BeeWUG Summary 2nd November 2016

Summary of discussions

What’s Been Happening in the WordPress World Last Month

• The internet broke with a massive DNS level attack on Dyn – http://thehackernews.com/2016/10/dyn-dns-ddos.html
• WordCamp Manchester took place – https://2016.manchester.wordcamp.org/
• BitBucket put their prices up – https://wptavern.com/bitbucket-pricing-hike-increases-cost-per-user-by-100
• There may be some interesting changes on the horizon to allow users to edit CSS within the WordPress Customiser instead of using a Child Theme style.css file – https://wptavern.com/the-days-of-creating-child-themes-for-simple-css-changes-may-soon-be-over
• The AMP plugin from Automattic now allows a bit of custom styling to better represent your brand – https://wptavern.com/wordpress-com-adds-customization-for-amp-pages-pushes-update-to-amp-plugin and if you aren’t familiar, you really need to be using Accelerated Mobile Pages as they are awesomely fast, https://www.contradodigital.com/2016/05/09/wordpress-accelerated-mobile-pages-amp-speed-test/ but make sure you don’t accidentally break your Google Analytics setup on your AMP pages, https://www.contradodigital.com/2016/09/30/make-sure-youre-using-amp-analytics-when-using-amp/
• WordPress 4.7 will allow developers to build custom Bulk Actions for Posts and Pages which is pretty cool – https://wptavern.com/wordpress-4-7-will-allow-developers-to-register-custom-bulk-actions-in-admin-list-tables
• You can now use Twitter Moments to summarising content such as events and conferences, https://wptavern.com/twitter-moments-now-open-to-all-users-wordpress-4-5-supports-embedding which you can then embed into your WordPress website by simply copying and pasting the link which will then display like this, https://beewug.uk/2016/11/02/wordcamp-manchester-2016-review/, it’s a super simple way to create some quick content for your website
• Twenty Seventeen Theme has been merged into Core, so watch this space when WordPress 4.7 launches fully, https://wptavern.com/new-wordpress-default-theme-twenty-seventeen-merged-into-4-7
• WordPress API Content Endpoints have been officially merged into the 4.7 release which is amazing – https://wptavern.com/wp-rest-api-officially-approved-for-merge-into-wordpress-4-7. Up until now, this required a plugin to achieve the results which meant that many Plugin developers simply didn’t support the API as they weren’t sure if it was going to stay around. This is the first step that will give confidence to Plugin developers that the WordPress API is here to stay and hence we should see some exciting developments in this area over time. Here’s an interesting project we did recently which uses the WordPress API as a backbone to two mobile applications, https://www.contradodigital.com/case-studies-2/mend-muslim-engagement-development-case-study/
• Various discussions around cyber attacks and hacked data. Take a look at https://haveibeenpwned.com/ to see if your email address is included on any of the many large scale breaches over the last few years. If your email address is found, it’s probably a good idea to update your passwords.
• There has been a bit of a tiff between Matt Mullenweg, the co-founder of WordPress, and Wix about licensing of code under GPL, https://wptavern.com/mullenweg-takes-aim-at-wix-over-gpl-abuses-wix-response-fails-to-address-licensing-issue
• A rather uneventful tweak in WordPress 4.7 is that they are removing the underline and strike through options from the visual editor, https://wptavern.com/wordpress-4-7-removes-the-underline-and-justify-buttons-from-the-editor which I find a little odd since this is not based on data, only what seems to be someones opinion that these aren’t used.
• Lots more exciting changes as part of WordPress 4.7 including PDF Previews in the Media Library and User Admin Languages which can be different from the language of the website, https://wptavern.com/wordpress-4-7-beta-1-now-available-for-testing along with Custom Page Templates soon to be available for all Custom Post Types, https://wptavern.com/wordpress-4-7-brings-custom-page-template-functionality-to-all-post-types
• Discussions around Page Builders and the variety of options available. A handy review from Pippins over at https://pippinsplugins.com/wordpress-page-builder-plugins-critical-review/ to help you get up to speed. Avoid anything that locks you in is the top tip all round and here’s a quick live preview of Divi in action, https://www.youtube.com/watch?v=vUp0km3upI4.
• Various discussions around Security Plugins available including iThemes Security, https://ithemes.com/security/, All in One WordPress Security and Firewall, https://en-gb.wordpress.org/plugins/all-in-one-wp-security-and-firewall/ and Wordfence, https://www.wordfence.com/ – all of which are great, although interestingly at a recent talk at WordCamp Manchester it was highlighted that security plugins often contain security vulnerabilities their self, so be aware and keep everything up to date, http://www.slideshare.net/ottokekalainen/wordpress-security-101-wordcamp-manchester-2016, slide 25. One of the most famous security breaches recently is with Mossack Fonseca, aka. the Panama Papers leak, https://www.wordfence.com/blog/2016/04/mossack-fonseca-breach-vulnerable-slider-revolution/ which is suspected to have been caused by an old and un-patched version of the Revolution Slider Plugin being exploited.
• When discussing between the self-hosted WordPress.org against WordPress.com, some interesting statistics about WordPress.com includes that there are over 409 million people accessing websites every month on WordPress.com which equates to over 23 billion page views which is unbelievable, https://wordpress.com/activity/

