product catalog on Pinterest in minutes.
• Add new products automatically to your Pinterest boards.
• Every Pin contains a direct link to the product on your website.
• Use the Pinterest tag to track conversions.
• Replace the original product image with the custom one intended for Pinterest.
• Create a Pinterest catalog for advertising.
• Add Pinterest hashtags right from wp-admin.
• Manage all your Pins in one place and sync images, pricing, and product details in real-time.

Installation is simple, but before you get started, you should set up a business account with Pinterest. Once that step is complete, just download the extension and install it by following the steps outlined above or click here for more documentation.

WooCommerce Instagram

Developed by ThemeSquad, the WooCommerce Instagram extension gives your business an immersive storefront for people to explore your products, turn your Instagram posts into ads for campaigns, and connect with Instagram Shopping. 

The other features of this extension include:

• Increase the visibility of your store on Instagram.
• Upload your catalog to Instagram and create shoppable posts and stories.
• Define product hashtags to let people tag their images with them.
• Showcase how your customers are using your products in your store.
• Boost your sales by redirecting your audience to your product pages with just a single click.

To install, simply purchase the extension here, install it, then activate the plugin in your WooCommerce store. After that, go to WooCommerce > Settings > Integrations > Instagram and connect your store to Instagram. You can find extensive documentation here.

Pricing

Facebook for WooCommerce is entirely free and comes with 1 year of updates and support, and a 30-day money-back guarantee.

Pinterest for WooCommerce is $79 and comes with 1 year of updates and support and a 30-day money-back guarantee. 

WooCommerce Instagram is $79 and comes with 1 year of updates and support and a 30-day money-back guarantee. 

Conclusion

Since reaching the significantly larger audiences of Facebook, Pinterest, and Instagram is as easy as installing an extension and paying $79 bucks, ecommerce business owners would be crazy not to. But if this seems like too much to deal with, or you just don’t have the time, consider migrating (or starting!) your WooCommerce store to Hostdedi. 

Managed WooCommerce Hosting by Hostdedi makes enterprise-level technology accessible to businesses of any size. Sign up for our 14 Day free trial and experience the difference of Managed WooCommerce.

You’ll get 2 weeks to explore a dashboard and site that load ultra fast, with auto scaling and automatic plugin and platform updates built-in, so you can focus on what you do best. Not to mention 24/7/365 support from a team of WooCommerce experts who are happy to walk you through installing the extensions we’ve covered in this article and much more!

WordPress has been around since 2003 and has become the default tool for most people looking to start a website. While it’s come a long way from its roots as a blog engine, the underlying technology hasn’t made the same leaps that the user experience has.

WordPress development still revolves around many of the standards that were present in 2003. While this can make it more accessible to people due to the lower technical understanding required, it also means that many new development resources are not compatible with WordPress out of the box.

Today, we’re going to take a look at one of those newer tools called Composer. Let’s see how it can fit into your WordPress workflow and discuss why you may want to try it out.

What is Composer?

Every bit of code you write has dependencies. If you’re writing a WordPress plugin your biggest dependency is WordPress itself. Without the core functions that WordPress provides, it’s likely that your plugin isn’t useful at all. Outside of WordPress itself, you could need a modern SOAP client like nusoap to interface with SOAP-based APIs.

In the past, most people would simply copy the repository for nusoap into a directory in their plugin and then include the files needed to use the library. This is where Composer can step in and simplify some of the management of your dependencies.

Composer is a dependency manager. It’s specifically designed to make it easy to install and manage dependencies. This can become especially crucial if you’re working in a team and want to make sure that every member of the team is using the same libraries as they do their development work.

At its base, Composer is a JSON file that details the dependencies you have installed and which versions of the dependencies you want to use. You can see a basic example below that includes the nusoap dependency.

{

    “require”: {

        “econea/nusoap”: “^0.9.10”

    }

}

When I run composer require econea/nusoap in my plugin it will install nusoap for me and lock it to the version specified. In this case, I’m using 0.9.10 and will continue to use that unless I tell Composer to upgrade the dependency.

