Category Archives:
Wordpress Archives

Collaborative editing is one of those features that I never knew I wanted but loved the minute I understood its power. I’m a huge fan of Google Docs and the way it lets me and my colleagues work together on a document, editing in real time.

Collaborative editing is a powerful tool for learning, teaching, writing, and combining the expertise of different contributors. But, for all its benefits, Google Docs isn’t perfect, and I’ve often wished that I could collaborate within WordPress in the same way I can within a Google document.

WordPress has built-in collaboration features, but they don’t work in real time. Different people can contribute to the same document, but until the work is saved, those changes aren’t reflected in the workspace of other users. Rather than real-time editing, WordPress offers “turn-based” editing. That fits with common editorial workflows, where each piece passes from writer to editor and perhaps back again. But it’s not suitable for concurrent editing.

Wave from Codox brings the benefits of Google Docs-like collaborative editing to WordPress. Wave isn’t a WordPress-specific tool: it’s an app for Google Chrome and the family of browsers that can use Chrome apps, but it works well in the WordPress editing interface.

Wave’s basic features will be familiar to anyone who has used Google Docs. Several contributors can work on a document and the changes each makes are reflected in the interface of the others.

When mentoring or editing writers in WordPress, I’ve often had to send long emails full of quotes and corrections. I could make the changes myself in the WordPress post, but if the goal is to teach it’s necessary to talk through what I’m changing and why. Email is far from ideal, but the combination of a collaborative editing tool like Wave and a Skype or Google Hangouts call is vastly superior.

Once you have installed Wave’s Chrome app, you’ll have to create an account or sign in using a Google account. To start a collaborative editing session, create a new WordPress post or open an existing post, click on the Wave icon that hovers in the browser window, and enter the email addresses of your collaborators.

Invitees receive an email with a link. When they click on the link they’re taken to the WordPress post and can begin editing. It’s a simple process that even the least technical writers and editors won’t have a problem with.

In the future, I’d love to have this functionality integrated directly into WordPress as a plugin or core feature. Although Chrome is the most popular browser, it’s not the only browser and I’d rather not have to insist that everyone who wants to collaborate installs a browser they wouldn’t ordinarily use.

Wave is a tool I can happily recommend to any WordPress user who finds WordPress’s current collaboration features limiting.

Posted in:
WordPress

Job hunting can be pretty difficult for creative professionals. You’re not in a field like financial services or the sciences, where you’ve got a good transcript and hard numbers to back you up. You’ve only got your work – and it needs to speak for itself.

It can’t really do that if no one can find it.

Whether you’re a graphic designer, a musician, an artist, or a content marketer, you need to have a place where you can showcase what you do. A website to which you can direct both prospective clients and curious friends/family. And in building such a website, WordPress is one of your best options.

Here’s why.

It’s Easy To Use

WordPress isn’t the most popular content management system in the world for nothing. It’s extremely easy to use and manage. I’ve known plenty of writers, for example, who wouldn’t know proper coding standards from a hole in the ground – they’re able to use the platform without any difficulty whatsoever.

Even if you’re building your website from the ground up and just managing it with WordPress (in which case, hire a web designer), most of the work that goes into setting up a portfolio site is at the beginning. Foundational stuff. The day-to-day is nearly effortless.

Plugins

Ease of use isn’t the only benefit to WordPress, either – the biggest advantage it offers is versatility, and much of that through its plugin ecosystem. Want a plugin that lets you seamlessly configure a beautiful, searchable photo gallery? Or how about one that lets you customize how each element in your portfolio is displayed and organized to visitors? WordPress offers all that and more.

At this point, given the size and age of WordPress’s plugin development community, I’d go so far as to say that there’s a plugin for everything. And even if you can’t find a plugin to do what you want, you can probably get someone to code it for you.(or code it yourself, if you’re willing to learn PHP).

…And Plenty Of Perfect Themes

Last but certainly not least, let’s talk about themes. Tons of creatives use WordPress to host their portfolios online – many theme creators maintain portfolios themselves. For that reason, there are a ton of elegant, beautiful, and snazzy themes you can use to customize your site’s layout, both free and premium.

So long as you only download from reputable, trusted sources, you can make your website look however you envision.