 

Guest Talk

The guest talk this month was from Michael Cropper of Contrado Digital who talked about WordPress Fundamentals – The Advanced Topic About Getting the Basics Right

• There are many ways to use WordPress
• But very few you should
• Make sure you have good web hosting in place, you really do get what you pay for. You’re generally paying for CPU, RAM, Hard Disk Space, Bandwidth and Priority. A whole managed service whether on a Shared Server, a Virtual Private Server (VPS) or a Dedicated Server
• Take Web Server Security seriously and make sure you are covered at the Physical Firewall DNS Level, you have adequate Server Level Security Software configured and your Website Level Security is set up correctly too. Then make sure everything is fully automated and you are monitoring everything that is happening.
• WordPress Core, simple. Keep everything up to date
• WordPress Themes, When using a Theme from the WordPress Theme Directory, you can easily update this through the WordPress Admin area. Likewise, you can too with quality Premium Themes. On the other hand, when purchasing low quality Themes, often from Theme marketplaces, you have to manually update the Theme which most people simply do not do. So be aware of these issues.
• Some interesting Theme usage statistics about what is currently in use, https://www.contradodigital.com/2016/07/01/divi-preferred-choice-wordpress-theme/
• Always use Child Themes when customising your Theme
• Take a good look through the WordPress Template Hierarchy for the specific files you need to customise, https://beewug.uk/resources/
• When dealing with Plugins to enhance the functionality of your WordPress website, the same applies when reviewing Themes as discussed above. Don’t go adding poor quality Plugins to your Website and introducing security holes that can be exploited. There are now almost 50,000 Plugins within the WordPress Plugin Directory which have been used almost 1.5 billion times. Crazy numbers.
• When looking to customise your Plugins, never edit the PHP files directly. Instead, many leading Plugins can be customised by adding the files to the Child Theme such as with WooCommerce. Likewise many Plugins have a variety of Hooks available which you can then use Actions and Filters for within your Child Theme’s functions.php file to customise as needed.
• Backups. Make sure you have both Server Level and WordPress Level backups in place which are fully automated, are full backups which include both files and databases and they are stored in a remote location with multiple restore points. This is a minimum requirement.
• Some of the common mistakes people make include; Doing things on the cheap…; Purchasing low quality Themes and Plugins from marketplaces…; Cheap web hosting…; No backups…; No security updates to the Web Server, WordPress Core, Themes or Plugins…
• As mentioned, there are many ways to use WordPress, yet very few ways to use WordPress correctly.

We’re always looking for guest speakers for the events, so get in touch if you want to speak about something you’re working on at the moment or something you want to share with the community.

Make sure you sign up to the mailing list to keep up to date with what’s happening in the WordPress world and at BeeWUG.

The next event will be on Wednesday 7th December. Hope to see you there. Spread the word.