This has the advantage over simply downloading and including nusoap because I can use composer update to update all my dependencies without needing to go see if there are updates and manually download them into my project. Composer takes over the management of resources at this level.

Getting Started with Composer

Installing composer is fairly straightforward.

On Windows

If you’re on Windows then there is an installer provided to simplify the process. It will install the latest version of Composer and make it accessible globally for your projects.

Linux/Unix/macOS

On any of these platforms, you have a few more steps to get Composer setup. To start, run the commands needed to download Composer and get it setup.

php -r “copy(‘https://getcomposer.org/installer’, ‘composer-setup.php’);”

php -r “if (hash_file(‘sha384’, ‘composer-setup.php’) === ‘756890a4488ce9024fc62c56153228907f1545c228516cbf63f885e036d37e9a59d27d63f46af1d4d07ee0f76181c7d3’) { echo ‘Installer verified’; } else { echo ‘Installer corrupt’; unlink(‘composer-setup.php’); } echo PHP_EOL;”

php composer-setup.php

php -r “unlink(‘composer-setup.php’);”

Next, you’ll want to run Composer globally for local development so we’ll need to adjust the default install to ensure that it’s available any time we want to use Composer. You can move Composer to be globally available with the following command executed from the same directory you just downloaded Composer from.

mv composer.phar /usr/local/bin/composer

Upgrading Composer

On Windows and macOS all you need to do to upgrade to the latest version of Composer is run composer self-update. If you’re on Linux/Unix then you’ll need to run sudo apt update && upgrade so that your system checks for the latest versions then you can run composer self-update to get the latest version.

Now that you’re set up, let’s take a look at using Composer to install WordPress.

Install WordPress with Composer

What about if you want to manage an entire site with Composer? First, you need to decide if WordPress is the dependency of the project or the core of the project? Yup, a little brain-twisting.

WordPress can be considered a dependency of the project because the end goal for your customers isn’t to have WordPress installed. They want a store or a blog and that depends on you installing WordPress. This is the stance that a project like Roots takes with its Composer based Bedrock WordPress setup called Bedrock.

Using Bedrock means that you don’t have to tell Composer about WPackagist because it’s already set up. It’s where I recommend you start if you’re looking to manage an entire site with Composer.

To install Bedrock run the following command.

composer create-project roots/bedrock

This will give you the following file structure.

├── composer.json

├── .env

├── config

│   ├── application.php

│   └── environments

│       ├── development.php

│       ├── staging.php

│       └── production.php

├── vendor

└── web

    ├── app

    │   ├── mu-plugins

    │   ├── plugins

    │   ├── themes

    │   └── uploads

    ├── wp-config.php

    ├── index.php

    └── wp

This is very different than the standard WordPress setup. To start you have your composer.json file at the root of the install. This is where you’ll see your Composer configuration. 

Your .env file is where you can store the different database configurations. This is needed because your local site and your live site will have different database passwords and usernames. The default wp-config.php file will understand the variables you put in your .env file because Bedrock uses those variables instead of hard coding in the database connection information.

You’re .env file should be ignored in your Git repository. When you configure a new site you add a new .envfile to it with the required database configuration information.

There are a few other variables that you need to set up here to get Bedrock started, which are all detailed in their documentation.

Under the config folder areis different default configurations for the environments you’ll be using. In development, this turns on error reporting, and in your production environments, it makes sure that error logging won’t interfere with the smooth operation of your site.

With Bedrock as a base, you can now use Composer to install your WordPress plugins via WPackagist.

WPackagist is a mirror of the WordPress theme and plugin repository. This is needed because by default most plugins and themes are not available for Composer to install. The mirror adds the required files for each plugin so that Composer can be used to manage the plugins.

If you wanted to install WooCommerce in your Bedrock based WordPress install you need to require WooCommerce first, composer require wpackagist-plugin/woocommerce, then you need to tell Composer to install the dependencies, composer install.

Now you can go to the admin area of your WordPress install and activate WooCommerce and get building out your site. To update WooCommerce when a new version comes out, or to update WordPress, you need to run composer update.

This is where a Composer based project can get into a bit of trouble. If you run your updates through the WordPress admin then you’ll have a mismatch between what Composer expects and what WordPress has installed. If you’re going to go with Composer, then stick with using it as your updating tool and don’t work via the WordPress admin.