Show Your Creativity

So, why use WordPress as the backend of your portfolio? The better question is why wouldn’t you? While there are certainly plenty of other content management systems out there that could work, WordPress remains one of the most effective, efficient, and easy to use.

 

Posted in:
WordPress

Over the years, we’ve looked at several different systems for setting up local development environments, from applications like MAMP to a Varying Vagrant Vagrants workflow. I’m always looking for the most efficient way to create new WordPress instances, both for development and because I need an easily replicable WordPress environment for testing plugins and updates I want to write about.

Today, I’d like to talk about my current setup, which is based on the Docker container system. I considered using Docker a few years ago, but it was complicated compared to the alternatives, so I didn’t use it for long. But, on the recommendation of a friend, I recently took another look. The tooling has improved considerably and it’s now a good option for those of us who don’t want to spend too much time fiddling with our tools.

So, without further ado, let’s look at how to create a local WordPress development installation with Docker.

What Is Docker?

Docker is a tool for creating and managing containers. A container is a self-contained unit of software that includes all the libraries and other code required to run an application.

It’s important to understand that a container is not the same as a virtual machine — containers are much lighter than virtual machines, they “boot” a lot faster, and they’re more portable. Containers also don’t need a guest operating system.

To use Docker containers, you’ll need to set up Docker on your machine. Because the setup process is different depending on the operating system you use, I won’t go into detail here, but you can find full documentation on the Docker site.

I’m also going to assume you know how to use the command line on your OS.

Building A Local WordPress Container

There are several ways to go about building containers, but we’re going to use the excellent Docker Compose tool.

First, open a terminal, create a directory for your WordPress installation, and change to that directory:

mkdir testing-wordpress && cd testing-wordpress

Next, create the file we’ll use to tell Docker Compose what to do:

touch docker-compose.yml

We’re going to use the Docker Compose file from the official Compose documentation. Open “docker-compose.yml” in a text editor and paste the following text into it:

version: '3'

services:
   db:
     image: mysql:5.7
     volumes:
       - db_data:/var/lib/mysql
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: somewordpress
       MYSQL_DATABASE: wordpress
       MYSQL_USER: wordpress
       MYSQL_PASSWORD: wordpress

   wordpress:
     depends_on:
       - db
     image: wordpress:latest
     ports:
       - "8000:80"
     restart: always
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: wordpress
       WORDPRESS_DB_PASSWORD: wordpress
volumes:
    db_data:

If you’re interested in what the file is doing, I encourage you to read the documentation, but, in brief, it tells Docker Compose to create two containers. The first is a container for the MySQL database, and the second is a container for WordPress itself.

Save the file, go back to your terminal, and run this command:

docker-compose up -d

Docker will download, configure, and launch the containers. It might take a few minutes, but when it’s finished, you’ll have a WordPress instance waiting at this URL:

http://localhost:8000

To stop the containers, use this command from inside the project folder:

docker-compose stop

You can restart with the “up” command you used previously.

If you want to remove the WordPress container, but leave the database intact:

docker-compose down

And if you want to blow away both WordPress and the database container:

docker-compose down --volumes  

After removing the containers, you can start from scratch with the same “up” command as before:

docker-compose up -d

Because Docker containers are entirely self-contained, you can create as many WordPress installations as you like: just create a new folder, copy the “docker-compose.yml file to it, and repeat the process.

Posted in:
WordPress

WordPress site owners sometimes need to give a third-party access to their site. Once a site grows beyond a certain size, it’s impossible for one person to do all the work, even if they have the necessary skills. Bringing a professional on-board is a smart move.

But giving someone that don’t know well access to your site is a daunting proposition. It’s unlikely they will turn out to be malicious, but incompetence and carelessness cause just as many problems. No one wants to have their site hacked because a contractor used an insecure password or because a developer wasn’t as careful as they should have been.

Site owners should follow one simple rule when giving third-parties access to their site: provide the least access compatible with getting the job done. In the security world, this is called the Principle Of Least Privilege, and most of us intuitively understand its implications. When you pay a vendor, you don’t send them your bank details so they can withdraw any amount they want, hoping they’re honest: you send them a check or use a credit card that authorizes them to claim exactly the amount they’re entitled to.

What does that mean in the context of WordPress?

Granting Access To Your WordPress Site

WordPress provides a collection of user roles that determine the capabilities of a user account.