When Should You Use Composer?

I’m sure that many of you are asking why Composer is such a great tool for WordPress development. WordPress wasn’t built with Composer in mind, so to work with it you have to jump through some hoops to make it work well.

For plugin and theme developers there is a clear case that Composer can make it easier to deal with dependencies you need to bring in from the wider PHP ecosystem. For WordPress developers, the argument is less clear. Some like to use Composer to manage their whole site as Roots does. This can let you have fewer files managed by Git, but that has never seemed like a compelling case to me. 

The case I like is that Composer can make it easy to have different dependencies for different environments. You can then use your deployment process to deploy those dependencies in your environments and not have to manually manage them.

As a developer, you also need to take your client’s needs into account. If they don’t have a development team around to manage the site long term, then they may run into issues with a non-standard WordPress install. In some cases, their hosts may tell them that support isn’t available because they’re not using the normal way of installing and using WordPress. When you serve clients you always need to balance the cool technology you use with what the client can handle long term.

For this reason alone, I don’t use Composer in my full site projects. My clients are going to be managing them day to day for years and I don’t want to put up any extra barriers. We both want their sites to run smoothly for years to come.

If you’re looking to upgrade your PHP skills with modern technologies, then you should certainly take a look at how Composer can fit into your WordPress workflows.

Just like WordPress has specific tools like VVV that are tailored to the development of WordPress sites locally, the wider PHP community has similar tools. Today we’re going to look at Valet, which is a tool that is specific to hosting Laravel projects for local development.

While Valet was released by the Laravel team, it is designed to support WordPress out of the box, along with other CMS’s like Craft and Statamic.

Let’s dig into how to get a WordPress site running on Valet.

Prepping to Install Valet

If you’ve used tools like XAMPP or MAMP before, this is going to be a bit different as we need some other terminal-based tools installed before we can get Valet running.

First, we’ll need to install Homebrew. Homebrew is a package manager for macOS Terminals or Linux shell prompt. We’ll need this to install the packages that will make up Valet. If this feels daunting to start, don’t worry. There are only a handful of basic commands we need to run.

To install Homebrew use the command below.

/bin/bash -c “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)”

You’ll be greeted by some prompts to set up Homebrew. They’re all very clear so just follow them and it will be set up for you.

Before we go forward we need to make sure that we have the most recent package definitions for Homebrew. To do this we need to update it with the commands below.

brew doctor

This makes sure that nothing needs fixing in Homebrew. If everything is good to go then you can update Homebrew.

brew update

If your system doesn’t find Homebrew in your $PATH then you can add it with this command. export PATH=”/usr/local/bin:$PATH” If you have other errors, check the Homebrew troubleshooting guide

Next, let’s get PHP 7.4 installed via Homebrew with the command below.

brew install [email protected]

How long this takes depends in part on your internet connection since Homebrew has to download PHP. Once it’s downloaded Homebrew will set up PHP 7.4 on your system.

Finally, we need to make sure that Composer is installed on our system. You can find those directions in my previous post on Composer or check out the official documentation on installing Composer.

Installing Valet

Now that we have everything set up it’s time to install Valet via Composer with the command below.

composer global require laravel/valet

If you get errors it’s possible that you need to download some more dependencies. If so run the command above with –with-all-dependencies to make sure they get downloaded.

Now that we have Valet downloaded we need to set it up. Run the following command in Terminal. You should be prompted for your password before this command runs.

valet install

Now we have Valet installed, so we can move on to getting a WordPress site setup.

Getting WordPress Installed in Valet

There are two basic commands you’ll need to know to use Valet effectively.

• park: this is used to add a directory to Valet. If you created a folder called ~/valet-sites you would use the park command to add that whole folder as a spot that sites could run out of.
• link: this allows you to add a single site folder to Valet instead of a whole directory where you’d run different sites.

Now we need to download WordPress so that we can use it to create a Valet based site to work on. Unzip the download and rename it valet-nexcess. Next in terminal move into our new directory with cd valet-nexcess and then type valet link to link that directory into Valet so you can use it to host WordPress.