• Administrators have complete control over the site. There is really no restriction on what an administrator can do.
• Editors can publish and manage the posts of other users.
• Authors can only manage and publish their own posts.
• Contributors can upload posts, but they can’t publish them.

No one should be given administrator privileges on a site unless it’s absolutely essential. If a service provider needs admin access, they should not be given the authentication credentials of the site’s owner or other trusted users. An admin account should be created for their use and deleted once they no longer need it.

If you have contracted a writer and you want to check their work before it’s published, don’t give them an Author account because they don’t need access to the publication features.

Always give accounts the smallest amount of power you can.

Granting Access To Your Server

Occasionally, a developer or designer may need access to your server or hosting account. Once again, the Principle of Least Privilege applies.

Firstly, and most importantly, never provide root access to your server to someone you don’t absolutely trust. In fact, it’s better to give no one root access and to disable root logins.

If you can, you should do any work that requires privileged access to your server. If a designer asks for access to upload some files, you or someone you trust should upload them if it is at all feasible.

If not, create an FTP or database account for them, and then delete the account when they no longer require access.

If a developer or designer is likely to use FTP over an insecure connection, use a secure VPN to ensure that the data can’t be intercepted.

If you rigorously adhere to the Principle Of Least Privilege, you will be able to give vendors and service providers the access they need without putting the security of your WordPress site at risk.

Posted in:
WordPress

Last week, WordPress 4.9.3 was released. It brought the usual variety of minor enhancements and security fixes, but it also introduced a nasty bug that may prevent your WordPress site from updating itself properly in the future.

The bug is in the automatic update system. WordPress is able to automatically update itself for minor releases, those that increment the last number in 4.9.3, for instance. WordPress sites have happily upgraded themselves to WordPress 4.9.3, but because of the bug a in that version, WordPress sites may not be able to automatically update to future minor versions.

If your site updated automatically to WordPress 4.9.3, you may have to manually update to WordPress 4.9.4, which was released the next day to fix the problem.

The bug was introduced while the automatic update system was being modified to reduce the number of API calls it makes during updates, but those changes were, apparently, not properly tested, and stopped automatic updates working altogether on some WordPress installations.

If you aren’t using automatic updates, this isn’t something you need to worry about; apply the updates manually as you normally would. If your WordPress site is running a slightly out-of-date version, you are probably not affected either since the automatic update system only does minor version updates (although you should think about how safe it is to run outdated versions of WordPress in the first place).

In general, automatic updates are good for WordPress users, although they were met with some skepticism from WordPress professionals when they were first introduced with the release of WordPress 3.7. Most WordPress users aren’t professionals. Out-of-date WordPress sites cause security problems for site owners and visitors. Professionals can turn off automatic updates and manage the risk themselves, but for ordinary users, automatic updates are the most secure option.

A bug that disables automatic updates is a serious problem because WordPress users who assume that updates are being handled automatically by the system are unlikely to check for every minor release: their sites may be vulnerable through no fault of the user.

In fact, the only WordPress sites that are affected by the bug are those that have been manually updated to the most recent major version. Only security-conscious WordPress users are in the crosshairs on this one, which is why it’s so important to make sure WordPress users check their sites.

If you haven’t updated your site to WordPress 4.9.3 or 4.9.4, you might want to reconsider. Although a minor maintenance release to the WordPress 4.9 ‘Tipton’ line, it includes a variety of fixes and enhancements, including 34 bug fixes for Customizer changesets, widgets, the visual editor, and PHP 7.2 compatibility.

If you’re worried about the bug in the automatic update system or want to update to the most recent version of WordPress, select the ‘Updates’ category in the Dashboard and click ‘Update Now’.

Posted in:
WordPress

In almost every country there are independent journalists who use the freedom of the web to bring stories to audiences ranging from the hyper-local to the global. Independent journalists need a publishing platform that they control: social media networks are vital for cultivating awareness and connecting with an audience, but they are not independent of the interests of their owners. WordPress allows independent journalists to be truly independent. WordPress is free, open source, and, most importantly, platform independent.

Independent journalism covers everything from local events to global happenings, and from the experience of a single person to stories that impact the lives of millions. Independent journalists are often ordinary people caught up in events they feel compelled to document and communicate. They are essential voices in a world dominated by competing interests and fractured perspectives.