Now you should be able to visit valet-nexcess.test and see the WordPress install screen.

Before you move through the WordPress setup though we need to install a database layer because Valet doesn’t come with that. We can install MySQL via Homebrew with the following command.

brew install mysql

Once MySQL has been installed we need to start it.

mysql.server start

To stop MySQL you’d use mysql.server stop

Now you can connect to the Valet database with your favourite local database tool and create a new database.

Then simply finish the WordPress install and get working on your new site.

When it comes to Unit Testing with Valet, you’re in luck because I’ve already written a tutorial on how to setup Unit Testing for WordPress using Valet. It’s fairly easy to do with a few terminal commands.

For capturing email we return to MailHog which can be installed via Homebrew easily. WP Beaches has an excellent tutorial on how to get this setup for your development environment.

While it’s not too difficult to setup Valet for your WordPress projects, I’ve found the performance to be lacking. Despite talking with many other developers, I’ve never been able to figure out why I’m having performance issues that they don’t see despite running huge sites locally for development.

I’ve also found that I have to adjust the Valet settings every month or so because it stopped working for some reason. For me, Valet has lots of power but takes a bit too much management to keep using daily as my local development environment.

If you have used a computer, you have dealt with cache.

Perhaps you’ve heard that “clearing the cache” can help you speed up your browser. Perhaps you’ve then felt it was contradictory that cache was supposed to speed up your browsing experience. 

So what exactly is cache and for what purpose do we use it?

In this article, you will find out:

• What is cache and why we use it
• What is server-side cache
• What is client-side cache
• WordPress-specific cache plugins 
• How to optimize your website for speed

What is Cache?

The concept of cache is simple: it is a component in computing that stores temporary data so that it can be reused when necessary and therefore improve performance speed.

For example, a web browser cache will save a website’s static content. 

Since loading the content from cache is faster than downloading it every time you visit a website, your loading time improves dramatically.

As a WordPress user, you should differentiate between two types of caching for your website: server-side and client-side. 

Server Side Caching

Server-side caching is exactly what you might think it is – caching which uses the server as storage, as opposed to using your local machine. 

There are several types of server-side caching, some of which are:

Page Caching

HTML stands for Hypertext Markup Language and is also a file extension. An HTML file will contain your website’s code and embedded content such as custom CSS. 

Page caching allows HTML files to be saved in order to improve website loading time.

Database Caching

Database caching allows for faster query processing, especially when accessing large databases. Most websites these days have an increasing amount of data stored, such as websites that feature stores and therefore lots of user information. 

Large databases can be a resource hog so it is especially useful to provide in-memory access to the database’s most frequently used queries. 

Object Caching

There are several object caching solutions available, some of the most popular ones being Redis (an open source, in-memory database) and Memcached (a multithreaded in-memory cache). Database caching is a subset of object caching – a query is first made to a database such as MySQL after which the result gets saved in an intermediary such as Redis.
The next time the query is made, it no longer has to be made to the database and is instead loaded out of cache.

Opcode or OPcache

A part of your website’s code is the PHP script, which needs to be compiled at runtime. Instead of compiling it each time you visit a website, opcode caching will save the compiled script to the server cache, eliminating the need to compile the code every time and speeding up the loading process considerably. 

CDN caching

A content delivery network is a network of proxy servers which minimizes website loading time by loading content from a server which is physically closer to the user. 

Why You Need a WordPress CDN >>

A CDN will cache images, videos or entire webpages in order to provide maximum speed and availability of content to the requesting user. 

Client-side Caching

As opposed to server-side caching, its client-side equivalent means the data is stored on your computer locally. 

This is probably the type of cache you are most familiar with – the browser cache. 

Also known as the HTTP cache, it stores any downloaded website content directly on your local machine. 

The next time you load the website, your browser will first access its cache to see if a saved version of the website exists. 

If it does, no additional requests need to be sent to the server, which saves on both loading time and bandwidth. 

WordPress Plugins for Managed Cache

WP SUPER CACHE 

This popular plugin caches HTML files in order to bypass loading from PHP code.
It offers three modes; WP-Cache, expert and simple so that everyone ranging from an experienced user to a new one can enjoy the speed benefits. 

W3 TOTAL CACHE

While similar to WP Super Cache, the W3 Total Cache plugin emphasises optimizing SEO rankings. 

As most websites are ranked for speed when it comes to SEO recommendations, this plugin boasts a 10x improvement in website loading time which in turn leads to higher ranking of your website on web searches.

WP-OPTIMIZE

Other than caching your data, WP-Optimize also cites it “cleans the database”. 

In the context of this plugin, cleaning the database means periodically removing files that are no longer necessary, such as spam comments and other stale data. 

WP-Optimize also offers a wide range of options for scheduling which might appeal to users who like to specify the number of cleanups needed. 

LITESPEED CACHE

LiteSpeed Cache presents itself as not only a caching plugin, but an all-around acceleration service. 

Other than caching, it also deals with minifying code (streamlining code and stripping it of all unecessary data) and lazy loading (showing only one part of your website to the user for improved speed, especially useful for mobile devices).

It supports object-caching services such as Redis and also offers support for multiple CDNs. 

Optimizing Your Website

As you can see, caching is extremely important in order to improve website loading speed. 

However, website speed is best optimized by using multiple strategies, some of which are:

Using GZip to Compress Files

GZip is the name of a software application and its associated file format. Its intended use is for file compression and decompression and it’s the most widely used method for compressing website files.

GZip compresses your website’s HTML file and any stylesheets or scripts you might have into a single streamlined file which can then be served to the client’s browser. 

All modern browsers support GZip compression. 

Minifying Code

As previously mentioned above, minifying code is the act of removing all data which is unnecessary for the code to be properly executed. 

This includes any blank spaces, new line characters and comments which might be a part of your code. 

Like the name suggests, minifying your CSS and JS code will make it smaller and therefore easier to transmit. 

Other than saving bandwidth, making your code more efficient improves overall website performance. 

Using a Content Delivery Network

Using a content delivery network or CDN is a popular solution for improving delivery speed.

The CDN stores static content on a server physically closest to the requesting client, which minimizes loading and delivery time.

There are many CDN solutions available, including the very popular CloudFlare. 

Improve page speed with Hostdedi Edge, our purpose-built Content Delivery Network. It is integrated into our platforms for easy use without a ton of configuration complexity.

Optimizing Images Using Lazyload 

Since most images these days are high quality and therefore large in size, it might be useful to utilize an image optimization solution. For example, the Smush plugin compresses images with the goal of reducing size but keeping the quality high. 

It also offers the ability to “lazy load” your website, which is a service that loads only the part of your website the user is currently viewing. 

This greatly improves speed on mobile devices. Since the screens cannot show the entire webpage at once, loading content as the user accesses it allows for greater delivery speed.  

Staying Updated

It goes without saying that staying updated is important. Plugins and themes are always being actively developed so it is best to keep them updated at all times in order to ensure compatibility and optimal performance. 

Get Built-In Caching With Hostdedi

In combination with other methods, using a caching solution such as a plugin can greatly improve website performance and therefore customer satisfaction. 

Caching comes in various shapes and sizes and is an integral part of not only computing, but also modern hosting. 

Fully managed WordPress hosting by Hostdedi comes with built-in caching for ultra-fast loading, plus a CDN with 22 locations. All hosting plans also include:

• Premium tools such as Visual Compare, WP Merge, iThemes Security Pro, and more.
• Image compression to lower browser load times.
• Always-on security monitoring & support from WordPress experts 24/7/365.
• No overage fees, traffic limits, or metered pageviews.

Check out managed WordPress hosting, or experience it for yourself with a free trial.

Related Content

Recently, Qualys identified a vulnerability in the Linux sudo command, which allows a local user or an attacker to gain unauthorized root privileges on a system. Because the sudo command is one of the oldest and most widely used commands on a Linux system, the inherent dangers significantly elevate this security issue’s importance.  The majority of the web runs on Linux, so this vulnerability will affect most of the web. 

Since becoming aware of this vulnerability, Hostdedi has been working diligently to plan and implement our customers’ best resolution. Our security and engineering teams have been working with our vendors and have already begun deploying the required patches for this vulnerability.  