Traditional news media outlets and large online publishers have the resources to deploy custom content management systems. And some do, but many turn to WordPress because it has the flexibility and scalability to support even the largest sites. But the great thing about WordPress is that it makes all that power available to everyone, for free.

Unlike “publishing platforms”, WordPress is a web application anyone can download and install on a hosting account or server under their control. Once the code has been downloaded, it’s up to the site’s owner what they do with it. The WordPress organization can’t tell an independent journalist to stop using WordPress or to take down an article that they don’t like.

WordPress is open source. That means both that the code that underlies a WordPress site can be examined by anyone and that anyone can change the code if they want to and distribute their changes. That code is written by a collective of companies and independent developers — no single organization calls the shots. In the unlikely event that were to change, WordPress could be forked: the code could be used to start a new project that keeps WordPress free.

While we’re discussing abstract freedoms, we shouldn’t forget about the practicalities. Every user of WordPress has access to thousands of free themes to shape the design of their site. There are tens of thousands of plugins to choose from, each of which extends the functionality of a baseline WordPress installation.

Social media networks are a powerful tool for independent journalists, allowing them to build an audience of followers, to publish content, to communicate with sources and readers. Without social media, independent journalism wouldn’t be as influential or as effective. Social media networks are also easy to use even for people with no technical knowledge.

So why would an independent journalist need a site of their own?

Once again, we return to control and ownership. For those who choose a premium managed WordPress hosting company to host their site, many of the technical challenges are taken care of. The result is a site entirely owned and controlled by the journalist, who is not beholden to anyone for permission to publish. And, as I alluded to at the beginning of this post, a WordPress site can easily be migrated to a different hosting provider. WordPress is platform independent.

WordPress is used by corporations, small businesses, eCommerce retailers, and giant publishing enterprises, but it was designed and built to give a voice to everyone.

Posted in:
WordPress

The plugin ecosystem is one of WordPress’s greatest strengths. Thousands of developers build and maintain a bewildering array of plugins with features that range from minor graphical tweaks to full-blown eCommerce stores. But the variety of plugins can introduce problems, especially if they aren’t managed properly. Plugins are of varying quality and usefulness.

Experienced WordPress site owners keep a close eye on the number of plugins they use, where they come from, and how well they’re developed. In my years as a WordPress user, I’ve discovered a few rules for dealing with plugins that help keep site secure, fast, and uncluttered.

Less Code Is Better

My first rule: use as many plugins as you need, but no more. There’s nothing wrong with using plugins to give a site the functionality it needs. Installing a lot of plugins doesn’t necessarily cause a problem, but leaving too many unnecessary plugins installed might.

Every plugin introduces code into your site, and, in general, the less code you can get away with the better.

The code needs to be executed, and that takes time. If a plugin collects data from the database, it runs queries. Many plugins introduce front-end elements that cause latency as they load and run on the user’s browser. The cumulative effect of these latencies can result in a sluggish experience for users. You shouldn’t be scared to incur a performance penalty if a plugin is genuinely useful, but if you’ve decided you don’t need the functionality, there’s no reason to keep the plugin installed.

Secondly, adding extra code to a site increases the likelihood of bugs and security vulnerabilities. Any plugin might introduce a security vulnerability. The risk is small if the plugins are kept up-to-date, but if you aren’t using the plugin, there’s no benefit to taking that risk.

In short, if your site doesn’t depend on a plugin, uninstall it. You lose nothing and may see security and performance benefits.

Take Care What You Install

As I’ve already said, installing plugins introduces new code into your site. That code has access to the database and to your users. You should think about the security implications of every plugin you install. Additionally, poorly coded plugins can introduce performance problems and break parts of a site.

Before installing a plugin, satisfy yourself that it is actively maintained, frequently updated, that a reliable developer created it, and that it is compatible with recent versions of WordPress. You should be able to find all of that information on the plugin repository or the developer’s site.

Update Your Plugins!

Finally, make sure you regularly update plugins. WordPress users who neglect to update WordPress are a major cause of hacked sites. Updates include security patches, so you should update even if you aren’t interested in new features.

In summary: take full advantage of the richness of the WordPress plugin ecosystem, but be careful what you install, remove plugins you aren’t using, and update plugins whenever a new version is released.

Posted in:
WordPress