What is Sudo?

The sudo command allows a user to assume another user’s role and rights and run commands or programs as that user or a superuser (e.g. root) as denoted in the sudo security policy.  This weak point lets a user run elevated commands even if the user is not listed in the /etc/sudoers file. The sudoers file is a configuration file that controls the users who are allowed access to the su or sudo commands. The sudo security policy determines the level of privileges a user has to run commands using sudo. The following versions of sudo are affected: 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1. The newest version of sudo (Sudo v1.9.5p2) has addressed and mitigated the flaw. The bug was originally introduced in July 2011 (commit 8255ed69) and has existed until now.

Further status updates are available at Hostdedi’s Status Page.

Updates will be added to this post when they become available. 

As always, if you have any questions regarding your account, please don’t hesitate to contact our support team, via chat or give us a call at 1-866-639-2377. We are happy to help! 

One of the first environments I used to build sites with was XAMPP. The XAMPP abbreviation stands for Apache, MySQL, PHP and Perl. The X derives from the fact that XAMPP is cross-platform. Other tools like MAMP are only for running Apache, MySQL and PHP on macOS. If you’re on Windows you could look at using WAMP or WAMP Windows Server for an environment that’s specific to Windows. We’ll look at XAMPP today because it’s cross platform. If you learn to use it on Windows and then switch to macOS or Linux, you get to keep the development environment you know and love.

There are a few benefits to building your sites locally. First, you don’t have to wait for changes to upload via FTP so you have faster turn around times. Second, you don’t mess with a live site and break everything which usually makes clients upset.

Let’s walk through how to set up WordPress with XAMPP.

Installing XAMPP

To get started you’ll need to head to the Apache Friends site and download the version of XAMPP that is meant for your computer.

If you’re on macOS you’ll need to open the DMG file that is downloaded and then run it. Recent versions of macOS will complain that they can’t verify the developer of the application. This simply means that it didn’t go through Apple’s special signature process. You’ll need to go to the Security Settings in your System Preferences where you should see a button that lets you run the application anyway.

If you’re on Windows here are directions to set up XAMPP on Windows 10. For Linux, this is a good set of directions to setup XAMPP on Ubuntu.

Once you’ve installed XAMPP on your machine and run it you should see its start screen.

To start running your XAMPP click the start button. Occasionally when I’ve freshly installed XAMPP on macOS I’ve run into issues with components not being initialized due to the macOS security settings we just toggled. To force XAMPP to initialize the components it needs to run the following command in terminal rm -rf ~/.bitnami/stackman. Note that in addition to getting XAMPP to install it’s initial components again, it will also wipe your htdocs directory. If you already had sites installed, they’ll be gone so make sure you kept a backup of your work. 

Adding WordPress to XAMPP

To get WordPress installed we’ll first need to download a copy of it. Open the .zip file you downloaded and we’ll move it to the htdocs folder. If you dig around right now, you won’t find it though. First, we’ll need to head back to XAMPP and mount the volume that contains our server files.

Now you should see it mounted in finder and you can navigate to htdocs. Copy your downloaded copy of WordPress into this directory and rename the folder nexcess-test. If you’re working on a client project, choose a folder name that matches your client project.

Next, we need to create a database for our site to use, but first, we need to return to the XAMPP application and turn on it’s connection to our system. Go to the Network tab and enable localhost.

If you visit localhost:8080 you should see the default XAMPP starting page. Windows users should find this same page at localhost. You can access phpMyAdmin by visiting localhost:8080/phpmyadmin on macOS or localhost/phpmyadmin on Windows so that we can create our database.

Click on Databases on the top left side of your screen and then enter a name for your database and click create. Make sure you remember the name you’ve used because you’ll need it in a minute for the installation of WordPress.

To install WordPress we’ll need to visit the URL that corresponds with the folder we created in htdocs. For me, that’s localhost:8080/nexcess-test. Here I’ll see the default WordPress installation screen and need to enter the information for my database connection and site. 

The database name corresponds with the name of the database you just created. Your username is root and you can leave the password blank. Your database host should remain localhost Also note that I’ve changed the table prefix to match with my folder. You don’t have to do this, but it is considered best practice.

Once you’ve changed this information to suit your settings click submit and WordPress will install in XAMPP for you. If WordPress tells you it can’t write your wp-config.php file in XAMPP then you have a file permission issue which can be solved by editing them.

That’s it, XAMPP is now installed and running WordPress for us.

To get access to the XAMPP server so that you can run unit tests, you’ll need to head back to the General tab in the application and click Open Terminal. This will open the terminal on your computer connected to the Debian Linux machine that is running your XAMPP server. From here you can install PHPUnit and then run your unit tests.

XAMPP makes viewing your database easy as we already saw. Simply visit phpMyAdmin and look through any database values you need to see.

To capture email for testing we’ll use MailHog again. Directions differ for installing MailHog in macOS and installing MailHog in Windows. Either way, once MailHog is installed you’ll be able to test the email systems of WordPress without emailing all your site users by accident.

Why XAMPP

While there are more steps involved in setting up XAMPP over other tools like VVV it’s also got a graphical user interface. VVV relies on your being comfortable with the command line, which was overwhelming when I was starting development.

Using XAMPP gets you up and running with an easy graphical interface to use as you deal with your server.

My next series of posts are going to cover a myriad of ways to run WordPress locally for your development needs. Over the years I’ve used each option at different times depending on the needs for my local development environment.

Today we’re going to look at one of the first tools that I dug into as I learned more about server configuration and working with WordPress Core code, Varying Vagrant Vagrants. That’s a bit of a mouthful, so it’s most often abbreviated to VVV, which is what I’ll use.

What is VVV

VVV was started as an internal project at a WordPress agency called 10up. As it grew in popularity it was moved out of a company-specific project and an official organization was set up to govern the project. Since then a vibrant community of developers has continued to maintain and use VVV in their development environment.

VVV is based on Vagrant, which is open source software used to build virtual machines. You combine it with tools like VirtualBox, Hyper-V, Docker, or other supported platforms to run virtual computers on your machine.

Most people use VirtualBox to interact with Vagrant, and VVV is set up to expect VirtualBox by default.

Installing VVV

Let’s start by getting the default tools set up so that we can install VVV. First, head to the Vagrant downloads page and download the version that is meant for your computer.

On macOS, the download contains a package file that needs to be double-clicked to install. You’ll be asked for your password and then the installation will be complete.

For VirtualBox, head to the download page and download the version that is meant for your computer. For macOS, you’ll be looking at the same basic process. Double-click the package file to run it then enter your password when prompted and let the installer run.

Note: You may need to reboot your machine once you’ve installed VirtualBox to get all the network connections working. If it doesn’t work at first, turn it off and on again before you go further down the path of troubleshooting.

Now we’re ready to install VVV. While there are two methods to install VVV, we’re going to stick with the easy method via git. Check out our Introduction to Git if you’re not familiar with how to use it.

First, create a directory to store all your VVV sites, I usually use ~/Sites. Then we’ll need to use git to clone the VVV repository with the command below.

git clone -b stable git://github.com/Varying-Vagrant-Vagrants/VVV.git ~/Sites/vagrant-nexcess

This creates a copy of the current stable branch of VVV in a folder called vagrant-nexcess in our current directory. Next, you’ll need to change into the vagrant-nexcess directory by using the cd vagrant-excess command. Once inside this directory use vagrant up to start running VVV.

If you’re on Windows, you’ll need to use a command prompt with administrator privileges to get custom hostnames working with VVV.

It may take a while the first time you install this because it has to download a copy of the virtual machine that is defined in the VVV configuration files, but after the first time, that data is cached so future installs will be much faster.

You may get asked to install some other plugins for Vagrant like the vagrant-goodhosts plugin. You want all this stuff so accept the installs when prompted. You may need to run the vagrant up command again after you’ve installed the plugins, and you may need to enter your administrator password to modify the hosts file so you can have custom domains available in VVV.

All computers have a hosts file, which maps hostnames to IP addresses. When you type in nexcess.net this file is part of the system that will translate that URL into the IP address that your computer is looking for. By adding a domain to your hosts file, you can force that domain to go to wherever you want.

Now that VVV is installed you can access the default site at the default URL of http://vvv.test.

Now, let’s go over how to add a custom domain and a clean WordPress install to VVV so you can get started with a new project. To start, open the vagrant-nexcess folder in your code editor. Then you’ll need to open config/config.yml to add our new domain. We’re going to create a new site called nexcess and use nexcess.test as our development domain.

Inside config.yml you can already see some extra sites configured. Let’s look at the first one to understand what’s going on.

 # latest version of WordPress, can be used for client work and testing

  # Check the readme at https://github.com/Varying-Vagrant-Vagrants/custom-site-template

  wordpress-one:

    skip_provisioning: false

    description: "A standard WP install, useful for building plugins, testing things, etc"

    repo: https://github.com/Varying-Vagrant-Vagrants/custom-site-template.git

    hosts:

      - one.wordpress.test

    custom:

      wpconfig_constants:

        WP_DEBUG: true

        WP_DEBUG_LOG: true

        WP_DISABLE_FATAL_ERROR_HANDLER: true # To disable in WP 5.2 the FER mode

First, we name the profile wordpress-one and under that, we set our configurations for this site. We can see that we give the site a description, and use the repo parameter to define where we want to clone the site from. Then we set up the host and define some of the constants that will be present in our standard wp-config.php file for debugging. You could even go to one.wordpress.test and see the site that is configured by default.

Modify the code above to match the changes made below. Note, we changed the name of the profile, the description, and host, and we added a plugin we want installed by default, Query Monitor.

 nexcess-test:

    skip_provisioning: false

    description: "A standard WP install, useful for building plugins, testing things, etc"

    repo: https://github.com/Varying-Vagrant-Vagrants/custom-site-template.git

    custom:

      # locale: it_IT

      delete_default_plugins: true

      install_plugins:

        - query-monitor

    hosts:

      - nexcess.test

Once you’ve made the changes above, head over to your terminal and run vagrant up –provision to tell Vagrant to run through its setup scripts again and provision the virtual server with our new settings. Then you can find your new site at nexcess.test.

A word of caution, the configuration file is written in YAML and YAML is sensitive to indentation. You should be using 2 spaces to indent things or it will all go up in flames.🔥

If you followed our series on Unit Tests then you’ll want to run them with VVV. Because VVV is running a virtual server you’ll need to start by using ssh to connect to this virtual server. You can do this with the vagrant ssh command that is provided as part of your package.

Next, you’ll need to use terminal to get to your web directory, which is found at /srv/www. From here you can move to the directory that has your tests and run them like normal. 

Another thing that I regularly need to do is connect directly to the database of the site I’m working on. If you’re using Sequel Pro, VVV comes bundled with a configuration file you can use to connect automatically. You can find this inside the cloned package at database/sequelpro.spf. Import it into Sequel Pro and you’ll get a connection.

The VVV database documentation also provides several other connection methods to suit your needs.

I also regularly need to check on the emails that are being sent in my WordPress installs. For this VVV provides the MailHog package. MailHog will capture all your emails and provides a nice web UI to view them. You can access Mailhog via the VVV dashboard which is found at vvv.test. You’ll also find access to phpMyAdmin and many other tools on the dashboard, so take note of it.

If you’re looking for a developer-focused environment to do your work, then VVV is a great choice. It installs everything you need without touching any of the internals of your computer. Coming from MAMP, which does touch stuff on your computer, VVV was a breath of fresh air because I knew that if something went drastically wrong, it would be contained in my Vagrant container and not mess with anything else on my machine.

The biggest problem with it is that if something goes wrong, you need to have a good understanding of how server provisioning works to work through and fix problems. The developers are very helpful, but it still takes some understanding to work through problems.

Depending on your projects the tailored to WordPress nature of VVV can also be an issue. If you work with both Laravel and WordPress you may end up fighting with the WordPress specifics. You certainly can run both Laravel and WordPress projects with VVV but you’re a bit more out on your own if you go that route.

If you haven’t tried VVV before, take it for a spin.